Collection of personal data
Here you can read about the Agency for Digital Government use of personal information associated with the NemKonto register and how to obtain information about it
We are data controller – How to contact us
The Agency for Digital Government is data controller for the processing of the personal data we have received about you. Find our contact information below:
Digitaliseringsstyrelsen,
Landgreven 4,
1301 København K
CVR-nr.: 34051178
Phone: +45 33 92 52 00
E-mail: digst@digst.dk
-
The Ministry of Digital Government and Gender Equality has appointed a Data Protection Officer, who advise on the data protection rules within the Ministry of Finance. The purpose of the Data Protection Officer is to support the Ministry of Finance’s compliance with the rules on the processing of personal data.
The Data Protection Officer is able to guide you on your rights in connection with the processing of your personal data within the Ministry of Digital Government and Gender Equality. If you wish to contact the Data Protection Officer through e-mail, you are kindly asked not to attach your personal identification number or other sensitive data / confidential data.
Digitaliseringsstyrelsen,
Att.: Databeskyttelsesrådgiveren
Landgreven 4,
1301 København K
E-mail: dpo@digst.dk
-
We process your personal information for the following purposes:
The purpose of the Agency for Digital Governments processing of your personal information is to provide the NemKonto-system to you, public authorities, and private payers.
Your NemKonto is the bank account that all public authorities use when they need to transfer money to you. You can choose any of your regular bank accounts to use as your NemKonto.
The legal basis for our processing of your personal information is derived from:
ALov om offentlige betalinger m.v. (LBK nr. 494 af 4. maj 2023), bekendtgørelse om Nemkontoordningen (BEK nr. 647 af 13. april 2021), and Article 6(1)(e) of the General Data Protection Regulation for the processing of ordinary personal data, as well as Section 11(1) of the Data Protection Act for the processing of CPR numbers.
-
We process the following categories of personal data:
Ordinary personal information:
- Name
- Address information
- Tax ID Number
- Bank account information
Confidential personal information:
- CPR number (Civil Registration Number)
Personal information that may be subject to special rules under the General Data Protection Regulation or the Data Protection Act:
- Transaction history, including type of benefit:
- The transaction history includes information about amounts, sender, recipient, date, etc. Thus, the information can indicate confidential, social, occupational, and economic details about the recipient of the payment. This could, for example, be the disbursement of unemployment benefits from your union, indicating a union affiliation.
- Type of benefit on the payment order: The type of benefit refers to the type of payment order, such as sickness benefits, disability supplements, funeral assistance, child support for single parents, etc. Thus, the type of benefit can indicate confidential or sensitive information about you.
-
We disclose or transfer your personal information to the following recipients:
- Your bank: We inform your bank about which account you wish to use as your NemKonto.
- Payment-processing banks: They receive your payment information from the NemKonto register in connection with the execution of a payment.
- Sending authorities and private payers, along with their external auditors: They receive acknowledgment responses after the transaction is completed.
- The Danish Tax Authority: They receives payment information in debt collection cases and as part of its control function to combat economic crime and fraud
- The Danish National Bank: In connection with the national bank's work to ensure financial stability and their work regarding currency and monetary policy.
- Accounting centers: They receive transaction information.
- KMD A/S: The provider operates the NemKonto system and may therefore have access to personal information for technical reasons.
-
We do not transfer your personal information to recipients outside the EU and EEA. Payment information is only sent to financial institutions outside the European Union/European Economic Area if you ever request the designation of a foreign bank account as your NemKonto
-
Your name and address are obtained from the CPR register. When you create or change your NemKonto, we obtain your account number from one of the following channels that you have used to assign the NemKonto:
- Self-service solution on nemkonto.dk
- Your financial institution
- A public authority
-
NemKontos and specific accounts are deleted by the system administrator for the NemKonto-system when no monetary amounts have been designated to these accounts in the current year plus 10 years.
-
The Danish Agency for Digital Government also acts as the data controller regarding any personal data processed about you if you contact NemKonto Support. NemKonto Support helps users find information about NemKonto and how to use the NemKonto solution. With NemKonto Support, users can receive help via phone, e-mail and screen sharing.
The purpose of The Danish Agency for Digital Government’s processing of personal data when users contact NemKonto Support is: Provision of support in relation to the use of NemKonto and improvement of support services.
- The legal basis for our processing of your data in relation to inquiries via phone or mail is based on the EU General Data Protection Regulation Article 6, paragraph 1, litra e, related to the processing of ordinary personal data in the exercise of public authority.
- The legal basis for processing your personal data in relation to the customer satisfaction survey, including the anonymized survey of trends in the phone calls, screen sharing and/or phone recordings follows Article 6 of the Data Protection Regulation, paragraph 1, litra a, on consent.
In relation to screen sharing, the supporter will be able to see the personal information that may appear on the page where you need support.
In relation to the customer satisfaction survey and/or screen sharing, you can withdraw your consent at any time.
E-mails that are misdirected to NemKonto Support are, to the extent that is possible, forwarded to the appropriate authority/unit.
Data processor
The Danish Business Authority is our processor in relation with support.
Storage of your personal information in relation to NemKonto support
- With consent, the phone call is recorded and stored for 30 days, after which it is deleted. The call is recorded for training and quality assurance purposes.
- With consent to receive a customer satisfaction survey, your phone number is deleted after 90 days, and your comment is deleted after 180 days. The customer satisfaction survey is sent based on your call.
- In the data processor's phone system, call data is deleted after 90 days (data includes phone number, date and time, call duration, queue selection, any callbacks, wait time, and supporter's name).
- All written inquiries are stored for 6 months and then deleted.
- With consent to receive a customer satisfaction survey in relation to written inquiries, your email is deleted after 90 days, and your comment in the customer satisfaction survey is deleted after 180 days. The customer satisfaction survey is sent based on your written inquiry.
- All written inquiries that NemKonto Support forwards to another authority are archived and stored. Any complaints will also be logged and stored.
- The data processor uses a data sub processor to analyze trends in user calls. This is done to improve the service of the support. The conversations are transferred to the sub-processor, that immediately converts the speech to text and anonymizes the text. The anonymized text is then used for trend analysis. The sub-processor retains the audio recording of the conversation for 30 days, after which it is deleted.
-
According to the General Data Protection Regulation, you have rights in connection with our processing of your personal data.
If you wish to exercise your rights, please contact us.Right of access by the data subject
You have the right to gain insight into the data we process about you, as well as some additional information.
Right to rectification
You have the right to have incorrect information corrected.
Right to erasure
In specific situations, you have the right to have your information erased before our general deadline for erasure comes into force.
Right to restriction of processing
In certain situations, you will have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we will in the future only process your information – except for storage – with your consent or for the purposes of enforcing or defending legal claims, or for the protection of a person or important public interest.
Right to object
In certain situations, you will have the right to object to our otherwise legal processing of your personal data.
The right to withdraw consent
The right to withdraw consent is relevant in relation to support. When you request support, you may be asked to consent to the processing of your personal data for customer satisfaction analysis, screen sharing, and call analysis. If you choose to withdraw your consent, it does not affect the legality of our processing of your personal information based on your previously given consent and up to the time of withdrawal. If you withdraw your consent, it only takes effect from that point forward.
Please note that there are exceptions to these rights, and you may not always be able to exercise all of your rights. This is because, as public authorities, we often process personal data as part of our exercise of authority, and certain exceptions apply.
-
If you are dissatisfied with the way we process your personal data you have the right to file a complaint to the Danish Data Protection Agency. You will find the Danish Data Protection Agency’s contact information on Datatilsynet.