Privacy policy

We at Zimpler AB are serious about your privacy. All personal data is processed in accordance with applicable laws and regulations. This privacy policy details how we collect and process your personal data. Furthermore, it details your rights against us and how you can make your rights apply.

The information you supply us with

You may, directly, or indirectly, supply us with information in regards to yourself in an array of methods., For example when you confirm a purchase at a merchant or when contacting us. The information supplied to us includes inter alia personal information, contact information as well as information about the purchase itself.

Information that we collect

In order to offer our services to you we need to gather information about you. The information is supplied by or collected directly from you as a client, or anyone interested in using our services. We may also gather information from third parties.

The information we may gather includes:

  • Personal and contact information (name, date of birth, personal number, personnummer, e-mail address, mobile telephone number, address)
  • Payment information (card number, expiry date, CVV code, bank account number)
  • Financial information (credit score, income, credit history)
  • Unit information (IP address, language settings, operating system, platform and screen resolution)
  • Geographical information
  • Information about your interaction with Zimpler. (Information about your usage of our services, including error messages and response times)

Management of information

The information we collect from you is used in order for us to provide our services and fulfil all required legal and contractual duties. Furthermore, we may  use your personal details for the purposes of direct marketing or to inform you about other products and services provided by us and that may be of interest to you. We process personal data based on the following foundations:

The reason for processing

The legal ground of processing

Automated decision making

Confirming your identity and verifying your personal data and contact information

Fulfilment of contract

No

Processing your payment

Fulfilment of contract

Yes

Performing a risk analysis and prevention of fraud

Legal requirement and other warranted interests

Yes

Improving our services for users by use of data analysis including A/B testing

Warranted interest

No

Helping you with support issues

Fulfilment of contract

No

Marketing, inclusive of customer satisfaction surveys

Warranted interest

No

Transfer of personal data

The processing of personal data may be performed by partners of Zimpler where required, for service fulfilment. Hence your data will be transferred to, or shared with, a third party. When this is the case we will take all reasonable legal, technical and organizational measurements to ensure that your personal data will be treated in a safe manner with a pertinent level of protection.

We may transfer to, or share your data with, the following types of third parties;

Merchants

Zimpler may share your personal data with the merchant with  whom you are making a purchase, pertaining to personal data required for the merchant to fulfil and administer your purchase, including processing of any dispute. For personal data shared with merchants, the data protection policy and personal data processing policies applies.

Governing bodies

Zimpler may supply necessary data to governing bodies such as the police, tax agencies and other governing bodies, if we are so legally required or if you have approved our doing so. One example of legal grounds for transferring data is the regulations on anti-money laundering and terrorist financing.

Suppliers

Your personal data may be shared with credit scoring companies and identification companies aiding you in proving your identity. Zimpler uses different subcontractors depending on country and the payment method used.

We will not sell your personal data to third parties unless we have your consent in doing so.

Processing of personal data in third country

Your personal data is  meant to be processed within the EU/EEA but may in exceptional cases be transferred to, and processed in, non-EU/EEA countries by another supplier or subcontractor. We will  take all reasonable legal, technical and organizational measurements to ensure that your personal data will be treated in a way comparable to and at the same level as, is offered within the EU/EEA.

Keeping of personal data

Personal data is only kept for as long as is required to fulfil the purpose they are appointed for or fulfil obligations, under applicable laws and regulations.

Your rights

Right to register extracts

Individuals are entitled to receive information regarding what personal data Zimpler is processing about them, once a calendar year. Request of such an extract should be made in writing and be signed by the person making the request. It should  contain information about name and personal number (personnummer).

Right to correction

You are entitled to request amendment of erroneous or incomplete information about yourself by contacting Zimpler's customer support.

Right to deletion

You are entitled to request deletion of your personal data in those cases where it is no longer required for the purpose it was collected, and where there are no legal duties preventing the data from being  deleted.

Right to limitation

You are entitled to request  a limitation in processing of your personal data so that it may only be processed for limited purposes. Limitation may be requested upon challenging the correctness of personal data, if required to establish, enforce or defend legal claims and in case of objection to interest weighing. If the processing  is limited in accordance with  the mentioned situations, we may, until such limitation is lifted, other than storing, only process the data in order to establish, enforce or defend legal claims. Or to protect physical or legal person.

Right to objection

You are entitled to object to certain processing of your personal data. If you no longer want us to process your personal data for, for example, direct marketing, you may contact us.

Right to data portability

If our right to process your personal data is based upon either your consent or fulfilment of an agreement with you, you are entitled to request having data, pertaining to you and that you have supplied to us, transferred to another data controller (so called data portability). A prerequisite for data portability is that the transmission is technically feasible and can be automated.

Complaint to regulatory body

If you consider the processing of your personal data contradicts the Data Protection Regulation, you have the right to submit a complaint to the regulatory body affected (Datainspektionen).

Changes in the integrity policy

This policy may be updated from time to time. You will always find the latest version on our website.

Contact information

Controller of personal data for processing of your personal data is Zimpler AB, org. no 556887-9984, Döbelnsgatan 12, 113 58 Stockholm, Sweden. If you have questions about the processing of your personal data or when referencing the rights above, feel free to contact us at: http://support.zimpler.com/

Updated 2018-05-22