In this policy, you can read about how Lunar A/S ("Lunar", "we", "our", "us") and our group companies process your personal data when you visit our website, you communicate with us, and when we receive personal data about you from third parties, such as your employer or a colleague.
In Lunar - like the European Human Rights Convention - we consider the right to privacy a basic human right.
As you probably already know, we are on a mission to revolutionize the way you think about banks and a big part of that is being transparent about how we conduct our business, including how we process your personal data. This privacy notice will provide you with information about how we will be processing your personal data, when you have signed up to be a Lunar-customer.
The short version is that we collect a lot of information about everything you do in the app or in our web application and how you use us and the services we or our partners provide. We do this to live up to a lot of legal obligations, which we have as a financial company, but also to be able to provide you with the best possible services and products. If you want to know more details about all of this, look just below for the longer legal version.
Lunar Bank A/S, Hack Kampmanns Plads 10, 8000 Aarhus C, Denmark, CVR: 39697696, (in this privacy statement; “Lunar”, “we” and “us”) is the data controller responsible for the processing of personal data described in this privacy statement.
Purposes for processing personal data
- Signing up as a Lunar customer
- Customer relationship management
- Business customers
- Customer service
- The Lunar App
- Website visitors
Categories of personal data
- Legal basis for processing
Recipients of personal data
- Data processors
- Data controllers
- Other banks
- National authorities
- Additional services
- Transfers of personal data
- Profiling and automatic decision making
Data subjects’ rights
- The right to access
- The right to rectification
- The right to be forgotten (erasure)
- The right to restriction of processing
- The right to data portability
- The right to object against direct marketing
- Data Protection Officer (DPO)
- Changes and version
Purposes for processing personal data
As a bank and provider of financial services, we have a lot of legal obligations, especially in regards to documentation, that we must be able to comply with. That means that we need to collect a lot of information about you as a customer, in order to fulfill the requirements of the different laws we are subject to. In this section you can find more information about when, what, how and why we collect personal data and which purposes are pursued.
Getting on board as a Lunar customer
The very first step in the signup process is you providing us with a phone number. So even before we really know you, we have received the first piece of information about you. Until signup is completed, your phone number is only used to send out a link to where you can download our app or for verification when signup is initiated.
When you have downloaded the Lunar-app, we ask you to provide us with a lot of information as part of the signup and approval process, so this is where the real collection of data starts. This information includes your full name, contact information, social security number or similar national identification number, if you are a politically exposed person (PEP), information about the city and country where you were born, the country you live in, citizenship, where you pay taxes, etc. We also ask you to provide us information about how you intend to use your account, including expected international money transfers. For business accounts we ask for the business registration number and information about the beneficial owner of the company.
On top of the information collected directly from you, we may also collect information about you from public registers in order to verify your identity and the information you have provided.
Besides the fact that we really want to get to know you and be able to communicate with you, including providing technical support and answering all your questions about us, the information we collect as part of the signup process, both directly from you and from other sources, is required for us to be able to complete and document that we have fulfilled our Know Your Customer (KYC) obligations under the applicable anti-money-laundering (AML) legislation. If you want to use our loan or P2P lending products, we will also be collecting information about you from external partners to assess your financial situation.
We keep the information you provide during the signup process for a maximum of six months, so you, in case you get interrupted before completing the signup process, don’t have to start over when you come back to finish. After completion of the signup process, the information you have provided will be transferred to other systems and processed as described directly below.
Customer relationship mangement
After completion of the signup and approval process, we welcome you as a valued customer in Lunar. That also means that now even more data will be generated about you. But don’t worry, we will take good care of it and only use it to provide you with awesome services. When signup is completed, you will be assigned with a unique customer ID, which is used internally to identify your account. That means that most of our employees won't be able to identify you as a Lunar-customer, which is the first step to ensuring your privacy.
Being your bank, we will continue to process information about you as a customer, in order to comply with legal obligations as mentioned above. The more of our services you choose to use, the more data we will process.
As part of our ongoing relationship, we will continuously be processing information about your bank account and the way it is being used, such as your balance, monitoring of the transactions you are part of, and keeping track of the changes made to your engagements with Lunar. The processing will also include the performance of credit assessments based on your financial history with Lunar, but it may also include information collected from third parties, such as credit information registers and credit reference agencies. In short, we have to keep track of everything that happens.
