HOME / PRIVACY NOTICE
Privacy Notice
You come into contact with us when you use a service in which our technology is integrated, usually through a partner that provides the relevant service. This privacy notice explains how we collect, process and protect your personal data when you visit our website, contact us through forms, use our services through a partner or otherwise interact with us.
1. Introduction
Kreditz AB, registration number 559148-2400, Vendevägen 87, 182 32 Danderyd, Stockholm ("Kreditz", "we", "us") is a Swedish company that provides digital services for the collection, structuring and analysis of financial information. Our services are used, among other things, for identity verification, regulatory compliance or as part of credit and other assessments. We have permission from the Financial Supervisory Authority (Sw. Finansinspektionen) to provide account information services.
You come into contact with us when you use a service in which our technology is integrated, usually through a partner that provides the relevant service. This privacy notice explains how we collect, process and protect your personal data when you visit our website, contact us through forms, use our services through a partner or otherwise interact with us. More information about how we process personal data can be found under point 2.
The privacy notice also covers the processing that takes place when Kreditz fulfills its obligations under the Act (2017:630) on measures against money laundering and financing of terrorism (the “Anti-Money Laundering Act” or “AML”).
For those of you who contact us in connection with a recruitment process (e.g. by submitting an application or expression of interest), please see our separate privacy notice for recruitment.
We use cookies and similar technologies on our website to improve functionality, analyze user behavior and, in some cases, for marketing purposes. You can choose which cookies you agree to, and you can change or withdraw your consent at any time. More information about how we use cookies and how you manage your settings can be found in our Cookie Policy.
We have appointed a data protection officer which will help us ensure that we meet these requirements. If you have any questions regarding how we fulfill our obligations, you are welcome to contact our data protection officer using the contact details in section 10 below.
2. Processing of personal data
Below you can read about how we collect and process personal data in different parts of our operations. We describe what we do with the data depending on how you interact with us.
For each area, we explain which categories of personal data may be processed, why and for what purpose the data is processed, and what role we have hold under Regulation (EU) 2016/679 of the European Parliament and of the Council, also known as the general data protection regulation (“GDPR”).
2.1. When contacting Kreditz
| Category | Description |
| Context | When you visit our website, contact us via a form, subscribe to our newsletters, consent to be contacted for marketing purposes, or visit our office. |
| Personal data processed |
- Contact details (name, email address, phone number) |
| Purpose of the processing | - Responding to inquiries and feedback - Manage subscriptions and marketing communications - Analyze website usage - Ensure technical operation and security - Protecting the company through physical security |
| Our role under GDPR | Kreditz is the data controller for this processing. We determine the purposes and means of the processing and are responsible for ensuring that the processing is carried out in accordance with GDPR. |
| Additional information | See our Cookie Policy for more details on how we use cookies and technical data |
2.2. When contacting Kreditz
| Category | Description |
| Context | When you use a service where our technology is used to retrieve account information from your bank or account management institute, we process personal data on behalf of that partner (e.g. a bank, lender or other service provider) whose service you are using |
| Personal data processed |
- Contact details (name, email, phone number) |
| Purpose of the processing | - Retrieve, structure and analyze account information - Generate financial insights as part of our partner's credit assessment - Ensure technical function and safety |
| Our role under GDPR | Kreditz is the data controller for the step involving the retrieval of account information from your bank or account management institute. Thereafter, for the further processing of your personal data, we act as a data processor on behalf of our partner, who is the data controller |
2.3. When retrieving information from the Swedish Tax Agency
| Category | Description |
| Context | When you use a service where Kreditz, on behalf of the partner whose service you are using, retrieves information from the Swedish Tax Agency. |
| Personal data processed |
- Contact details (name, email, phone number) |
| Purpose of the processing | - Form part of the basis used by the partner for credit assessment - Verify employment |
| Our role under GDPR | Kreditz is a data processor and processes your data on behalf of our partner, who is the data controller. |
2.4. When retrieving data from accounting systems
| Category | Description |
| Context | When you use a service where Kreditz, on behalf of the partner whose service you use, retrieves data from an accounting system. |
| Documentation and personal data processed |
- Profit and loss statement and balance sheet |
