This privacy notice applies to the services provided by Plexian AB (publ), org.nr: 559109-0559, ("Plexian" or "we") at plexian.se, through the mobile application Edge and where applicable, other digital channels (collectively referred to as "Edge"). It also applies to personal data processing when in contact with us for other purposes than as a user of our services in Edge, for example when signing up for a newsletter or when you are in contact with us on behalf of a supplier
Plexian is the data controller for the processing of personal data that takes place in the context of your use of Edge, our provision of the services and in othercontact with us. In this privacy notice, we describe how we process your personal data and what rights you have in relation to your personal data under the European Data Protection Regulation and supplementary Swedish legislation ("GDPR").
Plexian values your personal integrity and works in a structured way through both technical and organizational security measures to ensure that your personal integrity is not violated. We process your personal data in accordance with the GDPR. We are keen that you feel safe in your contact with us.
This section describes the types of personal data we collect or create.
When you register as a user in Edge, we collect and store your user information, including your full name, social security number and your email address.
When your card application is approved, your Edge card is linked to your user account in Edge. This is done by receiving an ID number from the card issuer that can be linked to your user account in Edge. However, we do not have access to your card details.
When you use the services in Edge, we collect transaction data from the card issuer that includes the purchases that you make with your Edge card. The information consists of, for example, purchase amount and point of sale.
We collect information from you when you register or transmit data through forms in Edge, such as settings and whether you would like to receive marketing from us as well as any communications to our support team.
We may also collect technical information in connection with your use of the service or when otherwise in contact with us, such as browser information, websites from which you have been referred, pages you visit in the Service, and your IP address.
When contacting us for other purposes than as a user of the services in Edge, for example when signing up for a newsletter or as a contact person för a supplier, we process the personal data that is necessary for this purpose. It is usually limited to name and email address.
Plexian uses the personal data for the purposes set out below.
The main purpose of our collection and processing of personal data as described above is to document, administer and fulfill our contractual obligations to you within the framework of our service (Art. 6.1 b GDPR). This means that in the event that you do not provide us with this data, we cannot deliver services in accordance with our agreement with you.
After the termination of the agreement, we will continue to process the data if it is necessary to be able to assist with, counteract or defend legal claims, but never beyond until a dispute is terminated or any claim becomes obsolete. The general limitation period under the statute of limitations act is currently three years. The deadline can be extended but never longer than ten years.
We also process your personal data to fulfill any legal obligations incumbent on Plexian as a data controller (Art. 6(1)(c) GDPR).
The storage of personal data for accounting purposes must be kept for seven years from the end of the financial year. Personal data obtained in connection with customer due diligence and investigations of suspicious transactions are stored to identify and manage the risk of money laundering and terrorist financing. The personal data is stored for this purpose for five years from the date of termination of the contractual relationship or the date of the relevant transaction.
We may use your personal data based on a legitimate interest. Legitimate interest is a legal basis for the processing of personal data, which means that the processing is permitted provided that we have in each case weighed Plexian's interest in processing the personal data against your right to privacy (Art. 6.1 f GDPR).
We may process your contact information to inform you about offers and campaigns from us or our partners. In that case, you will first have been given the opportunity to opt out or, if required, actively consent to this processing. You can also contact us later and let us know that you do not want this type of marketing, by calling or sending an email to our customer service. Contact information can be found at the end of the document.
We may also process your personal data to ensure network and information security. We further use them in the development of our services including for testing purposes but in these cases the data is usually pseudonymized to ensure your privacy.
We may also process your personal data if you are a contact person for one of our suppliers or similar.
Processing of personal data as described above is valid as long as there is an active agreement between Plexian and you or, as applicable your employer, and for a limited time after the agreement has ended.
We may also process your personal data based on consent (Art. 6.1 a GDPR). This is the case for example if you sign up for a newsletter or ask us to contact you for other purposes. We process your personal data as long as the consent is valid and if it is necessary in order to fulfil the purpose of the processing.
We share your personal data with third parties only if required by applicable law, if it is necessary to fulfill our services and fulfill our contractual obligations to you as a user of our services /or it is based on a legitimate interest. We have suppliers and partners who provide services to us and who help us process your personal data in a secure manner.
When we share your personal data, we ensure that the recipient processes it in accordance with the GDPR. For example, we have so-called data processing agreements in place with our suppliers. When sharing your personal data with partners, they may process your data in accordance with their own privacy notice but only for the purpose for which the data has been shared. Any further use of the data by these recipients is excluded. As far as possible, the data will be disclosed in anonymized form.
