Buypass Privacy Policy

Buypass AS is responsible for the processing of personal information as described in this privacy policy.

If you have questions about Buypass' privacy policy, please contact us by phone or use our contact form.

Please refer to  Section 7 for contact information.

In order to process your personal data, we must have a legal basis. We use the following legal basis for processing:

a) To fulfil an agreement with you
The purpose of Buypass' processing of personal data is primarily related to information necessary for the acquisition, administration and use of Buypass ID and certificates (authentication and/or signing), but also for invoicing and execution of payment orders. This depends on which of our services you have chosen to use.

For more information, please refer to:
Customer agreement for the Sports payment solution

Customer Agreement for Buypass ID and Subscriber Agreements for Enterprise and TLS

b) Legal obligations
Buypass processes your personal data to fulfill obligations under law, regulations or government decisions, such as data protection legislation, accounting law, anti-money laundering law, and other relevant regulations in addition to orders from authorities with a legal basis in law.

Examples of processing based on legal obligations may be to prevent and detect criminal offences such as ID theft, money laundering, terrorist financing and fraud. Furthermore, as a result of accounting requirements or reporting requirements to police authorities, supervisory authorities and other authorities with a legal basis in law.

c) Legitimate interest
Buypass process personal data if it is necessary to protect a legitimate interest that outweighs the individual's privacy. The legitimate interest must be lawful, defined in advance, real and objectively justified in the business.

An example of processing based on legitimate interest is our use of CRM systems to be able to respond to inquiries.

d) Consent
If no other legal basis exists, Buypass will process personal information based on voluntary, explicit consent from you as a user of our services. If you have given consent to Buypass, you can withdraw it at any time. We will then terminate the processing of your personal data. If the processing is based solely on the consent given and not based on other legal basis, the personal data will be deleted. An example of this is consent to electronic marketing from Buypass via e.g., registration in a form.

Buypass collects personal data when you...

• register as a customer to use our services
• use your Buypass ID
• use the Sports Payment Solution
• make a payment for one of our services
• respond to our inquiries
• order an item or service from us
• are a user on one or more of our solutions
• send us an inquiry
• register for an activity/event
• are identified as a contact person for an existing or potential customer or partner
• give consent to receive newsletters and other relevant information from us
• apply for a job with us
• visit our website
• change the information associated with your user account with us

and when Buypass makes changes to the information associated with your user account, for example in the event of changes in the National Population Register.

Which data Buypass collects and processes, and the legal basis for our processing, depends on which of our features or services you use. Below, the processing that is relevant is described.

You have a customer relationship with Buypass
Buypass processes personal data for the purpose of conducting ID and payment transactions, administering the customer relationship, and ensuring that we meet our obligations under laws and regulations.

The legal basis for processing is the fulfilment of an agreement with you.

For more information, please refer to:
Customer agreement for the Sports payment solution

Customer Agreement for Buypass ID and Subscriber Agreements for Enterprise and TLS

Use of contact form
In a contact form we ask for: Name, position, e-mail address, company, telephone number, and the subject of your inquiry. The data is stored in our customer service system and/or in CRM when relevant.

The purpose of collecting and storing information is to be able to respond to and have a dialogue around your inquiry.

Subscribe to newsletters
Buypass sends newsletters by e-mail to subscribers. We ask for name, company name and e-mail address, professional interests and consent to electronic marketing. This also serves as consent to the processing of data.

Events and marketing activities
For events and other marketing activities, we may need to ask for name, position, e-mail address, company, telephone number and any other relevant information. The purpose of the collection is to provide information to participants, administer and facilitate events and prepare participant lists.

Microsoft Teams is used as a webinar platform. Data associated with webinars will be transferred to our CRM system. 

Use of cookies
We use cookies on our website.  These are used to recognize your computer or mobile phone and give you a better user experience.

By retrieving information and/or using services on Buypass' website, you consent to cookies being set in your browser. You can change your cookie settings at any time (except strictly necessary cookies) by clicking on the button "Cookie settings" in the lower left corner of the website.

