Privacy Policy

Nordfin Capital Group AB and its subsidiary (Nordfin) protect your privacy. This privacy policy describes your right to privacy and our commitment to protect your personal information. Nordfin is a Nordic company with legal entities, business processes, management structures and technical systems that are applied across borders. Nordfin provides software and services to private and public companies (customers) in the Nordics. Nordfin's headquarters are in Stockholm and the Nordfin Group complies with European data protection legislation, including the General Data Protection Regulation (GDPR).

All important decisions regarding privacy within Nordfin are made at a company level which is overseen by the data protection officer

This privacy policy can be found on our website and at the bottom of all Nordfin websites. This privacy policy generally applies to our processing of personal data. If, when purchasing our services or in another context, you receive another information text about personal data processing, it applies before this general privacy policy.

Scope and Consent

This privacy policy applies to all of Nordfin's business processes and all of Nordfin's websites, domains, mobile solutions, cloud services and networks as well as all websites that go under Nordfin's brand (Nordfin's websites). Service-specific terms can be found in the terms of use, agreement on the processing of personal data or similar information for the service in question.

The privacy policy contains information about the personal data processing that Nordfin carries out and where Nordfin determines the purpose and means of the processing (Nordfin acts as the personal data controller). It also contains information about personal data processing that Nordfin carries out on behalf of our customers in accordance with their instructions (the customer is the personal data controller and Nordfin is the personal data assistant).

Personal data is information that can identify you as a person, for example your e-mail address, your home address or your telephone number. We need to process your personal data, e.g. in order to fulfill our commitments to our customers. Do not use Nordfin's websites or our services if you do not agree to how we process personal data in accordance with this privacy policy.

Cookies and pixel tags

Cookies are small text files that contain a character string that uniquely identifies a browser. They are sent to a computer by internet operators or third parties. By default, cookies are allowed in most browsers, as this is something that most website owners require in order to access their website. You can change the settings of your browser to disable cookies by default, block cookies from third parties or to receive a notification that a cookie has been sent.

Pixel tags are scripts that are issued when a user opens a website or email. The pixel itself is invisible and only visible in the HTML code of the website or email. It calls an application on a server that causes a third-party cookie to be downloaded to your computer or registers that the email has been opened.

For more information about cookies and how they work, visit

We (and our suppliers) also collect data using cookies and similar technologies. The majority of cookies and similar technologies we only collect de-identified information, such as how you get to our website or your location. However, some types of cookies and similar technologies collect personal data.

We (and our suppliers) may also collect information that is publicly available on third-party platforms (eg, social media online platforms), through databases or registries on the Internet, or by other legitimate means. The collection of such data is governed by the third party's terms of use and/or privacy policy.

What personal data do we process

Business customer

We collect information from you about you when:

  • visiting or use our website
  • receiving or responding to electronic communications from us
  • view or click on other online content, and interact with us through other websites and apps
  • use unique user information such as login ID, username, password and security questions if you use Access web.
  • visitor information from your browser, such as browser, device, language and address of the website you visited before, as well as IP address information.

The kind of data we collect depends on the service you use. This data can be, for example:

  • personal and contact information: name, person, billing and delivery address, e-mail address, telephone number, etc., and
  • the information you give us
Private Customer or Debtor

We will process the personal and customer data you provide or have provided to us, or that we have collected for the purpose of handling your invoice matters.

The kind of data we collect depends on the service you use. This data can be, for example:

  • personal and contact information: name, social security number, billing and delivery address, e-mail address, telephone number, etc.,
  • financial information: your income, any credits, negative payment history, etc., as well as
  • unique user information such as login ID, username, password and security questions if you use My Pages.
  • visitor information from your browser, such as browser, device, language and address of the website you visited before, as well as IP address information.
  • the information you give us.

Information sharing

We may transfer to, or share your information with, selected third parties, as follows:

  • with credit bureaus, debt collectors and similar entities to report or inquire about your financial situation and to report or collect your overdue claims in accordance with our terms,
  • with supervisory authorities, courts and government authorities to comply with legal orders, legal requirements or authority requirements and authority requests,
  • with our suppliers, regulatory authorities and government authorities to detect and prevent fraud or criminal activity, and to protect the rights of Nordfin Capital Group AB or others,
  • with our suppliers who provide services on our behalf and help us run our business (we require suppliers to protect personal data and only use your personal data for the purposes we have specified).

