We want to clarify Betalo’s responsibility to protect your rights and your privacy. We therefore explain in this policy how we use the personal information you share with us, so that we can offer you Betalo’s services and give you the best possible experience of them, the apps, the website and when you are in contact with us. The policy describes what personal data we collect and what we do with it, in accordance with the rules of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data information and on the repeal of Directive 95/46 / EC) (GDPR). The policy also describes your rights and how you can enforce them.

1. General

1.1. This privacy policy applies when Betalo AB (publ) corporate identity number 559245-2931, e-mail: support@betalo.se, (”Betalo”) provides payment services via the app under the brand Betalo (”the Service”). Betalo is responsible for personal data for the processing of the personal data that you register or that is created when you use the Service.

1.2. In connection with you as a customer creating an account and / or using the Service, Betalo processes your personal data by collecting and providing information on your mobile phone, tablet or other equipment.

2. Terminology and definitions

2.1. This policy uses the following terms with the meanings given below:

2.2. Personal data refers to all information that can be directly or indirectly attributed to a natural person who is alive. For example. name, social security number, address, etc. Encrypted data and various types of electronic identities (eg IP numbers) are personal data if they can be linked to natural persons.

2.3. The processing of personal data refers to everything that happens with the personal data. Every measure taken with personal data constitutes a processing, regardless of whether it is performed automatically or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing or modification, transfer and deletion.

3. Information we collect

3.1. Information that you provide to us

3.1.1. Registration – when you open an account with Betalo, you must provide information such as your social security number through BankID, your e-mail address and mobile phone number. We supplement your registration with name and address from the State Person and Address Register (SPAR), see section 3.2.

3.1.2. Saved cards – to be able to use the service and make payments, you need to add a Visa, Mastercard or American Express card. Betalo does not save your card information, this is handled by DIBS Payment Services AB (publ) (DIBS), but we save the type of card you use to be able to give you the correct service fee.

3.1.3. Extended customer knowledge – in order to comply with the rules that are incumbent on us as a payment institution, we will from time to time request additional information about you, e.g. which country you were born in, in which country you have citizenship, tax domicile, what employment you have, and if you, someone in your family or a known employee of yours has or has had a politically exposed position.

3.1.4. The processing of this information is a prerequisite for you to be able to use the Service and is carried out in order for us to be able to fulfill our agreement with you and for us to be able to fulfill the legal obligations incumbent on us.

3.2. Information from others

3.2.1. In addition to the information that you provide to us, we may also collect personal information from another (so-called third party). Betalo collects e.g. address information from public registers, such as SPAR, in order to ensure that we have the correct address information for you.

3.2.2. The processing of this information is a prerequisite for you to be able to use the Service and is carried out in order for us to be able to fulfill our agreement with you and for us to be able to fulfill the legal obligations incumbent on us.

3.3. Use of the Service

3.3.1. Payments – information you provide to us to register a payment such as payee, payment reference, amount and payment date.

3.3.2. We log usage information when you visit or use our Services, including our apps, websites and our platform technology (such as off-site extensions), such as when you visit or click on content, install or update one of our mobile apps. We use logins, cookies, device information and IP addresses to identify you and log your use.

3.3.3. Apart from the use of cookies, the processing of this information is a prerequisite for you to be able to use the Service and is carried out in order for us to be able to fulfill our agreement with you and to fulfill the legal obligations incumbent on us. Read more about the conditions for using cookies in section 3.4 below.

3.4. Cookies, web signals and similar technologies

3.4.1. The services on Betalo’s website use cookies and other technologies to function correctly. Cookies are used for Betalo to be able to keep visitor statistics and to be able to improve the experience for you as a user. The information we collect consists of IP address, operating system, browser and extensions, device and screen size, date and time of use, visitor pages and referring page. The use of cookies is only made if you agree to this in connection with you visiting Betalo’s website. If you do not accept the use of cookies, you can configure your browser not to accept cookies. If you choose to set your browser not to accept cookies, Betalo can unfortunately not guarantee that the Service works correctly. More information about Betalo’s use of cookies can be found at the following link Betalo.com/cookies.

3.5. Your device and location

3.5.1. When you visit or use our Services, we receive information regarding any referring page. We also receive information about your IP address, proxy server, operating system, browser and extensions, date and time, and / or Internet service provider or mobile operator. The processing of cookies is done with the support of consent in accordance with section 3.4 above. The processing of other information is a prerequisite for you to be able to use the Service and is carried out in order for Betalo to be able to fulfill the agreement with you to provide the Service.

