Privacy policy for SEB Investment Management AB
Last updated on 12 September 2023.
We always handle the information that our customers entrust to us in a careful and responsible manner in accordance with the data protection regulation (General Data Protection Regulation, "GDPR"). This privacy policy explains, among other things, how we collect and use your personal data. It also describes which rights you have in relation to your personal data.
SEB Investment Management AB is the SEB group's fund company. When we write "SEB IM", "we" or "us" on this page, we mean SEB Investment Management AB.
The personal data controller is SEB Investment Management AB (reg. number: 556197-3719).
Information about all funds to which this privacy policy applies is available on the page SEB Investment Management.
We collect information about people who have some form of relationship with us, either directly or through companies.
If we have a direct relationship with you as a private person, it is usually because you have entered into, or want to enter into an agreement with us to subscribe for shares in our fund(s). However, it may happen that you are an insolvency practitioner, administrator or authorised representative for one of our customers. We also collect information about our board members in our SICAV funds.
We interact with various companies that are our customers, potential customers, guarantors, mortgagees, suppliers or partners, etc. In cases where you have a relationship with us through such companies, it may be in the capacity of beneficial owner, board member, managing director, authorised signatory, power of attorney or representative (i.e., some form of contact person) of your company.
Please note that when you subscribe to shares in a fund through administrator registration, e.g., if you subscribe for shares via a bank, an administrator acts as the personal data controller of your data. You may then contact the administrator to find out how your personal data is processed in connection with the investment.
We collect information directly from you or from your company. The data may be obtained from agreements that your company has entered into or from correspondence and conversations between us.
In order to be able to enter into an agreement with us, and in order for us to be able to fulfil our obligations according to law, it is a requirement that you provide certain personal data to us. If you do not provide the information we need, we cannot enter into an agreement with you or your company.
We may also collect information about you from other sources, including public sources and records. This applies, for example, when we:
- continually update information about names and contact details via the Swedish state personal address register, “SPAR”
- perform the mandatory checks needed to prevent our products and services from being used for money laundering, by retrieving information from sanctions lists of international organisations
- retrieve information from credit reporting agencies.
Based on the relationship you have with us, we indicate below
- why we process your personal data (purpose)
- the personal data that we collect
- a legal basis that we use. We explain each legal basis in the section "On what basis do you process my personal data?"
- how long we keep your data (storage period). More information on storage periods can be found in the section, "How long do you save my personal data?".
Identify yourself and verify your identity:
- Collected data: Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents (such as passports), ID cards or driving licences.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Carry out checks against PEP lists and the EU’s sanctions list:
- Collected data:Name, nationality, date of birth, place of birth, position, status as politically exposed person (PEP), the reason why the person is on the lists, as well as corresponding information about family members and known close associates of PEP.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Conduct checks against the UN’s and OFAC’s sanctions lists:
- Collected data: Name, nationality, date of birth, place of birth, position, reason why the person is on the lists.
- Legal basis:Legitimate interest
- Storage period: Up to 10 years after the end of the business relationship.
Take other customer awareness measures, incl. monitoring of transactions:
- Collected data: In addition to the information mentioned above, also information about credit commitment, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and wealth come from, information about possible convictions and legal violations, as well as other information that we may request in individual cases.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Follow instructions for reporting to and reviews by regulatory authorities:
- Collected data:Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, position, politically exposed person (PEP) status, reason for being on the PEP and sanctions lists, details of family members and known close associates of PEP, credit commitment, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and assets come from, information about any convictions and violations of law.
- Legal basis: Legal obligation.
- Storage period: Up to 10 years after the end of the business relationship.
Establish, assert and defend legal claims:
- Collected data:Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, position, politically exposed person (PEP) status, reason for being on the PEP and sanctions lists, details of family members and known close associates of PEP, credit commitment, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and assets come from, information about any convictions and violations of law.
- Legal basis:Legitimate interest.
- Storage period: Up to 10 years after the end of the business relationship.
Based on the relationship you have with us, we indicate below
- why we process your personal data (purpose)
- the personal data that we collect
- a legal basis that we use. We explain each legal basis in the section "On what basis do you process my personal data?"
- how long we keep your data (storage period). More information on storage periods can be found in the section, "How long do you save my personal data?".
