Privacy Policy

General Privacy Notice – LOOMIS–PAY®

We, at Loomis Digital Solutions AB (”LOOMIS–PAY®”) value your privacy. It is important for us that you feel safe and well-informed when you or your company use our products and services. Therefore, this privacy notice outlines how we process your personal data, and you are welcome to reach out to us if you have any questions in this regard.

Who controls your personal data?

LOOMIS–PAY® is registered with the Swedish Companies Registration Office under company registration number 556191–0679 with its registered office located at Drottninggatan 82, 111 36 Stockholm. The company processes personal data in its capacity as data controller in accordance with the General Data Protection Regulation (”GDPR”) for the processing of personal data as described in this notice. LOOMIS–PAY® have appointed a Data Protection Officer whom you can contact if you have any questions regarding how we process your personal data.

You can contact our data protection officer (“DPO”) by sending an e-mail to and state ”To the DPO” in the subject line.

Categories of personal data

The personal data that we collect or create is categorized as follows:

· Contact and identification details

Name, date of birth, social security number, title, occupation, gender, billing and shipping addresses, email address, cellphone number, nationality, age, income etc.

· Information regarding products or services

Details regarding the products or services which you have bought or ordered. E.g. type of product or delivery tracking number.

· Payment information

Credit and debit card details (card number, date of expiration and CVV code), bank account number, name of bank, etc.

· Information regarding your use of products or services

The service(s) and different functions within those services you have in use and the choices you have made regarding their usage. This includes information regarding sales, merchandise, and your personal choices related to the product or service.

· Information regarding your contacts with customer service

Recorded phone calls, chat conversations and email correspondence, etc.

· Information from external sanctions lists and PEP lists

Sanctions lists and lists of persons constituting so-called politically exposed persons (“PEP”) includes information such as name, date of birth, place of birth, occupation or position, and the reason as to why the person is on the respective list.

·  Sensitive personal data

Sensitive personal data is data which reveal religious beliefs, political or philosophical opinions, such as PEP-related information, trade union membership, or information concerning health, sex life or sexual orientation, as well as biometric data.

Processing of personal data relating to our customers

LOOMIS–PAY® processes personal data necessary for us to be able to offer you and your company our products and services. The type of personal data processed depends on your or your company’s relation to us, the purpose of the processing etc. Your company refers to the organization that has a customer relation to us and which you are employed by or otherwise represent or act on behalf of. In order to clarify which personal data is being processed for which purpose and on what legal basis, we have outlined the following table:

Purpose of the processing

Categories of personal data processed for the purpose

Legal basis for the processing

To provide our products and services, carry out contracts with you and otherwise administer our business relationship with you

· Contact and identification details

· Information regarding products/services

· Payment information

· Information regarding your use of products/services

Performance of contract (Article 6(1)(b) GDPR)

To check and verify that you are who you claim to be

· Contact and identification details

Performance of contract and legal obligation (Article 6(1)(b) and (c) GDPR)

Provide support to customers through phone and email

· Contact and identification details

· Information regarding your use of products/services

· Information regarding your contacts with customer service

Performance of contract and legitimate interest (Article 6(1)(b) and (f) GDPR)

Promoting our products and services and conducting customer surveys

· Contact and identification details

· Information regarding your use of products/services

Legitimate interest (Article 6(1)(f) GDPR)

To establish, exercise and/or defend ourselves against legal claims

· Contact and identification details

· Information regarding products / services

· Payment information

· Information regarding your use of products services

· Information regarding your contacts with customer service

Legitimate interest (Article 6(1)(f) GDPR)

Ensuring a secure IT environment

· Contact and identification details

· Information regarding your use of products/services

Legitimate interest (Article 6(1)(f) GDPR)

To improve our services and for general business development

· Information regarding your use of products/services

Complying with regulations aimed to prevent money laundering and financing of terrorism

· Contact and identification details

· Payment information

· Information regarding your use of services

· Information from external sanction lists and PEP lists

· Sensitive personal data

Legal obligation Article 6(1)(c) GDPR)

Preventing other criminal acts and security related incidents

· Contact and identification details

· Information regarding your use of services

Legal obligation and legitimate interest (Article 6(1)(c) and (f) GDPR)

To meet information requirements based on e.g. the Payment Services Act or GDPR

· Contact and identification details

· Information regarding your use of products / services

Legal obligation (Article 6(1)(c) GDPR)

Dealing with requests from public authorities and obligations to report data to public authorities in certain cases

· Reserved what is requested, usually at least contact and identification details

Legal obligation (Article 6(1)(c) GDPR)

Compiling the accounts and financial statements in accordance with the applicable accounting rules

· Information regarding products / services

· Payment information

Legal obligation (Article 6(1)(c) GDPR)

