Privacy policy

How we process information about you

Effective from 25/05/2018

UC’s role is to collect, process and provide information and services in a secure, lawful and correct manner. The activities conducted within UC benefit many different stakeholders and are useful to various actors in society. Within the framework of its work to protect privacy, UC must therefore also work to remove any obstacles to the flow of personal data between different stakeholders.

UC’s activities are governed by a variety of legislation, particularly the General Data Protection Regulation and Sweden’s Credit Information Act. An important part of this protection involves informing you of how we process your data. For this reason we describe here the purposes for which the data is processed, the lawful basis for this, which data we process, who sees the data, when it is erased and what rights you have as a “data subject” – in other words, a person about whom data is kept.

The information in this document also covers the processing of personal data resulting from your visiting the website uc.se and providing personal data to us there. If a company other than UC AB is responsible for the processing of the personal data, this will be stated – for example, when you enter your details on the website or enter into an agreement.


General information about the Credit Information Act

UC AB is a business and credit reference agency holding a permit from the Swedish Data Protection Authority to conduct credit referencing activities.

Our credit reference register contains all private individuals over the age of 15 years who are registered as being resident in Sweden, as well as all companies in Sweden. Our aim is for the data to be processed in such a way that individuals whose data we process, as well as authorities and society, can have complete confidence in the processing that we carry out.

Credit referencing is regulated by the Credit Information Act, which contains provisions that supplement the General Data Protection Regulation and Sweden’s Data Protection Act. Among other things, the Act allows us to update our files with information automatically and to store, process and provide this information in the form of credit reports.

The purpose of providing a credit report – i.e. details, scores and guidance about you – is so that the recipient can make various financial assessments. This means that the information is used as a basis for various business and credit decisions. The Credit Information Act also states that the information may be provided as a basis for calculating the capital requirements for credit risks.

As a data subject you do not have a right to object to data about you being processed; neither do you have a right to be erased from a credit reference register. The reason for this is that the legislator considers that the processing that takes place in credit referencing is necessary in order to perform a task that is in the public interest.

The Credit Information Act contains rules protecting privacy, and among other things you have the right to demand that the processing is restricted, the right to request rectification of misleading or inaccurate information and the right to see your own credit file. When we provide a credit report to, for example, a bank, you will also receive a copy of the report showing the information that we have provided as well as who requested the report (this also applies to sole traders and partnerships). The party requesting a credit report for a private individual must have what is known as a legitimate need, which means that not just anybody has access to the credit reference register.

Rules on erasure based on the Credit Information Act
The Credit Information Act and our permit from the Data Protection Authority (known in Swedish as Datainspektionen) also contain rules on erasure that are to be applied – which means, for example, that in credit reports for private individuals we do not present information that is more than 36 months old (with the exception of debt reconstruction, which is erased after 60 months). Data concerning a natural person is erased when it is no longer necessary to retain the data for the purpose for which it was processed. This may mean, for example, that data concerning a natural person’s directorships and other positions is erased after 60 months. The information used in credit referencing largely originates from publicly accessible sources such as Swedish authorities. In certain cases the information originates from private operators such as banks and financial institutions. You can read the Credit Information Act in full here and information on the data contained in our credit reports, the sources from which the data is taken and the periods for which it is stored can be found at uc.se/sources .

Credit referencing does not involve us making automated individual decisions about you or profiling you. Instead we provide information to entities such as banks, financial institutions, authorities and other companies and organisations, which in turn make financial decisions using the information we have provided.

Information about processing carried out in accordance with the General Data Protection Regulation and the Credit Information Act

Purposes of processing and lawful basis

We process personal data for the following purposes, on the lawful basis stated.

Purpose of processing

Lawful basis for processing 

To allow you to register for events, seminars and training on uc.se, referred to below as “the website”, and to allow us to administer these.

To meet commitments agreed with you or based on a legitimate interest. 

In order to be able to identify you when you make purchases and use services on the website.

For compliance with a legal obligation and for the performance of a task carried out in the public interest (in the case of access to information in the credit reference register).

To meet the commitments agreed with you or based on a legitimate interest (in the case of access to other information).

 

To allow us to provide and administer services.

For the performance of a task carried out in the public interest (in the case of tasks performed within the context of credit referencing).

To meet commitments agreed with you or based on a legitimate interest.

 

För att utföra de åtaganden som avtalats med dig eller med stöd av ett berättigat intresse.

