​PRIVACY NOTICE - INFORMATION REGARDING DETAILS OF YOUR PERSONAL DATA IN BETALINGSSERVICE

APPLICABLE FROM 27 JULY 2023

Who are we?
Mastercard Payment Services Denmark A/S (hereafter Mastercard Payment Services) is a payment institute, which offers digital payment services – one of these payment services is Betalingsservice.

When you choose to use Betalingsservice as a digital payment service, it is necessary to collect and process your personal data so you can use the service.

 In this privacy notice you can read more about how Mastercard Payment Services processes (e.g., collect, use, share and otherwise process) your personal data when you use Betalingsservice. 

Data responsibility – processing of personal data in Betalingsservice
Mastercard Payment Services is data controller for the part of the processing of your personal data, through use of Betalingsservice as a payment channel. This means, that once you have entered an agreement regarding Betalingsservice in your bank or you have signed on to Betalingsservice or received a payment slip through/from a creditor, you also accept your personal data to be passed on to Mastercard Payment Services. 

Mastercard Payment Services stores your personal data securely and processes all personal data related to you in accordance with this privacy notice and applicable laws and regulations. 

You can also use Betalingsservice via the Betalingsservice-app. This notice regulating the processing of your personal information in the Betalingsservice-app, can also be found in the app. 

Why do we register and process your personal data?
We collect and process your personal data to enable us to:

  • Send you a payment slip and support your payment
  • set-up your agreement to use Betalingsservice + execute your payments in Betalingsservice
  • meet regulatory requirements to Mastercard Payment Services as a payment institute (e.g., regarding anti-money laundering)
  • offer customer service to you as an individual or as an employee, using Betalingsservice
  • conduct statistical analysis, product improvement, business development and increase user friendliness – Mastercard Payment Services primarily uses anonymous information for this purpose.

What personal data do we process?
The personal data we process consists, amongst other, of:

  • name
  • address
  • customer number
  • CPR-number or unique personal ID
  • account information
  • transaction information, including amount, payment date, recipient and free text
  • IP-address (if you use the Betalingsservice-app)
  • information regarding objections, complaints or other inquiries to customer service
  • subsequent other sensitive personal data we may process about you.

To enhance user-friendliness and usage of Betalingsservice, Mastercard Payment Services also collects statistical information, such as information about your mandates, channel for creation of the mandates, age, salary, geographical information and so forth. The data is not analyzed on an individual basis but is collected and processed anonymously for statistical purposes.

In addition, we also process business contact person’s names, phone numbers and email addresses.

How do we collect your personal data?
We collect and process your personal data when you:

  • enter an agreement to use Betalingsservice
  • download and use the Betalingsservice-app
  • receive a payment slip (e-Boks/Digital Post/physical mail) or use BS Tilmeldingslink 

What is our legal basis to process your personal data?
Mastercard Payment Services processes your personal data in accordance with the applicable laws and regulations, when you:

  • enter an Betalingsservice agreement, or another agreement, whereby your personal data is passed on to Mastercard Payment Services
  • download and use the Betalingsservice-app
  • use e-Boks payments or Betalingsservice sign-up link (BS Tilmeldingslink)
  • receive a payment slip (use e-Boks/Digital Post/physical mail) or use BS Tilmeldingslink

When you enter an agreement to use Betalingsservice through one of the above-mentioned channels, you accept the terms and conditions for the use of Betalingsservice, in particular the processing of your personal data (General Data Protection Regulation Article 6(1)(b), and the Danish Data Protection Act § 11(2)(2)).

