We care about your privacy and your right to control your personal data. This Privacy Policy explains how Anyfin collects and uses your personal data. It also describes your rights towards us and how to exercise them. You are welcome to contact us at any time on matters of privacy and data protection, by sending an email to privacy@anyfin.com.

This privacy policy applies when Anyfin provides services to you via the web, telephone, app or other digital channel. Processing your personal data is an inevitable part of using our services and you cannot be a user without providing us with your personal data. Your choice of which of our services that you use affects what data we collect about you and how that data is used, as described below.

We have the right to change this policy at any time, but in that case we will inform you as a user of the coming changes with reasonable notice before the changes take effect.

Information you give us
You give us information by filling in forms on our website and app, by sending us copies of your invoices in respect of a loan, by communicating with us through our website, email, phone or social media or by interacting with our services in any other way. This information can be categorised as:

Information we collect about you
The information we collect about you includes both data that we collect automatically from your interactions with our services and information we gather from third parties including credit reference agencies (UC AB, Bisnode Kredit AB), account information from your bank (in the event that you use our account information service) and identity information (from SPAR). Depending on what services you choose to use we will process:

Product/Service: Refinance, Bill smoothing.
Processing activity: Account creation and KYC.
Purpose of the processing: To confirm your identity and verify your personal / contact information.
Legal basis for this use: Fulfilment of contractual obligations, compliance with applicable laws and regulatory requirements
Automated decision*: Yes

Product/Service: Refinance, Bill smoothing.
Processing activity: Credit assessment and offering, account information
Purpose of the processing: Processing your application and performing the service, including credit assessment, pricing and offering. Upon your explicit request, we will also use account information data which is collected via our account information services for credit assessment purposes. Legal basis for this use: Fulfilment of contractual obligations, compliance with applicable laws.
Automated decision*: Yes.

Product/Service: Refinance, Bill smoothing.
Processing activity: Reminders and credit information.
Purpose of the processing: To, in case you have connected your email-account, provide you with a compilation showing your existing credits and invoices and to send you payment reminders and confirmations.
Legal basis for this use: Fulfilment of contractual obligations
Automated decision*: No

Product/Service: Widgets, Subscriptions.
Processing activity: Account information service.
Purpose of the processing: To collect your account information to enable us to provide our account information services, including grouping of unique transactions (by, for example, time intervals or transaction type) and forecasts.
Legal basis for this use: Fulfilment of contractual obligations
Automated decision*: No

Product/Service: Debt Overview Processing activity: Account information and loan information Purpose of the processing: To collect and compile your account information via our account information services as well as other information that you provide us with about your loans in order to provide our loan information service, including providing different insights and forecasts. Legal basis for this use: Fulfilment of contractual obligations, consent Automated decision*: No

Product/Service: Refinance, Bill smoothing.
Processing activity: Loan transfer, invoicing.
Purpose of the processing: To transfer your loan and execute internal operations, including invoicing, customer service and troubleshooting.
Legal basis for this use: Fulfilment of contractual obligations
Automated decision*: No

Product/Service: All.
Processing activity: Analysis.
Purpose of the processing: To measure the effectiveness of our marketing to you and others, and to provide you with relevant marketing information.
Legal basis for this use: Legitimate interest**, Consent (for Cookies, on anyfin.com).
Automated decision*: No

Product/Service: Newsletters and other targeted advertising.
Processing activity: Newsletters and targeted advertising.
Purpose of the processing: To market relevant services.
Legal basis for this use: Consent, legitimate interests**.
Automated decision*: No.

Product/Service: Refinance, Bill smoothing.
Processing activity: Manual or automatic monitoring of services.
Purpose of the processing: To prevent misuse of Anyfin’s services, including criminal activities such as fraud.
Legal basis for this use: Fulfilment of contractual obligations, compliance with applicable laws and regulatory requirements.
Automated decision*: No.

