Privacy Notice

Pagero’s data privacy notice

Data protection laws and regulations aim to protect the privacy and integrity of individuals (data subjects) when organisations process their personal data. Pagero processes personal data on behalf of its customers but is also processing personal data in relation to employees, job applicants and business contacts in the course of Pagero’s daily operations.

In order to protect the privacy and integrity of data subjects, Pagero works continuously to ensure that personal data are processed in a lawful and secure manner. These efforts are the collective responsibility of everyone at Pagero who has access to personal data in their work role.

As used in this privacy notice, “Pagero”, “us” and “we” refer to Pagero as a group, including Pagero AB (the parent company) and any of its affiliates that may process personal data. Pagero AB is a company registered in Sweden with company registration number 556581-4695, of Västra Hamngatan 1, SE-411 17 Gothenburg, Sweden. Each affiliate within Pagero is a separate legal entity but follows the same principles and standards for the protection of personal data. Contact details to each affiliate can be found on our website,

Purpose of the notice

This privacy notice explains why and how we collect and use personal data relating to business contacts, visitors on webpages and customer data, and provides information about the rights of data subjects in relation to their personal data. This privacy notice ensures that we:

  • Comply with data protection laws and regulations and employ good practice
  • Protect the rights of business contacts, employees, job applicants and prospective customers
  • Are open about how we store and process personal data

The basic principles for our processing of personal data

To ensure the privacy and integrity of data subjects, our processing shall abide by the following principles:

  • Lawfulness, fairness and transparency – We only process personal information in a lawful, fair and transparent manner in relation to the individual to whom the data concerns and ensure that the personal data processed are accurate and, where necessary, updated
  • Purpose limitation – We only process data gathered for specific, explicit and legitimate purposes
  • Data minimisation – We only process personal data required for the actual purpose of the processing
  • Storage limitation – We do not store personal data for longer than is necessary to fulfil the stated purpose or to comply with legal requirements
  • Privacy and confidentiality – We implement technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, dissemination and other prohibited processing

Use of personal data

Products and services

We use personal data to:

  • Provide our services
  • Administer, manage and develop our businesses and services, which includes managing our relationships with customers and prospective customers
  • Develop our businesses and services
  • Administer and manage IT systems, websites and applications

The categories of personal data processed by us on behalf of our customers in accordance with our agreement:

  • Data provided by Customer to us as a part of Customer’s use of the service (e.g invoices and other business documents, including customer employee contact information and other invoice data)

The categories of personal data typically processed by us in relation to the services we provide are, based on our legitimate interest:

  • Contact details for customer representatives (e.g. e-mail address, contact number)
  • Service desk enquiries (e.g name, issue, error logs and support requests)

The categories of personal data processed by us in relation to our websites based on your explicit consent through the cookie banner are:

  • IP-address
  • Information collected though cookies (e.g technical information such as browser type, session time, error codes)
  • Information that you provide to us through web forms (e.g contact information, information for participation in an event)


We use personal data based on our legitimate interest for our direct marketing purposes that we collect:

  • Directly from the individual through meetings, web forms or emails
  • From the data subject’s employer or from referrals from one of our customers or someone other than the data subject

Based on your explicit consent through the cookie banner, we also collect and market our products and services based on:

  • IP-address
  • Information collected though cookies (e.g technical information such as browser type, session time, error codes)

The categories of personal data processed by us for marketing purposes are:

  • Contact details to representatives of potential customers (name, title, email, phone)
  • IP-addresses collected though cookies for ad campaigns

In all our marketing activities, we offer the option to not receive direct marketing communications from us or to not receive any further marketing communications at all.

How long are personal data retained?

We do not retain personal data longer than necessary with regard to the purpose of the processing unless the data must or may be retained for a longer period of time by law.

Personal data processed on behalf of our customers:
Such personal data is kept in accordance with our customers’ instructions and our agreement with them, including personal data relating to support enquiries.

