eID update: Freja eID is now supported via Criipto and ready for integration. Learn more →
Live status
Log in
Test for free Contact us
Test for free Contact us
Live status

LEGAL

Service Level Agreement
Privacy and Data Protection Policy
Cookie Policy
Terms of Service
MitID Terms of Service
Data Processing Agreement (DPA)
Code of Conduct

Privacy and Data Protection Policy

1. Introduction

1.1 Criipto is committed to protecting the privacy and security of the users f its services (the “data subjects”). This Data Processing Agreement (“DP agreement”) describes the basis on which Criipto processes any personal data collected from the data subjects, or that data subjects or the Customer provide to Criipto.

1.2 The Customer is the data controller, and Criipto is the data processor in respect of such personal data collected, provided or transferred under the agreement. As data processor, Criipto shall comply with existing and future obligations and requirements under the relevant Acts on Processing of Personal Data in Denmark, Sweden and Norway and pertaining regulations (the “Act”) in relation to such personal data and process the personal data only in accordance with the terms of this DP Agreement, the Service Order Form with the Customer and any lawful instructions reasonably given by the Customer from time to time.

1.3 The Customer further represents and warrants that the Customer has complied, and will comply, with all obligations of a data controller under applicable law.

1.4 In relation to information Criipto may hold internally (for example e-mail addresses) on data subjects which constitutes personal data for which Criipto is the data controller, Criipto shall comply with obligations under the Act in relation to such personal data and process the personal data in accordance with the terms of this DP Agreement.

1.5 Criipto shall implement (a) appropriate technical and organizational measures to safeguard the personal data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure; (b) exclusive access to the personal data for those employees who need the data to perform the Services; (c) restrictions to ensure the Services process only the personal data as specified by this DP Agreement and in accordance with the Act, and Criipto accepts its obligation not to use personal data for any purposes other than those related to the performance of the Services or pursuant to the Customer’s written instructions and Criipto shall not under any circumstances transfer or cloud personal data outside EU territory.

2. What personal data we collect and use

2.1 When authenticating users, Criipto transiently processes personal information such as name, address, and e-mail address. In some cases, Criipto may keep hashed or encrypted copies of personal data.

2.2 Criipto may further collect the following information about the user’s organization, such as name, identifiers, addresses, etc.

2.3 When you participate in customer interviews that we record, we will process information regarding your name, job title, place of work, voice, and all statements you make during the customer interview. If the customer interview is video recorded, we will also process video- and image recordings of you.

3. Purpose of our collection and use

3.1 Criipto collects and uses personal data to provide the Services, to understand the Customer’s needs and to provide better products and services.

3.2 When you participate in customer interviews, we process the recording and the transcription of the interview as well as any personal data included in the recording and transcription to document your feedback on our products and onboarding procedure for the purpose of improving and developing our products and onboarding procedure.

4. Cookie policy

4.1 This website uses cookies. Cookies are small pieces of data that are used by websites to analyze and optimize the user experience. This allow websites to remember user visits which can help the website improve and make returning visits easier.

4.2 We use cookies to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media.

4.3 The first time you visit our website, you decide whether you want to accept or decline cookies. If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked. You can always choose to withdraw your consent or change your preferences.

5. Sharing of personal data

5.1 Criipto may share personal data with third parties who assist in providing the Services.

5.2 The Customer accepts that Criipto allows the personal data for which the Customer is the data controller to be processed by such third parties (“data processors”). The data processors shall solely act according to instructions from Criipto. By accepting these terms and conditions, the Customer authorizes Criipto to give such instructions to the data processors which are necessary for the processing of data in accordance with this DP Agreement and for the purpose of use of the Services.

5.3 The above-mentioned processing are subject to agreements ensuring that the party receiving personal data (a) has implemented appropriate technical and organizational measures to safeguard the personal data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure; (b) has limited the access to the personal data only to those employees who need the data to enable the processor to perform its services; (c) only processes the personal data as specified by this DP Agreement and in accordance with the Act, (d) will not use personal data for any purposes other than those related to the performance of the services or pursuant to our written instructions and e) shall not under any circumstances transfer personal data outside EU territory.

5.4 Criipto remains fully responsible in relation to the Customer for all work carried out with reference to this DP Agreement, performed by Criipto itself or a subcontractor.

6. Right of access and rectification

6.1 Data subjects may, at any time, access, review, correct, update, change or delete some or all of the information registered under their profile by logging into their profile.

6.2 If a data subject wishes to know which personal data Criipto, as data controller, holds about the data subject, the purpose of the processing, who receives the personal data and the origin of the information, Criipto can be contacted. Likewise, if a data subject wishes us to correct, update, or delete such personal data, Criipto may be contacted. Criipto shall respond to quests in due time for the Customer to respond to such request within the 10-day timeframe regulated by the Act.

6.3 If a data subject’s profile is deleted, Criipto shall discontinue collection of the data subject’s personal data and the personal data held about the data subject will be deleted.

6.4 If the Customer needs assistance in complying with the rights of the data subjects for whom the Customer is the data controller, the Customer may at any time contact Criipto.

6.5 Notwithstanding the above, Criipto shall store personal data if obliged to do so by law.

7. Audit

7.1 The Customer or its external advisors shall, to a reasonable extent, have the right to inspect Criipto’s books and records or other material which may be relevant to assess whether Criipto is compliant with its obligations under this DP Agreement. Criipto shall take necessary actions to assist the Customer required for such control.

7.2 Criipto’s assistance to the Customer or its external advisors shall be billed according to the then agreed hourly rates.

8. Legal basis

8.1 The legal basis for the processing of your personal data collected in relation to customer interviews is your consent pursuant to Article 6(1)(a) of the GDPR. You can always withdraw your consent by contacting us at hello@criipto.com. The withdrawal of your consent does not affect the legality of the processing prior to the withdrawal of your consent.

9. Storage period

9.1 We will process your personal data as long as necessary for the purpose for which it was collected. The recordings of customer interviews (both sound and video) will be deleted after the transcription has been completed. Customer interview transcriptions and any personal data contained therein will be deleted or anonymized after one year, or when you withdraw your consent, whichever comes first.