Qonfin AB - Privacy Policy and Data Protection Information

It is crucial for us that you feel secure when your company/you use our credit intermediary services for businesses. Therefore, we have gathered all the information about how we use your personal data in this data protection information.

To make it easier for you to find what interests you, we have divided the information into several sections.

1. Who is Responsible for Your Personal Data?

Qonfin AB, which is registered with the Swedish Companies Registration Office under organization number 559416-1126 and is registered with the Swedish Financial Supervisory Authority as a financial institution, with headquarters at Sysslomansgatan 8, 112 41 Stockholm ("Qonfin," "we," "our," or "us"), is the data controller in accordance with the EU General Data Protection Regulation ("GDPR"). If you have questions regarding the processing of your personal data, you can contact our Data Protection Officer via dataskydd@qonfin.se. For more detailed information, please refer to Qonfin AB's official privacy policy.

2. Your Rights Regarding Your Personal Data

Under the GDPR, you have the right to have control over your own personal data and to receive information directly from us about how we process your data. Below, you can read about your rights. Would you like to know more or get in touch with us to exercise any of your rights? The easiest way to do so is by sending an email to dataskydd@qonfin.se. If you wish to obtain information about the personal data we process about you, known as a "register extract," or if you want data to be erased, you can send an email to dataskydd@qonfin.se with such a request. For other types of inquiries, please refer to the contact details provided below.

Right to Erasure ("Right to Be Forgotten")

In certain cases, you have the right to request the deletion of your personal data. This applies, for example, to data that is no longer necessary for the purpose it was collected, or if you withdraw your consent for processing. However, Qonfin may not always be able to delete your personal data: this could be because the data is still necessary for the purpose for which it was collected, Qonfin's legitimate interest in processing the data outweighs your interest in having it deleted, or due to legal obligations under anti-money laundering regulations or other relevant regulatory requirements that mandate the retention of the data. You can learn more about the legal requirements that apply to Qonfin regarding data retention even if you request to be forgotten. The laws described therein prevent us from immediately deleting certain data. You also have the right to object to the use of your personal data for certain purposes such as direct marketing, which you can read more about in this list. For specific details and circumstances, please refer to Qonfin AB's official privacy policy.

Right to be Informed 

You have the right to be informed about how we process your personal data. We provide this information through this data protection information and by responding to any questions you may have.

Right to Access Your Personal Data ("Register Extract")

You have the right to find out whether Qonfin processes your personal data and to obtain a copy of your personal data, known as a "register extract." Through the register extract, you can learn what information we have about you and how we process your personal data.

Right to Access and Transfer Your Personal Data to Another Recipient ("Data Portability")

This right allows you to request a copy of the data Qonfin has about you, which we process to fulfill a contract with you/your company or based on your consent, in a machine-readable format. This is to enable you to transfer your personal data to another recipient.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete information about you, and that we supplement your information.

Right to Restriction of Processing

If you believe that the information we have about you is not accurate, our processing is in violation of the law, or we no longer need the data for a specific purpose, you have the right to request that we restrict our processing of that data. You can also request that we do not process your data while we are verifying these matters or while we are determining whether you have the right to object to certain processing, as described below. This right allows you to have more control over the processing of your personal data.

Right to Object to Processing

You have the right to object to our processing that is based on legitimate interests (Article 6(1)(f) of the GDPR) by referring to your specific personal circumstances. You can also always object to the use of your personal data for direct marketing purposes. When you inform us that you no longer wish to receive direct marketing from us, we will stop sending you marketing materials. This means you have the ability to control whether your personal data is used for marketing purposes.

Right to Withdraw Consent

Exactly, that's the correct understanding. This passage explains that if Qonfin AB processes your personal data based on your consent or explicit consent, you have the right to revoke that consent at any time. When you revoke your consent, they will stop processing your data for the purposes that were covered by the consent you provided.

Right to complain

You have the right to lodge a complaint with the Swedish Data Protection Authority if you have any complaints about Qonfin's processing of personal data. The Swedish Data Protection Authority is the supervisory authority for Qonfin's handling of personal data. You can reach the Swedish Data Protection Authority through the following link.

Qonfin offers you the opportunity to tailor your preferences for our services, such as notifications and reminders. We will always respect your choices.

For more information about the right to information, the right to be forgotten, rectification, the right to access, the right to data portability, and the right to object, you can find detailed information on the IMY's website.

3. What types of personal data do we collect?

In this section, we describe the types of personal data that we collect or create. In section 4, we explain how we use these types of personal data.

