Privacy Policy

Privacy Policy

Tact Finance AB Privacy Policy Principles

Data protection

We act as a data controller, so we are committed to protect the rights and privacy of our customers and ensure the security of their personal data. This Privacy Policy describes how we collect, use, store and protect personal data.

By using our website, services and products, and by contacting us, you give consent to the collection, processing and disclosure of your personal data in accordance with this Privacy Policy.

Why do we collect your personal data?

Data must be collected in order to provide our customers with high-quality services and to pursue the activities in accordance with the requirements established by laws. We use the collected data to develop our business, develop the products and keep in touch with our customers.

What kind of data do we collect?

Personal data is primarily collected directly from our customers. These data includes information such as your name and surname, personal number and residential address. Moreover, we collect information about your use of our products and services. On the other hand, we also need additional information that we use to supplement the primary information because we want to ensure that it is accurate and up-to-date.

Who are the recipients of personal data?

We do not usually disclose personal data, but in some cases, it may be disclosed to our service providers as we seek to provide better services to our customers, make more informed credit decisions and act as required by the laws of the Kingdom of Sweden.

What are your rights related to personal data?

Our customers always have the right to access, review and update any personal data we collect, which may be inaccurate or out of date, as well as to request the deletion of personal data that is not necessary for processing, or to prohibit or revoke direct marketing, marketing research or surveys.

Use of an automated decision-making system

Tact Finance AB credit decisions are based on an automated decision-making process. Our customers have the right to demand that credit decisions be made to them manually, thus enabling them to express their opinion or challenge automated decisions when such decisions have legal or other consequences.

More details are provided in the Privacy Policy below.



1.Tact Finance AB, business number556796-8077, office address: The Park Hälsingegatan 49, 113 31 Stockholm (hereinafter referred to as the Company), respecting your privacy and personal data, undertakes to protect your right to the lawful processing and protection of your personal data. This Privacy Policy (hereinafter referred to as the Policy) provides detailed information about the processing of your personal data or any other data we may collect about you.

2 Your personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the Regulation), The Data Protection Act (2018:218), The Money Laundering and Terrorist Financing Prevention Act (2017:630), other legal acts and documents regulating the protection of personal data.


3.Personal Data shall mean any information related to a natural person - a data subject, who is or may be identified, directly or indirectly, in particular by an identifier such as name and surname, personal identification number, location and internet identifier or by one or more physical, physiological, genetic, mental, economic, cultural or social identity characteristics of that natural person.

4.Data Subject shall mean a person (you), whose personal data the Company processes or intends to process for the specified purposes and means.

5.Customer shall mean a person who has applied to the Company for financial services, as well as his or her spouse; or (ii) a person with whom the Company has entered into an agreement for the provision of relevant financial services;

6.Other definitions used in the Policy shall be understood as they are defined in the legal acts of the Kingdom of Sweden and the European Union.


7.The Company processes your personal data for the following purposes:

7.1 Personal identification;

7.2 Creditworthiness and risk assessment;

7.3 Direct marketing;

7.4 Implementation of consumer credit agreement;

7.5 To ensure fulfilment of obligations, as determined by the legal acts;

7.6 To perform debt management;

7.7 To protect legitimate interests of the Company;

7.8 The creation and development of financial services and improvement of service quality;

8.Your personal data may be processed in the Company on the following grounds:

8.1 Personal Consent. You have given consent to the processing of your Personal Data for the purposes set out in Section III of this Policy or for some of these purposes.

8.2 Credit Agreement. The processing of your personal data is necessary to ensure the execution of the credit agreement to which you are a party or so that we could take actions upon receipt of your application for a credit agreement.

8.3 Legal obligation. The processing of your personal data is necessary in order for us to fulfil the requirements of the legal acts of the European Union and the Kingdom of Sweden applicable to the Company.

8.4 Legitimate Interests. Data processing is necessary to protect your interests and the interests of the Company.


9.The Company collects the following personal data for the purposes specified in Section III of this Policy:

9.1 Data about the person (name, surname, the date of birth, personal number, position, profession, education).

9.2 Data related to the person identification (copy of identification document, date and method of identification, IP address from which you applied for identification, video record and date of video record or photo).

