General information about the processing of personal data
We, Collector Bank AB are concerned about ensuring that you do not feel that your personal integrity might be compromised when you provide us with information about yourself. When you, directly or indirectly, provide us with personal data via any of our channels, we will process this in the proper way. Personal data may be processed, for example, in conjunction with you applying to become a customer of ours or making a purchase from a retailer that uses our payment solutions, such as Collector Checkout. The overall purpose of the processing of your personal data is to check and consider your application to become a customer and to then manage and perform the contract that has been made. Personal data is also collected when you use any of our services, for example one our mobile applications. We may use information from public registers, credit report agencies or other companies whom we cooperate with, to supplement the information that you have provided to us. The purpose is to make sure that the information we have about you is updated and correct. Personal data may be processed even if you are not or have not applied to be a customer, such as a deputy, agent or representative.
The data that we have about you will be stored even if an application to become a customer does not result in you becoming a customer. If you do not become a customer of ours, your personal data will only be stored with us for a very limited period.
Recording of phone calls, e-mails or other interaction or communication that we have with you, or with a deputy for you, will also be saved.
Collector Bank AB
Corporate ID no. 556597-0513
Type of data
Examples of personal data we process about you is following:
- Details about you as a customer such as personal identity (ID) number, address details and information about the IP address for your Internet connection when you use our services.
- Details about you as legal representative for a company that is or becomes a customer to Collector, such as personal identity (ID) number, address details and information about the IP address for your Internet connection when you use our services.
- Information about you of a financial nature such as payment defaults, income tax assessments and credit obligations.
- Payment information, e.g. about how you are paying for credit used.
- Account and bank details and other information referable to your direct debit consent.
- Your contact details in the form of email address and mobile telephone number.
- Details about previous purchases or commitments you have or have had through us such as loans granted or denied and purchases.
- Details of how you are using our apps, our website or any other of our services such as electronical device, pattern of behaviour, operating system, time of response, timezone settings, screen resolution and "location information" - your geographical location.
- Information about deposits and withdrawals that you make from your saving account.
- Information referable to KYC (Know Your Customer) Rules that we are obliged to collect and save according to law, such as beneficial owner.
- Information referable to purchases of products and services that you make with a retailer that offers our payment solutions.
- Credit and debit card information in the form of card number, CVC code and expiry date.
Purpose of data processing
We only process your personal data for as long as there is a legal basis. The legal bases that we process your data for are so that:
- Legal basis 1. we will be able to perform obligations and undertakings in relation to you on which we have a contract or for preparations prior to entering into a contract.
- Legal basis 2. we will be able to fulfil a legal obligation and comply with the laws applicable to our business.
- Legal basis 3. we or another of our cooperating partners have a legitimate interest in the processing.
- Legal basis 4. you have consented to the processing.
The following shows the purpose of the processing and also the legal bases for each purpose.
