Personal data is information that can be linked to you as a person. This may include your name, address, other contact details and information that can be linked to you indirectly as a person.
As a user, Digipost wishes to provide you with useful information about how we store and use the personal data you have provided to us in connection with the use of our services. It is important to us to ensure that you feel confident at all times that we are keeping and using this information in a confidential, correct and legal manner.
Digipost is Posten Bring’s digital mailbox. As a private individual, you can receive and store digital mail through this service. Thus Posten Bring owns the Digipost service and Posten Bring is the data controller for all personal data about you that we receive when you start using Digipost services.
As a user of Digipost, you have access to your mailbox either via our website or via Digipost’s own app. This privacy policy applies both when using the website and when using the Digipost app.
Posten Bring is the data controller in accordance with Norwegian privacy legislation and is responsible for ensuring that the processing of personal data is carried out in a responsible and legal manner in accordance with the regulations.
Posten Bring has appointed a separate data protection officer whom you can contact if you have any questions about how your personal data is processed, and you can get help with exercising your rights under the Personal Data Act.
You can contact Posten Bring’s data protection officer at [email protected].
All the documents that you store in Digipost are encrypted and are your personal property. Digipost does not have access to your mailbox and cannot share the content with anyone else without your permission.
As a digital mailbox, we ensure that as a user you can receive digital mail from senders with whom Digipost has an agreement. Digipost is therefore the data processor for the senders and ensures that the mail they send arrives safely to you as a user of our services. We send a delivery confirmation to the sender when the mail has been delivered to you as the recipient. From that point on, the mail is your property and only you will decide on the further processing of it.
Posten Bring is not responsible for the content of mail sent. If you have any questions or comments about the mail you receive, you must contact the sender of the mail you receive in your digital mailbox.
Digipost processes personal data about you only in order to fulfil the agreement we have entered into with you. We will explain below what we use the data for, what data we process and how long we keep the data we collect.
- Identification and addressing of recipient and sender of digital mail and physical mail
- To notify you that you have received mail in your mailbox
- To manage your mailbox access
- To let you read and process digital mail
- Integration and implementation of banking services, if you have enabled this
- To send you information about our services and updates, including new functionality and operational information as well as customer surveys. You can also receive marketing enquiries from the Posten Bring Group, if you have consented to this.
While you have an active account with us, we process data in order to fulfil the agreement we have entered into with you. We then have a legal basis for processing the data because this is necessary to fulfil the agreement, cf. Art. 6 b of the Personal Data Regulation).
- Name
- Contact details: Address, telephone number, email address, Digipost address
- Personal alias: An identifier that we use to identify Digipost users so that senders can check whether it is possible to send digital mail to a specific person.
- Personal identification number; for authentication and identification of you as a recipient and to ensure that you are the correct recipient of the mail you receive in your digital mailbox
- Information about your use of the Digipost solution, including login and actions you perform in the solution
- Address list created by you
- Bank account number, credit card and other payment information in the event that this is necessary for the performance and follow-up of services of your choice
- Electronic identification (IP address, cookies)
Information beyond this is processed only if you have given your consent to this. You may withdraw your consent at any time. You can manage this yourself by going to “Your consents and apps” in the settings.
Digipost uses Posten Bring’s address register to receive updates from the national population register, thereby ensuring that Digipost’s information is updated at all times in relation to our legal basis. In order to ensure correct and updated information, your national personal identification number or D number will be registered in Posten Bring’s address register when you register in Digipost, if this is not already registered here.
The above information is stored for as long as you have an active account with Digipost.
However, information about usage and login is deleted after 2 years.
You can decide for yourself whether to keep or delete letters and other items you receive in your electronic mailbox. When you delete something from your digital mailbox, we delete it on our side. We have backups of our systems, which means that deleted documents will remain in these for up to 365 days after deletion.
We need to keep some information about you for a transitional period after you have terminated your agreement with Digipost. As a general rule, information about documents, accesses and other information about your mail and mailbox will be retained for 3 months after the agreement has been terminated.