9.3 Personal contact details (telephone number, declared and actual place of residence (address), e-mail address).

9.4 Data on marital status (marital status, number of minor age children).

9.5 Data related to payments (bank account and (or) payment card numbers, unique text of the payment purpose, payment type, payment date, payment document number, unique transaction archive number, customer code in the payee’s information system, currency equivalent).

9.6 Data related to creditworthiness assessment and debt administration (your income and income of your family, type of income, financial liabilities to financial institutions or other persons, credit rating, information on delays in fulfilling existing or past financial liabilities, credit history, information on current and former employers, recruitment and dismissals, business or individual activities, received and assigned permanent and single social benefits, circumstances that may affect your economic or financial situation or ability to repay or pay the loan, other significant circumstances related to your financial situation or ability to properly meet obligations).

9.7 Information on whether you are / are not included in the Inactive and a register of persons with limited factors, information on whether you are / are not included in the list maintained by the Supervisory Authority of persons for whom applications have been submitted to prevent them from concluding consumer credit agreements). 9.8 Customer’s website behavioural and usage information. This includes monitoring a person's online behaviour and use of the Services. This is done by using cookies and other tracking technologies. The information collected consists of, for example, the actions taken by a person on the site.


10.Your personal data are collected from the following sources:

10.1 Data received directly from you;

10.2 Credit institutions;

10.3 The credit information register of Bisnode Sverige AB;

10.4 Official registers to the extent permitted by law;

10.5 Supervisory authorities;

10.6 Independent credit intermediation companies;

10.7 From other Third Party registers and information systems, when the Customer's personal data is processed in accordance with the requirements of legal acts.


11.Your personal data will be disclosed to other parties to the extent necessary for the purposes set out in Section III of this Policy.

12.The Company may transfer your personal data specified in Section IV of this Policy to the following entities:

12.1 Other companies that at that time referred to the same group of companies as the Company.

12.2 Persons involved in concluding, amending and enforcing a consumer credit agreement or any other agreement (for example, persons providing translation, communication, printing, postal and payment services, as well as financial institutions, notaries, guarantors, companies providing accounting or IT services).

12.3 Banks, credit and financial institutions that provide financial services.

12.4 The new creditor, in cases of assignment of claim rights.

12.5 Third parties to whom the Lender has pledged its claims to the Customer arising from the concluded agreement with the Customer.

12.6 Third parties involved in safeguarding the Lender's legitimate interests (such as the debt collection service provider).

12.7 Third parties involved in performance of the Lender's duties under the law (for example, investigative bodies, notaries, tax administrators, Swedish Authority for Privacy Protection (IMY), the police).

12.8 Third parties who need personal data to ensure execution of the Consumer Credit Agreement concluded with the Customer.

12.9 Investors and potential investors of the Lender, provided that these persons ensure confidentiality and protection of personal data.

12.10 Swedish and foreign credit and financial institutions or intermediaries upon their application to the Lender, when these persons seek to provide services requested by the Customer, financial advisers, lawyers, auditors and other service providers of the Lender, provided that these persons ensure confidentiality and protection of personal data.

13.In some cases, your personal data may be transferred outside the European Economic Area. Such transfers can only take place on a legal basis.


14.The Company shall store personal data for no longer than required for the purposes of data processing. When personal data are not needed, they are destroyed or depersonalized, except for those that must be stored or transferred to the state archives in cases prescribed by law.

15.Your personal data is processed for the duration of the contractual relationship. Upon termination of a business relationship, the data shall be deleted in 10 years after the date of the provision of the financial services and the end of the business relationship. If you have not fulfilled your obligations to the Company under the credit agreement, it is considered that the business relationship with you has not ended.

16.If you do not enter into a credit agreement with the Company, your personal data will be deleted in 24 months from the date of receipt of the credit application.

17.Upon termination of the contractual relationship, the Company and other companies that at that time referred to the same group of companies may process your personal data for direct marketing purposes in accordance with applicable law.


18.In accordance with the procedure set out in the Policy you have the right to:

18.1 Know (be informed) about the processing of your personal data;

18.2 Get acquainted with your personal data processed and how they are processed;

18.3 Demand the rectification, erasure of your personal data (right to be forgotten) or restrict the processing of your personal data;

18.4 Receive your processed personal data in a systematized computer-readable format (right to data portability);

18.5 Disagree with processing of your personal data;

18.6 Require that you are not subject to a solution based solely on automated data processing, including profiling (with the exceptions provided for).

