Privacy Policy

The purpose of this privacy policy (the "Policy") is to inform you about what personal data we collect when you use our services or visit our websites, how it is used and some of the measures we have taken to protect your personal data.

Waya Finance & Technology AB:s/Inkassogram's privacy policy

In order to process and protect personal data properly, we follow the Data Protection Regulation (EU) 2016/679 (GDPR) and the principles of good practice that are practiced in the field. Our aim is that when you visit our websites and use our services, you should be confident that we protect your personal integrity.

Waya has, as a debt collection company and holder of a debt collection permit issued by the Privacy Protection Authority, a responsibility to follow laws, regulations, policies and to actively protect integrity and security regardless of whether it is a creditor, debtor or third party.

Wayas objective is to only process personal data that is accurate and relevant and that processing should only take place to the extent that is necessary in relation to the purpose for which the data was collected. We strive to be transparent about the handling of personal data and we only process personal data where we have a legal basis in accordance with the GDPR.

This Policy and its principles apply to personal data that we collect directly from you either directly from you or from a third party such as a creditor. By personal data we mean, among other things, all information that can directly or indirectly identify you, such as your name, social security number, address, telephone number, IP address or other contact information.

This Policy applies to Wayas websites, online applications on smartphones, tablets and other mobile devices (“apps”) and your use of or access to any of our services or content that links to this Policy.

The policy does not form part of Wayas General terms and conditions but is to be considered as a documentation of Wayas approach to confidentiality and integrity issues.

As the Policy may change, we recommend that you review the current version from time to time. If we change something in the Policy, we will also update the effective date.

If you have any questions regarding this Policy or how Waya handles your personal data, please contact us as below.

Collection of personal data

Through this Policy, we want to give you a basis for making an informed decision to provide personal data to us. In the case where we base the processing of the personal data on your consent, it is your choice whether you want to provide the data or not.

Visit our websites

Simply visiting our website does not normally require you to provide any personal information.

However, we (and our service providers) may collect certain non-personal information that is made available through your browser when visiting the websites such as IP address, language setting, geographic data, date and time, and cookies. Most cookies and similar technologies only collect de-identified information, such as how you get to our website or your location. However, some types of cookies and similar technologies collect personal data. If you e.g. click on Remember me when you log in to our website and your username is stored in a cookie.

Create an account

In order to create an account to use our services as a creditor (for e.g. handling invoicing or debt collection services), the customer must register an account. To register an account, the customer is required to provide certain personal data to the customer's contact person in order to create the account and to Waya must be able to provide the services. This personal data will only be used for the administration of and to maintain the customer relationship and for marketing Wayas products and services.

Contacts with Waya

If you request information from Waya such as newsletters, product sheets, marketing materials, company information, or if you want to contact us online, via our services or via e-mail, we may (depending on the matter) collect personal data such as, for example:

  • Contact details (name, e-mail address, address, phone number)
  • Requested information
  • In case of contact via our communication platforms such as social media, we can also collect and process information you provide through our various communication platforms or our services.
  • We may also collect your geographic location
  • Other user data such as how often you use our services and what you downloaded.

Information about you as a debtor

In order to be able to fulfill agreements with our customers, e.g. sending invoices, claim management and debt collection services, we will collect and process personal data about the debtor. The information we process is name, address, social security number, information about debt, credit reference information, payment information and other information related to the creditor's requirements that we need to be able to carry out our mission, ensure your identity, account maintenance, inquiries or information in ongoing cases. We will process this information only for the purpose for which it was collected.

As a debtor, you can use your bank ID to activate my pages to more easily administer and follow your case with us. We will then request that you provide certain personal data, e.g. social security number that is needed for secure identification and to Waya shall be able to provide this service to you. By not providing Waya demanding tasks can Waya nor provide the service my pages. This means you do not have access to that service.

Diverse

We may also collect personal data from our partners, creditors or other parties who act on your behalf or other platforms in order to deliver our services. Examples include data from credit reference companies or from central address registers.

This Policy describes how we (and our service providers) may collect, use, share and store data that we gain access to.

We use your personal data to provide our services to our customers, provide requested information from Waya, send marketing material and the like, keep in touch with you, convey news and other relevant information about Waya.

You can request that your personal data be deleted at any time, provided, however, that there is no reason that justifies continued processing, e.g. to ensure payment of the claim.

