Last Modified: 11th December 2019
Enfuce Financial Services Ltd and its affiliates (collectively “Enfuce”, “we” and “us”) are committed to protecting your privacy. For a version of this notice in Finnish, please click here; however, please note that our English version supersedes any discrepancies between the language versions.
Enfuce offers a range of cloud-based payment processing and open banking services to other businesses. You may have visited our website or used our services for any one or more of the following purposes:
- out of curiosity about Enfuce and its services (a “Site Visitor”),
- as a developer to review, access or use our APIs (an “API Developer”), and
- as a customer of Enfuce (a “Customer”).
We consider each of these reasons for visiting our website or using our services a type of “data subject category” that helps us design, protect and inform you about your particular privacy rights.
This Privacy Notice includes:
- What information does Enfuce collect?
- For which purposes is my data collected?
- How is my data protected?
- For how long will my data be stored?
- Who is processing my data?
- What are cookies and are they used on Enfuce’s web sites?
- How can I influence my privacy? What are my rights?
- Is this Privacy Notice subject to changes?
- How can I contact Enfuce?
What information does Enfuce collect?
We collect data in four ways and the extent of data we collect depends on your data subject category:
- Data you provide to us. This will depend on your data subject category. For example:
- As a Site Visitor, you may provide us your first and last name, occupation, email or physical address, telephone number, and certain interests or preferences. This data can be collected, for example, when you respond to online forms or surveys, or contact us by email.
- As an API Developer, you may provide us similar information as a Site Visitor, as well as API Developer specific identifier, username and password requested as part of reviewing, accessing or using our APIs, and data related to content an API Developer provides in the use of our APIs. Please refer to our API Developer Terms of Service in connection with this notice for additional terms.
- As a Customer, you may provide us similar information as a Site Visitor, as well as specific Customer information, such as invoicing and payment details, product and order information, customer feedback and contacts. The collection and management of this data will be further detailed in an agreement Enfuce has with such Customer.
- Data we collect automatically or upon your further consent through our websites’ cookies and other technologies. Our websites include web pages starting with enfuce.com. This data may include IP address, device type, operating system and internet browser type, screen resolution, and plug-ins and add-ons, as well as the time you spent on our sites, pages visited, links clicked and pages that led or referred you to our site. Please refer to our Cookies Notice for further information.
- Data we, through a third party, have derived from collected data by using analytics and patterns. This data, for example, includes determining possible interests of the user.
- Data from our business partners, government maintained lists or sources, financial service providers, private identity verification services, and publicly available sources. This data may include your first and last name, address, occupation, phone number, country of residence, and/or sanctions, specially designated nationals, blocked persons or persons of interest information.
For which purposes is my data collected?
Where we act as a controller, we rely upon the following legal grounds to ensure that our use of your data is compliant with applicable law. In general, we collect your data to provide our services and manage our websites. The legal basis under which we collect data are the following:
- Your consent: You may provide us data based on your consent, for example, when you as a Site Visitor contact us through our website contact form or consent to cookies.
- Performance of Enfuce services: We use data for the purpose of entering into a contract and performing our services pursuant to a contractual relationship.
- Legal and regulatory compliance: We use data to verify the identity of certain data subject categories in order to comply with, for example, laws associated with the identification and reporting of illegal and illicit activity (Anti-Money Laundering (“AML”) and Know-Your-Customer, (“KYC”). We may also use data to fulfil our other obligations related to our operations, such as tax, accounting, financial and license reporting and/or audits.
- Legitimate business interest: We may also use your data for a limited number of our legitimate business interests. These are:
- Monitor, prevent and detect fraud and unauthorized payment transactions;
- Mitigate financial loss, claims, liabilities or other harm to Enfuce and where possible each data subject category;
- Respond to inquiries, send service notices and provide customer and end user support;
- Promote, analyse, modify and improve our systems, and tools, and develop new services;
- Manage, operate and improve the performance of our websites and services by understanding their effectiveness and optimizing our digital assets;
- Analyse and advertise our services;
- Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
- Share data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
- Ensure network and information security throughout Enfuce and our services; and
- Transmit data within our affiliates for internal administrative purposes.
We do not use your data for any other purpose. If we do, we will provide you a specific notice at the time of collection and obtain your consent when required by applicable law to use your data for such other purpose.
