Privacy Policy
-
1. Introduction
Waytobill AB, a company with the registration number 559287-9760 and registered address at Drottninggatan 86, 111 36, Stockholm, Sweden, ("Waytobill ", "we" or "us") is the controller and responsible for the processing of your personal data, as described in this privacy notice (“Notice”). If you are reading this Notice as a user of our services as further described below, please visit section 2 directly.
We understand that your privacy is important to you, and we want to feel that you can trust Waytobill when you share your personal information with us. This Notice is published with the aim of enabling you to understand the instances where Waytobill is responsible for the processing of your personal, how we process your personal data, why we do so, and to inform you about your data protection rights. You have a right to information about how we process your personal data, therefore, we encourage you to read this Notice in full.
In any case, we are responsible for and committed to processing personal data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR") and applicable national data protection legislation. You can always get in touch with Waytobill using the contact details set out in section 10 below.
In light of the volume of information in this Notice, if you only want to access a particular section of this Notice, you can click on the relevant link below to jump to that section:
-
2. If You Are A User Of Our Services [Checkout Solution]
When we are providing our services which comprise a payment checkout solution (“Checkout”) and the Merchant platform (“Platform), (collectively “Services”) we are acting as a processor on our corporate customers’ behalf that is the specific merchant (“Merchant”) that (i) has assigned you access to our Platform (“Authorised User”), or (ii) that you have signed up for a subscription or made a donation (“Consumer”).
According to the GDPR, a processor is the legal entity that processes the personal data on the controller’s behalf and under the controller’s instructions. In relation to the provision of our Services, the Merchant is the controller of your personal data and remains ultimately responsible for the processing. For detailed privacy information related to a Merchant’s processing of your personal data in relation to our Services, please contact the Merchant in question directly, as their processing of your personal data may vary from what is stated in the table below. Kindly note that we are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Notice.
When we are processing personal data on Merchant’s behalf, we will only do so in accordance with the data processing agreement in place between us and the Merchant at hand, their instructions as communicated to us from time to time, and applicable data protection law requirements. We will process your personal data on Merchant’s behalf as further described in the table below:
Authorised Users
Consumers
Controller
The Merchant that assigns you access rights to the platform.
The Merchant that you purchase a subscription
Product
Platform
Checkout
Personal data
User data:
· First and last name
· Email address
· Log history
Consumer data:
· First and last name
· Email address
· Personal identification number
· Bank account information
· Invoices
· Payment plan
· Timestamps
Source
From you or as generated internally
From you or the Merchant
Retention
We will process your personal data for as long as:
· you have an account with us,
· there is a contractual relationship between us and the Merchant
· we are required to do so under applicable law.
We will process your personal data for as long as:
· there is a contractual relationship between us and the Merchant
· we are required to do so under applicable law.
Sharing of personal data
We may share your personal data with our service providers to be able to deliver our Services.
We will share certain personal data with your bank to proceed with the payments.
Transfers of personal data
We will process the personal data in the EU/EEA (Dublin, Ireland).
-
3. Scope
This Notice applies when we process personal data, that is any information (or combination of such information) that directly or indirectly can identify you as a unique person, as defined in the GDPR. Information that can directly identify you is, for example, your name or your email address. Information that can indirectly reveal your identity is, for example, your job role in a specific company or an internal reference number.
Please note that, in any case, we will not collect any categories of personal data that are considered special categories of personal data under the GDPR (e.g., information about your racial or ethnic origin or health, political opinions, religious or philosophical beliefs, trade union membership, etc) or about your criminal background.
This Notice applies to you in the following cases, if you are a:
- Customer: When you represent an existing corporate customer of ours.
- Prospective customer: When you represent a prospective corporate customer of ours.