Mastercard Payment Services also processes your personal data, when:
  • Mastercard Payment Services according to regulatory obligations as a payment institution, in particular the Anti-Money Laundering Act, the Accounting Act, the Payment Act, etc. is obligated to process your data (General Data Protection Regulation Article 6(1)(c), e.g., in relation to:
    • prevention of misuse and fraud
    • strengthening IT-security and payment security
    • investigation of potential error transactions and in relation to potential complaints.
  • Mastercard Payment Services in general has a legitimate interest to process your data (General Data Protection Regulation Article 6(1)(f), e.g., in relation to:
    • preparation of statistical analysis and business development.
  • Mastercard Payment Services completes tasks on behalf of public senders, that are categorized as official authorities (General Data Protection Regulation Article 6(1)(e)
    • Use of the Danish Authority for Digitisation’s digital email service through Netcompany to send out payment slips on behalf of public senders subject to the Danish Act on Digital Post from public senders.

In the unlikely event that we process your sensitive personal data, our processing will be in accordance with the legal basis that the creditor or bank has determined as the data responsible for their processing of your personal data, and it will relate to personal data which the creditor or bank have provided in connection with your payment. If we process your sensitive personal data for the purpose of determining, defending or enforcing a legal claim, the processing is based on the General Data Protection Regulation Article 9(2)(f).

How long do we store your personal data?
Mastercard Payment Services stores your personal data as long as it is necessary to perform the purpose of the data processing:

  • As long as you are a user of Betalingsservice, we process and store your personal data so you can use Betalingsservice
  • When your business relationship with Mastercard Payment Services ends, we store your personal data in accordance with our legal requirements cf. the Accounting Act, the Payment Act, the Anti-Money Laundering Act, the Limitation Act and requirements from the Danish Financial Supervisory Authority.

Personal data from third parties
Upon your acceptance of the transfer of your personal data to Mastercard Payment Services through creditor, bank or e-Boks/Digital Post, Mastercard Payment Services receives your personal data from third parties. In addition, we use the following sources to verify the authenticity of the data:

  • the data received from your creditor
  • your bank
  • The Danish Central People Register (the CPR-register)
  • The Danish Business register (the CVR-register)
  • service provider(s) in relation to anti-money laundering processing.

Personal data to third parties
We forward your personal data to the following third parties:

  • the bank or creditor, where you have a customer relationship – and only for the purpose to enable your use of Betalingsservice
  • recipient bank, for transactional information relating to your payment
  • e-Boks A/S or the Danish Authority for Digitalization through Netcompany when distributing payment slips
  • Aiia A/S by using Aiia Pay in connection with payment of payment slips received in e-Boks or Digital Post
  • Nets A/S and Signicat Danmark in relation to signing and login with NemID or MitID
  • Itera ApS in relation to creation of creditor agreements (does not include debtor information)
  • public authorities etc. on request, in accordance with the applicable laws and regulations, including enquires from the police and other authorities.

Use of cookies on our website
When you visit our website, we use cookies. You can read further in our cookie policy on https://www.betalingsservice.dk/privat/cookies

Your rights
You have several rights in accordance with the General Data Protection Regulation. You have:

  • the right to access the data we process about you
  • the right to object to certain processing of your personal data, including objection to profiling and direct marketing in this regard
  • the right to have data completely or partially deleted, provided we do not have a legitimate purpose for processing the data
  • the right to have data rectified if the information may be inaccurate, incorrect or incomplete
  • the right to limit processing of your personal data, under certain conditions
  • the right to withdraw your consent to process your personal data. As a consequence, you will not be able to use Betalingsservice
  • the right to data portability, as far as our processing of personal data is automated and is based on your consent or the agreement, we have with you
  • the right to lodge a complaint with the competent supervisory authority, including the Danish Data Protection Authority. You can find their contact details at www.datatilsynet.dk

In certain situations, your rights are limited. This can, for example be if Mastercard Payment Services is obliged under applicable laws and regulations to process your personal data. 

If you wish to exercise your rights, you can contact us here: www.mastercardpaymentservices.com/gdpr

Contact
You can at any time contact Betalingsservice customer service, if you have any questions regarding Betalingsservice on + 45 80 81 06 65.

If you have questions relating to our processing of your personal data, you are always welcome to contact our data protection officer on mpsprivacy@mastercard.com​