Privacy Policy

Last updated 5 of august 2020

Introduction and responsibility for personal data

Defined terms in this Privacy Policy have the same meaning as in the applicable Terms of Use (https://www.getsteven.com/terms/).

When you are in contact with Steven, visiting our website or using our App, you entrust us with your personal data. We are committed to keeping that trust. That starts with helping you understand our privacy practices. This Privacy Policy explains how Steven collects and uses your personal data. It also describes your rights towards us and how you can exercise them. As an e-money and payment institution, Pei Development is bound by professional secrecy by law. By using the App, you accept our Privacy Policy and our processing of your personal data. You also agree to our use of electronic communication channels to send you information, as described below and in the Terms of Use.

This Privacy Policy constitutes information for data subjects and has been drafted in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

The data controller for the data processing described in this Privacy Policy is Pei Development AB, corp. ID no 559026-5673. As a data controller, we always process your personal data in accordance with our Privacy Policy. You are welcome to contact us at any time if you have any questions regarding your personal data. You can send an email to info@getsteven.com.

1. Scope

This Privacy Policy covers personal data processing concerning the following categories of natural persons:

  • Customers and users of our services (Steven App);
  • Visitors to Steven’s website and individuals who contact Steven;
  • Employees/representatives at suppliers, stakeholders and authorities; and
  • Candidates that apply for an employment.

2. How is personal data collected?

From you and the information you submit to us. Most of the personal data we process is submitted by you, for example when you create a user account with us, submit a job application or otherwise contact us by email.

From public and private information registers. In some cases, when you use our services, we collect data about you from public and private registers. For instance, SPAR (Statens personadressregister), private sources that act as sellers of such a register, the Swedish Tax Agency and sanctions lists that may be public or provided by a private source.

Through your use of the App and the website. When you use the App, additional information is created that can be linked to you, such as a history of group settlements, transactions, logs of logins and use of the App along with choices you make.

We also collect data from devices, such as your mobile phone, tablet, and computer, about how you interact with our services, website and application by picking up information that can recognize and associate your activity.

3. How is your personal data processed?

3.1 Customers and users of the App

What categories of personal data is processed?

Name, date of birth, city, country of residence, user details, device information, agreement data, correspondence with you, authentication data, IP address, cookies (if allowed by you), customer choices and usage of the App. If you use our payments solutions, we also process social security number, location, transaction details and history and card/bank details.

Why do we process your personal data?

We need to process personal data about our customers/users so that we can offer our services. We process personal data for the following purposes and based on the following legal basis.

Purpose of the processing Legal basis for the processing
For the main purpose of providing and managing our services and fulfilling the agreement we need:
  • To confirm the identity of the user,
  • To administer user accounts
  • To enable the use of the App including for you to integrate with other users,
  • To enable transactions and pay-outs,
  • To administer the customer relation, customer queries, complaints and provide support, and
  • To ensure that the services function properly.
Fulfil our contractual obligations.

Our legitimate interest. The interest is to ensure correct execution of the services.

If you use our services via our mobile application, we will use push notifications to communicate with you, provided that you have enabled this on your device.
For the main purpose of fulfilling our obligations required by laws and regulations we need:
  • To confirm your identity,
  • To study and analyse your use of our services in order to detect misuse/fraud and money laundering,
  • To apply secure identification in connection with executing transactions,
  • Provide you with relevant and required information regarding / in relation to the use of the services,
  • To store documents in accordance with law, and
  • To fulfil bookkeeping and accounting requirements.
Comply with a legal obligation to which we are subject.

Our legitimate interest. The interest is to comply with applicable laws.
For the main purpose of managing and defending legal claims and safeguarding our legal rights we need (where applicable):
  • To investigate, respond to and defend a legal claim,
  • To demonstrate regulatory compliance and fulfil audit obligations,
  • To provide information to a potential buyer in connection with sale of receivables, an acquisition or merger of the business (de-personalized or pseudonymized data is used as far as possible)
Our legitimate interest. The interest is to defend ourselves against or manage a legal claim, as well as in safeguarding our rights.

Personal data will be used only to the extent necessary in the individual case.
For the main purposes of evaluating, improving and developing our business we need:
  • To understand user behaviour and preferences
  • To conduct customer satisfaction surveys by electronic communication or phone
This includes to create aggregate statistics on, for example, customer types, sales, and responses to and the use of promotions.
Our legitimate interest in improving and developing our business.

If you do not wish to receive such communication, please send an email to info@getsteven.com
For direct marketing purposes we need to inform about our business, feature updates and promotions that we feel are relevant to existing users. Our legitimate interest in marketing and informing about our business and encouraging existing customers to use our services.

