Current version 2.1

Published: 2 August 2023
Latest updated: 21 May 2024

Privacy Policy

Intergiro's Privacy Policy

The protection of private individuals’ personal data is a fundamental right, protected by the Charter of Fundamental Rights of the European Union and the General Data Protection Regulation (GDPR). Intergiro is committed to stand behind and uphold the fundamental rights which have built the foundation of the European Union. Especially in the world of today where human fundamental rights cannot be taken for granted. Thus we at Intergiro are committed to protecting the privacy of our customers and other parties with whom we interact, such as people applying for a job with us or visiting our website. 

We wrote this privacy policy to let you know:

  1. who we are; 
  2. why we process personal data; 
  3. when and how we collect personal data;
  4. what types of personal data we process and for whom;
  5. with whom we share personal data; 
  6. for how long we store personal data; 
  7. what your rights are and how you can contact us; and 
  8. how changes can be made to this privacy policy.

But first - what is personal data? 

In legal jargon, ‘personal data’ is any information relating to an identified or identifiable natural person (the ‘data subject’). In the EU, personal data and your privacy is regulated by law, the GDPR. According to the GDPR, any information that can be used to identify a person or be linked to that person is personal data. Examples of personal data are name, identification number, contact information, online identifiers such as IP address, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

1. Who are we?

We are Intergiro, a Swedish fintech company, whose purpose is to design financial infrastructure for innovators and change-makers to build, adapt and thrive in this brave new interconnected world.

Our formal company name is Intergiro Intl AB (publ) and we are licensed and supervised by the Swedish Financial Supervisory Authority (Sw. Finansinspektionen) as an electronic money institution with the authority to issue electronic money and to provide payment services. Our company registration number is 556965-3537, our VAT number is SE556965353701 and our license number is 48003. Our registered address is Box 3093, 103 61 Stockholm, Sweden.

We are the data controller and responsible for the processing of the personal data described in this privacy policy. This privacy policy also applies to our subsidiaries and branches, both in Sweden and in the EU.

2. Why do we process personal data?

This privacy policy applies to you if you are, or sign up to become, an Intergiro customer, and/or you are, or sign up to become an authorised user on Intergiro’s customer side. It further applies to our business partners, if you apply for a job with us or if you visit our website or communicate with us. This privacy policy also applies to you if you make a card purchase (we refer to you as a “cardholder”) with a merchant who is a customer of ours. 

According to the GDPR, we need to have a purpose and a legal basis for our processing of personal data. At Intergiro, the legal basis for processing personal data is either:

(i) the agreement you have, or is about to enter into, with us;

(ii) legal obligations we are bound by, such as anti-money laundering regulations; or

(iii) our legitimate interest, such as providing customer support or keeping you informed about product updates.

In very rare cases we may also process your personal data if we have received your explicit consent to do so. In such a case you can always withdraw your consent at any time. 

We process personal data for the following data subject categories:

  • Corporate customers and its authorised users
  • Consumer customers 
  • Business partners
  • Cardholders
  • Website visitors and people contacting us via our contact form or email
  • Applicants for a job with us through LinkedIn, our job website https://jobs.intergiro.com/ or a recruitment agency

We process personal data in order to provide our services, to perform in our business relationships, to communicate, to comply with legal requirements or to review job applications, as detailed below:

  1. Administration and management of our relationship with you
    for example, setting up your payment account, providing customer support or keeping you informed about product updates
    Legal basis: (i) Legitimate interest or (ii) Agreement. Our view is that providing you with customer support if you need it and keeping you up to date on the products and services available to you creates benefits and meaningful knowledge you.
    for example, assessing your job application and conducting a background check
    Legal basis: Legitimate interest. Our view is that it is in both your and our interest to review your application and assess if you are the right person for the position and to find a good fit. It is also in our interest to avoid harm or legal liability of various types
  2. Provision of payment services 
    for example, execution of payment orders, issuance of a payment card or processing of card transactions
    Legal basis: Agreement
  3. Business development 
    for example, compiling statistics and analysing the data in order to improve our services, user experience and communication 
    Legal basis: Legitimate interest. Our view is that you as our customer or person contacting us benefit from improvements to our services, user experience and communication
  4. Compliance with legal requirements
    for example, under (i) the anti-money laundering and anti-terrorist financing legislations, including sanctions and PEP checks, transaction monitoring and screening, identity verification, (ii) the payment services act, or (iii) the accounting and auditing legislation 
    Legal basis: Legal obligation
  5. Fraud protection
    for example, assess, protect and defend our customers, ourselves and the financial system from fraud
    Legal basis: Legitimate interest. Our view is that both our customers, we and the financial system benefit from secure and trustworthy relationships 
  6. Legal claims or reorganisations 
    for example, assess or defend legal claims against us or in connection with a reorganisation, transfer of business, merger, IPO or acquisition.
    Legal basis: Legitimate interest. In our opinion, it is in our legitimate interest to be able to defend ourselves against legal claims and to be able to reorganise or scale-up our business