We will be processing a lot of information about you and your financial affairs in order to provide you with our services. All processing performed as part of you customer relationship with us, will be performed in order to fulfill the following purposes; (i) to manage the tasks connected with the daily operations of your Lunar-account, (ii) to provide you with the chosen products and services in the Lunar-app, (iii) ensure that we are able to provide the necessary technical and customer support, and (iv) to comply with applicable legal and regulatory requirements, such as the AML laws and KYC procedures.
As part of our ongoing efforts to continuously provide you with relevant and interesting products as a Lunar customer, we may use some of the information we collect about you for testing and developmental purposes. We go as far as we possibly can using only anonymous or aggregated data, but in some cases real data is absolutely necessary. In those cases, the personal data involved will be covered by similar security measures, both technical and organizational, as those implemented to protect your personal data in our live systems.
Similar to what is described above regarding private customers, there are strict legal obligations that require us to process personal data besides information about the company, even though it is the company that is part of the agreement with Lunar. For KYC reasons we need to collect information both about the business but also about the beneficial owner, which includes collecting identification documents. The same requirements also apply if you choose to integrate our payment solution on your website.
As part of our business services, with the aim of making your bookkeeping run a lot smoother, we provide you with the opportunity to have several business credit cards issued. In order to do so, however, we need to collect information about the employees in your company to whom a company credit card has been issued, in order for us to comply with the same rules as what is described above.
Even though we continuously strive to make our products and services as user-friendly and smooth as possible, sometimes it is still necessary to reach out to us. Luckily, there are several ways to get in contact with us and we are ready to help. You can give us a call, you can send messages via the Lunar app and you can write emails. No matter which communication channel you choose, we will be processing your personal data as part of our communication. If we didn’t, we wouldn’t know who we have talked to or what we have agreed on the next time you contact us.
To the extent that we are obliged to or allowed by law, all communication with our customer service, including both incoming and outgoing phone calls, is recorded and stored in accordance with the welcome message you hear when calling us. We do this to document what happened and what was said and agreed upon during the conversation, both to be able to document any agreements that may have been entered into, but also for us to be able to document conversations that may lead or have led to investments. The correspondence may also be used in financial crime prevention and money laundering investigations. The recordings will be stored for up to 5 years after your customer relationship with us is terminated.
We would also like to use the recordings for internal training purposes to improve our customer service and to learn how we can help you in the best possible way. We will only use the recordings for these purposes, if you have given your consent. These recordings will be deleted after 3 months. In Sweden we will keep the recordings for up to 12 months.
Everything money starts with the Lunar app.
The app is our main way of keeping our products available to you and it serves as the direct lifeline between you, as a customer, and us. It represents our entire relationship and most of our communication and interaction will go through the app, just like most of our services to you will be provided via the app. As a result, we will be collecting a lot of information about you, the way you use the app and the services and products you use. You can find more specific information about the categories of personal data we process below in the section Categories of personal data.
We strive to continuously provide you with relevant offerings and services to simplify and enrich your financial life, so you can focus on what matters to you. To make sure that you have the best possible experience as a user, we track how our app is being used. We do this in order to keep developing new tools and services for you, but also to make sure that everything we put in there is working just as we want it to. Most importantly, we track your use of the app in order to make sure that your experience as a user is intuitive, smooth and generally just really nice and easy
Besides the technical information about how you use the app, we collect a lot of other information about you via the app - it is, as mentioned above, our main point of contact. Operating in the financial field, there are a lot of legal obligations and documentation requirements that we have to comply with in order for us to keep our licenses and to prevent fraud and money laundering. That requires us to process a lot of information about you and everything that happens in your accounts.
It all starts with you downloading the app and signing up as a Lunar customer. The first thing we need to do is to collect certain information about you in order to fulfill our KYC obligations, but throughout the engagement we have, we will be processing a lot of data about you to live up to our obligations, including tracking all transactions on your accounts, issuing loans and documenting all correspondence we have with you.
We are very good at the things we do but we can’t do everything ourselves, so we have found some great partners who provide you with great services. If you choose to use some of the available services, being the stock market investment platform, the crypto trading platform or the travel insurance that is part of our premium and pro subscriptions, we will be sharing your personal data with external partners, who will act as individual responsible data controllers. Please see below for more information about our partners, including links to how they process your personal data.
If you have signed up for receiving marketing material, including information about new products, functionalities or offers from Lunar or our business partners, we will process information about your name and contact details, along with information about your preferred channels for receiving marketing material, such as emails, text messages, phone calls or push notifications. To present you with the most relevant marketing material, we will also process information about your transactions, your device and how you use our products. The processing of your information for sending out marketing material will be based on your consent.
