Privacy Policy

Last updated: 2 July 2020

At Embracy, we take pride in security and data privacy. When you visit Embracy’s web sites, you can therefore normally come and go as you would like without us being able to identify you. However, if you submit your personal data (for example your name, e-mail address or phone number) we will be able to identify you and process your personal data. Such processing is governed by certain legislation, which within the European Union mainly is the General Data Protection Regulation (the "GDPR"). Embracy naturally complies with the GDPR and any other data protection legislation that applies to Embracy. We are also keen on being transparent regarding how we process your personal data and have for these purposes drafted this document, in which you will find information on what kind of personal data we process, why we do it, what we use it for and how we may share it.

The data processing carried out on this web site is conducted by Embracy AB, reg. no. 5985 6322, as data controller. However, for other data processing activities, other Embracy entities may be the data controller, separately or jointly with Embracy AB. For specific information regarding the data controller for the processing of your personal data, please see the separate privacy notice that you received when your personal data was collected or contact us (please see contact details below).

When we collect data and what data we collect

We collect personal data when you (i) sign up for our newsletter or ask to be contacted, (ii) request support and (iii) are browsing our website. Such personal data will in general include your name, e-mail address, telephone, delivery address, payment details, company, IP address, behavior on the website and other information that you voluntarily provide us. As a payment institution with a license to provide payment services under the supervision of the Swedish Financial Supervisory Authority (Sw. Finansinspektionen), Embracy will also collect your credit/debit card information when you make a purchase at a Embracy merchant.

Why we process data, our legal basis for the processing and for how long we process the data

When processing personal data, a specific purpose and an applicable legal basis is always required. Also, the personal data may only be used for a limited period of time. Embracy will only use your personal data for the purposes set out below. We will not use your personal data for any purpose that is incompatible with the below purposes. Further, we will only use your personal data during the period as set out below. Please note that the storage periods below may not apply if Embracy is required to retain your personal data (partly or in full) under applicable mandatory law (e.g. accounting laws).

1. Processing payment transactions

If you have made a purchase online or in a store, Embracy might have received your credit card information from the seller and thus act as data controller. This is the case where Embracy acts as the seller’s acquirer, i.e. processes the seller’s payments, and transfers the money between the correct bank accounts. In such case, we will use this personal data to carry out the transaction. This includes (i) sharing necessary data with card schemes); ii, assisting in disputes/chargebacks, iii) fraud preventing; iiii) and fulfilment of legal obligations on bookkeeping and iiiii) anti-money laundry transaction monitoring. Embracy holds a permit for such processing from the Swedish Data Protection Authority (Sw: Datainspektionen).

2. Processing merchant information

Embracy processes personal data which is necessary for the performance of the contract with the merchant or in order to enter into an agreement with the merchant.

3. Purchases

When you make purchases on our web site (such as of receipt rolls or terminal batteries), we will process your personal data to fulfil our contractual obligations towards you. Our purchase form specifies what information you must provide to us, in order for us to complete your purchase.

4. Contacting you

If you are interested in Embracy’s products and services and ask to be contacted by us, we will process your personal data in order to be able to get in touch with you.

5. Newsletter

If you sign up for our newsletter, we will process your e-mail address for the purposes of sending you the newsletters. You may at any time unsubscribe by using the link provided in each newsletter.

6. Support

When you contact us by phone, we will process the personal data you provide us with to be able to assist you with the relevant matter.

7. Job applications

If you apply for a job at Embracy, we will process the data you provide us with and possibly data from publicly available sources. Our personal data processing for recruitment purposes is more closely specified on our career site.

8. SMS surveys

If you or your company have recently boarded as a Embracy merchant or if you have been in contact with us by telephone, we may send you a simple survey by text message to the phone number you have submitted. We appreciate all feedback we receive, but it is completely optional for you to answer the survey. The only personal data that will be processed is your phone number.

