Information that you give to Billhop
You may directly or indirectly give Billhop information about yourself in several ways, for example when registering for a user account. The information can e.g. include name, address, date of birth, phone number or email address.
Information that Billhop collects
In order for you to pay invoices through Billhop, we need to process your personal data. You may directly or indirectly give us information about yourself (personal data) in several ways, for example when registering for a user account, but we may also gather information from third parties. The personal data that we process includes:
Personal and contact information – name, address, date of birth, email, telephone number etc.
Payment information – invoice number, amount, payment date and credit card type.
Information about your interaction with Billhop – e.g. how you use our services, including page response times, entry and exit methods, potential download errors etc.
Device information – e.g. IP address, browser settings, operating system and platform.
Geographical information – your geographical location.
Billhop only process special categories of data if you are a so-called PEP (Politically exposed Person), where we confirm the reason for the PEP status.
Processing of your personal data
The personal data Billhop gathers about you is used to enable us to provide you with our service and to fulfill legal and contractual obligations. We may also use your personal data to communicate with you (including marketing of our service) and conduct customer analysis.
We process personal data for the following purposes and legal bases:
To confirm your identity and verify your details (Performance of contract and compliance with legal obligations)
To carry out our obligations towards you, process your payment and provide you with the information needed (Performance of contract and compliance with legal obligations)
To ensure that content is presented in the most effective manner for you and for your device (Legitimate interest)
To prevent misuse of our service (Performance of contract and compliance with legal obligations)
To carry out risk analysis, fraud prevention and risk management (Compliance with legal obligations)
To prevent money laundering and financing of terrorism (Compliance with legal obligations)
To communicate with you (Legitimate interest)
To conduct marketing of our service (Legitimate interest)
To perform customer analysis on an aggregated level (Legitimate interest)
To register and set up your account (Performance of contract)
Profiling is an automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular to analyse or predict aspects concerning you as a customer. Billhop use profiling in our work to prevent money laundering and financing of terror, by e.g. analyzing and assessing your risk profile and your user behavior. Our system automatically signals if you constitute a high-risk customer or if your user behaviour does not match how you previously have used our service, whereby our customer service can get in touch with you in order to control the transactions at hand. Profiling used in our business is based on compliance with legal obligations, in accordance with applicable anti-money laundering regulation.
We are keen to protect your privacy and your interest in having your personal data processed with the utmost care. We therefore apply high security standards and take all reasonable measures to ensure that your personal data is processed securely. However, please note that it is unfortunately never completely safe to transfer information via internet and mobile networks, even though we do our best to protect your personal data. It is therefore important that you act responsibly to ensure that your personal data is protected. You are advised to treat your login information to the service as confidential and you are responsible for keeping login information secret by, for example, not disclosing it to anyone else.
Disclosure of personal data to third parties
We may transfer to or share your personal data with selected third parties to the extent it is necessary for us to provide our services. We will in such instances take all reasonable legal, technical and organisational measures to ensure that your personal data is treated securely and with an adequate level of protection.
We may transfer to or share your personal data with the following third parties:
- Authorities: Such as the police, tax agency, financial supervisory authority and other authorities if we are required by law or if you have provided us with your consent. An example of legally required sharing is for purposes of anti-money laundering and counter-terrorist financing.
- Database providers and similar providers: In order to e.g. confirm your identity and address when registering for a user account.
- Payment recipients: If a payment recipient is unable to determine the origin of a payment transaction e.g. due to an incorrectly stated reference number, we may share your personal data with the recipient to make sure that the payment is identified correctly.
Processing of Personal Data outside the EU/EEA
We strive to process your personal data within the EU/EEA. The data may however in certain situations be transferred to, and processed in, a destination outside of the EU/EEA by a supplier or subcontractor. We will in such instances take all reasonable legal, technical, and organisational measures to ensure that your personal data is treated securely and with an adequate level of protection in accordance with the applicable data protection regulation.
Storage of Personal Data
We keep your personal data only as long as necessary to fulfill our contractual obligations towards you and as required by applicable law and regulation, which for example is 5 years in accordance with anti-money laundering regulation.
You have rights regarding your personal data. If you want to exercise your rights, you are welcome to get in touch with us via the contact details listed in the end of this privacy notice.
Right of access – You have the right to request a copy of your personal data that Billhop process. The request shall be made in writing, include the customer's name and date of birth and be signed.
Right to rectification – We do our best to keep your personal data correct, complete and up to date. If you notice that we have incorrect or outdated data about you, please contact our customer support so that it can be updated.
Right to be forgotten – You have the right to request the deletion of your personal data when it is no longer necessary for the purpose for which it is processed and where there are no legal obligations that would hinder such deletion.
Right to restrict – You have, under certain circumstances, the right request us to restrict the processing so that it is only processed for limited purposes, e.g. during the verification of the accuracy of personal data.
Right to object – You have the right to object to certain processing of your personal data if you believe that your right to privacy weighs heavier than Billhop's interest in processing your personal data. You always have the right to object to processing for the purpose of direct marketing.
Right to data portability – If our right to process your personal data is based on either consent or performance of contract, you have the right to request that we transfer the personal data that you have provided to us to a third party. This is provided that such transfer is technically possible and can be done in an automated way.
Swedish Data Protection Authority
If you are unhappy with how we process your personal data, you are welcome to contact us and we will do our best to solve the issue. You also have the right to lodge a complaint with the Swedish data protection authority (Sw. Datainspektionen).
To contact us, please email at email@example.com. If you would like to send a letter, you can address it to: Billhop AB, Kungsgatan 8, 111 43 Stockholm, Sweden. If you would prefer to call, we are available on telephone number: 020 386 834 39. You can also contact our data protection officer at firstname.lastname@example.org