3.5.2. When you download Betalo’s app on your mobile phone, tablet or other equipment, Betalo needs to store and retrieve certain technical information from the equipment in order for Betalo to be able to provide and update the Service. By downloading the app, you agree that Betalo stores and retrieves certain technical information from the equipment. The processing of this information is a prerequisite for you to be able to use the Service and the information is stored in order for Betalo to be able to fulfill the agreement with you to provide the Service. If you no longer want Betalo to store and retrieve the technical information, you must uninstall the app.

3.6. Other

3.6.1. Our services are dynamic and we continuously introduce new functions that sometimes require us to collect new information. If we collect personal information that differs significantly from information already collected or if we substantially change how we use your personal information, we will notify you of this before such further processing begins. If necessary, the content of this privacy policy may also change.

4. How we use your information

4.1. As stated above, Betalo processes your personal data for several different purposes based on different legal grounds. Betalo mainly processes personal data for the purpose of providing, administering, developing and adapting the Service and its functionalities, in order to fulfill the agreement with you. Furthermore, the personal data is processed to ensure customer knowledge, to administer the customer relationship with you, and to meet security and other statutory requirements, in order to fulfill legal obligations for Betalo. The personal information in sections 3.1-3.5 above can also be used as a basis for market and customer analyzes, market research, statistics, business follow-up and business and method development, which is done with the support of either a consent that Betalo obtains from you in connection with your registration to create an account with Betalo or alternatively of Betalo’s legitimate interest in being able to market itself and its services and develop and offer customers an improved range of services.

4.2. Betalo further processes your personal data to provide better and more personal offers and service. Personal data and information about positioning data may, for example, be processed, coordinated, segmented and analyzed in order to provide information, offers or recommendations about own or partners’ goods and services through targeted marketing, which are adapted to the user’s preferences, behaviors, needs or lifestyle. This is done with the support of either a consent that Betalo obtains from you in connection with your registration to create an account with Betalo or alternatively of Betalo’s legitimate interest in marketing itself and its services and being able to offer customers an improved range of services.

4.3. Furthermore, personal data may be processed in order to safeguard Betalo’s legal interests or to detect, prevent or draw attention to fraud and other security or technical problems which constitute legitimate interests for Betalo to carry out the processing.

4.4. If you do not want Betalo to process your personal data for direct marketing, you can notify Betalo in writing via the contact information in section 10.

5. This is how we share your personal information

5.1. Personal data may be disclosed if it is necessary to comply with applicable legal requirements or requirements from authorities, this is then done in order for Betalo to be able to fulfill legal requirements obligations.

5.2. Furthermore, Betalo may share your information with other players in order to be able to process your order and make Payments, facilitate future Payments, enable updating of your payment status and for sending offers from Betalo and Betalo’s partners, via text message, e-mail and other direct mail. This processing takes place in order to be able to fulfill the agreement you have entered into with Betalo and, in terms of marketing, based on consent or legitimate interest.

5.3. In order to be able to provide the Service, Betalo will disclose your personal information to partners, such as DIBS, for the handling of card data and card information.

5.4. In cases where it is necessary for Betalo to be able to offer you the Service, we share your personal information with companies that are so-called personal data assistants for Betalo. A personal data assistant is a company that processes the information on Betalo’s behalf and in accordance with Betalo’s instructions. Betalo has personal data assistants who help Betalo with IT as well as actors that Betalo engages in Betalo’s marketing measures. However, Betalo is always responsible for ensuring that your personal data is processed correctly. When your personal data is shared with personal data assistants, this is only for purposes that are compatible with the purposes for which Betalo has collected the information (eg to be able to fulfill Betalo’s obligations under the agreement with you as a customer). Betalo checks all personal data assistants to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data. Betalo has written agreements with all personal data assistants (personal data assistant agreements) through which they guarantee the security of the personal data processed and undertake to comply with Betalo’s security requirements and requirements regarding international transfer of personal data.

5.5. Betalo also shares your information with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that it is not Betalo that controls how the information provided to the company is to be processed. Independent personal data controllers with whom Betalo shares your personal data are e.g. financial and legal consultants and auditors. When your personal data is shared with a company that is independently responsible for personal data, the company’s privacy policy and principles for personal data management apply.

6. Where is your personal data processed

6.1. In general, your personal data is only processed within the EU / EEA.

6.2. Your personal data may be transferred to or stored in a country outside the EU / EEA, provided that there is a legal basis, ie a legal obligation or consent from you and that there is an adequate level of protection or that Betalo and its personal data assistants have taken appropriate protection measures. Appropriate safeguards are that there is an agreement in place that contains EU standard clauses or other approved clauses, codes of conduct, certifications, etc. approved in accordance with the GDPR, see further ec.europa.eu/info/law/law-topic/data-protection_en . Furthermore, the country outside the EU / EEA where the recipient is located is required to have a reasonable level of data protection established by the European Commission, and that the recipient is certified according to the Privacy Shield (applies to recipients in the USA).

