Privacy Policy

Your privacy is very important to us and we take this issue very seriously. All personal information we must keep in custody, is treated confidentially. You can rest assured that we are doing everything to protect you.

This privacy policy explains how Creddo collects and uses your personal information. It also describes your rights and how you can assert your rights. In order for you to understand how your personal data is processed, we recommend that you read this personal data policy carefully before using the loan brokerage service (the “Service”).

Creddo processes your personal data in accordance with GDPR and other applicable data protection rules.

Personal data

Personal data is something that can directly or indirectly identify a physically living person. Examples of personal information are name, address, telephone number and e-mail address, IP number or user behavior. Processing of personal data includes all handling of personal data such as collection, analysis, registration and storage.

You submit your personal information to Creddo yourself in connection with the application and when communicating with us. We also collect information from third parties such as UC. In order to perform the service, the following personal data is processed:

  • First and last name
  • Address
  • Email address
  • Phone number
  • Social security number
  • Other information that you choose to provide to us
  • Communication between us when we assist you in specific matters

Creddo also collects the following information about you automatically and from third parties in order to perform the Service, comply with legal requirements and also facilitate its use for you:

Financial information

Information from a credit report Information about a beneficial owner and any current sanctioning or other classification of high risk (PEP / RCA).

Technical data

We also collect other information about your use of the service and technical data, which may include the URL that is your unique access to the Customer Portal, your IP address, unique device ID, information on network and computer performance, what type of browser, language and information on identification and operating systems. We do this to facilitate, improve, further develop the use and ensure the correct use of our service.

Addressed direct marketing

Even if you are not a customer with us, we may contact you in various ways with marketing. You who have not declined our marketing can receive marketing via mail. You who have given your consent to receive marketing from us (via us or one of our partners) can also receive information via email or sms.

We are obliged by marketing rules to ensure that you can block yourself if you no longer want our marketing. You can do this by contacting kundservice@creddo.se or call us on 08-400 200 01 and ask for help in placing a lock.

Like other companies, we have an interest in marketing ourselves and our products to people who may be interested in becoming our customers. The personal data used in the preparation for and in the marketing itself is common information that is not sensitive and is in many cases available in public registers.

We have an interest in marketing us and thus handling information about you in order to do so. When your personal data is processed to promote us, we do so with the aid of, what the law calls for, a balance of interests.

Our assessment is that we have what the law calls, a “legitimate interest” when we handle the personal data we have collected to promote us and our products. This also applies to meeting your wish not to receive marketing (when you are in our register as blocked).

You can also accept terms and conditions to become a member of Creddo’s Customer Club. This is done either by consent orally or by mail. In this context, Creddo may save and process the personal data relating to your membership and may contact you via e-mail, telephone and letter with information about new products, services or other offers from Creddo and Creddo’s partners, which in the future may be used on our website.

Profiling

When you choose to become a customer of Creddo and thus enter into a loan brokerage agreement, Creddo will perform an automatic filtering (so-called profiling) of your company.

This means that the information you have provided and the information we collect through a credit report on your company as well as on occasions on you and possibly on a co-applicant for the guarantor’s commitment, is the basis for the assessment of which of our business partners can offer your company an offer of credit.

Filtering is thus necessary for us to fulfill the agreement we have entered into with you.

Purpose

  • Get quotes
  • Present the offer
  • Assist in the case

Treatment

  • Collection of personal data from customers and third parties
  • Control of personal data against external database
  • Customer profiling in order to determine relevant offers
  • Transfer of personal data to partners to collect offers

What personal information

  • Person and contact information
  • Financial information
  • Technical data

Shelf life: As long as there is an active customer relationship

Purpose

  • Prevent misuse of the service
  • Documentation obligation as a loan broker according to law
  • Accounting obligation by law
  • Ensure and document any agreements and consent

Treatment

  • Documentation of personal data and information 
  • Assist in criminal investigation
  • Accounting

What personal information

  • Person and contact information
  • Financial information
  • Technical data

Shelf life: Regulated by applicable law

Purpose

  • Ensure and document any agreements and consent
  • Enable complaints from the Service Respond to any complaints

Treatment

  • Documentation of personal data and information

What personal information

  • Person and contact information
  • Financial information
  • Technical data

Justification: To best investigate and handle complaints, misunderstandings or complaints

Shelf life: As long as there is an active customer relationship

Purpose

  • Develop and improve our services and systems
  • Develop and improve our marketing
  • Customization of the service to become more user friendly
  • Development of documentation to improve IT systems, for example to further increase security.