Waya is responsible for personal data for all processing of personal data in connection with debt collection assignments. Waya strives to fulfill the requirements set for the processing of personal data according to the GDPR and applicable rules for debt collection companies. If you have any questions or complaints about how your personal data is processed, please contact our Data Policy Officer at data protection@waya.see. If we are unable to deal with these complaints, please contact the Swedish Data Protection Authority, imy@imy.se.

Waya is a personal data processor for the processing of personal data where our customers are responsible for personal data in connection with the provision of our invoice service services. We have concluded personal data processing agreements with all our customers to ensure that processing takes place in accordance with the GDPR.

Collection of personal data 

Waya only processes your personal data in cases where there is a legal basis for the processing. This can be either to fulfill an agreement with our customers or after a balancing of interests. If we request your consent to the processing of personal data, this will be done clearly and for a specific purpose. Consent can be withdrawn at any time and we will then no longer process the personal data provided that we do not have a legal obligation to do so or if there is any other applicable legal basis for continued processing.

How parts Waya information with others

We do not share personal data with anyone other than those listed below. We may share personal data if permitted by law, e.g.

  • with credit bureaus and similar entities to report or inquire about your financial situation and to report or collect your overdue claims in accordance with our terms.
  • with supervisory authorities, courts and government authorities to comply with legal orders, legal requirements or authority requirements and authority requests,
  • with our service providers, regulators and government agencies to detect and prevent fraud or criminal activity, and to protect Waya, our customers or the rights of others,
  • within the Berazy Group, there Waya included as a subsidiary
  • with our service providers who provide services on our behalf and help us run our business (we require the service providers to protect personal data and only use your personal data for what we specify),
  • with financial institutions or brand partners with whom we offer or develop products and services (but they may not use your personal data, in particular your email address, to market their products or services to you themselves unless you consent to them doing so);
  • in connection with a sale of all or part of the companies in the Berazy Group or their assets or
  • for specific products or services, if you have consented to this.

We can store and process your personal data in all countries Waya or our operating suppliers conduct business. When transferring personal data to countries outside the EU/EEA, responsible Waya to ensure that there is a legal basis for the transfer of personal data to, or making available from, for example through the use of the European Commission's standard contractual clauses for the transfer of personal data to third countries or regulations that replace these or standard contractual clauses.

How do we store and protect your data?

We use administrative, technical and physical security measures to protect your personal data against accidental destruction, loss, alteration, unauthorized disclosure or access or other processing that is not compliant with the GDPR. We strive to maintain an appropriate level of protection based on the type of personal data we process. This means that the level of protection is higher for data related to debt compared to just contact data to administer an email list.

We limit access to your personal data to those employees who need access to it to fulfill our commitments. Suppliers and others who perform services on our behalf get access to the data to the extent necessary for their tasks and under a commitment to confidentiality in accordance with personal data processing agreements.

We take reasonable steps to securely destroy or permanently de-identify personal data when we no longer need it. We only store your information for as long as permitted by the applicable legal basis for processing and only as long as it is necessary to deliver our services and fulfill our obligations, if the data must not be processed for a longer period in accordance with laws and regulations or for possible legal disputes and authority investigations in accordance with our debt collection services.

If the processing is based on your consent, we process the data only until the consent is withdrawn. Regardless of this, we may continue to process your personal data if it is necessary for a defined period of time to fulfill legal obligations and to protect our legal interests in a possible dispute.

Your rights

Because we process your personal data, you have certain rights according to the GDPR. You have the right to request:

  • access to your personal data;
  • that personal data that is incorrect or incomplete is corrected;
  • deletion of personal data
  • restrict further processing of your personal data;
  • object to the processing of your personal data
  • withdraw consent
  • data portability

If you want to exercise your rights according to the above, you must request it in writing, contact details below, stating your name, address and e-mail address. Waya may require you to verify your identity, e.g. with BankID.

Waya will process requests as above promptly and we will return with an answer within 30 days from the day we received the request.

If we do not grant your request, for whatever reason, you can complain to the Swedish Data Protection Authority, imy@imy.se.

Changes to the Policy

Waya reserves the right to make changes to this Policy at any time to the extent that the changes are necessary to remedy disruptions or to meet new legal or technical requirements. Any changes to this Policy will be posted on the website. The date of last change is published last on this page.

Contact

If you have any questions please contact our Data Policy Officer by email at data protection@waya.see or by mail Waya Finance & Technology AB, Lilla Bommen 1, 411 04 Gothenburg.

[2018-05-15]