Product/Service: All.
Processing activity: Analysis, product development and market research.
Purpose of the processing: To develop new products and to improve our services, such as improvement of our decision models, testing, research and process optimization.
Legal basis for this use: Legitimate interest**.
Automated decision*: No.

Product/Service: Refinance, Bill smoothing.
Processing activity: AML-monitoring.
Purpose of the processing: To comply with local legislation and regulations, including anti money laundering regulations and anti-terrorism financing legislation.
Legal basis for this use: Compliance with statutory and regulatory requirements.
Automated decision*: No.

Product/Service: All.
Processing activity: Customer reviews.
Purpose of the processing: Collect reviews through the third-party solution Trustpilot.
Legal basis for this use: Legitimate interest**
Automated decision*: No.

Product/Service: Refinance, Bill smoothing.
Processing activity: Claims transfer.
Purpose of the processing: To transfer claims for payment to new owners.
Legal basis for this use: Legitimate interest**.
Automated decision*: No.

Product/Service: Refinance, Bill smoothing.
Processing activity: Analysis and reporting.
Purpose of the processing: To analyse and put together reports on loans.
Legal basis for this use: Legitimate interest**
Automated decision*: No

* Automated decision-making
The automated decision-making referred to is profiling through which Anyfin’s systems automatically analyses your personal data and compares it to previously determined values to determine and verify your identity and credit profile before evaluating whether Anyfin can offer you credit, based on your credit history, financial situation, and other relevant variables. The system can automatically deny or approve applications under certain conditions, using Anyfin’s internal scoring model. To simplify, this model aims to assess your ability to make payments on time and to prevent your over-indebtedness. By way of example, you will always be denied automatically if you’ve recently been a debtor of ours and you’ve repeatedly missed payments, if you have no income or if the loan amount exceeds our debt ceiling. If you are subject to a fully automated decision to decline your application, you will be directly informed.

** Legitimate interest
The legitimate interests pursued are connected to Anyfin’s core business, in that analysis of our current and future services and decision models, our existing loans and customer experiences is essential to ensuring well-functioning services and a positive customer experience. In general, this analysis is performed in aggregated statistics, meaning that the data is made anonymous as part of the processing for these purposes. Notably, should you provide a customer review on Trustpilot that is strictly on a voluntary basis and contains personal data.

Transfers of claims for payments to new owners is a financially necessary part of Anyfin’s consumer lending business.

If you fail to provide personal data
In certain cases, we need to collect personal data by law, and to enable us to enter into and fulfil a contract with you. If, in that event, you fail to provide access to the data required, there is a risk that we may not be able to enter into a contract with you. In this case, we may have to cancel your access to Anyfin’s services after due notification.

We may use your personal data to determine which products, services and offers may be relevant for you. We may communicate offers and suggestions through a channel on which you have interacted with us before, such as email, SMS text-messages, postal services, our app, social media or other digital channels. You can ask us to stop sending marketing messages at any time by following the subscribe/unsubscribe link on any marketing messages sent to you or by contacting us at privacy@anyfin.com. In the app you can withdraw your consent to let us use your account information data to market other relevant services that we offer by going to "More" and clicking on "Data & Security" under "Settings & Support". Please note that the withdrawal of your consent will not affect the lawfulness of processing based on consent before your withdrawal.

In certain cases, we disclose information to third parties. This is outlined below. We ensure at all times that these parties only have access to and use the data in a secure and contractually regulated way, in accordance with data protection laws and best practices.

Your personal data is primarily processed on proprietary systems hosted on servers located within the EU/EEA. For certain purposes, your personal data is transferred to, and processed in, countries outside of the EU/EEA. This is done only if the country to which the data is transferred or in which it is stored has an adequate level of data protection or if Anyfin and, where appropriate, our Personal Data Processor or an independent data controller that we transfers data to, has implemented appropriate safeguards, such as binding corporate rules or standard contract clauses.

