Finshark AB (Finshark), org. no. 559203-3855, is a licensed payment institution that help businesses to take advantage of the new financial scenario and deliver premium services tailored to their customers’ expectations and needs.
What personal data we collect and why we collect it.
a) End-users that are using our payment service
b) Representatives that are representing a current or potential customer of ours
c) Website visitors that are interacting with our websites or contacting our support and/or complaints service
d) Job seekers (If you apply for a job with us, please read our policy for job applicants which you can find in connection with submitting your application)
What is personal data and what does the processing of personal data mean?
Personal data refers to any kind of information that can be directly or indirectly related to an identified/identifiable natural person. The processing of personal data covers all operations that are performed on the personal data, whether actively or passively, for the means of e.g., collection, registrations, storage, alteration, erasure etc (cf Art 4 (2) GDPR).
Who is responsible for the personal data processing?
Finshark AB is the data controller that is responsible for the processing of your personal data for the purpose of delivering our Products and Services to you. We need to collect information about you to communicate our products, deliver our services, and meet our legal obligations relating to payment services.
Most of our customers are business entities, which means that Finshark may in such circumstances act as a data processor. In processing your personal information on behalf of our customers, we ensure that such processing is carried out in accordance with our contractual obligations and applicable legislations.
What do we do with your personal data?
The following points provide a list of data categories, purposes, and its storage period for which Finshark’s processes personal data and information on the legal basis are provided below. This is not an exhaustive list and should be seen as general examples of data processing by Finshark.
The purpose of processing your personal information depends on who you are and how we interact with you. Here’s an overview on how we process your personal data and for what purposes:
|Purpose of processing||Legal basis|
use our Services
|In terms of our Services and Products, our business customers integrate our solutions as an option for payment or to take out loan for instance. This means that you as the end user give us permission to process and collect information about you. This includes information needed to communicate with your bank or a service provider. We also collect certain data such as address information and that is required for the Service to work. This information includes: Identifying Information: name, date of birth, email, billing address, mobile number etc., Order Information, Account information, Device Information.||Processing your personal data is necessary to fulfil our contractual obligations towards our customers, but we may also be required to process your information to fulfil our statutory obligations such as the obligation to prevent money laundering or similar illicit financial activities.|
|Payment, and/or Financial Information||We collect this type of personal information e.g., to carry out direct transactions or to initiate payments upon request. This information that we collect about you may include but not limited to, name, date of birth, address, social security number etc. We must also collect information about you directly from your bank for our Services to work – including information about your account, your transactions and other financial information. Please note that we only collect information about you from your bank with your express consent.||For our Services to work, we must collect information about you directly from your bank – which is also a necessary step to fulfill our contractual obligations. However, do note that we only collect information about you from your bank with your express consent.|
How long do we store your personal data?
We mainly share your personal information with our partners (“Partners”) whose services you use and to whom you have instructed us to share your data. Personal information we share with Partners is only such as is required for us to be able to deliver the Service to you.
In some situations, we may share your information with third parties. When we share your personal data with a personal data assistant, your personal data will only be processed in accordance with the purposes for which we collected your personal data in the first place. This means that a personal data processor cannot process your personal data for additional or personal purposes. We have a personal data processor agreement in place with these parties to ensure that your personal data is protected in the same way as if we processed your personal data ourselves.
We may also share your personal information with authorities to comply with our obligations related to prevent crimes and money laundering.
Where do we process and store your personal data?
Finshark processes and store your personal data primarily within the EU/ EEAS. Our company is based in Sweden and has an office in Bosnia which means that we’re mainly operating within Europe.
In exceptional cases, your personal data may be processed outside the EU/EEAS. For example, if our personal data processor, either individually or through another personal data processor/sub-processor, is established outside the EU/EEAS.
Regardless of the country in which your personal data is processed, we undertake necessary measures to ensure that your personal data is protected with a high level of security that is appropriate to the risks associated with the processing and maintain physical, electronic, and procedural safeguards to protect it.
What rights do you have over your personal data?
You, as the data subject, have several rights that you can at any time exercise by using the Finshark’s contact information provided below. The following points thereby provide an overview of the rights that you are entitled to enjoy (cf. Chapter 3 GDPR):
1) Right to access.
You have the right to access your personal data. This means that you have the right to get an extract from the register detailing Finshark’s processing of your personal data. Finshark shall, upon request of an extract from the register, provide you with a copy of the processed personal data and information about the processing.
2) Right to rectification/correction.
You have the right to get your personal data corrected if it is inaccurate, incomplete, or misleading, and the right to restrict processing of the personal data until it is changed
3) Right to restriction of processing.
You have the right to request that the processing of personal data be limited only to processing for certain specific purposes. Such right to restriction of processing applies in the following cases:
3.1) If the personal data is incorrect and the Finshark needs time to verify the accuracy of the data.
3.2) If you object to the processing or request the restriction of the use performed by Finshark, in which case the processing shall be limited until the justification for your objection and Finshark’s compelling reasons have been weighed.
3.3) If the personal data is no longer needed for Finshark’s activities, you request that it continues to be stored in case it is needed to make legal claims.
3.4) If you believe that Finshark should delete your personal data but Finshark for some reason is unable to accommodate your request.
4) Right to object and erasure.
Under certain circumstances, you have the right to object and be erased if:
4.1) The data is no longer needed for the purpose for which it is processed.
4.2) You withdraw your consent for certain processing and there is no other legal basis for the processing by the Finshark.
4.3) You object to personal data processing performed following a weighing of interests and there are no legitimate reasons that outweigh your interests.
4.4) The processing is for the purpose of direct marketing, and you object to the processing of the data. 4.5) Personal data is processed unlawfully.
4.6) Erasure is required to fulfil a legal obligation.
5) Right to data portability.
You have the right in some cases to retrieve the personal data you provided to us and transfer data to another controller, where technically feasible.
6) Right to complain to the supervisory authority.
If you have any input or questions regarding our personal data processing, you can address them to our data protection officer (DPO via firstname.lastname@example.org (kindly provide ‘GDPR request: your name’) as the subject of your email.
In case you consider that the processing of personal data has been unlawful, as a data subject, you have the right to lodge a complaint with the supervisory authority. In Sweden, the Swedish Data Protection Authority is the supervisory authority that is responsible for monitoring how your personal data are processed.
The Swedish Data Protection Authority
Phone: +46 (0)8-657 61 00
Postal adress: Integritetsskyddsmyndigheten (Box 8114) 104 20 Stockholm
Finshark is responsible for the processing of your personal data and has appointed a DPO who is responsible for monitoring our compliance with applicable data protection legislation. You are welcome to send your request to our DPO via email@example.com (kindly provide ‘GDPR request: your name’) as the subject of your email.
In case of any changes that are significant for our undertakings towards you as the data subject during ongoing personal data processing, you will receive information through our website and/or by email (if you have provided us with an email).