Nordea Asset Management Data Privacy Policy

We, Nordea Asset Management, are fully committed to protecting your individual rights and keeping your personal data safe. In this Privacy Policy we describe the collection, usage, storage and sharing practices of personal data.

Nordea Asset Management (“NAM”) is the functional name of the asset management business owned by NAM Holding and conducted by the legal entities Nordea Investment Funds S.A. and Nordea Investment Management AB and their branches, subsidiaries and representative offices. Within NAM, the data controller will be either Nordea Investment Management AB and/or Nordea Investment Funds S.A or their subsidiaries.

You can visit https://www.nordea.com/en/about-nordea/contact/ for a full overview of Nordea entities and their current contact information.

We process individuals’ personal data for a number of reasons. When we write «you», we mean you as a data subject in your role as a customer, our customer’s employee or representative, a potential customer’s employee, collaboration partner, insight provider or other, such as beneficial owner, authorised representative and associated party.

This Privacy Policy covers the following areas:

  1. What personal data we collect
  2. Purpose and lawfulness of processing your personal data
  3. Who we may disclose your personal data to
  4. How we protect your personal data
  5. How long we keep your personal data
  6. Your privacy rights
  7. Cookies
  8. How changes to this Privacy Policy and the Cookies policy will be made
  9. Contacting us or the data protection authority

1. What personal data we collect

Personal data is in most cases either collected directly from you, a third party acting on your behalf, a third party that you represent, or generated as part of your use of our services and products. Sometimes additional information is required to keep information up to date or to verify information we collect.

The personal data we might collect can be grouped into the following categories:

  • Identification information: national identification number and name. We are obliged to collect documentation of such information when entering into a contractual relationship, for instance in the form of copies of your passport, driver’s license, or the like.
  • Contact information: email address, phone numbers and addresses and other typical business card information. For most individuals, work- as opposed to private contact information is the only contact information we collect, process or control.
  • Financial information: type of agreement, transaction information, account information.
  • Information related to legal requirements: country of taxation or foreign tax payer reference, customer/company due diligence and anti-money laundering requirements.

Personal data we may collect from you:

We may collect and keep information you provide directly to us. For example, when becoming a representative or contact of a customer or collaboration partner, we collect personal data, such as name, e-mail address and phone number. In some cases, also national identification number for verification purposes. For existing private customers, income and debt information has also been collected to be able to provide you with the product or service in question.
We may also collect and keep information which you provide us with, such as messages you have sent us, e.g. feedback or a request in our digital channels. Telephone calls and chat conversations with you may also be recorded and logged for compliance reasons and for verification of orders, documentation, and for purposes of improving the quality of the services we provide. For security purposes, we may have cameras in our offices.

Personal data we may collect from third parties:

We may collect information that is publicly available and that can be retrieved from external sources; such as in registers held by governmental agencies (tax authorities, company registration offices, enforcement authorities), sanction lists (held by international organisations such as the EU and UN as well as national organisations such as Office of Foreign Assets Control (OFAC)), registers held by other commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
In connection with payments, we collect information from remitters, banks, payment service providers and others.

We may also collect information from other entities within NAM, the Nordea Group or other entities which we collaborate with.

2. Purpose and lawfulness of processing your personal data

We use your personal data to comply with legal and contractual obligations as well as to provide you with information on products and services.

Entering into and administration of service and product agreements (performance of a contract)
The main purpose of our processing of personal data in this regard is to collect, verify, and process personal data prior to giving an offer and entering into a contract with relevant stakeholders as well as documenting, administering and completing tasks for the performance of contracts.

Examples of the performance of a contract:

  • processes needed concerning e.g. subscription and redemption of funds
  • customer service during the contract period, e.g. reporting on performance of a product

Fulfilment of legal obligations

In addition to the performance of contract, processing of personal data also takes place for us to fulfil obligations under law, regulations or authority decisions.

Examples of processing due to legal obligations:

  • Know Your Customer requirements
  • Preventing, detecting, and investigating money laundering, terrorist financing, and fraud
  • Sanctions screening
  • Reporting to tax authorities, police authorities, enforcements authorities, supervisory authorities
  • Market opening for funds in some emerging market countries
  • Other obligations related to service or product specific legislations, for example securities or funds

Marketing, product- and customer analysis (legitimate interest)

Personal data is also processed in the context of business to business marketing. This is to deliver requested information, improve our product range and optimize our customer offerings.

IT security and development (legitimate interest)

Systems and means of processing needed to deliver services and products to you are continuously being developed and internally tested to ensure the ongoing confidentiality, integrity, availability and resilience. The testing process is by design limited to key identifiers necessary to perform the testing and all other directly or indirectly identifiable personal information are masked.
Compliance with applicable financial industry secrecy obligations are ensured in all cases.

Profiling and Automated decision-making

NAM entities use profiling and automated decision making to detect, prevent and investigate money laundering, terrorist financing, and fraud following Know Your Customer and sanction screening requirements.

