Privacy notice
Hi Point user!
We're happy to have you on board, so we can collectively help small local businesses in their fight against large chains.
At Point (Point Technologies ApS), we take your privacy seriously. We always strive to process your personal data responsibly and in accordance with applicable regulations. In this statement, you can read what information we process about you, why we do it, and how you can exercise your rights. Note that this English version solely is a translation of the Danish version, provided as a service. In case of any discrepancy or conflict between the versions, the Danish version takes precedence.
1. Point's products
Our primary purpose for processing your personal data is to provide you with Point's products and services. Under each point on this page you can read more about how we process your personal data. Remember that you can request an overview of the information we process about you at any time. See more about this under point 3.
1.1. When you create a Point profile
Why and how do we process your personal data?
For to create a Point profile, we potentially process the following information: Information about you (name, phone number, e-mail, CPR number, gender, address and in certain cases self-entered address); Account and card information (bank account number, masked debit or credit card number as well as expiry date); Usage data (views, time, frequency and duration of activities in the app, search history as well as login- and logoutdata); Technical data (pseudonymized ID’er, IP-adresse, mobilenhed, operativsystem, browser, app-indstillinger and log over technical events) Furthermore, we collect information from relevant registers to ensure that we have correct data on you: Contact information (name, address, personal identification number as well as life- and guardianship status from the central person register); Ownership and verification of bank account (CPR number as well as card- and account information from your bank); Information about politically exposed persons
On what processing basis? The processing takes place on the basis of the contract we have with you. See Point’s private user terms for more information.
1.2. When you buy goods or services from a shop or business
Why and how do we process your personal data?
For to send and receive refunds with Point, we process the following information: Transaction data (sender’s name, phone number, name of business, payment method used, amount, transaction ID, masked card information, recipient account as well as attached payment text/message) The business will as a starting point have access to the following information: Transaction data (name, masked phone number of sender, amount as well as attached payment text/message)
On what processing basis? The contract we have with you. See Point’s private user terms.
1.3 Receipt information
Why and how do we process your personal data?
When we show receipt information for your purchases in selected stores, we process the following information: Transaction data, including date, time, name of store, payment type, recipient account, amount as well as sms/messages; Receipt information, including amount, discounts etc. Note that this receipt only concerns the transaction itself and must not be confused with the receipt which the store or the business is obliged to issue, for example with information about the nature of the goods etc.
On what processing basis? We process your information in accordance with the contract we have with you. See Point’s private user terms.
1.4. When you activate functionalities on your phone
You can adjust the following functionalities in the settings on your phone: Location (for to find a business near you, give you the best possible user experience as well as maintain a high security level); Photos and camera (for example to add a profile picture); Background updates; Mobile data (for to get access to Point without wireless internet connection) You can at any time activate or deactivate these functions in your phone settings.
On what processing basis? Your consent.
1.5 When you activate functionalities in the Point app
You can adjust the following functions in the Point app: Profile picture (for to add a profile picture, which other users can see); You can at any time activate or deactivate these functions in the Point app.
On what processing basis? Your consent.
1.6 When you use Point for your business
For to comply with applicable rules on combating money laundering, we process the following information regarding your business or association: Business roles (e.g. managing director, chairman, board members, auditor etc.), including information about the person (e.g. name, phone number, e-mail address, date of birth and CPR number) as well as signature rights; Ultimate beneficial owners, including information about the person or persons' name, date of birth, country of residence, nationality and address, as well as information from public registers; Politically exposed persons (PEP) and sanction lists, including information you give as PEP, as well as information from registers. On what processing basis? Our legal obligation. Credit assessment Upon establishment and ongoing in the customer relationship, we perform a credit assessment of your business. For certain business types, e.g. sole proprietorships, we can also perform credit assessment of persons with a role in the business. When the credit assessment is completed, you will receive a copy of the information. On what processing basis? Our legitimate interest. Remember: As the owner of a sole proprietorship, you must be aware that we share your CPR number with your bank to confirm the ownership of your bank account, if your personal account is associated with the business. This happens as part of entering into a contract with you. Onboarding and administration of the customer relationship
For onboarding, administration of customer relationship, communication and security, we process the following information; User and administrator roles in the Point Mercahnt app; Information about you: full name, phone number, e-mail address and CPR number; Usage data: views, time, frequency and duration of activities in the app, search history as well as login/logout-data; Technical data: internal IDs, IP address, mobile operating system, mobile device, browser, app settings and history of technical events; Electronic identification (eID) with MitID; Payment points at businesses; Communication between Point and the business
On what processing basis? The contract we have with you. See Point’s user terms for businesses.
2. Across Point's Services
Some processing of personal data is not necessarily linked to a specific Point product, but takes place across our services. Further details about the processing can be read below.
2.1 For legal and regulatory reasons
Why and how do we process your personal data?