Treatment

  • Troubleshooting logs and unique cases
  • Use and gather data to analyze and possibly build models on

What personal information

  • Person and contact information
  • Financial information
  • Technical data

Justification: Improve and develop Creddo’s services and marketing

Shelf life: 12 months after the customer relationship has ended

Purpose

  • Prevent use of the Service in violation of the Terms of Service for the Service
  • Prevent and investigate abuse of the Service
  • Prevention and investigation of possible fraud or other law violations

Treatment

  • Provide information to the authority or partners if necessary Internal documentation

What personal information

  • Person and contact information
  • Technical data
  • Financial information

Justification: Offer a safe and quality service

Shelf life: 12 months after the end of the customer relationship

Purpose

  • Membership in Creddo’s customer club
  • Targeted marketing

Treatment

  • Maintaining accurate and up-to-date information
  • Securing your identity
  • Mailing of newsletters

What personal information

  • Person and contact information
  • Financial information
  • Outcomes and results of previous applications

Shelf life: As long as you want to be a member of Creddo’s customer club. You can cancel your membership at any time by contacting kundservice@creddo.se.

Purpose

  • Marketing to the customer
  • Marketing to a prospective customer

Treatment

  • Mailing of newsletters
  • Send out email and SMS
  • Profile of customer to provide relevant communication
  • Disclosure of information to marketing partners
  • Mailing of direct marketing by mail

What personal information

  • Person and contact information
  • Financial information
  • Outcomes and results of previous applications
  • Personal and contact information

Shelf life: One year after the end of the customer relationship for the customer and three months for the prospective customer.

Purpose

  • Marketing after the end of the customer relationship

Treatment

  • Maintaining accurate and up-to-date information
  • Securing your identity
  • Newsletter

What personal information

  • Person and contact information
  • Outcomes and results of previous applications

Justification: Promote offers to relevant recipients

Shelf life: One year after the end of the customer relationship. You can decline further marketing at any time by contacting customer [email protected]

Purpose

  • Create documentation for anonymous marketing case

Treatment

  • Documentation on the documentation in accordance with § 10 of the Marketing Act (prohibition of misleading marketing)

What personal information

  • Person and contact information
  • Financial information

Justification: Sincerely demonstrate the quality and added value of our service

Shelf life: 5 years (limitation period marketing law)

Disclosure of personal data to another party

Creddo discloses your information to the credit reporting agencies, lenders and service providers used to fulfill the legal requirements imposed on Creddo or to perform the service under the agreement.

Data controller

The data controller is the person responsible for the process taking place in accordance with the information on the processing that has been provided and that it follows the applicable data protection rules. When you use Creddo for loan brokerage, Creddo AB org. Nr. 559207-3786, Grev Turegatan 13B 114 46 Stockholm, is the data controller.

If you then choose to proceed with any of the proposals that Creddo presents to you, the bank or lender will in turn become the personal data controller for the further processing.

Where we store your data

Creddo always strives to store and process your personal data within the EU / EEA. However, in exceptional cases, your Personal Data may be transferred to, and processed in, countries outside the EU / EEA through our suppliers or assistants. In these cases, Creddo has ensured that there are sufficient guarantees that the rights of individuals are protected by any of the following measures:

1. The country is included in the EU Commission’s list of countries with adequate levels of protection.

2. The country is not included in the above list, but the transfer is done through other safeguards of an adequate level of protection through standard contract clauses.

3. The company (US) has joined the Privacy Shield.

Your rights

Right of access

You can contact Creddo ([email protected]) at any time to request an extract of the personal data processing that concerns you. The excerpt appears:

  • The purpose of the processing of personal data
  • The categories of personal data to which the processing applies
  • The recipients or categories of recipients who have been given access to the personal data
  • How long your personal data will be stored or how the storage time is determined
  • From where the personal data comes from if you have not provided the information yourself
  • If Creddo uses automated decision-making and, if so, information about the logic behind automated decision-making, its significance and what the consequences of this will be for you
  • If the personal data has been transferred to a country outside the EU / EEA, you also have the right to find out what protection measures Creddo has taken during the transfer.