You are free to withdraw your consent to receiving marketing at any time either in the Lunar app or by contacting customer service. Push notifications can be disabled in the app or in your phone settings.
Categories of personal data
As described, we collect and process a lot of information about you in order to provide you with all of our different services and to live up to a lot of legal requirements regarding documentation that come with providing banking and other financial services.
We collect data directly from you or via the app but we also collect data from other sources, such as public registers, for example the local Civil Registration Systems, Central Business Registers, and EU or UN sanctions registers or similar. We also collect information about you from external partners who specialize in the collection of credit information, such as UC AB, Kreditz AB, and Experian A/S.
We also collect data about you, the beneficial owners and politically exposed persons and their closely related parties from international information providers and other publicly available sources. We search for information on the internet, for example, when this, after a risk assessment, is deemed warranted and in accordance with the guidelines issued by the Danish Financial Supervisory Authority. When doing a credit assessment we may check credit rating agencies or warning registers have registered data on you.
All the personal data we collect about you, is being processed for specific purposes as described above.
The personal data we process can be these overall categories:
- Identity information, including basic information such as your name and citizenship, but also documentation of your identity and national identification number
- Contact information
- Information on whether you hold a prominent public function (PEP)
- Financial and economic information, including information about all transactions related to your accounts and credit assessments
- Communication records, both written correspondence between us and recordings of phone calls
- Information about which of our products and services you use
- Information about the purpose and intended extend of your customer relationship with us
- Technical information about how you use the Lunar app
- Sensitive or special categories of information. As a basis we don’t process sensitive information about you unless you choose to disclose it to us. This can happen e.g. if you use your account to pay for labour union membership or to political parties or if you register a marriage to someone of similar sex/gender as you as a savings goal in the app. In these cases we will consider your disclosure a consent for us to process the information
- Other information you may disclose to us.
Legal basis for processing
Both during the sign-up process and in your ongoing relationship with Lunar, we will be processing a lot of information about you. Some of the processing will be due to legal requirements, cf. art. 6.1 (c) of the GDPR, that we must fulfill while other types of data will be processed on other grounds which are described below. The legal requirements for Lunar’s collection of your data is found in both specific financial regulation and other places. These include local variations of:
- Anti Money Laundering legislation
- Taxation legislation
- Accounting and Bookkeeping legislation
- Legislation regulating financial institutions and credit agreements
- National Data Protection legislation implementing and complementing the GDPR
Besides the processing of personal data that we are legally obliged to, we also process your personal data in accordance with the other legal bases that are available in the GDPR. These legal bases includes processing based on your consent, cf. art. 6.1 (a) e.g. when sending your marketing material, when necessary for the performance of a contract or prior to entering into a contract, cf. art. 6.1 (b) e.g. when providing you with technical support, when necessary for the compliance with legal obligations, cf. art. 6.1 (c) e.g. in relation to all the different laws mentioned just above, or based on our legitimate interest, cf. art. 6.1 (f) e.g. as part of our efforts to develop new services or to strengthen our IT- and payment security.
As mentioned above, as a basis we don’t process sensitive or special categories of personal data. If you, however, should choose to disclose information that is considered sensitive under article 9 of the GDPR, such as registering payments for labour union membership or to political parties or if you register a marriage to someone of similar sex/gender as youself as a savings goal in the app, we will consider your disclosure as a consent for us to process the information, cf. art. 9.1 (a). In certain situations, e.g. when we collect bank statements as part of our KYC obligations, we may receive similar information based on your transactions. This information will be processed cf. art. 9.1 (g).
As previously mentioned, we have to collect a lot of personal data about you in order to continuously be able to provide you with awesome products and services, but it is also necessary for us to comply with all of our legal obligations. But that doesn’t mean that we will keep an endless amount of information about you forever and ever.
We only store your personal information as long as it is necessary to fulfill the purpose, for which it was collected. In a lot of situations that means for documentation purposes, such as for us to be able to document when you signed up to certain services or for us to document the transactions performed. All situations or actions that we must be able to document what happened and when. As an example we can mention that according to the AML requirements, we have to keep transaction information, documents and registrations for at least five years after the completion of a transaction. Other legislative rules require us to store some types of data shorter and other types of data even longer.
