Privacy Notice
Privacy Notice

1. Who is responsible for your Personal Data?

This privacy notice (“Privacy Notice”) applies when Gigapay Sweden AB (Corp. ID. No. 559070-3616), Box 3181, 103 63 Stockholm, Sweden (”Gigapay” also referred to as “we”) provides the service (“Service”) described in our Terms and Conditions - International Payouts and Terms and Conditions - Swedish Payouts (“Terms and Conditions”).The Purpose of the Service is to facilitate the administration and payment of Independent Contractors (“User”) who provide services in the creator economy (“Assignments”) for external principals (“Client”) in an international setting. The Client, the User, or an employee/representative of the User or Client may use the Service.

Data Subjects will need to share data about themselves (“Personal Data”) to claim a payment or use the Service. During the use of the Service, several parties may be involved. This Privacy Notice only applies to the processing performed by Gigapay in its capacity as a data controller. Therefore, we recommend that you also read the privacy policies of the other parties who may be involved in the use of the Service, for example, the Client may in certain cases process the User’s Personal Data beforehand and share it with Gigapay prior to the User’s onboarding in the Service.Gigapay is the data controller for Gigapay’s processing of the User’s and Client’s (“Data Subjects”) Personal Data and is responsible for ensuring that the processing takes place in accordance with the applicable EU Data Protection Regulation (“GDPR”).

‍

2. Contact details

Data Subjects may submit inquiries regarding Personal Data protection, privacy and security matters to security@gigapay.se, +46 (0) 79 104 29 29. Please write GDPR - DPO in the subject line for a quicker response and describe your case.This Privacy Notice is designed to explain how your Personal Data is processed following applicable legislation. To use the Service, you must, in addition to the requirements outlined in the Terms and Conditions, accept this Privacy Notice.Please do not hesitate to contact Gigapay if you have any questions about this Privacy Notice, the processing of your personal information, or if you would like an extract from the registry.

‍

3. How is Gigapay processing your Personal Data

Gigapay will process your Personal Data for the following purposes and legal reasons.

Purpose of the processing	Legal basis for processing	Categories of Personal Data	When the purpose of using the Personal Data ends.
For the Service in general - Swedish payouts The Service provided by Gigapay as merchant of record and an employer of record (Swedish: egenanställningsföretag), includes (i) administrative support for the Client and the User; (ii) the handling of billing; (iii) a compliance engine enabling the onboarding of the User; (iv) offering various payout solutions to the User; (v) salary payments and short term employment (“särskild visstidsanställning” in Swedish) for Swedish Users using the merchant of record Service; (vi) and reporting to the relevant tax authority, when applicable.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in processing certain Personal Data to allow Gigapay to provide the Service to the User and Client.	User: Name; Legal name; Personal number; Coordination number; Social media handle; Gender; Date of birth; Address; Email address; Bank account number; Credit and debit card details (card number, expiry date and CVV code); Bank name; Phone number; Details on income; ID documents; residence permit (Swedish: uppehållstillstånd); LMA card (Swedish: LMA-kort); Medical certificate; Nationality; SINK tax document; tax information and other documents; VAT number; Company registration number; IP-number; Information about your contacts with Gigapay’s customer service - Chat conversations and email correspondence; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions; Other information related to the employment of the User, such as contracts, termination of contract, scheduling, accidents, etc. Client: Administrator name; Administrator email; Phone number; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions; Bank account number; Credit and debit card details (card number, expiry date, and CVV code); Bank name.	One (1) year after the User or Client stops using the Service or when they request the deletion of their Service account. Please note that the deletion of the Service account may not coincide with the deletion of the Personal Data tied to the Service account. Gigapay may need to keep the data for a longer period. Please refer to Section 4 on the retention period for more information. Contact Gigapay for information (Section 2).
For the Service in general - International payouts The Service provided by Gigapay includes (i) administrative support for the Client and the User; (ii) the handling of billing; (iii) a compliance engine enabling the onboarding of the User; (iv) offering various payout solutions to the User; (v) and reporting to the relevant tax authority, when applicable.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in processing certain Personal Data to allow Gigapay to provide the Service to the User and Client.	User: Name; Legal name; Date of birth; Address; Email address; Social media handle; Gender; Bank account number; Credit and debit card details (card number, expiry date and CVV code); Bank name; Phone number; Details on income; ID documents; Nationality; Country of work; A1 certificate; Influencer Licence; Tax information and other documents; Electricity bills; VAT number; Taxpayer identification number (“TIN”); Company registration number; Information about your contacts with Gigapay’s customer service - Chat conversations and email correspondence; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions; IP-number; other information that may be requested by Gigapay during an audit. Client: Administrator name; Administrator email; Phone number; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions; Bank account number; Credit and debit card details (card number, expiry date, and CVV code); Bank name.	One (1) year after the User or Client stops using the Service or when they request the deletion of their Service account. Please note that the deletion of the Service account may not coincide with the deletion of the Personal Data tied to the Service account. Gigapay may need to keep the data for a longer period. Please refer to Section 4 on the retention period for more information. Contact Gigapay for information (Section 2).
Report and/or store Personal Data for legal requirements Fulfilling statutory requirements as an employer of record and merchant of record. Depending on the User’s status, Gigapay may be required to report Personal Data tied to the employment relationship and the compensations paid out through the Service to e.g. the Swedish tax authority (Swedish: Skatteverket), foreign tax authorities, the Swedish migration office (Swedish: Migrationsverket), the Swedish social insurance authority (Swedish: Försäkringskassan) and the Swedish enforcement agency (Swedish: Kronofogden).	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in processing certain Personal Data to allow Gigapay to fulfill its responsibilities as a merchant of record and employer of record.	Name; Personal number; Date of birth; Address; Country of residence; Nationality; Gender; Email address; Bank account number; Credit and debit card details (card number, expiry date and CVV code); Bank name; Phone number; Details on income; ID documents; SINK tax document; A1 certificate; tax information and other documents; VAT number; TIN; Company registration number, information relating to a work accident, residence permit (Swedish: uppehållstillstånd); LMA card (Swedish: LMA-kort); Medical certificate; Information about your contacts with Gigapay’s customer service - Chat conversations and email correspondence; Social media handle.	One (1) year after the User or Client stops using the Service or when they request the deletion of their Service account. Please note that the deletion of the Service account may not coincide with the deletion of the Personal Data tied to the Service account. Gigapay may need to keep the data for a longer period. Please refer to Section 4 on the retention period and Section 5 describing who we share your Personal Data with for more information. Contact Gigapay for information (Section 2).