You can read more about our use of cookies.

Server logs on website
All visits to our websites are logged on our server. The information is collected to ensure operation. In the event of an attack on our website, the IP address used in connection with the attack will be blocked.

Customer Service Desk
We use Jira Service Management from Atlassian as a case management tool for our customer service. We data such as name, e-mail, telephone number, in addition to description of the inquiry and suggested solutions. We do this to fulfill an agreement with you or to assist you in using our services.

CRM system
We use HubSpot as our CRM system to manage information about our contacts (customers, partners and prospects). We store data such as name, e-mail, telephone number, title/role, consents, professional interests, activities, e-mail conversations and notes related to dialogue / sales processes, as well as visits to our website. Data is stored as long as needed or until the user requests it to be deleted.

We use Insycle for data cleansing and importing contact data from other internal systems into our CRM. 

When you visit our websites, cookies from HubSpot will track page views. This happens anonymously until you provide your contact information in a web form or consent to marketing from us. This means that information you send us can be linked with information that has previously been anonymized about visits to our website. This requires that you have accepted cookies. For more information on how this works, you can read here.

Storage & Security
When you provide your personal data to us, you can be sure that storage and processing takes place within the EU/EEA or countries that meet an adequate level of protection in accordance with decisions by the European Commission.

We have established and documented actions and procedures to ensure the integrity, availability and confidentiality of personal data in accordance with the rules of data protection legislation.

Buypass does not store personal information longer than required to fulfill the purpose of the processing.

As a user, you are responsible for keeping passwords and PIN-codes confidential.

Disclosure of information
Buypass will not disclose personal data to third parties, unless we are required to do so by a court order, applicable law, or unless you have been informed and have given your consent.

For more information, please refer to:
Customer agreement for the Sports payment solution

Customer Agreement for Buypass ID and Subscriber Agreements for Enterprise and TLS

Right to access, change and correct information

According to the rules of data protection legislation, you have the right to access your own personal data. If our information about you is incorrect, you can request to have the information corrected, supplemented or deleted.  You can change some of your information yourself by logging in to “My page” on our website. If you have questions about our processing of personal data, you can contact us by phone or use our contact form (see contact information, section 7). To ensure that personal data is disclosed to the right person, Buypass may require that a request for access is made in writing or that your identity is verified in another way.

Right of access and disclosure of personal data

If you wish to exercise your right of access, please contact our customer service.

Once a complete access request has been received, we will respond without undue delay, and within 30 days at the latest. If special circumstances do not make it possible for us to respond within 30 days, we will send a preliminary response explaining the delay including information about the expected response time.

You can request access to the information we process about you and the security measures used to protect your information. However, you do not have the right to access the information we have registered about you to comply with the investigation and reporting obligations for suspicious transactions under the anti-money laundering law. This is in accordance with Article 23 of the data protection legislation.

If you suspect that unauthorized access has occurred, contact us immediately using our contact form (Section 7: contact information).

Deletion
You can terminate your customer relationship with no given reason, and demand deletion of your data. This must be requested through Buypass customer service (see contact information). You are entitled to an answer without undue delay, and within 30 days at the latest.

Buypass is required to store information about ID and payment transactions in accordance with the laws and regulations that concerns such services where relevant.

For details related to the right of access, correction and deletion of information, see:
Customer agreement for the Sports payment solution

Customer Agreement for Buypass ID and Subscriber Agreements for Enterprise and TLS

Complaints
If you believe that we process personal data in violation of data protection legislation, you can contact our Data Protection Officer by e-mail to personvernombud@buypass.no or complain to The Norwegian Data Protection Authority. You can find contact information on www.datatilsynet.no

Buypass AS, Gullhaug Torg 2D, 0484 Oslo, Norway. Telephone: 22 70 13 00.

If you wish to contact us, please use our contact form, or send an email to support@buypass.com

Our Data Protection Officer can be reached at personvernombud@buypass.no