Svea Payments Oy’s consumer services
This privacy statement concerns situations in which you use services provided by Svea Payments Oy.
Controller and their contact information
Svea Payments Oy, business ID: 2121703-0, (“Svea Payments”)
Address: Mechelininkatu 1a, 00180 Helsinki, Finland
Controller’s contact person: Svea Payments Oy
Telephone number: 09 321 3300
Email address: firstname.lastname@example.org
Legal basis and purpose of processing personal data
To complete payment transactions
We process your personal data to complete payment transactions and provide our services.
To comply with statutory obligations
We also process your personal data to comply with our statutory obligations. Our statutory obligations include:
- KYC (Know-Your-Customer) obligations
- Prevention, detection and investigation of money laundering, terrorist financing and fraud
- Reporting to relevant authorities, such as the Financial Supervisory Authority
- Obligations related to risk management, for example, verifying credit information
- Obligations under the Act on Payment Institutions and Accounting Act
Based on legitimate interest
We process your personal data on the basis of our legitimate interest, for example:
- When you contact us in order to ensure the legal protection of Svea, data subjects and customers
- For administrative purposes, such as securing and maintaining internal systems and applications as well as developing the business operations and systems, including system testing and development
We record the following data in our personal data register:
- Purchase payment and identification information
- IP address
- IBAN bank account*
- Personal identity number**
- Email address***
*If you give your account number to Svea Payments for processing a refund ** If you give your personal identity number to Svea Payments when selecting invoicing or part payment as your payment method *** If you change your email address on the Svea Payments payment form
If you use the Buyer's Assistant (Ostajan apulainen) service, we will also collect the following information: reason for return, any attached photos, and messages to the seller. We need this information to forward it to the seller to process the return.
Regular sources of data
We obtain data from the following sources:
- The data subject themselves
- Service providers offering the payment service to the data subject
Automatic processing and profiling
The service does not involve automatic decision making or profiling referred to in the General Data Protection Regulation.
Recipients/recipient groups of personal data
We comply with the laws, decrees and obligations to report to authorities pursuant to the payment institution authorisation criteria. Your data may be disclosed to the extent permitted and obligated by valid legislation, for example, upon the request of public authorities or pursuant to a court decision. In addition, your data may be disclosed to companies within the same group to the extent permitted by law.
Data collected for the purpose of using the Buyer’s Assistant service may be disclosed to the webstore to which you are addressing your complaint, return request or feedback, i.e. the webstore from which you ordered the goods.
Svea Payments may use other service providers for the processing of your personal data in accordance with this privacy statement. Svea Payments will only disclose or transfer your personal data under the circumstances and for the purposes specified in this privacy statement. Before transferring your personal data, Svea Payments ensures that the recipient agrees to process your personal data in accordance with Svea Payments’ written guidelines, the valid General Data Protection Regulation and other applicable legislation.
Transfer of personal data outside the EU or EEA
Personal data is not regularly transferred outside the EU/EEA as part of the service. If personal data is transferred outside the EU/EEA, the transfer is carried out in compliance with relevant regulations.
Retention of personal data
|Unique technical identifier for payment initiation||Present year + 5 years|
|For customer service purposes, the buyer’s email address||Present year + 1 year|
|For customer service purposes, the buyer’s telephone number||Present year + 1 year|
|For payment initiation, the buyer’s personal identity number||Present year + 1 year|
|For ensuring secure purchase transactions, the buyer’s IP address||Present year + 1 year|
|Purchase payment and identification information (reference number, archiving number)||Present year + 5 years|
|The buyer’s account number||Until the expiry of the service|
Consequences of a failure to provide personal data
If you do not consent to the collection and processing of your personal data for the purposes specified in this privacy statement, we may be unable to offer you a payment service or other services specified in this privacy statement.
Rights of data subjects
Access to personal data
Upon request, we will give you a report on the processing of your personal data and send you a copy of the processed data.
Rectification of personal data
You have the right to have your incomplete personal data completed and any incorrect data rectified.
Erasure of personal data
You have the right to request us to erase your personal data. Your data will be erased if there are no longer grounds for the processing in accordance with relevant regulations.
Restriction of the processing of personal data
You may have the right to restrict the processing of your personal data. If the processing is restricted, the controller does not, as a rule, process your personal data apart from storing the data. You have this right, for example, when you have contested the correctness of your personal data, the processing is unlawful or when you have objected the processing of your personal data and are waiting for a reply to the request for action in question.
Objection to the processing of personal data
We may process your personal data on the basis of legitimate interest as part of our business operations. In these situations, you have the right to object to the processing of your personal data.
Transfer of personal data
You have the right to obtain your data delivered to us by you in a machine-readable format and transfer the data from one system to another when the processing is based on consent or agreement and the processing is carried out automatically.
Right to withdraw consent
We may process your personal data on the basis of your consent. You can withdraw your consent at any time by contacting us. Please use the contact information provided in this privacy statement.
Right to file a complaint with a supervisory authority
We will gladly answer any questions you may have concerning your data privacy rights or the processing and storing of your personal data. You can ask us to contact you or submit your questions by using the above-mentioned address. You also have the option to file a complaint concerning the processing of your personal data. You can find the contact information at the top of this document.
If you believe that Svea Payments is not complying with the EU’s General Data Protection Regulation (GDPR) or other applicable legislation when processing your personal data, you can file a complaint with the competent authority. In Finland, the authority supervising the compliance with the regulation concerning the processing of personal data is the Data Protection Ombudsman: Ratapihantie 9, 00520 Helsinki, Finland, and www.tietosuoja.fi.
Changes to the privacy statement
Svea Payments reserves the right to revise and update this privacy statement at any time by notifying data subjects of any changes on its website. You can always find the most recent version of the privacy statement on Svea Payments’ website. Please read the privacy statement on a regular basis.