Information concerning the processing of personal data
Information concerning the processing, by Skandinaviska Enskilda Banken AB (Spółka Akcyjna) – Oddział w Polsce, of personal data in accordance with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
1. Controller of personal data
Administratorem Państwa danych osobowych jest Skandinaviska Enskilda Banken AB (Spółka Akcyjna) – Oddział w Polsce z siedzibą w Warszawie przy ul. Złotej 59.
We wish to inform you that the Bank can obtain your personal data directly from you or from the entity on behalf of which you are acting, being a customer or potential customer of the Bank (“Bank Customer”). It is necessary to process your personal data in order to carry out the obligations resulting from the applicable provisions of law stated below, or in order to conclude and perform an agreement between the Bank Customer and the Bank.
Your failure to provide all the required personal data could, depending on the circumstances, be an obstacle or make it difficult to conclude an agreement and for the Bank to provide services for the Bank Customer or even a reason for termination of an agreement with the Bank Customer.
Giving your personal data is voluntary to the extent to which personal data is collected on the basis of your consent.
2. Contact details
Should you have any questions regarding the manner and scope of processing of your personal data by the Bank, and also the rights to which you are entitled, please get in touch with the Bank as the controller or with the Data Protection Officer appointed by the controller.
- You can get in touch with the controller by writing to Skandinaviska Enskilda Banken AB (Spółka Akcyjna) – Oddział w Polsce, ul. Złota 59, 00-120 Warsaw, Poland, or by calling (22) 395 80 00.
- You can get in touch with the Data Protection Officer by e-mail to email@example.com or by writing to Data Protection Officer, Skandinaviska Enskilda Banken AB (Spółka Akcyjna) – Oddział w Polsce, ul. Złota 59, 00-120 Warsaw, Poland.
Below, Skandinaviska Enskilda Banken AB (Spółka Akcyjna) – Oddział w Polsce with its registered office in Warsaw at ul. Złota 59 (the “Bank”) has provided information about the manner of processing your personal data and the associated rights to which you are entitled
3. Purposes and data for processing your personal data
1. The Bank processes your personal data, i.e. your identifying data (including first name, surname, PESEL [personal identification number] [or, if this is unavailable, date of birth], citizenship, data in an ID document and/or document confirming the right to act on behalf of the customer or another person, country of birth), and also, if applicable, the date and scope of power of attorney granted (in the case of attorneys), the date of being appointed (in the case of representatives), specimen signature and contact details, above all in order to:
a) fulfil the Bank’s legally justified interests involving concluding or performing an agreement between the Bank Customer and the Bank, and also to fulfil the Bank’s statutory obligations in connection with conducting banking activities, in particular:
i. obligations under the Act of 1 March 2018 on Counteracting Money Laundering and Financing Terrorism;
ii. obligations connected with reporting to public authorities, including supervisory authorities, and to other entities to which the Bank is obliged to report on the basis of applicable law, in particular the Banking Law of 29 August 1997 (“Banking Law”) and the Tax Ordinance Act of 29 August 1997;
iii. to monitor and record phone conversations and electronic correspondence with the Bank on the basis of the Act on Trading in Financial Instruments of 29 July 2005 (if applicable);
iv. obligations connected with considering applications and requests addressed to the Bank;
b) obligations other than those stated above (provided one of the circumstances below exists), and which are necessary to carry out the Bank’s legally justifiable interests, including in particular:
i. to resolve disputes, conduct proceedings before public administration authorities, and all other proceedings, including to pursue and defend against claims;
ii. to counteract swindles or use the Bank’s activities for criminal activity, including to process information concerning suspicions or to detect crimes under the Banking Law;
iii. for internal reporting within the Bank or within the SEB group.
2. In other cases, your personal data will be processed on the basis of previously granted consent, to the extent and for the purpose specified in that consent.
4. Source of origin of personal data
If your personal data has not been directly obtained from you, the Bank hereby informs you that it has been provided by the Bank Customer. If your personal data has not been provided by the Bank Customer, it has been provided from publicly available registers and also from other publicly accessible sources, including from the Internet.
