In addition to Nordea’s privacy policy, the following privacy notice apply for the Click to Pay service for VISA cards issued by Nordea.
What is Click to Pay?
Click to Pay is a payment option available in online merchant checkout if the merchant provides Click to Pay. Click to Pay is a feature of your card similar to contactless.
To use Click to Pay, you will undergo cardholder verification, select your card, authorize, and the transaction is complete. This is applicable across any device you are using for an online purchase and provides a frictionless checkout experience.
If you no longer want to use Click to Pay, you can opt out from Click to Pay in Nordea’s app by removing the card from Click to Pay. You can always opt in again to Click to Pay when desired.
Responsibility for your personal data
Nordea Bank Abp and Visa Europe Limited are jointly responsible for the protection of your personal data in relation to Click to Pay for the purposes of the General Data Protection Regulation (GDPR). The parties have entered into an arrangement to determine their respective responsibilities under the regulation.
If you choose to enrol to Click to Pay Nordea is responsible for collecting your personal data, sending your enrolment information and any updates to the information to VISA, activating your card in Click to Pay and exercising your opt-out options.
VISA is responsible for storing your personal data related to Click to Pay in the Click to Pay database, operating the database, performing verification (including One Time Passcodes), displaying your masked cards in the checkout flow, verifying your credentials when you shop online, presenting your cards in the check-out solution and, where you select a card at checkout, provide your information to the merchant to enable the transaction.
Which personal data is collected and used?
Nordea processes cardholder’s personal data which includes your address and email address, payment account number, card details such as card expiration date and cardholder name, CVV2, card transactions data and mobile number. Providing your personal data is voluntary; however, we are unable to provide Click to Pay without it.
Purpose and lawful basis for the processing of personal data
Your personal data is used so that we can provide Click to Pay to you. The lawful basis for the processing is performance of a contract.
Recipients of personal data
To enable Click to Pay and transactions we and Visa Europe share your name, email, phone number, address, card details and other relevant information with the merchant, other participants in the payment transaction and other card systems that participate in the Click to Pay solution.
International transfers
Visa will process personal data in the United States in maintaining your Click to Pay profile. Visa uses approved Standard Contractual Clauses and other appropriate measures to assure that personal data is adequately protected when it is transferred out of the EEA, the UK, or Switzerland to countries without the same standards for data protection. Visa will assure that any transfer of personal data outside the EEA, Switzerland and/or the UK continues to be safeguarded in accordance with applicable data protection laws.
Retention
Your personal information is kept for as long as needed for the purposes mentioned above and for any additional period that may be required or permitted by law. If you wish to request deletion of your personal information, please contact Nordea.
Information about your privacy rights and how to contact us
Nordea is your contact point if you want further information on how your personal information is processed in connection with Click to Pay.
In the Nordea privacy policy you will find information about your privacy rights, contact information to Nordea and our Data protection Officer, as well as information about the right to lodge a complaint with the local data protection authority.
Visa Europe Limited, whose registered company number is 05139966, can be contacted by email at privacy [at] visa.com or by writing to Global Privacy Office, Visa Europe Limited, 1 Sheldon Square, London, W2 6TT, United Kingdom and. For full information on how Visa uses your data, please refer to the Visa Global Privacy Notice available at https://www.visa.co.uk/dam/VCOM/global/support-legal/documents/privacy-notice.pdf.