To our consumer customers

Intergiro does not provide services directly to consumer customers, but we partner with partner companies to provide our services through the partner’s mobile app or website portal. This means that you can sign up with one of our partners and use the partner’s mobile app or website portal to become a consumer customer of Intergiro. You can read more about how we process your personal data in our Banking-as-a-Service Privacy Policy for consumer customers here

3. When and how we collect personal data

We start processing personal data about you directly when you interact with us, such as by signing up for our services, visiting our website (provided that you've given us your consent to do so), contacting us or applying for a job with us. 

We collect personal data directly from you or your organisation and from external sources. We also process personal data that accumulates from your use of our products or services. 

4. Types of personal data we process and for whom

We process the following categories of personal data:
(i) Contact information - such as your name, address, title/position, email address and phone number

  • Corporate customers (including prospect applicants applying for our services)
  • Business partners
  • People contacting us (if you decide to share it with us)
  • Job applicants

(ii) User account data and interactions - for example, how you use our services, if and how you use our mobile app, our customer portal or our website

  • Corporate customers 
  • Website visitors

(iii) Technical information - for example, login information, device, IP address, verification data of payment transactions, timestamps and status of the transaction (strong customer authentication), language settings, browser settings, time zone, operating system, platform and screen resolution, crash reports data analysing technical issues or faults (if any) etc

  • Corporate customers 
  • Business partners (who are using our introducer portal)
  • Website visitors (IP address, browser settings, device (provided that you've given us your consent to do so))

(iv) KYC (‘know your customer’) information - first name, last name, e-mail address, phone number, address, date of birth, proof of residence/utility bill, passport/ID copy and selfie/video with sound recording for your representatives and authorised users (including document numbers, issuing country, nationality and country of residence), information about your company, your purpose with the account and the use of our services and background information collected by us as a part of the business account application process

  • Corporate customers (including prospect applicants applying for our services) and its authorised users

(v) Transaction data - such as account numbers/IBAN, payment orders, date of payment order, name of payor and payee, transaction history, card number, CVC code (which is the last three digits of the number on the back of your card) and expiry date of the card, purchases you make with the card and dates of purchases

  • Corporate customers 
  • Cardholders (card number and card related data)

(vi) Complaints management - information you provide to us via email to complaints@intergiro.com, if you would like to make a formal complaint regarding the payment services

  • Corporate customers

(vii) Customer support information - Any personal data that you provide to us when contacting our customer support team

  • Corporate customers 
  • People contacting us
  • Business partners

(viii)   Job application information - information included in your cover letter and your CV (e.g. age, date of birth, education, work experience, hobbies and interests etc), grades, certificates, current notice period, notes from interviews, salary expectations, other information you or your references may provide to us etc. At a later stage of the recruitment process, we will also carry out a background check of the applicant

  • Job applicants

(ix) Biometric information - We use third-party providers for identity verification and fraud prevention purposes. These biometric information service providers, acting as our data processors, collect a copy of your ID documentation and your live picture or video with sound recording for identification purposes and employ facial recognition technology to verify your identity.

When you use biometric data, including Touch ID or Face ID, to unlock our mobile app on your device or to provide authorisation, this biometric information is kept on your device and is not sent to us. We only receive the approval or rejection values in respect of any given biometric identification taking place on your device.

  • Corporate customers 

5. With whom we share personal data

As electronic money institutions are subject to statutory requirements for professional secrecy and confidentiality, we only share your personal data in certain specific cases. 

In order to provide the payment services to you, we share personal data with our trusted partners that process personal data on our behalf, including: 

  • Suppliers of payment processing services;
  • Payment card personalisation bureau (if you have applied for a physical payment card); 
  • Suppliers of identification services;
  • Suppliers of screening services to prevent anti-money laundering, fraud and similar crimes; and
  • Suppliers of IT systems and cloud services.

We have carefully reviewed our service providers and secured that their processing of your personal data is compliant with EU standards and the GDPR. 

