Privacy Policy

Version 1 November 2024

This Privacy Policy outlines how Fidify AB ("we," "our," or "us") processes personal data in accordance with the EU General Data Protection Regulation (GDPR).  

Data Processing When Using Our SaaS Platform and Apps

Customer use of platform

When our customers use our services towards their end-customers, we are the processor of personal data from customer’s users and end-users, and the customer is the controller of such personal data and decides what data to collect. The personal data we process normally includes:

• Data Collection: we process names, contact information, personal data submitted via our in-tool chat function, personal data in documents requested by the customer and audit trail of submission of such documents or chat messages.
  
• Purpose and Legal Basis: Data is processed to fulfill our contractual obligations towards our customer (Article 6(1)(b) GDPR) and to improve service functionality and security (Article 6(1)(f) GDPR).
  
• Data Retention: Personal data is retained for as long as necessary to provide services and comply with legal obligations.
  
• Shared with: Service providers, entities for legal and security purposes, and client.

When individual end-users create digital IDs

In this situation, we are normally the data controller. We collect and process personal data of individual end-users to provide and improve our SaaS services via the web or via app. This includes:

• Data Collection: We gather information such as names, name, passport ID number, passport photo & physical address (as shown on official document or utility bill), and usage data. With your consent, we may collect geolocation data (consistent with your device settings).
  
• Purpose and Legal Basis: Data is processed to provide our digital identification services and issue a digital ID certificate to the end-user, when consent is given for geolocation (Art 6(1)(a) GDPR), to fulfill our contractual obligations (Article 6(1)(b) GDPR) and to improve service functionality and security (Article 6(1)(f) GDPR), and prevent, investigate, and respond to fraud, unauthorized access to or use of our services, breaches of terms and policies, or other wrongful behavior.
  
• Data Retention: Personal data is retained for as long as necessary to provide services and comply with legal obligations.
  
• Shared with: Service providers, entities for legal and security purposes, and client.

Data Processing of Customers

We collect and process personal data to administer our services and fulfil contractual obligations, billing and invoicing, and for marketing purposes. This includes:

• Data Collection: We collect information such as names, titles, phone numbers, email addresses, and payment information.
  
• Purpose and Legal Basis: Data is processed to provide and collect payments for our services, to fulfill our contractual obligations and provide support (Article 6(1)(b) GDPR), tailor our marketing activities and to analyse and improve service functionality (Article 6(1)(f) GDPR).
  
• Data Retention: Personal data is retained for as long as necessary to provide services and comply with legal obligations.
  
• Shared with: Service providers, entities for legal and security purposes, and client.

Data Processing When Visiting Our Website

When individuals visit our website, we may collect certain data, including:

• Data Collection: IP addresses, browser types, and cookies.
  
• Purpose and Legal Basis: This data helps us analyze website usage, analyse and improve security, and improve user experience (Article 6(1)(f) GDPR).
  
• Data Retention: Data is kept for a maximum of 30 days after the website visit.  

Contact form on website

You can use the contact form on our website to ask about our services.  Mandatory fields are marked, while additional fields are optional. This information is needed to process your request and provide an answer. Data processing for specific inquiries is based on fulfilling a contract, while general inquiries are processed based on a comparison of interests. Data you submit in the contact form is encrypted.

Data Processing When Applying for Jobs

In this situation, we act as data controller. We process personal data from job applicants for recruitment purposes:

• Data Collection: Names, contact details, CVs, and other personal data submitted in application forms.
  
• Purpose and Legal Basis: Data is processed to evaluate applications and communicate with applicants (Article 6(1)(b) GDPR).
  
• Data Retention: Applicant data is retained for a maximum of 6 months after the end of the application process, unless consent is given for a longer period or a legal claim has been raised.

Data Processing When Hiring Suppliers or Contractors

In this situation, we act as data controller. We collect and process data related to our suppliers and contractors to manage our business relationships:

• Data Collection: Contact details, contract information, and payment details.
  
• Purpose and Legal Basis: Data is processed to fulfill our contractual obligations and for legitimate business interests (Article 6(1)(b) and (f) GDPR).
  
• Data Retention: Data is retained for the duration of the contract and as required by law.

Duration of storage

Personal data are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Data stored by us are deleted as soon as they are no longer necessary for their purpose, unless statutory storage requirements or legitimate interests require otherwise. If data is not deleted, its processing will be restricted (i.e., blocked and not processed for other purposes). Job applicant personal data is processed for a maximum of 6 months after the application process ends

Sharing of personal data with third parties

We only share personal data with service providers or vendors with whom we have a contractual relationship and a written data processing agreement, employees or consultants on a need-to-know basis and who have a duty of confidentiality, or if necessary in response to a legal or statutory inquiry, legal proceedings or court order. We do not disclose your data to third parties for their advertising purposes.

Sale of personal data

No. We do not sell any personal data that we collect as data controller or process as data processor.

Contact Us

For any questions regarding this Privacy Policy or your rights, please contact us at support@fidify.se. Note that if you contact us for a so-called article request under the GDPR, you will need to verify your identity.

This Privacy Policy may be updated to reflect changes in laws, our company, services, data processing practices, or technological advancements. The use of personal information collected is governed by the Privacy Policy effective at the time of usage. Depending on the nature of the change, notifications may be provided by posting updates on this page.