Nordea Asset Management (“NAM”) is the functional name of the asset management business owned by NAM Holding and conducted by the legal entities Nordea Investment Funds S.A. and Nordea Investment Management AB and their branches, subsidiaries and representative offices. Within NAM, the data controller will be either Nordea Investment Management AB and/or Nordea Investment Funds S.A or their subsidiaries.
You can visit https://www.nordea.com/en/about-nordea/contact/ for a full overview of Nordea entities and their current contact information.
We process individuals’ personal data for a number of reasons. When we write «you», we mean you as a data subject in your role as a customer, our customer’s employee or representative, a potential customer’s employee, collaboration partner, insight provider or other, such as beneficial owner, authorised representative and associated party.
- What personal data we collect
- Purpose and lawfulness of processing your personal data
- Who we may disclose your personal data to
- How we protect your personal data
- How long we keep your personal data
- Your privacy rights
- Contacting us or the data protection authority
1. What personal data we collect
Personal data is in most cases either collected directly from you, a third party acting on your behalf, a third party that you represent, or generated as part of your use of our services and products. Sometimes additional information is required to keep information up to date or to verify information we collect.
The personal data we might collect can be grouped into the following categories:
- Identification information: national identification number and name. We are obliged to collect documentation of such information when entering into a contractual relationship, for instance in the form of copies of your passport, driver’s license, or the like.
- Contact information: email address, phone numbers and addresses and other typical business card information. For most individuals, work- as opposed to private contact information is the only contact information we collect, process or control.
- Financial information: type of agreement, transaction information, account information.
- Information related to legal requirements: country of taxation or foreign tax payer reference, customer/company due diligence and anti-money laundering requirements.
Personal data we may collect from you:
We may collect and keep information you provide directly to us. For example, when becoming a representative or contact of a customer or collaboration partner, we collect personal data, such as name, e-mail address and phone number. In some cases, also national identification number for verification purposes. For existing private customers, income and debt information has also been collected to be able to provide you with the product or service in question.
We may also collect and keep information which you provide us with, such as messages you have sent us, e.g. feedback or a request in our digital channels. Telephone calls and chat conversations with you may also be recorded and logged for compliance reasons and for verification of orders, documentation, and for purposes of improving the quality of the services we provide. For security purposes, we may have cameras in our offices.
Personal data we may collect from third parties:
We may collect information that is publicly available and that can be retrieved from external sources; such as in registers held by governmental agencies (tax authorities, company registration offices, enforcement authorities), sanction lists (held by international organisations such as the EU and UN as well as national organisations such as Office of Foreign Assets Control (OFAC)), registers held by other commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
In connection with payments, we collect information from remitters, banks, payment service providers and others.
We may also collect information from other entities within NAM, the Nordea Group or other entities which we collaborate with.
2. Purpose and lawfulness of processing your personal data
We use your personal data to comply with legal and contractual obligations as well as to provide you with information on products and services.
Entering into and administration of service and product agreements (performance of a contract)
The main purpose of our processing of personal data in this regard is to collect, verify, and process personal data prior to giving an offer and entering into a contract with relevant stakeholders as well as documenting, administering and completing tasks for the performance of contracts.
Examples of the performance of a contract:
- processes needed concerning e.g. subscription and redemption of funds
- customer service during the contract period, e.g. reporting on performance of a product
Fulfilment of legal obligations
In addition to the performance of contract, processing of personal data also takes place for us to fulfil obligations under law, regulations or authority decisions.
Examples of processing due to legal obligations:
- Know Your Customer requirements
- Preventing, detecting, and investigating money laundering, terrorist financing, and fraud
- Sanctions screening
- Reporting to tax authorities, police authorities, enforcements authorities, supervisory authorities
- Market opening for funds in some emerging market countries
- Other obligations related to service or product specific legislations, for example securities or funds
Marketing, product- and customer analysis (legitimate interest)
Personal data is also processed in the context of business to business marketing. This is to deliver requested information, improve our product range and optimize our customer offerings.
IT security and development (legitimate interest)
Systems and means of processing needed to deliver services and products to you are continuously being developed and internally tested to ensure the ongoing confidentiality, integrity, availability and resilience. The testing process is by design limited to key identifiers necessary to perform the testing and all other directly or indirectly identifiable personal information are masked.
