Svea Payments’ customers
This privacy statement concerns specific personal data of the customers of Svea Payments’ payment service, i.e. the contact persons of and persons representing webstores, companies, associations or other operators. Svea Payments is part of the Svea Group.
Controller and their contact information
Svea Payments Oy, business ID: 2121703-0, (“Svea Payments”)
Address: Mechelininkatu 1a, 00180 Helsinki, Finland
Controller’s contact person: Svea Payments Oy
Telephone number: 09 321 3300
Email address: email@example.com
Legal basis and purpose of processing personal data
The legal basis for processing your personal data is the enforcement of agreements regarding Svea Payments’ payment service involving you or an entity you are representing as a party or the implementation of measures to be taken before such agreements are concluded upon your request.
Conclusion of an agreement, compliance with obligations under the agreement and agreement management
We process your personal data for the following purposes:
- Contract enforcement
- Notices (service and disruption notices and other notices concerning the service)
- Service production
- Development of customer relationships
Compliance with statutory obligations
We also process your personal data to comply with our statutory obligations. Our statutory obligations include:
- KYC (Know-Your-Customer) obligations
- Prevention, detection and investigation of money laundering, terrorist financing and fraud
- Reporting to relevant authorities, such as the Financial Supervisory Authority
- Obligations related to risk management, for example, verifying credit information
- Obligations under the Act on Payment Institutions and Accounting Act
Processing of data based on legitimate interest
Your data may also be used for electronic marketing. In that case, the basis for processing your personal data is Svea Payments’ legitimate interest. You have the right to object to us processing your data for marketing purposes on the basis of our legitimate interest.
We collect basic data that we need from our customers. Such data includes your role and whether your are a member of the board of our customer company or a potential beneficial owner as referred to in the Act on Preventing Money Laundering and Terrorist Financing and the Act on Payment Institutions.
We record the following data in our personal data register:
- Email address
- Telephone number
- Personal identity number
- Position in the company or association
- Potential political influence
- Quantity of stocks or holdings
- Copy of valid identification card
Regular sources of data
In addition to the data provided by yourself, we collect publicly available personal data from the following sources: registers maintained by authorities, e.g. company registers, sanctions lists (lists maintained by international organisations, such as the EU or UN), and credit information registers. We also obtain data from other commercial information channels disclosing information about, for example, beneficial owners and politically exposed persons.
Automatic processing and profiling
The processing does not involve automatic decision making or profiling referred to in the General Data Protection Regulation.
Recipients/recipient groups of personal data
Svea Payments is the processor of the personal data recorded in the register. Svea Payments uses various service providers in the processing of personal data, including companies belonging to the same group as Svea Payments.
Agreements on the processing of personal data pursuant to the General Data Protection Regulation have been concluded with the processors of personal data.
Personal data may be disclosed to companies belonging to the same group as Svea Payments within the limits and scope of relevant regulations.
The authorities may have a legal right to obtain information concerning the personal data recorded in the register. Such authorities include the Financial Supervisory Authority, Tax Administration and the Police.
Transfer of personal data outside the EU or EEA
Personal data is not regularly transferred outside the EU/EEA as part of the service. If personal data is transferred outside the EU/EEA, the transfer is carried out in compliance with relevant regulations.
Retention of personal data
|For KYC purposes, the name and identity number of the customer’s representative
|5 years after the end of the customer relationship or completed transaction
|For KYC purposes, the name, identity number and political influence of the customer’s beneficial owner
|5 years after the end of the customer relationship or completed transaction
|For the purpose of managing the customer relationship, the contact information (name, email address, telephone number) of the customer’s contact person
|Present year + 1 year after the end of the customer relationship or completed transaction
Consequences of a failure to provide personal data
If you do not consent to the collection and processing of your personal data for the purposes specified in this privacy statement, we are unable to conclude a payment service agreement with you.
Rights of data subjects
Access to personal data
Upon request, we will give you a report on the processing of your personal data and send you a copy of the processed data.
Rectification of personal data
You have the right to have your incomplete personal data completed and any incorrect data rectified.
Erasure of personal data
You have the right to request us to erase your personal data. Your data will be erased if there are no longer grounds for the processing in accordance with relevant regulations.
Restriction of the processing of personal data
You may have the right to restrict the processing of your personal data. If the processing is restricted, the controller does not, as a rule, process your personal data apart from storing the data. You have this right, for example, when you have contested the correctness of your personal data, the processing is unlawful or when you have objected the processing of your personal data and are waiting for a reply to the request for action in question.
Objection to the processing of personal data
We may process your personal data on the basis of legitimate interest as part of our business operations. In these situations, you have the right to object to the processing of your personal data.
Transfer of personal data
You have the right to obtain your data delivered to us by you in a machine-readable format and transfer the data from one system to another when the processing is based on consent or agreement and the processing is carried out automatically.
Right to withdraw consent
We may process your personal data on the basis of your consent. You can withdraw your consent at any time by contacting us. Please use the contact information provided in this privacy statement.
Right to file a complaint with a supervisory authority
We will gladly answer any questions you may have concerning your data privacy rights or the processing and storing of your personal data. You can ask us to contact you or submit your questions by using the above-mentioned address. You also have the option to file a complaint concerning the processing of your personal data. You can find the contact information at the top of this privacy statement.
If you believe that Svea Payments is not complying with the EU’s General Data Protection Regulation (GDPR) or other applicable legislation when processing your personal data, you can file a complaint with the competent authority. In Finland, the authority supervising the compliance with the regulation concerning the processing of personal data is the Data Protection Ombudsman: Ratapihantie 9, 00520 Helsinki, Finland, and www.tietosuoja.fi.
Changes to the privacy statement
Svea Payments reserves the right to revise and update this privacy statement at any time by notifying data subjects of any changes on its website. You can always find the most recent version of the privacy statement on Svea Payments’ website. Please read the privacy statement on a regular basis.