However, we must keep information about your name, personal identification number and notifications for three years in order to ensure history, troubleshooting and possible disputes. We need this to be able to prove that mail has been delivered to you, and to enable us to find any errors in the system if anything does not go as it should. Your Digipost address will not be deleted so as to ensure that duplicates are not issued.
The legal basis for the storage of said information after the agreement has been terminated is the fact that Digipost has a legitimate interest in further storage, cf. Art. 6 f of the General Data Protection Regulation. Digipost has found that a number of our customers may want to undo the termination or that the deletion of the account was terminated incorrectly. Based on this, Digipost is of the opinion that storage of the information for 3 months after termination is justified and that storage in these cases safeguards the customer’s interests.
If the account is terminated after a death, the information about the account and the deceased will be stored for 12 months after we receive notification of the death from the national population register. This is to ensure that information that is necessary for the deceased’s heirs is not lost and that all surviving relatives receive necessary and important information.
Digipost will not disclose information to third parties unless you, as a user of the service, consent to this. We may, with your consent, supply invoices to your bank, for example, or provide companies of your choice with the option to retrieve information. If so, this is something that you manage as a user, and any consents can be withdrawn at any time.
Necessary personal data will be provided to perform this service if this is a prerequisite for sending, receiving or archiving messages and mail in your mailbox. This means, among other things, that for us to be able to deliver digital mail to you under the agreement, your Digipost address must be submitted to any sender so that they can register this and you as the recipient.
Other disclosure of information will only take place if this is ordered and the recipient has legal authority for such a disclosure requirement.
Digipost uses subcontractors in certain cases for the implementation of some of our services and the fulfilment of the agreement we have with our users; data processors in the sense of the Personal Data Act. If we use a data processing agreement, special agreements are entered into and the data processor may only use the data to carry out tasks on Digipost’s behalf. Digipost’s data processors are required to process data in accordance with this privacy policy.
You have a number of rights in accordance with the Personal Data Act when we process personal data about you.
As a Digipost user, you always have the right to access the information we have registered about you. All contact information we have registered about you can be accessed via your Digipost account. You can see here which data we have registered and correct some of the data yourself if you discover that the data is incorrect or outdated. If you would like access to any other information we have registered, you can contact the data protection officer, see contact information below.
Otherwise, you can easily log into your mailbox yourself to delete or download what you have received and saved.
You can also request information about the deletion in connection with the termination of your account, unless Digipost has justified the need for further storage.
For certain services in Digipost, you can choose whether you want to give us consent to use information about you so that we can deliver the service. You may withdraw your consent to us at any time. You can manage this yourself by going to “Your consents and apps” in the settings.
To exercise your rights, you can contact our data protection officer – contact [email protected]
You can also contact the Norwegian Data Protection Authority if you wish to complain about our processing of personal data, www.datatilsynet.no.
Norwegian Data Protection Authority Postboks 458 Sentrum 0105 Oslo
Posten Bring aims to ensure that Digipost is the most secure digital mailbox in Norway and uses recognised standards and best practices in our efforts to secure your mailbox and exchange information.
Digipost conducts regular risk assessments and security tests of the solutions and maintains good dialogue with the authorities and other security environments in order to comply with the best standards.
Our most important security measures are:
- Security level 4 authentication.
- All information exchange takes place with strong encryption (SSL, SSH).
- Sensitive information can be encrypted end-to-end with qualified certificates.
- All actions performed by operational personnel are logged in separate event logs.
- All documents are stored after encryption using strong encryption keys.
- All senders and recipients are identified according to strict guidelines. This means that you can always be sure which sender a notification comes from.
- Digipost’s servers are located in one of Norway’s most secure operating centres, run by a provider who has extensive experience of dealing with business-critical and sensitive information.
- All your documents are backed up and all your documents are stored in two different locations at all times so that you are protected from fire, server destruction, etc.
- Posten Bring’s employees or employees of subcontractors do not have access to your documents. Only a few operators have access to Digipost’s systems, but all documents are stored encrypted and so they do not have access to your data either.
Digipost updates and evaluates our security measures on an ongoing basis.