Privacy Notice

In short

Hello MobilePay user! 

At MobilePay (Vipps MobilePay AS), we care about your privacy. We strive to always keep our responsibilities front and center when we process your personal data. This Privacy Notice describes what personal information we process, why, how, and in what way you can exercise your rights.   

 

1. MobilePay’s products  

The primary reason for processing your personal data is to deliver MobilePay’s products to you. Below you can read more about each product. Remember that you can always get insight and receive a copy of the data we process about you. You can find more information about this under point 3. 

1.1 When you have a MobilePay profile  
Why and how do we process your personal data? 
When creating a MobilePay profile, we process following information:  

  • Information about you (name, phone number, national identity number, address and in some cases the address you provide) 
  • Account and card details (account number, debit or credit card number and expiry date) 
  • Usage data (views, time, frequency, duration of activities in the app, search history and sign in/log out data)  

Technical Data (pseudonymized ID’s, IP address, mobile device, operating system, browser, settings in app and log of technical events)  

Remember: As a MobilePay user, other MobilePay users will be able to see your name by searching your phone number in the MobilePay app.  
In addition, we collect the following information from various registers to ensure that we have the correct information:

  • Contact details (name, address, national identity number and life- and guardianship status from the Central Personal Registry)
  • Ownership and verification of bank account (national identity number, and partial card- and account details from your bank) 
  • Political Exposed Persons  

On what legal basis? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users. 

1.2 When you send and receive money  
Why and how do we process your personal data? 
To send and receive money with MobilePay, we process the following information: 

  • Transaction data (name and phone number of sender and recipients, amount, transaction ID, masked card information, payment account, receiving account and attached payment text/message) 

However, the recipient will only have access to the following information: 

  • Transaction data  name and phone number of sender, amount and attached payment text/message) 

Remember: As a MobilePay user, other MobilePay users will be able to see your full name by searching your phone number in the MobilePay app.  

On what legal basis? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

1.3 When you send money to in-store merchants (MyShop) 
Why and how do we process your personal data? 
To send and receive money and refunds with MobilePay MyShop, we process the following information:  

  • Transaction data (senders name and phone number, merchant information, used MobilePay product or service, amount, transaction ID, masked card information, payment account, receiving account and attached payment text/message) 

However, the merchant will have access to the following information: 

  • Transaction data (name, masked phone number of sender, amount and attached payment text/message) 

On what legal basis? 
The contract we have with you. See MobilePay’s Terms and Conditions for private users. 

For donations to non-profit organizations  
When contributing with monetary donations to specific non-profit organizations, the organization will receive your full name and phone number. 

On what legal basis? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

Sharing national identity number 
You can consent to share your national identity number with specific organizations to receive tax deductions on your donations.  

On what legal basis? 
Your consent.   

1.4 When using online and in-app payments (MobilePay Online) 
Why and how do we process your personal data? 
When purchasing products or services through an online merchant or within a merchant's app, we process the same data as outlined in section 1.3 When you send money to in-store merchants (MyShop) 

On what legal basis? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

1.5 When you use MobilePay Box
Why and how do we process your personal data? 
When using MobilePay Box, we process the following information:  

  • General information about your Box (Box-name, Box-number, name(s) and phone number of Box-participants) 

Remember: As a MobilePay Box user, the owner of the Box can grant “viewing access” to other users (including users who are not contributors to the Box) making following information accessible to the viewers:

  • Transaction data (full name, date, amount and attached payment text/message)  

On what legal basis? 

The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

1.6 When you use digital Money Gift wrappings (Gift payments and gift cards)  
Why and how do we process your personal data? 
When purchasing MobilePay Gift wrappings, we process the same information as stated in section 1.2 When you send and receive money. 

What allows us to do this?  
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

1.7 When you use Settlements  
Why and how do we process your personal data? 
When you use our calculating tool for settlements, we process following information: 

  • General information about your Settlement group (name and status of group, full name and phone number of participants, details on payments, including; amount, date and time.  

What allows us to do this?  

The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

1.8 When you use Benefits  
Why and how do we process your personal data? 
When displaying your personal memberships and benefits you have with selected loyalty programs in the app, we process following information: 

  • Phone number (shared with the merchant's data processor, to look up your memberships and benefits in loyalty programs) 
  • General information (received by the merchants regarding your memberships and benefits in loyalty program) 

What allows us to do this? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

 

Remember: The merchant is the data controller for loyalty programs and benefits, while MobilePay function as a data processor. For inquiries regarding this, please contact the respective merchant. 

