PUFIN-ID PRIVACY POLICY

Version 3. Updated March 02, 2026.

1. Information about the Data Controller

Pufin ID A/S, CVR no. 40911332 "we", "us", "our" or “the data controller” is responsible for processing of your personal data under the General Data Protection Regulation (GDPR) and the Data Protection Act.

If you have any requests concerning your personal data or any queries about these practices, please contact:

PUFIN-ID
CVR: 40911332
Fruebjergvej 3, 2100 Copenhagen, Denmark
E-mail: info@pufin.id

This privacy policy describes how your personal data is collected, used, and shared – and on what legal basis.

2. Our collection of your personal data

We collect certain personal data about our users, customers, potential customers (leads), partners, and all individuals who engages with us either through our web page, SoMe platforms, mobile apps or directly e.g. via email, phone calls, and meetings.

We collect your data for the following purposes, e.g.:

  • Responding to requests for new business
  • Providing you with information about products and services
  • Conducting retargeted marketing and campaigns
  • Sending newsletters and posts via email, SoMe platforms, and mobile app to our subscribers, users, and followers
  • Profiling of customers, leads, partners and all other individuals who engages with us and/or our services
  • Other business-related purposes
  • Processing job application sent to us
  • Authenticating you on our platforms, products and services, and enabling your use of our solutions, incl. obtaining your consent to share data with us
  • Tracking, logging and improving the use and performance of our products and services
  • We also use analytics on our website to learn more about how it is used and how it can be improved.

Customer, leads, partners and other business contacts

We collect personal data from you if you are:

  • an existing customer, partner, or supplier
  • have subscribed to our newsletter
  • requested a contact regarding new business opportunities
  • opted to receive one of our whitepapers
  • if we wish to contact you because we believe our products and service to be relevant to you or the business you are engaged in
  • if we wish to contact you because we believe that a partnership between you and us would be mutually beneficial or because we wish to purchase items or services from you or the business you are engaged in

In order to share information with you and to be able to stay in touch with you, we collect and process the following data about you:

  • Contact information, including name, title, phone number, e-mail.
  • Information on your organization and your position in it
  • Your request, capabilities, and communication with us and the necessary information and notes concerning such contacts between you and us (such as billing information, information on meetings and communication between you and us)
  • Information on newsletter, marketing, event or invitation concerning you
  • Data created based on the above-described data we already have.

We obtain this data when we engage with you via phone, email, meetings, SoMe platforms, web page or mobile app and by collecting additional data from reliable public sources such as public company databases, or in the context of your dealings with us (e.g. contact details to communicate with you about our existing client relationship).

Mobile App users (O-KEY Verifier)

We might collect the following data when you use our mobile app:

  • User registration information including account ID, username, passwords, postings, email address, telephone number and country;
  • Content you send through the mobile app, including any images that you capture while using the app.
  • Device information, such as manufacturer and device model.
  • Location data: with your permission your device's approximate geolocation when you use location-based features.

Important information for users of the app:

  • You can always delete your profile in the app: Go to Profile -> Delete account -> Type in your password -> Press "delete my account".
  • After deletion, your account data is deleted or anonymised, unless we must retain certain information for legal, security, or documentation purposes.

We use the data collected for the following purposes:

  • To identify and authenticate you so you may use the mobile app(s)
  • To provide you with mobile app(s), including allowing you to interact with and connect to other third-party content
  • To respond to your requests, inquiries and instructions made through and about the mobile app(s)
  • To deliver customized content and recommendations tailored to your interests and the manner in which you interact with the mobile app
  • To operate, evaluate and improve our business (including developing new products, enhancing and improving our products and the mobile app(s), managing our communications, analyzing our products, performing data analytics, and performing accounting, auditing and other internal functions)
  • To protect against, identify and prevent fraud and other criminal activity, claims and other liabilities
  • To comply with and enforce applicable legal requirements, relevant industry standards and our policies

Job applicants

If you apply for a job at Pufin ID we will collect more specific Personal Data about you, such as your name and contact information, qualifications, interests and skills, career history, cover letter, CV, link to your LinkedIn profile, third party references and interview notes. Any Personal Data you provide to us in relation to a job vacancy will be processed in accordance with this privacy notice. Pufin ID uses this data only for the purposes of processing your application and communicating with you during our recruitment process.

Web page users

We use Google to collect and analyze data about how our users interact with our website. We use the data to compile reports and to help us improve our site. The analytics allows us to assess the number of visitors to the website, where visitors have come to the website from, pages they visited, etc. For more information about Google Analytics privacy policy, please see https://policies.google.com/privacy.

LinkedIn users

When you visit our LinkedIn profile, we may process data about you that have been made available on our social media, your reactions to our posts, your sharing thereof and comments to our posts. We process your personal data for the purposes of making content available and on social media, including responding to your inquiries.

When using Linkedin, we have entered into a joint data controller agreement that clarifies the roles and responsibilities between the parties. For more information about the data collected about you and made available to us via the LinkedIn platform, please see https://www.linkedin.com/legal/l/page-joint-controller-addendum.

Product Data Management use

We provide technical infrastructure and tools that enable customers to manage, structure, and present product-related data and identifiers associated with their products and services, including data linked to unique O-KEY identifiers, such as name, email, username & password. Our access to customer-managed data is primarily limited to data technically required to operate, secure, and maintain its services. In certain cases, we may access additional data for limited purposes such as system configuration, testing, demonstrations, pilot projects, technical support, or upon your request.

We process data solely for the purpose of delivering, maintaining, and improving our services to you.

We either act as a data processor or service provider on behalf of our customers. Customers determine what data is connected to O-KEY identifiers and remain responsible for ensuring that such use complies with applicable data protection laws.

