Processing of personal data (2019-10-01)

Swedbank Pay Checkout and E-commerce

We care about your privacy and the protection of your personal data!

The following text offers an overview of how we process your personal data, what your rights are, the purposes for which the data is processed, how we protect data and who you can turn to if you have any further questions or concerns regarding the processing of you own personal data. Our contact information is provided below.

We are constantly improving and developing our services, products and websites and the content of this policy may therefore change over time, though always taking your rights into consideration in accordance with applicable laws and regulations. The latest version of this policy is available at all times at:

https://Swedbankpay.com/terms/processing-of-personal-data

Contact information for Swedbank Pay:

Postal address: S:t Hansplan 1, 621 88 Visby, Sweden

Finland E-mail: asiakaspalvelu@swedbankpay.fi

Denmark E-mail: kundeservice@swedbankpay.dk

Sweden E-mail: kundservice@swedbankpay.se

Questions relating to personal data:

E-mail: dpo@payex.com

Finland  telephone number: 2014 04225

Denmark telephone number: 8862 4001

Sweden telephone number: 0771 441 000

Swedbank Pay Checkout - payment experience

Autocompletion and automatic completion of your contact details.

We store certain information on you in order to attend to your payment requirements quickly and efficiently. We use the information we store to enable us to provide you with the best possible payment experience. Instead of having to enter the same basic details every time you pay using our services, we store information about your device, address details, telephone number, e-mail address, personal identity number and your login information and we automatically complete for you when you choose to pay with our Checkout. This is done either through a cookie placed on your device or by you firstly providing your e-mail address and postcode. You can choose to not use autocompletion at any time by notifying us  using the contact details found in this text. If you choose to remove autocompletion it means that you will not be able to use autocompletion for faster payment.

If you want to read more about what data we collect and about our processing of personal data, you will find the information below.

Payment methods

We offer several different payment methods that are provided either through Checkout or as payment methods for
e-commerce on a connected merchant's website:

  • Invoice – pay later
  • Card payment - we offer card payments with the world's most popular debit and credit cards.
  • Swish, Vipps – pay for your purchase by Swish or Vipps transfer on a mobile phone
  • Credit Account – part-payments via an overdraft facility
  • Direct bank payment - direct payment enables you to quickly complete your purchases via your internet bank.

We will collect and process personal data depending on which payment method you choose to use when you pay for your purchase in Checkout or via e-commerce on a connected merchant's website. We have compiled all the information you need to know about our processing of personal data for your payment with any of our payment methods in Checkout or  e-commerce in the text below.

Swedbank Pays After-purchase portal

In our after-purchase portal, you can easily obtain an overview of your invoices, your payment history, your selected payment methods and saved details along with a summary of your outstanding debts. If you choose to use our after-purchase portal by logging in with an electronic signature, for example Bank ID (or other means electronic signature offered in your region) , additional features will be made available to you as a customer and data is processed to provide the services we are offering.

  • Your purchases through our Checkout are presented along with the status of unpaid invoices, your purchase history or any refunds, for example.
  • Check and manage your saved payment details such as connected cards (card numbers you have chosen to save).
  • Your card details are saved based on your consent and you can choose to delete your saved card details at any time.

If you want to read more about what data we collect and about our processing of personal data, you will find the information below.

What data do we collect?

Personal data processed by us:
 
(a) Data you supply to us yourself:

When you choose to pay with any payment method provided in our Checkout or via an e-commerce on a connected merchant's website, you provide details about yourself such as first and last name, personal identity number, telephone number, mobile phone number, address details, delivery address and e-mail address. Depending on the choice of payment method, you may also be asked to provide payment details such as credit and debit card data (card number, date valid, CVC code, etc.), invoicing information, bank, bank account number and other similar details. Any information you supply to us may be registered and saved in order to simplify the payment process when you complete a purchase with Checkout or use other payment services provided by us. Please note that all listed information above will not necessarily be requested every time you use a payment method provided by Swedbank Pay.

(b) Personal data collected when you use Checkout and the after-purchase portal:

  • Information on use of the service. We log your use of the service (Checkout) and register your choice of payment method, purchase history/transactions, item information, receipt information, delivery details, time logged-in.
  • Historical information. Details of any complaints and other contacts that we has had with you regarding purchases, invoices issued, credit history, any overdue payments/unpaid debts, details of any refusal of a credit application, frequency of visits.
  • Technical information about your device and Internet connection. We use server logs and other tools to record information about the device and the connection to the service and your use of the service on different devices. This information may include operating system, platform, screen resolution, browser version, language settings, time zone, your geographical location, IP addresses and similar.
  • Cookies and other content stored locally on your device. When you visit sites where our Checkout is provided, we use a range of cookie technologies, either directly or through third parties. By agreeing to allow us to process your personal data, you also give your consent to save the necessary cookies for our Checkout on your device. More information on how we use cookies to improve your payment experience is available here: https://payex.se/om-payex/om-cookies/