We process your personal data for the purpose of:
|Ensuring that you are who you say you are applying for or using one of ours or our partners services. Legal basis 1), Legal basis 2)|
|Ensuring that you are who you say you are when you, as a legal representative for a company, applies for credit or becomes a customer to us, or otherwise use our services on behalf of the company. Legal basis 3)|
|Managing the customer relationship and fulfilling the obligations and undertakings on which we have agreed. A prerequisite to ensure this is to process your personal data. Legal basis 1)|
|Managing the customer relationship and fulfilling the obligations and undertakings that we have towards a customer for which you are a legal representative. A prerequisite to ensure this is to process personal data about you acting as an legal representative for a company. Legal basis 3)|
|Make an assessment of your ability to pay back a credit or a risk analysis in connection to when you are applying for a credit. Legal basis 1), Legal basis 2)|
|Preventing and impeding our services, such as our mobile applications and our website, being misused or used in a way that violates the law or the general terms and conditions. Legal basis 1), Legal basis 2)|
|Satisfying the laws applicable to our business, such as 'Know Your Customer information' (which are prescribed by the Money Laundering Act), capital adequacy rules or the Consumer Credit Act, etc. Legal basis 2)|
|Make a control of personal data against sanction lists that we, according to law or authority decisions, are obliged to apply to make sure that insufficient conditions do not exist for providing our services. Legal basis 2)|
|Reporting to Tax Agency, Police authority, Enforcement authority Sw. Kronofogdemyndigheten, Financial supervisory authority Sw. Finansinspektionen and other authorities, both Swedish and foreign. Legal basis 2)|
|For statistics and risk management purposes e.g. risk calculation models to ensure that we comply with capital adequacy rules. Legal basis 2)|
|To fulfill legal requirements concerning our partners services, such as giving access to personal data for cooperating parties that have a permit to require services concerning account information and/or payments initiation. Legal basis 2)|
|Compiling supporting information for business and methods development, market and customer analyses, both for our internal use and for our cooperating parties. This includes preventing fraudulent behaviour. Legal basis 3)|
|Us or one of our cooperating partners being able to send messages and marketing to you provided that you have not opposed such direct marketing. Legal basis 3)|
|When you, as a private person or a legal representative, provide us with your contact details in any of our forms with the purpose of us contacting you regarding our services. Legal basis 3)|
Consent as a legal basis for processing personal data
In order for us to process your personal data on the legal basis consent we have to have an explicit consent from you. An example for when consent is required is when the personal data contains sensitive information (processing of special categories of personal data).
(According to law, special categories of personal data is information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.)
You have the right to withdraw your consent whenever you like. If you withdraw your consent, we do not have a legal basis to process your personal data with the legal basis consent.
As indicated above, we or one of our cooperating partners may use your personal data for marketing and profiling. This means that you may receive direct email based on the details you provided. If you do not want this, you can contact us via firstname.lastname@example.org and require a barring from marketing.
Sharing of information
As indicated above, we may disclose or transfer your personal data to a cooperating partner, supplier or sub-supplier. We will take all reasonable technical measures to ensure that your personal data is processed, shared and transferred in a secure way. This comprises, among other things, entering into contracts with companies that process data on our behalf. We endeavor to ensure that your personal data is only processed in countries within the EU and EEA, although it is possible that data is processed outside the EU or EEA. Such processing of data will only occur under the presumption that the legal requirements are fulfilled and that any other of these qualifications are fulfilled:
|The European Commission have made a decision that there is adequate protection in the current country.|
|That there have been adequate protection measures, for example Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR).|
|It is allowed according to applicable law.|
Companies within the Group
We may transfer and share your personal data with companies within the Collector Group.
Credit report agencies and Suppliers
The personal data that we directly or indirectly collect and process about you may be shared with credit report agencies and used to assess your capacity to pay back a loan and confirm your identity and address when you apply for a loan from us. This may, for example, comprise of you paying for goods or a service using one of our payment solutions at such a retailer that uses our services.
Retailers - that uses our Payment Solutions
We have several affiliated retailers (both e-commerce and stores) that use our payment solutions for payment for their products and services, including via Collector Checkout. We may share certain information, which you have directly or indirectly provided to us, with such retailers to enable them to process your purchase. The retailer becomes the controller of personal data for this data as you have a direct contractual relationship with the retailer when you make your purchase. This means that the retailer´s terms and conditions apply to the personal data we shared with the retailer.
We may share and transfer information about you with various public authorities such as, for example, the Police Authority or the Tax Agency. We will transfer all or some of your personal data we process if we are obliged to do so according to law or if you have given your consent.
Other suppliers, cooperating parties or third parties
We may also share and transfer your personal data to a supplier or cooperating party other than those mentioned above. For example, we share your personal data in the form of card information with such PSPs (Payment Service Providers) that are PCI DSS-Certified and with which we cooperate to process a card purchase via Collector Checkout.
Other examples of suppliers that we may share you personal data to are companies for financial ID-technology.
We may also share personal data about you with a third party if we sell or purchase a business, receivables or other assets.