6.3. Upon request, additional information can be obtained on the transfer of personal data to countries outside the EU / EEA.

7. Storage information

7.1. Data storage

7.1.1. Your personal data is normally retained only for as long as there is a need to retain them in order to fulfill the purposes for which the personal data were collected. When you close your account with Betalo, Betalo will delete or de-identify the information that Betalo has retained and which can be attributed to you, with the exception of such information that Betalo is required by law to retain, normally for 10 years plus the current year after you have closed your account with Betalo. Personal data is retained only to fulfill such legal obligations or to safeguard Betalo’s legal interests, e.g. whether a legal process is in progress.

7.1.2. Upon termination of account, we normally delete information stored in the terminated account within 30 days after the account is terminated.

8. Your choices and rights

8.1. The right to access and control your personal data

8.1.1. For personal information we have about you:

Delete personal data: you can ask us to delete or delete all or certain personal data (eg if they are no longer needed to provide you with Services).
Change or correct personal information: you can edit some of your personal information via your account. You can also ask us to change, update or correct your personal information in certain cases, especially if the personal information is incorrect.
Object to, or limit or restrict, the use of personal data: you may ask us to stop using all or some of your personal data or restrict our use of them (eg if your personal data is incorrect or stored illegally).
· Right to object to a certain type of processing: You can object to Betalo’s processing of your personal data at any time if the legal basis for the processing consists of a public interest or balancing of interests in accordance with Article 6 (1) (e) and (f) GDPR and if the processing relates to treatment for direct marketing. You also have the right to withdraw your consent at any time regarding a personal data processing that is based on a consent from you.
· Right to access and / or collect your personal data: You can ask us for information regarding the personal data that Betalo processes about you and ask for a copy of the personal data in machine-readable form. You can also ask to be informed about the purpose of the processing Betalo has done and who has received your personal data. If it is technically possible and the legal basis for a personal data processing is consent or that the processing is necessary to fulfill an agreement, you also have the right to obtain the personal data you have provided to us to transfer these to another personal data controller.

8.2. In the event of unfounded or unreasonable requests (eg due to them being made repeatedly), Betalo may charge an administrative fee – in which case you will be notified in advance. Betalo will normally respond to your request within one (1) month of receipt, inquiries are made via support@betalo.se.

9. Other important information

9.1. Security

9.1.1. We apply security measures designed to protect your information, such as encrypting your data during all processing. We monitor our systems regularly to detect possible vulnerabilities and attacks. However, we can not guarantee the security of all the information you provide us. There is no guarantee that information can not be accessed, disclosed, altered or destroyed by attacks on our physical, technical or administrative firewalls.

9.2. Management of social security numbers

9.2.1. Betalo will only process your social security number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is some other notable reason. Betalo always minimizes the use of your social security number as much as possible by, if it is sufficient, instead using a user ID that does not contain your date of birth.

9.3. Legal basis for treatment

9.3.1. We will only collect and process your personal data on legal grounds. These legal grounds include when you give us your consent (when you have given your consent), agreements (when processing is necessary for the execution of the agreement (eg to provide the Services from Betalo that you have requested)) and legitimate interests, such as for example. protect you, us or others from security threats or fraud, to improve your experience of the Service and to comply with laws that apply to us.

9.3.2. In cases where we rely on your consent for the processing of your personal data, you have the right to revoke your consent at any time. In cases where we rely on legitimate interests, you have the right to object to our treatment. If you have any questions about the legal grounds on which we collect and use your personal information, you can contact us according to section 9 below.

9.4. Betalo has the right to change this policy at any time. Betalo shall, with reasonable notice via email, website or app, notify users who hold an account with Betalo in the event of future changes to the policy. If you do not accept the changed terms, you have the right to terminate the agreement with Betalo before the changed policy enters into force. You terminate the agreement with Betalo by terminating your account with Betalo.

10. Contact information

10.1. Betalo is responsible for personal data and is responsible for ensuring that your personal data is processed in accordance with current legislation.

10.2. Do not hesitate to contact Betalo if you have any questions about the processing of your personal data or any complaint. Written or oral questions and complaints are primarily presented directly to:

10.3. Betalo AB (publ)
Drottninggatan 33
111 51 Stockholm
E-mail: support@betalo.se write ”Data protection” in the subject field.

10.4. Should you after the contact with us still be dissatisfied, you can turn to the Privacy Protection Authority, which is the supervisory authority for personal data processing, and to which you can report your complaint.

Integrity Protection Authority (IMY)
Box 8114
104 20 Stockholm
www.imy.se
Phone number: 08-657 61 00
Email address: imy@imy.se