Data storage

LOOMIS–PAY® retains your personal data for only as long as is necessary to fulfil the respective purpose of processing. In certain cases, LOOMIS–PAY® is subject to legal requirements that require us to store personal data during a specific period of time. Examples of applicable laws which require us to retain personal data are accounting laws and regulations, under which we are required to retain accounting information for at least seven (7) years, and anti-money laundering and terrorist financing laws and regulations under which we are required to retain transactional and certain other customer-related data for at least five (5) years after the termination of the customer relationship. Personal data which is used to satisfy the contractual relationship between our customers and us are usually retained for the duration of the contract and thereafter for a period of time necessary to establish, exercise or defend legal claims. If no contract is concluded between you and us or if the data is not needed to comply with a legal requirement, the data will be kept only for as long as necessary to fulfil the purpose of the processing in question.

Your rights

The data subject is provided with a number of rights under the GDPR. As Data Controller LOOMIS–PAY® ensures that the following rights are met when a request is made to us. Your rights in relation to your personal data are as follows:


· Right to information

You have the right to be informed when your personal data is being processed. We provide you with such information through this notice and by responding to questions from you.

· Right of access

You have the right to request a copy of your personal data if you want to know what information we have and process about you.

· Right of rectification

You have the right to have inaccurate personal data corrected. In addition, you have the right to supplement any incomplete personal data considering the purpose for which we process your personal data.

· Right to erasure

You have the right to request to have your personal data erased, which also can be referred to as a “right to be forgotten”.

· Right to restriction of processing

You have the right to request that the processing of personal data be restricted.

· Right to object

You have the right to object to the processing of personal data carried out by us as a pursuant to our legitimate interest. If you object to such processing, we may only continue to process the data if we demonstrate that there are legitimate grounds for us to process the data where our interests outweigh your interests, for example where the processing is for the establishment, exercise or defense of legal claims. An example of where your interests outweigh ours is when you object to marketing.

· Right to data portability

When we process personal data by automated means on the basis of your consent or for the performance of a contract with you, you have the right to obtain your personal data in a structured, commonly used and machine-readable format for the purpose of transferring the data to another data controller.

· Right to lodge a complaint

You have the right to lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), which is the Swedish supervisory authority for the personal data processing LOOMIS–PAY® carries out.


For more information regarding each right, please see here (in Danish).


Please contact our data protection officer by sending an email to if you wish to exercise any of your rights or if you have any further questions regarding the processing of your personal data. State “To the DPO” in the subject line.

Recipients of personal data

LOOMIS–PAY® shares personal data with others only when necessary to fulfil the purposes described above.


If we share your personal data with a company that processes the data on our behalf, the recipient is a so-called data processor. We ensure that the personal data is processed in accordance with this information and applicable law. Consequently, your data is processed in an appropriate manner and in accordance with an adequate level of protection. Examples of suppliers we may share your data with for the purposes described above are software and data storage providers, payment processors and carriers.


In connection with certain specific services which LOOMIS–PAY® provide, another organization is the data controller and LOOMIS–PAY® is the data processor. This applies when Loomis provides services to a controller for which LOOMIS–PAY® does not determine how the data is processed or the purpose of the processing. Additionally, personal data processing may occur as a result of when LOOMIS–PAY® and the recipient processes personal data as separate data controllers, e.g. when we are obliged to provide necessary information to authorities such as the Police, the Financial Supervisory Authority, the Tax Agency or other authorities.

Transfer outside the EU/EEA

LOOMIS–PAY® processes your personal data within the EU/EEA. In some cases, personal data may be processed by recipients in countries outside the EU/EEA. Where this is the case, we ensure that an adequate level of protection for the personal data is adhered to at the time of transfer or that appropriate safeguards have been implemented in accordance with applicable law. Such appropriate safeguards include, but are not limited to, the use of the European Commission’s standard contractual clauses when concluding contracts between LOOMIS–PAY® and recipients outside the EU/EEA. In addition to the standard contractual clauses we assess whether there is legislation in the recipient countries that affects the protection of your personal data and, when necessary, we take supplementary safeguarding measures to ensure that the level of protection of your data is maintained when it is transferred to a third country.

Updates of this notice

LOOMIS–PAY® continuously works to improve our products and services to be able to offer our customers an even better experience. Therefore, we may update this privacy notice. If we make any major changes affecting your personal data, we will provide you with information regarding the changes in accordance with applicable law. Please visit this page regularly to keep up to date with how we process your personal data.


The information was last updated on 24 may 2022.


Cookies are text files containing information that are inserted and stored on your computer’s hard drive when you visit websites. Cookies can be temporary or persistent. Temporary cookies disappear when you close your browser. Persistent cookies are stored in your browser until they reach their expiration date, you have the option to delete them prematurely in your browser.