3. Who we may disclose your personal data to

We may share your personal data with others such as public authorities, NAM entities, Nordea Group companies, suppliers, service providers and business partners. Before sharing we will always ensure that we respect applicable financial industry secrecy obligations and that we comply with applicable data protection regulation.

Third parties and Nordea Group companies

To provide our services, we may disclose data about you that is necessary to identify you and perform an assignment or agreement with companies that we cooperate with (such as a custodian bank) to perform our services.

We may also disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include national tax authorities, police authorities, enforcement authorities and supervisory authorities.

In addition, data may be disclosed, with your consent or if this is permitted pursuant to legislation, internally in NAM entities or Nordea Group and to external business partners (including correspondent banks, other banks, vendor partners of finance object and re-insurers).

We have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. Examples thereof are suppliers of IT development, maintenance, hosting and support.

Third country transfers

In some cases, we may also transfer personal data to entities as referenced above in so-called third countries (countries outside of the European Economic Area). Such transfers may be made if any of the following conditions apply:

  • The European Commission has decided that there is an adequate level of protection in the country in question
  • Other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the European Commission or the data processor has valid Binding Corporate Rules (BCR) in place
  • Exceptions in special situations, such as to fulfil a contract with you or you consent to the specific transfer.

You can access a copy of the relevant EU model-clauses used by Nordea for transfers by going to www.eur-lex.europa.eu and search for 32010D0087

4. How we protect your personal data

Keeping your personal data safe and secure is important to our business. We use appropriate technical, organizational and administrative security measures to protect any information we obtain from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

5. How long we process your personal data

We will keep your data for as long as it is needed for the purposes for which your data was collected and processed or required by laws and regulations.
In case we keep your data for other purposes than for the performance of a contract, such as for anti-money laundering, B2B marketing, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.
Keep in mind that retention obligations may differ within NAM, subject to applicable local legislation.

6. Your privacy rights

You as a data subject have rights in respect of personal data we process concerning you. You have the following rights;

Request access to your personal data

You have a right to access to the personal data we are processing about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for NAM’s business concept and business practices. NAM’s know-how, business secrets as well as internal assessments and material may restrict your right of access.

Request correction of incorrect or incomplete data

If relevant data is incorrect or incomplete, you are entitled to have the data rectified, subject to any restrictions in legislation.

Request erasure

You have the right to request erasure of your data in case:

  • You withdraw your consent to the processing and there is no other legitimate reason for processing
  • You object to the processing and there is no justified reason for continuing the processing
  • You object to processing for direct marketing
  • Processing is unlawful
  • When processing personal data on minors, if the data was collected in connection with the provision of information society services

Due to the financial sector legislation we are in many cases obliged to retain personal data concerning you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims.

Request limitation on processing of personal data

If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

Object to processing based on our legitimate interest

You can always object to the processing of personal data concerning you for direct marketing and profiling in connection to such marketing.

Withdraw consent(s) previously given to us at any time

Withdrawal will not affect the lawfulness of processing based on that consent before the withdrawal. Withdrawing consent to processing of personal data needed in order to deliver services and products to you may result in the termination of contractual engagements.

Request data portability

You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible, we may also transmit the data to another data controller.

File complaint with supervisory authorities

You have the right to file a complaint with the supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you is unlawful.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.

7. Cookies

We collect, process and analyse data regarding the use of our webpages. Traffic data is data connected to visitors on the webpage and data handled in communication fields for sending, distributing or making messages available.

We use cookies and similar technologies to deliver products and services to you, provide a secure online environment, manage our marketing and provide a better online experience, track our website
performance and to make our website content more relevant to you. The data will not be used to identify individual visitors.

You can set or amend your web browser controls to accept or reject cookies. If you choose to reject cookies, you may still use our websites and some services, however your access to some functionality and areas of our website or services may be restricted substantially.

For more information, see cookies at the footer of our local website Nordea.lu or Nordea.com/

8. How changes to this Privacy Policy and the Cookies policy will be made

We are constantly working on improving and developing our services, products and websites. Consequently, we may change this Data Privacy Policy from time to time. We will not reduce your rights under this Data Privacy Policy or under applicable data protection laws in the jurisdictions we operate. If the changes to the Data Privacy Policy are significant, we will provide a notice when we are required to do so by applicable law. Please review this Data Privacy Policy from time to time to stay updated on any changes.

9. Contact us

If you have any questions regarding this policy (e.g. regarding your rights, their use or contact information of relevant Data Protection Authorities), please contact the NAM Data Protection Office directly by sending your message to [email protected] or by sending a letter to: Nordea Asset Management, Data Protection Office, c/o Strandgade 3, PO Box 850, 0900 København K, Denmark.

The present Privacy Policy was last updated on: November 2020

For language versions, please go to your local website