(c) Personal data collected when you use any of our payment methods in Checkout or e-commerce:

  • Information on the payment. Card details, bank, bank account number, telephone number
  • Information on the debt. e.g. invoice information
  • Financial information. Your income data, your credit history and your payment history.
  • Information on purchases. Information and details on which e-shop the product or service was purchased in and, where applicable, which product or service was purchased.
  • Personal information. First and last name, personal identity number, address, e-mail address, delivery address and telephone number.
  • Information in connection with the application, e.g. overdraft facility (information forming the basis for the agreement on an overdraft facility)

(d) Data from other sources:

In order to keep your address data up to date, data on your officially registered address is obtained and automatically completed and will be regularly updated using the public register services, for example SPAR (SWE), VRK (Väestörekisterikeskus) (FI), or Det Sentrale Folkeregister (DSF) (NO). Depending on the choice of payment method, Swedbank Pay may need to carry out a credit check on you by such means as obtaining information from other companies in the Swedbank group (PayEx and its related companies have been wholly owned by Swedbank AB since August 2017 and form part of the Swedbank group) and also from external credit information companies such as UC (SWE), Bisnode (NO), Gjeldsregistret (NO), Experian (NO) or Suomen Asiakastieto Oy (FI). Furthermore, in some cases we may need to carry out customer checks as part of its work to counteract money laundering and terrorist financing such as checks against so-called sanctions lists. Finally, to confirm your identity and address and to protect you and other customers from fraud, we may use other providers of identity verification and fraud prevention services.

We can also retrieve information from the e-merchant where you carry out your purchase such as e-mail address, mobile phone number, SSN, invoicing address and delivery address, as well as from other partners. The information we obtain from e-merchants is saved, as appropriate, in your Checkout profile.

Why do we process personal data?

We process your personal data to enable us to deliver a payment service to you, provide you with a fast, flexible user experience and ensure that content is efficiently presented to you and your device.

We process your personal data to enable us to identify and verify your personal and contact details and, as appropriate, carry out credit checks on you as a customer to enable us to thus comply with your request for payment and fulfil the agreement with the e-merchant where you carry out your purchase.

We process your personal data in order to comply with applicable legislation such as laws on measures to combat money laundering and accounting laws.

We process your personal data for development of new products and features and in order to develop our services by such means as data analysis, compilation of statistics and system testing. The results of data analysis and statistics are used to allow us, for example, to offer you the payment method you prefer and analyse selected methods and their implementation rate.

We process your personal data in order to improve credit risk models, evaluate risks and monitor and prevent fraud and other suspected misuse of Swedbank Pay’s services.

We process your personal data in order to obtain better support for decisions in the case of payment reminders and debt collection and to enable us to determine which payment methods and other services we can offer you.

Marketing

Your personal data will be processed for marketing purposes, such as to enable information to be sent out to you (by letter, e-mail, text message or other method) about the services offered by Swedbank Pay or any of our approved partners.

You can object to such processing at any time by sending an e-mail message to dpo@payex.com or any other address indicated by Swedbank Pay.

Profiling, and automated decision-making

In some cases we make use of profiling. Profiling refers to the automatic processing of personal data used to assess some of your personal characteristics as a customer in order to analyse or predict, for instance, your financial situation or to oversee the flow of transactions to combat fraud or money laundering and terrorist financing. Profiling can also be used to analyse or predict your personal preferences and thereby understand how you prefer to receive communications, your preferred payment method, what you may be interested in receiving in the form of offers and marketing (you can of course unsubscribe from this type of mailing at any time by contacting dpo@payex.com) and to analyse the services you use and how you move around in our digital channels.

Automatic decision-making is used for credit assessments and risk management. Automatic decisions are made without the involvement of a physical person and can be based on information from credit information agencies, for example, and information obtained from the Swedbank group regarding your purchase and payment history, outstanding credit and payment behaviour. Automatic decision-making is carried out in order to comply with our legal obligations, to fulfil an agreement with a customer or is based on our legitimate interest in providing customised, secure services.

Who can we share your data with?

  • Authorities such as supervisory authorities, tax authorities or other relevant authorities where we have a legal obligation to provide certain information.
  • The Swedbank group including all PayEx companies.
  • Third parties who maintain databases and registers, e.g. credit registers, population registers or other registers that contain or supply personal data and insolvency administrators.
  • Merchants where you carry out a purchase. Please note: A merchant's terms and conditions for data protection in the agreement with you apply to personal data collected by the merchant and disclosed to us.
  • Subcontractors who act as sub-contractors to us within the context of delivery of our services and products to you. All suppliers or subcontractors that we work with and that process personal data are required to meet our high data protection standards by signing a personal data processor agreement between us and the supplier/subcontractor. See below for more details on transfer of personal data.
  • Credit rating institutions. Information on non-payment, credit facilities granted or misuse of credit facilities is provided by us to credit reference agencies and others in accordance with the Swedish Credit Information Act (1973:1173) or other such acts relevant for your geographic location.

