Privacy policy

sepago respects your privacy and is committed to protecting your personal data. This Privacy Policy tells you how we treat your personal data, including when you visit our website (regardless of where you visit it from), and informs you about your privacy rights and the legal protection of your data. We will update this Privacy Policy from time to time as we implement new procedures to protect personal information or adopt new privacy policies.


1. Important information and who we are

This privacy notice tells you how Proact collects and processes your personal data, including data you provide to us when you access or subscribe to informational materials or newsletters, purchase products or services, attend events, or interact with tools or applications we provide.Our website is not intended for children, and we do not knowingly collect data about children.It is important that you read this privacy notice along with any other notices we provide on specific occasions when we collect or process personal data about you so that you understand exactly how and why we use your data. This privacy notice supplements those other notices and is not intended to override them.

Contact information

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact our Data Protection Officer (Rowena Finn) at

You have the right to file a complaint with the supervisory authority responsible for data protection issues for you at any time. We would be grateful if we could first deal with your concern before you contact the supervisory authority. Therefore, please feel free to contact us directly - if this is not possible, you can find details of the relevant supervisory authorities here.

Data controller

Proact is made up of different legal entities, details of which can be found here. So when we mention "Proact", "we", "us" or "our" in this Privacy Policy, we are referring to the relevant company within the Proact group that is responsible for processing your data. The relevant company is the company that provided you with the link to this Privacy Policy.

Name and address of the data protection officer

Rowena Finn

Data protection team for general data protection inquiries:
Team e-mail:

Appointed representatives

Where a Proact entity based in the UK processes personal data of data subjects located in the EU or EEA in the UK, the appointed EU representative, where required by law, is Proact IT Group AB.

If a Proact entity located outside the United Kingdom processes personal data of data subjects located in the United Kingdom outside the United Kingdom, the designated United Kingdom representative, to the extent required by law, is Proact IT UK Limited.

You can contact one of our representatives at:

Our website may contain links to third-party websites, plug-ins, and applications. When you click on these links or enable these connections, third parties may collect or share information about you. We have no control over these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statements of each website you visit.

2. The data we collect about you

Personal data or personal information is any information that relates to a person and from which that person can be identified. This does not include data where the identity has been removed (anonymous data). We may use any information you provide to us as set out in this privacy notice.

We may also collect personal information about you from third parties, including publicly available information sources (including social media and websites), third party marketing agencies, vendors, and our customers or suppliers, which may also be used by us as set forth in this Privacy Policy.

Personal Data may include identity data, contact information, images or videos, financial information, details of your transactions with Proact or related parties, technical data resulting from your use of our website or our products and services, profile and usage data of our services that you access, and marketing and communication interests and preferences.

We may also collect, use and share aggregated data such as statistical or demographic data for our internal purposes. Aggregate data may be derived from your personal data, but is not considered personal data under the law because such data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users who access a particular feature of the Site. However, if we combine or link aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data used in accordance with this Privacy Notice.

We do not collect special categories of personal data about you (this includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, information about your health, and genetic and biometric data). We also do not collect information about criminal convictions and offenses.

It is important that the personal data we hold about you is accurate and up to date. Please inform us if your personal data changes during your connection/relationship with us.

If you do not provide personal data

If we are required by law or by a contract we have with you to collect personal data and you do not provide that data to us when requested, we may not be able to fulfill the contract we have entered into or are trying to enter into with you (for example, to provide you with goods/services or managed services). In this case, we may need to cancel a product or service or managed services that you or your organization (if it is our customer) has contracted with us to provide to you

3. How we collect your personal data

We use various methods to collect information from and about you, including through:

4. How we use your personal data

Processing purposes

Below you will find a description of all the ways in which we may use your personal data and the legal bases on which we rely. Where necessary, we have additionally set out our legitimate interests.

Note that we may process your personal data for more than one legal ground, depending on the specific purpose for which we use your data.

We will only use your personal information when the law allows us to do so. In most cases, we will use your personal data in the following cases:

We may also rely on your explicit consent as the legal basis for processing your personal data, for example, in relation to sending you third-party direct marketing communications by email or text message.

Our legitimate interests

Most of the personal information we use for our legitimate interests described above is not sensitive. The use of your information as set forth in this Privacy Policy is important for Proact to function as an efficient organization.

