Finshark AB (Finshark), org. no. 559203-3855, is a licensed payment institution that help businesses to take advantage of the new financial scenario and deliver premium services tailored to their customers’ expectations and needs.
1. What personal data we collect and why we collect it
This Privacy Policy explains how we gather and use your personal data in compliance with the EU’s Regulation 2016/679 on General Data Protection (GDPR) and other applicable/supplementary legislation. Finshark is also required to follow and comply with rules under the European Union Directive 2015/2366 on Payment Services (PSD2), Swedish Payment Services Act (2010:751), Anti-Money Laundering and Terrorism Financing laws etc in its processing.
This Policy applies to all our processing of personal data relating to you (such as your name, address, contact number etc) when you use our Services and platforms. This Privacy Policy further describe your rights over your personal data, and how you can exercise them.
In this Privacy Policy, we describe what personal data we collect and process about:
a) End-users that are using our payment service
b) Representatives that are representing a current or potential customer of ours
c) Website visitors that are interacting with our websites or contacting our support and/or complaints service
d) Job seekers (If you apply for a job with us, please read our policy for job applicants which you can find in connection with submitting your application)
It is important to us that you acquaint yourself with, understand the privacy policy, and feel comfortable with our processing of your personal data. You are always welcome to contact us if you have any questions.
- What is personal data and what does the processing of personal data mean?
Personal data refers to any kind of information that can be directly or indirectly related to an identified/identifiable natural person. The processing of personal data covers all operations that are performed on the personal data, whether actively or passively, for the means of e.g., collection, registrations, storage, alteration, erasure etc (cf Art 4 (2) GDPR).
- Who is responsible for the personal data processing?
Finshark AB is the data controller that is responsible for the processing of your personal data for the purpose of delivering our Products and Services to you. We need to collect information about you to communicate our products, deliver our services, and meet our legal obligations relating to payment services.
Most of our customers are business entities, which means that Finshark may in such circumstances act as a data processor. In processing your personal information on behalf of our customers, we ensure that such processing is carried out in accordance with our contractual obligations and applicable legislations.
- What do we do with your personal data?
The following points provide a list of data categories, purposes, and its storage period for which Finshark’s processes personal data and information on the legal basis are provided below. This is not an exhaustive list and should be seen as general examples of data processing by Finshark.
The purpose of processing your personal information depends on who you are and how we interact with you. Here’s an overview on how we process your personal data and for what purposes:
|
Personal information you provide |
Purpose of processing |
Legal basis |
| Account information to use our Services | In terms of our Services and Products, our business customers integrate our solutions as an option for payment or to take out loan for instance. This means that you as the end user give us permission to process and collect information about you. This includes information needed to communicate with your bank or a service provider. We also collect certain data such as address information and that is required for the Service to work.
This information includes: · Identifying Information: name, date of birth, email, billing address, mobile number etc., · Order Information, · Account information, · Device Information. |
Processing your personal data is necessary to fulfil our contractual obligations towards our customers, but we may also be required to process your information to fulfil our statutory obligations such as the obligation to prevent money laundering or similar illicit financial activities. |
| Payment, and/or Financial Information | We collect this type of personal information e.g., to carry out direct transactions or to initiate payments upon request. This information that we collect about you may include but not limited to, name, date of birth, address, social security number etc. We must also collect information about you directly from your bank for our Services to work – including information about your account, your transactions and other financial information. Please note that we only collect information about you from your bank with your express consent. | For our Services to work, we must collect information about you directly from your bank – which is also a necessary step to fulfill our contractual obligations.
However, do note that we only collect information about you from your bank with your express consent. |
| Information you provide through our platforms and support channels | The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
With your permission, we may also use this information to contact you about our Services, promotions, newsletters, and enhancement to your engagement with us. |
To deal with enquiries and complaints made by or about you relating to our website, services, and/or personal data processing, we are obliged to process your information so that we can help you.
For personal data requests and complaints, we rely on our statutory obligations for the processing of your information. |
| Website visits, cookies and browsing behavior | Such as device and/or behaviour information, including but not limited to:
· IP-address · Operating systems and browser details · Type of device · Interactions with our websites We collect this type of information for two different reasons: a) We automatically collect information that is necessary for enabling basic functions like page navigation and access to secure areas of our platforms. b) We may collect additional information about you when you use our Services, including browsing our websites and taking certain actions within the Services, features you use and the duration of time you spend on our website/platform. Our third-party contractors, such as for advertising and analytics, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookie policy here. |
The processing of such personal information is based on our legitimate interest in offering our Services to you and communicating news or updates on our products and business.
Additionally, this information will also help us to administer, personalize and improve our website for you. For newsletter subscriptions, collection additional information and similar, we as much as possible strive to obtain your express consent. |
| Sensitive information | Depending on the information you provide to us in relation to the purposes of the processing, as set out in this Privacy Policy, Finshark may collect sensitive personal information as defined in Article 9 of the GDPR.
Finshark may also process such sensitive information in relation to, for example, the purpose of checking your personal information against lists of politically exposed persons (“PEP”) and lists of persons subject to sanctions. Such sensitive information may include personal information that reveals racial or ethnic origin, religious beliefs, political or philosophical opinions, trade union membership, or information about health or sexual orientation. |
Sensitive information is collected and processed to comply with our statutory obligations as a payment service provider. |
Please note that we may process your personal data for other means and purposes than those described in this Privacy Policy. If this is the case, we ensure to provide you with a separate privacy statement informing you about such processing and for what purposes.
