PRIVACY POLICY
Suld Advisory AB
Örebro, Sweden
Effective date: June 2026
Introduction
Suld Advisory AB ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data.
We process all personal data in accordance with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act (Dataskyddslagen 2018:218), and all other applicable data protection legislation.
Please read this policy carefully before engaging our services. By submitting your personal data to us, you confirm that you have read and understood this policy.
Who We Are
Data Controller:
Suld Advisory AB
Örebro, Sweden
Organisationsnummer: [only bye request]
Email: [info@suldadvisory.eu]
Phone: [+46 70 200 87 44]
Phone: [+976 80 16 15 30]
As Data Controller, Suld Advisory AB determines the purposes and means of processing your personal data. Where we share your data with partner Mongolian financial institutions, those institutions act as separate Data Controllers or Data Processors under a Data Processing Agreement with us.
What Personal Data We Collect
Depending on which services you engage, we may collect the following categories of personal data:
3.1 Identity Data
• Full legal name
• Date of birth
• Mongolian passport number and copy of passport photo page
• Mongolian civil register number (регистрийн дугаар)
• Swedish personnummer
• Photograph (passport-style, where required)
3.2 Residency and Contact Data
• Swedish registered address (from Skatteverket personbevis)
• Email address
• Swedish phone number
• Length of Swedish residency
3.3 Financial Data
• Employment status and employer name
• Monthly income (from payslip or employment contract)
• Swedish credit history (UC AB credit check result)
• Kronofogden status
• Mongolian bank account details
• Loan amount requested
• Repayment history
3.4 Verification and Consent Records
• BankID signature records
• GDPR consent forms (signed)
• Date and time of identity verification
• Verification outcome (approved / flagged / rejected)
3.5 Technical Data (Website)
• IP address
• Browser type and version
• Pages visited and time spent
• Cookie data
We do not collect special category data unless strictly required and with your explicit consent. We do not collect data from children under 18.
How We Collect Your Data
We collect your personal data through the following means:
• Directly from you — when you complete an application form, submit documents, sign a consent form, or contact us by email or phone
• Via BankID — when you sign a consent or verification document using Swedish BankID
• From Skatteverket — personbevis documents you provide to us
• From UC AB — Swedish credit check results obtained with your explicit consent
• From your employer — payslips or employment contracts you provide to us
• From our website — technical data collected automatically when you visit our site
Legal Basis for Processing
Under GDPR we must have a lawful basis for processing your personal data. We rely on the following bases:
Identity verification and KYC → Explicit consent (Article 6(1)(a) and Article 9(2)(a))
Loan application facilitation → Performance of a contract (Article 6(1)(b))
Repayment collection and management → Performance of a contract (Article 6(1)(b))
Credit check via UC AB → Explicit consent (Article 6(1)(a))
Sharing data with Mongolian partner institutions → Explicit consent (Article 6(1)(a))
Compliance with Swedish legal obligations → Legal obligation (Article 6(1)(c))
Maintaining financial records → Legal obligation (Article 6(1)(c)) — Bokföringslagen
Website analytics → Legitimate interests (Article 6(1)(f))
Where we rely on consent as the legal basis, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
How We Use Your Data
We use your personal data for the following purposes:
• To verify your identity and confirm your Swedish residency status
• To prepare and submit loan applications to partner financial institutions on your behalf
• To conduct credit checks with your consent via UC AB
• To collect and process loan repayments via Swedish direct debit (Autogiro)
• To communicate with you about your application, loan status, and repayment schedule
• To comply with our legal obligations under Swedish and EU law including AML and KYC requirements
• To maintain accurate financial records as required by the Swedish Bookkeeping Act (Bokföringslagen)
• To investigate and resolve complaints
• To improve our services and website
We will never use your personal data for unrelated marketing purposes without your explicit consent. We will never sell your personal data to any third party.
Who We Share Your Data With
We share your personal data only where necessary and always with appropriate legal safeguards in place.
7.1 Partner Financial Institutions
We share your verified identity profile and supporting documents with named Mongolian financial institutions for the purpose of loan assessment and processing. This sharing occurs only with your explicit written consent. A Data Processing Agreement including EU Standard Contractual Clauses governs this transfer.
7.2 Payment Infrastructure Partners
Where we use a licensed Swedish payment institution to process SEK repayments and SWIFT remittances, we share transaction-level data necessary to execute payments. These partners are bound by their own regulatory obligations and GDPR compliance frameworks.
