At Embracy, we take pride in security and data privacy. When you visit Embracy’s web sites, you can therefore normally come and go as you would like without us being able to identify you. However, if you submit your personal data (for example your name, e-mail address or phone number) we will be able to identify you and process your personal data. Such processing is governed by certain legislation, which within the European Union mainly is the General Data Protection Regulation (the "GDPR"). Embracy naturally complies with the GDPR and any other data protection legislation that applies to Embracy. We are also keen on being transparent regarding how we process your personal data and have for these purposes drafted this document, in which you will find information on what kind of personal data we process, why we do it, what we use it for and how we may share it.
The data processing carried out on this web site is conducted by Embracy AB, reg. no. 5985 6322, as data controller. However, for other data processing activities, other Embracy entities may be the data controller, separately or jointly with Embracy AB. For specific information regarding the data controller for the processing of your personal data, please see the separate privacy notice that you received when your personal data was collected or contact us (please see contact details below).
When we collect data and what data we collect
We collect personal data when you (i) sign up for our newsletter or ask to be contacted, (ii) request support and (iii) are browsing our website. Such personal data will in general include your name, e-mail address, telephone, delivery address, payment details, company, IP address, behavior on the website and other information that you voluntarily provide us. As a payment institution with a license to provide payment services under the supervision of the Swedish Financial Supervisory Authority (Sw. Finansinspektionen), Embracy will also collect your credit/debit card information when you make a purchase at a Embracy merchant.
Why we process data, our legal basis for the processing and for how long we process the data
When processing personal data, a specific purpose and an applicable legal basis is always required. Also, the personal data may only be used for a limited period of time. Embracy will only use your personal data for the purposes set out below. We will not use your personal data for any purpose that is incompatible with the below purposes. Further, we will only use your personal data during the period as set out below. Please note that the storage periods below may not apply if Embracy is required to retain your personal data (partly or in full) under applicable mandatory law (e.g. accounting laws).
1. Processing payment transactions
If you have made a purchase online or in a store, Embracy might have received your credit card information from the seller and thus act as data controller. This is the case where Embracy acts as the seller’s acquirer, i.e. processes the seller’s payments, and transfers the money between the correct bank accounts. In such case, we will use this personal data to carry out the transaction. This includes (i) sharing necessary data with card schemes); ii, assisting in disputes/chargebacks, iii) fraud preventing; iiii) and fulfilment of legal obligations on bookkeeping and iiiii) anti-money laundry transaction monitoring. Embracy holds a permit for such processing from the Swedish Data Protection Authority (Sw: Datainspektionen).
Embracy collects personal data of card holders in its role as acquirer when processing a payment transaction. Such personal data includes:
Card Information (i.e. card number, expiry month, expiry year, scheme/issuer) and
Transaction Information (i.e. usage, currency, issuer country, merchant id, transaction date, transaction amount).
Personal data related to card holders is collected through the execution of payment transactions via Embracy products and services provided to a merchant.
The processing is necessary for our legitimate interests to be able to carry out the payment transaction that you have requested when making the purchase at the merchant.
Embracy will share personal data with affiliates, financial institutions, payment schemes, fraud prevention entities and other entities that process payment transactions such as the acquiring processor, the cardholder’s issuing bank and the card’s scheme with the sole purpose of processing payment transactions.
Embracy will also share transaction information with the merchant and its service providers when necessary to provide information on the transaction (e.g. response code of the authorization, information to be able to complete refund), detecting and preventing fraud and proving compliance with contractual obligations.
2. Processing merchant information
Embracy processes personal data which is necessary for the performance of the contract with the merchant or in order to enter into an agreement with the merchant.
Embracy collects personal data of the merchant and its staff members. Such personal data may either relate
2.1.1. Boarding and KYC
to the merchant’s majority shareholders, beneficial owners, and board members for ongoing due diligence and when the merchant is boarded by Embracy. The personal data is collected by Embracy to complete KYC requirements for anti-money laundry, fraud and credit assessment purposes. Embracy holds a permit for such processing from the Swedish Data Protection Authority (Sw: Datainspektionen). Such personal data includes:
Identification Data (i.e. name, surname, personal id number)
Contact Information (i.e. e-mail address)
Business Information (i.e. job title, company name)
Banking and Financial Information (i.e. bank account details, information relating to the creditworthiness of the merchant and information about Politically Exposed Person).