We will only store and process your personal data for as long as there is a legal basis to do so. Legal bases may, for example, comprise of there being a statutory requirement for us to save certain information or to enable us to perform the contract we have with you. Personal data will only be processed by us or such cooperating partner or supplier that process data on our behalf for as long as the purpose of the processing endures and for a maximum period of 10 years after that due to the rules of limitation. In some cases the data can be saved for a longer period because of capital adequacy rules. Other time limits can be applicable due to bookkeeping (7 years) or anti-money laundering laws (5 years).
If you do not enter into an agreement with us, your personal data will be saved for 3 months. The information can be saved for a longer period because of, for example, anti-money laundering laws.
Your legal rights
You are entitled to request and to have access to the personal data registered about you. You can request the information by contacting us according to the contact details below.
You are entitled to request that the data be corrected or erased if you suspect or have discovered that personal data is incorrect, incomplete or irrelevant. You should then contact us via email@example.com or via the address stated below. See further information below about the right to be forgotten ("erasure").
If the data we process about you is no longer necessary to satisfy the purposes for which it was collected, you are entitled to request that it is erased. However, please note that we will not erase certain data even though you want us to erase that data. The reason for this could be that we still have a contractual relationship with you or that we as a bank have certain legal obligations that prevent us from immediately deleting parts of your data. The data will be erased when we no longer have a legal basis of processing the data. You also have the right to object to the processing of certain data.
You have the right to, during particular circumstances and if we are processing your personal data based on the legal basis of consent or to perform obligations and undertakings in relation to you on which we have agreed, receive a copy of the personal data that you have provided and have the personal data transmitted directly to another Controller, if it's technically possible.
Your request and/or objection as above will be looked upon in every specific case. As mentioned above, we sometimes have certain legal obligations that prevent us from deleting or limiting the processing of the data.
Profiling and automated decision making
"Profiling" means automated processing of personal data to evaluate certain personal aspects relating to you to for example analyse or predict aspects of your economic situation, your preferences, interests or whereabouts.
We profile the data we have on you to decide what marketing content that would be interesting to you and for analysing transactions to prevent fraud. The legal basis for profiling is our legitimate interest, legal requirements for fulfilling an agreement with you or consent. If the legal basis is consent you will have to give such a consent.
Automated decision making
"Automated decision making" means that we offer certain services such as granting you credit solely based on automatic means, without any interaction from any of our employees. By making this automated we increase objectivity and transparency when offering those services.
You have the right to not be a subject to decisions only based on automated decision making if the decision can have legal impact on you or any other considerable impact. We have the right to conduct automated decision making to perform obligations and undertakings in relation to you if it is necessary for the conclusion or fulfilment of an agreement between you and us, or if you have given your consent.
Data protection officer
We have designated a data protection officer to monitor compliance with applicable laws regarding processing of personal data. The data protection officer will fulfil his mission independently in relationship to our company.
You can always contact us in the channels stated below if you have any questions regarding our processing of your personal data.
If you consider that we have processed your personal data in an erroneous or unpermitted way, you can refer to the Swedish Authority for Privacy Protection, which is an independent supervisory authority that supervises compliance with applicable data protection legislation in Sweden. You will find further information at www.imy.se.
A cookie is a small text file that the website asks to have stored on the visitor's computer and that includes a certain quantity of information and a certain time stamp. The web browser saves the information in a special place on your computer and returns the information in the cookie to the website you visit at the time of each request for pages/pictures from the website.
Two kinds of cookies
Cookies are used in our services to improve the user experience and to optimise the website and mobile application. There are two kinds of cookie:
- One kind, which is referred to as a permanent cookie, saves a file that remains on the visitor's computer. This is used, for example, to be able to adapt a website according to the visitor's wishes, choices and interests and also for statistical follow-up.
- The second kind is called a session cookie. This is stored temporarily in the memory of the visitor's computer during the time a visitor is on a website. Session cookies disappear when you close your web browser.
We use both session and permanent cookies. Regardless of the kind of cookie used on this website, no personal information is saved about the visitor (such as, for example, email address or name).
Dealing with cookies
See the web browser's help pages for more information about how you can see what cookies are stored on your web browser, how to remove them and also select settings for whether or not cookies are to be accepted.