- How long do we store your personal data?
We will only process and store your personal data for as long as we need to fulfil the purpose for which the data was collected. The duration of time we retain your information depends on who you are and which services you use. For example,
- Personal data will generally not be stored for a period longer than seven (7) years to fulfil accounting obligations;
- Another example is Finshark’s Anti-Money Laundering obligation to document information regarding transactions, and from our ‘Know Your Customer’ processes for around five to ten (5-10) years;
- Cookies and similar data are kept as you use the same device, or until you opt-out from the use of cookies and similar technologies;
- Other personal data collected for research or statistical purposes may be kept for as long as you permit us, you’re a customer to us, and/or so long as Finshark has a legitimate interest.
Finshark has implemented various technical and organisation measures, such as automated deletion of data and access restriction to systems where personal data is stored, to ensure that the data is not used for a longer period than necessary to fulfil the respective purpose the data was collected for.
- Who do we share your personal data with?
We mainly share your personal information with our partners (“Partners”) whose services you use and to whom you have instructed us to share your data. Personal information we share with Partners is only such as is required for us to be able to deliver the Service to you.
In some situations, we may share your information with third parties. When we share your personal data with a personal data assistant, your personal data will only be processed in accordance with the purposes for which we collected your personal data in the first place. This means that a personal data processor cannot process your personal data for additional or personal purposes. We have a personal data processor agreement in place with these parties to ensure that your personal data is protected in the same way as if we processed your personal data ourselves.
We may also share your personal information with authorities to comply with our obligations related to prevent crimes and money laundering.
- Where do we process and store your personal data?
Finshark processes and store your personal data primarily within the EU/ EEAS. Our company is based in Sweden and has an office in Bosnia which means that we’re mainly operating within Europe.
In exceptional cases, your personal data may be processed outside the EU/EEAS. For example, if our personal data processor, either individually or through another personal data processor/sub-processor, is established outside the EU/EEAS.
Regardless of the country in which your personal data is processed, we undertake necessary measures to ensure that your personal data is protected with a high level of security that is appropriate to the risks associated with the processing and maintain physical, electronic, and procedural safeguards to protect it.
- What rights do you have over your personal data?
You, as the data subject, have several rights that you can at any time exercise by using the Finshark’s contact information provided below. The following points thereby provide an overview of the rights that you are entitled to enjoy (cf. Chapter 3 GDPR):
8.1 Right to access
You have the right to access your personal data. This means that you have the right to get an extract from the register detailing Finshark’s processing of your personal data. Finshark shall, upon request of an extract from the register, provide you with a copy of the processed personal data and information about the processing.
8.2 Right to rectification/correction
You have the right to get your personal data corrected if it is inaccurate, incomplete, or misleading, and the right to restrict processing of the personal data until it is changed
8.3 Right to restriction of processing
You have the right to request that the processing of personal data be limited only to processing for certain specific purposes. Such right to restriction of processing applies in the following cases:
- If the personal data is incorrect and the Finshark needs time to verify the accuracy of the data.
- If you object to the processing or request the restriction of the use performed by Finshark, in which case the processing shall be limited until the justification for your objection and Finshark’s compelling reasons have been weighed.
- If the personal data is no longer needed for Finshark’s activities, you request that it continues to be stored in case it is needed to make legal claims.
- If you believe that Finshark should delete your personal data but Finshark for some reason is unable to accommodate your request.
8.4 Right to object and erasure
Under certain circumstances, you have the right to object and be erased if:
- The data is no longer needed for the purpose for which it is processed.
- You withdraw your consent for certain processing and there is no other legal basis for the processing by the Finshark.
- You object to personal data processing performed following a weighing of interests and there are no legitimate reasons that outweigh your interests.
- The processing is for the purpose of direct marketing, and you object to the processing of the data.
- Personal data is processed unlawfully.
- Erasure is required to fulfil a legal obligation.
8.5 Right to data portability
You have the right in some cases to retrieve the personal data you provided to us and transfer data to another controller, where technically feasible.
8.6 Right to complain to the supervisory authority
If you have any input or questions regarding our personal data processing, you can address them to our data protection officer (DPO via dpo@finshark.io (kindly provide ‘GDPR request: your name’) as the subject of your email.
In case you consider that the processing of personal data has been unlawful, as a data subject, you have the right to lodge a complaint with the supervisory authority. In Sweden, the Swedish Data Protection Authority is the supervisory authority that is responsible for monitoring how your personal data are processed.
The Swedish Data Protection Authority
Phone: +46 (0)8-657 61 00
Email: imy@imy.se
Postal adress: Integritetsskyddsmyndigheten (Box 8114) 104 20 Stockholm
8.8 Childrens’ rights
Our products and services are not aimed at minors. Therefore, Finshark do not collect or process personal data from anyone under the age of 13. If you are under 13, please do not attempt to register for our services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible.
- Contact Information
Finshark is responsible for the processing of your personal data and has appointed a DPO who is responsible for monitoring our compliance with applicable data protection legislation. You are welcome to send your request to our DPO via dpo@finshark.io (kindly provide ‘GDPR request: your name’) as the subject of your email.
- Changes to Privacy Policy
Finshark AB reserves the right to make changes to this Privacy Policy. The latest version of this Privacy Policy will be found here on the website.
In case of any changes that are significant for our undertakings towards you as the data subject during ongoing personal data processing, you will receive information through our website and/or by email (if you have provided us with an email).
