Current version 1.1
Published on: 2 August 2023
Updated on: 21 May 2024
Banking-as-a-Service Privacy Policy (Quickbit)
What is personal data?
In legal jargon, ‘personal data’ is any information relating to an identified or identifiable natural person, the ‘data subject’ and the laws regulating personal data in the European Union is the general data protection regulation, the GDPR. According to the GDPR, any information that can be used to identify a person or be linked to that person is personal data. Examples of personal data are name, identification number, contact information, online identifiers such as IP address, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
1. Who are we
We are Intergiro Intl AB (publ), a Swedish fintech company licensed and supervised by the Swedish Financial Supervisory Authority (Sw. Finansinspektionen) as an electronic money institution with the authority to issue electronic money and to provide payment services. Our company registration number is 556965-3537, our VAT number is SE556965353701 and our license number is 48003. Our registered address is Box 3093, 103 61 Stockholm, Sweden.
To provide you with the best services possible, Intergiro has partnered with Quickbit Europe AB (“Quickbit”), a Swedish fintech company registered as a virtual currency exchange provider with the SFSA. Quickbit’s company registration number is 559265-3793. Quickbit provides a first class app (the “QB App”) and virtual currency services, and Intergiro provides payment services, including a personal payment account (the “QB Payment Account”), which you access and use through the QB App.
You sign up with Quickbit and using the QB App you can apply to become a customer of Intergiro to utilise the payment services, generally you are provided with the QB Payment Account and a payment card. You can read more about the payment services in Intergiro’s Payment Services General Terms and Conditions. You need to accept the Payment Services Terms and Conditions and if you are onboarded as a customer of Intergiro in accordance with such terms and conditions, you will be able to access and use the payment services using the QB App.
When you use the payment services, Intergiro will process your personal data. Intergiro is the data controller and responsible for the processing of your personal data when you use the payment services, as further described in this privacy policy.
Quickbit will process some of your personal data on our behalf as our data processor, for example in order for you to access and use your QB Payment Account in the QB App, including viewing transaction history and account balance of your QB Payment Account. In addition, Quickbit provides the QB App and virtual currency services and Quickbit is the data controller of the personal data processed for such services. Please refer to Quickbit’s privacy policy to understand how Quickbit processes your personal data for such services.
Please reach out to our privacy team on privacy@intergiro.com if you have any questions regarding our privacy work or the processing of your personal data.
2. When we collect your personal data
Intergiro will start processing your personal data when you sign up to use the payment services via the QB App.
3. How we collect your personal data
We collect personal data about you from different sources, including personal data:
- that is shared with us by Quickbit to achieve the desired functionality for the QB App and our payment services, such as general and contact information, including name, social security number or equivalent, e-mail address, telephone number or address that you have provided to Quickbit;
- received from you, such as updated contact information or identification information;
- received from external sources, e.g. address registers and identity verification providers; and
- that accumulates from your use of the payment services, such as transaction data.
4. What personal data do we collect
We have divided the personal data we process into the following categories:
- Contact information - such as name and other information about yourself (e.g. address, telephone number, e-mail address, etc.);
- Information about how you interact with Intergiro - for example how you intend to use the payments services;
- Device information - for example, IP address, language settings, browser settings, time zone, operating system, platform and screen resolution;
- Identification documentation and documentation needed for the fulfilment of Anti-Money Laundering and Know Your Customer requirements - e.g. social security number, passport copy or copies of any other documents you have provided for identification purposes (including your picture/selfie or video with sound recording), nationality, date of birth, proof of residence (such as a utility bill) etc. We also collect and compare information from sanction lists and lists of so-called PEP (Politically Exposed Persons), including whether you are a close relative of or associated with a PEP. These lists contain information such as name, date of birth, place of birth, occupation or position and the reason for being on the list in question;
- Transaction data - such as account number(IBAN), information about payment orders you have submitted to us (including name of recipient and relevant account details, , date and amount), transaction history and account balance;
- Verification data - when you confirm the execution of for example a payment transaction we apply so-called strong customer authentication to verify your identity before we execute the payment, so we know that it was you that authorised the transaction. We will log how you verified your identity (e.g. Bank-ID or password combined with SMS verification code), timestamps and status of the transaction (requested, approved or rejected);
- Details of your payment card - including the card number, expiry date and CVC (which is the last three digits of the number on the back of your card);
- Complaints management - information you provide to us via email to complaints@intergiro.com, if you would like to make a formal complaint regarding the payment services
- Customer support information - information that you may provide to Quickbit’s customer support in relation to our payment services.
Biometric information
In addition, we use third-party providers for identity verification and fraud prevention purposes. These biometric information service providers, acting as our data processors, may collect a copy of your passport, scan of the picture on your ID, selfie or video with sound recording for identification purposes (“biometric information”) and employ facial recognition technology to verify your identity. These biometric information services provide us with a confirmation as to whether your identity has been validated or not.