To allow us to assist when you contact us. 

For compliance with a legal obligation or for the performance of a task carried out in the public interest (in the case of credit referencing activities such as credit reports, investigations, rectifications etc.).

To meet commitments agreed with you or based on a legitimate interest.

To allow us to receive payment for things such as events, seminars, training, services and products.

To meet commitments agreed with you or based on a legitimate interest if you are acting in the capacity of an employee of a company or organisation.

To allow us to receive payment for things such as events, seminars, training, services and products.

To meet commitments agreed with you or based on a legitimate interest if you are acting in the capacity of an employee of a company or organisation.

To allow us to carry out market and customer analysis, market surveys, statistics and business monitoring. We do this so that we can develop and improve our services and products. 

For compliance with a legal obligation or for the performance of a task carried out in the public interest (in the case of credit referencing).

To meet commitments agreed with you or based on a legitimate interest.

To allow us to send you information, offers and marketing e.g. by means of post, email and telephone (unless you have opted out).

To meet commitments agreed with you, consent and based on a legitimate interest. 

We also process data in order to assist lenders and borrowers by generating statistics and models with a view to being able to assess the risks and opportunities associated with business and credit decisions and within the context of the provision of credit. UC also provides authorities with analyses and statistics. UC does not disclose any identifiable personal data in connection with this processing.

Such processing is performed based on a legitimate interest.

 To comply with applicable legislation such as accounting and tax legislation.  For compliance with legal obligations.

None of the above processing involves us making automated individual decisions about you, including profiling.

Concerning “legitimate interest” as a lawful basis

For various types of marketing purposes and for the provision of information we have an interest in being able to market products and services. We also have an interest in being able to carry out analysis and surveys in order to improve our products and services, and improve your experience of the website. We also process your information so that you get offers and invitations that are as relevant to you as possible. We also need to be able to assist when you contact us, and this processing is necessary for your and our interest in being able to deal with the matter. We also have an interest in processing your personal data so that we can provide and administer services; for example, if you are an authorised user and log in to gain access to our services.

We and recipients of the information who are to make a financial decision have an interest in information about you being processed in order to generate statistics and models. The Credit Information Act states that a credit report may contain information, scores and guidance. The information that is processed in order to generate statistics and models comes from the credit reference register. The information is processed in a pseudonymised manner, which means that your name and other personal details can only be identified by the person who has the “key” to unlock the pseudonymisation. Only a few individuals have access to the actual key. The statistics provided to the recipients do not contain any identifiable personal information, which means that no decisions are taken relating to you as an individual. The recipients of the information have a great need for information in order to be able in turn to comply with legal obligations in Swedish and European legislation. You can see your own score, which is generated by a model, in your own credit file.

Recipients of the personal data
To achieve the above purposes, your personal data will be processed by us and may also be disclosed to and processed by our service providers, for example IT providers or marketing partners such as newsletter systems. We may also disclose your personal data to other companies within the UC group and to specially selected partners; for example, we may provide data concerning your search behaviour on the website. We take appropriate technical and organisational measures to ensure that information about you is treated securely and that there is an adequate level of security when transferring or sharing the data with third parties.

We also disclose information concerning data subjects (both individuals and companies) within the context of our credit referencing activities. Recipients of the data (other than those mentioned above) may be you yourself, customers of ours, companies, authorities and organisations that have the right to make a financial assessment of you, or other individuals and companies.

Moreover, your personal data may be disclosed in the ways set out in law, in regulations or in decisions by authorities.

Other than the information about you that is processed in the credit referencing activities, we will not sell your personal data to third parties unless we have your consent to do so.

What information do we process about you?
You may come to provide information about yourself in a number of different ways, such as when you fill in a form on the website, buy services or products or when you contact us in various ways. The personal data that you might provide is personal and contact details such as your name, company name, email address, telephone number and address.

When you use the website and our services, we may collect the following information about you:

  • Information about the services you have bought.
  • Behavioural information concerning how you use the website, such as use of our services, response time for pages, download errors, how you reached and left the service.
  • System information such as IP address at network level, language settings, browser settings, time zone, operating system, platform and screen resolution.

We also process information about you and other data subjects within the context of our credit referencing activities; this data is used in credit reports. To see what a copy of a credit report looks like and what it contains, read more here.

Retention period
We save the information about you for as long as is necessary for the purposes for which the personal data is processed and for as long as is required under statutory archiving periods. We may also keep the data in order to be able to safeguard our legal interests, for example if legal proceedings are ongoing.

