1. Your Vipps agreement with Vipps
The Vipps Privacy Protection Policy is part of the terms and conditions for the use of Vipps and thus part of the Agreement between you as a Vipps user and Vipps AS («Vipps»).
2. Purpose of processing personal data
Vipps processes your personal data in accordance with the Norwegian Personal Data Act and Vipps’ concession from the Norwegian Data Protection Authority. The main purpose of Vipps’ processing of personal data when you use Vipps is to fulfil the obligations undertaken by Vipps in order to implement the Agreement. In Vipps, personal information is also processed, among other things, for the following purposes:
In addition, Vipps will process personal data as prescribed or provided by law or to the degree you have consented to such processing.
3. Accesses in Vipps
In order to ensure effective Vipps functionality, Vipps requests various accesses to your mobile phone. These accesses apply to:
Please note that if you use the Android Lollipop operating system, you cannot upgrade to version 1.5 of Vipps without consenting to Vipps being given access to locations when being installed. If you would not like Vipps to have access to locations, you can turn this option off under Settings in Vipps as soon as the application has been upgraded and you have logged in.
4. Information stored by Vipps
Vipps stores information which is provided by yourself in Vipps when you register and which is generated when you use the service. Vipps stores the following data:
5. Collection of data from public records
Vipps will collect data about you from public records to the extent that this is required for the fulfilment of our obligations towards you under this Agreement or obligations prescribed by law.
6. Disclosure of personal data
Information that can be linked to you personally will not be shared with others unless it is stipulated in this Agreement or founded on the law, or if you have specifically agreed thereto. In accordance with the Agreement, Vipps will, as an example, send some information about you to the recipients of your payments. See more about this in item 5.1 in the Vipps terms and conditions.
When you establish a Vipps profile, other Vipps users can search for you in the solution by means of your telephone number. Vipps can also inform issuers of Vipps Invoice that you have activated this function, so that these issuers can send you invoices in Vipps.
Vipps can share your personal data with sub-suppliers who process personal data on behalf of Vipps (processors). The transfer of personal data to such processors is in accordance with processor agreements which, among other things, prevent the processors from using the data for other purposes. The transfer of personal data to Vipps’ processors is not deemed to be disclosure.
7 . Customer relationship management and marketing
Vipps will inform you about products within the payment service category. In addition, Vipps will give you information about product categories other than payment services through electronic marketing if you have given your consent. This implies that Vipps may send you useful information and offers for products and services electronically in the Vipps app, to your mobile phone number or your stated e-mail address. Consent in accordance with this provision encompasses electronic marketing of all types of products and services, not only products you have previously consented to. You may withdraw your consent at any time by contacting Vipps.
8. Prevention and identification of criminal acts
Vipps will process personal data with the purpose to prevent, identify, solve and deal with criminal fraud and other criminal acts. Information will be obtained from and handed over to other banks and financial institutions, the Banks’ Misuse Register (common misuse register of own and other accounts and payment instruments), the police and other public authorities. Data can be stored up to ten years from registration. Vipps will process personal data to fulfil the investigation and reporting duty for suspicious transactions in accordance with the Money Laundering Act. The bank is obliged to report suspicious information and transactions to the Financial Intelligence Unit at the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime. In accordance with Section 23, first subsection litra b) and litra f) of the Personal Data Act, you do not have the right to access to the information the bank has registered for these purposes.
9. Right of access, rectification and deletion
You may get right of access to the data Vipps has registered about you by sending a written and signed request to Vipps. Please contact Vipps to rectify information about you which is inaccurate. Personal data will not be stored longer than necessary to carry out the purpose of the processing. Thereafter, the data will be deleted or anonymised, unless the information will or can be stored beyond the statutory time period. This also applies if you delete your Vipps profile. Information about your transactions will be stored by Vipps as long as this is required by law.
10. Securing personal data
Personal data collected by Vipps shall be stored and processed in a safe and secure manner. The bank has established and documented procedures and measures to ensure satisfactory data security with regard to confidentiality, integrity and accessibility in accordance with Section 13 of the Personal Data Act.
Vipps can make amendments to this privacy protection policy to comply with statutory requirements and the bank’s own procedures for collecting and processing data. If significant amendments are made, you will have to approve the terms and conditions again.
Vipps acts as controller for the handling of personal data as outlined in this privacy protection policy.
If you have any questions concerning the Vipps privacy protection policy, please do not hesitate to contact Vipps on www.vipps.no, or call +47 22 48 28 00.