Purpose of the processing	Legal basis for processing	Categories of Personal Data	When the purpose of using the Personal Data ends.
Share Personal Data To share your Personal Data with the categories of recipients described in Section 5.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in sharing certain Personal Data with third parties such as banks, Clients, service providers, and different authorities. We ensure that the processing this entails is necessary to achieve the purpose of the processing, that the information shared is limited to what is necessary, and that our interest outweighs your right not to have your data processed for this purpose.	The Personal Data varies depending on the recipient of the Personal Data. The Personal Data shared may include any Personal Data defined in this Section 3.	One (1) year after the User or Client stops using the Service or when they request the deletion of their Service account. Please note that the deletion of the Service account may not coincide with the deletion of the Personal Data tied to the Service account. Gigapay may need to keep the data for a longer period. Please refer to Section 4 on the retention period and Section 5 describing who we share your Personal Data with for more information. Contact Gigapay for information (Section 2).
For marketing After obtaining your consent. We may use your Personal Data to generate and send ads, newsletters, notifications, information, surveys, and invitations through multiple communication channels. Ads, promotions, and other direct marketing communication may be distributed through email, SMS, phone calls, or postal mail as well as displayed in your mobile app, social media channels, or web browser.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in being able to perform the Personal Data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.	Name; Address; Email address; Phone number; IP number; Social media handle.	Targeted marketing is done after obtaining your consent. You can remove your consent at any time by clicking on “Unsubscribe” in any of our newsletters, by updating your settings on your page, or by contacting us on the contact form. Contact Gigapay for information (Section 2).
For business development, market, statistics, reports, performance analysis, economic analysis, Client analysis, and User analysis Enable business follow-ups, market, User analysis, Client analysis, market research, and developing businesses and methods via regular mail, email, phone call, SMS, or in the Service. Gigapay always tries, if possible, to anonymize the data for these purposes. If the data is anonymized, no Personal Data processing is performed.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in performing data analysis for product development and testing purposes. We ensure that the processing this entails is necessary to achieve the purpose of the processing, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, our Users and Clients benefit from the processing because it helps us deliver a good Service.	Name; Address; Social media handle; Email address; Phone number; Social media handle; IP number; Country of residence; Gender; Nationality; information regarding the choice of payment method; information on your use of the Service; Device information; Information about your contacts with Gigapay’s customer service - Chat conversations and email correspondence; response time for web pages; download errors and date; time when you used the Service; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions; Browser version, language, time zone and settings, operating system, platform and similar information about your device settings; Information about the User’s and Client’s use of the Service (usage history, personal preferences).	This processing takes place for the entire period during which Gigapay must retain the information in its systems, for example, to perform the Service or to comply with applicable law. Please refer to Section 4 on the retention period. Contact Gigapay for information (Section 2).
Legal rights and legal claims The processing is necessary to protect Gigapay from legal claims and safeguard Gigapay’s legal rights.	The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gigapay has determined that we have a legitimate interest in processing certain Personal Data to protect Gigapay from legal claims and safeguard Gigapay’s legal rights.	Name; Legal name; Address; Email address; Phone number; IP number; TIN; Gender; Personal number; Coordination number; Country of residence; Nationality; ID document (if available); Information about your contacts with Gigapay’s customer service - Chat conversations and email correspondence; Credit and debit card details (card number, expiry date, and CVV code); Bank name; Name; TIN; Personal number; Address; Citizenship; Country of work; Social media handle; Your contacts between User and Client; Information about how the User and Client are interacting together such as messages, description of campaigns paid out through the Service and other interactions.	One (1) year after the User or Client stops using the Service or when they request the deletion of their Service account. Please note that the deletion of the Service account may not coincide with the deletion of the Personal Data tied to the Service account. Gigapay may need to keep the data for a longer period. Please refer to Section 4 on the retention period for more information. Contact Gigapay for information (Section 2).