It is necessary for Proact to collect and process certain information, which is kept to a minimum and subject to additional safeguards, in order to, for example, conduct transactions requested by our customers, manage our shared systems across the Proact group of companies, understand our customers and website visitors, and fulfill our obligations to our customers and other third parties.

Marketing / Opt-Out

If you no longer wish to receive marketing communications from us, you may let us know by following the unsubscribe links in any marketing communication sent to you or by contacting us at any time.

If you choose not to receive these marketing messages, please note that if you ask us not to contact you by email at a particular email address, we will retain a copy of that email address in order to honor your request.


You can set your browser to reject all or some browser cookies or to warn you when websites set or use cookies. If you disable or refuse cookies, please note that some parts of our website may no longer be accessible or may not function properly. For more information about the cookies we use, see "Web Tracking Technologies - Managed with Usercentrics".

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we believe we need to use it for an additional purpose that is compatible with the original purpose.

If we consider using your personal information for a new purpose, we will notify you or, if necessary, ask for your permission or obtain your consent.

5. Disclosure and transfer to third parties

We share your personal data within the Proact group of companies and with our sub-processors and service providers who facilitate the provision of our services to our customers (e.g. hosting partners, service desk, etc.). This may include processing your data outside of the European Union, European Economic Area and the United Kingdom. A list of our current subcontractors can be found below:

Learn more about our subcontractors

Some of our third party processors are located outside the EU, the EEA and the UK, so their processing of your personal data involves a transfer of data outside these territories. Whenever we transfer your personal data from the EEA to a jurisdiction or territory outside the EEA or from the UK to a jurisdiction or territory outside the UK, we will ensure that a similar level of protection is provided by implementing at least one of the following safeguards:

We require all third parties to respect the security of your personal information, to treat it in accordance with the law, and to only allow them to process your personal information for specific purposes in accordance with our instructions.

Forced disclosure

We may also disclose your personal information if we are required to do so by law, a competent law enforcement agency, a regulatory authority, a government agency, a court or a third party: (i) to the extent permitted or required by applicable law or regulation.

We may disclose personal information to a prospective buyer (and its agents and advisors) in connection with a proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer that it may use your personal information only for the purposes set forth in this Privacy Policy.

6. Data security

Personal data managed by Proact is stored and processed in accordance with applicable data protection laws. We take measures to ensure that the information we process is treated in accordance with this Privacy Policy and applicable laws.

When necessary or appropriate and feasible, we obtain written assurances from third parties who have access to your information that they will protect the information with equivalent safeguards as Proact.

To protect your data, we take technical and organizational security precautions and regularly update and test our security measures. However, please note that no information system is completely secure and we cannot guarantee the absolute security of your information. We are not responsible for the security of any information you transmit to us over networks that we do not control, including the Internet.

In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need such access to fulfill any of the purposes described in this Privacy Policy. They will only process your personal data on our instructions and are bound to confidentiality.

We have established procedures in the event of a suspected personal data breach and will notify you and the appropriate supervisory authorities of a breach if we are required to do so by law.

7. Data retention

How long we will use personal data

We will retain your personal information only as long as necessary to fulfill the purposes for which we collected it, including to comply with legal, accounting, or reporting/reporting requirements.

In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, and applicable legal requirements.

Details of the retention periods for the various aspects of your personal data can be found in our internal retention and deletion policy, which you can request from us by contacting us at

With regard to the personal data concerning you, you have the right to

You may contact our Privacy Officer with inquiries about your personal information at

Usually no fee required

You do not have to pay a fee for concerns about your personal data (or the exercise of other data subject rights). However, we may charge a reasonable fee if your request is clearly unfounded or disproportionate. Alternatively, we may refuse to respond to your request in these circumstances.

What we may need from you

We may need to request certain information from you to confirm your identity and ensure your right to access your personal data (or exercise your other rights). This is a security measure to ensure that personal information is not disclosed to anyone who does not have a right to receive it. We may also contact you to ask for more information about your request in order to expedite our response.

Deadline for response

We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you informed.

9. Changes and updates of this data protection declaration

As our processes and policies change, so does this Privacy Policy. We reserve the right to change and update this privacy statement at any time, for any reason, without notice to you. We encourage you to periodically visit this page to stay informed about our privacy practices. For earlier versions, please feel free to contact us.

Web tracking technologies - managed with Usercentrics

To manage all cookies, website and tracking technologies that require consent or opt-out in a privacy-compliant manner, we use the Consent Management Platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services: