Privacy and data protection
This document describes Gubira Pay AB's privacy and data protection practices and addresses
how we manage and protect the information Gubira Pay AB collects about you when you use
our website, mobile applications or when you provide us with your personal data.
With a strong commitment to preserving your privacy, Gubira Pay AB guarantees that your
personal information, which is requested when utilizing our Service (defined below), will be
handled exclusively according to the guidelines in this document.
We reserve the right to make changes to this text, so please read it often to confirm that you
agree to the updated terms and conditions.
I (First) Who are we?
Gubira Pay AB distinguishes itself as a digital money transfer platform, which allows its users to
send money to friends and family using devices such as computers, tablets or smartphones,
collectively referred to as the "Service".
In this Privacy Policy, the terms "we", "us", "our", "the company" and "Gubira Pay" refer to
Gubira Pay AB, a company incorporated under Swedish law, registered under number 559190-
1318 and with its registered office at Karlbergsvägen 26 T, 113 27 Stockholm, Sweden.
Under the provisions of the General Data Protection Regulation ("GDPR"), Gubira Pay acts as
the "controller" for the processing of your personal data, while you, the customer, are
recognized as the "data subject". This means that Gubira Pay has the right to determine how
and why your personal data is processed and to protect your right to privacy at all times.
II (second) What kind of personal data do we collect?
The type of personal data we collect from you may vary significantly depending on the type of
interaction you have with us and the range of products and services we offer you. When we
refer to terms like "personal information" or "personal data", we are referring to any data or
information that is directly or indirectly linked to an identifiable individual.
For greater clarity and to ensure full transparency, we describe below the different categories
and specific types of personal data that we are entitled to collect in the context of our
activities. This breakdown not only serves to inform you of the data processing methods we
use, but also reflects our commitment to respect and protect your privacy at all stages of our
interaction.
Basic identification data: This includes data such as your full name (and any aliases), address,
email address, telephone number, date of birth, gender, occupation and place of work,
username or social media identifier or any other unique identifier (this includes a customer ID
that we generate to recognize you in our systems).Customer service related data: this refers to information you provide to us when contacting our
customer service or offices, including the content of call recordings (for example, when we
record calls to monitor service quality).
Identity documents or records issued by authorities: This includes information from identity
documents such as driving licenses, passports or national identity documents, including a
photo or selfie of you with such documents, proof of address (utility bills, bank statements) or
documentation showing where the money for your transaction comes from (e.g. bank
statements or proof of income).
Marketing information and communication preferences: Includes your preferences for
receiving marketing materials from us or selected third parties, your communication
preferences and data we obtain from market research, advertising networks or analytics
services that we lawfully collect.
Payment data: contains information about your payment method, such as credit/debit card
details or bank account information.
Promotions and competitions data: Includes your name, email address and other personal data
that you may need to provide when participating in promotions or competitions that we
organize.
Transaction recipient information: includes the full name, address and telephone number of
the recipient of your shipments, details of the destination financial institution or account
details and, in case of dispute, additional information to verify the recipient's identity with the
relevant entity.
Referral Data: Information you give us about friends or acquaintances, such as their name and
email address, to introduce them to our services.
Sensitive personal data: This may include biometric information, such as facial scans or video
recordings for identity verification, in order to protect your account and detect suspicious or
fraudulent activity.
Feedback and survey data: includes information you provide in surveys, reviews, comments
and testimonials, including your name, contact details and other requested personal data.Technical information: This includes information about the hardware and software you use to
access our services, such as network information, your internet service provider, operating
system, browser type, unique device identifiers, IP address and your current geographic
location, which is necessary for some location-based services.
Transaction and Usage Data: Includes your transaction history and records, the purpose of
transfers, relationship with the recipient, average transaction amounts, how often you use our
services, intent to send to multiple recipients, and information about referral rewards, as well
as information about how you interact with our services or websites and your browsing or
search activity.
III (third) Methods of collection of personal information
Our process for collecting personal data involves a variety of methods and is derived from
different sources, allowing us to compile a detailed profile to improve your experience with our
services.
The following are the ways in which we obtain your personal information:
Directly from you:
We receive personal data directly from you at various times, such as when you register for our
service, create a profile, communicate with us (including via online chat), complete surveys,
participate in events, register for sweepstakes, contests, advertising campaigns, write reviews,
or subscribe to our newsletters, SMS or postal mailings.
