Operating status: You may currently experience problems logging into e-Boks

e-Wallet - Privacy Policy

1. Data controller

2. Categories of data subjects, types of personal data, purposes, and lawfulness of processing

3. Recipients or categories of recipients

4. Transfer to recipients in third countries, including international organizations

5. Storage of your personal data

6. Your rights

7. Changes to Privacy Policy


1. Data Controller

This Privacy Policy explains how e-Boks Nordic A/S (hereinafter “e-Boks”), as data controller, processes personal data about you as a user of the e-Wallet. This Privacy Policy does not apply to any other services provided by e-Boks or to any of e-Boks’ other capacities.

The e-Wallet is a self-sovereign identity wallet which means that it allows you to securely store, manage, and present digital identity credentials (e.g. student cards) (hereinafter the “e-Wallet”) on your own device.

1.1 How do you contact us?

You are always welcome to contact us or our Data Protection Officer if you have any questions about how we process your personal data, or if you wish to exercise one of your rights.

e-Boks’ contact details are as follows:

e-Boks Nordic A/S
Hans Bekkevolds Allé 7
DK-2900 Hellerup

CVR no.: 25674154

Tel.: +45 70 21 24 00

If you have any questions about our processing of your personal data, you can also contact our Data Protection Officer (DPO) by email [email protected] or telephone +45 70 21 24 00.


2. Types of Personal Data, Purposes, and Legal Basis of Processing

To provide the e-Wallet e-Boks processes the following types of ordinary personal data about you:

  • Login details
  • Name
  • Your role, affiliation, and associated access rights with the issuer of credentials (e.g. student)
  • Photograph
  • Contact information
  • Date of birth
  • Expiration date
  • Identification and assurance numbers/codes assigned by the issuer of credentials
  • Nationality/citizenship
  • Data that you have entered in our systems or otherwise provided for the purpose of user support to you

All of the personal data processed will be collected from you or from the issuer of credentials.

e-Boks processes your personal data based on the following legal bases and purposes:

  • When you signed up to use the e-Wallet with e-Boks, you accepted our terms of use which constitute a contract in which e-Boks has agreed to provide you with the e-Wallet. Accordingly, our processing of your personal data is necessary for our performance of a contract with you, cf. article 6(1)(b) of the General Data Protection Regulation. This applies to all the types of data listed above.
  • In specific circumstances, we may process personal data to pursue a legitimate interest, Article 6(1)(f) of the General Data Protection Regulation. The legitimate interests that justify the processing may include improvement of our services, providing you with notices concerning our services, and responding to your enquiries. This applies to all the types of data listed above.


3. Recipients or categories of recipients

e-Boks treats your personal data as confidential. However, we may disclose them to the following third parties:

  • Affiliated companies
  • Issuers of identity credentials
  • Law enforcement and other governmental agencies

Such disclosure will always be made in compliance with applicable law, and the recipients have a legal obligation to process your personal data securely and confidentially.

Disclosure of data to affiliated companies is done on the basis of our legitimate interest in being able to share such data internally in the group to allow for provision and optimization of our services, and always only when it is assessed to be strictly necessary, cf. Article 6(1)(f) of the General Data Protection Regulation.

We disclose your personal data to issuers of identity credentials, as this is necessary for the performance of our contract with you to provide our services to you, cf. Article 6(1)(b) of the General Data Protection Regulation.

In certain situations, e-Boks may be required by law enforcement and other governmental to disclose personal data concerning users. Such disclosure will be done for the purpose of compliance with a legal obligation, cf. Article 6(1)(c) of the General Data Protection Regulation.

We also disclose your personal data to our suppliers and third parties which process your data on our behalf (data processors), including, for example, in connection with hosting and sending newsletters. These parties process your personal data according to our instructions, which means that they cannot process your personal data for their own purposes. Such disclosures will be made for the same purposes and on the same legal bases as described in section 2 above.


4. Transfer to recipients in third countries, including international organizations

Your personal data may be transferred to third countries, i.e. countries outside the EU/EEA to enable the use of data processors located in a third country or which use sub-processors located in a third country. If we transfer your personal data to recipients in third countries, we will ensure in advance that the data is transferred in accordance with the data protection legislation in force at any given time.

This means that a recipient of your personal data which is not domiciled in the EU/EEA will ensure an adequate level of protection, for example by entering into an agreement with e-Boks on the use of the European Commission’s standard contractual clauses or by becoming certified by a recognized transfer mechanism that provides adequate protection.

To the extent that supplementary protective measures are deemed to be necessary in the specific case, such measures will be established prior to the transfer. You can get further information about the lawfulness of processing for the specific transfer from the above contact details.


5. Storage of your personal data

We will only store your personal data for as long as is necessary for the purposes described above and/or as required by the applicable law.

When issuing a credential to be stored in your e-Wallet application we store your personal data for a maximum of 5 minutes. We do not store your personal data beyond that time limit; but the 5 minute storage period may be repeated if multiple credentials are issued to you.


6. Your rights

With the limitations and exceptions that follow from the General Data Protection Regulation and the Danish Data Protection Act, you have several rights in relation to our processing of personal data about you.


Right to see and receive data (right of access)

You have a right to request access to the personal data, including receiving a copy of the personal data, that we process about you. You also have the right to receive further a confirmation that we process personal data about you and information about our processing of your personal data.


Right to rectification (correction)

You have a right to request to have inaccurate personal data about you rectified and a right to request to have incomplete personal data completed.


Right to erasure

You have a right to request to have personal data about you erased in certain circumstances, for example if the processing is based on your explicit consent and you withdraw your consent.


Right to restriction of processing

You have the right to request restriction of the processing of your personal data, for example if you contest the accuracy of your personal data.


Right to object

You have the right to object to our processing of your personal data, including, in particular, in relation to direct marketing.


Right to transmit data (data portability)

When our processing is carried out by automated means and is based on your consent or on the performance of a contract with you, you have the right to request to receive the personal data that you yourself have provided to us in a structured, commonly used and machine-readable format, and you have the right to request to have those personal data transmitted to another data controller enterprise if this is technically feasible.


Right not to be subject to an automated decision

You have the right to request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.


Right to withdraw your consent

If you have granted your consent to the processing of your personal data, you have the right to withdraw your consent at any given time. However, if you withdraw your consent, this will not affect the processing of your personal data that was carried out before the withdrawal of your consent.


Right to lodge a complaint

You have the right to lodge a complaint with the Danish Data Protection Agency if you disagree with the way we process your personal data. The Danish Data Protection Agency can be contacted at Contact (datatilsynet.dk/english). However, we encourage you to contact us first so that we have the opportunity to answer any questions you may have regarding the processing of your personal data.


7. Changes to Privacy Policy

It will be necessary to update and change this Privacy Policy on an ongoing basis, and we thus reserve the right to update and change it. In the event of significant changes, we will notify you by means of updates to the Privacy Policy made available in your e-Wallet application or on www.eboks.dk.

Version 1.0 – 03/2025