• Identity and contact information such as name, e-mail address, address, phone number, correspondence/meeting preferences, country of residence and tax residences, citizenship/nationality, date of birth, gender, languages spoken, unique government identifier, including national identification number, passport number, ID copy, photography, place of birth, preferred salutation.
• Sensitive personal data such as indirect political opinions for political exposed persons (PEP’s) as part of anti-money laundering documentation.
• Third party details such authorised representatives, name, details of beneficiaries, external advisors.
• Details of Nordea internal identifiers such as account linkage, customer number, details of contract between Nordea entities, intermediaries and individuals, hashed identifiers, relationship manager.
• Regulatory data such as individual and family details for anti-money laundering, politically exposed person checks, and prevention of insider trading, compliance approval status, and conflict of interest disclosure.
• Marketing and communications data: marketing and communication preferences.
• Monitoring data such as call recordings and CCTV, to the extent permitted by applicable law.
• Financial details such as credit rating, documentation on supporting investor status, employment status, financial history, bank account details, investment preferences, restrictions and objectives, investor status/classification, net worth & estimated income, professional and academic background, risk profiles, tax codes/classification identification numbers, third party account details/custody.
• Transaction details such as intermediary and industry identification numbers, investment details, payee/investee details, product details, transaction details and identification numbers.
• Technical data such as name of version of the OS, processor model, language on mobile phone/tablets. Other data which might be collected via cookies, please visit the Cookies Policy in the footer of our webpages.1.2 – The sources from which we gather your personal data From you We collect information you provide directly to us. For example, when becoming a representative or contact of a customer or collaboration partner, we collect personal data, such as name, e-mail address and phone number. For most individuals, work as opposed to private contact information is the only contact information we collect or process. We collect national identification number, other identity information, regulatory data and third party details for verification and compliance purposes. Some financial details and transaction details we collect for compliance purposes and others in order to provide you with our services and products and validate performance. We also collect information which you provide to us, such as messages you have sent us as feedback, a request in our digital channels or use our applicable form. From third parties To be able to offer you our products and services and to comply with statutory requirements, we collect personal data from third parties, such as publicly available and other external sources. For example, to fulfil legal requirements for anti-money laundry and prevention of financial crime we may collect information in registers held by governmental agencies (tax authorities, company registration offices, enforcement authorities), sanction lists (held by international organisations such as the EU and UN), registers held by other commercial information providers providing information on e.g. beneficial owners and politically exposed persons. We also collect information from other entities within NAM, the Nordea Group or other entities which we collaborate with. 1.3 – Recording of telephone conversations, online meetings and storage of chat conversations To the extent permitted by applicable law, we record and log telephone calls and chat conversations for documentation of customer request, verification of orders, security and fraud management purposes and to fulfil legal requirements. For example, online meetings, telephone and chat conversations may be stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions. 1.4 – Video surveillance For security purposes, including crime prevention, we may have cameras in our offices. 2 – How do we use your personal data and what is the lawful basis for doing so? We use and process your personal data to comply with legal obligations and purposes described below. 2.1 – Necessary to perform an agreement with you One reason we process personal data is to collect and verify the data prior to giving an offer and entering into a contract with you. We also process personal data to document and complete tasks in order to fulfil our contractual obligations towards you, e.g. to provide and administer our products and services to you. Examples of activities necessary to perform an agreement with you:
• Collecting information needed to verify your identify in order to provide you with our products and services
• Collecting your contact information to provide you with customer service during the contract period, including customer care and customer administration and communication with you2.2 – Legal requirements We mainly process personal data to fulfil obligations under law, regulations or authority decisions in the countries where our offices are located. Examples of processing due to legal obligations:
• Know Your Customer requirements Preventing, detecting, and investigating money laundering, terrorist financing, and fraud Sanctions screening
• Bookkeeping regulation
• Reporting to tax authorities, police authorities, enforcements authorities, supervisory authorities
• Creating and maintaining legal contracts, fund documentation and corporate governance related documentation
• Other obligations related to service or product specific legislations, for example securities or funds2.3 – Legitimate interest We use your personal data where necessary to further our legitimate interests, as long as those legitimate interest are not overridden by your interests or fundamental rights and freedoms. Examples of our processing based on legitimate interests:
• Relationship and vendor management.We collect and use personal data for ongoing oversight, management of the relationship and interaction with you.
• Compliance with legal obligations under e.g. financial and tax regulation. For example we may collect and use your contact details when processing invoices for your company
• Portfolio decisions. We use personal data when documenting that portfolio decisions (e.g. redemptions, subscriptions or investment guidelines) are implemented on behalf of the correct customers
• Investment decision. As part of making investment decisions we process personal data such as contact information, when collecting research from you as an external brokers.
• Corporate actions. When managing, implementing and maintaining corporate actions we process personal data with the purpose of instructing the custodians.
• Security trading. We process personal data for the purpose of trading and settling security trading.
