Privacy Notice of TicWorks AB

2. What kinds of personal information about you do we process?

Personal information that we process in connection with all of our products and services may include:

• Personal and contact details, such as title, full name, contact details and contact details history
• Your date of birth, gender and/or age
• Your nationality, if needed for the product or service
• Records of your contact with us such as via the phone number of our breakdown service and, if you get in touch with us online using our online services or via our smartphone app, details such as your mobile phone location data, IP address and MAC address
• Products and services you hold with us, as well as have been interested in and have held and the associated payment methods used
• The usage of our products and services and details related to this
• Marketing to you and analysing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you. Offers may include our financial services and any of our other products and services
• Information about your use of products or services held with our business partners, such as agreements, lending business and other financial services and such products
• Information we obtained from third parties, including information about legal matters, pricing, instances of suspect fraud and usage history
• Personal information which we obtain from Credit Reference Agencies and Fraud Prevention Agencies (see the section on ‘Fraud Prevention Agencies’ below), including public and shared credit history, financial situation and financial history
• Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud
• Criminal records information, including alleged offences
• Information we buy or rent from third parties, including details of outstanding finance, marketing lists, publicly available information, and information to help improve the relevance of our products and services
• Insights about you and our customers gained from analysis or profiling of customers
• Tax information, if relevant (for example, for savings accounts)
• Any information entered on our website or provided to us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

3. What is the source of your personal information?

We’ll collect personal information from the following general sources:

• From you directly, and any information from, associates or beneficiaries of products and services
• Information generated about you when you use our products and services
• From an intermediary
• Business partners or others who are a part of providing our products and services or operating our business
• From other sources such as Fraud Prevention Agencies, Credit Reference Agencies, other lenders, publically available directories and information (for example, telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies
• We buy or rent information about you or customers generally from third parties including, fraud information, marketing lists, publicly available information and other information to help improve our products and services or our business
• From any type of use of our website

4. What do we use your personal data for?

We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:

• Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms
• Managing the product or service you have with us
• Updating your records, tracing your whereabouts and recovering debt
• Managing any aspect of the product or service
• To make automated decisions on whether to offer you a product or service, or the price, payment method, risk or terms of it
• To perform and/or test the performance of, our products, services and internal processes
• To improve the operation of our business and that of our business partners
• To follow guidance and best practice under the change to rules of governmental and regulatory bodies
• For management and auditing of our business operations including accounting
• To carry out checks at Credit Reference and Fraud Prevention Agencies pre-application, at application, and periodically after that
• To monitor and to keep records of our communications with you and our staff (see below)
• To administer our good governance requirements, such as internal reporting and compliance obligations or administration required for Annual General Meeting (“AGM”) processes
• For market research and analysis and developing statistics
• For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We may send marketing to you by SMS, email, phone, post, social media and digital channels. Offers may relate to any of our products and services, such as financial services, as well as to any other offers and advice we think may be of interest
• To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels
• To develop new products and services and to review and improve current products and services
• To comply with legal and regulatory obligations, requirements and guidance
• To provide insight and analysis of our customers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses
• To share information, as needed, with business partners, service providers or as part of providing and administering our products and services or operating our business
• To facilitate the sale of one or more parts of our business

5. How do we store your personal information?

We store all necessary personal information on our CRM platform behind a firewall.

6. What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

1. Where it is needed to provide you with our products or services, such as:

• a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
• b) Managing products and services you hold with us, or an application for one
• c) Updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
• d) Sharing your personal information with business partners and services providers when you apply for a product to help manage your product
• e) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, requests for transfers of equity, setting up/changing/removing guarantors
• f) For some of our profiling and other decision making to decide whether to offer you a product and/or service, particular payment method and the price or terms of this

2. Where it is in our legitimate interests to do so, such as:

• a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
• b) To perform and/or test the performance of, our products, services and internal processes
• c) To follow guidance and recommended best practice of government and regulatory bodies
• d) For management and audit of our business operations including accounting
• e) To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by any intermediary that may do these searches on our behalf
• f) To carry out monitoring and to keep records of our communications with you and our staff (see below)
• g) To administer our good governance requirements, such as internal reporting and compliance obligations or administration required for AGM processes
• h) For market research and analysis and developing statistics
• i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We may send marketing to you by SMS, email, phone, post and social media and digital channels.
• j) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
• k) For some of our profiling and other decision making
• l) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations

3. To comply with our legal obligations

4. With your consent or explicit consent:

• a) For some direct marketing communications
• b) For some of our profiling and other decision making
• c) For some of our processing of special categories of personal data such as about your health or some criminal records information

5. For a public interest, such as:

• a) Processing of your special categories of personal data such as criminal records information (including alleged offences)

7. When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

• Business partners or others who are a part of providing our products and services or operating our business
• Governmental and regulatory bodies
• Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
• Credit Reference and Fraud Prevention Agencies (see below)
• Market research organisations who help us to develop and improve our products and services
• Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
• Analytics of the use of our service by Google Analytics - Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third- party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

8. How and when can you access, correct, amend or delete the personal information we have stored?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

If you would like to: access, correct or amend any personal information about you we invite you to contact us using the contact information provided on our web page.

9. Is your personal information transferred outside of Sweden or the EEA?

We’re based in Sweden but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

10. How do we share your information with credit reference agencies?

To process your application, we’ll perform credit and identity checks on you with one or more credit reference agencies (CRAs). Where you take financial or credit services from us we may also make periodic searches at CRAs to manage your account with us. To do this we may supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public and shared credit, financial situation and financial history information and fraud prevention information.

We may use this information to:

• Assess your creditworthiness as a part of the full risk assessment
• Verify the accuracy of the data you have provided to us
• Prevent criminal activity, fraud and money laundering
• Manage your account(s)
• Assess payment methods available to you
• Trace and recover debts
• Make sure any offers provided to you are appropriate to your circumstances

We’ll continue to exchange information about you with CRAs while you have a relationship with us. We’ll also notify the CRAs about your settled accounts. If you borrow and don’t repay in full and on time, CRAs will record the outstanding debt. This information may be given to other organisations by CRAs.

11. How do we share your information with Fraud Prevention Agencies?

To find out whether or how we have shared information with Fraud Prevention Agencies please feel free to contact us.

12. What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We will then update your records.

13. Do you have to provide your personal information to us?

We are unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we will make this clear.

14. Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we will do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.

15. For how long is your personal information retained by us?

Unless we explain otherwise to you, we will hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we provide products and/or services to you and then for as long as someone could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.

16. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to use any of them, we will explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information about how we process it
• The right to move, copy or transfer your personal information (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to Datainspektionen which enforces data protection laws: https://www.datainspektionen.se. You can contact us using the details below.

17. Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the contact us section of our website to exercise these rights.

18. What are your marketing preferences and what do they mean?

We may use your address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences.

You can opt out of any email or text marketing by following the unsubscribe links. If you receive a marketing call from us, you can ask the person who called you to opt you out. You can also write to us at TicWorks AB, Cylindervägen 18, 131 52 Stockholm, attention of the DPO or send us an email on our contact page.

Contact Us

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the contact section of our website. Alternatively, you can write to TicWorks AB, Cylindervägen 18, 131 52 Stockholm, attention of the DPO.