Effective from: July 4th, 2021
Trustly, Inc. and its subsidiaries and affiliated entities (collectively, “Trustly”, “we”, “us” or “our”) provide certain online banking payment solutions. Trustly, Inc. is a subsidiary of Trustly Holding AB, a Swedish limited liability company.
About Trustly: We enter agreements with merchants and other types of businesses who provide goods or services to end users and consumers online. We refer to these businesses as “Merchants”. These Merchants use the Trustly Services to collect information and/or obtain payment from you in connection with goods and services you have purchased from the Merchant. We provide an easy way for you to connect to your bank and other financial accounts to make payments to these Merchants for the goods and services you purchased and to provide information to these Merchants so that they may provide the services you requested from them.
4. Information we may collect
(a) Information You Provide. When you use the Trustly Services, we may ask you for, or give you the opportunity to provide, certain information about you, including, but not limited to, your name, a bank name; a face, fingerprint or other biometric information; a bank login ID, a password, a PIN number, answers to security questions, the location where you opened your bank account or other authentication information (i.e. online banking access credentials); a bank account number/IBAN and bank routing transit number, a bank account type, other bank account information; and other personal information, such as your name, driver’s license number and the state where issued, passport information, and taxpayer identification number. The type of information requested from you or provided by you depends upon the Trustly Services that you use and the type of goods and services the Merchant is providing to you.
(b) Information We Collect Automatically. When you use or interact with the Trustly Services made available to you by a Merchant, we may gather or collect from you, the Merchant, your bank, and/or third parties additional information about you to facilitate your use of, and/or enhance, the Trustly Services, including, but not limited to, your purchase/order or bill amount and reference, your name, physical address, email address, phone number, bank account number, bank routing transit number, bank account balance, bank transactions, and other personal, risk or technical information such as an end-user ID, and “Order Identifying Information” (such as order ID number, message ID, notification ID and the time when the transaction was made). While you access or use the Trustly Services, we may use a variety of technologies that collect information about you or how you access or use the Trustly Services (“Device Information”), including data that may indirectly identify you (such as your browser or application’s cookies, fingerprints, geo-location data, and your internet protocol (“IP”) or media access control (“MAC”) address), and data that may not identify you (such as user agent (client software) data, network connection type and provider, language, time zone, and connection speed). Please see the section below on Browsing and Cookies for additional information we may collect through the use of technologies. We may also collect behavioral information regarding your use of the Trustly Services, including the Merchants with which you use the Trustly Services and when, where, how often, etc. you use the Trustly Services, as well as your clicks, keyboard, voice, image, video and other device interactions while using the Trustly Services.
5. How we use your information
(b) To Enhance Your Experience. We may use your information to provide a more tailored or seamless experience while using the Trustly Services. For example, if you use the Trustly Services for ongoing and repeated transactions, we may use your information to make such transactions more seamless by automating such transactions or completing some of the required information for you. We may also use the information we collect to verify accounts and activity, combat harmful conduct and fraud, maintain the integrity of the Trustly Services, and promote safety and security. We may use your information to communicate with you regarding your use of the Trustly Services, to answer your questions, obtain your feedback, and to provide disclosures and other information which we deem advisable or which we, or our service providers, are required to provide to you pursuant to applicable law.
(d) Non-Personal or De-Identified Information. We may create non-personal, de-identified records or data from the information we collect by excluding the information that makes the data identifiable to you, such as your name or address (“Anonymized Data”). Any Anonymized Data we create is our property. This Anonymized Data may be used for any purpose. For example, we may build non-personally-identifiable statistical profiles, databases, and analyses regarding the Trustly Services as well as transaction trends, habits, and usage patterns. We may create reports and analytics to assist our, and our Merchants’, understanding of the Trustly Services, enhance the Trustly Services and our Merchants’ services, or improve our security. We may use the Anonymized Data for business purposes and for various reporting obligations. Trustly reserves the right to use the Anonymized Data, and to disclose the Anonymized Data to Merchants and other third parties, in Trustly’s sole and absolute discretion, as permitted by applicable law. We will not “re-identify” any Anonymized Data.
