Last Modified: 29 June 2021
Enfuce Financial Services Ltd and its affiliates (collectively “Enfuce”, “we” and “us”) are committed to protecting your privacy. This Privacy Notice describes how we collect, use and share your personal data, and your rights related to such data. For a version of this notice in Finnish, please click here; however, please note that our English version supersedes any discrepancies between the language versions.
Enfuce offers a range of cloud-based payment processing, open banking and carbon footprint approximation services to other businesses (our “Customers”). In connection with these services, Enfuce also provides access, use, interaction or engagement with our application program interfaces (“APIs”), customer service channels and dashboards, online features, sandboxes, social media platforms and websites (collectively, “Services”).
By using these Services, you acknowledge that you have read and understood this Privacy Notice.
You may have used our Services for any one or more of the following purposes:
- out of curiosity about Enfuce and its services and may include downloading articles from our website, or submitting information requests, dispute information or other contact forms or chat functions through our website (a “Site Visitor”),
- as a developer to review, access or use our APIs or sandboxes, or as a Customer to access customer service channels and dashboards (a “Registered User”),
- , and/or
- as an end user of a Customer using our account information service (“AIS”) and/or payment initiation service (“PIS”) license (a “TPP User”). Customers that use our AIS and PIS services are referred to as “TPP Licensees”. Enfuce License Services Ltd, business ID 2992502-3, with address at Metsänneidonkuja 12, 02130 Espoo, Finland is the relevant Enfuce entity that holds the license to perform AIS and PIS services.
We consider each of these reasons for using our Services a type of “data subject category” that helps us design, protect and inform you about your particular privacy rights.
1. WHAT INFORMATION DOES ENFUCE COLLECT?
We collect data in four ways and the extent of data we collect depends on your data subject category:
- Data you provide to us. This will depend on your data subject category. For example:
- As a Site Visitor, you may provide us your first and last name, occupation, email or physical address, telephone number, and certain interests or preferences. You may also provide to us other personal information when you correspond with us, such as transactional information when submitting a claim or dispute or feedback when submitting a request for more information. This data can be collected, for example, when you respond to online forms or surveys, or contact us by email.
- As a TPP User, you may provide us similar information as a Site Visitor, as well as data we collect upon your consent to perform AIS or PIS as redirected by the TPP Licensee. This data relates to both (x) consent data, such as IP address, full name, email address or other cryptographic key and (y) account information that you designate through the AIS and/or PIS services that are being provided to you. Please refer to the terms and policies of the TPP Licensee by which you were redirected to our TPP User interface in connection with this policy for additional terms that may be applicable to you.
- Data we collect automatically or upon your further consent through our websites’ cookies and other technologies. Our Services include web pages starting with enfuce.com. This data may include IP address, device type, operating system and internet browser type, screen resolution, and plug-ins and add-ons, as well as the time you spend on our sites, pages visited, links clicked and pages that led or referred you to our site. Please refer to our Cookies Notice for further information.
- Data we, through a third party, have derived from collected data by using analytics and patterns. This data, for example, includes determining possible interests of the user.
- Data from our business partners, government-maintained lists or sources, financial service providers, private identity verification services, and publicly available sources. This data may include your first and last name, address, occupation, phone number, country of residence, and/or sanctions, specially designated nationals, blocked persons or persons of interest information.
2. FOR WHICH PURPOSES IS MY DATA COLLECTED?
This Privacy Notice concerns data where we act as a controller. We rely upon the following legal bases to ensure that our use of your data is compliant with applicable law. In general, we only collect your data to provide our services and manage our Services. The legal basis under which we collect data are the following:
- Your consent: We may process your data based on your consent, for example, when you as a Site Visitor contact us through our website contact form, when you as a Registered User access our Services, or as a TPP User collect or initiate payments from accounts you have selected as part of our AIS and/or PIS services. Processing of data based on your consent will be performed only for the purpose for which the Service is being performed, unless another legal basis exists, as set forth below.
- Performance of Enfuce services: We process data for the purpose of entering into a contract and performing our services pursuant to a contractual relationship.
- Legal and regulatory compliance: We process data to verify the identity of certain data subject categories in order to comply with, for example, laws associated with the identification and reporting of illegal and illicit activity (Anti-Money Laundering (“AML”) and Know-Your-Customer, (“KYC”) or those associated with our AIS and/or PIS license. We may also use data to fulfil our other obligations related to our operations or our AIS/PIS license, such as tax, accounting, financial and license reporting and/or audits.
- Legitimate business interest: We may also use your data for a limited number of our legitimate business interests. These are:
- Monitor, prevent and detect fraud and unauthorized payment transactions;
- Mitigate financial loss, claims, liabilities or other harm to Enfuce and where possible each data subject category;
- Respond to inquiries, send service notices and provide Customer and end user support;
- Promote, analyse, modify and improve our systems, and tools, and develop new services;
- Manage, operate and improve the performance of our websites and services by understanding their effectiveness and optimizing our digital assets;
- Analyse and advertise our services;
- Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
- Share data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
- Ensure network and information security throughout Enfuce and our services; and
- Transmit data within our affiliates for internal administrative purposes.
