PERSONAL DATA WE COLLECT
Instantor may collect and process the following information that you share with Instantor or that Instantor collects when you are using the Service:
a) Personal and contact details such as personal identification number or similar, name, address, age, gender, telephone number, e-mail address;
b) Financial information such as the name of your bank, bank account number, number of accounts, loans and up to 12 months of transactional history (transaction, payer and recipient of payments, amount, balance and date), including monthly cash flow (salary and expenses), overdrafts, and occasionally information on loans, mortgages and trading accounts (see more under the section “What are the sources of information?” below);
c) Technical information related to your device that you are using when using the Service, such as type of browser, IP address, type of device, operating system;
d) Information about queries and complaints: Information you chose to share with as in connection with submitting a query or request to us; and
e) Information used to administer the contractual relationship with you and B2B marketing: If you are a representative of a company who is a customer or potential customer of Instantor, we may collect information that you share with us via e.g. contact form, your interaction with our websites, or which you have agreed to share with us via our partners. This information may include your name, title, professional details, the company you represent, technical data (as defined above) and website history.
WHICH ARE THE SOURCES OF INFORMATION?
Personal and contact details as well as the financial information (together “Account Data”) is collected from your internet bank you designate via the Service upon your consent. We may also get such information from a company asking you to identifying yourself or showing your financial capabilities or status (as applicable), by validating this information against the information collected from your internet bank. Unless otherwise stated in connection with you granting us access, we only use information from transactional accounts, i.e. not from your loan, mortgages, trading and other accounts. Technical information is collected when you interact with the Service or our websites.
HOW DO WE USE YOUR PERSONAL DATA?
- With your consent, we will use your Account Data to deliver the Service. This also includes measuring your use of the Service, detection and resolution of technical issues, ensuring and optimizing quality, keeping the service safe and secure, preventing and investigating illegal activities on the Service and enforcing our Terms and Conditions;
- To pursue our legitimate interests, we may use technical information (described above) to analyze use of and improve the Service;
- To establish, exercise or defend against legal claims; to respond to legal process (e.g. court order or subpoena) if we believe in good faith that it is necessary to do so; and to comply with legislation that applies to Instantor’s business, such as accounting and tax laws; and to respond to queries, requests and complaints; and
- If you are a representative of a customer or potential customer of Instantor, we may use information described in “Information used to administer the contractual relationship with you and B2B marketing” above in order to (i) enter into and perform contracts with the company you represent, and (ii) pursue our legitimate interest to improve communication with you, serve you with relevant content and marketing material, such as newsletters, offers and ads.
We will also process your information in a de-identified format, for analytical purposes and for future improvement of the Service.
HOW DO WE DISCLOSE YOUR PERSONAL DATA?
Personal data collected through the Service may be disclosed to the following categories of recipients:
- Our customers that you have agreed to share your data with via the Service. Note that after our disclosure of your data to the agreed recipient, the recipients are independently responsible for their own further processing of your personal data in accordance with their respective privacy policies.
- Other companies within our group of companies, or any successors in title to our business or assets. A list of our group companies is available upon request.
- To the extent necessary to provide the Service, we may also disclose your personal data to distributors of the Services, as well as service providers and subcontractors retained to perform functions on our behalf or to provide services to us, such as infrastructure providers and providers of legal, accounting, audit and other professional services. All service providers and subcontractors are prohibited from using personal data for purposes other than providing such services to us or as otherwise required by law.
- We may also disclose personal data to external parties if required by law, or in response to legal requests, for example court orders, subpoenas or specific requests from law enforcement agencies, if we believe in good faith that it is necessary to do so.
Additionally, we may use and disclose information in anonymous or aggregate form (so that no individuals are personally identified) for marketing and strategic development purposes.
We take all reasonable legal, technical, and organisational measures to ensure that your data is treated securely and with an adequate level of protection when transferred to or shared with such selected third parties.
SHARING WITH RECIPIENTS OUTSIDE OF YOUR COUNTRY OF RESIDENCE
Some of the third parties identified above may be located outside your country of residence including outside the European Union/European Economic Area (i.e. in a so-called third country), in which case we will take all necessary steps required under applicable law in order for such transfer of information across borders to be compliant with applicable law. This may for example include the use of standard contractual clauses adopted by the EU Commission or ensuring that the recipient is certified under the US-EU Privacy Shield Framework.
FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will retain your personal data for as long as necessary to provide the Service, which normally is a few minutes. However, where we suspect or detect errors in your data which may result in degraded Service quality and/or delivery of incorrect data to the company with which you wish to share your data, we will keep the data for as long as necessary to fix those issues, which normally is a few days but not more than two weeks. Where applicable law requires a certain retention time, such as under accounting or tax laws, your data will be kept for the minimum period required by such laws. Your personal data will be deleted or anonymized when it is no longer relevant for the purposes under which it was collected. Information regarding queries and complaints as well as information used to administer the contractual relationship with you and B2B marketing (as defined above) will be kept for the period of time necessary to achieve the purposes for which this information is processed or, for marketing purposes, until you opt-out from the relevant processing.
Please note that your personal data, despite the aforementioned, may be stored by us on our customers’ behalf, i.e. not for our own purposes. See more under the section “Processing carried out as a data processor” below.
We are committed to protecting your personal data and take appropriate measures to keep it secure and to prevent unauthorized access or use. For example, all personal data collected will be treated with confidentiality as far as possible and will, where appropriate, be transmitted and handled by applying SSL (Secure socket layer) and secure encryption procedures.
Persons under the age of 18 are not entitled to use the Service. We do not and will not knowingly collect information from any unsupervised person under the age of 18. If we become aware that we keep data about such a person, we will take all reasonable measures to delete such data, provided that we are not legally prevented from doing so.
Under applicable data protection legislation, you have certain rights as a so-called data subject. The rights are listed below. Please note that the rights are not unconditional and that an attempt to invoke any of the rights listed below will not always cause us to act in accordance with the request.
Withdrawal of consent: You have the right to withdraw your consent to processing of your data. If you withdraw your consent, please note that this does not affect the lawfulness of the processing conducted prior to the withdrawal and that Instantor may, under certain circumstances, have another legal ground for the processing and therefore may be entitled to continue the processing.
Right to access: You are at any time and free of charge entitled to receive a copy of the personal data that we hold about you and information about how it is processed. Please note that Instantor needs to, in order to be able to answer your request, be able to determine your identity.
Right to rectify and restrict: You have the right to, without undue delay, have inaccurate or incomplete personal data about you corrected. Furthermore, you have the right to request that Instantor restricts the processing of your personal data under certain conditions where, for example, you contest the accuracy of the personal data or Instantor no longer needs the personal data for the purposes of the processing described herein.
Right to erase: You have the right to have your personal data deleted without undue delay if, for example the personal data are no longer necessary for a purpose described herein. Please note that Instantor is not obliged to delete the personal data if Instantor can show that the processing is necessary, for example, for the establishment, exercise or defense of a legal claim or to comply with a legal requirement.
Right to object: You have the right to object to Instantor’s processing of your personal data based on legitimate interests. If you object to such processing, Instantor will no longer be entitled to process your personal data based on such legal basis, unless Instantor can demonstrate a legitimate interest which overrides your interests
Right to data portability: You may also have the right to receive the personal data concerning you and which you have provided to Instantor, in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another data controller
If you wish to receive a copy of the personal data that we process about you, if you want to exercise any of the above mentioned rights, or withdraw your consent, please contact us at email@example.com or our data protection officer at firstname.lastname@example.org.
If you are unhappy with our processing of your personal data you may also lodge a complaint with the Swedish data protection authority (Swe: Datainspektionen), at email@example.com or Box 8114, 104 20 Stockholm, Sweden, phone no +46 08-657 61 00. You may also contact the supervisory data protection authority in your country of residence, which in such case will cooperate with the Swedish data protection authority.
In the event of an operational or security incident that affects information of our users, we will make required information available on our website. If you prefer to get notified via other means, please contact us at firstname.lastname@example.org.
Please visit our website at www.instantor.com for more information about us and our services.
PROCESSING CARRIED OUT AS A DATA PROCESSOR
Our service to our customers include that we, on behalf of the respective customer, store the information that you have agreed to share with that customer. We provide this storage for our customers and we will not use the stored personal data for our own gains. Our customers are generally using this service for the purpose of facilitating record keeping and traceability of the information they used in connection with a decision to enter into a contract with or to provide you with a service online. It is our customers’ responsibility to use the personal data in accordance with applicable laws and they are free to delete the information from our storage at any time. For this processing of your personal data, our customers (i.e. the company you have agreed to share your information with) are data controllers. We are our customers’ data processor as we store the data on their behalf and will only use the data as instructed by our customers. For these purposes, we will always enter into a data processing agreement with our customers. If you do not want that the company you have shared your data with to store the data, please contact the relevant company.