Contact and identification information - Name, date of birth, personal identification number, title, occupation, gender, billing and delivery address, email address, mobile phone number, nationality, etc.

Service information  - Details regarding the services used by you/your company. Currently, credit intermediation services for businesses are offered.

Payment information  - Bank account number, bank name.

Information about the use of Qonfin's services -  Which service or services, as well as which specific features within these services, you/your company have used, and how you/your company have utilized them.

Technical information generated through your use of Qonfin's services - Technical data such as page response times, download errors, and the date and time when you/your company used the service.

Information about your interactions with Qonfin's customer service  - Recorded phone calls, chat conversations, and email correspondence.

Device Information -  IP address, language settings, browser settings, time zone, operating system, platform, screen resolution, and similar information about your device settings.

Information from External Sanctions Lists and PEP Lists - Sanctions lists and lists of individuals considered politically exposed persons ("PEP") include information such as name, date of birth, place of birth, occupation or position, and the reason for the person's presence on the respective list.

Sensitive Personal Data - Sensitive personal data refers to information that reveals religious beliefs, political or philosophical views, union membership, or constitutes information about health, sexual life, or sexual orientation, as well as biometric data. The company currently does not collect any such data.

Service-Specific Personal Data - Within the scope of our services, we use additional types of personal data that are not covered by the types listed above. This includes the following data: Qonfin website and our browser extension - All content uploaded by you/your company, information about geolocation, information about how you use the browser in the app, as well as the websites you/your company visit when our browser extension is installed.

4. Which Types of Personal Data are Used for What Purposes and Based on Which Legal Ground?

If you would like access to the tables where you can read more about the points below, please feel free to email us at dataskydd@qonfin.se:

· what we will use your personal data for (the purpose),

· the types of personal data we use for each purpose and whether we obtained the information directly from you or from another source. In cases where we receive information from another source, the source is named within parentheses,

·  the legal basis we rely on under applicable data protection legislation, such as GDPR, to process your data, which is our "legal basis," and

· how long Qonfin will retain the personal data for each purpose.

5. How do you revoke your consent?

In cases where Qonfin uses your personal data based on your consent, you can revoke this consent at any time. You can do so by sending an email to dataskydd@qonfin.se or using the contact details provided below.

If you revoke your consent or delete the uploaded information, it may result in the service being unavailable if Qonfin's processing of personal data is based on your consent.

As described above, you also have the right to object to certain uses of your personal data (for example, you can opt out of marketing). You also have the right to have certain data deleted, as described above.

6. Automated Decisions

Qonfin does not use profiling of you as a customer. Qonfin does not make any automated decisions that significantly affect you.

7. Who do we share your personal information with?

When we share your personal information, we ensure that the recipient processes them in accordance with this information, for example by entering into so-called data transfer agreements or data processing agreements with the recipients. These agreements include all reasonable contractual, legal, technical, and organizational measures to ensure that your data is processed with an adequate level of protection and in accordance with applicable law.


Suppliers and Subcontractors.

Description of recipients: Suppliers and subcontractors are companies that are only entitled to process the personal data they receive from Qonfin on behalf of Qonfin, known as data processors. Examples of such suppliers and subcontractors include software and data storage providers, payment service providers, and business consultants.

Purpose and legal basis: Qonfin needs to access services and functionality from other companies that Qonfin cannot provide itself. Qonfin has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest, and that our interest outweighs your right not to have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation. More information about your rights can be found above.

Description of recipient: Qonfin may share your personal data with a person who has the legal authority to access them based on a power of attorney.

Purpose and legal basis: This is done to facilitate your contact with us through a representative and is based on your consent (Article 6(1)(a) GDPR).

Description of recipients: Qonfin may disclose necessary information to authorities such as the Police, the Swedish Financial Supervisory Authority (Finansinspektionen), FIPO, the Swedish Tax Agency (Skatteverket), or other authorities and courts.

Purpose and legal basis: Sharing of personal data with authorities is done when we are legally obliged to do so, or in some cases if you have requested us to do so, if required for administering tax deductions or preventing crimes. An example of a legal obligation to provide information is for anti-money laundering and counter-terrorism financing measures. In Sweden, Qonfin also shares information about accounts and interest received or paid with the Swedish Tax Agency (Skatteverket) to calculate your taxes. Depending on the authority and purpose, the legal bases are the obligation to comply with the law (Article 6(1)(c) GDPR), performance of a contract with you (Article 6(1)(b) GDPR), or Qonfin's legitimate interest in protecting itself from crimes (Article 6(1)(f) GDPR).

Disposal of Business or Assets.