Legal basis

The legal basis for processing the data, incl. the associated legitimate interests of us to process data for the above-mentioned purposes is outlined below:

Keeping our promise to you: GDPR Article 6(1)(b)

  • Identifying and authenticating you
  • Providing you with the mobile app(s), such as allowing you to sync your data to the cloud
  • Responding to your requests, instructions and inquiries

To pursue our legitimate interests: GDPR Article 6(1)(f)

  • Operating, evaluating, and improving the mobile app(s)
  • Maintaining adequate security measures
  • Protecting against liability, including complying with industry standards and enforcing our policies

To comply with the law and legal processes: GDPR Article 6(1)(c)

With your consent: GDPR Article 6(1)(a)

  • Provide notifications (such as via push notifications)
  • Providing you with customized content, such as insight messages
  • Allowing you to interact with and connect to other PUFIN-ID and third-party content
  • Processing of image data

5. Our use and sharing of your personal data

We use your personal data to:

  • Process requests sent to us, provide our services and pursue our legitimate interests related to such requests and services
  • Promote our services, communicate with you and send newsletters or other material you have subscribed to
  • Analyse, plan, execute, and improve our operations
  • Evaluate possible partners and suppliers

We may outsource our processing of personal data to an external service provider if the needed processing requires us to do so. All external service providers who are granted access to personal data have entered into a Data Processing Agreement with us and therefore acts as a data processor processing data on our behalf, which ensures that your personal data is processed confidentially and in accordance with this Privacy Policy and any applicable laws (see https://pufin.id). Otherwise, personal data is not shared with any other parties outside of our business, unless expressly required by applicable laws or public authorities. We do not sell personal data to any third party for any reason.

6. Transfer of personal data to countries outside of EU/EEA

In connection with our processing of your personal data, we may transfer your personal data to countries outside the EU/EEA (third countries).

Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).

We may also transfer your personal data to unsecure third countries. The transfer of your personal data to unsecure third countries will be based on the Standard Contractual Clauses (SCC) developed by the European Commission specifically designed to ensure an adequate level of protection or for companies established in the United States as a result of the US company's adherence to the EU-U.S. Data Privacy Framework (DPF).

We assess the adequacy of the transfer and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website. You can also find an overview of US companies registered with the DPF here: https://www.dataprivacyframework.gov/s/participant-search. If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.

Profiling

We use your data for the purpose of developing, improving and spreading awareness of our services. Based on your data, we may assess which other services may be relevant to you. We can also personalize inquiries to you, such as newsletters or web pages, to make them as relevant as possible. We can do this automatically with IT tools. This means that we can use what is called ‘profiling’ and ‘automated decision-making’.

The data we use for profiling is data about you, e.g. your title and employment information, your company’s geographic location, industry and size, as well as data about the relation and the use of our platforms and services by you, your company, or others similar to you and your company.

Marketing

We may use publicly available or business contact information to send limited and relevant communication regarding its products, services, or related offerings. Such communications are conducted on the basis of legitimate interest and are intended for professional or business contexts only.

All marketing communications include a clear and accessible option to opt out of future contact. We respect opt-out requests and do not send further marketing communications once an individual has opted out. We may continue to contact you if we have a legal basis for this in other contexts.

We may use profiling for direct marketing, e.g. via LinkedIn.

Statistics

We also process your data for the purpose of compiling statistics and building business intelligence. Our basis for processing is our legitimate interests in targeting and improving our marketing efforts towards website visitors cf. Article 6(1)(f) of the General Data Protection Regulation and your cookie consent cf. Section 3 of the Executive Order on Cookies.

6. Storing and securing

We consider all personal data we collect to be confidential and when your personal data is no longer needed or the contact is no longer active, we will ensure that it is deleted in a secure manner.

Our network and IT-equipment have been secured by using appropriate measures to protect the personal data against unauthorized access or other unlawful forms of processing.

We keep personal data for mobile app users, customers, leads, partners and other business contacts for up to 24 months after an active relation between you and us has been terminated. After the end of the customer relationship, personal data is generally stored in accordance with the Danish Bookkeeping Act for a subsequent period of five (5) years from the end of the financial year to which the accounting material relates. Notwithstanding the above, we may retain limited information after the end of the applicable retention period, if required by applicable laws.

We store personal data about you as recipients of our marketing as long as the contact is active, and you have not withdrawn your consent. If you withdraw your consent, documentation of the original consent will be stored for two years from the date of withdrawal in accordance with the guidelines and requirements of the Danish Consumer Ombudsman. Our legal basis for processing this documentation is our legal obligation under GDPR Article 6(1)(c).

We store personal data collected on social media for up to three (3) years after publication.

Statistical data and data used for business intelligence is anonymous and is stored for as long as it is relevant for us.

7. Your rights

You have the right to request access to, erasing, data portability and correcting your personal data as held and processed by us, as well as to send us any other requests based on then applicable data protection laws (e.g. request restriction of processing of the data). Further, you always have the right to prohibit us from sending newsletters or other marketing messages to you by sending any requests concerning your data to the email addresses provided in Section 1.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.

You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk where you can also find further information on your rights as a data subject.

8. Changes to this Privacy Policy

From time to time, it will be necessary to update this Privacy Policy. We will publish new versions of the policy on our website.

Book a demo today

We are a team of product experts, engineers and researchers — ready to explore options for protecting and verifying your products. Get in touch for more information on how we can collaborate.

contact us
Pufin-ID
Eliminating uncertainty
Fruebjergvej 3,
2100 Copenhagen, Denmark
Follow the journey:
Linkedin
Code of conductPrivacy policy
read more about o-keys at okey.codes or download our app directly at:
App Store logoGoogle Play Logo