Effective as of January 20 2023.
Safello is the data controller for the personal data we collect and process. This means that we are responsible for ensuring that the processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR).
2. Types of Personal Data Collected
We collect personal data from our users in order to provide them with the services they request. This personal data includes:
- Contact and personal information, such as name, email address, home address, social security number and phone number
- Financial information, such as credit card, bank account numbers, bank account statements and any personal data proofing origin of wealth/funds
- Demographic information, such as age, gender and location
We also process online identifiers such as IP addresses, MAC addresses or similar provided by website visitors. In order to get a better understanding of how our customers experience our email communication, we also process information about how you interact with our emails. The information collected is opened e-mails and clicks.
3. Purposes of processing personal data and legal ground
We process personal data for the following purposes:
- To fulfill the terms of the agreement between our customers and Safello, in order to provide the services and execute the processing of transactions on behalf of our customers
- To communicate with users about their accounts and the services we provide for information and marketing purposes
- To improve our services and ensure their proper functioning
The primary legal ground for processing personal data is the fulfillment of the agreement between the user and our company.
Furthermore, Safello must also process personal data to fulfill obligations according to law, other constitutions or authority decisions. In addition, the legal basis for the processing of personal data is a balancing of interests, where Safello’s legitimate interests consist of e.g. marketing, analysis and product development.
4. SUB-processors and sharing of personal data
In order for Safello to fulfill legal obligations, such as reporting to authorities, Safello might need to share your personal data with authorities. Furthermore, Safello might share your personal data with third parties that Safello collaborates with. When sharing your personal data to a third party that does not constitute an authority, Safello will still be responsible for the processing of your personal data and the processing of data will be regulated via a Data Processing Agreement.
Transfer of personal data to a third country only takes place under the condition that an adequate level of protection exists or that suitable protection measures have been taken.
5. Data security
We take appropriate measures to protect personal data from unauthorized access, alteration or destruction. These measures include the use of secure servers and encryption of sensitive data.
6. Data subjects rights according to GDPR
Under the General Data Protection Regulation (GDPR), data subjects have the following rights in relation to their personal data:
- Receive information about which personal data we process about you (register extract)
- Request correction of incorrect and incomplete information
- Request deletion or restriction of processing, unless Safello has to save the data due to the relationship between you and Safello or due to legislation,
- Object to the processing of personal data based on Safello’s legitimate interest, for example direct marketing and profiling (profiling means that your personal data is analyzed to, for example, give you special offers), or consent.
- Obtain certain personal data in a machine-readable format and, if technically possible, transfer the personal data to another personal data controller (so-called data portability)
7. Data retention
Safello will retain personal data as long as necessary to fulfill the purpose for which it was collected or as required by law.
10. Personal data breach
To get in contact with Safello’s Data Processing Officer, send an e-mail to: or, via mail: Att: DPO, Safello AB, Box 638, 114 11, Stockholm.
If you would like to get in contact with Integritetsskyddsmyndigheten (IMY), please visit www.imy.se/en.