Go to main content
NemID Logo

Print page

Processing personal data when issuing and administrating a personal NemID (eID solution)

You can read here about how Citizens’ services (Borgerservice) and Nets DanID process your personal data when you apply for and receive NemID with a public digital signature.

As a data controller, we must protect your personal data and ensure that it does not become corrupted, deleted unintentionally or misused.
Citizens' services and Nets DanID will comply with the relevant General Data Protection Regulation.

For more information about NemID, go to  www.nemid.nu.

Who will process your data?

Citizens’ services where you apply for your NemID

and

Nets DanID A/S
Lautrupbjerg 10
DK - 2750 Ballerup
Central Business Register no. (CVR no.): 30808460

will process your data.

Contact information for our data protection advisor:
Email address:  dpo@nets.eu
Request for insight:  https://www.nets.eu/gdpr/dsr

How do we process your data, and for what purposes?

When you apply for and receive NemID, we register your name and your civil registration number (CPR number). We retrieve your address from the public Civil Registration System, and we link your civil registration number (CPR number) with a NemID number and a personal identification number (PID number), which we register in the public PID service for which the Danish Agency for Digitisation is the data controller. This data is necessary for us to issue and administer your NemID and is therefore mandatory.

Whether you want your email address and mobile phone number to be registered is optional. We use your email address to send you information regarding expiry of your NemID and reminders of renewal. You will have to register your mobile phone number if you want to receive a new temporary password via a text message.

The sole purpose of processing your personal data is to issue and administer NemID for you to use on websites that require log-in with NemID and/or a public digital signature.

Moreover, Citizens’ services can look you up in the Civil Registration System to verify your personal data when issuing NemID, to ask you control questions to verify your identity.

When you use your NemID, we register the IP address from which you have logged on. We do not register which websites you access with your NemID unless you have selected this option in Self-service on nemid.nu.

If you use NemID code app, Nets DanID collects information about the mobile device that you are using, the operating system of your mobile device and the IP address you are using, as well as whether the security of your device is intact (not jailbroken/rooted). We use this information to identify your device so you can recognise it when using NemID selfservice or support. Furthermore, the NemID code app can only run on devices where the security is intact (e.g. not jailbroken or rooted). Data from electronic traces cannot be used to obtain personal data about you.

In order to increase the user-friendliness and use of NemID code app, Nets DanID collects statistical information for its own use which sheds light on how the app works and which functions may require improvement. Your data is not analysed at an individual level; the data is collected in anonymised statistics. The information, as well as the electronic traces, will also be made available to the app developer in an anonymised format.

 

The basis for processing your personal data is your request to receive NemID. The legal basis is there-fore that we satisfy an agreement with you on issuing NemID according to the General Data Protection Regulation art 6.1.b. We process your civil registration number (CPR number) with your consent according to the General Data Protection Regulation art 6.1.a and the Data protection act § 11, as this is necessary for us to issue and administer your NemID. You can withdraw your consent to process your civil registration number (CPR number), but this means that you will no longer be able to use your NemID.

Why do we process your data?

The IT systems in which your personal data is registered are operated in Denmark and in Norway. There is no access to your personal data from outside Denmark and Norway.

Who can access your personal data?

We will not disclose your personal data for purposes not related to issuing, administrating and using NemID.

When you use NemID on public websites, on your online banking system or with private service providers that use NemID and digital signature to log in, these service providers will receive your name, your NemID number and your PID number (this data is registered in the certificate).

If the police request access to your personal data when investigating criminal offences, we will provide this data on presentation of a court order.

In civil matters, for example concerning disputes between a NemID holder and a provider of a service on whether the NemID holder has used their NemID to approve specific transactions, we will confirm the service provider's data on name, civil registration number (CPR number) and PID number from the data that we have registered about you. We will also state whether your NemID was valid at the date of transaction.

How long will your personal data be stored?

According to the certificate policy issued by the Agency for Digitization for OCES certificates, Nets DanID will store your personal data for as long as you have an active NemID and for six years after your NemID has been blocked. Your personal data will then be deleted.

What are your rights?

You have the following rights:
You are always entitled to access the personal data that we process. You can always log on to Self-service on nemid.nu and see what we have registered about you, including your event log. If you want to receive your personal data in electronic format, please contact us at: https://www.nets.eu/gdpr/dsr
You are entitled to have incorrect personal data corrected.

You are entitled to be deleted as a NemID holder. If you are deleted as a NemID holder, we will store your data for six years after your NemID has been deleted. Your data will then be registered with status inactive and will only be accessible for a limited number of employees with an IT technical background. Your data will not be used for purposes that are inconsistent with the purposes described above.

You are entitled have the use of your personal data blocked/restricted for future use. This is done by blocking your NemID.

You are entitled to receive the personal data provided by you in a structured, common and a machinereadable format (data portability). You can access and withdraw your personal data by logging on to Self-service on nemid.nu and save a copy of your personal data by using ”print screen” .
You are entitled to file a complaint against our processing of your personal data to the Danish Data Protection Agency, which is the supervisory authority for the processing of personal data, see contact information below.

A NemID is not required by law, but many public and private service providers require NemID to use their websites. If you do not want to have NemID, you will have to go in person to Citizens’ services in your municipality and apply for services and benefits that can otherwise be applied for via the municipality's website.

Other relevant contact information

You can complain about our processing of your personal data to us or to:

Danish Data Protection Agency
Borgergade 28, 5
DK - 1300 Copenhagen K

 

*A data controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines
the purposes and means of the processing of personal data.