Privacy Policy

Float Lending AB
Effective date: 2026-06-05 Org. no. 559100-4907

This policy covers Float Lending AB's business account, our platform and data insight services. For business credit products, see the Float Finance AB Privacy Policy.

01·Who we are

Float Lending AB, org. no. 559100-4907 ("we", "us", "our") provides business account services and are developing data insight services. We are part of the same corporate group as Float Finance AB.

A note on the Business Accounts: To provide our business account, we partner with Airwallex that provides the underlying financial services. When you activate and use the Wallet, you enter into a separate agreement directly with Airwallex, who acts as an independent data controller for the personal data they process to deliver that service - including data required for customer due diligence under the Anti-Money Laundering Act. As part of delivering the business account service, Airwallex shares Account Data with us as an independent data controller, including account balance, transaction history and payor/payee information relating to your business account. We use this data to display your account information and provide the business account through the Platform. We strongly recommend reading Airwallex's Privacy Policy: https://www.airwallex.com/global/terms/privacy-policy.

02·What we collect and why

The table below sets out the personal data we process, the purpose for which we process it, and the legal basis we rely on under the GDPR.

PurposeData collectedExamplesLegal basis
Platform access - freemium tier
Providing access to the Platform
Identity & contact
Name, email, company name, org. Bank-ID verification, role/title of company representative

Login credentials
Email and Bank-ID verification

Financial & operational data
Accounting records, transaction data, and billing subscription data

Usage data Login history, access logs
Sign-up form data
Bank-ID verification to access the Platform Representative details Connected accounting system data
Bank transaction feeds
Performance of a contract - Art. 6(1)(b) GDPR.
Platform analytics & improvement
Understanding how you use the platform
Usage behaviour
Navigation patterns, session recordings - all personal data masked
Click maps
Session replays
Consent -
Art. 6(1)(a) GDPR, collected via our cookie banner. You may withdraw consent at any time.
Customer support
Handling your support requests
Communication data
Content of support queries via chat or email
Chat transcripts
Email correspondence
Legitimate interests -
Art. 6(1)(f) GDPR (providing efficient, accessible support)
Business account administration & security
Managing your account, authentication, fraud prevention
Login credentials
Name, email, encrypted password, Google single sign-on or Bank-ID verification

Account Data
account balance, transaction history, payor/payee information and other financial information relating to the business account

Device & security data
IP address, browser type, OS, login history, usage patterns
2FA logs
Transaction view, balance displays, account statements
Anomaly detection
Session tokens
Performance of a contract - Art. 6(1)(b).

Legitimate interests -
Art. 6(1)(f) (fraud prevention).
Information on product updates Contact details
Email address, name
Product updates
New features
Legitimate interests -
Art. 6(1)(f) GDPR
Marketing information Contact details
Email address, name, phone number
Website loan calculator usage Consent -
Art. 6(1)(f) GDPR

03·Where we get your data

Most personal data comes directly from you, when you sign up for a business account or use the Platform.

Connected accounting systems

Where you choose to connect an accounting system through the Platform, we obtain financial data from that system to generate key performance indicators. The data obtained may include revenue, costs, account balances, and transaction categorisation.

Connected bank accounts

Where you choose to connect a bank account through the Platform, we obtain transaction data and account balance information via a licensed account information service provider. The data obtained is used solely to generate key performance indicators within the freemium tier.

Airwallex

As part of delivering the business account service, Airwallex shares Account Data with us as an independent data controller, including account balance, transaction history, and payor/payee information relating to your business account. We use this data to display your account information and provide the business account service through the Platform.

Publicly available sources and official registers

To verify company and representative information where relevant to the business account.

Sources: Bolagsverket (Swedish Companies Registration Office), Skatteverket (Swedish Tax Agency)

Data obtained: Authorised signatories, board members, and beneficial ownership information.

04·How long we keep it

We keep your personal data only for as long as necessary for the purpose it was collected, or as required by law.

Business account - contractual data

Kept for the duration of the business account relationship and thereafter for the period needed to handle complaints or legal claims; typically up to 10 years under the Limitations Act (Preskriptionslagen).

Consent-based data

Platform analytics and AI development data are kept until you withdraw your consent (Art. 7 GDPR). Withdrawal does not affect anything processed before that point.

Accounting records

Data that constitutes accounting records must be retained for 7 years following the end of the calendar year in which the financial year to which the records relate was completed (Ch. 7 § 2, Swedish Bookkeeping Act, Bokföringslagen 2004:125).