Please read Section 8 for more information on our obligations and right to retain information according to law.

‍

4. Retention Period

Your Personal Data is stored as long as is needed to fulfill the objectives that require the data to be collected in accordance with this Privacy Notice and to comply with laws and regulatory requirements. The retention period for your Personal Data depends on the purposes for which Gigapay is collecting and using the Personal Data.

You may cancel the use of the Service at any time. Gigapay does not retain your Personal Data after you have canceled the use of the Service according to this Section, unless it is required by law or to protect Gigapay’s legitimate interests, for example, in case of a legal proceeding.

Personal Data requested from Users using the employer of record Service is usually stored for ten (10) years. Some Personal Data, such as employment contracts, may be stored until the User’s pension age.

Personal Data requested for the use of the merchant of record Service (both in Sweden and internationally) is usually stored for seven (7) years due to Swedish bookkeeping laws.

If you have created a Service account, but have never used the Service to receive compensation, you may request Gigapay to delete your data earlier. In that case, your Personal Data will be deleted as soon as possible. We aim to delete your Personal Data within one (1) week in this particular case.

‍

5. Who do we share your Personal Data with?

You are entitled to object to us sharing your Personal Data, for reasons connected to personal circumstances. However, We may not always be able to respect your objection, depending on the case at hand. We share your Personal Data as follows:

5.1 Clients and Users

In some cases, Gigapay is required to disclose Personal Data about the User to the Client. The Client needs, from time to time, to access and process the Personal Data of the User who undertakes assignments on its behalf. The Client signs a Data Processing Agreement when starting to use the Service and is required to ensure the security of Personal Data at all times.

In some rare cases, Gigapay may disclose Personal Data about the Client to the User. This may for example happen if the User needs the Client’s contact information for a matter that is outside the scope of Gigapay’s Service.

Gigapay has a legitimate interest in sharing your Personal Data with the Client or the User. The processing is necessary (Article 6(1)(f) GDPR) for Gigapay to enter into and fulfill our contractual obligations with the Client and to ensure that the Service is functioning properly.

5.2 Payment Service Providers, other suppliers, and subcontractors

Gigapay partners with payment Service providers (“PSP”) to collect payments from Clients, and transfer such payments to the Users. The payment services connected to payouts and pay-ins are all performed by Gigapay’s PSP partners.

Apart from Gigapay’s PSP partners, Gigapay also works with suppliers and subcontractors. Examples of such suppliers and subcontractors are software and data storage providers, software, and external consultants.

Gigapay has a legitimate interest in sharing your Personal Data with the PSP, supplier, or subcontractor. The processing is necessary (Article 6(1)(f) GDPR) for Gigapay to access these services and functionality. We ensure that the processing this entails is necessary to pursue that interest and that our interest outweighs your right not to have your information processed for this purpose.

5.3 Tax authorities and other competent authorities

Depending on the User’s status, Gigapay may be required to report the employment relationship and the compensations paid out through the Service to e.g. the Swedish tax authority, a foreign tax authority, migration office, social insurance authority, and enforcement agency.

In addition, Gigapay may provide necessary information to authorities such as the police, government authorities, or other authorities and courts of law.

Personal Data is shared with the relevant authority when required by law, or in some cases if you have asked Gigapay to do so. An example of a legal obligation to provide information is tax reporting as required by DAC7 (Directive (EU) 2021/514). Depending on the relevant authority and purpose of sharing, the legal bases are the obligation to comply with the law, to fulfill the agreement with you, or Gigapay’s legitimate interest in protecting itself from crime (Article 6(1)(b), Article 6(1)(c), Article 6(1)(f) GDPR).

5.4 Gigapay Group

Gigapay may share your Personal Data with companies in the Gigapay Group.