6. How we may share information
Except for your Online Banking Access Credentials, which we never store in central databases or share with any third party other than your bank, we may share, as permitted by law, some or all of your personal information with Merchants, banks, service providers, agents, and/or affiliates, including other subsidiaries of Trustly Holding AB, for the purposes of effecting, processing, administering, or delivering the Trustly Services or transactions initated by you and to enable us and our Merchants to better understand your use of the Trustly Services.
(a) Merchants and Banks. You may access or use the Trustly Services via or through the web site, network, embeddable or mobile applications, SMS, instant message or other notifications or other services of a Merchant or other service provider with whom you have an existing relationship to obtain or receive goods and services these parties provide to, or perform for, you in connection with that relationship. We may share your personal information with such Merchants, and also with banks and other service providers, in connection with the goods or services to be provided to, or performed for you, by these Merchants or other service providers. The personal information which we may share includes, but is not limited to, your bank name, bank account name, numbers and associated information (such as whether your bank account is in good standing, your bank balance, and your bank transactions), information required to verify your identity and that you are the holder of the applicable bank account (such as your name, address, driver’s license number, or taxpayer identification number), and information required to authenticate that you have all necessary rights and authority to use such bank account. The Merchants, banks, service providers, agents, and affiliates with whom we may share such information include, but are not limited to, those with whom you have an existing relationship and who utilize the Trustly Services and those with whom we have a relationship to enable us to deliver the Trustly Services to you. We may also share your information with Merchants to enable Merchants to better understand your use of the Trustly Services.
(b) Consumer Reporting and Collection Agencies. If you use our payment processing services, we may share your personal information with those Merchants and other service providers who are consumer reporting agencies or collection agencies so that they may manage their risks, prevent fraud, perform the activities of a consumer reporting agency under the Fair Credit Reporting Act and otherwise as may be allowed by applicable law. If you authorize a payment to a Merchant via the Trustly Services which is returned by your bank, we, or our Merchants and other service providers, may use such information, or share your information with collection agencies and others, as necessary to collect the funds from you. Trustly and Merchants may also engage consumer reporting agencies, collection agencies, and other service providers, to perform functions and provide services to enable or enrich the Trustly Services as well as other services and businesses related to, or working in conjunction with, the Trustly Services.
(c) Affiliated Companies. We may share your personal information with companies that are also subsidiaries of our parent company, Trustly Holding AB, to provide the Trustly Services and customer support to you, to manage and maintain the Trustly Services, and to understand and improve the Trustly Services.
(e) Legal Requirements; Other. We may preserve or disclose your information as necessary or advisable to comply with applicable laws and regulations, legal processes and investigations, or governmental requests; to protect the safety of any person; to address fraud, security, or technical issues; or to protect your or others’ rights or property. Disclosures of your information may be made to law enforcement or governmental regulators as part of a criminal or government investigation. We may also disclose your information in response to a court order or subpoena. If Trustly is involved in any merger, acquisition or sale of all or substantially all of its assets or business, or bankruptcy, your information may be transferred, sold, or disclosed as part of that transaction. We may disclose your information to our corporate affiliates, including corporate affiliates located outside the United States, in order to help provide, understand, or improve our and our affiliates’ products and services. In addition, we may share your personal information as directed by you with your express consent.
7. Opt-out; accessing or amending your information
(b) Decline to Share. You may, of course, decline to share certain personal information with us. However, please be aware that if you decline to share your personal information with us, it may be impossible for us to provide some of the features and functionality of the Trustly Services to you. For example, if you decline to share your Online Banking Access Credentials with us, we may not be able to facilitate a bank account verification or a bank payment from you to a Merchant via the Trustly Services.
(c) Accessing; Amending Your Information. If you wish to access or amend any personal information we have about you, or to request that we delete any information about you that we have, you may contact us a email@example.com or via our consumer portal. Please note that while any changes you make will be reflected in Trustly’s active user databases within a reasonable period of time, we may be obligated to retain some or all information we have collected from or about you to satisfy our legal obligations, comply with applicable laws, regulations and regulatory requirements, prevent fraud and abuse, complete a transaction with you, perform analytics or standard archiving, or where we otherwise reasonably believe that we have a legitimate reason to do so.
8. Marketing email communications
You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or by sending us a request to unsubscribe at firstname.lastname@example.org. If you opt-out of receiving marketing email communications, we may still send you email messages related to your account with us or your use of the Trustly Services. Unsubscribing yourself from our marketing communications will not affect the quality of service we provide you.