Automated data collection and third party data collection:
We use advanced tracking technologies, such as cookies, web beacons, and other digital
analytics methods, to automatically collect information when you interact with our websites,
apps, emails, or ads. We also integrate data from external sources, including data analysts,
marketing platforms, social media, security and identity verification providers, and others. This
process helps us to personalize and continuously improve your experience and ensure that the
data we handle is accurate and relevant. More information can be found in our cookie policy.
IV (fourth) Processing and use of your personal data
Our use of your personal data is strictly within the limits of applicable law. Depending on your
country of residence, our right to process your personal data is based on different legal bases,
which are applied in accordance with local regulations, in this case: SWEDEN.
Compliance with laws and regulations
In the context of our business, personal data is processed primarily for the purpose of fulfilling
our legal and regulatory responsibilities. This process includes using such information to
establish, exercise and defend legal claims, as well as to protect ourselves against potential
legal claims.
Security and anti-fraud protectionTo ensure security and prevent fraudulent activities, we use personal data to identify,
investigate and prevent actions that may be harmful, fraudulent, deceptive or illegal. This
includes preventing illegal transactions, detecting attempted violations of our internal rules,
policies and terms of use, as well as managing security incidents and protecting against
damage to the rights and interests of both Gubira Pay AB and our community of users,
customers and employees.
Compliance with current legislation
The processing of your personal data is also focused on compliance with applicable laws and
regulations. This includes, but is not limited to, obligations arising from regulations focusing on
customer due diligence, prevention of money laundering, compliance with sanctions and
compliance with specific rules and guidelines relating to risk assessment, fraud detection and
prevention, combating terrorist financing, as well as compliance with consumer protection and
complaint handling measures. This comprehensive approach to personal data processing
enables us not only to ensure the integrity of our operations but also to reinforce our
commitment to protect and secure the information entrusted to us.
V (fifth) Implementation of contractual agreements
Administration and facilitation of services
In order for you to have effective access to and optimal use of our services, we use your
personal data in a number of important processes. These range from the execution and
administration of your specific transactions, through the support and maintenance of your
account under optimal operating conditions, to the distribution of marketing incentives and
benefits resulting from our referral initiative.
This processing of personal data also includes the
coordination of financial transactions, including, but not limited to, the efficient and secure
processing of payments. This multi-faceted procedure is primarily aimed at empowering your
experience with our services and ensuring a smooth and personalized interaction that
effectively responds to your needs and expectations.
Personalized communication with users
We use the data you provide to establish a direct and personalized line of communication, so
that we can effectively address all your questions, concerns and feedback, as well as to provide
you with technical and customer support customized to your specific needs.
Anchoring in consent and legitimacy
Marketing and promotional strategies:
We use your data to develop and implement marketing and advertising strategies customized
to your interests.
This includes sending messages about promotions and offers through various
channels such as email, text messages and physical mail; displaying personalized advertising on
social media platforms and other websites; and implementing programs to attract new
customers, as well as organizing marketing events such as sweepstakes and contests.
Research, analysis and customized adaptations:
The data we collect is necessary to conduct detailed analytics that help us to continuously
improve our services and offerings. This analytics work helps us understand how you interact
with our digital platforms and our communications, so that we can optimize both the contentand structure of our websites and mobile apps and fine-tune our marketing campaigns.
This approach helps us to personalize your experience, make your interaction with us more
seamless and relevant, and adapt our messages and advertising offers to your online
preferences and behaviours.
Expanded commercial objectives:
Subject to your explicit consent, we are entitled to process your personal data for extended
business purposes that you have requested or that are of interest to you, always ensuring
responsible and secure handling of your data.
VI (Sixth) Processing and sharing of personal data: perspectives and mechanisms
Our Privacy Policy includes a detailed explanation of the various conditions under which the
sharing of your personal information may occur, extending the scope beyond the situations
specifically described in previous sections of this text. A more in-depth and technically richer
discussion of these conditions is provided below:
Integration into the business structure
We may transfer personal data to other companies that are part of our group. This includes our
main entity, as well as any related subsidiaries or affiliates. These affiliated companies may
process your personal data on our behalf to provide services more efficiently, act with your
explicit authorization or in accordance with the requirements and authorizations granted under
applicable law.
Synergies with external partners and service providers
We disclose selected personal data to external partners and suppliers whose services are
essential to support our core business activities and operational infrastructure. These include
financial institutions, such as banks and other entities involved in conducting financial
transactions or providing financial services that you requested, such as payment processors;
bodies responsible for identity authentication or know-your-customer (KYC) compliance; and
third parties responsible for providing the technical infrastructure for our communications,
analyzing user information, supporting and managing user feedback, investigating fraudulent
behavior, conducting market research among our customers, and outsourcing certain customer
service functions.
Strategic partnerships
Your personal data may be shared with third parties with whom we have entered into strategic
alliances for the design and sharing of specific products, services or promotions. In addition,
we may share data with our banking or retail partners in cases where we suspect that our
terms of use have been breached or that fraud has occurred. The handling of your data by
these entities is governed by their own privacy policies.
Interaction through digital platforms and social networks
Our websites contain certain features that work through tools provided by third parties, such
as plug-ins and widgets. This may involve the collection or exchange of data between us and
such third parties. For example, the use of our recommendation function via platforms such as
WhatsApp, Facebook, email or SMS messages. The handling of your information in these
contexts follows guidelines outside our privacy policy.Adjustments to corporate structure and business activities
In case of events such as mergers, acquisitions or any other situation involving a reorganization
or transfer of our business assets, your personal data may be disclosed or shared with parties
involved in these processes.
Legal commitments and legal proceedings
We reserve the right to disclose personal information in response to formal legal requests, such
as subpoenas, court orders, government investigations, or to comply with applicable legal
requirements. Such disclosures are also made to protect our rights or the rights of others, to
resolve disputes, to ensure the safety of our users, to prevent fraud, or to address potential
violations of our policies.
Specific considerations for information exchange
Sometimes we may ask you if you consent to us sharing your information with third parties not
previously identified in this document, in which case we commit to a high level of transparency
and ask for your explicit consent before proceeding.
VII (7th) Handling and sharing of personal data: practices and conditions
Our privacy policy addresses how we handle and share your personal information, and
identifies specific and general circumstances under which such information may be disclosed:
Units within the enterprise group
We may distribute personal data to related entities within our group, including the parent
company and any subsidiaries. These entities may process your data to enable us to provide
services, with your consent or as required by applicable law.
Alliances with service providers
We selectively disclose personal data to third-party providers that support our core business
and operational objectives. This cooperation may include, but is not limited to, financial
institutions for transaction processing, entities for identity verification in accordance with KYC
rules, as well as third parties facilitating digital communication, analysis of customer data,
technical support, fraud monitoring and management of investigations or outsourcing of
customer service.
External cooperation
We may share your personal data with external partners with whom we collaborate to offer
joint products, services or promotions. This sharing also includes situations where we suspect a
breach of our policies or fraud. The handling of your data by these partners is subject to their
own privacy policies.
Interaction with third party platformsWe integrate features on our websites that are provided by third parties, such as plugins or
widgets, which may collect or share data between us and these third parties, such as when you
use our recommendation feature on social networks or messaging services. These interactions
are governed by policies that are not our own.
Transformation of enterprises
In the event of mergers, acquisitions or any other significant change in corporate structure, it is
likely that your personal data will be shared with the parties involved in these processes.
VIII (8th) Legal compliance and protection of rights
We reserve the right to disclose personal information to respond to legal requests, such as
subpoenas or investigations, to comply with applicable laws, to defend our rights or the rights
of others, to protect the safety of our users, to prevent fraud, and to respond to illegal
activities or violations of our policies.
Further considerations on sharing
We may request your consent to share your information with third parties not specifically
mentioned, in which case we commit to full transparency and obtain your prior consent.
Processing of sensitive personal data
We may need your explicit consent to process biometric data for identity verification,
depending on your local privacy laws. We offer options for verification if you choose not to
consent and ensure that such data is only shared with verification providers or in accordance
with applicable laws and court orders.
Automated decisions
We implement automated processes to validate access to and use of our services, including
identity verification and fraud prevention. These automated decisions may affect the
authorization of transactions or access to your account. In case of impact, you can contact
privacydatarequest@gubirapay.com or direct your questions in writing to the following
address: GUBIRA PAY AB, Karlbergsvägen 26 T, 113 27, Stockholm.
IX (9th) Confidentiality
We recognize specific privacy rights under the law in Sweden and are committed to a high
standard of privacy practices for all our customers. This includes the right to access, rectify,
erase or restrict the processing of your personal data under certain conditions, and the
possibility to object to certain processing based on legitimate interests.
How to deactivate direct marketing?You have the option to ask us to stop using your personal data for direct marketing purposes.
