1. General introduction
Swiftcourt AB, company registration number 559084-1721 having its registered address at Dockplatsen 1, 211 19 Malmö (“Swiftcourt” “we” or “us”), is the Controller for your personal data when using the Payment service as we decide how and for what purposes your personal data is processed. All definitions in this Privacy Policy shall be interpreted in accordance with applicable data protection laws which refers to the Swedish Data Protection Act (SFS 2018:218) and the General Data Protection Regulation (Regulation no. 2016/679) and the Directive on Privacy and Electronic Communications (Directive 2002/58/EC), as well as the national implementations and related national legislation.
This document contains a policy statement regarding Swiftcourt’s collection, use and processing of personal data (“Privacy Policy”) in relation to the use of it’s Payment Service (also called Swiftcourt Secure Escrow Payment) as described in the Terms & Conditions - Payment Service . This Privacy Policy is applicable when you use our Payment service after you’ve signed a digital sales contract through our application and chosen to use the Payment service as part of that contract. The use of and the processing of data in Swiftcourt’s digital contract service is governed by The General Terms & Conditions and General Privacy Policy .
2. Data processed
Contact and identification data
- Full name
- Date of birth
- Social security number
- E-mail address
- Mobile phone number
- Nationality
- Age
Information about goods/services -
- Details concerning the goods you’re selling/have sold or buying/have bought
- Registration number or other types of identification on vehicles
- Price of the goods
Payment information
- Bank account information
3. Purpose and legitimate interest for the data processing
In the table below you can read about the following:
- Why we need your personal data and what we will use it for (Processing purpose)
- If the data comes directly from you or from another source, for example a third-party service provider
- Our legal rights and legitimate interest we have to process your data under current data protection legislation (Legal basis)
| Processed data | Source | Processing purpose | Legitimate interest | Data storage |
|---|---|---|---|---|
| First- and last name |
|
Confirm your identity and that the data you provide is correct, as well as to counter criminal activities, prevent fraud, carry out risk management and to ensure legal compliance with financial regulations in relation to providing financial services, such as payments, escrow accounts, payouts and refunds. | The processing is necessary for Swiftcourt to be able to provide the Payment service to you and to execute and perform a contract with you. Swiftcourt is also required by law to establish the identity of the customers using the payment service as well as to know all details about the transactions carried out in the payment service. Also, Swiftcourt is also required to comply with financial regulations concerning anti-money-laundering, anti-bribery and other sanction-based activities. Thus, in summary, the processing is necessary for Swiftcourt to carry out the Payment service to you and to legally comply with the regulations surrounding the Payment service. Also, the processing is based on your explicit consent. | The time Swiftcourt stores your personal data depends on the data and the regulations around it. For instance, personal data that is processed for the purpose to fulfill legal and regulatory obligations must be stored for a certain time period by Swiftcourt. More information about this can be found under the point “Retention”. |
| Social security number | ||||
| Email address | ||||
| Phone number | ||||
| Address | ||||
| Other personal data stated in your sales contract | ||||
| Statement of origin of funds | ||||
| Registration and/or identification number (e.g. car, motorcycle, boat, etc.) | ||||
| Copy of contract PDF | From Swiftcourt's Contract service | |||
| Timestamps of certain events in the Payment service | From Swiftcourt’s Payment service | |||
| Bank account information | From Tink's open banking services; Account information and payment initiation services |
The personal data mentioned in the table above is relating specifically to the use of the Payment service. Swiftcourt also processes other personal data in general when you use Swiftcourt’s services (such as IP address, browser data, etc.). More information on the data that’s generally processed can be found in Swiftcourt’s general Privacy Policy, which you accepted when you created your user account with Swiftcourt and before using the digital contract service.
4. Data transfer to third parties - Ping Payments AB
Swiftcourt shares and transfers your personal information to relevant third parties and specific service providers to be able to provide the Payment service to you. Personal data is only shared and transferred within the EU / EEA. The data sharing/transfer is subject to your consent, either explicitly or via the acceptance of this Privacy Policy.
When we share your personal data, we ensure that the recipient processes it in accordance with this notice, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law.
Swiftcourt relies on Ping Payments AB (559123-5378) (“Ping Payments”) to deliver this Payment service to you. Ping Payments is a licensed Payment Institution under the supervision of the Swedish Financial Supervisory Authority (Finansinspektionen). Ping provides payment services under the Swedish Payment Services Act (2010:751) and the EU Directive 2015/2366 about payment services (PSD2) and has the authority to provide payment services across EU/EES (for details about Ping Payment’s role in the service see our Terms & Conditions - Payment Service.
Therefore, Swiftcourt has to transfer your personal data to Ping Payments to be able to ensure the fulfillment of this agreement with you and to fully deliver the Payment service with all services and functionalities within. All data transfer is in line with GDPR regulations and therefore, only personal data that we are allowed and/or required to transfer will be processed.