9. Text/sms messaging
You have the choice to opt-in to receiving text messages and alerts on the mobile phone number(s) you have shared with us. Once you have opted-in, we may send you text messages
- regarding your use of the Trustly Services, or, if applicable, your account with us;
- to investigate or prevent fraud; and
- to alert you in the event of an emergency. We may send these text messages and alerts using autodialed technology.
We will not contact you via text messages or alerts for marketing purposes without your prior express written consent. You do not have to opt-in to text messages and alerts to use and enjoy our websites and services. If you opt-in, standard text messaging charges may apply. For more information regarding our text messaging and alerts, please contact us at email@example.com.
You may choose to opt-out from our text messages and alerts at any time using any reasonable means. To directly opt-out, send us a text message from your mobile phone with the word STOP, STOP ALL, END, QUIT, CANCEL or UNSUBSCRIBE, and we will unsubscribe you from text communications. Once you opt-out, you will not receive any additional text messages via your mobile phone. Please keep in mind that if you opt-out of receiving text messages and alerts we may not be able to contact you with important messages regarding your account. However, if there is an emergency or account question, we will make every attempt to contact you in other ways, such as by email or on a landline phone.
10. Data security
(a) Data Protection and Security. Trustly utilizes technical and organizational security measures, including physical, electronic, and procedural security measures, to protect against loss, destruction, unauthorized access or processing, misuse and alteration of information under our control. Trustly employs reasonable practices and security measures to safeguard and secure the personal information we collect, and our data center is compliant with certain standards such as SSAE-18, SOC1/SOC2 promulgated by the American Institute of Certified Public Accountants.
(c) Notifications; Communications. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and/or technical safeguards. If Trustly learns of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Trustly Services, you agree that we may communicate with you electronically or via Merchant communication (such as email notifications) for this purpose. Trustly may post a notice on our web site or within the Trustly Services if a security breach may occur or has occurred. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
11. Preventing identity theft
Please do not send confidential, personal information such as Social Security number, government identification numbers, online banking access credentials, or bank account numbers to Trustly without first specifically confirming that you are sending such information to Trustly (and not to an unauthorized third party) and unless agreed between you and Trustly. The agreement should include method of transmission, such as registered mail, secure or encrypted email, or some similar secure method of communication. Do not be misled by emails or other communication that appear to be from us and request personal information. If you receive any suspicious email requesting your personal information, please immediately forward the email to: firstname.lastname@example.org.
12. Browsing and cookies
When you browse our web sites, applications, or access or use the Trustly Services, we automatically collect certain technical information about your visit. Examples of this information include: which type of Internet browser you use, your IP address, browser headers, operating system, screen resolution, the clicks you make, the pages you browse, and the domain name and country from which you request information. We use this type of technical information to improve the Trustly web sites or applications and the Trustly Services. As part of our efforts to protect end users from fraud, this information is also used to assist in authenticating who you are when you access our web sites, applications or use the Trustly Services. We and our service providers also use this type of information to identify you and show you relevant advertisements as you browse the internet or use social media. Some of our web or mobile pages and applications may use “cookies,” fingerprints, or data that is sent to your web or mobile browser or application and stored on your device. The purpose of these “cookies” is to allow our, or a third party, server to recognize you as an end user returning to our web sites, applications or the Trustly Services using the same device and browser. In the event you do not wish to receive such cookies, you may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. If you choose to decline cookies you may not be able to use all the features and functionalities of our web sites, applications and the Trustly Services.
13. Do not track
Do Not Track (“DNT”) is a privacy preference that you can set in your web browser. When you use the DNT signal, the browser sends a message to web site operators requesting them not to track your web site navigation activities. Trustly does not track you over time or across third party web sites to provide targeted advertising and does not respond to Do Not Track (DNT) signals. For more information about DNT, visit https://allaboutdnt.com.
14. Privacy practices of third parties
15. No use by children
The Trustly Services are not directed to children under the age of 18 and we do not knowingly collect personal information from children under the age of 18 without parental consent. If you are under 18 years of age, then please do not access or use the Trustly Services at any time or in any manner. If we learn that personal information has been collected on the Trustly Services from persons under the age of 18, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has accessed or used the Trustly Services, then please alert us at email@example.com so that we may delete that child’s personal information from our systems.