Your personal data will also, when applicable, be shared with the following parties which themselves are data controllers of the processing of personal data: 

  • our correspondent banks, for example, regarding the execution of pay-outs to beneficiaries, holding client funds and safeguarding legal interests
    Legal basis: Agreement
  • card schemes (Mastercard or Visa) (if you have applied for a payment card or you are a cardholder)
    Legal basis: Agreement
  • authorities, such as the Financial Police and the Financial Supervisory Authority, if such a disclosure is prescribed by law
    Legal basis: Legal obligation

    As Intergiro provides international payment services, we are sometimes required to share personal data with parties operating outside the EU. In these cases, we ensure that the data is transferred in accordance with the applicable requirements of the GDPR, primarily the standard contract clauses (SCC) and complementary safety measures, or if available, other means in compliance with the GDPR.

    If Intergiro engages in a merger, acquisition, reorganisation or sale of some or all of Intergiro’s assets or shares, financing, initial public offering or similar transactions or proceedings, or steps in contemplation of such activities (such as due diligence), Intergiro may share personal data with third parties, subject to standard confidentiality arrangements.

6. For how long?

We store your personal data for the purposes set out above during the term of our contractual relationship with you or your organisation, for as long as we otherwise have meaningful contact with you or as may otherwise be required by law.

When the purpose for which your personal data was collected is no longer relevant, we will stop processing your personal data and either delete or anonymise it in a secure manner. We may retain your personal data for a longer period of time to the extent required by our automated disaster recovery backup systems or if we deem it necessary to assess or defend legal claims or protect ourselves from fraud.

Under mandatory law, we are required to keep your personal data due to:

  • Anti-money laundering and anti-terrorism legislation for a minimum of five and a maximum of ten years
  • Payment service legislation, for a period of three years
  • Bookkeeping legislation, for a period of seven years

If you terminate your agreement regarding payment services with us, we are required under mandatory law to keep your personal data for a minimum period of five years. 

Please note that if you have submitted an application to use the payment services but for any reason do not become a customer with us (irrespective of if you withdraw or we reject your application), we are required under mandatory legislation to keep your personal data for a minimum period of five years.

7. Your rights

- Access - You have the right to request an extract of the personal data we process about you.
- Rectification - You have the right to request that we correct or complete any information you believe is inaccurate or incomplete.
- Erasure - Depending on the legal basis used for the processing of your personal data, you can ask us to delete your personal data if (i) there is no good reason for us to continue using it, (ii) you gave us consent (permission) to use your personal data and you have now withdrawn that consent, (iii) you have objected to us using your personal data, (iv) we have used your personal data unlawfully, or (v) the law requires us to delete your personal data. However, in most cases we will be required to deny your request in full or in part due to our obligations under mandatory law.
- Restrict - You have the right to request that we restrict the processing of your personal data, e.g. when you consider that the information is inaccurate and has requested rectification.
- Objection - You have the right to object to our processing of your personal data with legitimate interests as a legal basis. If you object to the processing in such cases, we may only continue to process your data if it can be shown that there are decisive legitimate reasons why the data must be processed that outweigh your interests, rights and freedoms or if the processing takes place to determine, exercise or defend legal claims.
- Data Portability - With regard to personal data that you have provided to us, you may have the right to request a transfer to another provider. If you want to request such a transfer, please contact privacy@intergiro.com.

8. Contacts and Complaints

Please do not hesitate to reach out to our customer support team in case you have any questions regarding how we process your personal data. Please use our chat function in our customer portal or mobile app, contact us through our website www.intergiro.com or send an email to customersupport@intergiro.com. 

You are also welcome to contact our data privacy team directly on privacy@intergiro.com if you have any concerns regarding data privacy or our processing of your personal data. 

Intergiro has appointed a Data Protection Officer (“DPO”), Helene Cedertorn, who is responsible for monitoring our compliance with applicable data protection legislation. If you want to reach out to our DPO specifically, please email dpo@intergiro.com.

Please be informed that you have the possibility to lodge a complaint with the Swedish Authority for Data Protection (Sw. Integritetsskyddsmyndigheten) if you are not satisfied with our processing of your personal data.

Information how to lodge a complaint is available on the website of the Swedish Authority for Data Protection:  

https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/ 

Contact Information to the Swedish Authority for Data Protection:

Integritetsskyddsmyndigheten, 

Box 8114, 

104 20 Stockholm

Sweden

Email: imy@imy.se 

Telephone no: +468 657 61 00

9. Changes to this privacy policy

We may need to change this privacy policy, for example when we add features to the services, because of changes in law or regulations or due to evolving industry standards. When this privacy policy is changed we will let you know by updating the date at the top of this privacy policy. You may also be informed through information on our website www.intergiro.com. Please revert to this privacy policy on a regular basis to stay up-to-date about our data processing practices and your rights.

10. Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
“Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”