Privacy policy

1. Purpose

Your privacy is important to us. We want you to feel secure when sharing your personal data with us. To that end, this policy outlines how we safeguard your privacy and protect your rights. It is based on current data protection legislation and describes how we handle personal data, what it is used for, who has access to it, under what circumstances, and how you can exercise your rights.

Goobit AB, organization number 556911-9992 ("Goobit"), is the data controller. Contact information for the Data Protection Officer is provided at the end of this document.

This policy applies to any Customer who uses, has used, or has expressed an intention to use our services, including relationships established before this policy came into effect.

2. Definitions

Customer: A natural person using, having used, or intending to use Goobit’s services.

Personal Data: Any information directly or indirectly related to a natural person.

Processing: Any handling of Personal Data, including collection, recording, storage, transfer, or deletion.

Data Protection Officer: The individual supervising compliance with data protection regulations.

3. General Provisions

3.1 This policy provides an overview of how Goobit processes Personal Data. Additional details may be specified in agreements or related documents.

3.2 Goobit ensures the confidentiality of Personal Data in compliance with applicable law and implements technical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss, alteration, or destruction.

3.3 Goobit may engage Personal Data processors or transfer Personal Data to other recipients. In such cases, Goobit ensures that processors handle Personal Data according to Goobit’s instructions and applicable law, with adequate security measures in place.

4. Categories of Personal Data

Goobit may collect Personal Data directly from Customers, through the use of services, or from external sources (e.g., public or private registers or by third parties). Categories of Personal Data include, but are not limited to:

Contact and Personal Information: Name, social security number, date of birth, identity document details (e.g., passport copy), address, phone number, email, preferred communication language.

Financial information: Such as account details, ownership, transaction history, transaction partners and business activities related to the proof of origin of funds or assets.

Legal Obligation and Compliance Data: Information derived from legal requests or obligations (e.g. tax residence data), payment behavior, data enabling anti-money laundering measures, or ensuring compliance with international sanctions.

Service Usage and Relationship Data: Data related to agreements, transactions, and service usage, information on connections with legal entities, gathered from public sources or third-party providers.

Communication and Interaction Data: Information from interactions via phone, email, or other communication channels.

Customer Preferences and Behavioral Data: Activity levels, preferences, survey responses, data from promotional activities, competitions and campaigns.

5. Purpose and Legal Basis for Processing

5.1 Managing Customer Relationships: Ensuring the delivery of services and maintaining up-to-date data, handling transactions efficiently.

5.2 Risk Assessments and Fraud Prevention: Conducting risk evaluations to determine suitable services and preventing unauthorized access and abuse of service.

5.3 Protecting Interests and Security: Safeguarding both Customer and Goobit’s interests, ensuring service quality and protecting the safety and rights of Customers and Goobit.

5.4 Service Improvement and Technical Development: Conducting customer surveys, market analysis, and developing new services. Enhancing IT infrastructure and user experience.

5.5 Legal Compliance: Ensuring adherence to applicable laws, including anti-money laundering regulations such as the Swedish Act (2017:630) on Measures Against Money Laundering and Terrorist Financing (“PTL”) and the EU Regulation 2023/1113 on information accompanying transfers of funds and certain crypto-assets (the ”Travel Rule”).

5.6 Legal Claims: Establishing, exercising, or defending legal claims.

6. Profiling and Automated Decision-Making

6.1 Goobit may use profiling (automated data analysis) to assess Customer preferences, improve services, or ensure compliance with legal obligations. Examples include personalized offers and fraud prevention measures.

6.2 Customers may receive tailored service recommendations based on their interactions with Goobit unless they opt out of direct marketing.

7. Recipients of Personal Data

To fulfill legal obligations and to provide services in an efficient and safe manner, Goobit may share Personal Data with other recipients, such as:

  1. Authorities (e.g., Swedish Tax Agency, financial supervisory authorities).
  2. Financial institutions and intermediaries.
  3. Service providers, auditors, and consultants.
  4. Database maintainers and credit information agencies.

Goobit remains responsible for the processing of your personal data when sharing it with third parties not constituting authorities.

8. Geographical Area for Data Processing

Personal Data is primarily processed within the EU/EEA. Transfers outside the EU/EEA occur only with appropriate safeguards (e.g., EU standard contractual clauses or certification frameworks like Privacy Shield).

9. Retention Periods

Goobit retains Personal Data as long as necessary for contractual relationships, legal obligations, or legitimate interests. For example:

  1. Contractual data: Retained for up to 10 years after contract termination.
  2. Legal obligations (e.g., anti-money laundering): Retained for 5 years.

10. Customer Rights

Customers (registered) have the following rights regarding their Personal Data:

  1. Request corrections of inaccurate or incomplete data.
  2. Object to certain processing activities.
  3. Request deletion or restriction of data processing.
  4. Access Personal Data and obtain copies.
  5. Data portability: Transfer Personal Data to another provider.
  6. Withdraw consent for data processing.
  7. Object to automated decision-making if it significantly affects them.
  8. Lodge complaints with the Swedish Authority for Privacy Protection (IMY), https://www.imy.se/en.

11. Cookies

Cookies are small data files used to store and sometimes track information about customers’ devices but do not personally identify customers. We use cookies to improve our website and enhance the user experience. There are different types of cookies used for various purposes. Session cookies expire when you close the website, while persistent cookies remain valid for a longer period. We use or may use:

  1. Strictly necessary cookies for basic functionality and security.
  2. Performance cookies to enhance website functionality.
  3. Functionality cookies that recognise customer preferences.
  4. Targeting cookies that track browsing patterns on the website.
  5. Third-party cookies can be either secession or persistent cookies, e.g. for the purpose of improving functionality, design or performance.

We require your consent to use certain types of cookies. This consent is given by accepting cookies in the cookie-banner displayed when customers enter the website. Customers can always choose not to consent or to withdraw consent. This may negatively affect the user experience and make certain features of the website unavailable. Customers can choose to delete cookies via the cookie-banner or, among other methods, through the settings in the web browser used.

12. Contact Details

For inquiries, requests, or complaints regarding Personal Data, please contact Goobit’s Data Protection Officer at:

Data Protection Officer

c/o Goobit AB
Kivra: 556911-9992
106 31 Stockholm, Sweden
Email: [email protected]
Website: www.bt.cx