16. Rights of California consumers
If you are a California consumer seeking to use your rights under the California Consumer Privacy Act of 2018 (“CCPA”), please see our Privacy Notice for California Residents.
17. Rights of EU, UK, and EEA persons
This section provides additional information relating to our processing of personal data for persons in the European Union (“EU”), United Kingdom (“UK”), and European Economic Area (“EEA”). Our legal basis for collecting and processing your personal data will depend upon the information collected and the context in which we collect or process it.
Retention and Deletion of Personal Data
We will process your personal data for as long as we need to fulfill the purpose for which the data were collected. Personal data about our end-users will in general not be stored for a longer period than seven (7) years to fulfill bookkeeping requirements. Please note however that during this time, the data may not be used for all of the purposes set out above. Shorter time periods apply depending on the purpose for which the data was collected. Trustly has implemented various technical and organisation measures, such as automated deletion of data and access restriction to systems where personal data are stored, to ensure that the data are not used for a longer period than necessary to fulfil; the respective purpose for which the data were collected.
Where and How We Store EU, UK, and EEA Personal Data
We undertake necessary measures to ensure that your personal data is protected with a high level of security that is appropriate to the risks associated with the processing and maintain physical, electronic, and procedural safeguards to protect it.
Your Data Privacy Rights as a Person in the EU, UK, or EEA
Persons in the EU, UK, and EEA have the following rights:
- The right to be informed about the collection and use of your personal data. That right is satisfied by the information provided in this Policy.
- The right of access to your information. You can get information from Trustly about what personal data we have gathered, why we have gathered it, etc.
- The right to rectification. If any of your personal data that we process is inaccurate, you are entitled to have it corrected.
- The right to erasure (a/k/a the “right to be forgotten”). You can request that Trustly erase personal data that we have gathered about you. Trustly will, under certain circumstances, be obliged to remove it.
- The right to restrict processing. You can request that Trustly restrict the processing of your personal data under certain circumstances, e.g. if you contest the accuracy of the personal data processed by us. We must then restrict the processing while verifying the accuracy of your request.
- The right to data portability. You can request that Trustly provide all the personal data that Trustly processes about you in a common, structured and machine-readable format. In some cases, we are obliged to comply with that request and provide you with the personal data processed about you.
- The right to object to processing. You can object to the processing of your personal data that Trustly carries out based on the legal basis of our legitimate interest as specified above , including profiling that we carry out on the basis of our legitimate interest. If you object, we must assess if we can continue to process your personal data. You also have the right to object to processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing, whereby your personal data will no longer be processed for such purposes.
- Rights in relation to automated decision-making and profiling. Trustly sometimes uses profiling and automated decisionmaking when providing its services. You have the right to understand when and why we use these types of processing, which are described above.
(i) The right to lodge a complaint: If you are unhappy with our handling of your personal data, you can lodge a complaint with a supervisory authority (if you are in the EEA or UK, please refer to the following links for contact details: EEA - https://edpb.europa.eu/about-edpb/board/members_en and UK - www.ico.org.uk).
If you have questions or want to exercise your rights explained above, please do so by contacting us at firstname.lastname@example.org, or contacting our U.S. Data Protection Officer at email@example.com.
Trustly U.S. Data Protection Officer
Address: 555 El Camino Real, Suite 200, San Carlos, CA 94070
18. Merchant representatives
If you are a representative of one of our Merchants or another company entering an agreement with us, you may provide us with information about you. Please see the Privacy Notice for Company Representatives
19. Sharing information internationally
Trustly is part of a group of companies which has offices and/or operations internationally. As a result, we may transfer information we collect about you across international borders, including from the EU, EEA, the UK, or Australia to the United States for processing and storage. Employees and representatives for Trustly in countries other than the United States may, if their job descriptions/tasks require it, access your personal data. We restrict access to your personal data to those employees, Trustly representatives and third parties that need to know your information in order for us to be able to fulfill the purpose for which the data was collected. Please see Section 17 regarding the measures taken to ensure any data about individuals in the EU, UK, or EEA is transferred consistent with applicable data protection legislation requirements such as GDPR.
20. How to contact us
555 El Camino Real, Suite 200
San Carlos, California 94070