Under the conditions above, Anyfin uses service providers who are established in the USA to provide functions such as advertising targeting and analytics, customer service systems, internal communications systems and customer review processing.

You’re welcome to contact our data protection officer at dpo@anyfin.com for more information on the safeguards Anyfin uses to ensure protection of your personal data in third countries.

Anyfin has implemented security measures to protect your personal data against losses caused by unauthorised access and accidental destruction or damage. Personal data is only accessible by personnel who require the information to carry out their work. All personal data is stored on secure servers and all data communication is encrypted via Secure Sockets Layer (SSL).

Anyfin processes your personal data for as long as you have a credit relationship or a user account with us. We also keep your data as long as necessary to fulfil our obligations as required by law, such as for book-keeping purposes and to comply with other regulations. In each instance, we keep your personal data only as long as is necessary in accordance with the legal basis for the processing as described above under section 2. This means that some types of personal data are kept for longer periods than others.

The length of time for which your personal data is kept can be understood by which services you’ve used:

European data protection laws grant you certain rights in regards to your personal data.

Right to access your personal data
You can request a copy of the personal data we hold about you free of charge.

Right to correct your personal data
You have the right to correct incorrect or incomplete information about yourself, although we may need to verify the accuracy of the new data you provided.

Right to data portability
You have the right to request a copy of your personal data in a structured, commonly used, machine-readable format, which you can then transfer to a third party. Under certain conditions you can request that this data be transferred directly to a third party. Note that this right only applies to personal data for which you initially provided consent for us to use or which we collected to fulfil our contractual obligations.

Right to object
Whenever we process your personal data on the basis of a legitimate interest (see section 2 above) or through automatic decision-making, including profil-ing, you have the right to object to this use. In the case of automatic decision-making, your objection will lead to a human employee verifying the conclusions of that automatic decision, which does not necessarily mean that the decision will be changed. If your privacy interest outweighs our interest in processing certain personal data, we will cease processing the data.

Right to request restriction of processing Whenever we process your personal data on the basis of a legitimate interest (see section 2 above) you have the right to demand restriction of this processing, that is for us to no longer process your personal data except to store that data or for such processing that is necessary in order to establish, exercise or defend legal claims or for the protection of the rights of others.

Right to be forgotten
You have the right to request erasure of your personal data. If you do not have an active loan with us, we will erase your personal data with the exception of such personal data that we are required to keep according to legal requirements. This means that all of your personal data will be erased if you have never been a user of the Refinance or Bill smoothing services. If you have previously used Refinance or Bill smoothing, we are required by law to retain information related to your identity and your credit application, as well as financial information related to payments made or missed during the term of the loan.

With your consent or to perform essential functions of our services, we use cookies and similar technologies to distinguish you from other users and to provide you with a better online experience. For detailed information on how and why we use cookies see our Cookie Policy.

Integritetsskyddsmyndigheten (the Swedish Authority for Privacy Protection) is the supervisory authority for data protection in Sweden. If you believe a company is not processing your personal data correctly, you are entitled to file a complaint with them at any time. For any concerns you have regarding Anyfin we would appreciate if you contact us first, however, and give us the opportunity to answer any questions you might have about personal data or data protection.

Anyfin takes your security and data protection very seriously. If you have any questions about this policy and how we handle your data or if you want to make use of your rights in regards to your personal data, please don’t hesitate to contact us at privacy@anyfin.com.

Anyfin AB is the Personal Data Controller for your personal data as described above. Anyfin is registered in the Swedish companies register under corporate ID number 559094-8005 and located at Drottninggatan 92, 111 36 Stockholm, Sweden.

Anyfin has a Data protection officer (“DPO”) responsible for monitoring Anyfin’s compliance with the GDPR and other privacy laws. The DPO can be reached at the following address: dpo@anyfin.com

----

This Privacy Policy was last updated on October 6, 2023.