Privacy policy – Business loan
We protect your personal privacy
OPR-Finance AB is responsible for personal data and ensures that you can feel safe with how we process your personal data. OPR-Finance AB keeps a customer register with information to be used to maintain customer relations and administer the customer relationship. OPR-Finance AB documents the communication between OPR-Finance AB and the customer. OPR-Finance AB, other companies in the group to which OPR-Finance AB belongs and other cooperation partners of OPR-Finance AB are entitled to use the information in the customer register for marketing purposes.
OPR-Finance AB applies Regulation (EU) 2016/679 (General Data Protection Regulation; “GDPR”) and the Data Protection Act (2018:218) to protect the borrower’s privacy and personal data. By using OPR-Finance services, the customer accepts our privacy policy and how we process your personal data. The customer also agrees that OPR-Finance AB uses electronic communication channels to send information to you. Before using our services, it is important that you read and understand our privacy policy.
1. Personal data we process
We process the following personal data about our customers:
- Basic information about the data subject: name, date of birth, social security number, IP number, customer number, user name and/or other identifying identifier, gender, mother tongue;
- Contact information to the data subject: e-mail address, telephone number, address;
- Information about the company and the company’s contact persons: (note. Only if this is relevant.) for example FO number, name of and contact details for contact persons;
- Information about the customer relationship and the agreement: About previous and current agreements and other information about the customer relationship.
Without the necessary information, we cannot provide the product and/or service.
2. Data processing
In order for OPR-Finance AB to process your personal data, there must be support in current legislation and a legal basis for the processing. For our processing of your personal data to be legal, it is required that it is necessary according to one or all of the following points.
- To fulfill the agreement and our commitments to you
- To fulfill a legal obligation for OPR-Finance AB.
The processing of your personal data may also be done under the following conditions:
- When balancing interests, where OPR-Finance AB’s interest in processing data is weighed against your interest in privacy protection
- In the event of consent to the processing. A consent is provided separately and you can always revoke it by contacting customer service.
In order to provide services and products to you, we need to process your personal data. Below you will find information on the purposes for which we process your personal data, as well as the legal basis for the processing. The period that we store and save your personal data may vary depending on the reason for the storage. We never save data longer than we need for current purposes.
OPR-Finance saves customer data for purposes other than its contractual obligations and rights, for example to fulfill requirements for measures against money laundering, accounting and other regulatory requirements. We regularly assess the need for data storage taking into account relevant legislation and therefore do not store customer data longer than necessary.
We store personal information for as long as is necessary for the purpose for which the personal information is used. Identifiable personal information is stored and may be processed for five years after the customer has fulfilled its obligations. For potential customers (for example, the application has not been accepted or the customer has not accepted the offer), the storage period for personal data is two years.
Loan and credit matters
When we receive an application for a business loan, we do a credit check on the underwriter in the company to know that the applicant has the right to apply for a loan or credit. Within the framework of this processing, we also check the ownership relationship in the company and thus collect personal data from the Companies Registry. We also make a credit report on the person who is intended to be a personal guarantor for a possible loan.
Personal data | Pupose | Legal ground | Storage time |
First and last name, social security number, IP address (information about your use of our services) | To be able to identify you. | Legal obligations according to the Banking and Financing Act. | For 5 years. Applications that do not lead to a loan offer are stored for 2 years. |
From you: First and last name Social security number From third parties: Credit information about you. | We give this information to third parties to make a credit report in order to check if we can give you a loan. We then get back a credit report from you from a third party. | Legal obligations according to the Banking and Financing Act. | Credit information is stored as long as you are a customer with us. After the end of the customer relationship, we store the data for 3 years. We store the information at this time in order to be able to show it to the authorities in the event of a request. |
IP-adress, Device-ID | To prevent fraud | Legal obligations under the Act on (2017:630) on measures against money laundering and financing of terrorism | For 5 – 10 years. However, the total time may not exceed 10 years. |
Application
When you make a digital application with us, we ask you to provide personal data in order for us to be able to administer your application and create a case with us.
Personal data | Purpose | Legal ground | Storage time |
First and last name, e-mail address, social security number, mobile number | To be able to administer your application. | Agreement. After the end of the contract period, we further support treatment of legal obligations according to the Accounting Act. Applications that do not lead to a loan/purchase are stored on the basis of legitimate interest. | Applications that do not lead to a loan promise are stored for 2 years. Applications that lead to a purchase/loan promise are stored for 7 years as well as the current accounting year, in accordance with the Accounting Act. |
Marketing
We collect personal data about you and create a customer profile based on your interests in order to be able to direct relevant marketing to you regarding our products and services. This is considered profiling. Read more about what profiling means in section 3.
Personal data | Purpose | Legal ground | Storage time |
From other sources: First and last name, e-mail address, mobile number and residential address. IP address, device ID. | To communicate marketing about our services and products to you. | Our legitimate interest in communicating about our business. We consider that our legitimate interest outweighs your interest in your rights and is necessary to achieve the purpose of the processing | We store this information for a maximum of 2 years. |
If the borrower does not wish the personal data to be used for purposes related to direct marketing from OPR-Finance AB, or any other company in the group to which OPR-Finance AB belongs, the borrower can contact us at dataskyddsombud@opr-finance.se
Customer surveys
In some cases, we conduct customer surveys in order to be able to evaluate and develop our business. We then usually ask you to answer some questions and we store the answers you sent in together with your contact details.