Proof of Residence alternative
As an alternative to asking you to provide us with a utility bill, we use your IP address in order to confirm that the country and region where you are located corresponds with the residential address information you provided during the onboarding process.
5. Why we process your personal data
According to the GDPR, we need to have a purpose and a legal basis for the processing of your personal data. Read more about our purpose for processing your personal data below.
At Intergiro, the legal basis for processing your personal data is either:
- the agreement you have, or is about to enter into, with us by accepting the Payment Services Terms and Conditions or, the agreement you have, or is about to enter into, with Quickbit by accepting Quickbit’s terms and conditions;
- legal obligations we are bound by, such as anti-money laundering regulations; or
- our legitimate interest, such as providing customer support or keeping you informed about product updates.
In very rare cases we may also process your personal data if we have received your explicit consent to do so. In such case, you can always withdraw your consent at any time.
We use the personal data we collect for the following purposes:
- the administration and management of our relationship with you, such as setting up your payment account on our payment services platform and keeping you informed about product updates, managing your queries and solving any issues you experience if any during the performance of payment services provided by Intergiro
- ○ The legal basis for such processing is (i) our legitimate interest or (ii)the agreement you have entered into, or are about to enter into, with us. Our view is that keeping you up to date of the products and services available to you creates meaningful knowledge you
- provision of payment services, including execution of payment orders submitted by you through the QB App, issuance of a payment card to you and processing of card payments you make using your payment card
- ○ The legal basis for such processing is the agreement you have entered into with us
- provision of customer support services, which is managed by Quickbit as Intergiro’s data processor
- ○ The legal basis for such processing is our legitimate interest in providing our customers with customer support. Our view is that our provision of customer support creates a meaningful service to you, such as resolving any queries you may have in relation to the payment services
- accounting and auditing requirements
- ○ The legal basis for such processing is mandatory law, such as the Swedish accounting act (Sw. bokföringslagen) and the Swedish annual reports act (Sw. årsredovisningslagen)
- business development, such as compiling statistics and analysing the data in order to improve our services
- ○ The legal basis for such processing is our legitimate interest in maintaining our relationship with you and to improve our services. Our view is that you as our customers benefit from improvements to the services
- compliance with legal requirements, such as obligations regarding anti-money laundering, sanctions checks, PEP checks, transaction monitoring and screening, and identity verification as well as other legal and regulatory requirements, such as complaints management
- ○ The legal basis for such processing is mandatory law, such as the Swedish act to prevent money laundering and terrorist financing (Sw. lag om åtgärder mot penningtvätt och finansiering av terrorism) and the Swedish Payment Services Act (Sw. lag om betaltjänster)
- collecting technical information about your device
- ○ The legal basis for such processing is either legal obligation, in order for us to prevent fraud or misuse of the payment services, or the agreement you have entered into with us, in order for us to achieve the required functionality of our payment services
- assess or defend legal claims against us or to protect ourselves from fraud and in connection with a reorganisation, transfer of business, merger, IPO or acquisition.
- ○ The legal basis for such processing is our legitimate interest to defend us against legal claims, to protect our company from fraud and to be able to reorganise or scale up our business
6. How we work with automated decision-making
We use automated decision-making when you apply to become a customer of Intergiro through the QB App. Automated decision-making enables us to provide both a more consistent and fair decision-making process where the risk of potential human errors are reduced and a faster review of your application and onboarding process. The automated decision is based on both (i) data provided directly by you (such as answers to our questions) and (ii) derived or inferred data, such as risk scoring.
We will automatically reject your application if you are below the age of 18, and otherwise we only use automated decision-making to approve your application. If required, your application will be referred for manual review by our onboarding team.
In addition, you can always request a manual decision-making process instead, express your opinion or contest decisions based solely on automated processing. If you want to exercise your rights, please contact our data privacy team at privacy@intergiro.com.
7. With whom we share your personal data
As electronic money institutions are subject to statutory requirements for professional secrecy and confidentiality, we only share your personal data in certain specific cases.
In order to provide the payment services to you, we share personal data with our trusted partners that process personal data on our behalf, including consultants that need access in order to perform services for us. In particular, Quickbit is our data processor in order for you to access and use the payment services in the QB App and for the purposes of providing the first line customer support to you.
We also share data with our other trusted third party service providers, who act as our processors:
- Suppliers of payment processing services
- Payment card personalisation bureau (if you have applied for a physical payment card)
- Suppliers of identification services
- Suppliers of screening services to prevent anti-money laundering, fraud and similar crimes
- Suppliers of IT systems and cloud services
We have carefully reviewed our service providers and ensured that their processing of your personal data is in accordance with our instructions and compliant with EU standards (including the GDPR).
