POWRS AB operates as an information society service provider that offers services for the realization of final payment as a payment option for users who use services from the Company. The rights and obligations of the user, the method of performing the service, the fee, the protection of copyright and related rights, and other important issues for the functioning and use of our Vaulter Payment Link service are described in the Terms and Conditions of the service. 
This Privacy Policy is an integral part of the Terms and Conditions and contains information on how POWRS AB, uses the personal data from Users that is collected, used, and shared once the user decides to acquire an item/ service from the Company (Powrs AB business partners) with the use of the Vaulter Payment Link service. 
This document is created in accordance with the Swedish Data Protection Act and EU Data Protection Regulation (GDPR).

​

1. To whom this Privacy Policy is intended
This Privacy Policy is intended to:
•    "VAULTER PAYMENT LINK SERVICE” users,
•    to persons who otherwise interact with us.

​

2. Our contact details
POWRS AB Sweden, Hammarbybacken 27, 120 30 Stockholm, Sweden, ID number: 559302-8045 processes your personal data in connection with the use of the SERVICES in the capacity of the operator and is responsible for processing your personal data.
If you have questions regarding the processing of your personal data, you can contact our data protection team via the e-mail address: queries@vaulter.se.

​

3. Person for the protection of personal data
If you have questions regarding the protection of personal data, you can contact Powrs' personal data protection officer via the e-mail address: queries@vaulter.se.

​

4. What personal data does POWRS process, legal basis, and purpose?
The personal data we process depends on the type of interaction you have with Powrs. In this connection, we process the personal data of the following categories of persons to whom the data refer, namely:
•    services users,
•    persons who otherwise interact with us.

​

4.1. Personal information of the user "VAULTER PAYMENT LINK SERVICE" 
Registering a user account for using the Vaulter Payment Link Services as defined in these Terms for the purpose of payment of services from the Company is necessary. For that reason, we collect, take over data from the Company, use, and keep User personal data based on User consent that the User voluntarily gives and shares with us and with the Company.   
The User account created in our system contains the user's personal data, which are received from the Company for the purpose of registering the User profile with the following: full name; contact details: email and phone number, personal identification number, country, amount which User must transfer ("condition payment"), delivery date (or "pickup date") and order number.

We process Users' contact data for the purpose of sending administrative messages (e.g., notifications) about transactions.  At any time, you can write to us, and request to withdraw your previously given consent.
We collect IP addresses and browser footprint (characteristics of the internet browser and device, operating system, choice of language, URL address from which you accessed the site, location data, data on the pages you visit, access time, frequency and length of visit, links you access, etc.) for the purpose of preventing fraud, and based on compliance with legal obligations.

​

4.2. Personal data of the Vaulter Payment Link visitors and persons otherwise interacting with us 

When visiting the Vaulter Payment Link website or non-user interaction with the Vaulter Payment Link website, Powrs processes personal data, as follows:
-   IP addresses and browser fingerprint (internet browser and device characteristics, operating system, language selection, URL address from which you access the Application, location data, information about the websites you visit, time of access, frequency, and duration of visit, links you access, etc.) for the purpose of fraud prevention, based compliance with the legal obligations and our legitimate interest.
-  Data on interaction with Powrs (customer support) for the purpose of providing customer support, based on our legitimate interest.

​

4.3. Use of cookies and other similar technologies on the website
Powrs uses cookies and other similar technologies (scripts) on its pages.
Cookies are small text files that are stored on your device when you visit our websites. There are different types of cookies used for different purposes on the Powrs websites. Cookies are set directly by Powrs (so-called first-party cookies) and by third parties (so-called third-party cookies).

The types of cookies we use are:
•    Necessary cookies - enable the basic functioning of the website and, as such, are necessary for the proper functioning of our website.
•    Statistical cookies - allow us to analyze how visitors use our websites in order to improve the functionality of the website.
•    Functionality cookies - help us remember the choices you made and provide you with a better user experience (e.g. wish list, etc.).
•    Marketing cookies – to display content and advertisements, including those tailored to your interests. Marketing cookies are also used by other companies that Powrs cooperates with in order to show you advertisements related to products and services that interest you. The use of these cookies requires your prior consent.
•    Security cookies - enable safe and secure use of the website, and the provision of our services.

