Version 1.0 - Effective from 20 October 2020
At Lunar Bank, we take the protection of our customers' privacy and personal data seriously.
We protect your personal data and have internal security rules concerning information with instructions and measures that continuously ensure that your personal data is not destroyed, lost, altered, disclosed without authorisation, and that others do not unjustifiably become aware of it.
Lunar is the data controller for the processing of your personal data that occurs with us as part of the creation, ongoing administration, and possible termination of your customer relationship.
If you have given consent for the personal data you have provided to us in connection with the creation of your current customer relationship or as part of the ongoing relationship to be disclosed to our business partners, the business partners in question will be the data controllers of the processing of your personal data that the business partners undertake for their own purposes (including, for example, in connection with the creation as a bank customer, issuance of payment cards, or purchases made from third parties via the Lunar app). You will be notified of this when you consent to the disclosure.
When processing your application for registration as a user (and thus customer) with Lunar via the Lunar app, we process the data you have provided in the app. This includes your name, contact details (email address and telephone number), civil registration number, information about any PEP status (Politically Exposed Person), information about your place of birth and country of origin, country of residence, countries where you are tax liable, citizenship, etc. In this context, we may also obtain information about you from public records and other publicly available sources, including information from BankID for verification of your identity and address. Also, when we create the customer relationship, you must disclose the purpose and intended nature of your customer relationship with us.
We collect data from the Swedish Civil Registration System and other publicly available sources and registers.
The purpose of processing the above data is to be able to implement and document our statutory customer knowledge procedures (KYC) under the Danish Anti-Money Laundering Act, as well as to be able to communicate with you, including answering general questions or correcting entry errors, before the approval of your customer relationship.
As part of our ongoing administration of your customer relationship, we process the data you have provided us at the time of the creation of the relationship. We continuously process data about your use of the Lunar app and your account, including data about your balance, transactions, product purchases and/or changes. When you become a customer, you are also assigned a unique customer ID for us to use to identify your account in connection with operations and support. Under the Danish anti-money laundering legislation, we are also obliged to examine the background and nature of any complex and unusual transactions and activities in your customer relationship with us, and to note the outcome of these investigations.
When assessing credit rating, we check for data recorded about you by credit reference agencies and warning registers. We will also update this data on an ongoing basis. In addition, we will continuously monitor your behaviour in order to be able to assess your creditworthiness continuously.
The purposes of our processing of the above data are to be able to (i) operate your Lunar Account (including the execution of transactions, transfers, etc.), (ii) provide your activated features and products in the Lunar app, (iii) provide technical or general user support to you, and (iv) ensure ongoing compliance with the legislation, including documenting implemented customer knowledge procedures (KYC).
If you have purchased Tryg insurance through the Lunar app, we will disclose your personal data to Tryg Forsikring A/S in connection with your claims through the Lunar app. The data include name, email address, policy number, insurance type, and period of coverage, as well as data about whether you have purchased insurance through the Lunar app.
When you purchase services provided by our partners through the Lunar app, we share your personal data with these partners. You will be separately notified of the processing of your personal data in connection with the individual purchases that you make.
If you have answered "yes, please" to receiving marketing materials, including information about new products, features, or offers from Lunar or our business partners, we process data about your name, contact information, as well as which channels you have indicated that you would like to receive the marketing through (e.g. email, SMS, phone calls, or push messages). Prior to processing the above data for marketing purposes, we will separately obtain your consent.
If you no longer wish to be a customer of Lunar, we process your personal data in order to end your customer relationship and close your account. In this context, we will process your contact information (such as email address and phone number). If you have provided information about an external account to which your balance shall be transferred, we will process the data about your external account and registration number. In connection with the technical closure of your account, we will assign to your account a unique closing attribute (a code that identifies the account across Lunar's systems) that ensures that your customer relationship can be terminated in all of our systems.
The purpose of processing the above data is to be able to complete the closure of your account and communicate with you, including answering your questions in this regard.
We store data that you have provided to us in order to establish a customer relationship for at least two years from the time we create you as a lead – even if a customer relationship is not established. We do this to protect us against fraud and to be able to document a possible consent to receive marketing materials.