- Visitor: When you visit or otherwise interact with us through our website https://www.waytobill.com/ (“Website”) -
4. What Personal Data Do We Collect And How Do We Collect It
Most of the time, we collect your personal data directly from you, such as when you fill in a form on our Website. However, in order to identify business opportunities, we will also collect your personal data from other sources, such as information that is publicly available, on your employer’s website or social media such as LinkedIn.In certain circumstances, personal data will be generated internally by our systems, such as internal reference numbers.
The personal data we collect, and process can be categorised into the following categories:
Communication data:
Communication data:
This category includes personal data that we collect through our interaction and includes the content of our communications with you, such as:
· Communication content (e.g., email content or your feedback)
· Any other relevant information that you will disclose to us
Contact data:
This category includes personal data that will enable us to get in touch with you, as well as understand a bit more about the company that you represent, such as:
· First and last name
· Business email
· Business phone number
· Job title
· Organisation name and business area
· Internal reference number
Transaction data
This category includes personal data that we are required to collect when we administer and/or manage our accounting, such as:
· Invoices
· Internal reference number
Signature data:
This category includes personal data collected by you to electronically sign an agreement, such as:
· Your signature
· Time and date of signature
-
5. Why And How We Use Your Personal Data
5.1 When you are a Visitor or you otherwise interact with us through our Website
5.1.1 When you interact with us through our Website
Purpose
You as a(n)…
Your personal data processed
Legal basis upon which we process the personal data
How long we will store your personal data
To respond to your inquiries regarding our Services when you fill in relevant forms on our Website or when you contact us via other communication channels.
Visitor (Requester)
· Contact data
· Communication data
We base the processing on our legitimate interest in responding to your inquiries about our business operations and communicating with you.
For as long as we have an active commercial dialogue.
To send you our newsletter when you subscribe to our Website or otherwise.
Subscriber to the newsletter
Representative of a prospective or existing customer
· Contact data
We base the processing on our prior consent or on our legitimate interest in keeping you up-to-date regarding our Services, depending on the applicable national requirements.
For as long as we have your consent to do so or until you unsubscribe from our newsletter. You can always unsubscribe by clicking the unsubscribe button at the end of each email communication we send over.
5.1.2 Cookies and similar technologies
When you visit our Website, if you agree, we place Cookies on your device which will collect and share with us technical information, such as your IP address and the type of browser that you are using which constitute personal data (“Technical data”). We will further process this personal data collected through the cookies as described in this Notice.
Purpose
You as a(n)…
Your personal data processed
Legal basis upon which we process the personal data
How long we will store your personal data
To improve the quality, functionality, and user experience of our Website.
Visitor
Technical data
We base the processing on your prior consent.
You can withdraw your consent at any time. For more information, please read our Cookie notice at https://www.waytobill.com/cookie-notice
For as long as we have your consent to do so.
For more information about the types of cookies we use, the personal data categories processed, the purposes of processing and retention time, as well as how you can control cookies, please read our Cookie Notice available herehttps://www.waytobill.com/cookie-notice.
5.2 When the company that you represent is a Waytobill customer or a prospective customer
In case you represent an existing customer of ours or if you hold a key position within a prospective customer, we will process your personal data for the following purposes:
Purpose
You as a…
Your personal data processed
Legal basis upon which we process the personal data
How long we will store your personal data
To market our Services
Representative of a prospective customer
· Contact data
· Communication Data
We base the processing on our legitimate interest to market our Services to persons in key positions within organisations that we consider would be interested in our Services.
For as long as we have an active commercial dialogue.
Note that if you wish that you are not contacted for marketing purposes, we will store your personal data in a separate “Do-not-contact-me” list to ensure that your request is respected.
To sign relevant agreements with Waytobill
Customer representative (signatory party)
· Contact data
· Signature data
· Any personal data that an agreement may contain
We base the processing on our legitimate interest to ensure that relevant agreements are in place with our customers.
10 years according to the Swedish Act on Limitations.
To manage our relationship with our (existing and prospective) customers and day-to-day operations
Existing and prospective customer representative
· Contact data
· Communication data
We base the processing on our legitimate interest in administering our relationship with the company that you represent.