Your personal data will also, when applicable, be shared with the following parties which themselves are data controllers of the processing of personal data:
- Quickbit, information about payment transactions you made using the QB App for Quickbit to enhance its knowledge about you as a customer
- ○ The legal basis is the agreement you have entered into with Quickbit
- our correspondent banks, for example regarding execution of pay-outs to beneficiaries, holding client funds and to safeguard legal interests
- ○ The legal basis is the agreement you have entered into with us
- card schemes, such as VISA (if you have applied for a physical payment card)
- ○ The legal basis is the agreement you have entered into with us
- authorities, such as the Financial Police and the Financial Supervisory Authority, if such a disclosure is prescribed by law
- ○ The legal basis is our obligations under mandatory law
As Intergiro provides international payment services, we are sometimes required to share personal data with parties operating outside the EU. In these cases, we ensure that the data is transferred in accordance with the applicable requirements of the GDPR, primarily the standard contract clauses (SCC) and complementary safety measures, or if available, other means in compliance with the GDPR.
If Intergiro engages in a merger, acquisition, reorganisation, or sale of some or all of Intergiro’s assets or shares, financing, initial public offering or similar transactions or proceedings, or steps in contemplation of such activities (such as due diligence), Intergiro may share personal data with third parties, subject to standard confidentiality arrangements.
If Quickbit chooses to substitute Intergiro for another payment service provider, Intergiro will transfer your personal data to Quickbit, who in turn shares it with the new payment service provider.
8. For how long?
We store your personal data for the purposes set out above during the term of our contractual relationship with you, for as long as we otherwise have a meaningful contact with you or as may otherwise be required by law.
When the purpose for which your personal data was collected is no longer relevant, we will stop processing your personal data and either delete or anonymise it in a secure manner. We may retain your personal data for a longer period of time to the extent required by law, by our automated disaster recovery backup systems or if we deem it necessary to assess or defend legal claims or to protect ourselves from fraud.
Under mandatory law, we are required to keep your personal data due to:
- Anti-money laundering and anti-terrorism legislation for a minimum of five and a maximum of ten years
- Payment service legislation, for a period of three years
- Bookkeeping legislation, for a period of seven years
If you terminate your agreement regarding payment services with us, we are required under mandatory law to keep your personal data for a minimum period of five years.
Please note that if you have submitted an application to use the payment services but for any reason do not become a customer with us (irrespective of if you withdraw, or we reject your application), we are required under mandatory legislation to keep your personal data for a minimum period of five years.
9. Your rights
- Access - You have the right to request an extract of the personal data we process about you.
- Rectification - You have the right to request that we correct or complete any information you believe is inaccurate or incomplete.
- Erasure - Depending on the legal basis used for the processing of your personal data, you can ask us to delete your personal data, if (i) there is no good reason for us to continue using it, (ii) you gave us consent (permission) to use your personal data and you have now withdrawn that consent, (iii) you have objected to us using your personal data, (iv) we have used your personal data unlawfully, or (v) the law requires us to delete your personal data. However, in most cases we will be required to deny your request in full or in part due to our obligations under mandatory law.
- Restrict - You have the right to request that we restrict the processing of your personal data, e.g. when you consider that the information is inaccurate and has requested rectification.
- Objection - You have the right to object to our processing of your personal data with legitimate interests as a legal basis. If you object to the processing in such cases, we may only continue to process your data if it can be shown that there are decisive legitimate reasons why the data must be processed that outweigh your interests, rights and freedoms or if the processing takes place to determine, exercise or defend legal claims.
- Data Portability - With regard to personal data that you have provided to us, you may have the right to request a transfer to another provider. If you want to request such a transfer, please contact privacy@intergiro.com.
10. Contacts and complaints
Please do not hesitate to reach out to Quickbit’s customer support team in case you have any questions regarding the processing of your personal data.
You are also welcome to contact our data privacy team directly on privacy@intergiro.com if you have any concerns regarding data privacy or our processing of your personal data.
Intergiro has appointed a Data Protection Officer (“DPO”), Helene Cedertorn, who is responsible for monitoring our compliance with applicable data protection legislation. If you want to reach out to our DPO specifically, please email dpo@intergiro.com.
Please be informed that you have the possibility to lodge a complaint with the Swedish Authority for Data Protection (Sw. Integritetsskyddsmyndigheten) if you are not satisfied with our processing of your personal data.
Information how to lodge a complaint is available on the website of the Swedish Authority for Data Protection:
https://www.imy.se/en/privatperson/forms-and-e-services/file-a-gdpr-complaint/
Contact Information to the Swedish Authority for Data Protection:
Integritetsskyddsmyndigheten,
Box 8114,
104 20 Stockholm
Sweden
Email: imy@imy.se
Telephone no: +468 657 61 00
11. Changes to this privacy policy
We may need to change this privacy policy, for example when we add features to the services, because of changes in law or regulations or due to evolving industry standards. When this privacy policy is changed we will let you know by updating the date at the top of this privacy policy. You may also be informed through information in the QB App or on our website www.intergiro.com. Please revert to this privacy policy on a regular basis to stay up-to-date about our data processing practices and your rights.