05·Who we share with

We only share your personal data where necessary and lawful. We never sell your data. The categories of recipients are:

Airwallex

Float Lending AB and Airwallex each act as independent data controllers, there is no joint controllership between them. We share personal data with Airwallex in two directions:

Float Lending AB to Airwallex: We share Account Data and business account onboarding information with Airwallex for Airwallex's own purposes, including enabling the provision of Connected Account Services, AML/KYC compliance, and service administration.

Airwallex to Float Lending AB: Airwallex shares Account Data with us to enable us to operate and display the business account service through the Platform.

Both transfers are governed by Data Transfer Agreement incorporating the EU Standard Contractual Clauses (Commission Decision 2021/914). For the EEA, the applicable Airwallex entity is Airwallex (Netherlands) B.V.; for the UK, Airwallex (UK) Limited.

Float Finance AB

If you choose to apply for a business credit product through the Platform, we share the personal data relevant to your credit application with Float Finance AB. Float Finance AB acts as an independent data controller for the purposes of processing your credit application, performing customer due diligence, and managing the credit relationship. Their processing is described in the Float Finance AB Privacy Policy (available on www.floatfinance.com). The legal basis for this transfer is Art. 6(1)(b) GDPR, the transfer is necessary to take steps at your request prior to entering into a contract with Float Finance AB.

Service providers (data processors)

Third-party vendors who help us operate the Platform and our services. They act on our instructions and may not use your data for their own purposes (Art. 28 GDPR). Categories include:

  • Cloud infrastructure and storage providers
  • IT and platform infrastructure providers
  • Analytics and session-recording tool providers

Regulatory authorities

We may be required to share data with relevant authorities where required by law.

06·International data transfers

We prioritise EU/EEA-based service providers and strive to keep all processing within the EU/EEA. In certain cases, a transfer to a country outside the EU/EEA may be necessary, for example where a best-in-class provider operates outside the EEA. In all such cases, we ensure that adequate safeguards are in place in accordance with Chapter V GDPR before the transfer takes place. We do this through one or more of the following mechanisms:

  • An adequacy decision by the European Commission recognising the destination country as providing an equivalent level of data protection.
  • Standard Contractual Clauses (SCCs) in the form approved by the European Commission, entered into with the recipient (Art. 46(2)(c) GDPR).
  • Another appropriate safeguard under Art. 46 GDPR, such as Binding Corporate Rules (BCRs), where applicable.

We continuously monitor developments in EU data protection law and update our transfer mechanisms accordingly.

07·Cookies

When you use our Platform, we use cookies and similar tracking technologies.

Strictly necessary cookies

Required for the Platform to function and remain secure. No consent is needed for these (Ch. 9 § 28, Electronic Communications Act 2022:482).

Analytics and performance cookies

Used to understand how you use the Platform and to improve your business account experience. We ask for your consent before placing these (Ch. 9 § 28 LEK; Case C-673/17, Planet49). Withdraw or manage consent at any time via our cookie manager.

For full details of the cookies we use, please see our Cookie Manager.

08·Your rights

Under the GDPR, you have the following rights. To exercise any of them, please contact us using the details in Section 9.

Right of access

You may request confirmation of whether we process your personal data and receive a copy of that data (Art. 15 GDPR).

Right to rectification

You may request that we correct any inaccurate personal data we hold about you (Art. 16 GDPR).

Right to erasure

In certain circumstances, you may request that we delete your personal data, for example, where it is no longer needed for the purpose it was collected, or where you withdraw your consent (Art. 17 GDPR).

Right to object

You may object to processing that is based on our legitimate interests (Art. 21 GDPR).

Right to restriction

In certain circumstances, you may request that we restrict our processing of your data (Art. 18 GDPR).

Right to data portability

You may request a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format (Art. 20 GDPR).

Right to withdraw consent

Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).

Right to lodge a complaint

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

09·Contact us

Data Controller Float Lending AB
Nybrogatan 55
114 40, Stockholm
Sweden

privacy@floatfinance.com
External Data Protection Officer Kertos GmbH
Brienner Str. 41, 80333 Munich
Data Protection Officer: Dr. Kilian Schmidt
+49 151 525 797 93
dsb@kertos.io

This policy may be updated from time to time. We will publish any changes at www.floatfinance.com. The current version is always available on www.floatfinance.com.