We do not use your data for any other purpose. If we do, we will provide you a specific notice at the time of collection and obtain your consent when required by applicable law to use your data for such other purpose.
3. HOW IS MY DATA PROTECTED?
We use appropriate technical, organizational and administrative security measures, including encryption, de-identification and restrictive access control, to protect information against loss, misuse, and unauthorized access, disclosure, alteration and destruction. Your data is only accessible to a limited number of Enfuce personnel who need access to perform their duties.
This being said, no data transmission or storage system can be 100% guaranteed. If you have any reason to believe that your interaction with us is no longer secure, please contact us immediately.
4. FOR HOW LONG WILL MY DATA BE STORED?
We store your data only for as long as is necessary to provide the Services, comply with our legal obligations and other legitimate business purposes. Storage periods of the foregoing may vary for different Services and/or legal bases due to various reasons. Certain storage periods can be reviewed in our Cookies Notice, but otherwise, please contact us if you wish to receive further information regarding the period of time for which we retain your personal data.
5. WHO IS PROCESSING MY PERSONAL DATA?
Enfuce does not sell or rent your data. We process your data ourselves and share your data with trusted entities as set forth below:
- Enfuce: We share your data with other Enfuce entities to provide our services and for internal administrative purposes. Enfuce’s headquarters are located in Finland, and we currently have an office in Sweden.
- Service subcontractors: We share your data with a limited number of our services providers who may need to access your data to provide their services on our behalf, such as cloud-hosting, AML/KYC process, identity verification services, information technology and related infrastructure, customer service and auditing services. We authorize such service providers to use or disclose your data to the extent necessary and in compliance with applicable law, and require such providers to contractually commit to protect the security and confidentiality of your data they process on our behalf. Other than as stated in the Cookies Notice, we do not have a list of all third parties for security reasons and as this would be dependent on your data subject category. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by contacting us.
- Your authorized parties and third party vendors: We share your data with TPP Licensees upon your authorization. We also share your data with third party vendors that you have authorized as part of providing our services, such as banks. In addition, our services may connect you to other websites, which operate independently from us. We are not responsible for such websites’ content or use. The use of your data by such third parties is subject to such third party’s privacy notice and terms.
- Corporate transactions: In the event that we enter into or prepare to enter into a corporate transaction, such as a merger, acquisition, or other kinds of re-arrangements of our business operations, personal data may be transferred to our advisors and the relevant counterparty and their advisors.
- Compliance and defense: We share your data as we believe necessary: (i) to comply with applicable law or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Enfuce, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
We store our data in the EEA. If any data is transferred outside the EU or EEA, we will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, by using standard contractual model clauses approved by the European Commission, or on the basis of other lawful transfer mechanisms. Third party suppliers processing data on our behalf must process personal data in compliance with this Privacy Notice.
6. WHAT ARE COOKIES AND ARE THEY USED ON ENFUCE´S WEBSITE?
7. HOW CAN I INFLUENCE MY PRIVACY? WHAT ARE MY RIGHTS?
We are committed to providing you with choices and control over your data. In this section, we list different ways of influencing our data collection and processing.
You may have the following rights with regard to your data that we control about you:
- Right to confirm whether we process your data and if so, to request a copy of such data.
- Right to rectify or update your data that is inaccurate, incomplete or outdated.
- Right to request that we erase your data in certain circumstances.
- Right to request we restrict the use of your data.
- Right to request we export your data to another company, where technically feasible.
- You may also have the right to withdraw your consent or object to the processing of your data if you have previously consented to its processing or the processing is based on our legitimate business interest.
To exercise these rights, please contact us. We will comply to your request to the extent required by applicable law. We may verify your identity before responding to your request.
In case you consider our processing of your personal data infringes the applicable privacy laws, you may have the right to lodge a complaint with the supervisory authority in the EU member state of your place of residence, place of work or place of the alleged infringement.
Removal from marketing communications
You may receive marketing email communications from us where permissible. If you would like to stop receiving these communications, you can inform us to unsubscribe from these communications.
8. IS THIS PRIVACY NOTICE SUBJECT TO CHANGES?
Our services and applicable law are continuously developing. We reserve the right to change this Privacy Notice by informing you through updates on this notice page. The date of this notice can be found at the top of the page, and prior versions can be found through the link below. We recommend that users read our Privacy Notice on regular basis to keep track of changes.
9. HOW CAN I CONTACT YOU?
You can send us any questions or concerns related to this Privacy Notice via email to firstname.lastname@example.org or send physical mail to Enfuce Financial Services Ltd, Metsänneidonkuja 12, 02130 Espoo, Finland, Attn: Legal.
Version and change history