1.9 Order Management  
Why and how do we process your personal data? 
When displaying receipt information connected to your purchases, we process the following information: 

  • Transaction data (date, time, merchant number and name, payment source, receiving account, amount, product/service, text/messages) 
  • Receipt information (line items, amount, if relevant shipping price, tips and discount)  

What allows us to do this? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

 

Remember: You can decide if you want to have receipt shown in your app or not. You can do that under your settings in your profile "Show digital receipts in MobilePay".

1.10 When you enable functionality on your phone 
You can turn on and off the following functionality under settings on your phone: 

  • Location (to find a merchant near you)  
  • Contact list (to select recipients from your contacts. If you prefer not to grant the app access to your contacts, you can manually enter the recipient's phone number) 
  • Pictures and camera (to add a profile picture that other users can see, to attach a picture to a Settlements group or to scan QR codes) 
  • Background updates 
  • Mobile data (to access MobilePay without a wireless internet connection) 
  • For Android (We request access to your phone status and ID for the purpose of saving the mobile identifier, managing content on the SD card, and allowing you to add a profile picture) 

Remember: You have the option to enable or disable these functions in your phone settings. 

What allows us to do this? 
Your consent. 

1.11 When enabling functions in the app 
When you use MobilePay you can consent to following features in the app: 

  • Profile picture (to add a profile picture that other users can see) 
  • Chosen name for accounts and cards (to differentiate between your added accounts and cards)  
  • Blocked users (to avoid interaction with users that can no longer send you messages, requests, or transactions) 

Remember: You have the option to enable or disable these functions in the MobilePay app.  

What allows us to do this? 
Your consent. 
 
1.12 When you have MobilePay as a merchant for your business or association  
To comply with our obligations under anti-money laundering regulations, we process the following personal information relating to merchants: 

Business roles (CEO, chairman, board members, deputy, accountant, auditor, etc.) 

  • Information about the person (name, phone number, e-mail address, date of birth and national identity number.)
  • Signatory rights  

Beneficial owners 

  • Information about the person (name, date of birth, country, nationality, address)  
  • Information from public registers  

Politically Exposed Persons (PEP) and sanction lists 

  • Information you provide as a PEP 
  • Information from registers  

What allows us to do this? 
Our legal obligation.  

Credit rating  
When establishing a customer relationship and continuously afterwards, MobilePay conducts a credit check of the merchant you are part of. For some types of organizations e.g., where the merchants are personally financial responsible, we also carry out a credit assessment of persons with a role withing the merchant. When the credit assessment is completed, you will receive a copy of that information.  

What allows us to do this? 
Our legitimate interest.  

Onboarding and administration of the customer relationship 
For onboarding, administration of customer relationships, communication, and security for your business, we process the following personal data: 

User and admin role the Merchant Portal and Merchant App 

  • Information about you (full name, phone number, e-mail address and national identity number) 
  • Usage data (views, time, frequency, and duration of activities in the app, search history and sign in/log out data) 
  • Technical data (internal IDs, IP address, mobile operating system, mobile device, browser, in-app settings, history of technical events, etc.) 
  • Electronic Identification (eID) with MitID

Remember: In an effort to enhance convenience and security for you, we may use the data from your private profile when granting admin rights.  

Merchant contact points

  • Information about you (full name, phone number, e-mail address and national identity number) 
  • Any communication between MobilePay and the payment point.

What allows us to do this? 
The contract we have with you. See MobilePay’s Terms and Conditions for Merchants.

2. Across MobilePay services 

Some processing may not be specifically linked to a single product. Further details on this can be found below. 

2.1 For legal and regulatory reasons  
Why and how do we process your personal data? 
To fulfil our obligations according to laws and regulations, MobilePay are obliged to process some personal data, including the following:

  • To comply with bookkeeping regulations: Accounting material, which may also contain personal information, are processed, and stored in compliance with the regulations stipulated in the Bookkeeping Act. 
  • To prevent and detect criminal activities: MobilePay are obliged to process some personal information for the purpose of preventing, detecting, investigating, and handling fraud and other criminal activities. This includes the duty to examine and report suspicious activities and transactions under the Anti-Money Laundering Act. In addition, MobilePay obtains information from various registers to fulfil legal requirements, including politically exposed persons and sanctions. 
  • Disclosure of personal information to public authorities: MobilePay are obliged to disclose personal information when there is a court order, law enforcement request or otherwise to fulfil legal requirements, such as The Criminal Act, or acts related to statistics or taxation. 
  • Security monitoring: To detect and prevent suspicious activities and security incidents, MobilePay processes personal information when logging and monitoring our services. Ensuring information security is, among other things, anchored in the Personal Data Act (persondataloven) and ICT Regulation. 

