Information on how we process your data and safeguard your rights

Information from The Agency for Digitisation on how we use your personal data connected to NemKonto

According to article 14 in the General Data Protection Regulation, we are obligated to inform you when we process your personal data.

1. We are data controller – How to contact us

The Agency for Digitisation is data controller for the processing of the personal data we have received about you. Find our contact information below:

Landgreven 4,
1301 København K
CVR-nr.: 34051178
Phone: +45 33 92 52 00
E-mail: digst@digst.dk

2. Data Protection Officer contact information

The Ministry of Finance has appointed a Data Protection Officer, who advise on the data protection rules within the Ministry of Finance. The purpose of the Data Protection Officer is to support the Ministry of Finance’s compliance with the rules on the processing of personal data. 

The Data Protection Officer is able to guide you on your rights in connection with the processing of your personal data within the Ministry of Finance. If you wish to contact the Data Protection Officer through e-mail, you are kindly asked, not to attach your personal identification number or other sensitive data / confidential data. 

Digitaliseringsstyrelsen,
Att.: Databeskyttelsesrådgiveren
Landgreven 4,
1301 København K
E-mail: dpo@digst.dk 

3. The purposes and the legal basis for the processing of your personal data

We process your personal data with the following purposes and with the following legal basis:
  • Lov om offentlige betalinger states that people aged 18 and above are obligated to have NemKonto.
Your NemKonto is the bank account, which public authorities use when they transfer funds to you. You choose which of your accounts you want to use as your NemKonto. In connection with the creation and the operation of your NemKonto we will collect information about you. The information we will collect depends on whether you are a Danish citizen, a foreign citizen (without NemId), a foreign company (without NemId) or if it is in connection with an estate of a deceased or a bankruptcy estate.

4. Personal data categories and where they come from 

We process the following categories of personal data:
  • Personal data (GDPR art. 6)
  • Social security number

Danish Citizens

  • Account number, social security number: Through Nemkonto.dk (the self service function), the bank, online bank or appointing authority
  • Name and adress:  The social security number registry
  • Transaction history:  Will be automatically created after a possible payment

Estate of a deceased

  • Probate certificate + bank account number: Through the person responsible for the estate of the deceased
  • Foreign estate of deceased an ID with a picture will be processed – for example the heirs passport or a driving license: Through the heirs

Bankruptcy estate

  • Trustee certificate + bank account number Through the responsible for the bankruptcy estate

Foreign citizens

  • Foreign citizens, who do not have a NemId have to deliver an ID with a picture – for example a passport or a driving license: Through the citizen
  • Name, address, social security number and bank information: Through the NemKonto form

Foreign company

  • Danish registration certificate, registration certificate from the national country, the company article of associations and an Id with a picture such as a passport or driving license. Through the company
  • Name, address, CVR number, bank information Through the NemKonto form

5. Recipient or categories of recipients

We transmit your personal data to the following recipients:
  • Your financial institution: We inform your financial institution which bank account you wish to use as your NemKonto. Changes come into force within five banking days.
  • The settlement banks receives your payment information from the NemKonto registry; Sending authorities and private payers as well as their external auditors receive a receipt after the transaction has been completed;
  • The Danish Customs and Tax Administration receives payment information in connection with recovering cases according to the law;
  • The bookkeeping centers receives transaction information according to the law;
  • KMD A/S runs the NemKonto system and thus has access to personal data for technical reasons.

6. Transmission to recipients in third countries, including international organizations

Payment information will solely be transmitted to financial institutions outside of the EU when you request a foreign bank account as your NemKonto. In that case, your foreign bank will receive the public authority’s notification text to the receiver of the payment. The notification text will for instance contain information about sick pay, child benefit, overpaid tax etc. The legal basis for the transmission of personal data is the performance of a contract to which the data subject is party, cf. the General Data Protection Regulation art. 49, stk. 1, litra b.

7. Personal data and storage

The deadline for deleting personal data at NemKonto follows section 18, paragraph 1.4, in Order No. 766 of 5 July 2006 on the “Nemkontoordningen”. This rule provides that NemKonto and specific accounts are deleted by the system administrator of the Nemkonto system when the accounts have been inactive for five years.
Information is stored in the exercise of public authority.

8. Your rights

According to the General Data Protection Regulation, you have rights in connection with our processing of your personal data.
If you wish to exercise your rights, please contact us. 

Right of access by the data subject

You have the right to gain insight into the data we process about you, as well as some additional information.

Right to rectification

You have the right to have incorrect information corrected. 

Right to erasure

In specific situations, you have the right to have your information erased before our general deadline for erasure comes into force. 

Right to restriction of processing 

In certain situations, you will have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we will in the future only process your information – except for storage – with your consent or for the purposes of enforcing or defending legal claims, or for the protection of a person or important public interest.

Right to object

In certain situations, you will have the right to object to our otherwise legal processing of your personal data. 

Right to data portability

In certain situations, you will have the right to receive your personal data in a structured, commonly-used and machine-readable format, and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s instruction on the data subject’s rights. You can find the instruction on www.datatilsynet.dk 

9. Complain to the Danish Data Protection Agency

If you are dissatisfied with the way we process your personal data you have the right to file a complaint to the Danish Data Protection Agency. You will find the Danish Data Protection Agency’s contact information on www.datatilsynet.dk