HOW NORDIC ISSUING PROCESSES PERSONAL DATA
In use from 2022-01-14
Nordic Issuing protects your right to the protection of personal privacy and ensures that your personal data is processed in a secure, correct and legal manner. When we develop Nordic Issuing’s services, these are preceded by technical, physical and organizational measures to ensure both privacy and accessibility of personal data and other information we handle. As personal data controller, Nordic Issuing is constantly working to ensure that our services and internal processes meet the requirements that are set when processing personal data.
The Policy describes the categories of personal data that Nordic Issuing processes and the reasons for this processing. Furthermore, information is also given about where we collect your personal data, who we share your information with and how long we store the collected data. The policy also describes how you can access your personal data, make comments about the treatment or how to contact us with questions about our personal data processing.
PERSONAL DATA THAT MAY BE COLLECTED BY NORDIC ISSUING
Nordic Issuing processes different categories of personal data. We have therefore divided personal data into different categories. For example, the following personal data may be processed:
- Basic personal data (social security number, name, contact details and Identification number),
- assessment and classification (data needed for Nordic Issuing to e.g. achieve customer due diligence and to manage the risk of money laundering and terrorist financing, such as data about you and your financial assets and the purpose of transactions);
- Contracts (all types of information related to agreements relating to Nordic Issuing’s services, such as account numbers and proxies),
- Financial transactions (transfers and securities transactions), and
- Communication (both physical and electronic communications).
PURPOSE AND LEGAL BASIS FOR PROCESSING
Your personal information is primarily used to fulfill agreements that Nordic Issuing has or is about to enter into and to enable Nordic Issuing to fulfill the legal obligations that are imposed on us. Below is a description of the purposes that Nordic Issuing has for processing personal data, what the intent is for the purpose and legal basis for each purpose.
FULFILLING OF AGREEMENT
Nordic Issuing collects, processes and stores your personal information in order to prepare, provide and administer Nordic Issuing’s services to you – electronically, physically or over the phone.
Nordic Issuing is obliged to comply with securities law and other applicable legislation for our operations, as well as regulatory regulations applicable at all times. In the context of this, we handle your personal data in order to, for example:
- Perform anti money laundering controls,
- Document and save personal data relating to financial transactions that Nordic Issuing has been a part of,
- Perform client approvals and establish contracts,
- Document services and transactions relating to the authorisations of Nordic Issuing,
- Establish and maintain insider lists, as well as
- Report to competent authorities such as the Swedish Tax Agency and the Swedish Financial Supervisory Authority.
Nordic Issuing offers financial services with the goal of creating long and good relationships with our customers. Therefore, we need to process your personal information for the following purposes:
- Conduct marketing activities where we identify and suggest services that may be relevant to you. However, you always have the opportunity to choose to unsubscribe from news releases and offers by contacting us.
WHERE WE COLLECT YOUR PERSONAL DATA
We may collect your personal data directly from you, for example when registering as a client with Nordic Issuing. We may also obtain information from public and other registers, such as Bisnode, the Swedish Companies Registration Office and government agencies.
WHO WE SHARE YOUR PERSONAL DATA WITH
By law, Nordic Issuing may not disclose information about you unless there is clear support in connection with the fulfillment of the terms of an agreement with you or for a legal purpose that requires or permits, such as reporting to authorities.
In order to fulfill the terms of our customer agreements and other commitments, we may share information about you internally within Nordic Issuing and sometimes even with external companies that provide contracted services to Nordic Issuing and our customers. This may include, for example, financial infrastructure partners, suppliers, actors acting on behalf of clients or other parties to the customer agreement.
Situations when we may share your personal information outside the organization are:
- To approved credit reporting agencies for credit reporting in connection with entering into an agreement with us,
- To various external actors to fulfill our contractual obligations, as well as
- To various authorities for the purpose of complying with laws and other regulations concerning, for example, taxes and money laundering or terrorist financing.
TRANSFER TO THIRD COUNTRIES
Processing of personal data takes place within the EU / EEA and Nordic Issuing does not transfer any personal data processed outside the said area. In rare cases, however, personal data may be transferred to and processed in countries outside the EU / EEA (so-called third countries). Before such a transfer occurs, Nordic Issuing ensures that the transfer is performed only on condition that appropriate safeguards have been taken and undertaken in accordance with the regulations in force for such transfer at any time such as standard contract clauses approved by the European Commission.
Nordic Issuing only stores your personal data as long as we need to be able to provide contracted services or as long as we have your consent to the processing and the legal basis for such processing exists. We also store personal information in order to fulfill our legal obligations, e.g. securities law and accounting law obligations, and when there is an obligation as a result of law or authority decisions.
If you terminate any service provided by Nordic Issuing, we might need to save some of your personal data that is linked to the relevant service for some time, due to obligations that follow from law. For example, the Swedish Tax Agency requires that we retain certain personal data for seven (7) years in order for us to fulfill our reporting obligation and for ten (10) years to fulfill obligations relating to anti money laundering or terrorism financing.
When your personal data is processed by Spotlight Group, you have the following rights:
- You have the right to access the personal data we process about you. The information is provided in the form of a copy (through a register extract). Requests for registry extracts are usually free of charge.
- If the information we have about you is incorrect or incomplete, you can request that we correct or supplement it.
- You have the right, under certain conditions, to request that the processing of your personal data be restricted for certain stated purposes.
- You have the right to object to a processing of your personal data that is carried out with a balance of interest.
- You have the right to be deleted under certain conditions (“right to be forgotten”), i.e. to have the personal data we hold about you permanently deleted. However, we have the right to refuse deletion in certain situations, e.g. if we are required by law to save the data.
- If you do not wish to receive direct marketing from Nordic Issuing, you can contact us at any time.
- You have the right to data portability, which means that, under certain conditions, you have the right to have your personal data transferred in a structured, commonly used and machine-readable format to another personal data controller.
You are normally entitled to exercise the above rights free of charge. Nordic Issuing will respond to the request without undue delay and usually within one (1) month after receiving the request. However, if the request is unreasonable or unfounded, Nordic Issuing has the right not to comply with your request. In addition, Nordic Issuing may request additional information to verify your identity.
We may make changes to this Policy and the latest version of the Policy is always available on our website.
If you have any questions or comments regarding how we process your personal data, you are welcome to contact Nordic Issuing via firstname.lastname@example.org or at the following postal address:
211 22 Malmö, Sweden
You can also contact The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) with any complaints regarding the processing of your personal data.