NOTICE
Verisec International AB uses cookies to provide necessary website functionality, improve your experience and analyze our traffic. By using our website, you agree to our Privacy Policy and our cookies usage.


 

Privacy Police


1.GENERAL


1.1.This privacy policy (“Privacy Policy”) applies when Verisec International AB, Corp. ID. No. 559246-1767 | Riddargatan 12 B, 1tr ög, 114 35 Stockholm, SWEDEN (“VerisecInternational”) provides astrong authentication service via the app Freja Mobile (“Service”).

1.2.You have registered as a user of the Service according to the Terms of Use for the Service. This Privacy Policy constitutes an integral part of the Terms of Use.

1.3.You should always feel secure when providing personal data to us. This Privacy Policy is designed to show you how your data is processed securely in accordance with applicable legislation.

1.4.When the Service is used, several parties can be involved. This Privacy Policy only applies in relation to the processing performed within the Freja Mobile app by Verisec International its capacity as data controller. Therefore, Verisec International recommendsthat you also read the privacy policies of theother parties who may be involved in the use of the Service, for example, the service provider for which you use your Freja Mobile token to loginto.

1.5.In order to use the Service, you must, in addition to the requirements set forth in the Terms of Use for the Service, accept this Privacy Policy.

2.PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER

2.1.Verisec International is the data controller for VerisecInternational’sprocessing of your personal data and is responsible for ensuring that the processing takes place in accordance with applicable legislation.

2.2.Verisec International has appointed Mr. Anders Henrikson as the Data Privacy Officer (“Data Privacy Officer”). The Data Privacy Officer also has the duty of monitoring that Verisec International process personal data in accordance with applicable legislation. Contact information for the Data Protection Officer is anders.henrikson@verisecint.com, +46-733-458903.

3.HOW WE PROCESS YOUR PERSONAL DATA

3.1.Verisec International does not process data which in and of itself constitutes personal data. However, the data processed by Verisec International is unique to an individual and can therefore be considered and alias for an individual and therefore within the wider definition of personal data. Verisec International will process this alias data for the following purposes and for the following legal reasons.

3.2.At any time you can withdraw the provided consent regarding Freja Mobileby providing written notification to VerisecInternational. 3.3.Verisec International will not process your personal information for automated decision-making or profiling.

Freja Mobile

PURPOSE: For coupling a mobile token to a realworld identity in an organisation’s user store.

LEGAL BASIS: The processing is necessary to fulfil the agreement with you as a userand for the service to function. The token serial number is stored in the mobile app and also in the Verisec International back end authentication service, alongside a user’s LDAP user name. The serial number of the token logging in to the service is cross-referenced with the user name inorder to determine that the user is still active in the target system and has permission to access that system. The token serial number does not constitute personal data in and of itself but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional data, external to Freja Mobile.

CATEGORY PERSONAL DATA: Token serial number

PURPOSE: For generating a unique one time password.

LEGAL BASIS: The process is needed for the service to function. The token seed us used to generate a unique one time password which is used to authenticate a user logging in to a target system. The seed itself does not constitute personal data but it is an alias for a specific end user and therefore can be traced back to that person if correlated with additional dataexternal to Freja Mobile.

CATEGORY PERSONAL DATA: Encrypted token seed

4.FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

4.1.Your personal data is stored as long as is needed to fulfil the objectives that require the data to be collected in accordance with this Privacy Policy and to comply with laws and regulatory requirements. Normally your personal data is stored.

4.2.At any time, you may cancel use of the Service by selecting “Deregister account” or a similar function in the Service and block the Service according to the instructions provided by VerisecInternational. Verisec International does not retain your personal data after you have cancelled use of the Service according to this section 4.2, unless it is required by law or to protect Verisec International’s legitimate interests, for example, in case of a legal proceeding.

5.WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Verisec International will only share your personal data with the service provider that you are using your Freja Mobile token to log into.

6.YOUR RIGHTS

6.1.Verisec International, in its capacity as the data controller, is responsible for ensuring that your personal data is processed in accordance with applicable law.

6.2.Verisec International will, at your request or on its own initiative, correct, de-identify, delete or complete information that is determined to be incorrect, incomplete or misleading.

6.3.You have the right to require from Verisec International access, correction or deletion of your personal data (for example, if deletion is required according to applicable legislation), request restrictions on continued processing of yourpersonal data as well as the right to object to the processing (for example, if you question whether the personal data is correct or if the processing is legal). VerisecInternationalwill notify each recipient regarding which personal data has been removed according to item 5 above if any corrections or deletions to the information as well as restrictions on further processing of the information occur according to item 7.

6.4.You are entitled to data portability, in other words, the right under certain circumstances to receive and transfer your personal data to another data controller in a structured, generally usable and machine-readable format.

6.5.Once per calendar year, you are entitled to obtain an extract from the registry from VerisecInternational,free of charge with a signed, written request, indicating which personal data about you has been recorded, the purposes of processing the data and the recipients who have received the data or will receive the data. You are also entitled to receive information in the extract from the registry regarding where the data was collected, if the personal data was not collected from you directly, the occurrence of automated decision-making (including profiling) as well as the anticipated period during which the data will be stored or the criteria that are used to determine this period. Furthermore, you are also in titled with the abstract from the registry to receive information about your other rights as specified in section 7.

6.6.You are entitled to submit complaints regarding Verisec International processing of your personal data to The Swedish Data Protection Authority.


7.PROTECTION OF YOUR PERSONAL DATA

You should always feel secure when providing personal data to us. Therefore, Verisec International has taken the necessary safety precautions to protect your personal data regarding unauthorised access, modification and deletion.

8.COOKIES

Verisec International uses Performance Cookies which purpose is to gather data on how visitors use the website; for example, which pages are visited more often, or if they get error messages. These cookies monitor only the performance of the site as the user interacts with it and enable the website to provide enhanced functionality.

This information is not provided to third parties. If you are not longer interested in Verisec International to store or collect the information, you must cancel the Service according to section 4.2 above.

9.CHANGES TO THIS PRIVACY POLICY

Verisec International has the right to modify this Privacy Policy at any time. Verisec International will provide reasonable advance warning of changes to the Privacy Policy. If you do not approve of the modified terms, you have the right to cancel the agreement with Verisec International before the modified Privacy Policy take effect. You can terminate the agreement by following the instructions in item 4.2 above.

10.CONTACT INFORMATION

Please do not hesitate to contact Verisec International if you have any questions about this Privacy Policy, the processing of your personal information or if you would like an extract from the registry. Verisec International contact information can be found under section 1 above.