Privacy Statement

This document is a Privacy Statement in accordance with General Data Protection Regulation (Regulation (EU) 2016/679).



Crosskey adheres guidelines based on the EU’s General Data Protection Regulation (GDPR).
Privacy of the personal, user and customer data on Crosskey premises, systems and services is one of the key aspects to secure data assets processed in Crosskey organization.
Crosskey does not use any personal data in any other way than securing the promised service level for customers or fulfilling lawful or legitimate interests. Personal data is not stored longer than required and is not used in marketing. Crosskey does not transfer personal data outside EU/EEA.
Data Privacy Impact Assessments (DPIA) are conducted annually or when deemed necessary to ensure that all the regulations are taken into account in Crosskey services, systems and products.

Crosskey can be contacted using contact details and providing subject for inquiry. For further information see section “Data subject rights” below.


Purpose of processing personal data

Crosskey collects information about your computer and your visits to this website. This information includes geographical location, browser type, referral source, length of visit and number of page views.
The information is used based on Crosskey’s legitimate interests to administer this website and to improve the website’s usability.
In case you use the “get in touch web form”, your e-mail and any other information provided by you in open text field are collected by Crosskey.
This information is used based on data subject’s consent and Crosskey’s legitimate interests to communicate and to improve our service.

Personal data collected on this website will be used for the purposes specified in this privacy policy. Crosskey will not use your personal data for any additional purpose, such as to profile those who access the website, unless Crosskey has informed you about such purpose and, when applicable, has your permission to do so. Furthermore, Crosskey will only keep your personal data as long as necessary in order to achieve the purpose it was collected for or as required in order to comply with any mandatory retention periods under applicable law.


Information sources

Crosskey collects, stores and uses the following categories of personal data that you give us directly or indirectly through your use of our website:

  • information about your visits to and use of this website
  • personal data provided in contact form


Information disclosure

Crosskey discloses information collected about you in connection with your website visit:

  • to our service providers Google and Stormfors who may only process the personal data on our behalf;
  • in order to administer this website and to improve the website’s usability.
  • in order to communicate with you and to improve our service.

Due to the technical solution used to handle the data, some data may be physically located on the servers of external data processors and managed using a technical connection.
Data is not handled or transferred outside the European Union or the European Economic Area.
Except as provided in this privacy policy, we will not provide your information to third parties.


Security of your personal data

Crosskey will take adequate security measures to prevent any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal information.
Personal information provided is stored to secure servers that are protected by technical systems.


Third party websites

Website contains links to other websites. This privacy policy does not cover the links within this website lining to other third party websites and Crosskey is not responsible for the privacy policies of such other third party websites.


Use of cookies

You can read more about how we use cookies in our Cookie policy.


Data subject rights

Any person whose details are kept on record has the right pursuant to GDPR to verify the information on file and withdraw given consent at any time.

A person whose details are kept on record has the right to restrict processing, require correction, amendment or removal of any personally identifiable information in the register which, taking into account the purpose for which the information is processed, is inaccurate, unnecessary, incomplete or out of date. A person also has a right to receive a copy of such information that was provided to Crosskey directly by the person (data portability). Should a specific request be denied, the person will be provided with a written statement regarding the matter.

On your right of access or portability request, please mention that the request concerns the registry data in Crosskey website.

Requests can be submitted in writing by signed mail, e-mail or contact sheet on home page to the following addresses:

Crosskey Banking Solutions Ab Ltd
EU ID FI 19066720
Data Privacy Officer
Vesa Vainio

Elverksgatan 10
22100 Mariehamn

Telephone: +358 (0) 204 29 022

Data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or of an alleged infringement of the GDPR.