This option is available to you at any time and can be done by selecting the "unsubscribe" link
included in our marketing communications. We will respect your request and cease such
communications. If you choose not to receive emails to a particular email address, we will
register this address on an "opt-out" list to respect your decision. You can adjust your
preferences for marketing communications at any time.
In addition, you have the possibility to control how your personal data is used by adjusting your
preferences in your Profile on our Services. Please note that not all communications, especially
those required by law, such as notifications about our services, can be deactivated.
Withdrawal of consent
You have the right to withdraw your consent to the processing of personal data at any time.
Withdrawal of this consent does not jeopardize the lawfulness of previous processing based on
such consent. However, this action may limit our ability to provide you with certain products or
services.
Exercise of the right to data protection
To exercise any of the rights resulting from the data protection rules, we invite you to send a
formal request via the following communication channels:
By e-mail to privacydatarequest@gubirapay.com or by writing to the following address:
GUBIRA PAY AB, Karlbergsvägen 26 T, 113 27, Stockholm. You can also contact us directly
through our helpdesk via mobile, Whatsapp +46767038767 or by phone on 08-4648191.
Procedure for verifying the applicant's identity
In order to process certain requests, it is necessary to carry out an identity check to confirm the
authenticity and origin of the request. This procedure may require us to communicate with
you, either by phone or email, to confirm your identity.
X (Tenth) Methods to protect your personal data
We apply the latest security standards to protect the information you provide to us, including
advanced encryption for sensitive data such as bank account numbers, credit card numbers,
etc. This approach ensures the security of your data when it is transmitted through our website
or mobile application. It is important that users use secure login credentials to access their
information on our platforms.
It is your responsibility to keep your credentials confidential, including by taking precautions
against unauthorized fingerprint enrollment on devices that allow biometric access, such as
Apple Touch ID. This prevents unauthorized access and potential liability for third party actions.
Although we make every effort to protect your data, we cannot guarantee the complete
security of electronic transmission and storage. Any transfer of personal data is at your own
risk. If you have any questions or concerns about security, please contact us.
XI (Eleventh) Personal data retention period and policy updates
We keep your personal data for the period strictly necessary to achieve the purposes for which
it was collected, taking into account legal and regulatory requirements. The length of retentionis determined by criteria such as legal obligations, the nature and sensitivity of the data, the
risk of unauthorized disclosure and whether the purposes can be achieved by other means. As
a regulated entity, some personal and transactional data is retained for at least seven years
after the end of our contractual relationship, in accordance with legal requirements.
Policy updates
Our policy may change at any time by publishing the revised version on our website and app.
Please review the policy regularly, especially before making transactions. If you do not agree to
the changes, you can end your relationship with us by closing your profile via email.
XII (Twelfth) Interaction with external services and third-party policies
Our service uses features of Google Maps and its APIs, which are subject to the Google Terms
of Service and Privacy Policy, which you agree to by using our website and services. These
terms may be updated from time to time.
In addition, we provide links to external websites whose privacy practices differ from ours. The
information you share with these sites will be governed by their own policies, so we do not
take responsibility for their data handling practices. It is important that you read their privacy
policies before providing personal data to them.
This policy does not cover the privacy practices of third parties linked to our service, such as
mobile operators or other users. For detailed information on their policies, we recommend
that you contact them directly before sharing personal information.
XIII (thirteenth) Policy on the prohibition of the use of minors.
We ask children under the age of 18, who in this context are considered children and
adolescents, not to use our Services or provide us with personal data. Children under 18 are
not authorized to use our Services and we will close any profile created by someone of this age
if we become aware of it.
XIV (14th) Preparation and translation of the privacy policy
This Privacy Policy has been originally and mainly drafted in Swedish, with the possibility of
being interpreted and adapted to other languages for global understanding. It is important to
recognize that in situations of discrepancies or inconsistencies that may arise between the
original Swedish version and its translations into other languages, the Swedish version shall be
considered the final and prevailing version to resolve any conflicts or problems regarding the
content or interpretation of this policy.
XV (fifteenth) Consultations, comments and complaints
If you have any questions, comments or if you wish to submit a request regarding the practices
or procedures described in our privacy policy, we invite you to communicate with us. We are
committed to providing the highest level of transparency and openness in all our activities andin the handling of personal data, ensuring that your privacy is respected and protected at all
times.
If you experience any inconvenience with the Service or if the solution offered by our support
team does not meet your expectations, you have the possibility to send your complaint directly
to this e-mail address: complaints.officer@gubirapay.com.