2.1.2. Operational mailings and customer care
to the merchant representatives for customer care purposes and sharing operational mailings with you. Such personal data includes:
Identification Data (i.e. name, surname)
Contact Information (i.e. e-mail address, telephone number)
Business Information (i.e. job title, company name)
Personal data is mainly collected directly from the data subject during the boarding and through the various ways Embracy interacts with the merchant and/or the members of its staff: e.g. by entering into an agreement with Embracy, during interactions via physical or electronic communication (such as telephone, email or website forms), through participation in an offer or promotion.
Embracy may also collect data from third parties: e.g. when Embracy jointly offers a service with business partners or where permitted by law; or from public sources: e.g. public records and registers.
Embracy will mainly process personal data in order to fulfil legal obligations. Certain processing activities are however based on requirements within the payment transaction industry without being obligations originating from law, while certain processing activities are necessary in order for us to fulfil our obligations towards your company. In such case, Embracy processes the Data based on its legitimate interest to be able to conduct its business and provide you with the payment services.
Embracy will process the personal data for as long as you or your company remains a Embracy merchant unless laws or regulations to which Embracy is subject obligate or entitles Embracy to continue the processing.
See specific boarding information, which is available here.
3. Purchases
When you make purchases on our web site (such as of receipt rolls or terminal batteries), we will process your personal data to fulfil our contractual obligations towards you. Our purchase form specifies what information you must provide to us, in order for us to complete your purchase.
The processing is necessary for our performance of the contract with you (i.e. purchase agreement).
4. Contacting you
If you are interested in Embracy’s products and services and ask to be contacted by us, we will process your personal data in order to be able to get in touch with you.
The processing is necessary for our performance of the contract with you (i.e. your request to be contacted).
After having contacted us, we will stay in touch with you up to one year.
5. Newsletter
If you sign up for our newsletter, we will process your e-mail address for the purposes of sending you the newsletters. You may at any time unsubscribe by using the link provided in each newsletter.
The processing is necessary for our performance of the contract with you (i.e. your request to receive the newsletter).
If you unsubscribe from our newsletter we will no longer process your personal data for this purpose.
6. Support
When you contact us by phone, we will process the personal data you provide us with to be able to assist you with the relevant matter.
The processing is necessary for our performance of the contract with you (i.e. fulfilling any request made by you).
If you are not a customer of Embracy, we will not process your personal data after the call unless we have a legitimate interest to do so. If you are a customer of Embracy, we will keep information regarding your support matter up to three years in order to improve our services and follow-up customer complaints.
7. Job applications
If you apply for a job at Embracy, we will process the data you provide us with and possibly data from publicly available sources. Our personal data processing for recruitment purposes is more closely specified on our career site.
See specific job application information.
See specific candidate privacy notice which you will receive when you apply for an open position.
8. SMS surveys
If you or your company have recently boarded as a Embracy merchant or if you have been in contact with us by telephone, we may send you a simple survey by text message to the phone number you have submitted. We appreciate all feedback we receive, but it is completely optional for you to answer the survey. The only personal data that will be processed is your phone number.
The processing is necessary for our legitimate interests to improve our customers experience.
We will anonymize all answers immediately, after which the answers will no longer be considered personal data.
9. Phone calls to our sales or support department
If you call Embracy’s sales or support department, we might record the phone call. Embracy does not record phone calls in order to document agreements, only for internal educational purposes. We record around 10 % of the calls to our sales and support department. When you call us, you will receive information about that the call may be recorded and you may always object to us recording the phone call.
The processing is necessary for our legitimate interests to improve and educate the personnel answering the phone calls with the aim to provide you with a better experience next time you call us.
Recorded calls will be retained for 90 days.
