Privacy Policy

Last Updated: 24th September 2023

 

1. Introduction

Myver ApS ("Myver", "we", "our", or "us") is the developer of the Myver value-add ecosystem and infrastructure ("Myver Service"). We are committed to the careful processing of your personal data. This Privacy Policy informs you about how we collect, process, and share your personal data for the purposes of the Myver Service.

Data Controller:

Myver ApS

Fabriksvej 2, 5485 Skamby, Denmark

Danish Business ID: 42698261

 

If you have questions about this Privacy Policy, please contact us via our contact page on the Myver site. If your inquiry pertains to a specific Merchant, Partner Application, or Cooperation Partner (defined below) or their services, we recommend reaching out to them directly.

We process personal data in compliance with Danish personal data legislation, including the General Data Protection Regulation (GDPR). We require the same level of compliance from our Cooperation Partners, including point-of-sale or cash register providers, payment service providers, payment card schemes, and other trusted service providers within the payment networks ("Cooperation Partners"), as well as Merchants and Application Developers (defined below) using the Myver Service. A list of our Cooperation Partners, Merchants, and Partner Applications is available upon request.

The Myver Service is available to both private consumers ("Consumers") and corporate customers and their representatives/employees (collectively "Business Customers"). Each Consumer and Business Customer ("End User") maintains a contractual relationship with Myver.

Additionally, Application Developers may request Myver to transmit electronic receipts and other data related to their customers who have no contractual relationship with us ("Application Developer's Customers"). Similarly, Merchants may request Myver to provide services related to the purchases and receipts of their customers who have no contractual relationship with us ("Merchant’s Other Customers"). For detailed information on these processing activities, please refer to the service channels of Application Developers and Merchants.

 

2. Myver Service and Data Processing

The Myver Service facilitates the provision and transmission of electronic receipts among different entities and offers value-added services based on electronic receipts. Our goal is to reduce paper receipts and promote electronic receipt-based business. The Myver Service allows for the following:

End Users (Consumers or Business Customers): End Users can receive electronic receipts from Merchants, review them in their bank or merchant account, and choose to forward them to Partner Applications for further processing. Electronic receipts may include advertisements, feedback features, loyalty programs, CO2 tracking, or other interactive or value-added elements. We may also provide anonymous statistical information about End Users' purchases to the relevant Merchant or Business Customer.

Merchants: Merchants can offer electronic receipts through the Myver Service. They may enhance these receipts with advertisements, feedback features, loyalty programs, or other interactive elements. Additionally, Merchants can receive anonymous statistical information from us about purchases made at their establishments through the Myver Service.

Partner Applications/Application Developers: Partner Applications can receive electronic receipts for purchases made by End Users and/or Application Developer's Customers. Based on these electronic receipts, Application Developers can offer their services to End Users and/or Application Developer's Customers. The reception and processing of electronic receipts by Partner Applications occur in accordance with the parties' agreements. Myver transmits End Users' electronic receipts only to Partner Applications activated by the End User or otherwise instructed by the End User.

Myver’s operation relies on reliable identification of data subjects behind electronic receipts through payment card information or other personal identifiers (e.g., email addresses). Receipts pertaining to our End Users are processed according to our terms and conditions and this privacy policy. Receipts of Application Developer's Customers or Merchant's Other Customers are processed as agreed with the respective Application Developer or Merchant. We act as a data controller solely for our own End Users, while for Application Developer's Customers and Merchant's Other Customers, we serve as a data processor. Please note that Merchants and Application Developers are independent entities from Myver and are solely responsible for the legality of their activities. We recommend carefully reviewing the terms and conditions and privacy policies of Application Developers and Merchants.

 

3. Data Collection and Sources

To facilitate Myver’s operations, we may process the following information about our End Users: name, email address, contractual relationship information, usage-related technical data (e.g., log data), payment card information (including card ID). This information is obtained directly from End Users, our Cooperation Partners, or our service logs.

For our Business Customers, we may also process information necessary for billing and meeting our contractual obligations, obtained directly from the Business Customer.

Regarding purchases and payment transactions, we process information such as seller details, item-level purchase data with prices and taxes, receipt dates, receipt filing identifiers/references, payment card information used for the purchase, and other information typically found on receipts. This information is received from Merchants or Cooperation Partners.