5. Recipients of personal data
Your personal data may be made available to the following recipients or categories of recipients:
a) public administration authorities and entities performing public tasks or acting on the order of public authorities, to the extent and for purposes arising from applicable law, in particular the Polish Financial Supervision Authority, the General Inspector of Financial Information and the National Revenue Administration;
b) entities supporting the Bank in carrying out the banking activities offered by the Bank;
c) entities or authorities to which this data can be transferred on the basis of consent or authorisation;
d) entities connected with the Bank, including within the SEB group (https://sebgroup.com/about-seb/our-locations), in connection with carrying out reporting obligations, or entities cooperating with entities belonging to the SEB group (including outside the EU/EEA), for strictly specified purposes and while keeping bank secrets;
e) entities participating in processes necessary for performing agreements concluded with the Bank Customer, including Krajowa Izba Rozliczeniowa S.A.;
f) other banks and credit institutions, if data transfer is necessary in connection with performing banking activities or acquiring and disposing of receivables.
6. Period of processing personal data
Your personal data will be processed for the purposes specified in item 1 a) (Purposes and basis for processing your personal data) above for the duration of the agreement concluded between the Bank Customer and the Bank and, after its termination, for the period and to the extent required by provisions of law or in order to carry out the Bank’s legally justified interests as data controller to the extent specified in item 1 b) (Purposes and basis for processing your personal data) above. If your consent is the legal basis for processing your data, this data will be processed until that consent is withdrawn.
7. Your rights
Each data subject has the right to access their personal data processed by the Bank. Should any information concerning you be incorrect or incomplete, you will be entitled to access that data and ask for it to be corrected.
You also have the right to:
a) request the removal of your personal data in cases specified in the GDPR, including if (i) the data is no longer needed for the purposes for which it was collected or otherwise processed, (ii) a person to whom the data applies objects to having their personal data processed, (iii) a person to whom the data applies withdraws their consent on which the processing is based and there is no other legal basis for processing, (iv) the data is not processed in keeping with the law, (v) the data must be removed to perform an obligation arising from applicable law;
b) request restricting the processing of your personal data in cases specified in the GDPR, including if: (i) the person to whom the data applies questions the correctness of the personal data, (ii) processing data is unlawful and the person to whom the data applies opposes the removal of the data, requesting the restriction of its use in exchange, (iii) the controller no longer needs the data for its purposes, but the person to whom the data applies needs it to determine, defend or pursue claims, (iv) the person to whom the data applies objects to the data being processed – until it is ascertained whether the legally justified basis on the part of the controller takes precedence over the basis for the objection of the person to whom the data applies;
c) withdraw your consent if the Bank obtains such consent to process personal data (withdrawing consent shall not affect the lawfulness of processing based on consent before its withdrawal);
d) transfer personal data if: (i) processing is done on the basis of an agreement concluded with a data subject or on the basis of consent granted by that person, and (ii) processing is done in an automatised manner;
e) object to the processing of personal data, including profiling, if there are reasons connected with your particular situation and data is processed in the public interest or the Bank’s legally justified interests, as referred to above.
8. Transfer of personal data outside the European Economic Area (“EEA”) or to international organisations
In justified cases, the Bank can make your personal data available to entities outside the EEA and international organisations (e.g. SWIFT), to which transfer is necessary in order to perform an agreement..
Any data transfer outside the EEA will take place on the basis of standard contractual clauses concluded by the Bank with the data recipient, which are approved by the European Commission or another legal instrument in accordance with the GDPR. You have the right to obtain copies of data transferred from us.
9. Right to lodge a complaint with a supervisory authority
If you believe that the Bank’s processing of your personal data breaches the GDPR, you have the right to lodge a complaint with the appropriate supervisory authority.
To familiarise yourself with SEB’s policy containing complete information concerning SEB’s processing of personal data, please visit the website. Alternatively, you can ask for this information to be sent to you by post.