We take all reasonable legal, technical and organizational measures to ensure that your data is handled securely and with an adequate level of protection.

Security of personal data and storage

How we protect your personal data

Nordfin takes the trust that you and our customers place in us very seriously. Nordfin undertakes to prevent unauthorized access, dissemination and other improper processing of personal data. Nordfin must ensure the confidentiality of the personal data that we process, preserve the integrity of the personal data and ensure the accessibility of the personal data in accordance with the applicable data protection legislation.

As part of our commitments, we apply reasonable and appropriate organizational, technical and physical procedures and measures to protect the information that we collect and process, taking into account the type of personal data and the risk that you and our customers face in the event of a possible breach. The root causes of privacy breaches are most likely to be found internally and therefore we believe it is necessary to build a strong corporate culture where our employees have respect for and knowledge of privacy in order to guarantee legal treatment and that your personal data is protected.

How long do we store your personal data?

Nordfin only saves your personal data as long as necessary for the specified purpose, taking into account that we must be able to answer questions and solve problems and fulfill legal obligations in accordance with applicable legislation.

This means that Nordfin may save your personal data for a reasonable period of time after the last contact between you or our customer and us. When we no longer need the personal data we have collected, we delete it. We may process personal data for statistical purposes. In these cases, the data will be pseudonymized or de-identified.

Customer and accounting information is saved in accordance with current legislation.

Nordfin as personal data assistant

Nordfin provides several different services to our customers. The majority of our services involve the processing of customer data, including their personal data. The purpose of the processing is determined by our customers and not by Nordfin. This means that the customer is responsible for personal data. In these cases, Nordfin acts as a personal data processor and processes the data on behalf of the customer and according to his instructions. The relationship between the customer as personal data controller and Nordfin as personal data assistant must be regulated in an agreement on the processing of personal data.

The customer's and Nordfin's obligations

When the customer acts as a personal data controller, the customer must, in accordance with the applicable data protection legislation, ensure that there are legal grounds for processing the personal data. The customer must also assess and determine responsibility for the risks that the data subjects run in connection with the processing of their personal data. Another important aspect of the customer's obligation as a data controller is to provide relevant information to the data subjects.

Nordfin is a natural part of the customers' obligations as data controllers, in the sense that Nordfin's services are included in the processing of personal data that the customer must ensure complies with applicable data protection legislation. Thus, when Nordfin processes personal data on behalf of customers, we must do so in accordance with the data protection legislation that applies to personal data processors.

In short, the customer and Nordfin must cooperate to ensure the integrity of the data subjects. Nordfin must provide the information required for the customer to comply with the applicable data protection legislation.

Your rights

Right to access your data. You can request a copy of the information we have about you and hence verify the information. The copy is free to request.

Right to rectification. You have the right to correct incorrect or incomplete information about yourself.

Right to limitation. You have the right to request the processing of your personal data ends in certain circumstances when you have questioned the accuracy of the personal data, the processing has been illegal, you need access to the data to defend legal claims or you have objected to the processing regarding whether there are legitimate reasons for the processing .

Right to be deleted ("the right to be forgotten"). You have the right to request deletion of your personal data in cases where the data is no longer necessary for the purpose for which it was collected. However, there may be legal obligations for Nordfin Capital Group AB, which prevent us from immediately deleting parts of your data. These obligations come from accounting and tax legislation as well as banking and money laundering legislation. In such a case, we block the data that we are obliged to save, so that it cannot be used for purposes other than to fulfill such legal obligations

Changes to this policy

If we change our privacy policy, we will post the changed policy here, with the date of the change. We recommend that you regularly review the policy. In the event of significant changes to our policy that materially change our privacy principles, we may also notify you by other means, for example by email or by posting a notice on our website and/or in our social media before the change takes effect.

This privacy policy was updated on June 1, 2023