Privacy policy

Bits Technology - Privacy Policy

Last update: February 2025

1. Introduction

Bits Technology (Finbits AB, org. no. 559375-3923) ("Bits", "we", "our", "us") cares deeply about your privacy and about protecting the personal data we process. This Privacy Policy ("Policy") describes how we collect, use, store, share, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws.

This Policy applies when you:

  • communicate with us, for example via email or our website

  • use our services and APIs

  • visit our websites www.bits.bi
     (collectively referred to as "the Services" or "the Functions").

2. Controller and Contact Information


Controller: Finbits AB (trading as Bits Technology)
Org. no.: 559375-3923
Address: Birger Jarlsgatan 27, 111 45 Stockholm, Sweden
Email: legal@bits.bi


If you have any questions about this Policy or your data protection rights, please contact us at the address above.

3. Definitions


The following definitions follow GDPR terminology:

  • Applicable Law: The GDPR and supplementary Swedish or EU data protection laws.

  • Controller: The entity determining the purposes and means of processing personal data.

  • Processor: An entity processing personal data on behalf of a controller.

  • Data Subject: A natural person whose personal data are processed.

  • Personal Data: Information that can identify an individual, directly or indirectly.

  • Processing: Any operation performed on personal data such as collection, storage or use.

  • Special Category Data: Sensitive data as defined in Article 9 GDPR (for example health or biometric data).

4. When Bits Acts as Controller or Processor


Bits acts as Controller when we handle personal data related to our own business, for example customer contacts, marketing, supplier management or website visitors.


Bits acts as Processor when we process personal data on behalf of our customers through the Bits Platform. In those cases, our Data Processing Agreement (DPA) governs the processing.

5. Categories of Data We Process (as Controller)

Customer and partner contacts

Examples: Name, title, company, email, phone
Retention: For the duration of the business relationship and up to 12 months thereafter

Service users

Examples: Login credentials, activity logs, support communication
Retention: As long as the account is active and for up to 24 months for audit and security purposes

Website visitors 

Examples: IP address, browser data, cookie identifiers
Retention: See our Cookie Policy

Job applicants

Examples: CV, contact details, correspondence
Retention: Up to 6 months after recruitment closure unless consent to longer storage

We do not intentionally collect or process sensitive personal data in our controller role.

6. Purposes and Lawful Bases

We process personal data for the following purposes and lawful bases:

To provide and improve our services and user experience 
Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)

To communicate with customers, partners and suppliers 
Legal Basis: Performance of contract or legitimate interest

To fulfil legal obligations such as accounting or AML 
Legal Basis: Legal obligation (Article 6(1)(c) GDPR)

To market our products and manage events or demos 
Legal Basis: Consent or legitimate interest

To manage support requests and maintain security 
Legal Basis: Legitimate interest

Where consent is required, such as for cookies or newsletters, you may withdraw it at any time.

7. Data Sources

We collect personal data directly from you through our website and services. In some cases, we may receive information from third parties such as public registers or business partners when relevant to your use of our services.

8. International Data Transfers


We primarily process and store personal data within the European Union (EU) and the European Economic Area (EEA).


In some cases, personal data may be transferred to or accessed from countries outside the EEA. When this happens, we ensure that appropriate safeguards are in place in accordance with the GDPR. These safeguards may include the EU Commission’s Standard Contractual Clauses (SCCs) or an adequacy decision.


You may contact us at legal@bits.bi if you would like more information about these safeguards or to request a copy of our Data Processing Agreement (DPA).

9. Security Measures

We take both technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration or destruction.

Examples of these measures include:

  • Encryption and pseudonymisation

  • Secure cloud environments such as VPC, VPN and firewall protection

  • Access control and activity logging

  • Two-factor authentication

  • Regular security testing and vulnerability management

  • Daily to real-time data backups

  • Employee confidentiality and information security training

These controls meet or exceed the requirements of Article 32 of the GDPR.

10. Your Rights

You have the following rights under the GDPR:

  • Access: to know what data we hold about you

  • Rectification: to correct inaccurate or incomplete data

  • Erasure ("right to be forgotten"): to request deletion where processing is no longer necessary

  • Restriction: to limit processing in certain circumstances

  • Objection: to processing based on legitimate interests or for direct marketing

  • Data portability: to receive your data in a machine-readable format

  • Withdraw consent: at any time, for future processing

To exercise your rights, contact us at legal@bits.bi. We may need to verify your identity before fulfilling your request.

If you believe we process your personal data incorrectly, you may file a complaint with the Swedish Authority for Privacy Protection (IMY) at www.imy.se.

11. Data Retention

We keep personal data only as long as necessary for the purposes described above or as required by law, for example under accounting regulations. After that, data are securely deleted or anonymised.

12. Cookies

We use cookies and similar technologies to analyse traffic and improve your experience. Details about the types of cookies, retention and settings are available in our Cookie Policy.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. Significant updates will be communicated in advance through our website or by email when applicable.

14. Contact

If you have any questions or wish to exercise your rights, please contact us:
legal@bits.bi
Finbits AB (Bits Technology)
Birger Jarlsgatan 27, 111 45 Stockholm, Sweden

© 2025 Finbits AB. All rights reserved.

Resources

Home

About

Blog

Careers

FinCrime job board

Contact

Media assets

Features

Onboarding

AML Risk score

Ongoing due-diligence

Transaction monitoring

Case management

Bits AI

More

Changelog

Customers

Integrations

Learning hub

Webinars

Developers

Documentation

API reference

Security

Legal

Privacy

Security

Finbits AB (559375-3923)

Resources

Home

About

Blog

Careers

FinCrime job board

Contact

Media assets

Features

Onboarding

AML Risk score

Ongoing due-diligence

Transaction monitoring

Case management

Bits AI

More

Changelog

Customers

Integrations

Learning hub

Webinars

Developers

Documentation

API reference

Security

Legal

Privacy

Security

Finbits AB (559375-3923)

Resources

Home

About

Blog

Careers

FinCrime job board

Contact

Media assets

Features

Onboarding

AML Risk score

Ongoing due-diligence

Transaction monitoring

Case management

Bits AI

More

Changelog

Customers

Integrations

Learning hub

Webinars

Developers

Documentation

API reference

Security

Legal

Privacy

Security

Finbits AB (559375-3923)