INTRODUCTION

Privacy is core to our DNA, our culture, and our values. We are committed to being as transparent as possible in relation to our processing of your personal data. Periodically, we may update this privacy notice (“Privacy Notice”) to provide you with new features and functions in our service. When we do this, we will take all reasonable measures to inform you of such updates (unless the changes made are non-material or insignificant). If you have any questions regarding our use of your personal data, do not hesitate to contact us by using the contact details provided at the end of this Privacy Notice.

Truid AB, Reg. No. 559299-7216 (“Truid”, “we”, “our” or “us”) collects and processes personal data about you when you use our service. This Privacy Notice sets out which personal data Truid, in its role as data controller, collects about you and for which purposes the personal data is processed.

Please note that most personal data described in this Privacy Notice is encrypted from us, i.e. even if we “process” your personal data, we have procedures in place so that we do not read your data. The encryption key is stored locally on your device and cannot be used by anyone else than you as the holder of the device. The data we read is limited to (i) meta-data which e.g. enables us to review how you use our service, (ii) which categories of data you have uploaded, and (iii) your unique account number, name, phone number, and email address to communicate with you.

This Privacy Notice applies only to the personal data processed by Truid within the scope of our service. Therefore, we recommend that you also read the privacy policies of the other parties who may be involved in the use of our service, such as our partners’ privacy policies.

Throughout this Privacy Notice, the term “processing” is used to cover all activities involving your personal data, including e.g. collecting, handling, storing, sharing, accessing, using, transferring and disposing of your personal data.

“Applicable Data Protection Laws” means all legislation and regulations, including regulations issued by relevant supervisory authorities, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data that from time to time applies to this Privacy Notice, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) as well as laws and regulations supplementing the GDPR.

“Personal data” means any information relating to an identified or identifiable natural person.

Our “partners” means the business partners that use our service to verify your identity.

WHO IS THE DATA CONTROLLER FOR THE PERSONAL DATA?

Truid AB, org. nr. 559299-7216, Kungsgatan 8, c/o KG10, 111 43 Stockholm, is the data controller for the processing of your personal data as described in this Privacy Notice.

FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data from:

• Yourself, which you submit to us in connection with signing up to, and during your use of, our service
• Our partners, in connection with a request from them to confirm your identity based on your phone number.
• Other sources, which, inter alia, may include information from publicly available sources and information from other suppliers to (i) confirm the information that you have provided to us,(ii) update the information we have about you, or (iii) obtain information about you. We will only collect information from these parties based on your consent.
  You can always choose not to provide us with voluntary information. However, some personal data is necessary for us to provide you with the service. Not providing such personal data may prevent us from performing what you expect from us.
  
  

WHY DO WE PROCESS YOUR PERSONAL DATA?

Providing our service

We process your personal data to provide our service to you, including to create and administer your account, provide you with support, information, or other notifications regarding our service, carry out software updates as well as perform other obligations as per the service agreement between you and us.
We will process your personal identity number and/or coordination number as a secure identification of you is crucial for the purpose of providing our service.

Categories of personal data

• Audio-, photo- and video data
• Contact details
• Identity data (including personal identity number/coordination number)
• Log data
• Login details
• User generated information
• Your communication

 

Legal basis
Contract. The processing is necessary to fulfil our contract with you, i.e. what we are obliged to provide under the service agreement between you and us.

Exemption for special categories of data
N/A

Retention period
Your personal data is retained for as long as you are a user of Truid and for a period of 1 month thereafter for the purpose of securely deleting your account or such earlier time upon your request.
We will also delete your account, including your personal data, if you are a so called “inactive user”, i.e. if you have not used our service for a period of 5 years.
Reports and statistics on an aggregated level (i.e. non-personal data) will be retained until further notice.

Secure verification of your information and identity

Truid will process personal data about you for the purpose of ensuring that the person who registered in the mobile application is the same person as the identification document holder. We will capture a photo of your identification document and a selfie of you (which will require access to your mobile device’s camera). We then compare the face geometry extracted from your identification document and selfie, as well as the date of birth from your identification document, to securely verify your identity. This process will involve processing of so called “biometric data”. We will also send you a text message with a verification code to verify that you are the holder of the phone number that you have provided.

During your use of our service, we will also use your mobile device’s native biometric identification when you log in to our mobile application, such as fingerprint or face recognition (e.g. Face ID or Touch ID). This is to continuously verify your identity when using our service and mobile application. We do not, however, processes or have access to any data from this verification process.

We ask for your consent to capture biometric data as this is considered so called “special categories of personal data”. As your identity is crucial for the purpose of providing our service, we may not be able to provide our service, our parts of our service, if you do not consent to our use of this type of data. We will retain your biometric data for as long as you are a user of our service.

We will process your personal identity number and/or coordination number as a secure identification of you is crucial for the purpose of a secure verification of your information and identity.

Categories of personal data

• Audio-,photo- and video data
• Biometric data
• Contact details
• Identity data (including personal identity number/coordination number)
• Passport, ID or visa data

 

Legal basis
Contract. The processing is necessary to fulfil our contract with you, i.e. what we are obliged to provide under the service agreement between you and us.