19.Without your identification, the Company may not provide personal data about you or related information.

20.You have the right to receive confirmation from the Company whether personal data related to you are being processed, and if such personal data is being processed, you have the right to access the personal data.

21.You have the right to demand that the Company immediately correct inaccurate personal data related to you. Depending on the purposes for which the data were processed, you have the right to request that incomplete personal data be supplemented. 22.You have the right to request that the Company immediately delete personal data related to you if:

22.1 Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

22.2 You revoke the consent on which the processing of your personal data is based and there is no other legal basis for the processing of the data;

22.3 You disagreed with processing of data when the processing is carried out on the basis of consent, and there are no overriding legitimate reasons to process the data;

22.4 You disagreed with processing of data for direct marketing purposes;

22.5 Your personal data has been processed illegally;

23.Personal data must be deleted in accordance with the requirements of legal acts of the Kingdom of Sweden and the European Union.

24.Your request to delete personal data, including the Company’s obligation to inform data controllers to delete such data, does not apply when the processing of the data is necessary in at least one of the following cases:

24.1 To exercise the right to freedom of expression and information;

24.2 In order to comply with the legal acts of the European Union or the Kingdom of Sweden, which apply to the data controller, legal obligations have been established, which require the processing of data;

24.3 For statistical purposes, in accordance with Article 89 (1) of the Regulation, if your right (to be forgotten) may make it impossible or significantly impede the achievement of the purposes of that processing;

24.4 To make, enforce, or defend legal claims.

25.You have the right to request that the Company restrict the processing of your data in one of the following cases:

25.1 You dispute the accuracy of the data for a period during which the Company may verify the accuracy of the personal data;

25.2 The processing of personal data is illegal and you disagree with the deletion of the data and instead ask for a restriction on their use;

25.3 The Company no longer needs personal data for processing purposes, but they are needed by the data subject to make, enforce or defend legal claims;

25.4 You disagreed with the processing of the data until it has been verified that the Company’s legitimate reasons outweigh your reasons.

26.When personal data is processed for direct marketing purposes, you have the right, without giving reasons or motives, at any time to object to the processing of personal data related to you for such marketing purposes, including profiling insofar as it relates to such direct marketing.

27.Requests to the exercise the above rights may be made in writing.


28.The Company has the right to process your personal data for the purposes and on the legal basis specified in Section III of this Policy.

29.The Company has the right not to consider your application to enter into a credit agreement or to refuse to enter into a credit agreement if your personal data required for concluding a credit agreement has not been provided.

30,The Company and other companies that at that time refer to the same group of companies and their business partners have the right to use and disclose your personal data if permitted or required by the legislation of the Kingdom of Sweden and the European Union.

31.The Company has the right to record telephone conversations between you and its employees and to use these records to check the quality of customer service and to train customer service personnel.


32.The Company collects, manages and analyses information related to the use of its website.

33.The Company uses cookies and similar technologies in order to provide you with high-quality services, ensure security in the electronic space, implement marketing, perform analysis of the use of the website and offer you the most interesting content of the website.

34.In the browser settings you can choose whether to accept the use of cookies. If you do not agree to the use of cookies, you can still use the website, but the choice may limit the functionality of the website and services.

35.More details about cookies can be found on the website of the Company.


36.If you have any questions regarding the processing of personal data, you can contact the Company by email:, by tel. +46 (0) 8 4650 1931 or by letter: Data Protection Officer, c/o The Park, Hälsingegatan 49, 113 31 Stockholm.

37.The law of the Kingdom of Sweden shall apply to the implementation and interpretation of the provisions of this Policy.

38.This Policy does not constitute an agreement between the Company and you regarding the processing of personal data of the user. Under this Policy, the Company informs you about the principles of processing your personal data in the Company, therefore the Company has the right to unilaterally change and (or) supplement this Policy at any time.

39.Changes and (or) supplements to the Policy shall take effect after their publication on the Company’s website

40.If any provision of this Policy becomes or is declared null and void, the remaining provisions will remain in full force and effect.