Personal data | Purpose | Legal ground | Storage time |
First and last name, e-mail address, mobile number. We also save your answers to the survey. | To develop and improve our services. | Our legitimate interest in developing our business. We consider that our legitimate interest outweighs your interest in your rights and is necessary to achieve the purpose of the processing. | As long as you are a customer with us. After the end of the customer relationship, we store the data for 36 months. |
Customer service
OPR-Finance AB processes your customer data as we manage your case history, to be able to provide customer service, to be able to provide our self-service, and to be able to constantly train our employees and improve our way of working.
Personal data | Purpose | Legal ground | Storage time |
First and last name, e-mail address, mobile number and audio calls. | So that we can administer your case with us and for the purpose of getting back to you in your case. | Our legitimate interest in developing our business. We consider that our legitimate interest outweighs your interest in your rights and is necessary to achieve the purpose of the processing. | As long as your case is ongoing with us and thereafter for two months. Recorded audio calls are stored for 4 years. |
3. Where do we get information from?
We mainly obtain information from the following sources: The data subject, the population data register, credit reference agencies, contact information service providers and other similar reliable sources.
4. Profiling and automated decision-making
Profiling
OPR-Finance AB can use profiling to create customer profiles for those registered. The profiles are created by, among other things, collecting and updating your personal data from publicly available sources and information from authorities or other third parties within the framework of applicable laws and regulations. Updating this type of information is done manually or automatically. The personal data we use to create these profiles appears in section 1.
We use these profiles to target direct marketing to you. The marketing takes place via e.g. letter, telephone, SMS and e-mail. We process customer data, for example by analyzing and processing statistics, in order to be able to offer you relevant offers regarding our services. We also use these profiles as a basis for the decisions we make about your creditworthiness and whether we can grant a business loan. Read more below about how we use profiling for automated decision-making.
Automatiserat beslutsfattande
Our decisions about your creditworthiness are partly based on automated decision-making. Automated decision-making means that decisions are made technically, without human intervention. However, we always apply a human decision before the decision is communicated to the person. Our decision about your creditworthiness is based on information compiled about you automatically, the information we collected to create your profile (see which personal data in section 1). The decisions made in this way can affect you in such a way that you are not granted a loan.
You have the right to object to decisions made by us through automated decision-making, including profiling. We will then re-evaluate the decision and you will be asked to provide information about additional circumstances. Read more under section 8 about how to exercise your right to object.
5. To whom does OPR-Finance AB disclose information?
OPR-Finance AB processes the information themselves and uses subcontractors who process personal data on our behalf and for us. For data protection purposes, we have entered into an agreement on personal data processing with all subcontractors.
We disclose personal data to the following business categories:
Swedish credit reporting company
We share your personal data with credit reporting agencies for the purpose of conducting credit reports on you to assess your creditworthiness. We send your social security number to these companies in order to make a credit report. We support this processing on our legal obligation to evaluate whether we can grant you a credit or a loan. Credit information is taken from Creditsafe i Sverige AB’s credit information register.
Debt collection companies
We may transfer your personal data (contact details and payment information) to debt collection companies for the purpose of collecting debts/failed payments. We base this processing on our legitimate interest in collecting debts and consider that our legitimate interest outweighs your interest in the protection of your rights and is necessary to fulfill the purpose of the processing.
Marketing
We disclose personal data to external service providers who offer direct marketing. These suppliers help us with system management to be able to send emails and SMS to our business customers. We support the processing on our legitimate interest.
Agencies
Under compelling circumstances, your personal data (contact details, payment history) may be disclosed to authorities. We are obliged by law to disclose personal data to law enforcement national and international authorities if a crime is suspected.
Within the group
Inom vår koncern kan vi komma att dela med oss av personuppgifter, de som anges under avsnitt 1, i syfte att utveckla våra tjänster samt för att kunna tillhandahålla vår tjänst. Vi stödjer den här överföringen på vårt berättigade intresse av att kunna tillhandahålla vår tjänst och bedömer att vårt intresse väger tyngre än ditt intresse för skydd för dina rättigheter samt att behandlingen är nödvändig för att uppnå ändamålet.
Within our group, we may share personal data, those specified under section 1, in order to develop our services and to be able to provide our service. We base this transfer on our legitimate interest in being able to provide our service and consider that our interest outweighs your interest in the protection of your rights and that the processing is necessary to achieve the purpose.
6. How we protect your information
The information is compiled in databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are kept in locked premises and are only accessible to certain predetermined persons.
In addition, we take reasonable measures to ensure that no incompatible, outdated or incorrect personal data is stored in the register, taking into account the purpose of the processing. We will correct or delete such information without delay.
7. Cookies
A cookie is a small text file that is saved on your computer by the website you visit. OPR-Finance AB uses cookies to improve your user experience and to give you as a visitor access to certain functionality.