7.3 Credit Reference Agencies
We share your personnummer with UC AB to obtain a Swedish credit report, with your explicit prior consent.
7.4 Legal and Regulatory Authorities
We may share your personal data with Swedish authorities — including Finansinspektionen, Skatteverket, Kronofogden, or Swedish Police — where we are legally required to do so or where disclosure is necessary to prevent or detect fraud or crime.
7.5 Professional Advisors
We may share data with our lawyers, accountants, and compliance advisors on a strictly confidential, need-to-know basis.
We do not share your data with any other third parties without your prior written consent.
International Data Transfers
Suld Advisory AB transfers personal data outside the European Economic Area (EEA) to Mongolia in order to facilitate loan applications with Mongolian financial institutions.
Mongolia does not currently hold an adequacy decision from the European Commission. We therefore ensure that all transfers to Mongolia are protected by EU Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Article 46(2)(c).
Before any international transfer occurs, you will be:
• Informed that your data will be transferred to Mongolia
• Informed that Mongolia does not have EU-equivalent data protection laws
• Asked to provide explicit consent to the transfer
A copy of the applicable Standard Contractual Clauses is available on request by emailing [info@suldadvisory.eu].
Data Retention
We retain your personal data only for as long as necessary for the purposes it was collected and in accordance with our legal obligations.
Loan application and verification documents → Loan duration + 5 years (Swedish financial record requirements)
Repayment records → 7 years from last transaction (Bokföringslagen)
GDPR consent records → Duration of relationship + 3 years (Proof of lawful processing)
Rejected application data → 6 months from rejection (Brief review period then deleted)
Website analytics data → 13 months (Standard analytics retention)
Complaint records → 3 years from resolution (Legal dispute reference)
When the retention period expires, we securely and permanently delete or anonymise your personal data.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures including:
• Encrypted document storage (minimum AES-256 encryption at rest)
• Two-factor authentication on all systems holding personal data
• Access controls — only authorised personnel can access client data
• Secure document collection via GDPR-compliant e-signature platforms (such as Scrive)
• Regular security reviews of our systems and processes
• Staff awareness of data protection obligations
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Swedish Data Protection Authority (IMY) within 72 hours and notify you directly without undue delay.
Your Rights Under GDPR
Under GDPR you have the following rights in relation to your personal data:
Right of access — You can request a copy of all personal data we hold about you
Right to rectification — You can ask us to correct inaccurate or incomplete data
Right to erasure — You can ask us to delete your data where there is no legitimate reason to retain it
Right to restrict processing — You can ask us to pause processing of your data in certain circumstances
Right to data portability — You can ask us to provide your data in a structured, machine-readable format
Right to object — You can object to processing based on legitimate interests
Right to withdraw consent — You can withdraw consent at any time without affecting prior processing
Right not to be subject to automated decisions — We do not make solely automated decisions that significantly affect you
To exercise any of these rights, contact us at [info@suldadvisory.eu]. We will respond within 30 days.
Cookies
Our website uses cookies to ensure basic functionality and to understand how visitors use the site.
Essential cookies — Required for the website to function (navigation, security) — Session
Analytics cookies — Understanding visitor behaviour — 13 months
Preference cookies — Remembering your language preference (EN / SV / MN) — 12 months
We do not use advertising cookies or third-party tracking cookies. You can manage or disable cookies through your browser settings at any time.
Children's Data
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us immediately at [info@suldadvisory.eu] and we will delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. We will notify existing clients of material changes by email at least 14 days before they take effect. The current version is always available on our website with the effective date clearly stated.
How to Complain
If you are unhappy with how we have handled your personal data, please contact us first at [info@suldadvisory.eu]. We will do our best to resolve your concern promptly.
If you remain unsatisfied, you have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten — IMY):
IMY
Box 8114
104 20 Stockholm
Sweden
Website: imy.se
Phone: +46 8 657 61 00
You may also complain to the data protection authority in your country of residence within the EEA.
Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data:
Suld Advisory AB
Örebro, Sweden
Email: [info@suldadvisory.eu]
Phone: [+46 70 200 87 44]
Phone: [+976 80 16 15 30]
Organisationsnummer: [only by request]
We aim to respond to all data protection enquiries within 5 business days.
Last updated: June 2026