If you do not wish to receive such communication, you can opt out at any time by following the instructions in the email or sending an email to info@getsteven.com

How long do we process your personal data?

The personal data will be actively processed as long as the customer relationship is active and for a period of 1-3 years thereafter. During the first year after inactivation we will process your data for marketing purposes. In addition to the processing we will also need to store the data for so-called anti-money-laundering purposes for 5-10 years, and for accounting and bookkeeping purposes we store data for 7 years plus one.

3.2 Visitor of our website and inquires

What categories of personal data is processed?

Device information, information about browser type and version, installed plugins, date and time of traffic/access, viewed pages, previously visited pages, IP address, UDID, cookies and country. If you contact us we will also process your contact details and correspondence with us.

Why do we process your personal data?

While you visit our website, we collect certain information that will identify you in some cases. Your own browser and device settings affect what information we can collect from your visit. Please read our Cookie Policy to obtain the full picture. If you contact us via our website or sending a letter or an email, we have to collect and store personal data in order to handle your enquiry.

Purpose of the processing Legal basis for the processing
To manage and respond to questions from stakeholders, customers and visitors to our digital channels.

For direct marketing purposes and for the purpose of informing about our business, analyse the interest in our business and the use of the website.

In addition, we use personalization in our social media and web advertising communications on other websites. We use cookies and analytical tools for personalization and to analyse usage patterns.

We use social plugins, which means we have integrated content in a social network on our website that can relate your usage and functions for visits to our website to your account in the network (provided that you have an account). The content in the social network can be provided on our website and it is possible to share our website content via the social network. Visit their website www.facebook.com, www.instagram.com, https://www.linkedin.com and www.intercom.com for information about social networks.
Our legitimate interest in carrying out business activities and increasing interest in our business.

We obtain your consent for some processing, such as processing of cookies and location information.

For how long do we process your data?

Please find our Cookie Policy.

Usually personal data related to inquiries is erased within 6 months after the inquiry has been properly responded and terminated. However, if we assess that the conversation has contents that we need for the purpose of managing and defending legal claims or safeguarding our legal rights the storage period will be extended to the period of time necessary to achieve these purposes.

3.3 Employees and representatives at suppliers, stakeholders and authorities

What categories of personal data is processed?

Name, contact details, job title/role, employer/principal and information in communication between us, and agreement data.

Why do we process your personal data?

As an employee or a representative of a company/organisation that we have a business relationship with, we may process your personal data as follows.

Purpose of the processing Legal basis for the processing
Enter into contracts with suppliers and stakeholders, to administer the contractual relationship, for instance receive delivery of goods and use customer support. Our legitimate interest. The interest to fulfil our contractual obligations with your employer / principal and performance of business activity.
Communicating with supervisory authorities, managing our licenses and fulfilling legal obligations such as reporting commitments. Our legitimate interest to comply with applicable law and safeguard our licenses.
For accounting purposes personal data may be stated on supporting documentation/invoices/vouchers. Comply with a legal obligation to which we are subject.
To investigate, manage and defend us against legal claims and safeguarding our legal and contractual rights (where applicable). For instance, within a dispute with your employer / principal. Our legitimate interest to defend ourselves against a legal claim, as well as to safeguard our legal and contractual rights.

How long do we process your personal data?

The personal data will be processed as long as we have a relationship with your employer / principal and 2 years thereafter. However, if we assess there is information we need for the purpose of managing and defending legal claims, show compliance with a legal or contractual obligation or safeguarding our legal rights, the storage period will be extended to the period of time necessary to achieve these purposes. For accounting and bookkeeping purposes, we store data for 7 years plus one.

3.4 Candidates that apply for an employment

What categories of personal data is processed?

All data you provide to us in your application for instance name, personal identification number, address, contact details, education and grades, work reference, professional experience and other information that you provide about yourself in your application, and image (if any).

If we perform tests within the recruitment process we provide information about the processing of such personal data before initiating the test and ask for your consent to the processing.

Why do we process your personal data?

Purpose of the processing Legal basis for the processing
For the main purpose of performing and managing a recruitment process we need to
  • collect and review your application; personal letter and any certifications;
  • assess and consider candidates based on experience and qualifications; and
  • administrate invitations and bookings to interviews and communicate with candidates.
Our legitimate interest to recruit new employees.
To inform you about other or future employments that could suit you. Our legitimate interest to recruit new employees.