​

5. Legitimate interest
In certain cases, Powrs processes your personal data based on our legitimate interest. We use this legal basis in situations where our legitimate interest prevails over your interests and basic rights and freedoms. Our legitimate interest is in maintaining the necessary level of security of our services and preventing fraud, as well as providing customer support services.

​

6. Method of processing your personal data
Personal data processed by Powrs is disclosed to various data recipients, for the purpose of executing and processing the transaction, i.e. at the request of state authorities.

​

6.1. Data processors with whom we share your personal data
The recipients of data with whom we share your personal data are most often legal entities that process your personal data in the capacity of processor, based on the contractual relationship they have with Powrs and based on our instructions.
Our data processors are:
•    the financial institution from Sweden (a bank, or a payment institution, or an electronic money institution). The financial institution provides payment services to the User, who appears as the issuer of all payment orders,
•    our business partners who are using our services as a checkout solution, 
•    hosting provider of companies on whose servers we store data,
•    Other external collaborators with whom we cooperate (e.g. IT support, marketing agencies).

​

6.2. Authorities
In certain cases, we are obliged to share your personal data with authorities. Thus, for example, Powrs has a legal obligation to present, based on the appropriate judicial or administrative act, all data based on which the detection or prosecution of perpetrators of criminal acts can be undertaken.

7. Period of processing and storing your personal data 
We store your personal data and information regarding payment transactions as long as necessary to achieve the purpose of the processing, i.e. until you withdraw your consent (if the processing is based on consent), but in any case, no longer than the period prescribed by local law.  (Example: accounting obligation to keep information and documents regarding payment transactions is seven years, and AMLTF regulations, define a longer period for document keeping, up to ten years). Having in mind the above-mentioned, the period for storing your data depends on the purpose for which the data is used:
- Personal data used for the contractual relationship between User and Powrs is normally saved for as long as the agreement is valid and thereafter for a maximum of 10 years due to statutes of limitation.
- Personal data that must be saved according to current laws (MLTF act, accounting legislation,) is normally saved for 5 and 7 years, respectively, and
- If no agreement is concluded between us or if the data is not needed for the fulfillment of a legal requirement, the data is only saved if it is necessary to fulfill the respective purpose of our processing (usually 3 months).

​

8. Your rights regarding personal data protection
The User, as a person whose personal data is processed, has a number of rights according to the data protection regulation. On the public site of IMY, Swedish Authority for Privacy Protection, users can find more information about his rights https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/de-registrerades-rattigheter/. 
Please be informed about your rights: 

​

8.1. RIGHT TO INFORMATION
We will provide access to relevant user information about how we process personal data in our user interfaces so that our users are fully aware of what we do with their data. The information provided is free of charge in an easily accessible, written form (which may be in electronic form) and in clear and unambiguous language.
Among other things, the data subject has the right to be informed:  for which purposes personal data will be processed, the legal basis for the processing, how long data will be stored, who will access personal data, etc. 
The European Data Protection Board (EDPB) has produced a guideline that deals with more information on the data subject:   https://www.imy.se/globalassets/dokument/riktlinjer-om-oppenhet-och-information-till-registrerade.pdf

​

8.2. RIGHT OF ACCESS
The right of access - Users have access to a complete electronic copy of all personal data about them. Also, the right to access your personal data, meaning that you are entitled to obtain confirmation whether personal data is processed concerning you. In your request, please specify clearly what data you wish to obtain.
There may be circumstances that mean that information should not be disclosed, for example, due to provisions in other legislation or that disclosure of the information entails disadvantages for others.
In some cases, the data controller may also refuse to provide a copy of the data, for example if the data subject makes so-called unfounded or unreasonable requests, for example, requesting access several times in a short period of time. 

8.3. Right to rectification 
The User has the right to contact Powrs as soon as possible if he/she believes that we hold incorrect/incomplete information about them, which needs to be corrected.  The user can send a request for updating profile information, at any time. The data subject also has the right to request information about to whom the data has been disclosed.
 
