Our services are mainly provided to corporate subscribers on a contractual basis. As an individual user you will be entitled to use the services on the basis we have defined with the relevant corporate subscriber. We also collect personal data from non-users when you schedule a demo with us.
This policy addresses how Finana uses, transfers, and stores the personal data we collect about individuals (“Users”) when they access our website or any instance of our online applications (“Datia Platform”), or use any of our services or products ( “Finana Products”), or otherwise have their personal data submitted to us in accordance with this policy.
By using any of the Finana Products and/or you or a corporate subscriber you work for agreeing to our terms and conditions, Users are accepting the practices and guidelines set out in this document (the “Policy”).
When we refer to Finana, “we” or “us” in this Policy, we are referring to Finana and its affiliates together with, as applicable, the Finana Products.
Full name of legal entity: Finana AB (a company registered in Sweden with company number 559220-2757 whose registered office address is Läckövägen 32, 121 50, Johanneshov, Stockholm, Sweden.
Email address: firstname.lastname@example.org
Postal address: Läckövägen 32, 121 50, Johanneshov, Sweden
You have the right to make a complaint at any time to Datainspektionen], the supervisory authority for data protection issues in Sweden (email@example.com). We would, however, appreciate the chance to deal with your concerns before you approach Datainspektionen, so please contact us here: firstname.lastname@example.org – in the first instance.
It is important that the personal data we hold about you is current and accurate. Please keep us informed if your personal data changes during your relationship with us.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). For the full definition of personal data, please see paragraph 11.
We may collect, use, store and transfer different kinds of personal data about you, grouped as
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of Users accessing a specific feature of the Datia Platform.
We may also anonymize data (Anonymised Data) that we collect, use and share for the purposes of providing support to you, a corporate subscriber, and other Users of Finana Products. Like Aggregated Data, this data does not directly or indirectly reveal your identity.
However, if we combine or connect Aggregated Data or Anonymised Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) or any information about criminal convictions and offenses.
Where we need to collect personal data by law, or under the terms of a contract we have with the corporate subscriber authorizing your access to the Datia Platform and you fail to provide that data when requested, we may not be able to allow you access to Finana Products. In this case, we will let you know if access to Finana Products is denied.
3.1.1 Direct interactions. You or a third party authorized by your employer will or will arrange to provide your Identity, Contact, Employment, and Profile Data when registering an account with us or requesting access to Finana Products. You may also provide us with this information when corresponding with us by telephone, phone, email, social media, or otherwise.
3.1.2 Automated technologies or interactions. As you interact with any Finana Products, we may automatically collect Technical Data and Usage Data. We collect this personal data by using cookies, server logs, web beacons/pixels, and other similar technologies.
3.1.3 Third parties. We may receive personal data about you from various third parties, e.g. your employer or a corporate subscriber, as set out below:
220.127.116.11 Identity, Contact and Corporate Subscriber Data from the corporate subscriber authorizing your access to any Finana Products to whom we are providing services.
18.104.22.168 Identity, Contact and Corporate Subscriber Data from or on behalf of your employer who has authorized your access to any Finana Products or provided us with your personal data as a result of your employer providing services to a corporate subscriber.
22.214.171.124 Identity, Contact, Corporate Subscriber, Technical, Profile and/or Usage Data from the provision of support service provided.
126.96.36.199 Identity, Contact, and Corporate Subscriber Data from a third party who has been expressly permitted by you, your employer, or a corporate subscriber.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
4.1.1 Where we need to allow you to access any Finana Product and to provide support services.
4.1.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, our legitimate interests may include the administration and management of our business and the provision of our services to the corporate subscriber authorizing your access to any Finana Product.
4.1.3 Where we need to comply with a legal or regulatory obligation.
Please see paragraph 11 to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally, where applicable, we obtain, collect and process your personal data on the basis of consent for some specific marketing purposes (i.e. proposal of products & services, an invitation to events…).
We use your personal data in the following ways:
4.2.1 personal data that you provide to us is used to:
188.8.131.52 provide you with access to the information and services that the corporate subscriber authorizing your access to the Datia Platform requests from us
184.108.40.206 provide services to your employer or the corporate subscriber authorizing your access to the Datia Platform.
220.127.116.11 provide support services to you
18.104.22.168 manage and administer our business
22.214.171.124 review and improve our services
126.96.36.199 To provide you with promotional communications, such as email, to the extent that you have provided consent to receive such communications under applicable law, to notify you about changes to the Finana Products.
