Privacy Policy

Waya Finance & Technology AB ( "Waya”, “we”, “us” or “our”) are committed to protecting the personal data of our customers, debtors and all individuals who interact with our services and websites. This privacy policy (“Policy”) describes how we collect, use, disclose and protect your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and other applicable laws and regulations.

By visiting our websites, using our services or otherwise providing us with your personal information, you confirm that you have read and understood this Policy.

Privacy Policy for Waya Finance & Technology AB / Collection schedule

Personal data manager

Waya Finance & Technology AB, registered under Swedish law with organization number 559012-7725, is the personal data controller for the processing of your personal data as described in this Policy.

Collection of personal data

1. Data you provide directly

We may collect personal data that you voluntarily provide to us when you:

Creating an account: To use our services as a creditor (eg invoicing or debt collection services), you may need to register an account. We collect personal data such as your name, contact information and other necessary information to maintain customer relationships.

Communicating with us: When you contact us via our websites, email, telephone or other platforms (including social media), we may collect personal information such as your name, email address, telephone number and the content of your communication.

Using our services: As a debtor, if you use services such as "My Pages" via BankID, we collect the personal data required to verify your identity and provide the requested services.

2. Information collected automatically

When you visit our websites or use our apps, we may automatically collect certain information through cookies and similar technologies, such as:

  • IP address
  • Browser type and version
  • Time zone setting
  • Operating system and platform
  • Information about your visit, including which pages you visit and how you interact with them

3. Data from third parties

We may obtain personal data about you from third parties, including:

Credit reporting companies: Information about your credit rating and financial history.
Customers and creditors: Information necessary to fulfill our contractual obligations, such as payment history and related financial data.
Public records: Information from central and public address registers.

Legal basis and purpose of the processing

We process your personal data based on the following legal grounds:

1. Fulfillment of agreement

To fulfill our contractual obligations to you or take steps at your request prior to entering into a contract, including:

  • Providing our services to creditors and debtors
  • Manage your account and customer relationship
  • Communicate with you about our services

2. Legal Obligations

To comply with legal obligations under applicable laws and regulations, such as:

  • Rules for collection activities according to applicable laws and guidelines from the Swedish Privacy Protection Agency
  • Legislation on money laundering and terrorist financing
  • Financial reporting requirements

3. Legitimate interests (Article 6.1(f) GDPR)

To pursue our legitimate interests, provided that the processing does not override your rights and freedoms, including:

  • Improve and develop our services and websites
  • Promote our products and services
  • Prevent fraud and improve security
  • Administer our internal operations

4. Consent

With your express consent, we can process your personal data for specific purposes, such as sending newsletters or marketing communications. You have the right to withdraw your consent at any time by contacting us at compliance@waya.see.

Use of personal data

We use your personal data for the following purposes:

  • Provide services: To provide, maintain and improve our services to creditors and debtors.
  • Communication: To respond to your inquiries, provide customer support and send administrative information.
  • Legal Compliance: To comply with applicable laws, regulations and legal process.
  • Marketing: To inform you about our services and offers (with your consent).
  • Security: To protect our systems, services and users.

Disclosure of personal data

We may disclose your personal data to third parties under the following circumstances:

1. Service providers

We use trusted service providers to perform functions for us, such as:

  • IT and system administration
  • Payment processing
  • Credit reporting and fraud prevention

These service providers are bound by confidentiality agreements and may only process your data according to our instructions.

2. Group companies

We may share your personal data within the Berazy Group, there Waya is a subsidiary, for internal purposes and service delivery.

3. Legal Requirements

We may disclose your personal data when required by law or at the request of authorities, such as:

  • Regulatory Authorities and Legislative Bodies
  • Courts and law enforcement agencies

4. Business Transactions

In the event of a merger, acquisition or reorganization, your personal information may be transferred as part of the transaction.

5. Consent

With your consent, we may share your information with third parties for purposes not covered by this Policy.

International data transfers

Your personal data may be transferred to countries outside the European Economic Area (“EEA”). In the case of such transfers, we ensure that appropriate safeguards are taken, for example:

  • Transfers to countries with an adequate level of protection according to the European Commission
  • Use of standard clauses approved by the European Commission

Storage of personal data

We store your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • As long as required by law or regulations
  • For the time required to preserve legal claims
  • Until you withdraw your consent, if the processing is based on consent

After this period, the data is deleted or anonymized in a secure manner.

Data security

We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss or damage. These measures include:

  • Encryption of sensitive data
  • Strict access controls
  • Regular safety audits
  • Training of personnel in data protection

Your rights

According to the GDPR, you have the following rights:

  • Right of access: Request access to your personal data.
  • Right to rectification: Request correction of incorrect information.
  • Right to erasure: Request that your data be deleted.
  • Right to restriction of processing: Request that the processing of your data be restricted.
  • Right to data portability: Get your data in a machine-readable format.
  • Right to object: Object to the processing of your data.
  • Right to withdraw consent: Withdraw consent at any time.
  • Right to complain: Submit a complaint to the Swedish Data Protection Authority if you believe we are in breach of the GDPR.

Cookies and third-party links

We use cookies to improve your experience. For detailed information, see our Cookie Policy. Our websites may contain links to third parties for which we are not responsible.

Changes to this Policy

We reserve the right to change this Policy. Any changes are published with an updated date. Review this Policy regularly.

Contact us

For questions about this Policy, contact our data protection officer at compliance@waya.se or 010-330 20 88.

Location:
Waya Finance & Technology AB
Lilla Bommen 1, 411 04 Gothenburg, Sweden