Privacy Policy

Privacy Policy

  1. Controller and contact information
    1. Controller: "Swedbank" AS, registration No. 40003074764, legal address: Balasta dambis 15, Riga, LV-1048
    2. Requests or questions related to the processing of your personal data should be sent electronically, signed with a secure electronic signature, to the email address: dpays@swedbank.com or submitted to the controller in person.
  2. Procedure for processing personal data
    1. "Swedbank" AS, as the controller, processes personal data for the following purposes:
      1. To create and maintain the User's profile on the dPays platform;
      2. To ensure the provision of the Service in accordance with the Terms;
    2. The legal basis for the processing of the User's personal data for the aforementioned purposes is the performance of a contract (dPays Terms).
    3. The personal data provided by the User (name, surname, email, account number) is processed only for the purposes mentioned in point 2.1 and stored only as long as necessary to fulfil those purposes.
    4. The User can request the deletion of their profile on the dPays platform by using the "delete profile" functionality. In such cases, the User's personal data (name, surname, email, account number) is deleted immediately, but no later than 24 hours after the User's request. The processing of personal data takes place within the EU/EEA territory.
    5. If the User provides information about third parties for the purpose of receiving the Service, the User undertakes to inform the involved persons about the data processing. The User confirms that there is a legal basis for the transfer of personal data, and the controller does not need to verify this separately.
    6. Access to the User's personal data, as necessary, may be granted to:
      1. The controller's employees who need it to perform their job duties;
      2. The personal data processor who ensures the operation of the dPays platform;
      3. Other controllers, but only to the necessary extent, such as auditors;
      4. Law enforcement authorities, such as the police, in cases specified by law;
    7. The controller takes appropriate security measures to ensure the protection of personal data in accordance with applicable laws. The controller carefully selects personal data processors and evaluates the necessity and scope of data transfer. Data transfer to the processor is carried out in compliance with personal data confidentiality requirements.
    8. The processing of the User's personal data is carried out within the EU/EEA territory.
    9. General information about the personal data processing carried out by "Swedbank" AS is available on the "Swedbank" AS website under the section "Personal Data Processing" and/or "Regulations".
  3. Rights of the Data Subject
    1. The data subject has the following rights:
      1. To request information about their personal data processed on the Platform;
      2. To request corrections to their personal data processed on the Platform;
      3. To request the deletion of their personal data processed on the Platform;
      4. To object to the processing of personal data or to restrict the processing of personal data;
      5. To submit a question or complaint regarding the processing of their personal data to the controller;
      6. To submit a complaint to the Data State Inspectorate or a court. A complaint can also be submitted to the supervisory authority in the EU Member State of the data subject's permanent residence or place of work.