Description of Recipients: In the event that Qonfin sells its business or assets, Qonfin may disclose your personal data to potential buyers of such businesses or assets. If Qonfin or a substantial part of Qonfin's assets is acquired by a third party, personal data about Qonfin's customers may also be shared.

Purpose and Legal Basis: Qonfin has a legitimate interest in being able to carry out these transactions (Article 6(1)(f) GDPR). We ensure that the processing involved is necessary to fulfill this interest, and that our interest outweighs your right to not have your data processed for this purpose. You have the right to object to this processing based on circumstances specific to your situation.

You can find more information about your rights in section 2.

Credit reporting agencies and anti-money laundering service providers (such as UC, Trapets, Kreditz, and others).

Recipient description: If you apply to use a service from Qonfin that involves credit intermediation, we may potentially share your personal information with credit reporting agencies.

Purpose and legal basis: The sharing of your personal information with credit reporting agencies is done so that the Lender that Qonfin collaborates with as a credit intermediary can assess your creditworthiness in connection with your company's upcoming credit application, to confirm your identity and contact information, as well as to protect you and other customers from fraud. This data sharing constitutes what is known as a credit check.

Qonfin may send your social security number to anti-money laundering service providers in order to conduct legally mandated anti-money laundering and sanctions checks.

Purpose and legal basis: The sharing of your personal information with anti-money laundering service providers is done to comply with mandatory legal requirements regarding customer due diligence measures.

You can find more information about your rights in section 2.

Credit institution/lender

Recipient description: We share your company's information and, in some cases, your information with credit institutions (such as banks) when your company obtains a loan or credit through Qonfin's credit intermediary service.

Purpose and legal basis: If your company takes a loan through Qonfin's credit intermediary service, Qonfin will process the information received from the bank you used for the transaction, such as contact and identification details, as well as payment information. The sharing is done to fulfill the agreement with your company (Article 6(1)(b) GDPR).

8. When can we transfer your personal data outside the EU, and how do we protect them?

We always strive to process your personal data within the EU/EEA. However, in certain situations, such as when we share your information within the Bank or with a supplier or subcontractor operating outside the EU/EEA, it might be necessary to transfer your personal data outside the EU/EEA. Qonfin always ensures that the same high level of protection for your personal data, as per GDPR, is maintained even when we share information with entities located as mentioned above.

If you would like more information about our security measures, you can always contact us. Our contact details can be found below. You can find more information about countries considered to have an "adequate level of protection" on the EU Commission's website, and you can learn more about standard clauses on the Swedish Data Protection Authority's website.

As of now, Qonfin does not transfer personal data outside the EU/EEA.

9. Here's how long we retain your personal data

How long Qonfin retains your information depends on the purpose for which they are used:

Personal data used for the contractual relationship between your company and Qonfin is normally retained by Qonfin for as long as the contract is in effect, and afterward, for a maximum of 10 years due to statute of limitations regulations.

Personal data that Qonfin is required to retain according to applicable laws, such as anti-money laundering and accounting legislation, is typically retained for 5 and 7 years respectively.

If no agreement is reached between you/your company and Qonfin, or if the data is not required to fulfill a legal obligation, the information is stored only for as long as necessary to fulfill the respective purpose of our processing (usually 3 months) (more information can be found above in section 4).

The legal requirements described above mean that Qonfin may not delete your personal information even if you request their deletion. If there is no legal obligation to retain the data, we must instead assess whether we need the information to protect ourselves from legal claims.

Please note that even though we might have to retain your information due to legal requirements, it doesn't mean that your data can also be used by us for purposes other than fulfilling legal obligations. Qonfin assesses each purpose individually to determine how long we can use your information, as you can read more about.

10. How do we use cookies and other tracking technologies?

To provide a good customer experience, Qonfin uses cookies in our various interfaces, such as our website. You can find information about the tracking technologies that Qonfin uses, and details on how to accept or decline these tracking technologies, within each respective interface.

11. Updating this data protection information

We are constantly working to enhance our services to provide you with an even better user experience. This may involve changes to both existing and future services. If such improvements require notification or consent in accordance with applicable legislation, you will be informed or given the opportunity to provide your consent. It is also important for you to read this data protection information every time you use any of our services, as the processing of your personal data might differ from your previous use of the respective service.

12. Contact details for Qonfin

Qonfin Bank is registered with the Swedish Companies Registration Office (Bolagsverket) under organization number 559416-1126 and is headquartered at Sysslomansgatan 8, 112 41 Stockholm.

You can reach us at dataskydd@qonfin.se. Qonfin AB adheres to Swedish data protection legislation. Please visit www.qonfin.se for more information about Qonfin.