For representatives of prospective customers, for as long as we have an active commercial dialogue.
For representatives of existing customer, 10 years according to the Swedish Act on Limitations.
For billing and invoicing purposes
Customer representative
· Contact data
· Transaction data
We base the processing on our legitimate interest to be able to administer our accounting, as well as on our necessity to comply with legal obligations, such as bookkeeping laws.
7 years after the end of the year of collection in accordance with the Swedish Bookkeeping Act 1999:1078.
To publish testimonials on the Website or other channels.
Representative of an existing customer
· Contact data
· Communication data (post content)
We base the processing on your prior consent.
For as long as we have your consent. You can always withdraw your consent by contacting us at contact@waytobill.com and we will remove your post promptly.
5.3 To enable us to comply with legal obligations and defend against legal claims
Purpose
You as a…
Your personal data processed
Legal basis upon which we process the personal data
How long we will store your personal data
To comply with various legal obligations.
Representative of an existing customer
In order to comply with applicable laws, we are obliged to process certain personal data. The personal data categories collected and stored for this purpose may vary depending on the specific requirements stipulated in, for example, applicable tax, accounting, or book-keeping legislation.
For this purpose, the processing of your personal data is based on our necessity to comply with legal obligations.
The retention of your personal data at hand will depend on the legal requirement at hand.
For more details about the retention in relation to legal requirements, please contact us atcontact@waytobill.com.
To enable Waytobill to establish, exercise, or defend legal claims.
“Legal claims” in this context are not limited to current legal proceedings but also include:
· actual or prospective court proceedings;
· obtaining legal advice; or
· establishing, exercising or defending legal rights in any other way,
Any of the above-listed attributes
For this purpose, we will process any personal data listed in section 4.
We base the processing on our legitimate interest to be able to establish, exercise, and defend against legal claims.
10 years according to the Swedish Act on Limitations, unless otherwise stipulated in another applicable law.
-
6. Retention Periods
We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with information you have requested or to exercise or defend legal claims) or to comply with applicable legal, tax, or accounting requirements. Please see section 5 for information on the specific retention periods we apply for the purposes we have set out above.
When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymise it. -
7. Recipients And Transfers Of Personal Data
We disclose the personal data described above to the following categories of recipients:
a. Courts and similar judicial entities and/or authorities if we are required to do so by law.
b. Service providers upon which we rely for our core operational activities.
c. If there is a change of ownership of our business, we will share personal data with the new owners so that they can continue to operate our business, provided that the new owners will only process personal data as we have set out in this Notice.
Currently, our processing of your personal data takes place within the EU/EEA. However, if our processing, either directly by us or through our service providers, entails a transfer of your personal data outside the EU/EE, we will ensure that adequate safeguards are in place to require that your personal data will remain protected in accordance with this Notice and applicable data protection laws. We will do this through one of the following measures:
i. By transferring the personal data to a country that is on the European Commission’s list of countries with an adequate level of protection, or;
ii. By implementing a transfer mechanism such as the controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the European Commission (as applicable from time to time) for the transfer of personal data to third countries.
If a standard contract is deemed ineffective due to the national law of the country of destination, we will take additional technical, organisational, or contractual measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (ii) above. -
8. Your Rights
According to the GDPR, you have various data protection rights that you can exercise, including the right to be informed in accordance with this Notice. Once we receive a request from you, we will respond as soon as possible, and in any case, within the deadline stipulated in applicable legislation. Kindly note that before taking any action, we will ask you to verify your identity.
The table below provides a summary of these rights including information on possible conditions and limitations on how each right can be exercised and executed.Your Right
What Does It Mean
How Can You Excercise Your Right
Conditions and Limitations
Right to access
You have the right to access and receive a copy of your personal data that we process, as well as other supplementary information at any given time.
Such requests should be made to contact@waytobill.com If possible, please specify the type of information you would like to access to ensure that our disclosure meets your expectations.