Plexian will not share, sell, transfer, or otherwise disclose your personal data to any other third party.
Plexian strives to process your personal data within the EU/EEA. However, in certain situations, such as when we share your personal data with a supplier or subcontractor with operations outside the EU/EEA, it may be that your personal data is transferred outside the EU/EEA. We ensure an appropriate level of protection for your personal data, even when the data is transferred outside the EU/EEA. Your rights to the data (which you can read more about in section 6) are also not affected by the data being transferred outside the EU / EEA.
If you want more information about our protective measures, you can always contact us. Contact information can be found at the end of the document.
For you as a user of Edge to be able to take part of offers and information from our network of merchants, material from third parties is published in Edge. In this material there may be links to external websites or similar. Please note that Plexian is not responsible for the personal data processing that may occur on such websites or similar, but for such processing, the respective third party's privacy notice applies.
You as a user of Edge or who is in contact with us in another capacity, have the right to receive information about what personal data is processed by us and thus have the right to receive a register extract. You are entitled to this information free of charge and without giving reasons once a year. You also have the right to turn to us to;
Contact details for making a request as above can be found at the end of the document. Your request and/or objection as described above will be examined by us on a case-by-case basis, which in some cases may result in us not being able to accommodate your request. We cannot delete data or restrict the processing of your personal data if the data needs to be saved due to a contractual relationship or due to legislation.
If you believe that the processing of your personal data to any extent violates the GDPR, you have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY) File a complaint under the GDPR | IMY Please find contact information to IMY below.
Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm
Phone: 08-657 61 00
To exercise your rights under this privacy notice, to lodge a complaint or if you have any other questions, please contact us as set out below:
Plexian AB (publ), Gustav Adolfs Torg 8B, SE-211 39 Malmö, Sweden
Phone: 040-602 54 15
This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We are committed to safeguarding the privacy of your information. By “your data”, "your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.
We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.
Transact Payments Malta Limited (“TPML”, “we”, “our” or “us”) is the issuer of your cardand is the Data Controller for the personal data which you provide to us in relation to the cardonly. TPML is not the Data Controller in relation to any use of your personal data to send marketing or promotional material to you. TPML is an e-money institution, authorised and regulated by the Malta Financial Services Authority. Our registered office address is Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914, Malta and our registered company number is C91879.
Enfuce is the Program Manager of your card and Plexian AB is authorised to act on its behalf in relation to certain activities. Enfuce is a Data Processor of the personal data which you provide to us in relation to the card.
Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the Cardholder Agreement or Cardholder Terms & Conditions or similar) which we enter into when you sign up for our payment services. At times, the processing may be necessary so that we can take certain steps, or at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.
We may also process your personal data to comply with our legal or regulatory obligations.
We, or a third party, may have a legitimate interest to process your personal data, for example:
When you apply for, and use, a card, we, or our partners on our behalf, collect the following information from you: Full name, address, date of birth, email address, Social Security Number (SSN), phone number, account balances, transactional and cryptographic data, IP address and card data.
When you use your card to make transactions, we store that transactional and financial information. This includes the date, amount, currency, card number, card name, account balances and name of the merchant, creditor or supplier (for example, a supermarket or a retailer). We also collect information relating to the payments which are made to/from your account.
We use your personal data to:
When we use third party service providers, we have a contract in place that requires them to keep your information secure and confidential.
We may receive and pass your information to the following categories of entity:
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
These transfers are subject to special rules under European and Malta data protection law.
These non-EEA countries do not have the same data protection laws as Malta and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission has made an adequacy decision, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here.
Where we send your data to a country where the European Commission has not made an adequacy decision, our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please go to the European Commission’s website.
If you would like further information please contact our Data Protection Officer on the details below.
We will store your information for a period of at 5 years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any applicable legislation, or changes to this, requires us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.
You have certain rights regarding the personal data which we process:
We implement security policies and technical measures in order to secure your personal data and take steps to protect it from unauthorised access, use or disclosure.
While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner. Their contact details are as follows:
Floor 2, Airways House, Triq il-Kbira, Tas-Sliema, SLM1549, Malta.
(+356) 23287100 / email@example.com
The supervisory authority in Sweden is:
104 20 Stockholm
Phone number: 08-657 61 00