This is required for Gigapay to be able to provide you with services and functionality. Gigapay has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) GDPR).

5.5 Third parties

Gigapay may share your Personal Data in other cases where you have given your consent to share it or when we are otherwise legally entitled to do so.

Gigapay may disclose your Personal Data with other parties in connection with corporate transactions (i.a. mergers, joint ventures, assignments, spin-offs, acquisitions, reorganizations, transfers, or sale or disposition of all or any portion of Gigapay’s business, including bankruptcy or similar proceedings).

Gigapay has a legitimate interest in sharing your Personal Data with a third party if you have given your consent or if Gigapay is entitled to do so. The processing is necessary (Article 6(1)(f) GDPR) for Gigapay to enter into and fulfill our contractual obligations with the User or Client and to ensure that the Service is functioning properly. We ensure that the processing this entails is necessary to pursue that interest and that our interest outweighs your right not to have your information processed for this purpose.

‍

6. Transfer of Personal Data to third countries

Gigapay will not store or process your Personal Data in any country outside the EU/EEA.

However, recipients of your Personal Data, as defined in Section 5, may move, store, transfer, or otherwise process your Personal Data outside of the EU/EEA, provided such transfer meets the requirements and undertakings that follow from the General Data Protection Regulation. Countries outside of the EU/EEA may have different legislation that allows authorities to request access to Personal Data stored in the country to e.g. combat crime. Regardless of whether Gigapay or any of the parties described in Section 5 process your Personal Data, we will ensure that a high level of protection is guaranteed when transferring that data and that appropriate protection measures have been taken, following applicable data protection requirements (such as the GDPR). Such appropriate safeguards include but are not limited to (i) signing a Data Processing Agreement; (ii) signing agreements with standard contractual clauses for the protection of your Personal Data; (iii) verifying the terms and conditions of the supplier; and (iv) limiting the Personal Data shared with the recipient.

‍

7. Your rights as a Data Subject

Gigapay, in its capacity as the data controller, is responsible for ensuring that your Personal Data is processed in accordance with applicable law.

You have the right to object to the processing of your Personal Data based on legitimate interest, regarding personal circumstances. You can see for which purposes we process your data based on legitimate interest in sections 3 and 5.

Gigapay will, at your request or on your own initiative, correct, de-identify, delete, or complete information that is determined to be incorrect, incomplete, or misleading. You have the right to require from Gigapay access, correction, or deletion of your Personal Data (for example, if deletion is required according to applicable legislation), request restrictions on continued processing of your Personal Data as well as the right to object to the processing (for example, if you question whether the Personal Data is correct or if the processing is legal).

You are entitled to data portability, in other words, the right under certain circumstances to receive and transfer your Personal Data to another data controller in a structured, generally usable, and machine-readable format.

Where Gigapay is processing your Personal Data based on your consent or explicit consent (e.g. for marketing), you have the right to revoke that consent at any time. When you revoke your consent, Gigapay will stop processing your data for such purposes.

Once per calendar year, you are entitled to obtain an extract from the registry from Gigapay, free of charge with a signed, written request, indicating which Personal Data about you has been recorded, the purposes of processing the data, and the recipients who have received the data or will receive the data.

You are also entitled to receive information in the extract from the registry regarding where the data was collected if the Personal Data was not collected from you directly, the occurrence of automated decision-making (including profiling) as well as the anticipated period during which the data will be stored or the criteria that are used to determine this period.

If you have complaints about how Gigapay is processing your Personal Data, you may, at any time, complain to the Swedish supervisory authority (Swedish: Integritetsskyddsmyndigheten).

‍

8. Protection of your Personal Data

You should always feel secure when providing Personal Data to us. Therefore, Gigapay has taken the necessary safety precautions to protect your Personal Data regarding unauthorized access, modification, and deletion. However, please note that Gigapay disclaims any responsibility for or liability related to the security of any information that you are sending to us. There is a risk that such data may be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards. Also, we cannot guarantee the security of your Personal Data from unauthorized access or use, hardware or software failure, or other circumstances beyond our control.

‍

9. Cookies

We use cookies to personalize content and ads, to provide social media features, and to analyze our traffic. We also share information about your use of our site with our social media, advertising, and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

For more information see our Cookies Policy.

‍

10. Changes to this Privacy Notice

Gigapay has the right to modify this Privacy Notice at any time. Gigapay will provide reasonable advance warning of changes to the Privacy Notice. The new Privacy Notice shall automatically commence thirty (30) days after they have been published in the Service or otherwise approved by you. By visiting or using the Service, you acknowledge that such changes may occur and that you are responsible for keeping up to date on any changes. If you do not approve of the modified terms, you have the right to cancel the agreement with Gigapay before the modified Privacy Notice takes effect.

‍

Last updated: Apr 8, 2024