All the personal information we process, e.g. in relation to banking, marketing or other activities as described above, is being processed to fulfill a specific purpose and for each purpose we have assessed how long the information is necessary, including for us to live up to legal requirements, and set up retention rules to ensure that we don’t keep anything longer than necessary.
All employees in Lunar are bound to the duty of confidentiality and receive training to ensure that there is no doubt that all information they get access to as part of their job in Lunar is highly confidential and may not be disclosed without authorisation.
Recipients of personal data
As part of providing you with the services and fulfilling the purposes described above, it is necessary for us to share your personal data with other parties, including vendors, business partners, data processors, other banks, payment- and billing services, national authorities and third parties.
We will of course only make your personal data available to third parties where we are allowed or required to do so by law and when we have all the necessary agreements in place.
We do not sell your personal data.
Even though we are really good at a lot of things, there may be somebody who does it just a little better or that already has developed a service we need. Instead of reinventing the wheel, we have chosen to enter into cooperation with these vendors to make sure that we can make the best possible product available to you. All vendors, both internally in the Lunar Group and externally, processing personal data on behalf of Lunar are bound by a data processing agreement that sets out instructions on how they may process the personal data made available to them, along with strict security requirements.
Data processors include other companies in the Lunar Group providing support or technical solutions, but also includes external partners providing services such as hosting, email sending services, and providers of software solutions used to support our work behind the scenes and the Lunar app.
In relation to the services we provide to you, we also share personal data with companies that will be pursuing their own purposes and as such, acting without instructions from Lunar. These companies are considered individual data controllers and are directly responsible for how they process your personal data. Data controllers include providers of services such as insurance companies related to Lunar Premium and Pro, and trade platform providers in relation to our investment services.
Even though they are not acting under Lunar’s instructions, like the data processors, we still require them to process personal data in accordance with applicable laws and regulations.
To explain further, we have listed and categorized examples of other data controllers to whom we may disclose personal data below.
A big part of being a bank is of course handling your money and transferring it to other banks. When we transfer your money to another bank, being between your own accounts or to others, it is necessary for us to send additional information along with the money in order for both us and the receiving bank to be compliant. This also includes our cooperation with correspondent banks, which e.g. makes international transfers possible.
Denmark As mentioned a few times already, we will be sharing information about you and your financial transactions with the national authorities, to the extent that we are legally required to do so. This includes reporting to the Money Laundering Secretariat (State Prosecutor for Special Economic and International Crimes) under the Money Laundering Act, to national Tax Authorities under the Tax Control Act.
Sweden To fulfill legal obligations we will sometimes, if necessary, share your personal information with national authorities in Sweden. This includes the Tax Agency, the Police and Financial Police, with regard to measures to prevent, detect and investigate money laundering, the Enforcement agency or supervisory authorities.
Norway We will be sharing information about you and your financial transactions with the national authorities, to the extent that we are legally required to do so. This may include sharing your personal data with other banks and payment institutions when necessary for the investigation of transactions under the Anti-Money Laundering Act. It may also include reporting to the National Authority for Investigation and Prosecution of Economic and Environmental Crime (No: “Økokrim”) under the Anti-Money Laundering Act and reporting to national Tax Authorities under the Taxation Act(?).
We cooperate with a lot of external partners, providing you with offers and services outside of Lunar’s core business as your bank. You will see that some of the products are offered by other companies in the Lunar Group while others are third parties that we have chosen to work with. Some of the benefits are available via Lunar-exclusive discount codes that can be used on our partners’ websites, while other services are integrated in the app, but where the service is actually provided by a third party. We have done what we can to show you directly in the app, when you are communicating with a third party or when we may share your data. Below you can find a couple of examples of our partners, the services provided, and where you can find more information about how they process your personal data.
Lunar Merchandise Store Unlike all other banks, we even have our own merchandise store where you can buy awesome outfits that can be used for both training and relaxing. You know - that extra time you have because Lunar takes care of everything money. Our friends in Lunar Way is the company behind the store, so when you order cool outfits, it happens with another party. If you want to know more about how they use your information, please look at their privacy notice, which is found in the store.
Stock market transactions If you have a little extra in your account and want to get into investing, you have a great opportunity directly in the app. The investment service is provided by our partner Saxo Bank and will require that you open an investment account with them, which is done easily via the Lunar app. It does, however, mean that we will share some information about you with Saxo Bank who then will be processing your personal data as individual data controllers. You can find out more about how they process your personal data on their website: www.saxobank.com
Crypto trading If you think that the stock market is so last year and want to invest in crypto instead, our great friends from Lunar Block have provided us with an easy to use platform for crypto trading, that is available via your Lunar app. Similar to the stock market investment platform, we will be transferring your personal data to Lunar Block, who will be processing the information as individual data controllers, if you choose to use the crypto trading platform. You can find more information about how Lunar Block processes your personal data in the app.
