Skip to main content

Privacy policy PostenID

This privacy policy describes how Posten processes your personal data when you use PostenID

This privacy policy describes how Posten processes your personal data when you use PostenID. 

PostenID is Posten’s identity and login solution for individuals, used to log in to various Posten services, including “My Post” and the Posten app. On “My Post,” you can make changes to your user profile and manage any consents. You can read the terms of use for PostenID here (ed. note: Coming). 

In addition to this privacy policy, the general privacy policy of the Posten Bring Group applies. Here you can read more about your rights and how you can contact us to exercise your rights. 

The data controller for the processing of personal data in connection with PostenID is Posten Bring AS, organisation number 984 661 185, Biskop Gunnerus’ Gate 14 A, 0185 Oslo. 

 

1. What Personal Data We Process and Why 

In this section, we explain the purposes for which we process your personal data, the specific personal data we process for each purpose, and the legal basis for the processing. You will also find information about the retention period for the various personal data. 

Name 

  • Purpose 1: Your name is required to create PostenID and is used as a pre-filled sender name when purchasing services. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 2: After registration, the information is used to manage your profile, for example, when changing or deleting your PostenID, or maintaining the profile and service. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

Mobile Number 

  • Purpose 1: It is necessary for Posten to register your phone number to create your PostenID and to verify your actual identity, and to provide you with the appropriate service offering.

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 2: Your mobile number is your username and is used together with a password to authenticate you when logging in. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 3: Your phone number is also used to track your parcels (e.g., parcels on their way to you, parcels you have sent, received, etc.) when you use the Posten app or are logged into My Post. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten, so that the function in the Posten app and My Post works as intended. 

  • Retention Period: As long as your user exists in our systems. 

Email Address 

  • Purpose 1: When you create a user, you must register your email address. You will receive an email if you have not logged in for two years before your PostenID is deleted. 

  • Legal Basis: The legal basis for processing this personal data is legitimate interest, as Posten may need to contact you via email to verify your user. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 2: If you verify your email address during registration, parcels registered with your email address as the recipient will automatically be displayed to you when you are logged in. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten, so that the function in the Posten app and My Post works as intended. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 3: After registration, the information is used to manage your profile, for example, when changing or deleting your PostenID, or maintaining the profile and service. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

Password 

  • Purpose: Passwords are used together with your mobile number to log in with PostenID. The password is personal and secures your user. 

  • Legal Basis: The legal basis for processing this personal data is that it is necessary to fulfil the agreement you have entered into with Posten to create PostenID. 

  • Retention Period: As long as your user exists in our systems. 

National Identification Number 

  • Purpose 1: If you choose to identify yourself with electronic IDs through ID-porten, your national identification number is stored so that you can see your address and who you share a mailbox with. 

  • Legal Basis: The legal basis for processing this personal data is a legal obligation pursuant to the Postal Act §37. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 2: If you choose to identify yourself with electronic IDs through ID-porten, your national identification number is stored so that you can see your address and who you share a mailbox with. 

  • Legal Basis: The legal basis for processing this personal data is a legal obligation pursuant to the Postal Act §37. 

  • Retention Period: As long as your user exists in our systems. 

  • Purpose 3: In Sweden, deliveries are made upon presentation of valid identification or by providing secure identification. For some services, it will be possible to identify yourself via Bank ID, such as when collecting a parcel from a Parcel Box or Agent. Identification with Bank ID involves the registration of the national identification number. 

  • Legal Basis: The legal basis for processing the national identification number is legitimate interest, as Bring needs to have secure identification to ensure safe delivery of parcels. This information will not be shared with the sender but may be disclosed to relevant authorities in the event of an investigation, such as fraud cases. 

  • Retention Period: As long as your user exists in our systems. Or for 1 year after the delivery if BringID is deleted. 

Address

  • Purpose: If you use the favorite pickup point, we need to store your address to be able to deliver the packages to the location you choose.
  • Legal Basis: The legal basis for processing personal data for this purpose is that it is necessary to fulfill the agreement you entered when registering the favorite pickup point. 
  • Retention Period: As long as your user exists in our systems.

Payment Information 

  • Purpose: When you pay online for Posten’s services, you may be asked if you want to save your card information. If you answer yes, we store information about the relevant card on your profile, so that the next time you make a purchase, the saved card will appear, and it will be quicker to complete your order. You can log in to My Post to view, change, and delete your cards whenever you wish. We do not store your full card number, only an identifier that allows it to be used with Nets, our payment provider. 

  • Legal Basis: The legal basis for processing this personal data is your consent. 

  • Retention Period: As long as your user exists in our systems and until the card expires or you delete the card information yourself. 

Logs and IP Address 

  • Purpose: PostenID generates system logs during use, where we store necessary information to provide a stable service to you as an end user, as well as to troubleshoot and operate PostenID. The system logs store, among other things, the IP address and your numeric user identifier, which cannot be directly linked to you as a person (pseudonym). 

  • Legal Basis: We process personal data based on legitimate interest. We have assessed that it is necessary for us to do this for the operation and maintenance of the service for our users. 

  • Retention Period: 1 year. 

User Sessions and User Tokens 

  • Purpose: When logging in to PostenID, we store your user session. This is done so that you can remain logged in across our services. We also generate temporary user tokens, which ensure secure communication between us and you as a user. 

  • Legal Basis: We process personal data based on legitimate interest. This is necessary so that you do not have to log in every time you use PostenID. 

  • Retention Period: 1 year. 

Connected Devices 

  • Purpose: When you log in with the Posten app, we store a reference (push-id) to your app, which is used to send you notifications in the app and in the notification centre if you have chosen this. 

  • Legal Basis: The legal basis for processing this personal data is your consent. 

  • Retention Period: The push-id is deleted upon the first attempt to send a push notification after the app is deleted 

 

2. How We Share Your Personal Data 

We only share your personal data with others to the extent that (i) it follows from this privacy policy, (ii) we are obliged to do so by law, regulation, or order from a public authority, or (iii) such sharing is necessary for us to protect our interests, for example, to defend ourselves against claims. 

Any sharing beyond what is mentioned in this section requires your consent. This does not prevent us from using data processors to process personal data on our behalf (in accordance with a data processing agreement). 

When using data processors located outside the EU/EEA, we ensure that these data processors handle personal data in accordance with the requirements of the GDPR, and we use the EU’s standard contractual clauses for the transfer of personal data to third countries. 

3. Questions and Complaints 

If you have any questions about our processing of your personal data, you are welcome to contact our Data Protection Officer: personvernombud@posten.no 

If you believe that our processing of personal data does not comply with what we have described here or that we otherwise do not comply with the requirements of the data protection legislation, we would like you to contact us. You can also lodge a complaint with the Data Protection Authority. You can find contact information for the Data Protection Authority on their website: www.datatilsynet.no.