Right to correction

You may contact Creddo at any time to request correction of incorrect personal information or to supplement incomplete personal information.

Right to be forgotten

You can request that Creddo delete your personal information without undue delay if:

  • Personal data is no longer necessary for the purpose for which it was collected, or;
  • You object to the processing of your personal data in one of the cases where we have stated legitimate interest as the legal basis for the processing and your reason for the objection weighs more heavily than Creddo’s legitimate interest, or;
  • In cases where the processing of your personal data requires consent and you wish to withdraw your consent, or;
  • You no longer want to receive direct marketing from Creddo, or;
  • The personal data is processed illegally

In some cases, Creddo will not be able to delete your personal information because we must meet the requirements set by the law on our business. In such cases, Creddo will block the use of your personal data for the purposes for which you wish to be forgotten.

Right to restriction of treatment

You have the right to request that the processing of your personal data be restricted if any of the following situations exist:

  • You do not think that the personal information we hold about you is correct and the processing can be limited for a period of time which allows Creddo to verify that the information is correct.
  • In cases where Creddo no longer needs your personal information but you need the information to be able to assert, determine or defend legal claims – then you can request that Creddo not delete your information.
  • If it turns out that Creddo’s processing of your personal data is illegal but you still do not want the personal data deleted.
  • If Creddo has stated legitimate interest as a legal basis for processing your personal data, you may request that the processing of your personal data be limited during the time they are checked if Creddo’s legitimate interest outweighs your objections.

If processing of your personal data has been restricted, Creddo may only store or use your personal data to establish, enforce or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of major public interest in national or EU level.

In all other cases, Creddo must obtain your consent for further processing. Creddo must also inform you when the restriction on the processing of your personal data ends.

Right to object

You may, at any time, object to the processing of personal data based on a legitimate interest with Creddo. When Creddo considers that there is a legitimate interest in processing your personal data, it may eg. in direct marketing or in order to prevent abuse of Creddo’s services, a balance of interests takes place.

Creddo’s interest in preventing abuse of Creddo’s services is weighed against your interest in the fact that your personal data is not processed for privacy reasons.

If you choose to object, Creddo will no longer process your personal data for the purpose if Creddo is unable to prove legitimate grounds for the treatment that outweigh your interests, rights and freedoms. In such situations, Creddo may also process your personal data. if it is about establishing, exercising or defending legal claims.

You may at any time object to the processing of your personal data for direct marketing purposes, including any profiling of you for such purposes. If you object to your personal data being processed for direct marketing, Creddo should cease processing your personal data for direct marketing. Note that if you are the one who contacts Creddo for more information about our services then it is not direct marketing.

Right to data portability

If the processing of your personal data is automated and has as a legal basis either an agreement or a consent, you are entitled to receive a copy of the personal data that you have provided Creddo. The personal data must be provided in a format that is structured, widely used and machine-readable. You are then entitled to transfer your personal data to another data controller without Creddo being able to deny you this.

Complaint

If you have any comments or complaints regarding Creddo’s processing of your personal data, you are welcome to contact [email protected]. We will be happy to help you.

If, by all presumptions, we would not succeed in finding a solution together, you can turn to the Swedish Authority for Privacy Protection (former Data Inspection Board), which is the supervisory authority for the processing of personal data. The Swedish Authority for Privacy Protection can be reached at:

Swedish Authority for Privacy Protection
Box 8114
104 20 Stockholm

Email: : [email protected]
Phone: 08-657 61 00
imy.se

Changes to our Privacy Policy

Continuous minor changes to our Privacy Policy are communicated through the website. Significant changes in how your data is handled are via e-mail (if we have access to your e-mail address), SMS or letter.

If you have any comments on Creddo’s handling of personal data as a result of the change, you are welcome to contact our customer service at [email protected].

Last updated 20210930