Privacy Policy

Credeq Europe AB is the Data Controller responsible for processing your personal data.

Your privacy is important to us at Credeq Europe AB, and we take appropriate measures to ensure your personal data is handled responsibly and securely. In this Privacy Policy, we describe what personal information we collect, how we use it, and how we protect it. We aim to be open and clear about how your information is handled, and we only use your data when necessary and in line with applicable data protection laws. We also explain your rights and how you can contact us if you have any questions.

Definitions

Personal data is any information about a person that can be used to identify them, either on its own or together with other information, for instance, name, address, telephone number and e-mail address.

Data subject means any identified or identifiable natural person whose personal data is collected, stored, or processed, for example, employees, representatives, or contacts at business clients.

Processing includes any operation carried out on personal data, for example collecting, recording, storing, or organizing it.

Controller means Controller means the company that decides the purpose and means of using personal data and ensures that all processing is done according to GDPR and other applicable data protection laws.

Processor is a company or person that handles personal data on behalf of the Controller. They follow the Controller’s instructions but do not decide why or how the data is used.

Data categories and how we process it

We process personal data that is necessary for providing our products and services. The types of personal data we collect depend on your relationship with Credeq Europe AB, and include:

• Name, title, and company information, contact details such as telephone number and email address, login credentials (e.g., usernames, passwords) to authenticate users and grant access to our platform.

Although we primarily provide services to businesses and companies, we process personal data relating to individuals associated with those businesses such as directors, shareholders, beneficial owners and contact persons, in particular for purposes of due diligence, sanction screenings and creditworthiness assessments, therefore, it includes: –

• Identification data, for example, passport, identification number
• Financial and creditworthiness data for example, credit scores or credit ratings, bankruptcy or insolvency records

We collect personal data in the following ways:

• Directly from you: For example, when you request a quote, purchase a guarantee through our web portals, or submit a claim via our online claims form.
• From third parties: Occasionally, we receive personal data from the company you represent, or from another applicant involved in a guarantee.
• From publicly available sources: We also collect your data from data registries or other publicly accessible records, for instance Dun and Bradstreet.
• Through cookies and website usage data: We collect information about how you use our website to improve our services and your experience. We process this information solely for the purpose of delivering our services, handling your requests, and improving our website and offerings.

Why We use your Personal Data?

We process personal data only for specific, explicit, and legitimate purposes related to our business of distributing guarantees. This section explains why we process your data, and the legal basis we rely on as outlined below: –

Performance of contracts

• Purpose: To enter into and perform agreements related to surety guarantees.
• Legal basis: Processing is necessary for the performance of a contract (Article 6(1)(b) GDPR), or to take steps prior to entering into a contract

Compliance with legal obligations

• Purpose: To comply with applicable laws and regulations, including Anti-money laundering (AML) and counter-terrorist financing requirements, accounting, and regulatory reporting obligations
• Legal basis: Processing is necessary for compliance with legal obligations (Article 6(1)(c) GDPR).

Direct Marketing

• Purpose: To provide you with information about our products and services related to surety guarantees and maintain our business relationship.
• How we contact you: E-mail, Telephone, Website-based communication
• Legal basis: Processing is based on our legitimate interest (Article 6(1)(f) GDPR), namely to promote our services and maintain relationships with professional contacts. You have the right to object to direct marketing at any time. If you do so, we will stop processing your personal data for this purpose

How long do we store personal data?

Credeq Europe AB retains your personal data in accordance with the criteria with regards to different categories of personal data processed given below: –

• We retain the data regarding an issued guarantee for the duration of the insurance contract and until the expiry of the applicable statutory limitation periods for contractual, regulatory, or supervisory claims.
• Claims data is retained until the claim is fully settled or closed, and thereafter for the duration of the applicable statutory limitation periods for insurance, civil, or fraud-related claims, or as required by supervisory authorities for re-opened claims or audits.
• AML and sanctions-screening data is retained for the mandatory retention period required under applicable financial-sector and anti-fraud regulations.
• Accounting, tax, and financial documentation is retained for the full duration required under applicable corporate, tax, and accounting regulations.
• Prospect data is retained until the request has been processed and, where no contract is concluded, for a limited period necessary to demonstrate compliance with pre-contractual obligations, unless the individual requests earlier deletion.

To whom do we disclose your personal data?