Insurance As part of your premium or pro subscription you are covered by travel insurance provided by our partner Tryg. In order to have you registered and covered by the insurance, we need to transfer information to them. They will be processing your personal data as individual data controllers pursuing their own purposes. You can find more information about how they are processing your personal data here: www.tryg.dk
Transfers of personal data
In certain situations Lunar does transfer personal data to data processors and sub-processors located outside of the EU/EEA as part of the services we provide to you. These transfers are regulated in the data protection agreements we have entered with our data processors. All transfers are based on EU-Commission’s Standard Contractual Clauses from 2021 supported by supplementary safety measures. You can find the clauses that Lunar uses by clicking here .
If you have any questions about the transfers, then you can submit a request to us. Please, see below for more information.
Profiling and automatic decision making
Lunar will in certain situations make decisions based on automated processing, including profiling, in order to make our processes more efficient and thereby be able to provide you with better and faster service. This may be relevant in such situations as when we target our marketing efforts, but it may also be part of our evaluation of your credit worthiness which we are legally obliged to perform before, e.g. approving loan applications. In case you disagree with the decision made, you have the right to express your point of view, contest the decision and to have the automated decision reviewed by a Lunar employee.
Data subjects’ rights
As a data subject, you have a number of rights that allow you to stay in control of how your personal data is being used. These rights are described a little further in this section. You can also find more information about these rights on your local data protection authority’s website. A list of links to the local data protection authority is found below.
If you want to exercise one of these rights, please contact us as described below.
The right to access
You have the right to obtain information about whether or not personal data is being processed about you and, where that is the case, information about the types of personal data being processed, the purpose for processing the personal data and, where possible, the expected period the personal data will be stored.
The right to rectification
If any of the information we have about you somehow is incorrect, incomplete or irrelevant, you have the right to have it corrected.
The right to be forgotten (erasure)
In certain situations you have the right to have your information deleted from our databases and thereby be forgotten. There are, however, some limitations to this right, e.g. when we need the information to comply with documentation requirements or to defend Lunar against legal claims.
The right to restriction of processing
In some situations, typically related to the fulfillment of other requests to exercise your rights, you have the right to restrict the processing of your personal data. That will, in nature, limit Lunar’s ability to process your personal data without your consent for other purposes than storage and the establishment, exercise or defence of legal claims.
The right to data portability
You have the right to receive the personal data, which you have provided to Lunar, in a structured, commonly used and machine-readable format and to have the personal data transmitted from Lunar to a new data controller. This basically means that in the unthinkable situation that you want to move to another bank, Lunar shall, at your request and where technically feasible, transmit the master data to that new bank.
The right to object against direct marketing
You have the right to object against certain processing activities, such as the processing performed in relation to direct marketing, including profiling.
Data Protection Officer (DPO)
If you have any questions about this privacy statement or the processing of your personal data in Lunar, please reach out to us.
Lunar has appointed a Data Protection Officer (DPO) who is ready to answer your questions. Our DPO can be reached directly either:
By email: firstname.lastname@example.org By mail: Hack Kampmanns Plads 10, 8000 Aarhus C, att: “DPO”
We hope you have found all the information you need about Lunar’s processing of your personal data in this privacy statement and that any questions you may have, have been answered by our DPO. As mentioned earlier, we really do strive to be fully transparent about what we do. Sometimes, however, that just isn’t enough.
In the unfortunate event that you feel that we just aren’t good enough explaining what we do and why we do it, or if you think that we are doing things that we shouldn’t, of course we hope that you will tell us directly so we get a chance to make things right, but you also have the right to raise a complaint with the local Data Protection Authority.
You can find contact information for the local authorities and a guide to how to raise a complaint on their websites:
Changes and version
We reserve the right to make changes to this privacy statement from time to time in order to stay compliant with applicable law and to continue to be transparent about what we do, when things change or new initiatives are launched. As a Lunar customer you will receive notification when we make changes to the privacy statement.
This version applies from 1 April 2022
Lunar Bank A/S, Hack Kampmanns Plads 10 DK-8000 Aarhus C, CVR nr. 39697696