Skip to content 
Open Banking Privacy Notice
This privacy notice explains how Lilla Ekonomibyrån Sverige AB processes personal data when Open Banking is used to retrieve account information from a customer’s bank.
This notice only covers our Open Banking account information functionality, AIS. Our full privacy information for customers is provided separately to our customers as part of our service relationship.
1. Controller and processor roles
Lilla Ekonomibyrån Sverige AB may process Open Banking data both as an independent controller and as a processor on behalf of the customer, depending on the specific processing activity.
We are normally a controller for processing where we determine the purposes and means ourselves, such as administration of our customer relationship, compliance with our own legal obligations, security, support and protection of our legal interests.
We may act as a processor when we process account information on the customer’s behalf to perform agreed accounting or administration services under the customer agreement.
The exact allocation of responsibilities is governed by the agreement between the customer and Lilla Ekonomibyrån Sverige AB, including applicable data protection terms.
2. What data we process
When Open Banking is used, we may process account information made available by the relevant bank through Enable Banking. This may include:
- account holder information;
- account identifiers;
- account names;
- account balances;
- transaction dates;
- transaction amounts;
- transaction descriptions;
- counterparty information;
- references and payment messages;
- technical information connected to the Open Banking connection, authorisation and authority.
The exact information available may vary depending on the bank, the account type, the authorisation and the functionality supported through Enable Banking.
3. Why we process the data
We process Open Banking data to provide accounting and administration services to our customers. This includes bookkeeping, reconciliation, accounting administration, quality control, customer support, system maintenance and compliance with legal obligations connected to accounting, taxation and anti-money laundering.
We do not use Open Banking data for advertising, resale, separate profiling or separate analytics.
4. Legal basis
Where Lilla Ekonomibyrån Sverige AB acts as controller, the legal basis may be:
- performance of a contract;
- compliance with legal obligations;
- legitimate interests, such as providing, maintaining and securing our services and managing our customer relationship.
Where we act as processor, the customer is responsible for ensuring that there is a valid legal basis for the processing and we process the data in accordance with the customer agreement and applicable data protection terms.
The Open Banking connection itself is based on authorisation through the relevant bank by a person with the required authority.
5. Enable Banking and banks
We use Enable Banking to retrieve account information from banks through Open Banking.
Enable Banking enables the technical connection between our application and the relevant bank. The bank and Enable Banking may process personal data in accordance with their own roles, terms and privacy information.
More information about Enable Banking is available in Enable Banking’s terms and privacy notice:
https://enablebanking.com/terms/
https://enablebanking.com/privacy/
6. Hosting, service providers and recipients
Open Banking data is stored in our own databases hosted by Amazon Web Services in Stockholm, Sweden.
We do not share Open Banking data with third parties for their own purposes.
Open Banking data may be processed by our service providers where necessary for hosting, security, maintenance, support, troubleshooting and service delivery. Such providers process personal data under applicable agreements and instructions where required.
Authorised personnel and authorised service providers may access data where necessary to provide our services, maintain our systems, provide support, troubleshoot issues or protect the security of the systems.
We may also disclose information if required by law, by a competent authority, or where necessary to establish, exercise or defend legal claims.
7. International transfers outside of EU/EES
Open Banking data is hosted with Amazon Web Services in Stockholm, Sweden.
If personal data is transferred to or made accessible from a country outside the EU/EEA, we will ensure that appropriate safeguards are used in accordance with applicable data protection law.
8. Retention
Open Banking data is retained for as long as necessary to provide our services to the customer, for as long as we have an active customer relationship, and for as long as we are required or permitted to retain the data under applicable law.
Open Banking data that has been retrieved may become part of the customer’s accounting material. Such information may need to be retained for the period required under applicable accounting legislation.
If a customer asks us to delete Open Banking data, we will assess the request in accordance with the customer agreement and applicable law. Data that forms part of accounting material or that we are legally required to retain may not always be deleted before the retention obligation has expired.
9. Security
We use technical and organisational measures to protect Open Banking data against unauthorised access, loss, alteration and misuse.
Access to Open Banking data is limited to persons who need the information to provide our services, support the customer, maintain our systems or comply with legal obligations.
10. Your rights
Depending on the circumstances and our role in the specific processing, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability and to object to certain processing.
Where we act as processor on behalf of a customer, requests may need to be handled by the customer as controller.
You also have the right to lodge a complaint with a data protection authority. In Sweden, the supervisory authority is Integritetsskyddsmyndigheten.
11. Contact
For questions about this Open Banking Privacy Notice or our processing of Open Banking data, please contact:
Lilla Ekonomibyrån Sverige AB
Company registration number: 556943-1447
Backvägen 2
169 55 Solna
Email: dataskydd@lillaekonomibyran.se
Website: https://lillaekonomibyran.se