Your personal information will only be disclosed to the extent that it is relevant to achieve the purpose of the processing and in accordance with applicable data protection laws. The categories of recipients are given below: –

• Processors: – We use third-party service providers who process personal data on our behalf and under our instructions. These include, for instance, providers of IT and cloud hosting services, payroll providers, customer communication tools, document management solution providers etc. Our service providers may change from time to time; however, they will always act on our behalf and be subject to contractual obligations to protect your personal data.
• Use of intermediaries: We distribute and administer various insurance products through authorised intermediaries within the EU/EEA. These intermediaries process certain categories of personal data on our behalf, for purposes such as collecting and assessing applications, supporting underwriting, administering policies, and assisting with claims or customer service.
  Details of intermediaries we work with are available upon request.
• Reinsurers as recipients of personal data: – As part of our reinsurance submissions and internal approval processes, reinsurers receive personal data, including management and shareholder names.
• Independent controllers: – In certain circumstances, we share or disclose personal data with third parties who act as independent controllers, for instance, professional advisors and consultants, brokers or business partners who process personal data as independent controllers.
• Legal and regulatory disclosures: – We also disclose personal data to comply with legal obligations or regulatory requirements.

Location of personal data processing

Your personal data will mainly be processed by Credeq Europe AB’s offices located within the EU/EEA and, in certain circumstances, to countries outside the EU/EEA (“third countries”).

Where personal data is transferred to recipients located outside the EU/EEA, Credeq Europe AB ensures that appropriate safeguards are in place to protect your data in accordance with the GDPR. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR,
• Transfers to countries recognized by the European Commission as providing an adequate level of protection, or You have the right to request information about the safeguards applied to any transfer of your personal data outside the EU/EEA.

Your rights

By contacting us, you may request written information about the personal data we process about you and how it is used within our business.

• Right to access

You have the right to obtain verification as to whether we process your personal data and, if so, get access to that data along with information about how it is processed and used.

• Right to rectification

You have the right to request that we correct or update inaccurate or incomplete personal data. If data is rectified at the individual’s request, Credeq Europe ABmust also inform those to whom they have provided data that data has been rectified. This does not, however, apply if it should prove to be impossible or involves excessive effort. The individual also has the right to request to be given information about whom data has been provided.

• Right to erasure (“right to be forgotten”)

You have the right to request erasure of your personal data. We will then erase your data if these data are no longer necessary for the purpose for which they were collected. However, where we are required to retain the data to comply with a legal or statutory obligation, we will not be able to erase it.

• Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance. This right applies where:

• the processing is based on your consent or on the performance of a contract to which you are a party; and
• the processing is carried out by automated means.

The right to data portability covers personal data that you have provided to us, including data generated through your use of our services. Where technically possible, you have the right to have your personal data transmitted directly from us to another data controller.

Please note that this right applies only in certain circumstances and does not apply to all types of personal data.

• Right to withdraw consent

Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.

If you withdraw your consent, we will stop processing your personal data for the purposes based on that consent. However, this does not affect the lawfulness of any processing carried out before you withdrew your consent, and we may continue to process your personal data where there is another legal basis for doing so.

• Right to object to certain types of processing

You have the right to object at any time to the processing of your personal data in the following circumstances:

• Where we process your personal data based on our legitimate interest. If you object, we will no longer process your personal data for that purpose unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
• You have the right to object at any time to the use of your personal data for direct marketing purposes. If you do so, we will immediately stop processing your personal data for marketing communications.
• Right to restrict processing of personal data

In certain cases, you have the right to request that the processing of your personal data be restricted. “Restricted” means that your personal data may only be processed for specific purposes and not used otherwise. This right applies, for example, when:

• You contest the accuracy of your personal data, and we are verifying its accuracy.
• The processing is unlawful, and you request restrictions instead of erasure.

The data subject can in such cases also request that the processing of their personal data be limited while the accuracy of the data is investigated.

Supervisory Authorities

Right to lodge a complaint

In accordance with GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection laws. Before contacting the supervisory authority, we encourage you to contact us so that we can address your concerns directly. You can find contact details below in this private notice.

The table below contains the relevant contact information for the data protection authority in the countries where we primarily operate: –

Sweden Lead supervisory authority

Integritetsskyddsmyndigheten

Fleminggatan

14 plan 7 – Box 8114

104 20 Stockholm

Tel. +46 8 657 6100

Email: [email protected]

Website: http://www.imy.se/

Cookies

Cookies are used on our website. These are small text files stored on your computer when you visit a website. Cookies are used for some features that improve our website for the user or provide us with statistics about the use of the site.

Everyone who visits a website must be informed about what cookies are used for. The user should also be given the opportunity to consent to cookies being used to store or retrieve data on e.g. mobile or computer. Most browsers allow you to block cookies. Go to https://www.nordicguarantee.com/cookies for more information on how we handle cookies.

Contact information

If you have any questions regarding the contents of this Privacy Notice or wish to make any of the abovementioned requests, please contact Credeq Europe AB Data Protection Officer (DPO) using the contact details provided below: –

Data Protection Officer

Credeq Europe AB
Kista Science Tower
164 51 Kista, Sweden
Email address: [email protected]