A significant part of our mission here in Lunar is to be transparent about our business operations, including how we process personal information about you. We are therefore very focused on our obligations to protect your rights according to the data protection regulation (that consists of among other the General Data Protection Regulation also known as the GDPR and supplementary national regulation). In the following sections, you can read more about which information we collect about you, for what purposes, how we store and share it, and what rights you - as a data subject - can assert.
This notice also applies to the users of ShareIt. Each section below has been elaborated with information relevant to the specific use of ShareIt. ShareIt is developed by Lunar Way A/S, which is part of Lunar Group A/S, which also owns Lunar Bank A/S. You do not need to be a Lunar Bank customer to be a user of ShareIt.
If you have any questions or complaints about our processing of personal data or this policy, please contact our DPO at email@example.com.
Lunar Bank A/S ("we", "us", "our"), CVR (company number) 39697696 with headquarters at Hack Kampmanns Plads 10, 8000 Aarhus C is the data controller for the processing of your personal data, even if you are only a ShareIt user.
When we refer to "you" in this policy, we mean you as our private customer, owner of an individually owned company or an employee of our customer.
However, you may also be another relevant party such as an authorized representative, beneficiary, guarantor, shareholder or related party.
We also mean you as a user of ShareIt.
In short, we process personal data about you for several purposes and on several different legal grounds, which are described in the following sections below:
First and foremost, as a bank and financial services provider, we are subject to a number of legal regulations that determine how and what personal data must be processed, including how long it must be stored. We are therefore subjected to legal obligations that include:
The processing of personal data is carried out in accordance with Article 6(1)(c) of the General Data Protection Regulation (hereafter the GDPR), cf. the above-mentioned respective legal obligations.
We also process personal data about you so that we - as a provider of a specific service or product - can fulfill our contractual agreement with you. This need includes the following processing activities:
The processing of personal data takes place in accordance with Article 6(1)(b) of the GDPR.
We also need to process information about you for the purposes of our own legitimate interests, which include:
The processing of personal data takes place in accordance with Article 6(1)(f) of the GDPR and only as long as our legitimate interests do not override your interests or fundamental freedoms.
Prior to processing data about you in the following situations, we will ask for your consent pursuant to Article 6(1)(a) (and if applicable according to Article 9(2)(a) of the GDPR when:
The given consent can always be withdrawn (in the Lunar Bank App), but does not affect the conducted processing prior to the withdrawal of consent.
Sensitive personal data as defined in Article 9(1) of the GDPR that derives from your transactional history or your Lunar account(s) is also processed on the ground of your consent in accordance with Article 6(1)(a) and Article 9 (2)(a) of the GDPR.
We record telephone conversation with you in order for us to document and execute on the following:
For security and crime prevention reasons, our office buildings are monitored by video surveillance.
For the above mentioned purposes, we process different types of data about you. In certain situations, we may also need to process data about persons related to you, such as your representatives, guarantors, payers, employees, etc.
The list of types of data is not exhaustive, as the type of data we collect depends on the type of service or product we need to provide:
We note that the subscriptions and other payment agreements that you may link to your Lunar Bank account may relate to matters that may be covered by the concept of "special categories of personal data" in Article 9 of the General Data Protection Regulation (e.g. trade union membership, health information, political orientation, etc.)
We disclose information about you if:
Where, as a result of one or more of the above circumstances, it is necessary to disclose information about you, the disclosure is made to the following categories of recipients:
In addition to collecting information directly from you, we also collect personal data from third parties such as publicly available and other external sources. This collection is necessary for us to offer you our products, services, process correct information about you and fulfill the legal obligations to which we are subject.
Third parties from which we collect personal data may be, for example:
In certain specific cases - as part of our use of a data processor or sub-processor - information about you is transferred to a third country. Such transfers are only carried out in the following cases:
You can find the current EU Standard Contractual Clauses by clicking here.
In certain situations - like in order to make our customer management more efficient and thus improve your customer experience - Lunar Bank will make decisions based on automatic processing, including profiling. This happens especially in relation to e.g.ongoing customer due diligence and offboarding you as a customer.
We retain information about you for as long as:
The deadlines for erasing data, that we must oblige to, are not only different across borders but also among themselves depending on the purpose with the processing.
According to the GDPR you as the data subject have the following rights you can exercise by contacting us.
Your request will always be assessed as soon as possible and specifically based on the circumstances.
You have the right to access the personal data we process about you. This means that you have the right to receive a copy of the data we process about you. Furthermore, you have the right to receive specific information about the processing to which the data is subjected. However, your right of access may be limited by law, protection of other people's privacy and considerations of protection of our business concept, trade secrets and know-how.
If any information about you is incorrect or incomplete, you have the right to have it corrected and/or updated.
You have the right to request the erasure of your data in the following cases, as set out in the GDPR:
If you believe that the processing of data about you is unlawful or that the data is incorrect, or you have objected to the processing of the data, you can ask us to restrict the processing of that data. The restriction may then include retention until the accuracy of the data is established, or we demonstrate that we have a legitimate interest in processing personal data that overrides your interests.
You have the right to request to receive information about you in a machine-readable format. This right only applies to personal data that is processed automatically and where valid consent has been given or for the purpose of fulfilling a contract.
As with everything else in our business, we are constantly improving and developing. We may therefore change this data processing policy from time to time.
The current information is updated with effect from (december 2023)
If you are dissatisfied with this policy or our processing of personal data, then you are welcome to contact our Data Protection Officer (DPO) at firstname.lastname@example.org.
If you wish to complain about the processing of your personal data, you can contact the Danish Data Protection Agency. You can find the Danish Data Protection Agency's contact information on their webpage.