To be a customer of Lunar, you are required to provide us with a range of information as a result of the legislation or contractual relationship. Examples of such information are mentioned in the section above. The legal basis for our processing is the Danish financial regulation as well as other legislation, including:
Also, your data may be processed if the processing is necessary as a result of an agreement you have entered into or are considering entering into with us. Processing may also take place if you have given your consent, cf. Article 6(1)(a) and (b) of the General Data Protection Regulation. The same may happen if one of the other processing rules in Articles 6(1) and 9 of the General Data Protection Regulation applies.
We also process your data when necessary for Lunar to ensure a legitimate interest. This could include, for example, the prevention of misuse and loss, the strengthening of IT and payment security, and/or direct marketing.
In order to fulfil agreements with you – for instance, if you have asked us to transfer an amount – we will disclose the data about you that is necessary to identify you and complete the agreement.
In connection with the creation and administration of your customer relationship, the issuance of payment cards, as well as the use and possible purchase of products and services you have made through the Lunar App, we will, with your consent or, if possible under the legislation, disclose your personal data to the relevant business partners (including correspondent banks and other financial institutions) to manage your products and services. With your consent or if permitted under the law, data is passed on internally within the Lunar Group and to business partners.
We disclose information about you to public authorities. This is done to the extent we are obliged to do so by law. Among others, we disclose information to the Money Laundering Secretariat of the State Prosecutor for Serious Economic and International Crime (SØIK) under the Anti-money Laundering Act, to SKAT under the Tax Control Act and to the National Bank, which, among other things, uses data for statistical purposes.
In the event of a breach of obligations, we may report you to credit reference agencies and/or warning registers in accordance with applicable rules.
When transferring money abroad where money laundering, crime financing, or terrorism is suspected, we disclose the required data to relevant authorities and agencies.
Also, your personal data will be transferred to our data processors, who, among other things, host our IT systems or perform specific administrative tasks on our behalf. We have entered into data processing agreements with all our data processors. We may disclose your personal data to public authorities in cases where such disclosure is required to comply with a legal obligation to which we may be subject, including, for example, in connection with subpoenas, court orders or search warrants.
We will store your data for as long as it is necessary for the purposes for which your data is collected, processed, and/or stored.
Under anti-money laundering legislation, data, documents, and records are kept for at least five years after the end of the business relationship or the completion of each transaction.
Employees of Lunar Bank are bound by confidentiality and shall not improperly disclose information which they have become aware of during their work at the bank.
We transfer your personal data to recipients outside the EU and EEA. This occurs if we use data processors and/or sub-processors located outside the EU and EEA. This may also be the case if one or more of our relevant business partners are located outside the EU and EEA. A list of our third-country transfers is found here. The list also provides an overview of the relevant transfer basis (i.e., the legal basis we have for transferring your personal data to third countries).
If you would like additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you may request this by exercising your rights as described below in the section "Your rights, etc.".
You have the right to withdraw your consent at any time. You can do this through the app. If you choose to withdraw your consent, it does not affect the legality of our processing of your personal data based on your previously announced consent and up until the time of withdrawal. Therefore, if you withdraw your consent, it will only have effect from that time.
Under the General Data Protection Regulation, you have several rights concerning our processing of data about you. To exercise your rights, please contact us. Your rights are detailed below.
You have the right to access the data we process about you, as well as other data.
You have the right to have inaccurate data about you rectified.
In exceptional cases, you have the right to have data about you erased before the time of our general erasure.
In some cases, Lunar will automatically assess your personal data, for instance, to analyse your financial circumstances or preferences. For example, we do this if we are required to make a statutory credit rating (credit score) and in order to target our marketing to you.
In certain cases, you have the right to restrict the processing of your personal data. If you have the right to have the processing restricted, we may in future only process the data – apart from storage – with your consent, or for the purpose of establishing, asserting or defending legal claims, or protecting a person or important public interest.
In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as to have that personal data transferred from one controller to another without hindrance.
You can read more about your rights at the Danish Data Protection Agency if you are unhappy with the way we process your personal data. The Danish Data Protection Agency's contact details can be found at www.datatilsynet.dk.
You have the right to lodge a complaint with the Danish Data Protection Agency if you are not satisfied with the way we process your personal data. The Danish Data Protection Agency's contact details can be found at www.datatilsynet.dk.
Lunar Bank A/S
Hack Kampmanns Plads 10, 8000 Aarhus C
CVR No.: 39 69 76 96
Phone: +45 70 60 54 54
If you have any questions about our processing of your data, you can always contact our Data Protection Officer (DPO). You can contact our DPO in the following ways: