TRUSTLY’S PRIVACY POLICY
1.Who are we?
Trustly Group AB, reg. no. 556754-8655 (“Trustly”, “we”, “us” or “our”) is a Swedish payment institution
providing online banking payment solutions across Europe. We are licensed by the Swedish Financial
Supervisory Authority to conduct our activities and are considered data controller for the processing of
your personal data under this privacy policy.
2.Why this privacy policy?
At Trustly, we value your privacy and we work hard to make sure that we process your personal data in
accordance with the requirements set out in the General Data Protection Regulation (EU) 2016/679 (the
“GDPR”) and other applicable data protection legislation.
In this privacy policy, we describe what personal data we collect and process about:
End-users that are using our payment service
Customers’ representatives that are representing a current or potential customer of ours
Website visitors that are interacting with our websites or contacting our support and/or complaints
service
If you apply for a job at us, please read our policy for job applicants which you can find in connection with
your application.
Please note that we may process your personal data for other means and purposes than those described
in this privacy policy. If this is the case, we will provide you with a separate privacy statement informing
you about such processing.
3.What personal data do we process about you?
Depending on how you interact with us and for what purpose, we collect and process different types of
personal data about you. In order for you to more easily understand what type of personal data we may
process about you, we have categorised the personal data into the following categories, including data
elements:
Identifying Information - first name, last name, home address, telephone number, email address, date
of birth, nationality, personal identity number/passport number/identity card number and end-user ID.
Order Identifying Information - information identifying an end-user’s payment, such as order id number,
message id, notification id and the time when the transaction was made.
Financial Information - sending and/or receiving bank, bank account number and account balance at
the time of the payment.
Device Information - IP-address, type of device, operating system and browser information.
Behaviour Information - how end-users use our payment service and/or how website visitors interact
with our websites.
Please note that this is the maximum amount of personal data that we may process about you for the
purposes covered in this privacy policy. Depending on how you interact with us and for what purpose, we
may process less information than what is presented above.
4.For what purpose do we process your personal
data and what legal basis do we rely on?
We use and share the personal data we collect about you for several different purposes and we rely on
different legal grounds. Depending on if you are an end-user using our Service (as defined below), a
representative to a current or potential customer of ours or a website visitor interacting with our website,
the below tables sets out what category of personal data we process, for what purpose and the legal
ground we rely on when doing this. Further down in this privacy policy, we will also describe how we
collect your personal data, and whom we may share it with, as well as the legal basis that allows us to do
this.
4.1. When you use our Service
Providing our Service
Trustly’s proprietary, bank independent, online payment solution enables execution of account to account
bank transfers online (the/our “Service”). The Service consists of several different features which allows
you to:
(a) execute payments from your online bank in a fast, simple and secure manner to an online
supplier providing you with a product or service (the “Merchant”), meaning that you can pay for
goods and services directly from your bank account (“Pay-in”);
(b) receive payments from the Merchant directly to your bank account in case you e.g. want to
return purchased goods (“Pay-out”);
(c) register a direct debit mandate that will allow us to execute payments directly from your bank
account (“Direct Debit Payment”) without the need for you to login to your bank for each
purchase;
(d) authenticate yourself towards a Merchant and/or register an account with the Merchant when
making a payment transaction where the Merchant has such identification requirements (“Identity
Verification”); and/or
(e) verifying your bank account towards a Merchant (“Account Verification”).
Below we will describe how we process your personal data when using the different features of the
Service.
Purpose of the processing
Legal basis
Personal data processed
To initiate and process a
Contractual obligation.
Identifying Information, Order
convenient and secure Pay-in to
Identifying Information, Financial
your Merchant.
Information, Device Information.
To initiate and process a
Contractual obligation.
Identifying Information, Order
convenient and secure Pay-out
Identifying Information, Financial
to you from your Merchant.
Information, Device Information.
To set up a direct debit mandate
Contractual obligation.
Identifying Information, Order
in a convenient way and to
Identifying Information, Financial
conduct a Direct Debit Payment
Information, Device Information.
to your Merchant.
To verify your identity and/or
Contractual obligation.
Identifying Information.
update your contact information
when the Service is used for
Identity Verification, i.e. as a
means for you to verify your
identity towards your Merchant.
To refresh your Identifying
Pursue our legitimate interest of
Identifying Information.
Information in case of Identity
providing you with the Service.
Verification (will be made on a
90-day interval).
To verify your bank account
Contractual obligation.
Identifying Information, Financial
when the Service is used for
Information.
Account Verification.
Comply with legal and regulatory obligations
As a licensed payment institution, Trustly is obliged to follow a set of laws and regulations relating to its
processing of payment transactions. Some of the data we collect about you when you use our Service will
be used to fulfil these legal and regulatory obligations.
For more detailed information on what data we use for legal and regulatory compliance purposes, see the
table below.
Purpose of the processing
Legal basis
Personal data processed
To fulfil our legal obligations
Comply with legal obligations.
Identifying Information, Order
under applicable
Identifying Information, Financial
money-laundering regulations to
Information, Device Information.
monitor the payments processed
by us and to report suspicious
payments to the police or similar
authorities.
To fulfil our legal obligations to
Comply with legal obligations.
Identifying Information, Order
report statistics to authorities on
Identifying Information, Financial
inter alia fraudulent transactions.
Information, Device Information.
To fulfil our legal obligations to
Comply with legal obligations.
Identifying Information.
contact you if a situation would
arise that may affect your
financial interests or, if you use
our Direct Debit Payment
service, to inform you about
changes to our terms for use of
this service.
To fulfil our legal obligations to
Comply with legal obligations.
Identifying Information and when
conduct know your customer
applicable copies of your
checks on you when you use
passport and other documents
our Direct Debit Payments
validating your identity and/or
service including screening your
address.
personal information against
lists of politically exposed
persons (“PEP”) and lists of
persons subject to sanctions.
To fulfil our legal obligations
Identifying Information, Order
under bookkeeping law pursuant
Comply with legal obligations.
Identifying Information, Financial
to which we are obliged to store
Information.
your personal data relating to a
payment.
Performance and business development
At Trustly, we always strive to provide you with the best possible user experience. In order to achieve this,
we will process your personal data to make sure that our Service works properly and to fix any problems
that may occur in the Service. We also use your personal data to ensure that the Service is presented to
you in the most compelling manner and to understand how we can develop our Service to create even
better products.
For more detailed information on what data we use for these performance and business development
purposes, see the table below.
Purpose of the processing
Legal basis
Personal data processed
To troubleshoot the Service in
Pursue our legitimate interest of
Identifying Information, Order
case of lack in performance.
troubleshooting the Service in
Identifying Information, Financial
order to provide you with a
Information, Device Information,
working Service.
Behaviour Information.
To perform analysis on how you
Pursue our legitimate interest of
Identifying Information, Order
use our Service.
developing our organisation in
Identifying Information, Financial
order for us to continue offering
Information, Device Information,
the best possible products and
Behaviour Information.
services to you.
To adapt the presentation of the
Pursue our legitimate interest of
Device Information and
interface, such as the type of
adapting the presentation of the
Identifying Information.
language and appearance of our
Service to you.
Service, through which we
communicate with you,
depending on what type of
device you use.
Incident management and security
To manage incidents and mitigate the risk that the Service is being used for fraudulent and other illicit
actions, we may process your personal data for these types of purposes.
For more detailed information on what data we use for this incident management and security purpose,
see the table below.
Purpose of the processing
Legal basis
Personal data processed
To verify your identity for the
Comply with legal obligations
Identifying Information, Order
purpose of preventing that our
and pursue our legitimate
Identifying Information, Financial
Service is being used for frauds
interest to prevent and detect
Information, Device Information.
and/or similar illicit actions.
crime such as frauds.
To keep your personal data safe
Pursue our legitimate interest of
Identifying Information, Order
and to prevent the Service from
keeping your personal data safe
Identifying Information, Financial
being targeted by external
as well as ensuring that our
Information, Device Information.
cyber-attacks (such as DDoS
Service is working as intended
attacks).
in case of a cyber-attack.
To fulfil our contractual
Contractual obligation.
Identifying Information, Order
obligations to inform of
Identifying Information, Financial
incidents.
Information, Device Information.
To fulfil our legal obligations to
Identifying Information, Order
report certain incidents to the
Comply with legal obligations.
Identifying Information, Financial
Swedish Financial Supervisory
Information, Device Information.
Authority and the Swedish Data
Protection Authority.
To establish, exercise and/or
Pursue our legitimate interest of
Identifying Information, Order
defend Trustly against legal
establishing, exercising and/or
Identifying Information,
claims.
defending legal claims.
Financial Information, Device
Information.
Cookies
When you are using our Service, we may set cookies on your device. The data generated from the
cookies is used to provide you with a better user experience.
Please read our cookie policy available here for more information on our use of cookies.
For more detailed information about how we use the data generated from the cookies when you use our
Service, see the table below.
Purpose of the processing
Legal basis
Personal data processed
To create a fast and convenient
Your consent. If you want to
Device Information, Behaviour
payment experience, Trustly has
withdraw your consent and thus
Information.
developed a so called
disable the functionality, the
“remember me function” which
easiest way is if you click
allows us to remember you and
[Change] whenever you make a
how you like to use our Service.
payment with Trustly and then
If you choose to activate this
click [Remove]. Alternatively,
functionality, we will remember
you can contact our Support
you on the device you used for
function here and they can
the purpose of providing you
assist you.
with a faster payment
experience next time you
choose to pay with Trustly. In
addition, you will also, when you
activate the functionality, give us
your consent to communicate to
your bank that you, for a period
of 90 days, allow us to fetch
your account balances. We will
only use this access when you
have initiated a payment with
Trustly to check which bank
accounts that have sufficient
balance to make your requested
payment. We will also allow you
to be able to view your
balances, should you choose to
enable this view.
How do we collect your personal data when using the Service?
When using our Service, we collect your personal data directly from you, as well as from your online
banking interface
(i.e. online bank) or via an API provided by your bank in accordance with our
agreement. In addition, we also collect personal data from your Merchant and, depending on for which
purpose the Service is used, from external third-party sources. For example, the latter can occur when we
need to verify your identity and/or update/supplement contact information via official identity verification
service providers or similar providers. Our payment system will in addition generate personal data such
as an order id number when you use our Service.
Trustly also resells payment services provided by third party payment service providers. When reselling
such payment services, Trustly will obtain personal data about you from such providers. For more
information about which personal data a third-party payment service provider shares with Trustly, please
contact relevant provider.
4.2. When you are a customer representative
Trustly process personal data of representatives for our customers being the Merchants or another
payment service provider that resells our Service via their channels. This processing is mainly done to
administrating the business relationship and fulfil our legal obligations to conduct so called know your
customer checks on our customers.
In this section, you can find more specific information on how we process your data in case you are a
customer representative.
Purpose of the processing
Legal basis
Personal data processed
To enter into, manage and
Contractual obligation and
Identifying Information.
maintain a business relationship
pursue our legitimate interest of
with you and the company you
communicating, managing and
represent and to communicate
maintaining contact with you and
important information regarding
the company you represent as
our Service that is not
well as to verify that the
considered marketing.
information we have about you
is up to date or if we need to
communicate information to you
about our Service that we
assess is important for you to be
aware of.
To improve our Service, we may
Pursue our legitimate interest of
Identifying Information.
send out customer satisfaction
improving our Service in order to
surveys to you. In such surveys,
be able to provide a better
we will ask you to inter alia
Service or develop new services
evaluate us and/or our Service.
based on the answers to the
survey.
To market our Service e.g. in
Pursue our legitimate interest of
Identifying Information,
case you show interest in our
marketing our Service for
Behaviour Information.
Service by e.g. visiting our
commercial purposes and to
websites (see more under
offer our Service or new
section 4.3 for more
services that we think you as a
information), or if we believe that
current and/or potential
you as a potential customer
customer representative would
representative would be
be interested in.
interested in our Service. There
is always an opportunity to
opt-out from marketing in an
easy and convenient way, e.g.
by clicking “unsubscribe” to the
emails we or our advertising
agencies might send or by
objecting to the processing of
your personal data for this
specific purpose.
To fulfil our legal obligations to
Comply with legal obligations.
Identifying Information and when
conduct know your customer
applicable copies of your
checks on our customer,
passport and other documents
including screening of your
validating your identity and/or
personal information against
address.
PEP-lists and lists of persons
subject to sanctions.
How do we collect your personal data when you are a customer
representative?
When you contact us for the purpose of entering into a potential business relationship regarding our
Service, we will collect the personal data that you provide us with, such as contact details from emails and
agreements. We will also collect personal data provided by you if you, for example, give us your contact
details in relation to campaigns you want to take part of or white papers you wish to receive. Additionally,
we may collect your contact details in your capacity as a potential customer representative from
third-party suppliers of customer registers, for the purpose of marketing our Service to you, if we believe
that you would be interested in our Service.
When conducting know your customer checks on our customer, we will ask the customer to provide
information, such as passport copies on e.g. its ultimate beneficial owners and directors.
In addition to the information that we receive from you, we will also collect personal data about you
through cookies if you visit our websites (see more under section 4.3 for more information).
4.3. When you visit our websites or contact our support and/or
complaints service
We value your feedback and we want to understand what we can do to improve our Service. Therefore,
Trustly has a customer support platform available where you can get in contact with us. When you do this,
we will collect certain personal data about you.
Trustly also uses cookies on our websites in order to deliver well-functioning, personalized and
user-friendly experience. Please read our cookie policy available here for more information on our use of
cookies.
In this section, you can find more specific information on how we process your data in case you are an
individual contacting our support and/or complaints service or if you are a website visitor.
Purpose of the processing
Legal basis
Personal data processed
To assist you with your question
Pursue our legitimate interest of
Identifying Information.
or concern in case you contact
interacting with you in case of
our support and/or complaints
e.g. questions or complaints.
service, either through our
websites or by emailing us.
To set cookies on your device
Pursue our legitimate interest of
Device Information, Behaviour
when you visit and interact with
providing you with working and
Information.
our websites. We use the data
functional websites as well as to
generated from cookies for
gather web statistics for
several purposes, such as to
commercial reasons. In addition,
make the websites work
we pursue our legitimate interest
properly, to gather statistics of
of marketing our Service to
how you use and interact with
potential customers.
our websites in order to improve
its functionality as well as for
business to business marketing
purposes.
How do we collect your personal data when you contact our support and/or
complaint service or visit our websites?
If you contact us, we will process your personal data by collecting your contact details through the media
you choose to contact us, i.e. via e-mail, post or any other way. Similarly, when visiting our websites, we
will process your personal data by setting cookies on your device and thus collect information in
accordance with our cookie policy.
4.4. Other situations
Regardless of who you are, personal data about you may also be processed by us for the purpose of
fulfilling your rights as a data subject under the GDPR and to establish, exercise and defend ourselves
against legal claims. For more information, please see below.
Purpose of the processing
Legal basis
Personal data processed
To cater to your rights in
Comply with legal obligations
Identifying Information, Order
accordance with the GDPR and
and pursue our legitimate
Identifying Information,
other applicable data protection
interest of verifying your identity
Financial Information, Device
legislation. If you, as a data
in order to prevent disclosure of
Information.
subject, contacts us and asks us
personal data to the wrong
to provide you with the
person.
information we have collected
about you, we will ask you to
verify yourself in order to
prevent disclosure of personal
data to the wrong person.
To handle any complaints or
Pursue our legitimate interest of
Identifying Information, Order
establish, exercise and/or
handling complaints or establish,
Identifying Information,
defend Trustly against legal
exercise and/or defend legal
Financial Information, Device
claims.
claims.
Information.
5.With whom do we share your personal data?
The information we collect about you may be shared with different categories of recipient depending on
for what purpose we collected your data. In this section, you can read more about the sharing we do of
personal data belonging to end-users, customer representatives and websites visitors and other
individuals contacting our support and/or complaint service.
As a general rule, when Trustly shares your personal data with third parties, this is done in a responsible
way and in accordance with applicable data protection legislation.
5.1. General
Trustly Group
Regardless of who you are, your personal data may be shared with companies that form part of the
Trustly Group, when needed to fulfil the purpose the data was collected for. This sharing of data is carried
out on the basis that we have a legitimate interest of sharing data within our group for commercial,
compliance and organisational reasons.
5.2. When you use our Service
Your Merchant
For the purpose of your Merchant verifying payments in order to be able to e.g. release any purchased
goods, we provide the Merchant with information on the payments. What type of information we send to
your Merchant depends on the type of transaction and how the Merchant integrate the Service in their
system.
Identifying Information and/or Financial Information may also be forwarded to your Merchant in order for
the Merchant to verify your identity when the Service is used for Identity Verification and/or Account
Verification. We share this information with the Merchant if the Merchant is legally obliged to verify your
identity as a measure to prevent money laundering, fraud or other criminal act or to meet other potential
legal and/or regulatory requirements imposed on the Merchant. In certain situations, we may also share
your personal data if the Merchant has a legitimate interest to verify your identity or that you indeed are
the actual holder of a bank account. For example, Identifying Information may be shared to a Merchant in
order for the Merchant to offer you a better user experience by prefilling information on shipping address
in the Merchant’s cashier.
The sharing of your personal data with the Merchant is carried out on the basis of that it is necessary for
us to fulfil our contractual obligations as well as our legitimate interest to carry out the transaction and the
Merchant’s legitimate interest or legal obligation of verifying payments and/or your identity. In addition, our
legitimate interest of sharing your personal data with your Merchant is sometimes based on your wish to
share your personal information to your Merchant in order for you to verify your identity, bank account
and/or use your Merchant’s service, which we provide a simple and convenient solution for.
Third party payment service providers
When offering our Services, other third-party payment service providers that we collaborate with may be
involved. In such case, we will share your personal data with such third-party providers for the purpose of
the provider forwarding the data to your Merchant. If we do not share data with such third-party payment
service provider when such is part of the payment chain, you will not be able to complete the transaction.
This sharing of your personal data with a third-party payment service provider is carried out on the basis
that it is necessary for us to fulfil our contractual obligations, as well as our legitimate interest, to carry out
the transaction.
For more information about which personal data a third-party payment service provider shares with
Trustly, please contact relevant provider.
Authorities and banks
To carry out a transaction when using our Service, we need to transfer some of your personal data to
your bank and other banks that are part of the payment chain. This processing is carried out on the basis
that it is necessary to fulfil our contractual obligations, as well as our legitimate interest, to carry out the
transaction and for the purpose of troubleshooting payments.
We may also need to share your personal data and information on payments to police, tax and other
relevant authorities, and possibly your bank and/or other banks that are part of the payment chain. This is
done when necessary to investigate payment transactions for the purposes of preventing and disclosing
breaches against anti-money laundering legislation, fraudulent use of the Service and other criminal acts.
When sharing your personal data for these purposes with authorities, this is carried out on the basis of
our obligation to comply with legal obligations to which we are subject. When sharing your personal data
for these purposes with your bank and/or other banks that are part of the payment chain, this is carried
out on the basis of our legitimate interest to prevent frauds and other criminal acts.
Other third parties with whom we collaborate
To carry out a transaction when using our Service, we may need to share your personal data with
collaboration partners such as official identity verification service providers and similar service providers in
order to confirm your identity and/or update/supplement your contact information. The sharing of personal
data with such third parties is carried out on the basis that it is necessary to fulfil our contractual
obligations, our legitimate interest to carry out the transaction, our legal obligation to verify your identity if
you use our Direct Debit Payment service, and, sometimes, your Merchant’s legal obligation to verify your
identity.
If you use our Direct Debit Payment service, we may also need to share your personal data with providers
of sanctions or PEP lists in order to screen your personal data against such list. The sharing of personal
data is then carried out on the basis that it is necessary in order to comply with our legal obligations.
In addition, we may from time to time also need to share your personal data with cloud-based service
providers, such as providers of technical server capacity. This is done for the purpose of providing the
Service and/or to improve the Service, for example by data analysing and testing. Furthermore, we may
also share your personal data to other third-party providers such as for IT-security purposes.
When your personal data is shared with such third party, the third party will typically act as data processor
in relation to your personal data, meaning that it will process your personal data on our behalf and in
accordance with our instructions.
5.3. When you are a customer representative
If you are a customer representative, we may need to share your personal data with providers of
sanctions or PEP lists in order to screen your personal data against such list. The sharing of personal
data is then carried out on the basis that it is necessary in order to comply with our legal obligations.
In addition, we may from time to time also need to share your personal data with cloud-based service
providers, such as providers of technical server capacity or CRM providers. This is done for the purpose
of providing the Service and/or to improve the Service, for example by data analysing and testing.
Furthermore, we may also share your data to third-party providers such as external advertising agencies.
We share this information on the basis that we have a legitimate interest of marketing, through
professional advertising agencies, to you regarding products and services that you have shown an
interest in.
5.4. When you visit our websites or contact our support and/or
complaints service
Your personal data may be shared with third-party providers such as external advertising agencies. We
share this information on the basis that we have a legitimate interest of marketing, through professional
advertising agencies, to you regarding products and services that you have shown an interest in. We may
also share your personal data to other third-party providers of analytical tools based on our legitimate
interest of providing you with a pleasant user experience when interacting with our websites.
In addition, we may from time to time also need to share your personal data with cloud-based service
providers, such as providers of technical server capacity.
6.For how long period of time do we process your
personal data?
We will process your personal data for as long as we need to fulfil the purpose the data was collected for.
The maximum time we store your data is dependent on who you are. For example, personal data about
our end-users will in general not be stored for a longer period than seven (7) years to fulfil bookkeeping
requirements. Personal data about customer representative will, as a main rule, not be stored for a longer
period than five (5) years from the end of the business relationship. Please note however that during this
time, the data will not be used for all of the purposes set out above. Shorter time periods apply depending
on the purpose the data was collected for. For example, one set of data, e.g. Financial Information, will be
processed for several purposes and may for some purposes be processed only for a very short period of
time but for other purposes for longer periods of time.
Trustly has implemented various technical and organisation measures, such as automated deletion of
data and access restriction to system where personal data is stored, to ensure that the data is not used
for longer period than necessary to fulfil the respective purpose the data was collected for.
7.Where and how do we store your personal data?
We typically store your personal data on servers located within the EU/EEA. However, sometimes, an
end-users’ Merchant and/or other third parties that we share your data to, may be located outside the
EU/EEA. This also applies in case we share your personal data with our UK and US companies that form
part of the Trustly Group. If your personal data would be transferred to, and processed by, an end-users’
Merchant, within the Trustly Group, or a third party in a country outside the EU/EEA, we will take all
reasonable measures to ensure that your data is processed with a high level of security with an adequate
level of protection maintained, and that suitable safeguards are adopted in line with applicable data
protection legislation requirements, such as the GDPR. These safeguards consist of one of the following
legal mechanisms: ensuring that the country outside the EU/EEA is subject to an adequacy decision by
the European Commission or by implementing the European Commission’s standard contractual clauses.
A copy of the relevant mechanism can be provided upon request, using the contact details provided at the
end of our Privacy Policy.
We have offices in Sweden, Germany, the UK, Spain, Finland, Portugal, Malta and the United States.
Employees and representatives for Trustly in these countries may, in case their job descriptions/tasks
require so, access your personal data. Any personal data accessed from these locations is protected by
EU data protection standards and is encrypted when transmitted over the Internet.
We undertake necessary measures to ensure that your personal data is protected with a high level of
security that is appropriate to the risks associated with the processing and maintain physical, electronic,
and procedural safeguards to protect it.