| Purpose of the processing | - To form part of the basis for assessing the financial situation before granting credit - To verify the company's financial position, income and solvency |
| Our role under GDPR | Kreditz is a data processor and processes your data on behalf of our partner, who is the data controller. |
2.5. Processing in accordance with the Anti-Money Laundering Act
| Category | Description |
| Context | When we process personal data to fulfill our legal obligations under applicable rules of the Anti-Money Laundering Act. |
| Personal data processed |
- Name, personal identification number, contact details |
| Purpose of the processing | - Know your customer (KYC) - Risk assessment and monitoring of business relationships - To report suspicious activities to the competent authority - To comply with legal requirements to prevent money laundering and terrorist financing |
| Our role under GDPR | Kreditz acts as the data controller. Processing is done independently and according to legal obligations. |
3. Legal bases for processing of your personal data
| Legal basis | Description |
| Consent |
We process your personal data based on your explicit consent when: You use our account information service You agree to us retrieving information from the Swedish Tax Agency or accounting system You accept cookies on our website You sign up for a newsletter or agree to marketing contact You can withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing prior to the withdrawal. If you use our account information service and wish to withdraw your consent, please click here |
| Legal obligation |
We are required to process certain personal data in order to fulfill legal requirements, in particular when acting as a data controller for processing according to AML. This includes: |
| Agreement | Processing occurs when necessary to fulfill an agreement between you and Kreditz or the partner whose service you use. |
| Legitimate interest | We process personal data to meet our legitimate interests when: - We communicate with you - We analyze website usage - We secure our technical operation and information security - We use surveillance camera at our premises - We may anonymize personal data to improve our models and quality of services In any such processing, we will weigh the interests of the data subject to ensure that your rights do not outweigh our interests |
| Additional information | See our Cookie Policy for more details on how we use cookies and technical data |
4. Who we share your data with
We share your personal data with service providers acting as our data processors. They are only permitted to process your data according to our instructions and may not use it for their own purposes. These recipients belong to the following categories:
- Cloud service providers for hosting and data storage
- Email communication services
- SMS communication platforms
- Marketing services for email distribution
- Services for optimization of our services and website
- Security and development services
In certain cases, we are obliged to share personal data with competent authorities when required by the Anti-Money Laundering Act. Such sharing is done without your prior consent and may occur without informing you.
We do not sell or share your personal data with any other third parties.
5. International data transfers
If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards, such as the use of the European Commission's Standard Contractual Clauses (SCC).
6. Storage of personal data
We only retain your personal data for as long as necessary for the specific purpose or to fulfill legal requirements. Personal data is anonymized or deleted no longer needed.
When processing is carried out under applicable legislation, such as AML, the Bookkeeping Act and the Annual Accounts Act, we retain personal data in accordance with legal requirements.
7. Security measures
Kreditz, in its capacity as a data processor, has implemented the following technical and organizational security measures:
- Encryption of personal data both during at rest and in transit
- Access controls with authorization role-based permissions
- Continuous system monitoring and audit logging
- Secure development practices and regular security testing
- Internal trainings, governance documents, and policies for privacy and information security
- Measures for data minimization
8. Your rights
You have the right to:
- Request access to your data
- Request correction of incorrect data
- Request deletion of your data (“right to be forgotten”)
- Object to certain types of processing
- Request data portability
Contact us via the contact details below if you wish to exercise any of these rights.
9. Supervisory authority
If you believe your personal data is being processed incorrectly, or if your rights under the GDPR have not been respected, you can file a complaint with the relevant supervisory authority:
Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) Website: www.imy.se
10. Contact us
If you have questions about this privacy notice or how we process your personal data, you can contact us at:
Data Protection Officer
Kreditz AB
Vendevägen 87, 182 32 Danderyd
E-mail: privacy@kreditz.com
Document Details
| Document name | General Privacy Notice |
| Type of document | Notice |
| Approval date | 2025-09-18 |
| Version of this document | 1.0 |
| Document owner | CEO |
| Classification | Public |
Talk To Us
Ready to upgrade your credit decisioning process? Let’s explore how we can work together.