Apple Pay Policy.



Epassi takes the protection of your personal data very seriously.

We developed this policy to inform you of the conditions under which we collect, process, use and protect your personal data. Please read it carefully to familiarize yourself with the categories of personal data that are subject to collection and processing, how we use these data and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your personal data.

This policy may be amended, supplemented or updated, in particular to comply with any legal, regulatory, case law or technical developments that may arise. However, your personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.

This policy forms an integral part of the Terms and Conditions of the Application.



The personal data controller is Epassi Benefits & Rewards Sweden AB (registration number 556649-1444), Ynglingagatan 14, 113 47, Stockholm.


Personal data” means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person.

us” or “our” Epassi Benefits & Rewards Sweden AB (hereinafter “Epassi”)

you” an individual cardholder permits to use the Services under the Cardholder Terms and Conditions

App” digital wallet Apple mobile application software available on the Apple site or hosted on     


We will most likely collect your personal data directly (in particular via the data collection forms on our App) or indirectly (in particular via our service providers and/or technologies on our App).

We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.

You will, in any event, be informed of the purposes for which your data are collected via the various online data collection forms.



We specifically collect and process the following types of personal data:

  • the information that you provide when filling in the forms on the App (for example, for subscription purposes, to participate in surveys, for marketing purposes, etc.);
  • the information that you provide for authentication purposes;
  • the information that you provide for order fulfillment or to provide a service;
  • via “posts”, comments or other content that you post on the App.
  • Transactional information to provide you a statement online and through the App
  • Your device information to provide you with the service.
  • The information you provide with enrolling in the App to verify your request and to facilitate your use of this service once you’ve registered

Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfill any orders placed. In the absence of this compulsory information, these transactions cannot be processed.


We collect some information automatically when you visit the App in order to personalize and enhance your experience. We collect this information using various methods such as:

IP addresses

An IP address is a unique identifier used by some electronic devices to identify and communicate with each other on the internet. When you consult our App, we can use the IP address of the device used by you to connect you to the App. We use this information to determine the general physical location of the device and to know in which geographical areas visitors are located.


These reports tell us, for example, how many users consulted the App, which pages were visited and in which geographical areas App users are located. The information gathered via the statistics may include, for example, your IP address, the App from which you arrived at our site and the type of device that you used. Your IP address is hidden on our systems and will only be used if necessary to resolve a technical problem, for App administration and to gain insight into our users’ preferences. App traffic information is only accessible to authorized staff. We do not use any of this information to identify visitors and we do not share this information with third parties.



We use your personal data specifically for the following purposes:

  • to respond to your requests such as requests for information, searches, the newsletter or other content;
  • to provide the services and offers ordered on our App and/or in one of our establishments;
  • to conduct surveys and gather statistics;
  • to personalize and enhance your experience on our App;
  • to offer you our products and services and/or our partners’ products and services;
  • any other purpose of which we will inform you, if applicable, when we collect your data.


We process your personal data as part of the performance and management of our contractual relationship with you, in our legitimate interest to improve the quality and operational excellence of the services we offer to you or in compliance with certain regulatory obligations.

Your personal data may also be processed based on your prior consent in the event that under certain circumstances, your consent would be requested.


The security and confidentiality of your personal data is of great importance to us. This is why we restrict access to your personal data only to members of our staff who need to have this information in order to process your orders or to provide the requested service.

We will not disclose your personal data to any unauthorised third parties. We may, however, share your personal data with entities within the Epassi group and with authorised service providers (for example: technical service providers ,hosting, maintenance, consultants, etc.) whom we may call upon for the purpose of providing our services. We do not authorise our service providers to use or disclose your data, except to the extent necessary to deliver the services on our behalf or to comply with legal obligations. Furthermore, we may share personal data concerning you (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.


We will store your data only for as long as necessary to fulfill the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.



As a general rule, we do not collect sensitive personal data via our App. “Sensitive personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.

In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of personal data and, in particular, with your explicit prior consent and under the conditions described in this Confidentiality Policy.


The App is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.

Children users under the age of 13 years or without legal capacity must obtain consent from their legal guardians prior to submitting their data to the App.



As Epassi is an international group, your personal data may be transmitted to internal or external recipients that are authorised to perform services on our behalf and that are located in countries outside the European Union or the European Economic Area which do not offer an adequate level of personal data protection.

In order to guarantee the security and confidentiality of personal data thus transmitted, we will take all necessary measures to ensure that these data receive adequate protection, such as signing standard European Commission contractual clauses or other equivalent measures.



In accordance with the applicable law, you have certain rights relating to the processing of your personal data.

Right of access

You have the right to request access to your personal data. You may also request rectification of inaccurate personal data or request that incomplete data be completed.

You also have the right to know the source of the personal data.

Right of erasure

Your right to be forgotten entitles you to request the erasure of your personal data when:

(i)      the data are no longer necessary to achieve the purposes for which they were collected and processed;

(ii)     you choose to withdraw your consent (if your consent was obtained as the legal basis for processing), without such a withdrawal affecting the lawfulness of any processing carried out prior to the withdrawal;

(iii)    you object to the processing;

(iv)    your data were processed unlawfully;

(v)     your data must be erased to comply with a legal obligation; or

(vi)    erasure of the data is required to ensure compliance with current legislation.

Right to restriction

You may also request restriction of processing of your personal data if:

(i)      you dispute the accuracy of your data;

(ii)     we no longer need these data for processing purposes; and

(iii)    you are opposed to the processing of the data.

The right not to be the subject of a

decision based

exclusively on

automated data processing

You have the option not to be the subject of a decision based exclusively on automated processing that has legal effects concerning you or that has a significant impact on you.

Right of portability

You may request that we provide your personal data in a structured, commonly used, machine-readable format or you may request that it be transmitted directly to another controller on condition that:

(i)      the processing is based on your consent or necessary to fulfill a contract with you; and

(ii)     that it is done via automated means.

Right to lodge a complaint with a supervisory authority

If you have any concerns or complaints with regard to the protection of your personal data, you have the right to lodge a complaint with the Integritetsskyddsmyndigheten at

However, please address any requests to us beforehand by contacting us at the address given below so that we can deal with your request and find an amicable solution.

To exercise your rights, you can contact us by writing to us at the following address:  stating your surname, first name and the reason for your request. We will most likely ask you for additional information in order to identify you and to enable us to deal with your request.



We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your personal data.

To this end, we take all necessary precautions given the nature of the personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).


Occasionally, we provide links to other Apps for practical and informative purposes. These Apps are mostly Epassi Apps and some of them operate independently from our Apps and are not under our control. These Apps are run by third parties with their own confidentiality recommendations or terms of use which we strongly advise you to read. We do not accept any liability with regard to the content on these sites, for the products and services that may be offered there or for any other use thereof.


This policy will become effective on May 1st, 2021. We may update or amend this confidentiality policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.


If you have subscribed to certain services via our App and you no longer want to receive emails, please consult the “unsubscribe” page corresponding to the service you are subscribed to.



If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address:


Last updated: 31st of March 2021