** About the credit register: The credit facilities entered in the register are unsecured loans, guaranteed loans, hire-purchase credits and overdraft facilities, as well as mortgages provided by banks and credit market companies. Credit reference agencies reports the credit used and approved, as well as the number of credit lines and information on lenders. This information is only available to banks and credit market companies that report the same information themselves.

Disposal

In the event that the legal entity that Swedbank Pay is a part of, i.e. PayEx or a substantial portion of PayEx’s assets is acquired by a third party, personal data on our customers may be shared. Before such sharing takes place, we will ensure that an appropriate confidentiality undertaking is in place.

Transfer of personal data

Personal data may be transferred to a personal data processor that processes the personal data on behalf of us. In these cases we have made sure to enter into a personal data processing agreement with the personal data processor and the processor may not process the personal data for any purpose other than to provide us with the agreed service. We adopt necessary measures at all times to ensure that personal data processors process personal data in accordance with our instructions and in accordance with applicable law.

An adequate level of protection is an absolute requirement and we achieve this by adopting all reasonable legal, technical and organisational measures to ensure that your data is processed securely and with a level of protection comparable to and at the same level as the protection offered within the EU/EEA. Our processing mainly takes place in the EU/EEA but in some cases personal data may be transferred to, and processed in, a country outside the EU/EEA by a Swedbank Pay subcontractor. Such transfers will only take place provided that adequate safeguards exist for the transfer, for example:

(a) There is a decision by the European Commission that the country outside the EU/EEA guarantees a so-called adequate level of protection for personal data, or;

(b) Swedbank Pay provides suitable safeguards for the transfer through the use of binding corporate rules or standard contractual clauses that have been published by the European Commission or other contractual terms approved by the European Commission or the competent authorities, or;

(c) in connection with transfer of personal data to the USA, that the subcontractor to which the transfer is to take place is certified and approved according to Privacy Shield Framework.

Storage

Your personal data will be stored securely and will be saved only for as long as is necessary to fulfil the purpose of the processing and to meet our legal obligations (e.g. to comply with requirements or measures against money laundering and accounting and other regulatory requirements). If Swedbank Pay acts as a personal data processor, Swedbank Pay is obliged to comply with the personal data controller’s instructions with regard to storage and erasure.

Your rights

You are entitled to submit a request for an extract from the register at any time in order to find out what personal data we have registered on you. In this case, please contact us at the address indicated below. You can use the same address to inform us that you do not wish to receive direct marketing from Swedbank Pay (see also under Marketing above) or if you want us to correct incorrect data or erase data. However, we cannot erase your data if there is a statutory requirement for processing and storage, such as accounting rules or money laundering rules, or when there are other legitimate reasons why the data must be saved such as in the event of unpaid debts.

You can at any time withdraw any consent you have given us, change information such as your contact details or other editable information. Depending on the country, this can be done either via after-purchase portal or by contacting us.

You are also entitled to contact the Data Protection Authority in your relevant region if you have a complaint regarding the processing of personal data. You can contact the Data Protection Authority’s via the link below.

Sweden: https://www.datainspektionen.se/vagledningar/for-dig-som-privatperson/klagomal-och-tips/

Denmark: https://www.datatilsynet.dk/

Finland: https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman

Norway: https://datatilsynet.no/

Contact

Swedbank Pay has appointed a Data Protection Officer who can easily be reached at dpo@payex.com or at the address below.

Address: Swedbank Pay, ATT: PayEx Sverige AB Attn.: Dataskyddsombudet, 621 88 Visby, Sweden

For general inquiries about our products or services, you are always welcome to contact us via any of the contact channels offered on our website https://swedbankpay.com or at your local Swedbank Pay homepage.

Contact details for PayEx group companies are available on the PayEx website at https://payex.se/om-payex/foretagsinformation/

Complaints

It is very important for us that you, the customer, should be satisfied with the treatment you receive from us and with our services. If you are dissatisfied with anything, we would like to know why.

If your views relate to a specific case or debt, please contact our customer services. Contact details for our customer services are available on all our communications or via https://swedbankpay.com or at your local Swedbank Pay homepage.

If you are not satisfied with the response from customer services or if you have any comments or complaints about how we manage our business, you are welcome to e-mail us. You can contact us via complaint@payex.com Your case will then be investigated by a complaint coordinator.

If you are still not satisfied with the response you received from the complaint coordinator, you can use the same e-mail address to specifically request that a complaint manager review your case. All complaints are dealt with according to our complaints policy, which means that you will receive prompt, impartial feedback.

If you fail to come to an agreement with us, you can also contact a consumer advisor in your region for advice. Our supervisory authority, the Swedish Financial Supervisory Authority, can be contacted at the following address: Box 78821, 103 97 Stockholm (www.fi.se).

For more information on how Swedbank Pay processes personal data, see https://swedbankpay.com/terms/processing-of-personal-data