Privacy Policy


When you use the service(s) provided by Kreditz, you trust us with your personal data. That’s why your personal data is our priority. This privacy policy (the “Privacy Policy”) describes the information we collect, how it is used and shared, and your choices regarding this information when using our service(s) or websites and apps (the “Service“).


When using the Service, we will process your personal data in accordance with this Privacy Policy. Therefore, please take time to read this Privacy Policy and our Terms & Conditions thoroughly before using the Service.

Kreditz AB (“Kreditz“), reg. no. 559148-2400, is responsible for the processing of the personal data that is collected by it when using the Service and is therefore data controller. We process your personal data to create a real-time financial score and credit profile. The financial score reflects your financial situation based on the personal data you have decided to connect to the Service. You can agree to share your financial score within the Service to other users, and further agree to share your financial score and/or your data to Kreditz partners, whom you have started an application with or from whom you have decided to receive offers from. A detailed description of the Service is available in our Terms and Conditions. Our legal basis for the processing is described under “How do we use your personal data” below. If you have any requests concerning your personal data or any queries regarding this Privacy Policy, please contact us at privacy@kreditz.com or by ordinary mail at Kreditz AB, Att: Legal, Vendevägen 87, 182 32 Danderyd, Sweden


PERSONAL DATA WE COLLECT


Kreditz may collect and process the following information that you share with Kreditz or that Kreditz collects when you are using the Service:

a) Personal and contact details such as personal identification number or similar, name, address, age, gender, telephone number, e-mail address;

b) Financial information such as the name of your bank, bank account number, number of accounts, loans and up to 24 months of transactional history (transaction, payer and recipient of payments, amount, balance and date), including monthly cash flow (salary and expenses), overdrafts, and information on loans, mortgages and trading accounts (see more under the section “What are the sources of information?” below);

c) Technical information related to your device that you are using when using the Service, such as type of browser, IP address, type of device, operating system;

d) Information about queries and complaints: Information you chose to share with as in connection with submitting a query or request to us; and

e) Information used to administer the contractual relationship with you and B2B-clients: If you are a representative of a company who is a customer or partner or potential customer or partner of Kreditz, we may collect information that you share with us via e.g. contact form, your interaction with our websites, or which you have agreed to share with us via our partners. This information may include your name, title, professional details, the company you represent, technical data (as defined above) and website history.


WHAT ARE THE SOURCES OF INFORMATION?


Personal and contact details as well as the financial information (together “Account Data”) is collected from your internet bank(s) you designate via the Service upon your consent.We may also get such information from a company asking you to identifying yourself or showing your financial capabilities or status (as applicable), by validating this information against the information collected from your internet bank(s). Technical information is collected when you interact with the Service or our websites.


HOW DO WE USE YOUR PERSONAL DATA?


We will use your information in accordance with this Privacy Policy and applicable laws, including data protection laws and laws on payment services, for the following purposes:


With your consent, we will use your Account Data to deliver the Service. This also includes measuring your use of the Service, detection and resolution of technical issues, ensuring and optimizing quality, keeping the service safe and secure, preventing and investigating illegal activities on the Service and enforcing our Terms and Conditions;


To pursue our legitimate interests, we may use technical information (described above) to analyze use of and improve the Service;


To establish, exercise or defend against legal claims; to respond to legal process (e.g. court order or subpoena) if we believe in good faith that it is necessary to do so; and to comply with legislation that applies to Kreditz’ business, such as accounting and tax laws; and to respond to queries, requests and complaints; and


If you are a representative of a customer or partner or potential customer or partner of Kreditz, we may use information described in “Information used to administer the contractual relationship with you and B2B-clients” above in order to (i) enter into and perform contracts with the company you represent, and (ii) pursue our legitimate interest to improve communication with you, serve you with relevant content and marketing material, such as newsletters, offers and ads. We will also process your information in a de-identified format, for analytical purposes and for future improvement of the Service.


HOW DO WE DISCLOSE YOUR PERSONAL DATA?


Personal data collected through the Service may be disclosed to the following categories of recipients:

Our partners or customers that you have agreed to share your data with via the Service. Note that after our disclosure of your data to the agreed recipient, the recipients are independently responsible for their own further processing of your personal data in accordance with their respective privacy policies.


Other companies within our group of companies, or any successors in title to our business or assets. A list of our group companies is available upon request.


To the extent necessary to provide the Service, we may also disclose your personal data to distributors of the Services, as well as service providers and subcontractors retained to perform functions on our behalf or to provide services to us, such as infrastructure providers and providers of legal, accounting, audit and other professional services. All service providers and subcontractors are prohibited from using personal data for purposes other than providing such services to us or as otherwise required by law


We may also disclose personal data to external parties if required by law, or in response to legal requests, for example court orders, subpoenas or specific requests from law enforcement agencies, if we believe in good faith that it is necessary to do so.


Additionally, we may use and disclose information in anonymous or aggregate form (so that no individuals are personally identified) for marketing and strategic development purposes.
We take all reasonable legal, technical, and organizational measures to ensure that your data is treated securely and with an adequate level of protection when transferred to or shared with such selected third parties.


