2.PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER
2.1.VERISEC INTERNATIONAL is the data controller for VERISEC INTERNATIONAL’sprocessing of your personal data and is responsible for ensuring that the processing takes place in accordance with applicable legislation.
2.2.VERISEC INTERNATIONAL has appointed Mr. Anders Henrikson as the Data Privacy Officer (“Data Privacy Officer”). The Data Privacy Officer also has the duty of monitoring that VERISEC INTERNATIONAL process personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is firstname.lastname@example.org, +46-733-458903.
3.HOW WE PROCESS YOUR PERSONAL DATA
3.1.VERISEC INTERNATIONAL does not process data which in and of itself constitutes personal data. However, the data processed by VERISEC INTERNATIONAL is unique to an individual and can therefore be considered and alias for an individual and therefore within the wider definition of personal data. VERISEC INTERNATIONAL will process this alias data for the following purposes and for the following legal reasons.
3.2.At any time you can withdraw the provided consent regarding Freja Mobileby providing written notification to VERISEC INTERNATIONAL. 3.3.VERISEC INTERNATIONAL will not process your personal information for automated decision-making or profiling.
PURPOSE: For coupling a mobile token to a realworld identity in an organisation’s user store.
LEGAL BASIS: The processing is necessary to fulfil the agreement with you as a userand for the service to function. The token serial number is stored in the mobile app and also in the VERISEC INTERNATIONAL back end authentication service, alongside a user’s LDAP user name. The serial number of the token logging in to the service is cross-referenced with the user name inorder to determine that the user is still active in the target system and has permission to access that system. The token serial number does not constitute personal data in and of itself but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional data, external to Freja Mobile.
CATEGORY PERSONAL DATA: Token serial number
PURPOSE: For generating a unique one time password.
LEGAL BASIS: The process is needed for the service to function. The token seed us used to generate a unique one time password which is used to authenticate a user logging in to a target system. The seed itself does not constitute personal data but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional dataexternal to Freja Mobile.
CATEGORY PERSONAL DATA: Encrypted token seed
4.FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
4.2.At any time, you may cancel use of the Service by selecting “Deregister account” or a similar function in the Service and block the Service according to the instructions provided by VERISEC INTERNATIONAL. VERISEC INTERNATIONAL does not retain your personal data after you have cancelled use of the Service according to this section 4.2, unless it is required by law or to protect VERISEC INTERNATIONAL’s legitimate interests, for example, in case of a legal proceeding.
5.WHO DO WE SHARE YOUR PERSONAL DATA WITH?
VERISEC INTERNATIONAL will only share your personal data with the service provider that you are using your Freja Mobile token to log into.
6.1.VERISEC INTERNATIONAL, in its capacity as the data controller, is responsible for ensuring that your personal data is processed in accordance with applicable law.
6.2.VERISEC INTERNATIONAL will, at your request or on its own initiative, correct, de-identify, delete or complete information that is determined to be incorrect, incomplete or misleading.
6.3.You have the right to require from VERISEC INTERNATIONAL access, correction or deletion of your personal data (for example, if deletion is required according to applicable legislation), request restrictions on continued processing of yourpersonal data as well as the right to object to the processing (for example, if you question whether the personal data is correct or if the processing is legal). VERISEC INTERNATIONAL will notify each recipient regarding which personal data has been removed according to item 5 above if any corrections or deletions to the information as well as restrictions on further processing of the information occur according to item 7.
6.4.You are entitled to data portability, in other words, the right under certain circumstances to receive and transfer your personal data to another data controller in a structured, generally usable and machine-readable format.
6.5.Once per calendar year, you are entitled to obtain an extract from the registry from VERISEC INTERNATIONAL,free of charge with a signed, written request, indicating which personal data about you has been recorded, the purposes of processing the data and the recipients who have received the data or will receive the data. You are also entitled to receive information in the extract from the registry regarding where the data was collected, if the personal data was not collected from you directly, the occurrence of automated decision-making (including profiling) as well as the anticipated period during which the data will be stored or the criteria that are used to determine this period. Furthermore, you are also in titled with the abstract from the registry to receive information about your other rights as specified in section 7.
6.6.You are entitled to submit complaints regarding VERISEC INTERNATIONAL processing of your personal data to The Swedish Data Protection Authority.
7.PROTECTION OF YOUR PERSONAL DATA
You should always feel secure when providing personal data to us. Therefore, VERISEC INTERNATIONAL has taken the necessary safety precautions to protect your personal data regarding unauthorised access, modification and deletion.
VERISEC INTERNATIONAL uses Performance Cookies which purpose is to gather data on how visitors use the website; for example, which pages are visited more often, or if they get error messages. These cookies monitor only the performance of the site as the user interacts with it and enable the website to provide enhanced functionality.
This information is not provided to third parties. If you are not longer interested in VERISEC INTERNATIONAL to store or collect the information, you must cancel the Service according to section 4.2 above.