Privacy Policy
At Akova Finans AB, your privacy is important to us, and we want you to feel safe when entrusting us with your personal data. We have created this privacy policy to inform you about how we handle and protect your personal data. This privacy policy explains what personal data we collect when you use our services, as well as the purposes for which your personal data is processed.
In this Privacy Policy, the term “processing” refers to all activities involving your personal data, including collection, management, storage, distribution, creation, use, transfer, and deletion or destruction of information.
“Applicable Data Protection Legislation” refers to the GDPR (EU General Data Protection Regulation No. 2016/679).
“Personal Data” refers to any information that relates to an identified or identifiable natural person (“data subject”).
1. Who is responsible for collecting and processing your personal data?
Akova Finans AB, with company registration number 556955-9734, is the legal entity responsible for processing your personal data under the GDPR and is responsible for all processing of your personal data related to the services provided under the Akova brand.
2. What personal data do we process?
2.1 About you as a customer or business partner
A customer or business partner refers to the individual(s) representing our current and future clients or business partners who purchase, use, or inquire about our services.
We may process the following categories of personal data:
- Contact details such as name, address, email address, phone number, and personal identification number.
- Employment-related information such as employer, job title, etc.
- Information about your interactions with customer support – recorded phone calls and email correspondence.
- IP address and information about your use of our website and services.
- Information from external sanctions lists and PEP (Politically Exposed Persons) lists – sanctions lists and lists of persons classified as politically exposed persons (“PEP”) may include information such as name, date of birth, place of birth, occupation or position, and the reason why the person is listed.
- Customer knowledge information.
2.2 About you as an end customer
An end customer refers to the customers of our clients, i.e., the individuals who are responsible for paying the invoice or the individual listed as a contact or other representative of the company receiving the invoice.
We may process the following categories of personal data:
- Contact details such as name, address, email address, phone number, and personal identification number.
- Information about purchases (details of services purchased).
- Personal data on invoices, claims, and other documents related to our services.
- Payment information such as account number, card number, phone number, and payment history.
- Information about your interactions with customer support – recorded phone calls and email correspondence.
3. Why, how, and on what legal basis do we process your personal data?
The overarching purpose of our processing of your personal data is to be able to offer our services and provide our service to you.
3.1 Provision of our services
In order to enter into agreements and provide our services to you as a customer, we collect and process personal data about you. The legal basis for processing your personal data is that it is necessary for the performance of our contract with you or to take steps before entering into such a contract. If you do not provide the personal data mentioned above, we will not be able to offer our services or fulfill our obligations towards you.
If you are a representative or contact person for a company that is a customer or business partner to us, the legal basis for processing personal data about you is a balancing of interests, i.e., the processing is necessary for the purpose of maintaining and fulfilling our obligations in contractual relationships. If you do not provide your personal data, we will not be able to fulfill our obligations towards the company you represent.
3.2 Fulfilling our contractual obligations
In order to administer the invoices we purchase or handle on behalf of our customers, where you are the end customer, the legal basis for processing your personal data is a balancing of interests, i.e., the processing is necessary for the purpose of fulfilling our contractual obligations and for receiving payment.
When we handle or purchase invoices for our customers, it is our customer who collects the data from you as the end customer and provides it to us. We may also collect data from external parties such as the Swedish National Address Register (SPAR).
3.3 Fulfilling our legal obligations
Some personal data may also be processed because we have a legal obligation to do so. For example, personal data may need to be processed due to our bookkeeping obligations or other obligations under anti-money laundering laws.
4. How long do we store your personal data?
We never store personal data longer than necessary for the purposes of processing. The duration of the storage depends on the purpose for which the data is processed. We regularly delete personal data that is no longer necessary.
Data about you as a customer or business partner is stored as long as there is an active agreement. After the contractual relationship has ended, only the personal data needed to manage any legal claims and comply with applicable legal requirements is retained. Under applicable anti-money laundering and terrorism financing laws, we are required to store certain data for 5 years, or up to 10 years in some cases. The retention period under the Accounting Act is 7 years.