SHARING WITH RECIPIENTS OUTSIDE OF YOUR COUNTRY OF RESIDENCE


Some of the third parties identified above may be located outside your country of residence including outside the European Union/European Economic Area (i.e. in a so-called third country), in which case we will take all necessary steps required under applicable law in order for such transfer of information across borders to be compliant with applicable law. This may for example include the use of standard contractual clauses adopted by the EU Commission or ensuring that the recipient is certified under the US-EU Privacy Shield Framework.


FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?


We will retain your personal data for as long as necessary to achieve the purposes of processing described above in this Privacy Policy, which normally is up to 30 days. Where applicable law requires a certain retention time, such as under accounting or tax laws, your data will be kept for the minimum period required by such laws. Your personal data will be deleted or anonymized when it is no longer relevant for the purposes under which it was collected. Information regarding queries and complaints as well as information used to administer the contractual relationship with you and B2B-clients (as defined above) will be kept for the period of time necessary to achieve the purposes for which this information is processed or, for marketing purposes, until you opt-out from the relevant processing. Please note that your personal data, despite the aforementioned, may be stored by us on our partners’ or customers’ behalf, i.e. not for our own purposes. See more under the section “Processing carried out as a data processor” below.


SECURITY


We are committed to protecting your personal data and take appropriate measures to keep it secure and to prevent unauthorized access or use. For example, all personal data collected will be treated with confidentiality as far as possible and will, where appropriate, be transmitted and handled by applying SSL (Secure socket layer) and secure encryption procedures. AGE RESTRICTIONS

Persons under the age of 18 are not entitled to use the Service. We do not and will not knowingly collect information from any unsupervised person under the age of 18. If we become aware that we keep data about such a person, we will take all reasonable measures to delete such data, provided that we are not legally prevented from doing so.


YOUR RIGHTS


Under applicable data protection legislation, you have certain rights as a so-called data subject. The rights are listed below. Please note that the rights are not unconditional and that an attempt to invoke any of the rights listed below will not always cause us to act in accordance with the request.

Withdrawal of consent: You have the right to withdraw your consent to processing of your data. If you withdraw your consent, please note that this does not affect the lawfulness of the processing conducted prior to the withdrawal and that Kreditz may, under certain circumstances, have another legal ground for the processing and therefore may be entitled to continue the processing.

Right to access: You are at any time entitled to receive a copy of the personal data that we hold about you and information about how it is processed. Please note that Kreditz needs to, in order to be able to answer your request, be able to determine your identity. Frequent ungrounded request may result in charging you a nominal fee.
Right to rectify and restrict: You have the right to, without undue delay, have inaccurate or incomplete personal data about you corrected. Furthermore, you have the right to request that Kreditz restricts the processing of your personal data under certain conditions where, for example, you contest the accuracy of the personal data or Kreditz no longer needs the personal data for the purposes of the processing described herein.
Right to erase: You have the right to have your personal data deleted without undue delay if, for example the personal data are no longer necessary for a purpose described herein. Please note that Kreditz is not obliged to delete the personal data if Kreditz can show that the processing is necessary, for example, for delivering the Service, the establishment, exercise or defense of a legal claim or to comply with a legal requirement.
Right to object: : You have the right to object to Kreditz’ processing of your personal data based on legitimate interests. If you object to such processing, Kreditz will no longer be entitled to process your personal data based on such legal basis, unless Kreditz can demonstrate a legitimate interest which overrides your interests
Right to data portability: You may also have the right to receive the personal data concerning you and which you have provided to Kreditz, in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another data controller
If you wish to receive a copy of the personal data that we process about you, if you want to exercise any of the above mentioned rights, or withdraw your consent, please contact us at privacy@kreditz.com or our data protection officer at
dataprotection@kreditz.com

If you are unhappy with our processing of your personal data you may also lodge a complaint with the Swedish data protection authority (Swe: Datainspektionen), at datainspektionen@datainspektionen.se or Box 8114, 104 20 Stockholm, Sweden, phone no +46 08-657 61 00. You may also contact the supervisory data protection authority in your country of residence, which in such case will cooperate with the Swedish data protection authority.

Kreditz reserves the right to from time to time update and make changes to this Privacy Policy. Prior to making any material changes to this Privacy Policy, we will inform you about the changes on our website www.kreditz.com/terms_conditions/privacy. Please check here regularly for any updates to this Privacy Policy.

In the event of an operational or security incident that affects information of our users, we will make required information available on our website. If you prefer to get notified via other means, please contact us at privacy@kreditz.com. Please visit our website at www.kreditz.com for more information about us and our services.


PROCESSING CARRIED OUT AS A DATA PROCESSOR


Our service to our partners and customers include that we, on behalf of the respective partner or customer, store the information that you have agreed to share with that partner or customer. We provide this storage for our partners and customers and we will not use the stored personal data for our own gains. Our partners and customers are generally using this service for the purpose of facilitating record keeping and traceability of the information they used in connection with a decision to enter into a contract with or to provide you with a service online. It is our partners’ and customers’ responsibility to use the personal data in accordance with applicable laws and they are free to delete the information from our storage at any time. For this processing of your personal data, our partners and customers (i.e. the company you have agreed to share your information with) are data controllers. We are our partners’ and customers’ data processor as we store the data on their behalf and will only use the data as instructed by our customers. For these purposes, we will always enter into a data processing agreement with our customers. If you do not want that the company you have shared your data with to store the data, please contact the relevant company.