Privacy policy
Svea Payments' Customers
General
This privacy statement concerns specific personal data of the customers of Svea Payments’ payment service, i.e. the contact persons of and persons representing webstores, companies, associations or other operators. Svea Payments is part of the Svea Group.
Controller and their contact information
Svea Payments Oy, business ID: 2121703-0, (“Svea Payments”)
Address: Mechelininkatu 1a, 00180 Helsinki, Finland
Controller’s contact person: Svea Payments Oy
Telephone number: 09 321 3300
Email address: tietosuoja.payments@svea.fi
Legal basis and purpose of processing personal data
The legal basis for processing your personal data is the enforcement of agreements regarding Svea Payments’ payment service involving you or an entity you are representing as a party or the implementation of measures to be taken before such agreements are concluded upon your request.
Conclusion of an agreement, compliance with obligations under the agreement and agreement management
We process your personal data for the following purposes:
- Contract enforcement
- In connection with personal guarantees, we check the guarantor’s credit history
- Notices (service and disruption notices and other notices concerning the service)
- Service invoicing
- Service production pursuant to agreement
- Development of customer relationships
Compliance with statutory obligations
We also process your personal data to comply with our statutory obligations. Our statutory obligations include:
- Knowing our customers
- Prevention, detection and investigation of money laundering, terrorist financing and fraud
- Reporting to relevant authorities, such as the Financial Supervisory Authority
- Obligations under the Act on Payment Institutions and Accounting Act
Processing of data based on legitimate interest
Your data may also be used for electronic marketing. In that case, the basis for processing your personal data is Svea Payments’ legitimate interest. You have the right to object to us processing your data for marketing purposes on the basis of our legitimate interest.
Collected data
We collect personal data on the personnel and owners of our payment service clients. Such data includes your role and whether you are our contractual contact person, a member of the board of the company or a potential beneficial owner as referred to in the Act on Preventing Money Laundering and Terrorist Financing and the Act on Payment Institutions.
We record the following data in our personal data register:
- Name
- Email address
- Telephone number
- Personal identity code
- Citizenship and country of residence
- Position in the company or association
- Potential political influence
- Quantity of stocks or holdings
- Copy of valid identification card
Regular sources of data
In addition to the data provided by you, we collect data from the following sources: registers maintained by authorities, e.g. company registers, sanctions lists (lists maintained by international organisations, such as the EU or UN), and credit information registers. We also obtain data from other commercial information channels disclosing information about, for example, beneficial owners and politically exposed persons.
Automatic processing and profiling
The processing of personal data does not involve automatic decision making or profiling referred to in the General Data Protection Regulation.
Recipients/recipient groups of personal data
Svea Payments uses various service providers in the processing of personal data, including companies belonging to the same group as Svea Payments. Agreements on the processing of personal data pursuant to the General Data Protection Regulation have been concluded with the processors of personal data. Personal data may be disclosed to companies belonging to the same group as Svea Payments based on legitimate interest. Competent authorities have a legal right to obtain information concerning the personal data recorded in the register.
Transfer of personal data outside the EU or EEA
Personal data are not transferred outside the EU/EEA.
Personal data, their storage period and basis and the processors
Personal data | Storage period | Basis for storage | Personal data processor | Region/country of processing |
Client representative’s information for client due diligence purposes:
| 5 years after the end of the customer relationship or completed transaction | Compliance with statutory obligations: Act on Preventing Money Laundering and Terrorist Financing |
Svea Bank Ab, filial i Finland Amazon Web Services Inc. | EU/EEA |
Client’s beneficial owner’s information for client due diligence purposes:
| 5 years after the end of the customer relationship or completed transaction | Compliance with statutory obligations: Act on Preventing Money Laundering and Terrorist Financing |
Svea Bank Ab, filial i Finland Amazon Web Services Inc. | EU/EEA |
For the purpose of managing the customer relationship, the contact information (name, email address, telephone number) of the customer’s contact person | 5 years after the end of the customer relationship or completed transaction | Legitimate interest |
Svea Bank Ab, filial i Finland Amazon Web Services Inc. | EU/EEA |
Rights of data subjects
You can exercise these rights by contacting tietosuoja.payments@svea.fi or making a request for information on Svea’s website at https://www.svea.com/fi-fi/tietoa-meista/tietosuoja/rekisteritietopyynto.
Access to personal data
Upon request, we will give you a report on the processing of your personal data and send you a copy of the processed data.
Rectification of personal data
You have the right to have your incomplete personal data completed and any incorrect data rectified.
Erasure of personal data
You have the right to request us to erase your personal data. Your data will be deleted after the specified retention period, which you can see in the table above.
Restriction of the processing of personal data
You may have the right to restrict the processing of your personal data. If the processing is restricted, the controller does not, as a rule, process your personal data apart from storing the data. You have this right, for example, when you have contested the correctness of your personal data, the processing is unlawful or when you have objected the processing of your personal data and are waiting for a reply to the request for action in question.
Objection to the processing of personal data
We may process your personal data on the basis of legitimate interest as part of our business operations. In these situations, you have the right to object to the processing of your personal data.
Transfer of personal data
You have the right to obtain your data provided to us by you in electronic format and transfer the data from one system to another when the processing is based on consent or agreement.
Right to withdraw consent
We may process your personal data on the basis of your consent. You can withdraw your consent at any time by contacting us. Please use the contact information provided in this privacy statement.
Right to file a complaint with a supervisory authority
We will gladly answer any questions you may have concerning your data privacy rights or the processing and storing of your personal data. You can ask us to contact you or submit your questions by using the above-mentioned address. You also have the option to file a complaint concerning the processing of your personal data. You can find the contact information at the top of this privacy statement.
If you believe that Svea Payments is not complying with the EU’s General Data Protection Regulation (GDPR) or other applicable legislation when processing your personal data, you can file a complaint with the competent authority. In Finland, the authority supervising the compliance with the regulation concerning the processing of personal data is the Data Protection Ombudsman: Ratapihantie 9, 00520 Helsinki, Finland, and www.tietosuoja.fi.
Changes to the privacy statement
Svea Payments reserves the right to revise and update this privacy statement by notifying data subjects of any changes on its website. You can always find the most recent version of the privacy statement on Svea Payments’ website: Privacy policy | Svea. Please read the privacy statement on a regular basis.
This privacy statement was last updated on 19 April 2024.