This is a statement on the processing of your personal data pursuant to the EU’s General Data Protection Regulation (2016/679) (GDPR).

​

Definitions

For the purposes of this Policy:

Controller means the natural or legal person who alone or together with others determines the purposes and means of the processing of personal data.

Processor means a natural or legal person who processes personal data on behalf of the controller.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations relating to personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third-party means a natural or legal person, other than the data subject, controller, processor, or persons who under the direction of the controller or processor are authorized to process personal data.

​

Controller

Banq AB
Business ID: 559093-4534
address: Kommendörsgatan 30, 114 48 Stockholm
email address: hello@pjum.eu

​

Communication regarding privacy matters

Data Protection Officer
Mats Esbjörnsson
email address: hello@pjum.eu

We request that data subjects contact the data protection officer for all questions related to the processing of personal data and situations related to the exercising of their rights.

​

Basis and purpose of processing personal data

The legal basis for the processing of personal data is:

• The consent to the processing of personal data provided by the data subject

• The controller’s legitimate interest

The purposes of processing personal data include credit assessment as well as invoicing and communicating during life cycle of the credit.

​

Regular data sources

The personal data to be processed is regularly received from the following sources:

• The data subject themselves

• Sergel Kredittjänster AB

• Checkbiz AB

• EU/UN Sanction-lists

• Bogard PEP-lists

​

Personal data being processed

The controller only collects personal data concerning the data subjects that are essential and relevant for the purposes explained in this privacy statement.

The following data concerning the data subjects are processed:

• Social security number

• Payment remarks

• Debt balance

• Bank account data

• Address

• Name

• Income

• Email

• Phone number

• Payment behavior

​

Protection of personal data

The controller processes personal data in a manner that aims to ensure the appropriate security of the personal data, including their protection against unauthorized processing and accidental loss, destruction, or damage.

The controller uses appropriate technical and organizational safeguards in order to achieve this goal; these include the use of firewalls, encryption techniques and safe equipment rooms, appropriate access control, careful management of data system user IDs, and providing instructions to the personnel participating in the processing of personal data.

​

Retention period for personal data

The controller will process the personal data during the life cycle of being a customer. At the end of this period, the controller will delete or anonymize the data within 3 months in accordance with the deletion processes it follows.

The controller may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.

​

Profiling

The processing of personal data contains profiling. Profiling refers to the automatic processing of personal data wherein the data is used to assess specific characteristics of the data subject. The data subjects are profiled in order to better target direct marketing and other communications to suit their interests.

​

Rights of the data subject

Right to request access to personal data

The data subject has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate and erroneous personal data concerning them be rectified. The data subject also has the right to supplement incomplete personal data by submitting the required additional information.

 

Right to erasure

The data subject has the right to request the erasure of personal data concerning them if

A. the personal data is no longer required for the purposes for which they were collected;

B. the data subject withdraws their consent which the processing of personal data was based on, and no other legal basis exists for the processing; or

C. the personal data has been unlawfully processed.

 

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning them if

A. the data subject contests the accuracy of their personal data;

B. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or

C. the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims.

 

Right to object

The data subject has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.

The controller shall no longer process the data subject’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

​

Right not to be subject to a decision based solely on automated processing

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

The above shall not apply if the decision is necessary for the creation or execution of an agreement between the data subject and the controller, or if it is based on the explicit consent of the data subject.

 

Right to withdraw consent

The data subject has the right to withdraw the consent they have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.

 

Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.

 

Right to lodge a complaint with a supervisory authority

The office of the Authority for Privacy Protection is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.