We process your data at the request of the Bank for the purpose described as follows in this paragraph 4. Your data will not be used in a manner that is not in keeping with the purpose for which the data was gathered.
4.1 Supply of services
4.1.1 You can choose to use BankID for electronic identification or signature with most suppliers of e-services such as companies, banks, organizations and authorities. Your personal data can be used to guarantee that the right person used the e-identification BankID for such a supplier of e-services and the supplier can learn your personal data in the form of name, identification number and the name of your bank. This handling is done to complete the agreement about the supply of the Services between the Bank and yourself.
4.1.2 When you use BankID the name of the supplier of the e-service you are identifying yourself with, or electronically signing with, is also processed. The name of the supplier of the e-service saved is the name shown to you in the BankID app. No data about why you have identified yourself or signature is saved. Depending on where you choose to use your BankID, your name can therefore reveal so-called sensitive data about you, such as for example ethnic origin, political, religious or philosophical activity or membership in a union or data about your health or sexuality. It is entirely up to you where you choose to identify yourself or to sign documents. This handling is made for the bank in the BankID cooperation that has entered into an agreement to connect to the BankID service with the party you choose to identify against or sign documents at, to be able to determine, claim or defend legal claims relating to the agreement.
4.2 Improve the services
At the request of the Bank we will use your data to produce for example aggregated/anonymous data to improve the Services, make the Services more user-friendly by for example improving bugs, to produce invoicing material for the Bank, for changing the interface and so on, as well as other improvement measures. This use is necessary for the Bank’s and our own ongoing interest in improving the Services. Statistics of BankID usage is published regularly here.
4.3 Prevent misuse and take safety precautions
4.3.2 Furthermore, information about your user behavior is processed and analyzed for the purposes described above, to prevent the Services being misused or otherwise used illegally - e.g. to protect you from unlawful identity use or ID theft. If there is evidence of unauthorized use or other illegal use of the Services, the continued use of the Services may be prevented and the issue of a BankID denied, based on the automated decision-making in the central system used for issuance of the BankID, which we offer at the request and instruction of the Bank. This action is a necessary step in maintaining the security and reliability of the Services based on the agreement between you and the Bank.
4.3.3 We may also process data based on your use of the Services to prevent, deter or investigate crime. This is done on behalf of the respective Bank when such action is necessary for the Bank’s or other’s lawful interest in avoiding and preventing you from being exposed to ID theft, or that the Services may be otherwise misused, as well as to safeguard legal claims or fulfill the Bank's legal obligations.
4.4 Register maintenance
4.4.1 Your data will also be used for maintenance of the register as described in paragraph 1.5. The purpose of this is to block and prevent BankID being used in any case where a BankID has been issued to persons who have been removed from the population register primarily because the person is deceased. The personal data we handle for this purpose is the personal data provided by the Swedish Population Register (SPAR) which consists primarily of your name, personal identification number and address. This action occurs every time your data in the population register is changed. As soon as we have carried out the registration, all personal data is deleted, which means that in practice your personal data is handled for this purpose for a very limited period of time.