188.8.131.52 To provide you with an SMS service that provides you a security token that allows you to access The Datia Platform.
4.2.2 personal data that we receive from third parties may be combined with the personal data that you provide to us and used for the purposes described above.
4.2.3 personal data about your use of any Finana Product is used to:
184.108.40.206 administer the Finana Product and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
220.127.116.11 provision of support services to you
18.104.22.168 improve The Datia Platform to ensure that content is presented in the most effective manner for you and for your computer or mobile device
22.214.171.124 improve other websites we operate
126.96.36.199 refine the provision of the services offered on The Datia Platform and to assist in the development of new services
188.8.131.52 allow you to participate in interactive features of The Datia Platform, when you choose to do so
184.108.40.206 as part of our efforts to keep The Datia Platform safe and secure
220.127.116.11 provide services to your employer or a corporate subscriber
18.104.22.168 provide services to a third-party that has been expressly authorized to access Finana Products by you, your employer or a corporate subscriber
List of third party Cookies
Functional and Analytics
4.4 Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5.1 We may disclose your personal data to third parties in relation to the purposes for which personal data are processed including
5.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We store and process your personal data on servers located within the European Economic Area (the “EEA”). We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or where there are appropriate safeguards in place to protect your personal data.
We have put in place appropriate security measures (in line with the sensitivity of the personal data we process) to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Finana employs encryption technology to protect certain transmissions of data to/from the Services, but e-mail and other communications are not encrypted. You should not send any personal or identifying information, such as bank or credit card details via email. By employing e-mail or other insecure electronic communication means you acknowledge that you have no expectation of privacy with respect to the information delivered thereby and that Finana will not be responsible for any loss or damage that could result from interception by third parties of any information so sent.
How long we will use your data
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, reporting, regulatory or contractual requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: please see paragraph 9 below for further information.
Please be aware that we keep personal data for Users of Finana Products (including Identity Data, and Usage Data) for audit purposes whilst the relevant corporate subscriber is contracted to us and as required by any regulatory requirements applicable to the relevant corporate subscriber.
We may be subject to contractual requirements that specify how long we can keep your personal data (for example, in our contract for the supply of services to the corporate subscriber authorizing your access to any Finana Products).
The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.
RIGHT TO BE INFORMED
You have the right to know your personal data is being processed by us, how we use your personal data, and your rights in relation to your personal data.
RIGHT OF ACCESS
You have the right to ascertain what type of personal data Finana AB holds about you and to a copy of this personal data.
RIGHT TO RECTIFICATION
You have the right to have any inaccurate personal data which we hold about you updated or corrected.
RIGHT TO ERASURE
In certain circumstances you may request that we delete the personal data that we hold on you. You have also the right to give post-mortem instructions regarding your personal data.
RIGHT TO RESTRICTION OF PROCESSING
You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.
RIGHT TO OBJECT
Where we rely on our legitimate interests to process your personal data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.
RIGHT TO DATA PORTABILITY
In case the processing is based on your consent or a contract concluded with you, you may request us to provide you with certain personal data which you have given us in a structured, commonly used, and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.
You can exercise any of these rights by sending an email to the following address: firstname.lastname@example.org.
You have the right to make a complaint at any time to Datainspektionen the Swedish supervisory authority for data protection issues (email@example.com). We would, however, appreciate the chance to deal with your concerns before you approach Datainspektionen, so please contact us here: firstname.lastname@example.org – in the first instance.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 30 business days. It may take us longer than 30 business days if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated on the process.
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include
Means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
A cookie is an online identifier.
Data Protection Authority (DPA)
An official or body that ensures compliance with Data protection laws and investigates alleged Breaches of the laws’ provisions.
An identified or identifiable natural person.
Legitimate Interest means conducting and managing our business in our interests, or the interests of a third party. Our interests could include, for example, our internal administrative purposes or ensuring network and information security. Whether a particular legitimate interest may exist can also depend on the relationship we have with you.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests or the interests of a third party. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract. Such a contract may exist with you, your employer or a corporate subscriber with whom you or your employer have a business relationship. Alternatively, it may be necessary to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we or a corporate subscriber may be subject to.
Consent means your clear, unambiguous consent for a specific purpose, for example, for marketing and promotional materials.
Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.