The retention period for generating statistics and models is related to macroeconomic factors and may therefore vary over time. When generating statistical models, the information must cover two economic cycles in order for the models to have the necessary quality and precision.

In the case of marketing purposes for natural persons, we erase your personal data 12 months after you cease to be a customer or user. 

Your rights
As a natural person, with personal data that is processed by us, you have significant rights.

You have the right to access your personal data at any time. If you would like information about the personal data relating to you that we process, you can request this at any time in the form of a copy of your file. You will receive an answer within one month of the application being made. In special circumstances this period may be extended by a further two months. If we need to utilise the extension period we will notify you of this. If you notice any inaccurate, misleading or incomplete information about yourself you can request that this is rectified.

In certain cases you have the right to request that your personal data is erased (“the right to be forgotten”); for example, if your personal data was processed unlawfully. However, you cannot have your data erased if we have a legal obligation or a right to retain the data or if the processing is in accordance with the Credit Information Act. Other examples of why we may have the right to deny your request include compliance with obligations under accounting and tax legislation. It may also be the case that the processing is necessary in order for us to be able to establish, assert or defend legal claims. Should we be prevented from accommodating a request for erasure, we will instead at your request block the personal data from being able to be used for purposes other than the purpose that prevents the requested erasure.

In certain cases you have the right to demand that the processing of your data is restricted. If, for example, you dispute that the personal data we are processing is correct, you can request restricted processing for the time we need to check whether the personal data is correct. Another example is that if we no longer need the personal data for the purposes determined but you need it in order to be able to establish, assert or defend legal claims, you can request restricted processing of the data by us. This means you can request that we do not erase your data.

In certain cases you have the right to object to the processing of your data. In such circumstances we may only continue to process the data if it can be shown that there are compelling legitimate grounds for the processing. These grounds shall then outweigh the interests, rights and freedoms of the individual or the processing shall take place in order to establish, exercise or defend a legal claim.

There are also restrictions on your rights when the data is processed for statistical purposes.

If you do not want us to process your personal data for direct marketing, you can notify us of this. In each newsletter you are informed of your ability to unsubscribe from future newsletters.

If you have voluntarily provided us with data you have the right in certain cases to extract and use your data elsewhere (“the right to data portability”). In such cases we are obliged to facilitate such transfer of the data. This is conditional upon us processing the personal data on the basis of consent or for the performance of a contract with you.

Withdrawing consent
If you have given your consent to processing of personal data you have the right to withdraw your consent at any time.

Links on the website
On the website there may be links and/or references to other domains. This information does not apply to those domains and we are not responsible for the processing of personal data that takes place in these domains. You should study information from these domains before providing your personal data.

Cookies
We also use cookies (and other similar methods) to collect information about you or the equipment you use. More information about our use of cookies can be found here.  

Constitutional protection of freedom of expression

UC AB also has a publishing certificate for the website uc.se that was issued by the Swedish Press and Broadcasting Authority. This means that the website has constitutional protection of freedom of expression. 

Contact us at UC

If you would like any further information or have any other queries you are welcome to contact us at any time and we will do our best to answer your questions. You can contact us via the following postal address, email address or telephone number:

Postal address: Årstaängsvägen 21 B, SE-117 88 Stockholm
Email: kundservice@uc.se
Telephone: +46 (0)8 670 90 00

UC AB has a data protection officer who will be happy to receive any questions you may have concerning personal data and data protection. The contact details of the data protection officer are as follows:
Email: dataskydd@uc.se 


The following companies are part of the UC group:

  • UC AB (556137-5113)
  • UC Affärsfakta AB (556613-0042)
  • UC Affärsinformation AB (556730-7367) 

Copy of file
If you would like a copy of your file please send your enquiry to the address below. Please state in your enquiry whether you wish to have a copy of your credit reference file or your customer file.

Postal address: UC AB, Årstaängsvägen 21 B, SE-117 88 Stockholm
Email: kundservice@uc.se 

Complaints
If you believe we have processed your data incorrectly please contact us at kundservice@uc.se.

Under Article 77 of the General Data Protection Regulation you have the right to lodge a complaint with the Data Protection Authority (known in Swedish as Datainspektionen) at the following address:
Postal address: Box 8114, SE-104 20 Stockholm
Email:
datainspektionen@datainspektionen.se