8.4. Right to erasure
The right to erasure - A user can at any time request the deletion of the personal data about them that has been stored.  But, in certain cases, it will be necessary for us to retain specific information after a user has requested deletion, for reasons of legal obligations or to protect our users and ourselves from fraudulent activity and misuse of our services.
You can contact us with a request to delete the personal data that Powrs processes about you. However, please note that this right will not always apply. For example, when Powrs processes personal data based on compliance with a legal obligation, it will not be obliged to act on your request to delete personal data. We also give users the ability to decide whether they want to be removed from mailing lists used for marketing campaigns.

The data will be deleted in the following cases, under conditions regulated by the law:
•    If the data is no longer needed for the purposes for which it was collected
•    If the processing is based on the data User's consent and he withdraws the consent
•    If the processing takes place for direct marketing and the data subject objects to the data being processed 
•    If the data subject objects to personal data processing that takes place within the framework of the exercise of authority or after a balance of interests and there are no justified reasons that outweigh the interests of the data subject
•    If the personal data has been processed illegally 
•    If erasure is required to comply with a legal obligation
•    If the personal data relates to children and has been collected in connection with the child creating a profile in a social network.

​

8.5. Limitation of processing
Users have the right to demand that the processing of personal data be restricted. Restriction means that the data are marked so that they may only be processed for certain limited purposes in the future. The right to restriction applies, among other things, when the data subject considers the data to be incorrect and has requested correction. In your request, the User must specify clearly what data must be limited to treatment or which data is not necessary.

​

8.6. Right to object
The right to object applies when personal data is processed to perform a task of public interest, as part of the exercise of authority, or after a balancing of interests.
Users have the right to object to an organization processing (using) their personal data at any time. This effectively means that you can stop or prevent the organization from using your data. 
However, the right to object only applies in certain circumstances, and they may not need to stop if the organization can give strong and legitimate reasons to continue using your data. 
Individuals have the absolute right to object to the processing of their personal data if it is for direct marketing purposes.
Individuals can also object if the processing is for the a/m purposes:
•    for a task carried out in the public interest;
•    for the exercise of official authority; or
•    for your legitimate interests (or those of a third party).
But, in these circumstances, the right to object is not absolute.
If the data is processed for scientific or historical research or statistical purposes, the right to object is more limited.

​

 8.7. Right to data portability
The right to move personal data is called the right to data portability in the data protection regulation.  
The User has the right to obtain and use their personal data elsewhere, for example, in another social media service. A prerequisite is that the personal data controller processes the personal data with the support of consent from the data subject or to fulfill an agreement. It only applies to personal data that the data subject has provided himself. 
If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to request that the personal data be transferred from us directly to another data controller, where technically feasible. 
The European Data Protection Board (EDPB) has produced a guideline that deals with more information on the data subject Guidelines on the right to data portability (pdf 388 kB)

​

8.8. Automated decision-making
As part of its operations, Powrs performs profiling of persons to whom the data refers for the purposes of obtaining status within the service. Also, for safety and security purposes, Powrs profiles the identity of the perpetrator of fraudulent behavior. Profiling is the processing of personal data that must comply with all regulations in the data protection regulation.
Keep in mind that this may result in incorrect forecasts and predictions, but that decision-making on rights and obligations is always accompanied by the human factor, and that in any case, you can contact us via the e-mail address queries@vaulter.se, to point out a possible error.
The User has the right not to be subject to a decision based solely on any form of automated decision-making, including profiling, if the decision may have legal consequences or similarly significantly affects him or her.

​

9. Right to withdraw consent or to complaint
When the processing of your personal data is based on consent, you can withdraw your consent at any time via the e-mail address queries@powrs.se. When you withdraw your consent, we will stop the processing. The revocation of consent does not entail any consequences and does not affect the permissibility of the processing that was carried out before the revocation.
If you have a complaint about Powr's incorrect processing of personal data, you can directly contact the Swedish Data Protection Authority link. 

​

10. Amendments to the Privacy Policy Notice
Powrs is constantly working to improve its services/products, which may mean changes in existing and future services. If such an improvement requires notice or consent under applicable law, you will be notified or given the opportunity to provide your consent.

It is also important that you read this data protection information each time you use one of our services, as the processing of your personal data may differ from your previous use of the service in question.
You will be notified in a timely manner of any changes and additions to this Privacy Policy Notice.
This Privacy Policy Notice shall be effective and applicable as of the date of its issuance.