For to fulfill our obligations in accordance with applicable legislation and rules, Point processes some personal data, including: Compliance with accounting rules (Accounting material, which may contain personal data, is processed and stored in accordance with the requirements of the Bookkeeping Act); Prevention and detection of crime (Point processes personal data with a view to preventing, detecting, investigating and handling fraud as well as other criminal activities. This includes among other things investigation and reporting of suspicious activities and transactions in accordance with money laundering legislation. We also obtain information from public registers, including about politically exposed persons (PEP) and sanctions, for to fulfill legal requirements); Disclosure to public authorities (Point may be obliged to disclose personal data in connection with court orders, requests from law enforcement authorities or other statutory requirements, for example in relation to the Criminal Code, taxation or statistics); Security monitoring (For to ensure information security and detect as well as combat security incidents and suspicious activities, Point processes personal data in accordance with applicable rules, including the Personal Data Regulation and relevant IT security legislation).
What allows us to do this? The processing takes place on the basis of our legal obligations.
2.2 Customer follow-up
Why and how do we process your personal data?
Point processes personal data for to help you in connection with inquiries and questions regarding our products and services. The following information may be processed: Information about you (name, phone number, e-mail, registered address as well as CPR number); Information about your inquiry and questions; Information about your customer relationship (which products and services you use); Depending on the nature of the inquiry, we can also process: Transaction data (sender and recipient's full name, phone number, amount, transaction ID, masked card information, payment account, recipient account as well as attached payment text/message); Account and card information (bank account number, masked debit or credit card number as well as expiry date); Usage data (views in app, time, clicks, searches, logins and logouts); Technical data (internal ID’er, IP-adresse, operativsystem, mobilenhed, browser, app-indstillinger, log over technical events etc.) If you contact us by phone Telephone conversations can be recorded on the basis of your consent with a view to quality assurance and training of our customer service employees. If a customer service employee assesses a risk for own security, the call can be recorded without your consent based on our legitimate interest. You will be informed, when the recording begins. These recordings are used exclusively for documentation and investigation of the incident and will not be used for other purposes. You can always contact us for information about the processing of your data in this context. How long is the data stored? Telephone conversations are stored for 30 days. You can at any time withdraw your consent by sending an e-mail to hey@point.shop. Upon withdrawal, the recording will be permanently deleted. If the conversation is relevant for legal disputes or security incidents, it will be stored, until the case is finally concluded in accordance with applicable limitation rules (cf. article 6, stk. 1, litra f, GDPR - legitimate interest). Your rights You can always make use of your rights as described in afsnit 3 about user rights. It includes among other things the right to get information about the recordings, get access to copy of your data, request deletion or make an objection against processing based on legitimate interest. If you request access to a recorded conversation (before it is automatically deleted), we will review and store the recording in the necessary extent for to document compliance with our obligations and process any complaints.
On what processing basis? The processing takes place on the basis of your consent. If the communication concerns security questions, calls can be recorded based on our legitimate interest.
2.3 Marketing communication
We want to keep you updated about our products, services, benefits and relevant recommendations — also in cooperation with our partners. We ensure, that We do not share your personal data with our partners for marketing purposes, as well as that all users under 15 years are exempted from marketing activities, and their personal data is not processed for such purposes.
2.3.1 Basic segmentation in marketing
For to be able to offer you more relevant marketing, recommendations and offers, we use some basic profile data, including age, gender, geographical area, as well as use of our products and services (for example activated products or items on wishlist) Processing basis: Our legitimate interest for to deliver relevant information to you. You have the right to make an objection against this processing. You can at any time turn this function off in the app.
2.3.2 Personalized marketing
If you give consent, we will personalize our marketing to you through the app and push messages. The purpose is to give you tailored offers, recommendations and discounts from us and our partners. It can for example be personal news, offers via push notifications, app banners or functions such as wishlist and benefits. We analyze the following information about you for to be able to do this: Profile information (for example name, postal code, payment methods); Transaction history (purchases, payments, receipts, cart information); Usage data (for example which tabs you visit, what you click on); Product data (for example number of checkouts, wishlist content)
Processing basis: Your consent. You can always see and withdraw your consents in the app. Note, that technical implementation of withdrawal can take a little time because of system updates.
2.3.3 Marketing via push messages
If you give consent, we can send you offers and suggestions via push messages. For this we process contact information (name, customer ID, phone number). Processing basis: Your consent. You can always manage your consents in the app. Withdrawal of consent and control with your data You can at any time withdraw your consent via the app or contact us. Note, that it can take a little time to implement technically. Overview of data and permissions is found in the Point app.