Compliance with applicable financial industry secrecy obligations are ensured in all cases.
Profiling and Automated decision-making
NAM entities use profiling and automated decision making to detect, prevent and investigate money laundering, terrorist financing, and fraud following Know Your Customer and sanction screening requirements.
3. Who we may disclose your personal data to
We may share your personal data with others such as public authorities, NAM entities, Nordea Group companies, suppliers, service providers and business partners. Before sharing we will always ensure that we respect applicable financial industry secrecy obligations and that we comply with applicable data protection regulation.
Third parties and Nordea Group companies
To provide our services, we may disclose data about you that is necessary to identify you and perform an assignment or agreement with companies that we cooperate with (such as a custodian bank) to perform our services.
We may also disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include national tax authorities, police authorities, enforcement authorities and supervisory authorities.
In addition, data may be disclosed, with your consent or if this is permitted pursuant to legislation, internally in NAM entities or Nordea Group and to external business partners (including correspondent banks, other banks, vendor partners of finance object and re-insurers).
We have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. Examples thereof are suppliers of IT development, maintenance, hosting and support.
Third country transfers
In some cases, we may also transfer personal data to entities as referenced above in so-called third countries (countries outside of the European Economic Area). Such transfers may be made if any of the following conditions apply:
- The European Commission has decided that there is an adequate level of protection in the country in question
- Other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the European Commission or the data processor has valid Binding Corporate Rules (BCR) in place
- Exceptions in special situations, such as to fulfil a contract with you or you consent to the specific transfer.
You can access a copy of the relevant EU model-clauses used by Nordea for transfers by going to www.eur-lex.europa.eu and search for 32010D0087
4. How we protect your personal data
Keeping your personal data safe and secure is important to our business. We use appropriate technical, organizational and administrative security measures to protect any information we obtain from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
5. How long we process your personal data
We will keep your data for as long as it is needed for the purposes for which your data was collected and processed or required by laws and regulations.
In case we keep your data for other purposes than for the performance of a contract, such as for anti-money laundering, B2B marketing, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.
Keep in mind that retention obligations may differ within NAM, subject to applicable local legislation.
6. Your privacy rights
You as a data subject have rights in respect of personal data we process concerning you. You have the following rights;
Request access to your personal data
You have a right to access to the personal data we are processing about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for NAM’s business concept and business practices. NAM’s know-how, business secrets as well as internal assessments and material may restrict your right of access.
Request correction of incorrect or incomplete data
If relevant data is incorrect or incomplete, you are entitled to have the data rectified, subject to any restrictions in legislation.
You have the right to request erasure of your data in case:
- You withdraw your consent to the processing and there is no other legitimate reason for processing
- You object to the processing and there is no justified reason for continuing the processing
- You object to processing for direct marketing
- Processing is unlawful
- When processing personal data on minors, if the data was collected in connection with the provision of information society services
Due to the financial sector legislation we are in many cases obliged to retain personal data concerning you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims.
Request limitation on processing of personal data
If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.
If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.
Object to processing based on our legitimate interest
You can always object to the processing of personal data concerning you for direct marketing and profiling in connection to such marketing.
Withdraw consent(s) previously given to us at any time
Withdrawal will not affect the lawfulness of processing based on that consent before the withdrawal. Withdrawing consent to processing of personal data needed in order to deliver services and products to you may result in the termination of contractual engagements.
Request data portability
You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible, we may also transmit the data to another data controller.
File complaint with supervisory authorities
You have the right to file a complaint with the supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you is unlawful.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.
We collect, process and analyse data regarding the use of our webpages. Traffic data is data connected to visitors on the webpage and data handled in communication fields for sending, distributing or making messages available.
performance and to make our website content more relevant to you. The data will not be used to identify individual visitors.
You can set or amend your web browser controls to accept or reject cookies. If you choose to reject cookies, you may still use our websites and some services, however your access to some functionality and areas of our website or services may be restricted substantially.
9. Contact us
If you have any questions regarding this policy (e.g. regarding your rights, their use or contact information of relevant Data Protection Authorities), please contact the NAM Data Protection Office directly by sending your message to [email protected] or by sending a letter to: Nordea Asset Management, Data Protection Office, c/o Strandgade 3, PO Box 850, 0900 København K, Denmark.
For language versions, please go to your local website