Ping Payments, on the other hand, relies on Swiftcourt to collect and process your personal data to enable and ensure that Ping Payments fulfills its obligations as a financial institution and delivers the Payment service to you. The personal data that Swiftcourt shares with Ping Payments will also be stored by Ping Payments. For more details about data storage on both Swiftcourt and Ping Payment’s side, see the section Retention below.
The purpose and the legal basis for sharing personal data with Ping Payments are to provide you with all the services and functionalities within the Payment service. Both Swiftcourt and Ping Payments has a legitimate interest to process your personal data to ensure compliance with all financial regulations needed to provide a safe and secure Payment service. Ping Payments will also use the data to perform different types of register checks to fulfill their legal obligations to prevent money laundering, financing of terrorism and other unlawful use of financial services.
Swiftcourt shares and transfers the following personal data to Ping Payments for the following purposes:
| Processed data | Purpose of data transfer | Time of data transfer |
|---|---|---|
| First- and last name | To confirm your identity and that the data you provide is correct, as well as to counter criminal activities, prevent fraud, carry out risk management and ensure legal compliance with financial regulations in relation to providing financial services, such as payments, escrow accounts, payouts and refunds. | Seller/Buyer: After the contract is signed and the escrow payment was chosen as the payment method |
| Social security number | ||
| Email address | ||
| Phone number | ||
| Address | ||
| Bank account information | Seller: After the seller has chosen their bank account in the payment service Buyer: After the buyer has transferred the money to the escrow account |
|
| Any personal data stated in your contract | Seller/Buyer: After the contract is signed and the escrow payment was chosen as the payment method | |
| Timestamps of certain events in the Payment service | Seller/Buyer: At various points during the use of the payment service | |
| Registration and/or identification number (e.g. car, motorcycle, boat, etc.) | Seller/Buyer: After the contract is signed and the escrow payment was chosen as the payment method | |
| Copy of contract PDF |
5. Responding to legal requests and preventing harm
Swiftcourt may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.
For the sole purpose of preventing fraud, we may share your IP Address and location, Internet Service Provider, email address, and domain data to related third parties, at the time of creating a user in our Service. Third parties may store the data for an indefinite time, however, they will only process this data for the purpose of preventing fraud on their side.
6. Cookies, pixels and other system technologies
Swiftcourt collect information by using technology such as cookies, pixels and local storage (on your browser or device). For information about how we use these types of technologies, please see our cookie policy (available here: Cookie policy).
7. Retention
Swiftcourt will store your personal data in relation to the use of the Payment service for up to 10 years to comply with financial regulations, including but not limited to bookkeeping, anti-money-laundering, anti-bribery, etc. The duration of the storing of your personal data depends on the purpose for which Swiftcourt saves your information.
Personal data that is used to fulfill the agreement between you and Swiftcourt is usually stored for the duration of that agreement, i.e. for as long as you’re using the Swiftcourt service, incl. but not limited to storage of your digital contracts and transaction history. After the agreement has ended Swiftcourt will save your personal data, due to statute of limitations for a maximum of 10 years. Personal data that Swiftcourt needs to store for regulatory purposes, such as AML, will usually be stored for 5 or 7 years. Swiftcourt always stores your personal data on servers that are located within the EU/EEA. Once the period is over Swiftcourt will manually delete your personal data to ensure that personal data is not processed for a longer period than necessary to fulfill the respective purpose the data was collected for.
Personal data that is not used to fulfill the agreement between you and Swiftcourt or that Swiftcourt does not have to save due to regulatory and legal requirements, can only be stored as long as it is deemed necessary to fulfill the agreement (usually for 3 months). If you wish us to delete your account, Swiftcourt will delete your personal data mentioned above to the extent Swiftcourt deems possible to comply with its regulatory obligations.
Your personal data that Swiftcourt has shared with Ping Payments to enable you to use this Payment service, will be identically stored on Ping Payment’s side based on the same reasons as mentioned above. You can read more about how Ping Payment’s process your personal data in their Terms & Conditions.
8. Your rights
You have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds.
PLEASE NOTE! Withdrawal of your consent will affect Swiftcourt’s ability to provide the Payment service to you and the Payment service will be canceled or stopped after the withdrawal.
You have the right to request information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You may also raise an objection against the processing of your personal data.
If the processing is based on the legal grounds of consent or fulfillment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to other data controllers.
9. Contact information
To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact our Data Protection officer (DPO) Johan Hedén Hultgren at the following address: dpo@swiftcourt.se, Dockplatsen 1, 211 19 Malmö. In your letter/e-mail please state your full name, the e-mail address used for registration and insert any other information Swiftcourt needs in order to process the request.
If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent supervisory authority. You can find out more about the local supervisory authorities under the following link:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
10. Notice of changes of the privacy policy
If we make changes to the Privacy Policy that affect your personal data and the use of service in a significant way we will notify you via email. If your consent is required due to the changes, we will provide you additional prominent notice as appropriate under the circumstances and, ask for your consent in accordance with applicable law. Furthermore, you will be asked to consent to the Privacy Policy every time when starting to use the Payment service.