This document provides information about how your personal data is used within Samleikin and your rights in this connection.

1. Data Controller

Gjaldstovan is the entity serving as the Data Controller with regard to the processing of your personal data in connection with the use of Samleikin. 

If you wish to connect with Gjaldstovan, the respective contact information is provided below:

Gjaldstovan
Kvíggjartún 1
160 Argir
Faroe Islands
+(298) 35 24 00
gjaldstovan@gjaldstovan.fo

2. The purpose of processing your personal data

The purpose of processing your personal data is to provide you with the best possible experience with Samleikin.    

Gjaldstovan has the authority to process your personal data pursuant to the following: 

• The Act on electronic ID (Lóg um talgildan samleika).
• The Act on Processing of Personal Data, § 9, paragraph 1, No. 5, which states: “for the performance of a task carried out in the exercise of official authority vested in the controller or a third party to whom the personal data are disclosed…”
• The Act on Processing of Personal Data, § 11: “Public authorities may process data concerning identification numbers unique identification or as file numbers. “

3. What personal data is processed by Gjaldstovan

When you register and create Samleikin, you are asked to provide us certain personal information.  With this information, we know that someone is not pretending to be you.  This is necessary to make sure that the system can operate securely. 

You must provide the following personal information to us:

• Government-issued identity number (p-tal),
• Full name,
• Email address,
• Mobile telephone number,
• Proof of identity (passport or driver’s licence),
• Photograph of your passport or driver’s licence (only for online Samleikin registration),
• Photograph of yourself (only for online Samleikin registration)

When you register for a Samleikin, you agree to permit Gjaldstovan to:

1. Obtain your personal information from the government resident registry (Landsfólkayvirlit).

2. Investigate to determine if your passport or driver’s licence is current/valid via the Faroese Vehicle Registry Office and the Danish national police.
   1. The Faroese Vehicle Registry Office provides the following: your name, photo, signature, birthdate, birthplace, driver’s licence number, issue date, validity.  Only the driver’s licence number is stored by Gjaldstovan.
   2. The Danish national police provides the following: your name, birthplace, nationality, passport number, driver’s license number, issue date, validity, possible national identity number.  Only your passport number or driver’s licence number is stored by Gjaldstovan.
3. Compare your self-portrait (selfie) with the photograph on your passport or driver’s licence to determine validity of your self-portrait.  This is only applicable if you create Samleikin via the Internet.
   1. This comparison is carried out by the company, Onfido, which maintains a datacentre in Ireland and that is where your information is sent.
   2. The respective information is limited to your self-portrait and the information that stands on your passport or driver’s licence.
   3. The information is encrypted before it is sent.  The information is deleted by Onfido after thirty (30) days.
   4. Gjaldstovan stores the result of the validity comparison.

4. Create a data action log of the use of Samleikin.  See more on this in Section 2.2:  “Processing of personal information”.

5. Submit certain information to a third-party if the third-party uses Samleikin as part of its digital services.  The term “third-party” herein shall mean a Service Provider, e.g., the Faroese Tax Authority (TAKS), financial institutions, etc.  See more on this in Section 2.3:  “Transmittal of personal information to a third-party”.

When you use Samleikin, Gjaldstovan processes the following personal data about you:  

• Name
• National Identification Number (P-number)
• Email Address
• Telephone Number
• Nationality

Gjaldstovan generates a data action log relative to these events when you use Samleikin:

• Date and time the event occurred,
• What type of event occurred,
• Which Service Provider experienced the event.

In this context, an “event” means: an electronic identification, a renewal of Samleikin, or a change to your personal information.

Gjaldstovan does not generate a data action log of the content of services you access via Samleikin. 

You can see an overview of your data action log via the self-service web portal at www.vangin.fo.

When you sign a document using electronic signature with Samleikan, personal information will be attached to the document. This is:

• Full name
• P-tal
• Birthday
• Nationality

Technically, the electronic signature with Samleikin is produced by a subcontractor of Gjaldstovan in a datacenter in Norway. All communication is encrypted during transfer.

Neither Gjaldstovan nor the subsupplier store copies of the signed document.

A technical log regarding the signature, is stored for one year. The purpose of this is to use as evidence for a specific signature, or to solve any dispute that could occur after the signature is produced.

When you sign a transaction (e.g. a money transfer) using Samleikin, personal information will be attached to the transaction. This is:

• Name
• P-tal
• Transaction identifier (unique id of specific transaction that is compounded of two letters and four numbers, e.g. QB 5378)
• Your Samleikin certificate

Gjaldstovan has no access to the content (e.g. amount or recipient of the money transfer) of the transaction that you sign.

A technical log regarding the transaction signature is stored. The purpose of this is to use it as evidence for a specific signature, or to solve any dispute that could occur after the signature is produced.

4. Personal information that is transferred to a third-party

When you use Samleikin to access the services of a third-party, e.g., TAKS or a financial institution, Gjaldstovan submits certain personal information to the third-party.  We do this so that you can use Samleikin to access the services of a third-party and so that we can ensure that no one is attempting to impersonate you. 

We supply a third-party with this personal information about yourself:

• Full name,
• Government-issued identity number (p-tal),
• Birthdate,
• eID-number (a unique electronic ID number associated with your use of Samleikin and which differs from third-party to third-party).
• Nationality

Your government identity number (p-tal) is only provided to a third-party that you have authorized to receive this information or who is authorized to access this information by law in order to comply with a legal obligation or a requirement of a public authority.

These third parties will be provided your government identity number (p-tal) if they request an electronic identification via Samleikin: 

• government agencies/offices,
• public companies,
• banking (financial) institutions (SDC-Sparekassernes Datacentraler)
• insurance companies.

5. How long does Gjaldstovan store your personal information?

After you have deleted yourself as a user of Samleikin, Gjaldstovan stores your personal information for a period of seven (7) years.  Subsequently, your personal information is deleted.  The personal information referenced herein refers to the personal information you provided when you created your Samleikin account and the data action log generated relative to the events that occurred while you used Samleikin. 

6. Your rights 

Pursuant to current legislation, you have a variety of rights in connection with the processing of your personal data. 

Please connect with Gjaldstovan if you desire to exercise your rights.  These can be, e.g.: 

Knowledge
You have the right to gain knowledge about which personal data about you is being processed. 

Corrections
You have the right to have incorrect data corrected. 

Deletion
Under certain circumstances, you may have your personal data deleted within the deadline stipulated in point 5 above. 

You can learn more about your rights by reading the legislation on personal data and by accessing the website of the Faroese Data Protection Agency, www.dat.fo.

7. Appeals

You can appeal to the Faroese Data Protection Agency regarding the processing of personal data that concerns you.  Data about how to contact the Faroese Data Protection Agency can be found on their website, www.dat.fo.