9. Phone calls to our sales or support department

If you call Embracy’s sales or support department, we might record the phone call. Embracy does not record phone calls in order to document agreements, only for internal educational purposes. We record around 10 % of the calls to our sales and support department. When you call us, you will receive information about that the call may be recorded and you may always object to us recording the phone call.

10. Identifying potential customers

This web site uses a system to identify which visitors that may be potential customers. With the assistance of a cookie, each visitor of this web site will collect points by making its way between the pages. This cookie will not enable us to identify you, but if you sign up for our newsletter we will connect the points you have earned with your e-mail address. Once you become an identifiable visitor and have exceeded a given threshold of points, Embracy will consider you a potential customer and may call you to discuss if you are interested in Embracy’s services. If you do not want us to use this kind of cookies, you can prevent them in your browser settings. You can also read more about our use of cookies below, where the other types of cookies are explained. When you submit your personal data when signing up for our newsletter, you may also object to taking part in the scoring system, being called by us and receive direct marketing from us.

11. Direct marketing

When you sign up for our newsletter, ask to be contacted by us or in any other way have been in touch with Embracy (e.g. at an event) or if we find your company interesting, we may send direct marketing to you by e-mail. In each direct marketing e-mail, you will find a link to this privacy notice and a possibility to opt-out from further direct marketing. We may also contact you by calling you, which you of course also may opt-out from.

Who we share your personal data with

Applies to section 2-11: Only the people who need to process personal data for the purposes mentioned above have access to your personal data. We may need to share your personal data with our group companies to be able to conduct our service, defense against legal claims or conduct internal reporting and business analysis. We further may need to allow our suppliers access to your personal data when they perform services on our behalf, mainly to provide support and maintenance of IT systems and storage services.

Embracy will share personal data with affiliates and business partners with which we combine our offered services for the purposes or ensuring quality and/or the commercial interests of the parties (e.g. calculation of compensation of parties).

Embracy will disclose personal data to public authorities and government agencies (i) if it is required to do so by law or legal process, (ii), (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity, or (iiii) when it is required for Embracy to defend itself against legal claims.

Embracy will not sell or otherwise disclose personal information it collects about you.

Rights under the GDPR

In case you have any questions regarding Embracy’s processing of your personal data, please use the contact details at the bottom of this document or contact Embracy’s Data Protection Officer at [email protected]. You may also use these contact details if you would like to exercise any of your rights as a data subject under the GDPR. Please note that the rights under the GDPR are not unconditional. Therefore, an attempt to invoke any of the rights might not lead to an action. Your rights under the GDPR include the following:

Right to access – According to article 15 of the GDPR, you are entitled to access your personal data and receive certain information about the processing. That information is provided in this document.

Right to rectification – According to article 16 of the GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

Right to erasure – Under certain circumstances, you are according to article 17 of the GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.

Right to restriction of processing – Under certain circumstances, you are according to article 18 of the GDPR entitled to restrict the processing of the personal data that Embracy carries out.

Right to data portability – You are according to article 20 of the GDPR entitled to receive the personal data (or have the Data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from Embracy.

Right to object – According to article 21 of the GDPR, you are entitled to object to certain processing activities conducted by Embracy on the personal data, such as all Embracy’s processing of the personal data based on Embracy’s legitimate interest.

Cookies

As part of our approach to providing personalized services on our website, we use cookies to store and sometimes track information about you. A cookie is a small data file sent to your browser from a web server and stored on your hard drive that allows easier access the next time the same page is visited. For example, a cookie is sent when you sign-up to download products or information on our website.

If you do not want your personal information to be stored by cookies, you can configure your browser so that it notifies you whenever a cookie is received. This way you can decide each time to accept cookies or not. However, the use of cookies may be necessary to provide certain features and choosing to reject cookies may reduce the functionality of our website. Your browser should include precise instructions explaining how to control the acceptance of cookies.

To be transparent, we have summarized the cookies used on our website in the table below.