Data about you as an end customer is stored as long as your account is active and for an additional 30 days, during which you, as the end customer, can reactivate your account. We also store data as long as there is an unpaid invoice and your debt can be pursued, considering limitation periods and any interruptions of limitation periods. Even after the debt has been paid or settled, we may need to store personal data for legal compliance or to handle other legal claims related to the debt.
5. Who has access to your data?
Akova will transfer your personal data to other companies with whom we collaborate. Personal data is transferred only when necessary for us to provide our services. The recipients of your personal data may be either data processors on behalf of Akova, i.e., companies that process your data on our behalf and according to our instructions, or independent data controllers, i.e., companies that are independently responsible for the processing of your data because they have a direct relationship with you as a customer.
We will not sell your personal data to third parties.
Our data processors assist us with:
- IT services
- Identity verification
- Invoice issuance
- Customer knowledge data collection
- Debt collection services
- Customer support
When we use suppliers who process personal data on our behalf, we enter into data processor agreements with the supplier. These agreements stipulate that the supplier (data processor) may only process personal data for the purposes we define and according to specific instructions from us. Our suppliers are not allowed to use your personal data for any purposes that we have not explicitly authorized.
Your personal data is primarily stored on servers located in Sweden, but sometimes we may need to transfer your personal data to suppliers who operate in or outside the EU/EEA. If your personal data is transferred outside the EU/EEA, Akova will take the necessary measures to ensure that your personal data is handled securely and with an adequate level of protection comparable to the protection offered within the EU/EEA.
6. Security and Data Protection
Akova takes the technical and organizational security measures necessary to ensure a high level of protection. This means we actively work to prevent personal data from being misused, lost, accessed unlawfully, destroyed, or otherwise handled in violation of this privacy policy or applicable legislation. This is done, for example, by storing data in data centers with comprehensive physical security measures (such as locks, PIN codes, and biometrics). Furthermore, we ensure that all data is encrypted both during storage and transmission, and multi-factor authentication is required to access it. The basic principle is that only employees and persons within the organization who need access to personal data to perform their job tasks should have access to it.
Akova regularly reviews its internal security policies and procedures and updates and changes them when necessary.
7. Your Rights
Upon your request or on our own initiative, Akova will correct, delete, or complete any information that is found to be incorrect, incomplete, or misleading.
You have the right to object to the processing of personal data carried out on the basis of a balancing of interests. If you object to such processing, we will only continue to process your personal data if there are legitimate grounds for the processing that override your interests.
You also have the right to request:
- Access to your personal data: You have the right to request a copy of the personal data processed about you. You can request this once per calendar year, in writing, to receive a copy of your personal data, the purpose of processing, and information about who we have shared your data with.
- Correction of your personal data: We will correct any incorrect or incomplete information we have stored about you as soon as possible upon your request.
- Deletion of your personal data: This means that you have the right to request that your personal data be removed if it is no longer necessary for the purpose it was collected for. However, this right may be limited by legal obligations that prevent us from immediately deleting your personal data, such as under accounting or anti-money laundering laws. In such cases, we will stop processing your personal data for purposes other than complying with applicable legislation.
- Restriction of processing: This means that your personal data may only be used for specific purposes you have approved. For example, you may request a restriction if you believe that your information is incorrect and you have requested a correction under this privacy policy. During the time the accuracy of the data is being investigated, processing will be restricted.
- Data portability: This means that you have the right, under certain conditions, to extract and transfer your personal data in a structured, commonly used, and machine-readable format to another data controller.
8. Policy Changes
We may occasionally change this privacy policy. The current policy is always available on our website, and we encourage you to review this policy regularly. This policy was last updated on December 27, 2024.
9. Contact Us
To exercise any of your rights described above or if you have any questions or comments regarding our processing of personal data, you can contact us:
Akova Finans AB
Attn: Data Protection Officer
Box 90 249
120 23 Stockholm, Sweden
Phone: +46 8 12 12 12 12
Email: [email protected]
You also have the right to lodge complaints regarding our processing of your personal data with the Swedish Data Protection Authority (Integritetskyddsmyndigheten), which is the responsible supervisory authority for personal data processing in Sweden.
Contact details for the Swedish Data Protection Authority:
Phone: +46 8 657 61 00
E-mail: [email protected]