Back

Swedbank Smart Terminal Application

Privacy Policy

This Privacy Policy explains how Hansab IT Solutions OÜ (“we,” “us,” or “our”) processes your personal data when you use our payment acceptance mobile application (“the Application”). We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and other applicable laws.

By using the Application, you agree to the terms of this policy. If you don’t agree, please do not use the Application.

We may update this policy periodically, so we encourage you to review it regularly. Your continued use of the Application after any changes means you accept them. This policy does not apply to third-party stores from which you install the Application. We are not responsible for how they collect or use your data.

Who This Policy Applies To

  • Merchants/Users: Individuals who use our Application for business purposes. This includes employees or representatives of legal entities.
  • Buyers: Customers of our Merchants who make a payment and may choose to receive a digital receipt.

Data We Collect

We or our processors collect the following types of data to provide our services:

Merchant Data

  • Personal Data: Information you provide voluntarily, such as your name, email address, and physical address.
  • Derivative Data: Information our servers automatically collect when you access the Application, such as technical logs. This is considered personal data only if it can be used to identify you.
  • Mobile Device Data: Information about your device, including its ID number, model, manufacturer, and operating system version. This is considered personal data only if it can be used to identify you.

Buyer Data

  • Financial Data: Masked payment card number, expiration date, transaction amount, and other transaction details. We process this data only for payment transactions.
  • Personal Data: An email address or phone number is collected if a Buyer voluntarily provides it to receive a digital receipt. This data is used solely for that purpose.

Why We Process Your Data

We process your data to fulfill our contractual obligations and for other legitimate purposes, including:

  • Creating and managing your account.
  • Processing payments and other transactions.
  • Improving the Application and your user experience.
  • Notifying you of updates.
  • Preventing fraudulent or illegal transactions.
  • Delivering digital payment receipts.
  • Resolving disputes and providing customer support.

How We Share Your Data

We may share your personal data with third parties in the following situations:

  • To Comply With the Law: We may disclose your data if required by law or to protect our rights, property, and safety, or the rights, property, and safety of others.
  • With Third-Party Service Providers: We may share your data with service providers who perform functions on our behalf, such as payment processing and data analysis. We only share the data necessary for them to perform their services.
  • In Case of Business Sale or Bankruptcy: Your information may be transferred to a new entity if we reorganize, merge, or sell our assets.

Data Retention

We only retain your personal data for as long as necessary to achieve the purposes for which it was collected.

  • Merchants: We keep your data for the duration of your use of our services and for an additional 18 months after your agreement is terminated.
  • Buyers: We retain your personal data for one month after processing it to deliver a payment receipt.
  • Legal Obligations: We may keep some data for a longer period if required by law.

Data Security

We and our processors use administrative, technical, and physical security measures to protect your personal data. We comply with Payment Card Industry (PCI) standards and do not store unnecessary data.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request erasure of your data when it is no longer necessary for the purposes for which it was collected.
  • Restrict the processing of your data in certain circumstances.
  • Receive your data in a structured, machine-readable format and transmit it to another controller (data portability).
  • Object to the processing of your data based on legitimate interest.
  • Withdraw your consent at any time.
  • File a complaint with a data protection authority if you believe we have violated your rights.

The relevant data protection authorities are:

  • Estonia: Estonian Data Protection Inspectorate
  • Latvia: Data State Inspectorate
  • Lithuania: State Data Protection Inspectorate

Contact Us

If you have any questions or wish to exercise your rights, please contact us. For security purposes, we require written requests sent by registered mail or email. We will respond to your request within one month.

  • Address: Keevise 11, Talinn 11415
  • Email: itinfo@hansab.ee