2.4 To test and develop our products, services and for statistical purposes
Intern development and service improvement
Point processes personal data for internal development, maintenance and improvement of the user experience. For this we analyze the use of our products and services. For to protect your privacy, we primarily use aggregated, pseudonymized or anonymized data, where you as end user cannot be identified. The information, we can process for these analyses, includes: Demographic data (age, gender, geographical area); Which Point-products and services you use; Technical data (customer ID, cookies, user agent mv.); Usage data (views in the app, time, clicks, search history, login and logout); Aggregated or pseudonymized transaction data; Profile information (for example number of payment cards and bank accounts); Use of accessibility functions Processing basis: Our legitimate interest. Statistics and analyses We use the above data for to prepare user surveys, analyses and market reports based on usage patterns and demographics. The purpose is to understand, how the services are used, by grouping users with similar patterns. The results are presented exclusively on aggregated level and cannot be traced back to you, unless you have given consent. In certain cases, we can share the results of these analyses with business users of Point. These information cannot be traced back to individuals. Processing basis: Our legitimate interest. Sharing of statistics with public authorities Point can share aggregated statistics with cooperation partners such as banks and Statistics Denmark. For Statistics Denmark this happens on the basis of a legal obligation.
Processing basis: Our legitimate interest as well as legal obligation for Statistics Denmark.
2.5 Use of data processors
We want to keep you updated about our products, services, benefits and relevant recommendations — also in cooperation with our partners. We ensure, that We do not share your personal data with our partners for marketing purposes, as well as that all users under 15 years are exempted from marketing activities, and their personal data is not processed for such purposes.
2.3 Marketing communication
Point uses data processors, who process personal data on Points behalf. There is always concluded a data processor agreement for to ensure, that the processing is performed in accordance with GDPR. Examples of types of data processors includes; Cloud-service providers; Software providers; Service providers; Consulting firms; Banks Transfer of personal data outside EU/EEA: Point can in certain cases transfer personal data to data processors in countries outside EU/EEA. Such transfers happen only, if there is ensured a sufficient protection level via approved transfer grounds such as standard agreements, binding company rules or consent.
2.6 Security of personal data
Information security is fundamental for to deliver secure and user-friendly solutions. Through effective security measures and processes we ensure in Point, that your personal data is protected against unauthorized access and changes. We have implemented the following measures: Identity- and access management; Secure software development and security test; Encryption; Network security; Security monitoring and incident handling; Security training and knowledge sharing among employees; Security requirements and follow-up of data processors and suppliers; Security measures are implemented, monitored and improved continuously based on a risk-based approach for to ensure, that personal data is sufficiently protected over time.
2.7 Storage of your information
Personal data will not be stored longer than necessary and in accordance with the following rules: The main rule is, that we store personal data, as long as you have an active customer relationship with us. When you terminate your customer relationship, certain information will be stored by Point in additional 5 or 10 years in accordance with applicable law. Personal data, which we process on the basis of your consent, will be deleted, when you withdraw your consent, unless there is another legal basis for further processing. In some situations, we can have a legitimate interest in storing the information in a longer period for example for backup purposes.
2.8 Roles and responsibility between Point and businesses
Point and businesses are independent data controllers for most of our services. Point has an agreement with all our end users, which regulates the processing of their personal data in connection with delivery of our services, and we process all information in accordance with applicable data protection legislation, including GDPR. Businesses get access to certain relevant information about the goods and services, you buy from them, which is made available via dashboards and similar platforms. In these situations, businesses have a self-standing responsibility for to comply with applicable data protection legislation at the processing of these information. In some cases, Point provides information to businesses without these performing self-standing processing. It can for example be view-based access to aggregated or limited information via dashboards. In such cases, Point remains data responsible, since the business does not process the information for own purposes, but solely has access under Point’s control and limitations. In situations, where Point functions as data processor for a business, there will be concluded separate data processor agreements in accordance with GDPR.
3. Your Rights
f you wish to exercise your rights, you can send your request to our Privacy Team at hey@point.shop.
3.1 Right of access
You have the right to get access to the information we process about you. You can find many of these information directly in your profile and activity overview in the Point app.
3.2 Right to rectification
You have the right to get inaccurate information about you corrected. You can update information such as e-mail address, delivery information and payment information in the app yourself. In other cases, you are welcome to contact us via e-mail.
3.3 Right to erasure (right to be forgotten)
You have the right to get your information deleted, if Point no longer has a valid legal basis for storing or processing them.
3.4 Right to withdraw your consent
You can at any time withdraw your consents. If you have shared information with businesses through Point, you can withdraw consent in the app.
3.5 Right to information
You have the right to be informed about how we process your personal data. This information is found in this privacy notice, in our user terms as well as in connection with consent collection.
3.6 Right to object
If we process your information out of our legitimate interests, you have the right to make an objection against the processing. It applies for example at analysis purposes or processing across Point’s services.
3.7 Right to restriction
In certain situations, you have the right to request that the processing of your personal data is restricted – for example while we assess an objection or correct data.
3.8 Right to data portability
You have the right to receive your information in a structured, commonly used and machine-readable format, so you can transfer them to another data responsible.
3.9 Right to complain
You have the right to complain to the relevant data protection authority.
Changes in this privacy notice
Point works continuously to improve and develop our services. It means, that this privacy notice can be changed, for example in connection with legislative changes, new functions or changes in our practice for data processing. If significant changes are made, we will notice you in the app or via e-mail.