Exemption for special categories of data
Special categories of personal data are processed only if you have given your explicit consent. You have the right to withdraw your consent at any time, however, this may entail that we no longer can provide you with our service or parts of our service.

Retention period
Your personal data is retained for as long as you are a user of Truid and for a period of 1 month thereafter for the purpose of securely deleting your account or such earlier time upon your request.
We will also delete your account, including your personal data, if you are a so called “inactive user”, i.e. if you have not used our service for a period of 5 years.

 

Improving our service, including compiling statistics about your use of our services

We process your personal data to improve our service by monitoring and analysing your use. The processing activities carried out for this purpose includes (i) sending surveys and requesting other information from you about your opinions on our service to make customer driven improvements, and (ii) analysing how you use our service.
We also anonymise information about your use of our service so that the data no longer qualify as “personal data” and can no longer be attributed to you. We may use this anonymised data for other purposes than specified in this Privacy Notice.

Categories of personal data

• Contact details
• Identity data
• Log data
• User generated information
• Your communication
  
  

Legal basis
Legitimate interest. The processing is necessary to fulfil our legitimate interest of providing you with a better product and experience.

Exemption for special categories of data
Personal data is retained for as long as you area user of Truid and for a period of 1 month thereafter or such earlier time upon your request.

Retention period
Your personal data is retained for 6 months from the “date of creation”, e.g. 6 months from the logging event in question or from the date of your response in relation to surveys. Reports and statistics on an aggregated level (i.e. non-personal data) will be retained until further notice.

Customized advertising and direct marketing

We process your personal data to provide you with personalised marketing content that we believe may be of interest to you. We do this e.g. by using cookies and similar techniques which help us to send you relevant marketing via email and other communications channels, and display relevant advertising on different websites based on e.g. your visits and clicks (interest-based advertising).
You can unsubscribe from our marketing emails at any time by using the unsubscribe link in every email.

Categories of personal data

• Contact details
• Identity data
• User generated information
• Your communication

 

Legal basis
Consent. We may process your personal data for marketing purposes based on your consent. You can withdraw your consent at any time by using the unsubscribe link in every email.

Exemption for special categories of data
N/A

Retention period
Your personal data is retained (i) for as long as you are a user of Truid and for a period of 12 months thereafter, or (ii) during a period of 12 months from when you provided your last consent. Reports and statistics on an aggregated level (i.e. non-personal data) will be retained until further notice.

Manage and protect IT systems and services

To manage and protect our service and related IT systems, e.g. upon logging, trouble-shooting, backup, change and problem management in systems and in connection with potential IT incidents, we process, to the extent necessary, your personal data.

Categories of personal data

• Geographic data
• Identity data
• Log data
• Login details
• User generated information
• Your communication

 

Legal basis
Legitimate interest. The processing is necessary to fulfil our legitimate interest in managing and protecting our services and related IT systems.

Exemption for special categories of data
N/A

Retention period
Personal data in logs are kept for troubleshooting and incident management during a period of 12 months from the date of the logging event.

Conducting investigations, including preventing and counteracting fraud, criminal activities and other violations

Truid will process your personal data for the purpose of conducting investigations at Truid in case of suspected breach of our agreement, guidelines or policies, breach of law, etc. Such investigations may include scanning/monitoring of your activity to make sure our agreement is followed, and to take actions in case of non-compliance. We also process your personal data for the purpose of preventing and detecting fraudulent behavior on our mobile application, such as fraudulent use of our service (including use of fraud accounts).
If necessary, we may process your personal identity number and/or coordination number to conduct our investigations.

Categories of personal data

• Biometric data
• Contact details
• Criminal data
• Geographic data
• Identity data (including personal identity number/coordination number)
• Log data
• Login details
• User generated information

 

Legal basis
Legitimate interest. The processing is necessary to fulfil our legitimate interest to prevent criminal activities in connection with the use of our service or violations of our guidelines, policies, or agreements.

Exemption for special categories of data
In case any data about suspected or actual criminal activities will be handled in connection with an investigation, it will be processed only as necessary to establish, exercise and defend legal claims.

Retention period
Personal data is retained for as long as necessary to establish, exercise and defend legal claims.
Personal data for these purposes is not stored for longer than 10 years from the end of the investigation in question.

Establish, exercise and defend legal claims

For the purpose of establishing, exercising, and defending legal claims (for example in connection with a dispute or legal process) we may process your personal data.
We may process your personal identity number and/or coordination number if we deem this necessary to establish, exercise and defend our legal claims.

Categories of personal data

• Biometric data
• Contact details
• Criminal data
• Geographic data
• Identity data (including personal identity number/coordination number)
• Log data
• Login details
• User generated information
• Your communication
• Any other data that is necessary to fulfil the specified purpose

 

Legal basis
Legitimate interest. The processing is necessary to fulfil our legitimate interest to establish, exercise or defend the legal claim, for example in connection with a dispute or legal process.

Exemption for special categories of data
Special categories of personal data, including criminal data, are only processed to fulfil our legitimate interest in establishing, exercising or defending legal claims.

