Privacy Statement – Merchant registration

By using the Merchant registration site and by providing information into the Merchant registration site, you consent to, and approve that, Swedbank Pay a part of PayEx Sverige AB 556735-5671 hereinafter “Swedbank Pay”, electronically processes personal data such as your contact information in order to;

• process the application, expression of interest etc.
  
  
• provide its services, or implement measures before entering into an agreement
  
  
• administer the customer relationship and supply and administer customer access to products and services;
  
  
• To carry out credit and risk assessments in order to determine which services and products, and terms, may be offered or to asses Swedbank Pay’s legitimate interest in risk management
  
  
• contact you, or in other ways interact with you for commercial and marketing purposes on behalf of Swedbank Pay or other companies within the same group of companies.
  
  
• To carry out customer surveys and market analyses, and compile statistics; organise competition and campaigns; or Swedbank Pay’s legitimate interest in improving Swedbank Pay services, improving the Customer’s experience as a user of the services and developing new products and services.

Swedbank Pay may disclose the information you provide into the Merchant registration site to other companies within the PayEx/Swedbank group, which may also use the information for the purposes described herein.

You are hereby informed that, you consent to, and approve that; the provided personal data may be processed by data processors on behalf of Swedbank Pay and transferred outside the EU/EEA. Transfer and processing of Personal Data outside the EU/EEA will occur only when appropriate security measures are in place.

Appropriate security measures means that:

• There is a decision by the EU Commission that receiving country outside the EU / EEA can ensure an adequate level of protection for the processing of personal data, or
  
  
• There is no EU Commission adequacy decision for the country in question, but Swedbank Pay provides appropriate safeguards for the transfer through the use of binding corporate rules or standard contractual clauses, as published by the EU Commission or any other contractual terms as approved by the EU Commission or the competent authorities, or;
  
  
• in connection with a transfer of personal data to the United States; that the sub-processor to which the transfer is to take place is certified and approved under the Privacy Shield certification mechanism.

Personal data will not be processed for longer than is necessary and only in relation to the purposes described herein. In some cases, the storage period may be based on Swedbank Pay complying with the relevant legislation with regard to, for instance, counteracting money laundering (5 years) and accounting (7 years).

You, as a registered individual, has rights relating to the processing of the your personal data. Such rights include, in general, the right to:

• Demand that personal data be corrected if it is insufficient, incomplete or incorrect.
  
  
• Object against certain processing of personal data.
  
  
• Demand deletion of personal data.
  
  
• Restrict the processing of personal data.
  
  
• Receive information on personal data processed by Swedbank Pay and, in such a case, receive a copy of the said personal data. (Register excerpt)
  
  
• Obtain personal data, in writing or in a commonly used electronic format, where such personal data has been supplied by you and is processed by Swedbank Pay based on your consent, or an agreement, and where possible, to have such Personal Data transmitted to another service provider (data portability).
• Revoke consent to process the personal data.
• Not to be subject to complete automated decision-making, including profiling, if such decision making has legal consequences or similarly significantly affects the Customer. This right does not apply if the decision-making is necessary for entering into or fulfilling an agreement with the Customer, or if the decision-making is permitted in accordance with the applicable legislation, or if the Customer has given their express consent.
  
  
• Submit complaints regarding the processing of Personal Data to the Swedish Data Protection Authority, datainspektionen.se if the Customer feels that the processing of Personal Data breaches the Customer’s rights and interests as per the law.

Registered individuals have upon written request the right of access to the personal data related to them. They also have the right to rectify such data and to opt out from receiving further marketing communication. The easiest way to contact the Swedbank Pay Data Protection Officer is at dpo@payex.com.

Contact information for PayEx group companies can be found on the PayEx website.

To contact the Swedbank Pay Data Protection Officer and to exercise your rights as a data subject:

Swedbank Pay

ATT: PayEx Sverige AB

Attn. Data Protection Officer

SE-621 88 Visby

dpo@payex.com