How we handle your privacy

1. General

1.1. This privacy policy (“Privacy Policy”) applies when VERISEC, Corp. ID. No. 559246-1767 | Riddargatan 12 B, 1tr ög, 114 35 Stockholm, SWEDEN (“VERISEC”) provides astrong authentication service via the app Freja Mobile (“Service”).

1.2. You have registered as a user of the Service according to the Terms of Use for the Service. This Privacy Policy constitutes an integral part of the Terms of Use.

1.3. You should always feel secure when providing personal data to us. This Privacy Policy is designed to show you how your data is processed securely in accordance with applicable legislation.

1.4. When the Service is used, several parties can be involved. This Privacy Policy only applies in relation to the processing performed within the Freja Mobile app by VERISEC its capacity as data controller. Therefore, VERISEC recommendsthat you also read the privacy policies of theother parties who may be involved in the use of the Service, for example, the service provider for which you use your Freja Mobile token to loginto.

1.5. In order to use the Service, you must, in addition to the requirements set forth in the Terms of Use for the Service, accept this Privacy Policy. 

2. Personal data controller & data protection officer

2.1. VERISEC is the data controller for VERISEC’s processing of your personal data and is responsible for ensuring that the processing takes place in accordance with applicable legislation.

2.2. VERISEC has appointed Mr. Anders Henrikson as the Data Privacy Officer (“Data Privacy Officer”). The Data Privacy Officer also has the duty of monitoring that VERISEC process personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is, +46-733-458903.

3. How we process your personal data

3.1. VERISEC does not process data which in and of itself constitutes personal data. However, the data processed by VERISEC is unique to an individual and can therefore be considered and alias for an individual and therefore within the wider definition of personal data. VERISEC will process this alias data for the following purposes and for the following legal reasons.

3.2. At any time you can withdraw the provided consent regarding Freja Mobileby providing written notification to VERISEC.

3.3. VERISEC will not process your personal information for automated decision-making or profiling.

Freja Mobile

PURPOSE: For coupling a mobile token to a realworld identity in an organisation’s user store.

LEGAL BASIS: The processing is necessary to fulfil the agreement with you as a userand for the service to function. The token serial number is stored in the mobile app and also in the VERISEC back end authentication service, alongside a user’s LDAP user name. The serial number of the token logging in to the service is cross-referenced with the user name inorder to determine that the user is still active in the target system and has permission to access that system. The token serial number does not constitute personal data in and of itself but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional data, external to Freja Mobile.

CATEGORY PERSONAL DATA: Token serial number

PURPOSE: For generating a unique one time password.

LEGAL BASIS: The process is needed for the service to function. The token seed us used to generate a unique one time password which is used to authenticate a user logging in to a target system. The seed itself does not constitute personal data but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional dataexternal to Freja Mobile.

CATEGORY PERSONAL DATA: Encrypted token seed

4. For how long do we store your personal data?

4.1. Your personal data is stored as long as is needed to fulfil the objectives that require the data to be collected in accordance with this Privacy Policy and to comply with laws and regulatory requirements. Normally your personal data is stored.

4.2. At any time, you may cancel use of the Service by selecting “Deregister account” or a similar function in the Service and block the Service according to the instructions provided by VERISEC. VERISEC does not retain your personal data after you have cancelled use of the Service according to this section 4.2, unless it is required by law or to protect VERISEC’s legitimate interests, for example, in case of a legal proceeding.

5. Who do we share your personal data with?

5.1 VERISEC will only share your personal data with the service provider that you are using your Freja Mobile token to log into.

6. Your rights

6.1. VERISEC, in its capacity as the data controller, is responsible for ensuring that your personal data is processed in accordance with applicable law.

6.2. VERISEC will, at your request or on its own initiative, correct, de-identify, delete or complete information that is determined to be incorrect, incomplete or misleading.

6.3. You have the right to require from VERISEC access, correction or deletion of your personal data (for example, if deletion is required according to applicable legislation), request restrictions on continued processing of yourpersonal data as well as the right to object to the processing (for example, if you question whether the personal data is correct or if the processing is legal). VERISEC will notify each recipient regarding which personal data has been removed according to item 5 above if any corrections or deletions to the information as well as restrictions on further processing of the information occur according to item 7.

6.4. You are entitled to data portability, in other words, the right under certain circumstances to receive and transfer your personal data to another data controller in a structured, generally usable and machine-readable format.

6.5. Once per calendar year, you are entitled to obtain an extract from the registry from VERISEC,free of charge with a signed, written request, indicating which personal data about you has been recorded, the purposes of processing the data and the recipients who have received the data or will receive the data. You are also entitled to receive information in the extract from the registry regarding where the data was collected, if the personal data was not collected from you directly, the occurrence of automated decision-making (including profiling) as well as the anticipated period during which the data will be stored or the criteria that are used to determine this period. Furthermore, you are also in titled with the abstract from the registry to receive information about your other rights as specified in section 7.

6.6. You are entitled to submit complaints regarding VERISEC processing of your personal data to The Swedish Data Protection Authority.

7. Protection of your personal data

7.1 You should always feel secure when providing personal data to us. Therefore, VERISEC has taken the necessary safety precautions to protect your personal data regarding unauthorised access, modification and deletion.

8. Cookies

8.1 VERISEC uses Performance Cookies which purpose is to gather data on how visitors use the website; for example, which pages are visited more often, or if they get error messages. These cookies monitor only the performance of the site as the user interacts with it and enable the website to provide enhanced functionality.

This information is not provided to third parties. If you are not longer interested in VERISEC to store or collect the information, you must cancel the Service according to section 4.2 above.

9. Changes to this privacy policy

9.1 VERISEC has the right to modify this Privacy Policy at any time. VERISEC will provide reasonable advance warning of changes to the Privacy Policy. If you do not approve of the modified terms, you have the right to cancel the agreement with VERISEC before the modified Privacy Policy take effect. You can terminate the agreement by following the instructions in item 4.2 above.

10. Contact information

10.1 Please do not hesitate to contact VERISEC if you have any questions about this Privacy Policy, the processing of your personal information or if you would like an extract from the registry. VERISEC contact information can be found under section 1 above.