Privacy notice

Billhop AB (org nr 556859-5416) are keen to protect our customers’ and users’ privacy. Billhop operate as controller for the services that we provide.
In our privacy notice, we explain how we process your personal data and what we do to respect your integrity.

Information that you give to Billhop

You may directly or indirectly give us information about yourself in several ways, for example when registering for a user account, when your employer signs you up for a user account or when signing a corporate agreement. The information can e.g. be name, address, employer, phone number and email address.

Information that Billhop collects

In order to pay invoices through Billhop, your personal data needs to be processed. You may directly or indirectly give us information about yourself (personal data) in several ways, for example when registering for a user account, but we may also gather information from third parties. The personal data that we process includes:


Personal and contact information – name, employer, email, telephone number etc.

Information about your interaction with Billhop – e.g. how you use our services, including page response times, entry and exit methods, potential download errors etc.

Device information – e.g. IP address, browser settings, operating system and platform.

Geographical information – your geographical location.

Director/Beneficial Owner/Authorised signatory

Personal and contact information – name, date of birth, employer, email, telephone number etc.

Information about your involvement in the company – title/position, ownership share, authority

Billhop only process special categories of data if you are a so-called PEP (Politically Exposed Person), where we confirm the reason for the PEP status.

Other information we process that isn’t personal data

Payment information – invoice number, beneficiary, amount, payment date and what type of credit card you are using.

Processing of your personal Information

The personal data we gather about you is used to enable us to provide you with our service and to fulfil legal and contractual obligations. We may also use your personal data to communicate with you and conduct customer analysis.

We process personal data for the following purposes and legal bases:

Purpose of the processingLegal basis for the processing
To manage the business relationshipPerformance of contract
To confirm your identity and verify your detailsCompliance with legal obligations
To carry out our obligations towards you, process your payment and provide you with the information neededCompliance with legal obligations and legitimate interest
To ensure that content is presented in the most effective manner for you and your deviceLegitimate interest
To prevent misuse of our serviceCompliance with legal obligations
To carry out risk analysis, fraud prevention and risk managementCompliance with legal obligations
To prevent anti-money laundering and financing of terrorismCompliance with legal obligations
To communicate with youLegitimate interest
To perform customer analysis on an aggregated levelLegitimate interest
To register and set up your accountLegitimate interest



Profiling is an automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning you as a customer. Billhop use profiling in our work to prevent money laundering and financing of terrorism, by e.g. analysing and assessing our clients’ risk profiles and your user behaviour. This means that we don’t profile you as an individual, but only your employer, since it is the legal person that is our customer.

Our system automatically signals if your user behaviour does not match how you previously have used our service, whereby our customer service can get in touch with you in order to control the transactions at hand. Profiling used in our business is based on compliance with legal obligations, in accordance with applicable anti-money laundering regulation.


We are keen to protect your privacy and your interest in having your personal data processed with the utmost care. We therefore apply high security standards and take all reasonable measures to ensure that your personal data is processed securely. However, please note that it is unfortunately never completely safe to transfer information via internet and mobile networks, even though we do our best to protect your personal data. It is therefore important that you act
responsibly to ensure that your personal data is protected. You are advised to treat your login information to the service as confidential and you are responsible for keeping login information secret by, for example, not disclosing it to anyone else.

Disclosure of personal data to third parties

We may transfer to or share your personal data with selected third parties to the extent it is necessary for us to provide our services. We will in such instances take all reasonable legal, technical and organisational measures to ensure that your personal data is treated securely and with an adequate level of protection.

We may transfer to or share your personal with the following third parties:

  • Authorities: such as the police, tax agencies, financial supervisory authorities and other authorities if we are required by law or if you have provided us with your consent. An example of legally required sharing is for purposes of anti-money laundering and counter- terrorist financing.
  • Suppliers: for the performance of our contractual obligations with you and for other purposes described in this privacy notice.
  • Database providers and similar providers: in order to e.g. confirm your identity and position in the company when setting up a user account.

Processing of personal data outside the EU/EEA

We strive to process your personal data within the EU/EEA. The data may however in certain situations be transferred to, and processed in, a destination outside of the EU/EEA by a supplier or subcontractor. We will in such instances take all reasonable legal, technical and organisational measures to ensure that your data is treated securely and with an adequate level of protection in accordance with the applicable data protection regulation.

Storage of personal data

We keep your personal data only as long as necessary to fulfil our contractual obligations towards you and as required by applicable law and regulation, which for example is 5 years in accordance with anti-money laundering regulation.

Your rights

You have rights regarding your personal data. If you want to exercise your rights, you are welcome to get in touch with us via the contact details listed in the end of this privacy notice.

Right of access – You have the right to request a copy of your personal data that Billhop process. The request shall be made in writing.

Right to rectification – We do our best to keep your personal data correct, complete and up to date. If you notice that we have incorrect or outdated data about you, please contact our customer support so that it can be updated.

Right to be forgotten – You have the right to request the deletion of your personal data when it is no longer necessary for the purpose for which it is processed and where there are no legal obligations that would hinder such deletion.

Right to restrict– You have, under certain circumstances, the right to request us to restrict the processing of your data so that it is only used for limited purposes, e.g. during the verification of the accuracy of personal data.

Right to object – You have the right to object to certain use of your personal data if you believe that your right to privacy weighs heavier than Billhop’s interest in processing your personal data. You always have the right to object to processing for the purpose of direct marketing.

Right to data portability – If our right to process your personal data is based on either consent or performance of contract, you have the right to request that we transfer the personal data that you have provided to us, to a third party. This is provided that such transfer is technically possible and can be done in an automated way.

Swedish Data Protection Authority

If you are unhappy with how we process your personal data, you are welcome to contact us and we will do our best to solve the issue. You also have you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten).


We may, from time to time, change this privacy policy by sending the updated version by email. All changes take effect automatically 30 days after publication. However, if we make changes to the privacy policy which are deemed necessary for us to comply with legal obligations or authorities’ opinions or decisions, the new privacy policy will take effect immediately after it has been communicated.

Contact information

To contact us, please email at If you would like to send a letter, you can address it to: Billhop AB, Kungsgatan 8, 111 43 Stockholm, Sweden. If you prefer to call, we are available on telephone number: +44 (0)20 386 834 39. You can also contact our data protection officer at

Billhop AB is a Swedish payment institute, authorised and regulated in Sweden by the Swedish Financial Supervisory Authority. We are exempt from the prohibition, in regulation 138 of the UK Payment Services Regulations 2017, on providing payment services in the United Kingdom and we are not authorised by the UK Financial Conduct Authority. Billhop upholds industry best-in-class security standards including 2FA and issuer security solutions such as 3DS. All client funds are safeguarded through standard client funds account setup.