But first - what is personal data?
In legal jargon, ‘personal data’ is any information relating to an identified or identifiable natural person, the ‘data subject’ and the laws regulating personal data in the European Union is the general data protection regulation, the GDPR. According to the GDPR, any information that can be used to identify a person or be linked to that person is personal data. Examples of personal data are name, identification number, contact information, online identifiers such as IP address, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
1. Who are we
We are Intergiro Intl AB (publ), a Swedish fintech company licensed and supervised by the Swedish Financial Supervisory Authority (Sw. Finansinspektionen) as an electronic money institution with the authority to issue electronic money and to provide payment services. Our company registration number is 556965-3537, our VAT number is SE556965353701 and our license number is 48003. Our registered address is Box 3093, 103 61 Stockholm, Sweden.
2. When we collect your personal data
Intergiro will start processing your personal data when you execute the Tip-Up via the Intergiro Tip-Up integration provided on a partner’s website (this is when you enter your card details, name and email address on the creator’s link).
3. How we collect your personal data
We collect personal data received from you, such as your name, email address and card credentials.
4. What personal data we collect
We have divided the personal data we process into the following categories:
- Contact information - such as name and e-mail address; and
- Details of your payment card - including the card number, expiry date and CVC (which is the last three digits of the number on the back of your card).
5. Why we process your personal data
According to the GDPR we need to have a purpose and a legal basis for the processing of your personal data. Read more about our purpose for processing your personal data below.
At Intergiro, the legal basis for processing your personal data is either:
- the agreement you have, or is about to enter into, with us by accepting the General provisions for making a Tip-Up; or
- legal obligations we are bound by, such as anti-money laundering regulations.
We use the personal data we collect for the following purposes:
- provision of Tip-Up, including execution of your card payment through our Tip-Up payment integration
- accounting and auditing requirements
- compliance with legal requirements, such as obligations regarding anti-money laundering, sanctions checks, PEP checks and transaction monitoring and screening as well as other legal and regulatory requirements
6. With whom we share your personal data
As electronic money institutions are subject to statutory requirements for professional secrecy and confidentiality, we only share your personal data in certain specific cases. In order to provide the Tip-Up we share personal data with our trusted partners that process personal data on our behalf.
We also share data with our other trusted third party service providers, who act as our processors:
- suppliers of payment processing services;
- suppliers of screening services to prevent anti-money laundering, fraud and similar crimes; and
- suppliers of IT systems and cloud services.
We have carefully reviewed our service providers and secured that their processing of your personal data is compliant with EU standards and the GDPR.
Your personal data will also, when applicable, be shared with the following parties which themselves are data controllers of the processing of personal data:
- authorities, such as the Financial Police and the Financial Supervisory Authority, if such a disclosure is prescribed by law
As Intergiro provides international payment services we are sometimes required to share personal data with parties operating outside the EU. In these cases, we ensure that the data is transferred in accordance with the applicable requirements of the GDPR, primarily the standard contract clauses (SCC) and complementary safety measures, or if available, other means in compliance with the GDPR.
If Intergiro engages in a merger, acquisition, reorganisation or sale of some or all of Intergiro’s assets or shares, financing, initial public offering or similar transactions or proceedings, or steps in contemplation of such activities (such as due diligence), Intergiro may share personal data with third parties, subject to standard confidentiality arrangements.
7. For how long?
We store your personal data for the purposes set out above for as long as required by law. When the purpose for which your personal data was collected is no longer relevant, we will stop processing your personal data and either delete or anonymise it in a secure manner. We may retain your personal data for a longer period of time to the extent required by law, by our automated disaster recovery backup systems or if we deem it necessary to assess or defend legal claims or to protect ourselves from fraud.
Under mandatory law, we are required to keep your personal data due to:
- Anti-money laundering and anti-terrorism legislation for a minimum of five and a maximum of ten years
- Payment service legislation, for a period of three years
- Bookkeeping legislation, for a period of seven years
Please note that if you have submitted a payment instruction to us, we are required under mandatory legislation to keep your personal data for a minimum period of five years.
8. Your rights
Access - You have the right to request an extract of the personal data we process about you.
Rectification - You have the right to request that we correct or complete any information you believe is inaccurate or incomplete.
Erasure - Depending on the legal basis used for the processing of your personal data, you can ask us to delete your personal data, if (i) there is no good reason for us to continue using it, (ii) you have objected to us using your personal data, (iii) we have used your personal data unlawfully, or (iv) the law requires us to delete your personal data. However, in most cases we will be required to deny your request in full or in part due to our obligations under mandatory law.
Restrict - You have the right to request that we restrict the processing of your personal data, e.g. when you consider that the information is inaccurate and has requested rectification.
Objection - You have the right to object to our processing of your personal data with legitimate interests as a legal basis. If you object to the processing in such cases, we may only continue to process your data if it can be shown that there are decisive legitimate reasons why the data must be processed that outweigh your interests, rights and freedoms or if the processing takes place to determine, exercise or defend legal claims.
Data Portability - With regard to personal data that you have provided to us, you may have the right to request a transfer to another provider. If you want to request such a transfer, please contact email@example.com.
9. Contacts and Complaints
Please do not hesitate to reach out to contact our data privacy team directly on firstname.lastname@example.org in case you have any questions regarding the processing of your personal data.
Please be informed that you have the possibility to lodge a complaint with the Swedish Authority for Data Protection (Sw. Integritetsskyddsmyndigheten) if you are not satisfied with our processing of your personal data.
Information how to lodge a complaint is available on the website of the Swedish Authority for Data Protection:
Contact Information to the Swedish Authority for Data Protection:
104 20 Stockholm
Telephone no: +468 657 61 00