Your request may not affect the rights and freedoms of other individuals, such as their privacy and confidentiality rights.
Right to rectification
You can challenge the accuracy of your personal data at any given time. Depending on the purpose of the processing you can request the completeness of your personal data. If your personal data is indeed inaccurate, you are entitled to have the inaccurate data removed, corrected, or completed, as appropriate.
We encourage you to notify us of any inaccuracies regarding your personal data as soon as they occur, including changes to your contact details.
A request to exercise this right is made in writing tocontact@waytobill.com.
If appropriate, we may ask you to provide a supplementary statement, depending on the purpose of processing.
Right to erasure
In certain cases, you are entitled to have your personal data erased (also known as the “right to be forgotten”), such as in cases where the personal data is no longer needed for the purpose for which it was collected, or if we no longer have a legal basis to continue processing it.
A request to exercise this right is made in writing to contact@waytobill.com.
Kindly note that this right is not absolute and there are various lawful reasons why we may not be able to erase your personal data, for example:
(i) where we have to comply with a legal obligation,
(ii) in case of exercising or defending legal claims,
(iii) where there is another lawful purpose for processing your personal data at hand.
Right to objection
You have the right to object to the processing of your personal data at any time. This means that we will stop or be prevented from processing further your personal data.
You have the absolute right to object to receiving further marketing material or communications from us.
A request to exercise this right is made in writing tocontact@waytobill.com.
If possible, please specify to which purpose of processing you wish to object to ensure that our actions meet your expectations.
This right is only applicable where the processing is based on our legitimate interest which does not override your rights and freedoms. For more information see section 5.
Right to restriction
By exercising this right, you limit the way we will process your personal data for a certain period of time. This right is an alternative to requesting the erasure, in case you don’t want the deletion of your personal data.
A request to exercise this right is made in writing to contact@waytobill.com.
If possible, please specify for how long you would like to restrict the processing, to ensure that our actions meet your expectations.
You have the right to request you restrict the processing of their personal data in certain circumstances, such as:
i. If you have contested the accuracy of your personal data.
ii. If you consider that your personal data has been unlawfully processed and you oppose to erasure of your personal data.
iii. When we no longer need the personal data, but you need to keep it in order to establish, exercise or defend a legal claim.
Right to withdraw your consent
You have the right to withdraw your consent to any processing for which you have previously given consent at any given time.
A request to exercise this right is made in writing to contact@waytobill.com.
If you withdraw your consent, such withdrawal will only take effect in regard to future processing.
If you have any comments or complaints regarding our processing of your personal data, please contact us directly by using the contact information in section 10.
You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (“IMY”), which is the supervisory authority for the processing of personal data. IMY can be reached at:
Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
Email: imy@imy.se
Phone number: 08-657 61 00
IMY’s website: www.imy.se
Kindly note that IMY requires that you exhaust our internal complaint process before looking into your complaint.Your rights relating to the use of our Services
As already described above, in relation to the provision of our Services, we will also process certain personal data on the Merchant’s behalf which is our corporate customer. In such case, if not stated otherwise in this Notice or in a separate disclosure, we process such personal data as a processor on behalf of the Merchant (and its affiliates) who is the controller of such personal data. Kindly note that if your personal data has been submitted to us in our role as a processor and you wish to exercise any rights you may have under applicable data protection laws, please consult with the respective Merchant directly. However, if you still wish to submit a request to exercise your rights directly to us, please make sure that you provide us with the name of the Merchant who submitted your data to us. We will refer your request to that Merchant and will support them as needed in responding to your request within a reasonable timeframe. -
9. Changes To This Notice
If we make changes to this Notice, we will notify you on our Website. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice. Significant changes to how we collect or process your personal data will be notified to you via email.
-
10. Contact Information
Our contact information is:
Name: Waytobill AB (Organisation number: 559287-9760)
Address: Drottninggatan 86, 111 36, Stockholm, Sweden
Email address: contact@waytobill.com