Retention period
Personal data is retained during the period as necessary to establish, exercise and defend the legal claim.
Personal data for this purpose is not stored for longer than 10 years from the end of the legal process in question.

Fulfil legal obligations

We will process your personal data for the purpose of fulfilling legal obligations within the area of e.g. book-keeping, taxation and requirements under Applicable Data Protection Laws.
We may process your personal identity number and/or coordination number if we deem this necessary to fulfil our legal obligations.

Categories of personal data

• Contact details
• Identity data (including personal identity number/coordination number)

 

Legal basis
Legal obligation. The processing is necessary to fulfil our legal obligations.

Exemption for special categories of data
N/A

Retention period
Personal data is retained for as long as necessary to fulfil the legal obligations that we are subject to. However, no data will be kept for longer than 8 years.

RECIPIENTS THAT WE SHARE PERSONAL DATA WITH

Where necessary, we share your personal data with others. The recipient is the data controller for the processing of your personal data unless we have stated otherwise.

Service providers
To fulfil the purposes of the processing of your personal data, we transfer personal data to external parties such as service providers that we have engaged. These parties provide services within the areas of, inter alia, IT (such as data storage, support and management services) and finance (e.g. book-keeping systems). For research and statistical purposes, we prepare anonymous, aggregate, or generic data for a number of purposes outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with external parties such as our partners, advertisers, industry bodies, media and/or the general public. However, we do apply a restrictive approach to ensure a high level of security and safety.

These external parties will act as data processors of Truid and may only process your personal data in accordance with our instructions and not for their own purposes. Truid is the data controller for the processing of personal data that these external parties carry out on our behalf.

Appropriate safeguards for transfers of personal data outside if the EU/EEA
Truid use suppliers and third-party providers to process personal data in a matter which includes transfer of personal data to countries outside of the EU/EEA area (so called “third countries”). These transfers are a necessary element for the performance of our service.

With these suppliers and partners, Truid has entered data processing agreements including provisions safeguarding such third country transfers with appropriate safety measures.

Transfers of personal data outside of the EU/EEA area will be processed in accordance with Applicable Data Protection Laws, including the GDPR. Such transfers are either relied upon an adequacy decision from the European Commission or legal safeguards through the European Commission’s Standard Contractual Clauses (SSC’s) for transfer of personal data outside of the EU/EEA area and EU-US Data Privacy Framework (DPF) combined with supplementary technological and organisational protection measures including encryption and anonymization/pseudonymization.

Should you have any questions regarding Truid’s transfers of personal data to countries outside the EU/EEA area, please contact us by using the contact details provided at the end of this Privacy Notice. You are entitled to receive a copy of any documentation demonstrating that appropriate safeguards have been taken to protect your personal data during a transfer to a third country.

To learn more about third country transfers, please read here.

CHILDREN’S PRIVACY

Our service is not directed at, marketed to, nor intended for, children under the age of 15 years. Truid does not knowingly collect any information, including personal data, from children under 15 years of age without the permission from a parent or guardian. If you believe that we have accidentally collected personal data from a child under the age of 16, please contact us by using the contact details provided at the end of this Privacy Notice and we will take immediate steps to delete the information.

YOUR RIGHTS

Under Applicable Data Protection Laws, you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary to fulfil your rights. Please submit requests for exercising your rights by contacting us by using the contact details set out below. 

You have, under certain circumstances, the right to exercise the following rights:

Access

You may request confirmation whether personal data about you is processed by us and, if that is the case, access your personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the personal data undergoing processing.

Object to certain processing

You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary to manage or defend legal claims.

Rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you.

Erasure

You may have your personal data erased under certain circumstances, such as when your personal data is no longer needed for the purposes for which it was collected.

Restriction of processing

You may ask us to restrict the processing of your personal data to only comprise storage of your personal data under certain circumstances, such as when the processing is unlawful, but you do not want your personal data erased.

Withdrawal of consent

You have the right to at any time withdraw your consent to processing of personal data to the extent the processing is based on your consent.

Data Portability

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used, and machine-readable format and ask for the information to be transferred to another data controller (where possible).

Click here to read more about the rights that you have in relation to the processing of your personal data.

Complaints to the supervisory authority
In case of complaints regarding Truid’s privacy practices, you have the right to lodge a complaint with the competent supervisory authority. For more information, please visit the relevant authority’s website. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection. You can learn more about how to lodge a complaint with the Swedish Authority for Privacy Protection here.

CONTACT US

If you have any questions or concerns regarding the processing of your personal data, please contact us by using the contact details below.

The data controller for your personaldata is:
Truid AB
c/o KG10
Kungsgatan 8
111 43 Stockholm
Sverige
‍
‍E-mail address:
‍privacy@truid.app

CHANGES TO THIS PRIVACY NOTICE

This notice is subject to change. You will be adequately notified of any changes to this Privacy Notice, unless such changes are non-material or insignificant.
‍This Privacy Notice was last updated: 19th of Jan 2024

DESCRIPTION OF CATEGORIES OF PERSONAL DATA

Please see the table below for detailed information regarding which personal data that we process.