Your consent (if we save your information for this purpose for more than 6 months).
To investigate, manage and defend us against legal claims in the view of Swedish discrimination law as well as safeguarding our legal rights. Our legitimate interest to defend ourselves against a legal claim, as well as to safeguard our legal rights and to comply with/carry out legal obligations in the field of employment.

How long do we process your personal data?

Unless you have given us your consent, personal data will only be processed for 6 months after the application process is over in order to inform you about future employments. However, we will save your documents for two years in order to protect our rights under Swedish discrimination law.

4. Who do we share your personal data with?

To run our business, we need to work with other parties and in some cases this means that we have to share your personal data with a third party. As our business is bound by professional secrecy by law, we may disclose your personal data only if this is supported in law or when we need to in order to provide you the services. We take all reasonable legal, technical, and organizational measures to ensure that your personal data is treated securely and with an adequate level of protection when transferred to or shared with such selected third parties. We may share your personal data with the following categories of third parties:

Our employees and consultants who work at Pei Development. Your personal data may be shared with people who work at Pei Development, but only those who need access to the data in order to do their work. Some tasks have been outsourced to the Pei Development group’s central IT department, so their staff may also access your data.

Suppliers. Your personal data may need to be transferred to or shared with companies that contribute to our service delivery. In order for us to provide our services and secure our business, we need these companies’ services:

  • Suppliers of systems/applications to provide and support email and websites/platforms.
  • Server hosting partner.
  • Payment service providers to execute transactions. They may request additional information from you to process your payment. Please make sure that you read any third-party terms that might apply when using the payment services and if you have any questions relating to how the respective payment service provider handles your personal data, you can contact the respective provider.
  • Suppliers for managing direct marketing mailings and information related to use of the services.
  • Suppliers of information registers in connection with when we collect data about you to confirm and verify your identity and in connection with analyses and investigations into crime, misuse and money laundering.
  • Insurance companies where applicable.
  • External advisors such as lawyers where applicable.

Public authorities. We may disclose necessary personal data to authorities such as the police, tax agencies or other authorities if we are required by law or you have agreed to it. An example of legally required sharing is for the purposes of anti-money laundering and counter-terrorist financing.

Courts, counterparties and legal representatives. In connection with disputes, we need to disclose the data that is relevant to the case.

Divestment. In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal data about our customers may be disclosed and transferred.

5. Is your data processed outside of the EU/EEA?

Pei Development have subsidiaries and suppliers outside the EU/EEA that assist us in providing the services. They will have access to data of our customers and users of the App. In some cases, we may be required to disclose personal data to public authorities outside of the EU/EEA (provided that this is supported in law). When doing so we are committed to protect your data and comply with applicable data protection laws and will therefore put in place adequate safeguards to protect your personal data.

6. Information about your rights under the GDPR

Right to access your data. You are entitled to request confirmation of whether we process your personal data. If we do you are entitled to access the data together with information about how it is processed.

Right to data portability. You are entitled to receive the personal data that you have provided to us in an electronic format and, if technically feasible, have the data transferred to another data controller. This right applies if we process personal data on the basis of your consent or fulfilling a contract with you.

Right to rectification. You are entitled to request that incorrect personal data be rectified. Furthermore, you are entitled to supplement incomplete personal data.

Right to erasure (“right to be forgotten”). In some cases, you are entitled to request that your personal data be erased if it is no longer necessary for the purpose for which it was collected, if there is no legal basis for its processing or if our processing is on the basis of your consent.

Revoking your consent. If we process your personal data on the basis of your consent, you may revoke this consent at any time. Your revocation does not affect the legality of our processing up to the point of your revocation.

Right to objection. Where we process your data based on our legitimate interest you are entitled to object to the processing. In such cases, we must either prove that we have legitimate reasons to process your personal data that outweigh your interests or cease the processing of your personal data.

Limiting the use of data. You are entitled to request that the processing of your personal data be limited until incorrect data is rectified or an objection from you has been investigated.

Declining direct marketing. You always have a right to opt out of marketing from us. Please contact us for assistance. If you have consented to electronic mailings, you can use the unsubscribe link in the email to opt out.

Pei Development does not carry out processing and does not make decisions based solely on automated processing, including profiling.

If you are dissatisfied with how your personal data is processed, you can submit a complaint to a supervisory authority, which in Sweden is the Swedish Data Protection Authority (www.datainspektionen.se).

7. Updates to this policy

We may occasionally update this Privacy Policy. If we make significant changes, we will notify you of the changes through the App or through other means such as email. To the extent permitted under applicable law, by using our services after such notice, you accept the updates.

We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

The app that splits costs between friends
Get the app