Kardio takes customer privacy seriously and ensures that personal data is handled in a responsible and secure manner and in accordance with Icelandic laws on privacy and the processing of personal data. Kardio's main objective with collecting information is to use such information to maintain security as well as to develop and improve customer service.
This privacy policy applies to all information we collect on our website, in the dashboard, and through the app, but additionally, Kvika hf.'s privacy policy applies, which discusses in more detail the processing of personal data related to card issuance, which can be accessed here: www.kvika.is/privacypolicy.
1. Contact Information of the Data Controller
Kardio is a fintech service offered by Memento ehf.
Memento ehf. (hereinafter "we")
Bjargargata 1 102 Reykjavík
Tel: 772 8440
Email: kardio@kardio.is
2. Personal Data and Non-Personally Identifiable Information
In this privacy policy, we use the terms "personal data" and "non-personally identifiable information." Personal data refers to information that can be linked to a specific individual and can be used to identify the individual. Non-personally identifiable information refers to information that cannot be linked to a specific individual.
3. Information We Collect
We are committed to providing the most secure service possible. Therefore, we ask you, and all other users, to identify yourself when creating a new account with personal information. Information we might ask for this purpose includes name, phone number, email address, and facial image. We may need to ask you to further confirm your identity if we consider it necessary or to increase your authorization for actions in the system. For this, we might ask you for your ID number, address, or other information that we consider sufficient to confirm your identity and to confirm your ownership of a company or power of attorney that you provide in connection with the service.
4. Information from Mobile Devices
Other information we collect is information about your mobile device, e.g., type of device, device identification number, device settings regarding time zone, language, and IP address.
5. Information from Kardio's Website
When users visit Kardio's website, we use tools, so-called cookies, to collect information about their usage, e.g., browser type, which pages of the website users visit, time users spend on the web, etc. This way, we can better understand what information users are looking for on the website, and we have the opportunity to adapt the website and make it clearer for users. By using Kardio's website, the user agrees that such information is collected.
6. Card Information Not Stored
Card information (payment card number and CVC number) is not stored in the app but only with the card issuer, Kvika. The card issuer that Kardio works with operates according to the PCI DSS (Payment Card Industry Security Standard) standard.
7. How We Ensure Data Security
The website and its databases are hosted by a security-certified hosting provider. All communications in Kardio and databases are encrypted.
8. How We Use the Information We Collect
The main goal of information collection is to provide you with the best possible service available, so that your experience of using Kardio is fast, efficient, comfortable, and enjoyable, and is based on our mutual agreement and legitimate interests. The information we collect about you may be used in the following ways:
To provide or deliver the service and/or product that the customer uses at Kardio and provide the customer with information about the status of product delivery and service execution.
To inform the customer about changes to the service or business terms.
To identify you.
To send notifications about innovations in our service and offers that we offer our customers.
To help us develop products, services, and websites.
To send you notifications and information regarding you and your use of the service.
To prevent fraudulent behavior and illegal actions.
To measure traffic, change and adapt our service, e.g., content in the app and on the website.
To enforce terms that have been accepted.
To fulfill our obligations under the law.
Kardio will not under any circumstances provide, sell, or lease users' personal information to third parties.
Data about Kardio customers is stored until Kardio no longer needs it to fulfill the purpose.
9. With Whom We Share Personal Data
We do not share your personal information with parties outside Kardio and Kvika except in special cases, e.g., with your consent and in accordance with legitimate interests.
It may happen that we are asked for personal information to assist with government investigations. We also reserve the right to give the police tips about behavior that we believe, in good faith, to be illegal.
10. Retention
We retain some of your personal information while you are a Kardio user as it helps us to provide you with good service and fulfill our legal obligations. However, the retention period can be either longer or shorter depending on the nature of the information. For example, we may retain your information for a longer period, e.g., in accordance with Act No. 145/1194 on accounting, if necessary to defend against legal claims, we are obligated to do so by court order, or due to police or regulatory investigations. Note that after deletion, information may still exist on backup copies, but strict access and security rules apply to their storage and access.
Please note that Kvika, the issuer of payment cards, is subject to Act No. 77/2014 on public archives and must therefore retain information in accordance with that.
11. Your Rights
According to privacy laws, you have the right to access your own personal data, to correct incorrect personal data, deletion, restriction, objection, and transfer. In addition, you have the right to withdraw your consent where it has been given.
You have the right to request that Kardio correct information about you if you believe it is not correct and also to have your information deleted. However, Kardio wants to point out that the right to have information deleted is limited, and thus Kardio cannot delete information that it is obligated to keep according to law.
You have the right to demand that Kardio limit the processing of information about you. However, that right only applies in certain cases.
You have the right to receive a copy, in a computer-readable form, of the information you have provided to Kardio about yourself. If you wish, and it is technically feasible, you can request that information be sent to another party, e.g., another company.
To exercise these rights, you can send an email to kardio@kardio.is. It is appropriate to note that it can take 30 days to get answers to such a request and up to 3 months if the request is technically complex to implement. However, we will respond to you as soon as possible, at least to let you know that the request has been received and is being processed.
We draw attention to the fact that if you are dissatisfied with how we process your personal information or do not want to provide it to us, it may be impossible to maintain your access to the app.
The Data Protection Authority oversees the implementation of laws on privacy and the processing of personal data. It is possible to file a complaint with the Data Protection Authority as follows:
Data Protection Authority, Rauðarárstígur 10, 105 Reykjavík, Tel: 510-9600
12. Legal Obligations
It may happen that we are asked for personal information to assist with government investigations. We also reserve the right to give the police tips about behavior that we believe, in good faith, to be illegal.
13. Changes
Kardio reserves the right to change this privacy policy. Such changes will be announced on the website, by email, notification in the dashboard, app, or by SMS. The latest version of Kardio's privacy policy will always be accessible on Kardio's website along with the publication date.
14. Contact
If you have any comments or questions regarding Kardio's privacy policy, security matters, or the processing of personal data in other respects, we encourage you to send us an email at kardio@kardio.is.