What allows us to do this? 
Our legal obligation.  

2.2 For customer follow up  
Why and how do we process your personal data? 
MobilePay processes personal data to assist you in case of any challenges or concerns related to our products or services, including: 

  • Information about you (name, phone number, e-mail, registered address, and national identity number) 
  • Information about your issue 
  • Information about the customer relationship (which products and services you use, the duration of usage, etc.)

Depending on the issue, it may also include: 

  • Transaction data (name and phonenumber of sender and recipients, amount, transaction ID, masked card information, payment account, receiving account and attached payment text/message) 
  • Account and card details (bank account number, masked debit or credit card number and expiry date) 
  • Usage data (views in the app, time and clicks in our surfaces, searches, logins and logouts) 
  • Technical data (internal ID’s, IP address, operating system, mobile device, browser, settings in app, log of technical events, etc.) 

What allows us to do this? 
The contract we have with you. See MobilePay’s Terms and Conditions for Private Users.

Remember: We record telephone conversations for the purpose of training and quality assurance.

What allows us to do this? 
Your consent and if the communication become a security matter, calls may be recorded based on legitimate interest. 

2.3 For marketing activities 
Basic customized marketing on our platforms 
MobilePay carries out segmentation to ensure that relevant service information is provided to you, and to ensure that end users under 18 are excluded from our marketing activities.  

What allows us to do this?  
Our legitimate interest. 

Marketing via e-mail or SMS 
If you consent, we may send you suggestions and offers based on segmentation, via e-mail or SMS. For this we process: 

  • Contact information (name, phone number and e-mail)  

What allows us to do this?  
Your consent. 

Remember: You can see an overview of your consents to marketing activities in the MobilePay app under Profile > Settings. You can withdraw your consent at any time. 

2.4 To test and develop our products, services and for statistical purposes 
Internal development of our services and testing 
MobilePay process personal data for service development, maintenance and to improve customer experience. To do this, we analyze how our products and services are used. For this type of processing, we do not identify the end users, but use aggregated, pseudonymized or anonymized data. The following information may be processed to generate such analyses: 

  • Demographic data (age, gender, geographic area) 
  • Which MobilePay services/products you use 
  • Technical data (customer ID, cookies, user agent, etc.) 
  • Usage data (views in the app, time and clicks in our platforms, search history, logins, and logouts) 
  • Aggregated or pseudonymized transaction data 
  • Profile information (number of payment cards and bank accounts) 
  • Usage of accessibility features 

What allows us to do this?  
Our legitimate interest. 

Statistics
We further process this information to develop user surveys, user analyses, market analyses, and reports based on usage patterns and demographics. We use statistical data to group users into similar usage patterns and this helps us understand how our services are used. The results cannot be linked back to you as we use aggregated data for this purpose unless you give your consent. In some situations, we forward the results of the analyses to merchants that use MobilePay. This information cannot be linked back to you.

What allows us to do this?  
Our legitimate interest.  

Sharing statistics with public authorities 
MobilePay shares aggregated statistics with certain partners, such as banks and Statistics Denmark.

What allows us to do this?  
Our legitimate interest. The legal basis for Statistics Denmark is legal obligation. 

2.5 Use of Data Processors  
MobilePay uses several suppliers who process personal data on our behalf (“Data Processors”). In these cases, MobilePay enters into a Data Processing Agreement with the supplier to ensure that the processing is carried out in accordance with GDPR. Relevant data processors we use are: 

  • Cloud service providers (Microsoft Azure, Salesforce, Splunk, Mixpanel, Slack, Puzzel, Signant, Link Mobility, Twilio Sendgrid, Jobylon) 
  • Software providers (Microsoft 365) 
  • Service providers (Nets, TietoEvry, DNB, Danske Bank, Adyen) 
  • Consulting firms
  • Banks  

When we transfer personal data outside the European Union (EU) or the European Economic Area (EEA) 
In some cases, MobilePay may transfer personal data to Data Processors in countries outside the EU/EEA. Such transfers can only be made if the Data Processor has provided assurance that your privacy and rights are protected. This may be a transfer basis approved by the European Commission e.g., to an approved country, through Standard Contractual Clauses, or through valid Binding Corporate Rules. In special situations, another valid transfer basis, such as agreement or consent, may be used if the level of protection corresponds to the level in the EU/EEA. 

