Privacy Policy

1. Information about personal data processing in the KIX app

This Privacy Policy describes how KingsCross AB ("KingsCross", "we") collects and processes your personal data, what rights you have and who you can contact if you have any questions.

We protect your privacy and process your personal data in such a way that you can always feel safe when providing us with your information. This means, among other things, that we always process your personal data using the technical and organisational security measures required in each individual case.

This Privacy Policy shall ensure that the processing of your personal data that is collected and processed complies with legal requirements under the General Data Protection Regulation (GDPR) and other legislation, case law and general advice regarding personal data applicable at any given time.

2. Who is responsible for your personal data?

KingsCross AB, 556850-9599, is the data controller for the processing of your personal data and is responsible for ensuring that the personal data is processed in accordance with this policy as part of the use of the KingsCross app KIX ("KIX") and its services.

3. What personal data is processed and how do we access it?

We collect personal data that you provide yourself or that is created when you use KIX. Personal data is also collected from your bank when you connect a bank account to KIX. General information such as name and personal identity number is collected from the Swedish Tax Agency when you use BankID in KIX. When obtaining a register extract, where you have given us power of attorney to request one, personal data is collected from Valitive Credit AB or another credit information provider. Examples of personal data that may be processed include:

1. Contact details such as name, phone number, email address and phone number.

2. Date of birth and personal identity number.

3. User ID and correlation ID.

4. Device information such as IP address and device identification, as well as settings in KIX such as language settings.

5. Bank details, bank account number, account balance, account holder and account name.

6. Default accounts for deposits and disbursements and the last used bank account.

7. Transaction history including dates, times and amounts (all transactions, funds transferred, funds received, requests).

8. Messages sent during transfers and requests including any image or video.

9. Contacts and their phone numbers, selected favourite contacts, blocked phone numbers.

10. Profile image.

11. Your interaction with the stores you shop at through KIX, such as type of store, order history of ordered items and items in the shopping cart.

12. Membership in various customer clubs that you have joined yourself, subscriptions and VIP codes.

13. Log for BankID connection and information about signings via BankID such as date, time and document ID.

14. Credit information from register extracts: marital status, gender, income and tax information, property ownership, economic activity, records of non-payment, debt restructuring, balance due with Swedish Enforcement Authority, distraint attempts, repossession cases, creditworthiness.

15. Date of your last record retrieval.

16. Information about incidents in KIX and your use of it, such as response times, download errors, and time of use.

17. Any information you enter yourself or necessary to fulfil the service.

4. When do we have the right to process your personal data?

We only process your personal data when we have a legal basis for doing so. This is the case when the processing is necessary for the performance of an existing contract or a contract you wish to enter into, when we have a legitimate interest in the processing or when the processing is carried out for compliance with a legal obligation.

If we obtain register extracts from credit reference agencies on your behalf under GDPR, this only occurs with your power of attorney. You can always revoke such authority.

If processing requires consent, we will obtain it separately. You may withdraw it at any time.

5. Why is your personal data processed?

Your personal data is processed, where applicable, to:

  • Provide the service you want to use and enable you to initiate a relationship with our business customers.
  • Enable sending of notifications about collecting ordered goods.
  • Verify your phone number and identity via BankID so you can create an account and transfer/receive money.
  • Enable payment identification and approval via KIX.
  • Develop KIX and its services through troubleshooting and QA.
  • Compile purchase/payment history.
  • Send optional push notifications for transactions, requests, and invites.
  • Communicate with you (directly or via our clients) including customer service updates.
  • Share your personal data on your behalf with chosen parties.
  • Detect and prevent fraud.
  • Fulfil legal requirements.
  • Establish, assert and defend legal claims.

6. Who has access to your personal data?

Only authorised KingsCross personnel who need access for their tasks may access your data.

With your consent, we may share your data with stores or companies. We also share with technical suppliers for services like data storage or open banking. These partners are bound by data processing agreements that protect your personal data.

In the event of corporate restructuring or sale, personal data may be shared with new owners or their advisors.

Otherwise, data is shared only when required by law or to protect third-party interests.

7. Transfer to third country

Your personal data will not be transferred outside the EU/EEA.

8. How long is your personal data stored?

We store your personal data only as long as necessary for the intended purpose, following applicable laws.

  • Bank account connections via BankID are valid for 180 days. You’ll be notified to renew it.
  • Register extracts are automatically renewed unless power of attorney is revoked, in which case data is deleted after 3 months.
  • After you stop using our services, data is deleted or anonymised within 3 months unless the law requires otherwise.
  • Data related to suspected fraud may be stored longer.

9. How is your personal data protected?

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access, changes or loss, including firewalls and encryption.

Access is limited to authorised personnel only.

10. Your Rights

You have the right to contact us at any time to exercise the rights listed below. See "Contact details" for how to reach us.

11. Right to withdraw consent

You may withdraw your consent at any time. Withdrawal does not affect prior lawful processing.

12. Right to request access to personal data

You can request a copy of your personal data and details on how it’s processed.

13. Right to rectification of personal data

You have the right to correct or complete your personal data.

14. Right to erasure of personal data

You have the right to request deletion of your personal data unless legally required to retain it or necessary for legal claims, freedom of expression or public interest.

15. Right to restriction of processing

You may request restriction of processing if:

  • You contest the accuracy of data
  • Processing is unlawful
  • You need the data for legal claims
  • A pending objection is being verified

16. Right to object to processing

You may object to processing based on legitimate interest due to your specific situation.

17. Right to data portability

Where applicable, you may request to have your data transferred to another data controller, provided it’s technically feasible.

18. Right to lodge a complaint

If you believe we’ve handled your data incorrectly, you may file a complaint with the Swedish Authority for Privacy Protection (IMY).

19. Contact details

KingsCross AB

Kungsgatan 27

111 56 Stockholm

hello@kix.eu

20. Privacy Policy Change

This Privacy Policy is available in KIX. We may update it occasionally. The latest version is always published in KIX.