 

4. Purposes and Legal Basis for Data Processing

For End Users of the Myver Service, we process data to enable the service (see Section 2 above), fulfil contractual obligations, and maintain communication with our End Users. This processing is based on contractual agreements. We do not use End Users' data for automated decision-making, including profiling.

As part of the Myver Service, payment transactions of End Users must be monitored. Our Cooperation Partners conduct this monitoring and receive payment card details from us for monitoring purposes. Payment card information processing adheres to the PCI DSS standard. When a payment transaction of an End User is monitored by our Cooperation Partner, we receive relevant payment transaction details from them to provide the corresponding electronic receipt to our End User. We determine which Cooperation Partners we use for payment transaction monitoring at our discretion. Processing in this context is based on an agreement with the End User.

We also process data to some extent for direct marketing purposes, based on our legitimate interest. For instance, we may send customer communications to keep End Users informed about Merchants and Partner Applications using the Myver Service, enabling End Users to influence the processing of their personal data (see Section 7 below).

Where direct marketing requires explicit consent from End Users, consent can be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of prior processing or prevent us from sending necessary information or communications to End Users of the Myver Service.

Business Customers' data is processed for billing purposes, based on ensuring compliance with our legitimate interest.

 

5. Data Sharing

We transmit electronic receipts of our End Users to Partner Applications activated by our End Users and, if requested by End Users, to their personal communication tools (e.g., email or Facebook Messenger applications). End Users can request to view their activated Partner Applications within the Myver Service.

For Myver Service purposes, we may provide payment card information and payment transaction data to Cooperation Partners. This enables us to identify and transmit electronic receipts for our End Users, as described above. Payment card information processing adheres to the PCI DSS standard.

We also process personal data using third-party services. For example, we use third-party customer information systems for managing and communicating with our End Users, as well as third-party data storage services for storing and backing up processed data. These third parties have access to personal data but are strictly prohibited from using the data for their own purposes. We have established data processing agreements with these third parties to ensure compliance with data protection legislation.

Some of our service providers operate outside the EU/EEA. We employ EU Commission Standard Contractual Clauses for data processing; however, no data is processed or stored outside of the EU/EEA.

 

6. Data Protection Measures

When processing personal data, we implement physical and organizational safeguards, including encryption, hashing, limited backup of transmitted data, secure access management, and compliance with the PCI DSS standard for payment card information processing. Access to personal data is granted only to employees and representatives who require it to enable the Myver Service.

 

7. Data Subject Rights

End Users can influence data processing by adjusting their use of the Myver Service. For example, by not activating specific Partner Applications, End Users can prevent the transmission of electronic receipts to those applications. Similarly, End Users can choose not to use a registered payment card or other personal identifier (e.g., email address) for transactions with Merchants offering electronic receipts through the Myver Service, thereby preventing the automatic generation of electronic receipts.

It is important to note that when End Users use a registered payment card or personal identifier (e.g., email address) for transactions with a Merchant offering electronic receipts through the Myver Service, an electronic receipt will be generated and transmitted accordingly.

We may regularly inform our End Users about new Merchants or Application Developers using the Myver Service. This ensures that End Users have up-to-date information regarding purchases that may result in electronic receipts generated by the Myver Service and the Partner Applications to which receipts can be transmitted.

End Users are entitled to exercise all their statutory rights, including:

  • Requesting access to their personal information.

  • Requesting the correction of inaccurate personal information.

  • Requesting the erasure of personal information.

  • Objecting to processing based on legitimate interest or for direct marketing purposes.

  • Requesting the restriction of processing.

  • Requesting data portability.

  • Withdrawing consent, where applicable.

If you wish to exercise your rights under data protection legislation, please contact us in writing to ensure proper identification. Our contact form can be found on the contact page of the Myver site.

If you believe that we have processed your personal data unlawfully, you may file a complaint with the data protection authority (https://www.datatilsynet.dk/english).

 

8. Data Storage and Deletion

We will delete information of our End Users if they have not used the Myver Service in any way for 5 years. We periodically review data usage to determine the need for deletion. If retaining personal data is necessary to fulfil legal obligations (e.g., accounting obligations), data is retained for 5 years or as specified by law. Instead of deletion, we may anonymize data.

 

9. Privacy Policy Updates

This privacy Policy may be periodically updated to reflect changes in legal, regulatory, or operational requirements. We encourage you to visit our website for the latest information on our privacy practices.