• System testing. In a limited number of cases we may use personal data for system testing and development. The testing process is by design limited to key identifiers necessary to perform the testing and all other directly or indirectly identifiable personal information are masked.2.4 – Consent There may be situations where we will ask for your consent to process your personal data. Information about the purpose, processing activity, types of personal data and your right to withdraw your consent will be provided when you are asked to give NAM your consent. If you have given consent to processing of your personal data you can always withdraw the consent at any given time. 3 – Who do we disclose your personal data to Your personal data can be shared with others to the extent we are under statutory obligation to do so and to fulfil services and agreements we have with you. We may share your personal data with others such as public authorities, NAM entities, Nordea Group companies, suppliers, service providers and business partners. Before sharing, we will always ensure that we respect relevant financial industry secrecy obligations and that we comply with applicable data protection regulation. To provide our services to you, we disclose data about you data that is necessary to identify you and perform an assignment or agreement with companies that we cooperate with. This include, but is not limited to, instructing custodians on specific custody accounts, to trade and settle securities, distribution services cash account reconciliation, invoicing and reporting, balance monitoring and payments. We may also disclose personal data to authorities to the extent we are under statutory obligation to do so. This includes, but is not limited to, facilitating reclaims and financial reporting. We disclose your personal data to:
•Authorities: we disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcements authorities and supervisory authorities in relevant countries.
•NAM entities and Nordea Group Companies: we disclose personal data internally in the Nordea Group with your consent or if this is permitted pursuant to legislation.
•External business partners: we disclose personal data to external business partners with your consent or if this is permitted pursuant to legislation. External business partners include for example correspondent banks and custodians.
•Suppliers: Nordea Group have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. This can be suppliers of IT development, maintenance, hosting and support.3.1 – International transfer and transfer to service providers To provide our services and in the course of running of our business, we transfer personal data to entities as referenced above in third countries (countries outside of the European Economic Area) which might not have the same level of privacy and data protection law. Such transfers can be made if any of the following conditions apply:
• The European Commission has decided that there is an adequate level of protection in the country in question
• The standard contractual clauses (EU model-clauses) approved by the European Commission. You can access a copy of the relevant EU model-clauses for transfers by going to EUR-LEX or www.eur-lex.europa.eu and searching for 32021D0914.
a) Right to request access to your personal data You have a right to access to the personal data we are keeping about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for NAM’s business concept and business practices. NAM’s know-how, business secrets as well as internal assessments and material may restrict your right of access.
b) Right to request correction of incorrect or incomplete data If the data we are keeping about you is incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from legislation.
c) Right to request erasure You have the right to request erasure of your data in the following cases;
• You withdraw your consent to the processing and there is no other legitimate reason for processing
• You object to the processing and there is no justified reason for continuing the processing
• You object to processing for direct marketing
• Processing is unlawful
• When processing personal data on minors, if the data was collected in connection with the provision of information society servicesDue to the financial sector legislation we are in many cases obliged to retain personal data concerning you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims.
d) Right to request limitation on processing of personal dataIf you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data. The processing will be restricted to storage only, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests. If you are entitled to erasure of the data which we have registered about you, but the data is necessary for you to defend a legal claim, you may request that we restrict the processing to storage only, if you want to keep the data. Even when processing of your data has been restricted as described above, we may process your data in other ways if this is necessary to enforce a legal claim or you have given your consent.
e) Right to object to processing based on our legitimate interestYou can we object to the processing of personal data if the processing is based on NAM’s legitimate interest, including direct marketing and profiling in connection to such marketing.
f) Right to withdraw consent(s) previously given to us at any timeWhen the lawful basis for a specific processing activity is your consent, you have a right to withdraw your consent at any given time. Information about your right to withdraw it is provided when you are asked by NAM to give your consent
g) Right to data portabilityYou have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis of consent or of fulfilling a contract. Where secure and technically feasible the personal data can also be transmitted to another data controller by us. Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. 6 – How long do we process your personal data We will keep your data for as long as they are needed for the purposes for which your data was collected and processed or required by laws and regulations. This means that we keep your data for as long as necessary the performance of a contract and as required by retention requirements in laws and regulations. Where we keep your data for other purpose, such as for anti-money laundering, bookkeeping and financial regulatory requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose. The data retention obligations will differ within NAM, subject to applicable local law.
Examples of storage times:
• Preventing and detection of money laundering and terrorist financing, and fraud: storing of Know Your Customer (KYC) information for a minimum of five years after termination of the business relationships or the performance of the individual transaction
• Service or product specific regulations such as securities markets: storing your financial information for ten years after termination of the client relationship
• Bookkeeping regulations: storing legally required information for up to ten years
• Details on performance of an agreement: storing information related to your agreement with us for up to ten years after end of customer relationship
• Client reporting: your contact information is stored five years after as of end of the year of the reporting.
|Luxembourg||Nordea Investment Funds S.A.||562 Rue de Neudorf, L-2220 Luxembourg|
|Sweden||Nordea Investment Management AB||M 540 SE-105 71 Stockholm|
|Denmark||Nordea Asset Management Alternative Investments AB||Nicolai Eigtveds Gade 8, DK 1402 Copenhagen K|
|Finland||Nordea Investment Management AB, Finnish branch||Satamaradankatu 5 00020 Nordea|
|Norway||Nordea Investment Management AB, NUF filial Norge||Olav Kyrres gate 22 5014 BERGEN|
|Germany||Nordea Asset Management Alternative Investments AB, German Branch Nordea Investment Management AB, German Branch||Hauptstrasse 15 D-61462 Königstein im Taunus|
|USA||Nordea Investment Management North America, Inc.||1211 Avenue of the Americas 23rd floor New York NY 10036|
|Switzerland||Nordea Asset Management Schweiz GmbH||Rämistrasse 31, 8001 Zurich|
|Chile||NAM Chile SpA||El Bosque central 92, Piso 8, las Condes, Santiago|