Personal data relating to potential or current customer representatives:
Customer representatives contact information is kept for the duration of our agreement with the customer or until that specific individual no longer represents our customer. Information relating to representatives of potential customers is kept no longer than 1 year after the collection was made unless the potential customer is or is in the process of becoming a customer. Pagero will however always delete information relating to a representative of a potential customer per that individual’s request.

Personal data collected through websites etc:
Personal data collected through web forms are kept no longer than for the purposes they were collected, e.g responding to questions, managing event participations etc. Personal data collected through cookies are kept in accordance with our cookie section

Transfer of personal data

Transfer within Pagero Group

We may share personal data with other companies within Pagero Group where necessary in connection with the purposes described in this privacy notice. For example, when providing services to a customer we may share personal data within Pagero Group in different territories that are involved in providing the service. Pagero Group has established an intragroup data transfer agreement to ensure that personal data is processed fairly and lawfully in each Pagero subsidiary. Please also see the section “transfers outside the EEA” for more information on intra-group transfers to group companies outside of EU.

Third parties

We may transfer or disclose the personal data that we collect to third-party contractors, subcontractors, and/or their subsidiaries and affiliates who may be supporting us in providing services to our customers.

We may also disclose personal data to professional advisers to establish, exercise or defend our legal rights and to obtain advice in connection with running our business or when explicitly requested by our customers.

Such third parties may engage additional parties in the processing of personal data. We only engage with third parties that are bound to maintain the appropriate levels of security and confidentiality, to process personal data only as instructed by us and to implement the same obligations downstream to their third parties.

Finally, we may also disclose personal data to law enforcement, regulatory or other government agencies if required under applicable laws or regulations.

Transfer to countries outside the European Economic Area (EEA)

Personal data may be transferred to and stored in countries other than the country in which our customers are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws providing specific protection for personal data. We only transfer personal data on behalf of our customers when we have been instructed to do so in accordance with our agreements.

Where we collect personal data within the EEA, transfer outside the EEA will only take place:

  • To a recipient located in a country that provides an adequate level of protection for your personal information; and/or
  • Under an agreement that satisfies EU requirements for the transfer of personal data outside the EEA, such as standard contractual clauses approved by the European Commission or a decision of adequacy made by the Commission.


We have implemented multiple physical and cybersecurity measures in order to protect our and our customer’s information (including personal data). This involves detecting, investigating and resolving security threats.

Each year, we subject ourselves to a security evaluation performed by an independent auditor in order to ensure and document that our systems maintain a satisfactory level of security and that we work continuously with security processes in our day-to-day operations. If you would like to know more how we work with security, please visit our information security page

Legal rights of data subjects

Where we act as data controller, data subjects have the right to request information about which of their personal data we process. Data subjects are also entitled to request that incorrect or incomplete personal data be corrected or deleted. Further to this, data subjects are entitled to object to certain processing of personal data and to request the restriction of such processing. Finally, data subjects have the right to request their provided personal data in a machine-readable format that can be transferred to another controller. Data subjects also have a right to issue complaints to a supervisory authority relating to Pagero’s processing of their personal data, please see the section “complaints and dispute resolution” below for more information.

Note that the abovementioned rights may be limited due to confidentiality or other mandatory rules and regulations.

Where we act as data processor, data subjects should in the first instance contact the data controller. Any direct communications from data subjects will be forwarded to the data controller, unless otherwise prescribed by mandatory rules and regulations.

For questions or complaints about how we process personal data, or requests to exercise your legal rights, please contact us by e-mail at or by letter at the above address.

Complaints and dispute resolution

Pagero will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal information. Any questions or complaints should first be sent to our Data Protection Officer Complaints that cannot be solved between you and the Pagero can be referred to a relevant Data Protection Authority, and Pagero will work with relevant Data Protection Authority to resolve such matter. Find contact information to your relevant Data Protection Authority:

Other important information