The purpose for why we process your personal data.

The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).

The legal basis for our processing of personal data.

The time period for which Gilion processes the personal data for that purpose.

To deliver the Platform and the features included therein in accordance with the Terms of service and our website.

From you:

Contact information.
Company information.

From other sources:

Contact information. (Google, Microsoft when using Single Sign-on)
Device information. (Your device)

The processing is necessary for Gilion to perform a contract with you (Art 6(1)(b) GDPR).

When the contract between Gilion and you or the company you represent is terminated.

To manage our relationship with you or the company you represent in accordance with our agreements (i.e. Terms of service, Loan agreement, or Referral program terms). This includes creating and sending information to you in electronic format (not marketing).

From you:

Contact information.
Company information.


From other sources:

Device information. (Your device)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in managing the relationship, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. If you want to know more about how the assessment was done, contact us.

When the contract between Gilion and you or the company you represent is terminated.

To anonymize your personal data in order to analyze and improve our services (our internal processes, our website or the Platform).

From you:

Contact information.
Company information.

From other sources:

Device information. (Your device)
Information about your use of our service. (Gilion)
Information about your contacts with us. (Gilion)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to anonymize your personal data for product development purposes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. By anonymizing your personal data, we ensure that we limit our processing to the extent possible.

This processing takesplace during the timethat Gilion retains the data in its systems for example to perform thecontract executed withyou or to comply withapplicable law. Formore details about our obligations and rightsto keep your personal data, please see section 9.

To perform data analysis and testing to improve our services (e.g. our internal processes, our website, or features available through the Platform). If possible, we first anonymize the data, which means that no personal data is processed afterwards).

From you:

Contact information.
Company information.

From other sources:

Device information. (Your device)
Information about your use of our service. (Gilion)
Information about your contacts with us. (Gilion)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to analyze your personal data for product development purposes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, our customers benefit from the processing as it enables us to deliver better and more reliable services.

This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.

To manage and address any queries or requests when you contact us.

From you:

Contact information.
Company information.

From other sources:

Device information. (Your device)
Information about your use of our service. (Gilion)
Information about your contacts with us. (Gilion)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in providing customer support, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, this processing benefits Gilion’s customers as it enables us to handle any issues and deliver more reliable services.

When the contract between Gilion and you or the company yourepresent is terminated.

To maintain and ensure network and data security in our services and systems.

From you:

Contact information.
Company information.

From other sources:

Device information. (Your device)
Information about your use of our service. (Gilion)
Information about your contacts with us. (Gilion)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to secure its network and data, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, this processing benefits Gilion’s customers as it enables us to deliver better and more reliable services.

This processing takes place for the entire period during which you use any of our services.

To provide marketing materials about the Platform and Gilion to you as our customer or a prospective customer. If you do not want to receive marketing from us, please contact us to let us know. We will then stop processing your data for sending marketing.

From you:

Contact information.
Company information.

From other sources:

Information about your use of our service. (Gilion)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in providing you with marketing about our services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. We have also considered the fact that marketing is listed as an example of legitimate interest in the GDPR.

When the contract between Gilion and youis terminated, or if you notify us that you are not interested in this processing.

To perform bookkeeping and accounting in accordance with accounting laws and preserve them in compliance with the applicable law.

From you:

Contact information.
Company information.

From other sources:

‍● Information about your use of our service. (Gilion)

To comply with law (Article 6(1)(c) GDPR). (The Swedish Act (1999:1078)).

During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered.

To investigate, take actions and document what actions have been taken based on the matter you have reported through our whistleblowing channels.

From you:

Contact information.
Whistleblowing report.

To comply with law (Article 6(1)(c) GDPR).
(The Swedish Act on the protection of persons who report misconduct (2021:890)).

This processing takes place during the period a matter is ongoing and 2 years after the matter has been closed.

To establish, exercise, or defend Gilion from legal claims and safeguard Gilion’s legal rights.

All categories mentioned in section 2.

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to protect itself from legal claims, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.

To share your personal data with the categories of recipients described in section 4.

All categories mentioned in section 2.

It varies depending on the recipient. See section 4.

This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.

The purpose for why we process your personal data.

The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).

The legal basis for our processing of personal data.

The time period for which Gilion processes the personal data for that purpose.

To deliver the financial services in accordance with the loan agreement between the borrower and the company you represent.

From you:

Contact information.
Company information.

From other sources:

Information about your use of our service. (Gilion)
Information from external sanction lists and PEP lists.(Sanction lists and PEP lists)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to deliver the financial services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).

When the contract between Gilion and you or the company you represent is terminated.

To prevent Gilion from being used for money laundering or terrorist financing, by monitoring and reviewing transactions. Gilion also conducts ongoing risk assessments to counter money laundering and terrorist financing.

From you:

Contact information.
Company information.

From other sources:

Information about your use of our service. (Gilion)
Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)

To comply with law (Article 6(1)(c) GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorism financing).

As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).

Up to five years from the termination of the contract or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law.

The purpose for why we process your personal data.

The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).

The legal basis for our processing of personal data.

The time period for which Gilion processes the personal data for that purpose.

To manage payments for our premium services from the company you represent in accordance with the Terms of service.

From you:

Contact information.
Company information.
Payment information.

From other sources:

Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to perform the personal data processing, that the processing is necessaryto achieve that purpose,and that our interestoutweighs your rightnot to have your dataprocessed for thispurpose.As regards sensitivepersonal data, the basisis that the processing isnecessary for reasons ofthe public interest (Article 9(2)(g) GDPR).

When the contract between Gilion and you or the company you represent is terminated.

To prevent Gilion from being used for money laundering or terrorist financing, by monitoring and reviewing transactions. Gilion also conducts ongoing risk assessments to counter money laundering and terrorist financing.

From you:

Contact information.
Company information.

From other sources:

Information about your use of our service. (Gilion)
Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)

To comply with law (Article 6(1)(c) GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorism financing).

As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).

Up to five years from the termination of the contract or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law.

The purpose for why we process your personal data.

The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).

The legal basis for our processing of personal data.

The time period for which Gilion processes the personal data for that purpose.

To communicate with you regarding potential collaboration with us if you have consented to be referred to us as part of the Referral program.

From other sources:

Contact information. (The person who referred you to us)
Company information. (The person who referred you to us)

The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to communicate with you based on the referral you have agreed to, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

During the time we have ongoing dialog with you regarding potential collaboration with us and one year after the dialog has ended.

The categories of recipients we share your personal data with

The purpose for why we share your personal data.

The legal basis for sharing your personal data.

Gilion Group companies.

To enable us to conduct our business in an efficient way and to ensure we can provide and maintain our services and functionalities.

The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data within the group to enable us to run our business in an efficient way, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

Service providers and subcontractors.

To enable us to access, use, and deliver services and functionalities that we do not have or cannot deliver by ourselves.

The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data with our service providers to deliver our services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

Authorities such as the police, financial authorities, tax authorities or other governmental authorities and courts of law.

To comply with our obligations in relation to any requests from the governmental authorities. As an example, we might need to share personal data to take measures against money laundering and terrorist financing. You can see these laws in section 3 above.

The data sharing is also necessary when Gilion needs to protect itself from being subject to crimes.

The data sharing is necessary to comply with legal obligations (Article 6(1)(c) GDPR). If the data sharing is not necessary to comply with our legal obligations, the data sharing is based on a balancing of interests (Article 6(1)(f) GDPR), where Gilion has determined that we have a legitimate interest in protecting itself against crimes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

Third parties as part of a merger, transfer, acquisition or sale, or in the event of a bankruptcy.

To enable potential mergers, divestitures, restructuring, reorganization, dissolution, and other sales or transfers of Gilion’s assets.

The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in enabling future divestments or sales of its assets, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.

The categories of recipients we share your personal data with.

The purpose for why we share your personal data.

The legal basis for sharing your personal data.

When you insert your payment information for the premium services, Gilion will share your details with the payment service provider Stripe Payments Europe, Limited. Stripe will process your data in accordance with Stripe’s own Services Agreement and Privacy Policy.

To enable us to collect and process your payment in a secure way.

The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data with the payment service providers to enable us to collect and process your payments, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.