KWICK RECEIPTS PRIVACY POLICY

Last revised 18th of September, 2018.

A. DATA CONTROLLER AND SCOPE

ETNetwork AB, Eriksbergsgatan 7, 114 30 Stockholm, Sweden, org.no. 556854-7706, (below “ETN”, “we”, “our” or “us”) is the data controller for the processing of all personal data you may provide us with or which we otherwise may collect when visiting our website, using our services or apps, including Kwick Receipts.

This main purpose with this privacy notice is to provide information to data subjects in accordance with applicable data protection legislation.

ETN is committed to ensuring that your privacy is protected. We therefore process personal data in accordance with the following principles:

- Freedom; Your personal data belongs to you.

- Proportionality; We do not process more personal data than necessary for the purposes.

- Transparency; We inform you on our processing of your personal data.

- Security; We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

B. WHICH PERSONAL DATA DO WE PROCESS?

We collect all personal data you provide us with when visiting our website or otherwise when using our services or apps. This may include name, address, phone number, e-mail address and other information about your account. We may also automatically collect your IP address, information about your online activity and information about your browser when visiting our website or using our apps.

Within the scope of providing our services we may also collect personal data from our partners and other external sources. This may include personal data such as payments, purchases and other transactions, including locations, carried out with your debit/credit card, demographics, updated address and employee number.

You are not obliged to provide your personal data to us but the fact that you do not provide such information may result in us being unable to carry out our services.

C. PURPOSE AND LEGAL BASIS

We process personal data in order to manage your account and carry out the services requested by you. This is necessary in order for us to fulfil our contract with you. Information about our services is available on our website and will otherwise be provided to you when requesting the service.

We may also process personal data if you have consented to the processing activity. You may revoke your consent at any time. Some features of our products and services might only be available based on consent. A revoked consent will not impact the lawfulness of prior processing based on your consent and will result in us not being able to provide you with the features of our products and services for which consent is necessary.

Furthermore, based on our legitimate interests to develop our business and offer relevant information we process personal data for the following purposes; communicate with you, improve and develop our products, services, websites and apps, marketing, customize your website and app experience, reward you with bonuses and collect fees. We also have a legitimate interest in processing personal data for the purpose of preventing potential prohibited or illegal activities.

D. TRANSFERS AND RECIPIENTS OF PERSONAL DATA

In order for us to carry out our services we engage external service providers such as IT-suppliers, business partners and other partners who will process your personal data on our behalf in accordance with a data processing agreement.

We may transfer personal data to partners who offer services and functions on our behalf, such as debit/credit card processing, business analysis, support, marketing, distribution of studies or contests and fraud prevention. Furthermore, we may transfer personal data to business partners with whom we can offer products or services, or whose products can be offered on our website or in our apps.

We will not otherwise transfer your personal data to external parties unless you have consented to the transfer, it is necessary in order to protect your rights and interests, or it is necessary in order for us to fulfil a legal obligation or comply with an official decision or a court order. Personal data may be transferred to courts and authorities.

Some of the third parties we engage may process your personal data outside of the EU/EEA. It may therefore be necessary for us to transfer personal data to such countries. In case we transfer personal data outside of the EU/EEA we establish necessary contracts and always assure that the transfer meets the requirements on transfers of personal data to third countries.

E. FOR HOW LONG IS PERSONAL DATA STORED?

Personal data that we process in order to fulfil a contract with you will only be stored for as long as necessary for the current purpose for the processing of your personal data. If you, when applicable, choose to cancel the services provided by us, we will erase your personal data without undue delay.

Personal data that is processed in order to develop, analyse and market our services will be stored for twelve months from the last contact with you. If you unregister yourself from our newsletter or marketing services, your personal data will be erased without undue delay.

Notwithstanding what has been stated above, we may be obliged to store some personal data for a longer time when necessary in order for us to be in accordance with applicable legislation such as accounting.

F. YOUR RIGHTS

You have the right to free of charge request information about the use of your personal data We will upon your request, or at our own initiative, erase data that in incorrect or restrict the processing of such data. Furthermore, you have the right to object to certain processing or request that your personal data is not processed for the purpose of direct marketing.

You also have the right to, under certain circumstances and to a certain extent, receive your personal data in a machine-readable format.

If you are dissatisfied with our processing you can lodge a complaint to Datainspektionen (www.datainspektionen.se). If you live or work in a different country than Sweden, you can also turn to the supervisory authority in that country.

G. CONTACT

If you have any queries about how we process your personal data or if you want to claim your rights, please contact us at pul.policy@etnetwork.org.