1. General introduction
2. Data processed
Contact and identification data
- Full name
- Date of birth
- Social security number
- E-mail address
- Mobile phone number
Information about goods/services -
- Details concerning the goods you’re selling/have sold or buying/have bought
- Registration number or other types of identification on vehicles
- Price of the goods
- Bank account information
3. Purpose and legitimate interest for the data processing
In the table below you can read about the following:
- Why we need your personal data and what we will use it for (Processing purpose)
- If the data comes directly from you or from another source, for example a third party service provider
- Our legal rights and legitimate interest we have to process your data under current data protection legislation (Legal basis)
|Processed data||Source||Processing purpose||Legitimate interest||Data storage|
|First- and last name||
||Confirm your identity and that the data you provide is correct, as well as to counter criminal activities, prevent fraud, carry out risk management and to ensure legal compliance with financial regulations in relation to providing financial services, such as payments, escrow accounts, payouts and refunds.||The processing is necessary for Swiftcourt to be able to provide the Payment service to you and to execute and perform a contract with you. Swiftcourt is also required by law to establish the identity of the customers using the payment service as well as to know all details about the transactions carried out in the payment service. Also, Swiftcourt is also required to comply with financial regulations concerning anti-money-laundering, anti-bribery and other sanction-based activities. Thus, in summary, the processing is necessary for Swiftcourt to carry out the Payment service to you and to legally comply with the regulations surrounding the Payment service. Also, the processing is based on your explicit consent.||The time Swiftcourt stores your personal data depends on the data and the regulations around it. For instance, personal data that is processed for the purpose to fulfill legal and regulatory obligations must be stored for a certain time period by Swiftcourt. More information about this can be found under the point “Retention”.|
|Social security number|
|Other personal data stated in your sales contract|
|Statement of origin of funds|
|Registration and/or identification number (e.g. car, motorcycle, boat, etc.)|
|Copy of contract PDF||From Swiftcourt's Contract service|
|Timestamps of certain events in the Payment service||From Swiftcourt’s Payment service|
|Bank account information||From Klarna’s open banking services; Account information and payment initiation services|
4. Data transfer to third parties - Ping Payments AB
When we share your personal data, we ensure that the recipient processes it in accordance with this notice, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law.
Swiftcourt relies on Ping Payments AB (559123-5378) (“Ping Payments”) to deliver this Payment service to you. Ping Payments is a licensed Payment Institution under the supervision of the Swedish Financial Supervisory Authority (Finansinspektionen). Ping provides payment services under the Swedish Payment Services Act (2010:751) and the EU Directive 2015/2366 about payment services (PSD2) and has the authority to provide payment services across EU/EES (for details about Ping Payment’s role in the service see our Terms & Conditions - Payment Service.
Therefore, Swiftcourt have to transfer your personal data to Ping Payments to be able to ensure the fulfillment of this agreement with you and to fully deliver the Payment service with all services and functionalities within. All data transfer is in line with GDPR regulations and therefore, only personal data that we are allowed and/or required to transfer will be processed.
Ping Payments, on the other hand, relies on Swiftcourt to collect and process your personal data to enable and ensure that Ping Payments fulfills its obligations as a financial institution and delivers the Payment service to you. The personal data that Swiftcourt shares to Ping Payments will also be stored by Ping Payments. For more details about data storage on both Swiftcourt and Ping Payment’s side, see the section Retention below.
The purpose and the legal basis for sharing the personal data to Ping Payments is to provide you with all the services and functionalities within the Payment service. Both Swiftcourt and Ping Payments has a legitimate interest to process your personal data to ensure compliance with all financial regulations needed to provide a safe and secure Payment service. Ping Payments will also use the data to perform different types of register checks to fulfill their legal obligations to prevent money-laundering, financing of terrorism and other unlawful use of financial services.
Swiftcourt shares and transfers the following personal data to Ping Payments for the following purposes:
|Processed data||Purpose of data transfer||Time of data transfer|
|First- and last name||To confirm your identity and that the data you provide is correct, as well as to counter criminal activities, prevent fraud, carry out risk management and to ensure legal compliance with financial regulations in relation to providing financial services, such as payments, escrow accounts, payouts and refunds.||Seller:
|Social security number||Seller:
|Bank account information||Seller:
|Any personal data stated in your contract||Seller:
|Timestamps of certain events in the Payment service||Seller:
|Registration and/or identification number (e.g. car, motorcycle, boat, etc.)||Seller:
|Copy of contract PDF||Seller:
5. Responding to legal requests and preventing harm
Swiftcourt may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.
For the sole purpose of preventing fraud, we may share your IP Address and location, Internet Service Provider, email address, and domain data to related third parties, at the time of creating a user in our Service. Third parties may store the data for an indefinite time, however, they will only process this data for the purpose of preventing fraud on their side.
6. Cookies, pixels and other system technologies
Swiftcourt will store your personal data in relation to the use of the Payment service for up to 10 years to comply with financial regulations, including but not limited to bookkeeping, anti-money-laundering, anti-bribery, etc. The duration of the storing of your personal data depends on the purpose for which Swiftcourt saves your information.
Personal data that is used to fulfill the agreement between you and Swiftcourt is usually stored for the duration of that agreement, i.e. for as long as you’re using the Swiftcourt service, incl. but not limited to storage of your digital contracts and transaction history. After the agreement has ended Swiftcourt will save your personal data, due to statute of limitations for a maximum of 10 years. Personal data that Swiftcourt needs to store for regulatory purposes, such as AML, will usually be stored for 5 or 7 years. Swiftcourt always stores your personal data on servers that are located within the EU/EEA. Once the period is over Swiftcourt will manually delete your personal data to ensure that personal data is not processed for a longer period than necessary to fulfill the respective purpose the data was collected for.
Personal data that is not used to fulfill the agreement between you and Swiftcourt or that Swiftcourt does not have to save due to regulatory and legal requirements, can only be stored as long as it is deemed necessary to fulfill the agreement (usually for 3 months). If you wish us to delete your account, Swiftcourt will delete your personal data mentioned above to the extent Swiftcourt deems possible to comply with its regulatory obligations.
Your personal data that Swiftcourt has shared with Ping Payments to enable you to use this Payment service, will be identically stored on Ping Payment’s side based on the same reasons as mentioned above. You can read more about how Ping Payment’s process your personal data in their Terms & Conditions.
8. Your rights
You have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds.
PLEASE NOTE! Withdrawal of your consent will affect Swiftcourt’s ability to provide the Payment service to you and the Payment service will be canceled or stopped after the withdrawal.
You have the right to request information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You may also raise an objection against the processing of your personal data.
If the processing is based on the legal grounds of consent or fulfillment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to other data controllers.
9. Contact information
To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact our Data Protection officer (DPO) Johan Hedén Hultgren at the following address: firstname.lastname@example.org, Dockplatsen 1, 211 19 Malmö. In your letter/e-mail please state your full name, the e-mail address used for registration and insert any other information Swiftcourt needs in order to process the request.
If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent supervisory authority. You can find out more about the local supervisory authorities under the following link:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.