How is my data protected?
We use appropriate technical, organizational and administrative security measures within Enfuce to protect any information against loss, misuse, and unauthorized access, disclosure, alteration and destruction. Your data is only accessible to a limited number of Enfuce personnel who need access to perform their duties.
This being said, no data transmission or storage system can be 100% guaranteed. If you have any reason to believe that your interaction with us is no longer secure, please contact us immediately.
For how long is my data stored?
We store your data only for as long as is necessary.
- For Site Visitors: we delete any data after eighteen (18) months. Please also refer to our Cookie Notice relating to third party practices.
- For API Developers: your Enfuce related account is typically valid for three (3) months. If you have not logged in to your account during that time period, you are requested to renew your rights.
- For Customers: we retain your data for as long as we are providing the services to you.
This being said, we may continue to store your data after your relationship with Enfuce has ended to the extent necessary to comply with our legal and regulatory obligations, for example, up to six (6) years, or for certain legitimate business interests. In such cases, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law, which may allow us to anonymize your data so that is no longer possible for it to identify you.
Who is processing my personal data?
Enfuce does not sell or rent your data to marketers or unaffiliated third parties. We process your data ourselves and share your data with trusted entities as set forth below:
- Enfuce: We share your data with other Enfuce entities to provide our services and for internal administrative purposes. Enfuce’s headquarters are located in Finland, and we currently have offices in Sweden.
- Service subcontractors: We share your data with a limited number of our services providers who may need to access your data to provide their services on our behalf, such as cloud-hosting, BIN sponsorship, AML/KYC process, identity verification services, information technology and related infrastructure, customer service and auditing services. We authorize such service providers to use or disclose your data to the extent necessary and in compliance with applicable law and require such providers to contractually commit to protect the security and confidentiality of your data they process on our behalf. The names, locations and services provided by our service providers can be found on our Service Providers List page.
- Your authorized parties and third party vendors: We share your data with third party vendors that you have authorized as part of providing our services. In addition, our services may connect you to other websites, which operate independently from us. We are not responsible for such websites’ content or use. The use of your data by such third parties is subject to such third party’s privacy notice and terms.
- Corporate transactions: In the event that we enter into or prepare to enter into a corporate transaction, such as a merger, acquisition, or other kinds of re-arrangements of our business operations, personal data may be transferred to our advisors and the relevant counterparty and their advisors.
- Compliance and defense: We share your data as we believe necessary: (i) to comply with applicable law or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Enfuce, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
We store our data in the EU or the EEA. If any data is transferred outside the EU or EEA, we will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, by using standard contractual model clauses approved by the European Commission, or on the basis of other lawful transfer mechanisms. Third party suppliers processing data on our behalf must process personal data in compliance with this Privacy Notice.
What are cookies and are the used on Enfuce’s website?
How can I influence my privacy? What are my rights?
We are committed to providing you with choices and control over your data. In this section, we list different ways of influencing our data collection and processing.
You may have the following rights with regard to your data that we control about you:
- Right to confirm whether we process your data and if so, to request a copy of such data.
- Right to rectify or update your data that is inaccurate, incomplete or outdated.
- Right to request that we erase your data in certain circumstances.
- Right to request we restrict the use of your data.
- Right to request we export your data to another company, where technically feasible.
- You may also have the right to withdraw your consent or object to the processing of your data if you have previously consented to its processing or the processing is based on our legitimate business interest.
To exercise these rights, please contact us. We will comply to your request to the extent required by applicable law. We may verify your identity before responding to your request.
In case you consider our processing of your personal data infringes the applicable privacy laws, you may have the right to lodge a complaint with the supervisory authority in the EU member state of your place of residence, place of work or place of the alleged infringement.
Is the Privacy Notice subject to changes?
Our services and applicable law are continuously developing. We reserve the right to change this Privacy Notice by informing you through updates on this notice page. The date of this notice can be found at the top of the page, and prior versions can be found through the link below. We recommend that users read our Privacy Notice on regular basis to keep track of changes.
How can I contact you?
You can send us any questions or concerns related to this Privacy Notice via email to email@example.com or send physical mail to Enfuce Financial Services Ltd, Metsänneidonkuja 12, 02130 Espoo, Finland, Attn: Legal.
Version and change history