Remember: As a Danish MobilePay user, you can use MobilePay in in-store shops in Greenland. In such cases, the data as described in point 1.3 When you send money to in-store merchants (MyShop) will be transferred to the relevant merchant in Greenland.

2.6 Security of personal data  
Information security is fundamental to delivering safe and simple solutions. Through effective security measures and processes, MobilePay ensure that your personal data is protected against unauthorized access and alterations and is available when needed. For this, we have implemented measures such as: 

  • Identity and Access Management 
  •  Secure Software Development and Security Testing 
  •  Encryption 
  • Network Security 
  • Security Monitoring and Incident Management 
  • Safety training and knowledge sharing among employees 
  • Security requirements and follow-up of Data Processors and suppliers 

Security measures are implemented, monitored, and continuously improved based on a risk-based approach to ensure that personal data is adequately protected over time.

 

2.7 Retention of your information  
Personal data will not be stored for longer than necessary and according to the following rules: 

  • The main rule is that we store personal data for as long as you have an active customer relationship. 
  • When you terminate your customer relationship, certain information will be stored by MobilePay for another 5 or 10 years in accordance with Anti Money Laundering Act or Accounting Act. 
  • Personal data that we process based upon your consent will be deleted when you withdraw your consent unless there is another legal basis for further processing. 
  • In some situations, we may have a legitimate interest in retaining the information for a longer period e.g. for back-up purposes.  

2.8 Roles and responsibilities between MobilePay and Merchants  
MobilePay and merchants are independent data controller for most of our services. MobilePay has an agreement with all our end users. This means that MobilePay is responsible for its own processing activities of personal data that are necessary to provide the payment solutions. Similarly, merchants have their own agreements with their customers, and are themselves responsible for their own processing activities of personal data in order to provide their services e.g. being able to carry out a sale. We do not enter into data processor agreements in the situations where MobilePay and the merchant are independent data controllers.

 

3. Your rights 

If you wish to exercise your rights, you can send your request to our Data Protection Officer or Privacy Team at privacy@vippsmobilepay.com

 

3.1 Right to access  
You have the right to access the information stored about you. Remember that you can find most of this information about you in your profile and in your activity list in the MobilePay app. 

3.2 Right to rectification  
You have the right to demand that incorrect information about you be corrected. You can change your e-mail, address, picture, account, and card information in the app. In other cases, you can send us an e-mail. 

3.3 Right to be forgotten  
You have the right to demand to delete information about you if MobilePay does not have a legal basis for storing it further.  

3.4 Right to withdraw your consent  
You may withdraw your consents at any time.  

  • If you have shared your information in MobilePay with companies, you can withdraw this consent: under Profile > Personal information > Companies with access and Browsers that remember you 
  • Marketing: under Profile > Settings 
  • Settings on your phone: under settings on your phone 
  • Settings in the app: e.g. under Profile > Settings or Profile > Accounts and cards 

3.5 Right to information  
You have the right to be informed about how we process your personal data. We do this in this Privacy Notice, in our Terms and Conditions, and when obtaining consent. 

3.6 Right to protest  
If we process information about you based on our legitimate interest, you have the right to object to our processing of information about you. This can be for example for analysis purposes or for compiling personal data across our services. 

3.7 Right to restriction
In special situations, you have the right to request a restriction of the processing of personal data. 

3.8 Right to data portability  
You have the right to have your data transferred in a machine-readable format to a new Data Controller. 

3.9 Right to complain 
You also have the right to complain to the Norwegian Data Protection Authority at P.O. Box 458 Sentrum NO-0105 Oslo or to a Data Protection Authority near you.  

 

Changes in this Privacy Notice 

MobilePay continuously works to improve and develop our services. We will change information in this Privacy Notice, some might refer to it as a Privacy Policy, in the event of any changes in the law, services we provide or in our own personal data processing practices. If MobilePay makes major changes that may affect your privacy or rights, you will be notified in the app or by email.

 

Version 1.0. Updated 12.03.2024