Information for users in the European Economic Area (EEA)

Please note that unless expressly noted otherwise, NordPass shall act as the responsible personal data controller for any data processed.

Grounds for data processing

Your personal data is mainly processed for the purpose of providing you the best Services under the legal basis of performance of the contract between you and NordPass, as provided in our Terms of Service.

We also process your personal data under the legal basis of our legitimate interest:

  • to properly administer business communication with users;
  • to optimize our emailing campaigns;
  • to operate our services and ensure their secure, reliable, and robust performance;
  • to receive knowledge of how our website and applications are being used.

NordPass may process your personal data for marketing purposes in the following cases: when we obtain your consent for such processing (the legal basis for processing, in this case, is your consent) or when applicable law permits us to contact you without separate consent (under the legal basis of a legitimate interest).

Term for storing personal data

NordPass stores personal data of active user accounts indefinitely unless we are asked to delete it. This is done in order not to lose the encrypted data present in your account.

We keep your personal data for as long as reasonably necessary for the purposes set out in this Privacy Policy. The data might be kept longer if required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need – though we will generally not keep personal data for longer than seven years following the last date of communication with you. Where personal data is no longer required, we anonymize or dispose of it in a secure manner.

International transfers

NordPass is based outside the EEA and has service providers established in various countries. These locations may not guarantee the same level of protection of personal data as the one in which you live. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your personal data will remain protected in accordance with this Privacy Policy. If necessary, we use standard contractual clauses approved by the European Commission to transfer your personal information from the EEA to other countries.

Your rights

Users based in the European Economic Area (EEA) receive additional rights related to their personal data. You may:

  • request us to erase your personal data;
  • object to the processing of your personal data which is done on the basis of our legitimate interests (e. g. for marketing purposes);
  • request us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);
  • restrict the processing of your personal data (when there is a legal basis for that);
  • withdraw your consent where processing is based on a consent you have previously provided;
  • exercise your rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.
« Return to Privacy Policy