01·Who we are
Float Lending AB, org. no. 559100-4907 ("we", "us", "our") provides business account services and are developing data insight services. We are part of the same corporate group as Float Finance AB.
A note on the Business Accounts: To provide our business account, we partner with Airwallex that provides the underlying financial services. When you activate and use the Wallet, you enter into a separate agreement directly with Airwallex, who acts as an independent data controller for the personal data they process to deliver that service - including data required for customer due diligence under the Anti-Money Laundering Act. As part of delivering the business account service, Airwallex shares Account Data with us as an independent data controller, including account balance, transaction history and payor/payee information relating to your business account. We use this data to display your account information and provide the business account through the Platform. We strongly recommend reading Airwallex's Privacy Policy: https://www.airwallex.com/global/terms/privacy-policy.
02·What we collect and why
The table below sets out the personal data we process, the purpose for which we process it, and the legal basis we rely on under the GDPR.
| Purpose | Data collected | Examples | Legal basis |
|---|---|---|---|
| Platform access - freemium tier Providing access to the Platform |
Identity & contact Name, email, company name, org. Bank-ID verification, role/title of company representative Login credentials Email and Bank-ID verification Financial & operational data Accounting records, transaction data, and billing subscription data Usage data Login history, access logs |
Sign-up form data Bank-ID verification to access the Platform Representative details Connected accounting system data Bank transaction feeds |
Performance of a contract - Art. 6(1)(b) GDPR. |
| Platform analytics & improvement Understanding how you use the platform |
Usage behaviour Navigation patterns, session recordings - all personal data masked |
Click maps Session replays |
Consent - Art. 6(1)(a) GDPR, collected via our cookie banner. You may withdraw consent at any time. |
| Customer support Handling your support requests |
Communication data Content of support queries via chat or email |
Chat transcripts Email correspondence |
Legitimate interests - Art. 6(1)(f) GDPR (providing efficient, accessible support) |
| Business account administration & security Managing your account, authentication, fraud prevention |
Login credentials Name, email, encrypted password, Google single sign-on or Bank-ID verification Account Data account balance, transaction history, payor/payee information and other financial information relating to the business account Device & security data IP address, browser type, OS, login history, usage patterns |
2FA logs Transaction view, balance displays, account statements Anomaly detection Session tokens |
Performance of a contract - Art. 6(1)(b). Legitimate interests - Art. 6(1)(f) (fraud prevention). |
| Information on product updates | Contact details Email address, name |
Product updates New features |
Legitimate interests - Art. 6(1)(f) GDPR |
| Marketing information | Contact details Email address, name, phone number |
Website loan calculator usage | Consent - Art. 6(1)(f) GDPR |
03·Where we get your data
Most personal data comes directly from you, when you sign up for a business account or use the Platform.
Connected accounting systems
Where you choose to connect an accounting system through the Platform, we obtain financial data from that system to generate key performance indicators. The data obtained may include revenue, costs, account balances, and transaction categorisation.
Connected bank accounts
Where you choose to connect a bank account through the Platform, we obtain transaction data and account balance information via a licensed account information service provider. The data obtained is used solely to generate key performance indicators within the freemium tier.
Airwallex
As part of delivering the business account service, Airwallex shares Account Data with us as an independent data controller, including account balance, transaction history, and payor/payee information relating to your business account. We use this data to display your account information and provide the business account service through the Platform.
Publicly available sources and official registers
To verify company and representative information where relevant to the business account.
Sources: Bolagsverket (Swedish Companies Registration Office), Skatteverket (Swedish Tax Agency)
Data obtained: Authorised signatories, board members, and beneficial ownership information.
04·How long we keep it
We keep your personal data only for as long as necessary for the purpose it was collected, or as required by law.
Business account - contractual data
Kept for the duration of the business account relationship and thereafter for the period needed to handle complaints or legal claims; typically up to 10 years under the Limitations Act (Preskriptionslagen).
Consent-based data
Platform analytics and AI development data are kept until you withdraw your consent (Art. 7 GDPR). Withdrawal does not affect anything processed before that point.
Accounting records
Data that constitutes accounting records must be retained for 7 years following the end of the calendar year in which the financial year to which the records relate was completed (Ch. 7 § 2, Swedish Bookkeeping Act, Bokföringslagen 2004:125).
05·Who we share with
We only share your personal data where necessary and lawful. We never sell your data. The categories of recipients are:
Airwallex
Float Lending AB and Airwallex each act as independent data controllers, there is no joint controllership between them. We share personal data with Airwallex in two directions:
Float Lending AB to Airwallex: We share Account Data and business account onboarding information with Airwallex for Airwallex's own purposes, including enabling the provision of Connected Account Services, AML/KYC compliance, and service administration.
Airwallex to Float Lending AB: Airwallex shares Account Data with us to enable us to operate and display the business account service through the Platform.
Both transfers are governed by Data Transfer Agreement incorporating the EU Standard Contractual Clauses (Commission Decision 2021/914). For the EEA, the applicable Airwallex entity is Airwallex (Netherlands) B.V.; for the UK, Airwallex (UK) Limited.
Float Finance AB
If you choose to apply for a business credit product through the Platform, we share the personal data relevant to your credit application with Float Finance AB. Float Finance AB acts as an independent data controller for the purposes of processing your credit application, performing customer due diligence, and managing the credit relationship. Their processing is described in the Float Finance AB Privacy Policy (available on www.floatfinance.com). The legal basis for this transfer is Art. 6(1)(b) GDPR, the transfer is necessary to take steps at your request prior to entering into a contract with Float Finance AB.
Service providers (data processors)
Third-party vendors who help us operate the Platform and our services. They act on our instructions and may not use your data for their own purposes (Art. 28 GDPR). Categories include:
- Cloud infrastructure and storage providers
- IT and platform infrastructure providers
- Analytics and session-recording tool providers
Regulatory authorities
We may be required to share data with relevant authorities where required by law.
06·International data transfers
We prioritise EU/EEA-based service providers and strive to keep all processing within the EU/EEA. In certain cases, a transfer to a country outside the EU/EEA may be necessary, for example where a best-in-class provider operates outside the EEA. In all such cases, we ensure that adequate safeguards are in place in accordance with Chapter V GDPR before the transfer takes place. We do this through one or more of the following mechanisms:
- An adequacy decision by the European Commission recognising the destination country as providing an equivalent level of data protection.
- Standard Contractual Clauses (SCCs) in the form approved by the European Commission, entered into with the recipient (Art. 46(2)(c) GDPR).
- Another appropriate safeguard under Art. 46 GDPR, such as Binding Corporate Rules (BCRs), where applicable.
We continuously monitor developments in EU data protection law and update our transfer mechanisms accordingly.
07·Cookies
When you use our Platform, we use cookies and similar tracking technologies.
Strictly necessary cookies
Required for the Platform to function and remain secure. No consent is needed for these (Ch. 9 § 28, Electronic Communications Act 2022:482).
Analytics and performance cookies
Used to understand how you use the Platform and to improve your business account experience. We ask for your consent before placing these (Ch. 9 § 28 LEK; Case C-673/17, Planet49). Withdraw or manage consent at any time via our cookie manager.
For full details of the cookies we use, please see our Cookie Manager.
08·Your rights
Under the GDPR, you have the following rights. To exercise any of them, please contact us using the details in Section 9.
Right of access
You may request confirmation of whether we process your personal data and receive a copy of that data (Art. 15 GDPR).
Right to rectification
You may request that we correct any inaccurate personal data we hold about you (Art. 16 GDPR).
Right to erasure
In certain circumstances, you may request that we delete your personal data, for example, where it is no longer needed for the purpose it was collected, or where you withdraw your consent (Art. 17 GDPR).
Right to object
You may object to processing that is based on our legitimate interests (Art. 21 GDPR).
Right to restriction
In certain circumstances, you may request that we restrict our processing of your data (Art. 18 GDPR).
Right to data portability
You may request a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format (Art. 20 GDPR).
Right to withdraw consent
Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).
Right to lodge a complaint
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
09·Contact us
|
Data Controller
Float Lending AB Nybrogatan 55 114 40, Stockholm Sweden privacy@floatfinance.com |
External Data Protection Officer
Kertos GmbH Brienner Str. 41, 80333 Munich Data Protection Officer: Dr. Kilian Schmidt +49 151 525 797 93 dsb@kertos.io |
This policy may be updated from time to time. We will publish any changes at www.floatfinance.com. The current version is always available on www.floatfinance.com.

