- Zapout ("Zapout," "we," "our," or "us") is a Swedish registered company operating the Zapout platform and mobile application. We are committed to protecting your privacy and ensuring that your personal data is processed securely and transparently. This Privacy Policy describes how we collect, use, store, share and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
- Zapout operates a technology platform that automates claims for public transport delays, in collaboration with transport operators, financial institutions, commercial partners, IT service providers and subcontractors.
- We have implemented strict security and legal safeguards to protect your data and ensure compliance with all applicable regulations. By using Zapout's services, you consent to this Privacy Policy and the processing of your data as described herein.
- Zapout is responsible for processing your personal data. If you have questions about this policy or want to exercise your rights, please contact us at support@Zapout.se or visit www.Zapout.se.
- Full name
- Date of birth
- Social security number (required for BankID authentication)
- Contact details (e-mail address, telephone number, home address)
- Train and bus ticket details
- Travel history (routes, operators used, timestamps)
- Delay reports and compensation eligibility
- Bank account details for reimbursement payments
- Transaction records and refund details
- Payment method information (credit/debit cards, mobile payments)
- IP address and device identifier
- Browser type, operating system and app usage logs
- Cookies and analytics data
- Support requests, complaints and feedback
- Social media information (when you interact with us on social platforms)
- Medical data (only if required for specific claims)
- Claims and reimbursement data: Retained for 6 months after case closure
- Financial records: Retained for 10 years for tax compliance
- Support requests: Retained for 3 years after resolution
- Marketing Consent: Retained until you withdraw consent
- Account Data: Remains available for 30 days after account termination for retrieval
- Legal protection data: Personal data may be retained longer than the periods specified above when necessary to establish, exercise, or defend legal claims, or to comply with legal obligations. Such data will be retained only for as long as reasonably necessary for these purposes.
- Encryption: Banking, ID and travel data are encrypted
- Access controls: Restricted to authorized personnel
- Secure storage: GDPR-compliant cloud security measures
- Fraud prevention: AI-powered monitoring against fraudulent claims
1. INTRODUCTION
2. DATA CONTROLLER AND CONTACT INFORMATION
3. CATEGORIES OF PERSONAL DATA WE COLLECT
Zapout processes different types of personal data depending on your interaction with our services.
Personal identification data
Travel and reimbursement data
Payment and financial data
Technical and usage data
Customer service and communication data
Sensitive data (only if required)
4. PURPOSES AND LEGAL BASIS FOR PROCESSING
Zapout processes your data for specific and legitimate purposes, as required by the GDPR
| Purpose | Legal basis |
|---|---|
| Claims automation | Performance of contract |
| Customer service and dispute resolution | Legitimate interest |
| Processing of refunds and payments | Performance of contract |
| Sharing of data with transport operators for claim verification | Legitimate interest |
| Fraud prevention and security | Legitimate interest |
| Compliance (e.g. anti-money laundering laws) | Legal obligation |
| Marketing and customer engagement (with your consent) | Consent |
5. DATA SHARING AND THIRD PARTIES
Zapout only shares your personal data with trusted partners when it is necessary for service delivery and compliance.
5.1 Transport operators and compensation partners
We share ticket, travel and delay information with public transport operators to process claims efficiently.
5.2 Financial institutions and payment processors
Banking and transaction details are securely shared for claims payments and refunds.
5.3 IT service providers and cloud hosting
We use GDPR-compliant cloud storage, analytics and security providers to protect your personal data.
5.4 Legal and regulatory authorities
When required by law, we share data with regulatory bodies, law enforcement authorities and tax authorities.
5.5 Commercial partners and data insights
With your explicit consent, anonymized travel data may be shared with third-party partners to improve the Services.
All data sharing agreements comply with the GDPR (Article 28 - Data Processing Agreements & Article 46 - International Transfers).
6. DATA RETENTION POLICY
We retain personal data only for as long as necessary, in accordance with legal and business requirements:
After the retention periods expire, data is permanently deleted or anonymized, except where longer retention is required for legal compliance or protection of legal rights.
7. RIGHTS OF DATA SUBJECTS
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure ("Right to be forgotten") | Request erasure of your data |
| Restriction | Restrict how we process your data |
| Objection | Object to processing based on legitimate interest |
| Data portability | Receive your data in a structured format |
| Withdraw consent | Stop consent-based data processing at any time |
To exercise your rights, please send an email to support@Zapout.se
8. DATA SECURITY MEASURES
Zapout uses advanced security protocols, including:
9. AUTOMATED DECISION-MAKING AND PROFILING
Automated travel delay analysis is used for faster claims processing. No automated decisions that significantly affect your rights are made without human review. You have the right to request human review of automated decisions and receive meaningful information about the logic used.
10. INTERNATIONAL DATA TRANSFERS
Personal data may be transferred and processed outside the European Economic Area (EEA). When this occurs, we use Standard Contractual Clauses (SCC) or other GDPR-approved safeguards to ensure your data remains protected.
11. COOKIES AND TRACKING
For details on our use of cookies, tracking technologies and analytics, please see our Cookie Policy.
12. CHANGES TO THIS POLICY
We may update this privacy policy from time to time as necessary to reflect changes in our services or legal requirements. When we make significant changes to this policy, we will notify you via email and publish the updated version on our website. This policy was last updated on September 5, 2025.
13. CONTACT AND COMPLAINTS
If you have questions in regards of this policy or privacy concerns, please contact support@Zapout.se.
If our response does not resolve your concerns, you have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY) or seek alternative dispute resolution through the Swedish National Board for Consumer Disputes (ARN).
- Namn: Nordic saas IT system AB
- E-post : support@zapout.se
- Tel.nr: 0000000000
- Web: www.zapout.se
- Org.nr : 556992-3609
- VAT.nr : SE556992360901