10. Identifying potential customers
This web site uses a system to identify which visitors that may be potential customers. With the assistance of a cookie, each visitor of this web site will collect points by making its way between the pages. This cookie will not enable us to identify you, but if you sign up for our newsletter we will connect the points you have earned with your e-mail address. Once you become an identifiable visitor and have exceeded a given threshold of points, Embracy will consider you a potential customer and may call you to discuss if you are interested in Embracy’s services. If you do not want us to use this kind of cookies, you can prevent them in your browser settings. You can also read more about our use of cookies below, where the other types of cookies are explained. When you submit your personal data when signing up for our newsletter, you may also object to taking part in the scoring system, being called by us and receive direct marketing from us.
The collection of personal data through the use of cookies is based on consent. The further processing, when the potential customers are contacted, is based on that the processing is necessary for our legitimate interests.
The cookies used on our website are stored in accordance with our cookie policy (please see retention period for the cookie “Marketo” below).
11. Direct marketing
When you sign up for our newsletter, ask to be contacted by us or in any other way have been in touch with Embracy (e.g. at an event) or if we find your company interesting, we may send direct marketing to you by e-mail. In each direct marketing e-mail, you will find a link to this privacy notice and a possibility to opt-out from further direct marketing. We may also contact you by calling you, which you of course also may opt-out from.
The processing is necessary for our legitimate interests to maintain good customer relations.
We will process your personal data for marketing purposes as long as you are an active customer or a potential customer that we have been in contact with during the last three years. You always have the right to opt-out from our marketing. In that case, we will no longer process your personal data for marketing purposes.
Who we share your personal data with
Applies to section 2-11: Only the people who need to process personal data for the purposes mentioned above have access to your personal data. We may need to share your personal data with our group companies to be able to conduct our service, defense against legal claims or conduct internal reporting and business analysis. We further may need to allow our suppliers access to your personal data when they perform services on our behalf, mainly to provide support and maintenance of IT systems and storage services.
Embracy will share personal data with affiliates and business partners with which we combine our offered services for the purposes or ensuring quality and/or the commercial interests of the parties (e.g. calculation of compensation of parties).
Embracy will disclose personal data to public authorities and government agencies (i) if it is required to do so by law or legal process, (ii), (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity, or (iiii) when it is required for Embracy to defend itself against legal claims.
Embracy will not sell or otherwise disclose personal information it collects about you.
Rights under the GDPR
In case you have any questions regarding Embracy’s processing of your personal data, please use the contact details at the bottom of this document or contact Embracy’s Data Protection Officer at [email protected]. You may also use these contact details if you would like to exercise any of your rights as a data subject under the GDPR. Please note that the rights under the GDPR are not unconditional. Therefore, an attempt to invoke any of the rights might not lead to an action. Your rights under the GDPR include the following:
Right to access – According to article 15 of the GDPR, you are entitled to access your personal data and receive certain information about the processing. That information is provided in this document.
Right to rectification – According to article 16 of the GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to erasure – Under certain circumstances, you are according to article 17 of the GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.
Right to restriction of processing – Under certain circumstances, you are according to article 18 of the GDPR entitled to restrict the processing of the personal data that Embracy carries out.
Right to data portability – You are according to article 20 of the GDPR entitled to receive the personal data (or have the Data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from Embracy.
Right to object – According to article 21 of the GDPR, you are entitled to object to certain processing activities conducted by Embracy on the personal data, such as all Embracy’s processing of the personal data based on Embracy’s legitimate interest.
Cookies
As part of our approach to providing personalized services on our website, we use cookies to store and sometimes track information about you. A cookie is a small data file sent to your browser from a web server and stored on your hard drive that allows easier access the next time the same page is visited. For example, a cookie is sent when you sign-up to download products or information on our website.
If you do not want your personal information to be stored by cookies, you can configure your browser so that it notifies you whenever a cookie is received. This way you can decide each time to accept cookies or not. However, the use of cookies may be necessary to provide certain features and choosing to reject cookies may reduce the functionality of our website. Your browser should include precise instructions explaining how to control the acceptance of cookies.
To be transparent, we have summarized the cookies used on our website in the table below.