Latest update: 2020-01-10
1. About us
Brite AB, reg. no 559116-1632 (“Brite”), is a licensed payment institution by the Swedish Financial Supervisory Authority to provide online banking payment solutions.
When providing our Service to you, we will process personal data relating to you. Brite values your privacy and we work hard to make sure that we process your personal data in accordance with the requirements set out in the General Data Protection Regulation (GDPR) and other applicable data protection legislation.
3. Why do we process your personal data?
We process your personal data for the following reasons:
Lawfulness of processing
To confirm your identity and verify your contact details
Performance of the contract
To be able to provide our services towards you
Performance of the contract
To follow applicable legislations
To analyze and administrate our services for our internal operations including troubleshooting, data analysis, testing, and statistical purposes.
4. What personal data do we collect?
Personal information and contact details such as; name, date of birth, address, email address, telephone number, etc.
Financial information such as account information and transaction details.
5. How do we collect your personal data?
We mainly collect your personal data directly from you, but we can also use third parties to collect your personal data. The personal data we collect from third parties is the following:
Contact details such as; name, date of birth, address, email address, telephone number, etc.
6. How long do we store your personal data?
The period that we store your personal data varies depending on the purpose of the processing. The period could either be determined by other regulations or depending on the contract we have entered with you. However, we always aim to minimize the period we store your personal data and we never store your personal data longer than necessary.
7. Who do we share your personal data with?
In certain situations, we may share your data with third parties. When we share your personal data with a data processor your personal data will only be processed in accordance with the purposes for why we collected your personal data in the first place. Meaning that data processors cannot process your personal data for additional or own purposes. We have data processing agreements in place with all our data processors to ensure that your personal data is protected in the same way as if we ourselves processed your personal data.
The third-party may be a data processor that is a company that processes personal data on behalf of us and our instructions.
We may also share your personal data with other third parties such as Governmental agencies; Datainspektionen, Financial Supervising Authorities, Skatteverket, and other agencies when applicable by law.
8. Where do we process your personal data?
We will always aim to process your personal data within the EU/EEAS. In exceptional cases, your personal data can be processed outside of EU/EEAS. For instance, if data processors, either by themselves or through another processor, are established outside of the EU/EEAS. Regardless of what country your personal data is being processed in we always take the necessary means to ensure that your personal data is as safe as if it was processed within the EU/EEAS.
We may place cookies on your device (computer, tablet, smartphone etc.) to automate filling in your personal information into forms that are needed to initiate the transaction. This allows you to save your contact information such as name, address, telephone number, e-mail address, date of birth and social security number with Brite.
We use the cookies to collect this information from Brite’s servers when you use our Services with the same device. We will then automate filling in your information into forms when you interact with Brite’s services.
10. Your rights
You, as a data subject, have certain rights regarding your personal data.
Right to erasure (“right to be forgotten”): In certain cases, you have the right to have your personal data erased. You can have your personal data erased if:
It is no longer necessary for us to save your personal data for the purposes it was collected;
Your personal data is being processed unlawfully.
Right to information and access to your data: You, as a data subject, have the right to get access to the personal data that we process about you and can, therefore, require a copy of your data.
Right to rectification: You have the right to correct inaccurate or incomplete personal data about you.
Right to restrict processing of your personal data: You have the right to restrict certain processing of your personal data.
Lodge a complaint: If you are unhappy with our handling of your personal data, you can lodge a complaint to the Swedish Data Protection Authority, which is the lead supervisory authority for Brite. You can also lodge a complaint with the data protection authority in your home country in the EU.
Exercise any of your rights: Please contact firstname.lastname@example.org with a request.
11. Do you have complaints regarding our processing of personal data?
If you want to lodge a complaint regarding our processing of personal data, please contact email@example.com. You also have the possibility to lodge a complaint to the Swedish Data Protection Authority (Datainspekitonen). Datainspektionen is the Swedish national supervising authority concerning GDPR. To lodge a complaint at Datainspektionen, please visit https://www.datainspektionen.se/other-lang/in-english/.