Privacy Policy

1. Introduction

EasyXit ("we," "us," or "our") is committed to protecting your privacy and ensuring full compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR). This Privacy Policy outlines how we collect, process, store, and protect data when you use our services.

2. Data Controller

EasyXit is the data controller for all personal data processed through our system. We are responsible for ensuring that data is handled securely and in accordance with GDPR and other relevant regulations.

3. Data We Process

We only collect data necessary for fraud prevention and security, including:

  • Customer Identification Data – Information provided during the mandatory identification step (e.g., BankID).

  • Behavioral Data – Information related to customer activity at self-checkouts, discrepancies in scanned items, and warnings generated by the system.

  • Technical Data – IP addresses, device identifiers, and other technical information essential for system functionality and fraud detection.

All data collected is pseudonymized and processed using encryption to ensure maximum security.

4. Data We Store

EasyXit only stores the minimum amount of personal data required for security purposes. The following data is retained:

  • Personal Identification Number (Personnummer) – Stored to ensure accurate identification and prevent fraud.

  • Date of Transaction – Stored to maintain historical context for flagged incidents.

5. How We Use Your Data

EasyXit processes data solely for the following purposes:

  • Fraud Detection & Prevention – Identifying and preventing theft in self-checkouts.

  • Security Profiling – Creating pseudonymized customer profiles based on fraudulent events.

  • Industry-wide Protection – Securely transmitting warning data across connected stores to strengthen security networks.

Important: We do not use personal data for marketing, tracking, or any purposes unrelated to theft prevention.

If you wish to object to automated decision-making, you may contact us at legal@easyxit.com.

6. Data Minimization & Retention

We strictly follow the principle of data minimization, meaning we only store data as long as necessary to fulfill its security purpose:

  • Fraudulent events linked to customer profiles are stored for a maximum of three months, after which they are automatically deleted.

  • Once a profile has zero active events, it is also permanently deleted.

  • No unnecessary or excessive data is collected or retained.

All stored data is pseudonymized and encrypted to prevent unauthorized access.

7. Legal Basis for Processing

Our processing of personal data is based on:

  • Legitimate Interests – Preventing theft and ensuring a secure and reliable self-checkout experience.

  • Compliance with Legal Obligations – Fulfilling GDPR and other data protection requirements.

📌 As a data subject, you have the right to object to our processing. For further legal documentation, contact us at legal@easyxit.com.

8. Data Sharing & Security Network

  • EasyXit does not share personal data.

  • We only transmit the number of warnings associated with a pseudonymized identifier.

  • No identifiable customer data is exchanged between EasyXit and the point-of-sale (POS) system.

  • The shared data is used exclusively for fraud and theft prevention across connected stores.

9. Security Measures

We implement industry-leading security protocols to protect all data, including:

  • Advanced encryption for all stored and transmitted data.

  • Regular security audits to ensure compliance with GDPR and security best practices.

  • Strict access controls—only authorized personnel can access data.

10. Data Subject Rights

As a data subject, you have the right to:

Access – Request access to your personal data.
Rectification – Correct inaccurate or incomplete data.
Erasure (Right to be Forgotten) – Request deletion of your data, unless retention is required by law.
Objection – Object to data processing under certain circumstances.
Data Portability – Request transfer of your data to another service provider.

📌 You can submit data requests directly via the QR code displayed at self-checkouts or contact us at legal@easyxit.com.

11. International Data Transfers

All data processed by EasyXit is stored within the European Economic Area (EEA) and compliant with GDPR. If any data is transferred outside the EEA, it is protected through legally recognized safeguards.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect regulatory changes or improvements in our practices. Updates will be posted on our website.

13. Contact Information

For questions or concerns regarding this Privacy Policy or your data rights, contact us at:

📩 Email: legal@easyxit.com