We restrict access to your personal data to those employees, Trustly representatives and third parties
that need to know your information in order for us to be able to fulfil the purpose the data was collected for
(see more under section 4 for more information).
We protect your information when transmitted over the Internet by using TLS-enabled services. The
TLS-enabled services use industry best-practices configurations and adhere to industry-recognized
standards.
8.Profiling and automated decision making
Trustly sometimes uses profiling and automated decision making when providing its services. In this
section, you can read more about when and why we used these measures.
“Profiling” is when personal data is automatically processed for the purpose of evaluating personal
aspects relating to an individual, for example a person’s economic situation or personal preferences.
“Automated decision making” is when automated means without human intervention are used for making
a decision in relation to an individual, for example, automated refusal of a credit application online.
8.1. When you use our Service
When providing our Direct Debit Payment service to you, we may use automated decision making and/or
profiling for the purpose of assessing risks related to payments. When you use this service, the value of
the Direct Debit Payments that you can request during a certain period of time is limited to a set amount.
In case this limit is reached, we will instead automatically process your payment as a standard Pay-in. In
addition, we may use automated decision making, including profiling, for the purpose of fulfilling legal
requirements in relation to our anti-money laundering obligations to monitor your payments processed by
us. The processing of your personal data in this automated decision making is carried out on the basis of
that it is necessary in order for us to fulfil our contractual obligations towards you to carry out payments or
to comply with legal requirements, as the case may be.
8.2. When you are a customer representative
We may use profiling by evaluating potential customer leads, for example by setting scores on you based
on how much interest you have shown in Trustly, such as number of website visits, if you have signed up
for information material on our websites, etc. The processing of your personal data in this profiling is
based on our commercial legitimate interest of reaching out to potential or current customers of ours that
have shown interest in Trustly and our Service.
8.3. When you visit our websites or contact our support and/or
complaints service
We do not conduct any Profiling or Automated decision making when you visit or interact with our
websites.
9.Your rights
You have several rights in accordance with applicable data protection legislation. These rights are:
Right to access to your information: You can get information from Trustly about what personal data we
have gathered, why we have gathered it, etc.
Right to rectification: If any of your personal data that we process is inaccurate, you are entitled to have
it corrected.
Right to erasure (“right to be forgotten"): You can request that Trustly erase personal data that we have
gathered about you. Trustly will, under certain circumstances, be obliged to remove it.
Right to restriction: You can request that Trustly restricts the processing of your personal data under
certain circumstances, e.g. if you contest the accuracy of the personal data processed by us. We must
then restrict the processing while verifying the accuracy of your request.
Right to object: You can object to the processing of your personal data that Trustly carries out based on
the legal basis of our legitimate interest as specified above in this Privacy Policy, including profiling that
we carry out on the basis of our legitimate interest, whereby we must assess if we can continue to
process your personal data. You also have the right to object to processing of your personal data for
direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing,
whereby your personal data will no longer be processed for such purposes.
Right to data portability: You can request that Trustly provides all the personal data that Trustly
processes about you. In some cases, we are obliged to comply with that request and provide you with the
personal data processed about you.
Lodge a complaint: If you are unhappy with our handling of your personal data, you can lodge a
complaint to the Swedish Authority for Privacy Protection, which is the lead supervisory authority in
relation to Trustly in the EU. You can also lodge a complaint with the data protection authority in your
home country in the EU. If you are based in the UK, you can lodge a complaint to the Information
Commissioner’s Office in the UK.
10. Who to contact?
Trustly is responsible (data controller) for the processing of your personal data and has appointed a Data
Protection Officer (DPO) who is responsible for monitoring our compliance with applicable data protection
legislation. If you have questions or want to exercise your rights explained above, you are welcome to
contact us. Please do so by either sending a request to our support team by completing this online form
https://www.trustly.net/customer-complaint-handling , or send an email to our Data Protection Officer at
dpo@trustly.com.
11. Changes to this privacy policy
Please check this privacy policy every time you make a transaction using our Service, as updates may
include information on additional processing activities we intend to perform going forward.