When you visit www.opr.se, OPR-Finance collects information about all visits to the website. The information is used to improve the experience, evaluate the use of the element website and to target offers. Here the customer can read more about how we handle and use information and generally about OPR-Finance cookies and data protection practices. Cookie Policy
8. Third country transfer
We only use storage services within the EU/EEA. Some of our storage services are owned by American companies, which means that the service may be obliged by law to disclose personal data to American authorities.
The use of cookies for marketing purposes involves a transfer of your personal data to a country outside the EU/EEA (“third country”). By consenting to our use of these cookies, your personal data may be transferred to the United States. The transfer takes place automatically when you consent to the use of cookies on our website. The transfer then takes place based on the consent you give when you accept the use of cookies. In the United States, the EU’s data protection regulation (GDPR) does not apply, which means increased risk exposure for your personal data, among other things in terms of the opportunities for authorities in the United States to gain access to the personal data and your opportunities to exercise your rights as a data subject. To cancel future transfers to third countries, you can contact us at the contact details below or block all cookies via the settings in your browser. More information on how to block cookies can be found on the browser’s help pages. You can also read more about cookies in our Cookie Policy.
Any transfer to a third country, the USA, is supported by the EU Commission’s standard contractual clauses.
https://eur-lex.europa.eu/legal-content/SV/TXT/PDF/?uri=CELEX:32021D0914&from=SV
9. What rights do you have as a registered user?
Right to information and access
You have the right to receive confirmation of whether personal data concerning you is being processed and, if so, access to a copy of the personal data (so-called register extract). You have the right to receive information and register extracts free of charge. You can request register extracts by contacting us using the details below.
Right to rectification
You have the right to have inaccurate personal data concerning you corrected or supplemented without undue delay. When you discover that there are errors in the information we process about you, you can contact us to have your information corrected or supplemented.
Right to erasure (right to be forgotten)
In certain cases, you have the right to have your personal data deleted without undue delay. You have the right to have your personal data deleted if:
- the personal data is no longer necessary for us to process for the purpose for which it was collected,
- you withdraw your consent on which the processing is based,
- if you objected to the data being processed based on our legitimate interest and there are no legitimate reasons that outweigh your interest in having your data protected,
- the personal data has been processed in an illegal manner.
To the extent that it is necessary to continue processing your personal data, for example to fulfill our legal obligations, we are not obliged to delete your personal data. This means that certain data can be stored until we are no longer obliged to process them.
Right to limitation
In certain cases, you have the right to request that our processing of your personal data be restricted. A restriction can be made for several reasons.
- If you believe that the personal data we process about you is incorrect and you have requested correction, you can request limited processing during the time we are working to check whether the personal data is correct or not.
- The processing is illegal and you object to the deletion of the personal data and instead request a limitation of their use.
- We no longer need the personal data for the purposes of the processing, but you need it to be able to establish, assert or defend legal claims.
- If you have objected to processing based on a balancing of interests (legitimate interest), you can request limited processing during the time we are working to check whether our legitimate interests outweigh your legitimate interests.
In the event that the processing has been restricted according to any of the situations above, we may only, in addition to the storage itself, process the data to establish, assert or defend legal claims, to protect someone else’s rights or because you have given your consent.
Right to data portability
In some cases, you have the right to so-called data portability, i.e. right to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transfer this data to another personal data controller. A prerequisite for data portability is that the transfer is technically possible and can take place automatically, and that we process the personal data based on your consent or to fulfill an agreement.
Right to object
You have the right to object at any time to our processing of your personal data which is based on a balancing of interests as a legal basis (legitimate interest). A continued processing of your personal data requires us to show a justified reason for the current processing. Otherwise, we may only process the data to establish, exercise or defend legal claims. For reasons connected to the customer’s specific situation, the customer also has the right to object to profiling and other processing of personal data concerning you, when the processing of the information is based on the customer relationship.
As registered, the customer also has the right not to be subject to decisions based solely on automated decision-making, if such decision-making has legal consequences or similarly significantly affects the customer. You have the right to object to such processing, including profiling. However, the right does not apply if the decision-making is necessary to enter into or fulfill an agreement with the customer or if the customer has given express consent.
Complaints
You also have the opportunity to submit a complaint regarding the processing of personal data to the Swedish Data Protection Authority (if you believe that the processing of your personal data violates your rights and interests according to current law. Read more on IMY’s website https://www.imy.se
As a registered user, according to the EU’s General Data Protection Regulation (“GDPR”), you have the right to file a complaint If you feel that your rights regarding the processing of personal data are not being met. You then contact the OPR-Finance AB data protection ombud in writing by email Dataskyddsombud@opr-finance.se You can also send a written complaint to the address below:
OPR-Finance AB
Dataskyddsombud
Kungsbroplan 1
112 27 Stockholm
Privacy Policy Changes
Should OPR-Finance AB make changes to this privacy policy, we will post the changed statement on our website with an indication of the change date. We recommend that you review these Privacy Policy Principles periodically to ensure that you are aware of any changes that have been made.
This privacy policy was updated on 02/24/2023