Identify yourself and verify your identity:
- Collected data: Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents (such as passports), ID cards or driving licences.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Prepare and administer the agreement with your company:
- Collected data: Name, address, telephone and fax numbers, social security number or other unique identifier, email address, company you represent, signature, restrictions relating to signing or proxy rights, investment amount.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Process orders to subscribe and redeem fund shares and make payments.:
- Collected data: Name, account ID, phone number, signature, bank account number, transaction amount.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Pay dividends:
- Collected data: Name, account ID, phone number, signature, bank account number, transaction amount.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Monitor transactions in funds to detect suspicious activities:
- Collected data: Name, account ID, transaction history, bank account number, and other information that we may request in individual cases.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Manage fund management and fund administration, incl. to merge, divide or liquidate the fund, prepare documents for board meetings and respective decisions:
- Collected data: Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, position, politically exposed person (PEP) status, reason for being on the PEP and sanctions lists, details of family members and known close associates of PEP, credit commitment, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and assets come from, information about any convictions and violations of law.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Complete tax reporting:
- Collected data: Name, email address, telephone number, office address, tax identification number, holding amount.
- Legal basis: Legitimate interest.
- Storage period: Up to 10 years after the end of the business relationship.
Establish, assert and defend legal claims:
- Collected data: Name, address, telephone and fax numbers, e-mail address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, the company you represent, signature, restrictions on signing or authorisation rights, office address, tax identification number, account ID, bank account number, investment amount/holding amount, transaction amount, transaction history.
- Legal basis: Legitimate interest.
- Storage period: Up to 10 years after the end of the business relationship.
Based on the relationship you have with us, we indicate below
- why we process your personal data (purpose)
- the personal data that we collect
- a legal basis that we use. We explain each legal basis in the section "On what basis do you process my personal data?"
- how long we keep your data (storage period). More information on storage periods can be found in the section, "How long do you save my personal data?".
Manage ongoing communication:
- Collected data: Name, telephone and fax numbers, email address, office address, your picture, title, role, the company you represent.
- Legal basis:Fulfilment of an agreement.
Storage period:As long as the agreement is valid.
Send transaction-related notices and summaries of holdings:
- Collected data: Name, account ID, phone number, email address, office address, bank account number, transaction amount.
- Legal basis: Fulfilment of an agreement.
- Storage period:As long as the agreement is valid.
Fulfil our obligations according to the laws regarding the securities market (under the Securities Markets Act):
- Collected data: Electronic communications relating to transactions of your business.
- Legal basis: Legal obligation according to the laws regarding the securities market (under the Securities Markets Act).
- Storage period: Up to 7 years after the service was performed.
Inform about the fund's position and important events concerning the fund:
- Collected data: Name, title, email address, office address.
- Legal basis: Legitimate interest.
- Storage period: As long as the agreement is valid.
Direct marketing of our funds and services to you:
- Collected data: Name, title, email address, office address.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid or until you object to the processing.
Organise events:
- Collected data: Name, title, role, email address, phone number, dietary preferences, the company you represent.
- Legal basis: Legitimate interest.
- Storage period: 30 days from when the event took place.
Based on the relationship you have with us, we indicate below
- why we process your personal data (purpose)
- the personal data that we collect
- a legal basis that we use. We explain each legal basis in the section "On what basis do you process my personal data?"
- how long we keep your data (storage period). More information on storage periods can be found in the section, "How long do you save my personal data?".
Identify yourself and verify your identity:
- Collected data: Name, address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents (such as passports), ID cards or driving licences.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Carry out checks against PEP lists and the EU’s sanctions list:
- Collected data:Name, nationality, date of birth, place of birth, position, status as a PEP, the reason why the person is on the lists, as well as corresponding information about family members and known close associates of PEP.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Conduct checks against the UN’s and OFAC’s sanctions lists:
- Collected data: Name, nationality, date of birth, place of birth, position, reason why the person is on the lists.
- Legal basis: Legitimate interest.
- Storage period: Up to 10 years after the end of the business relationship.
Take other customer awareness measures, incl. monitoring of transactions:
- Collected data: In addition to the information mentioned above, also account ID, information about credit commitments, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and wealth come from, information about possible convictions and legal violations, as well as other information that we may request in individual cases.
- Legal basis: Legal obligation according to the Money Laundering Act.
- Storage period: Up to 10 years after the end of the business relationship.
Maintain a relationship with you as a board member in one of our SICAV funds.:
- Collected data: Name, address, telephone number, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents (such as passport), ID card or driver's licence, CV (i.e., information about your knowledge and experience), your picture, compensation amount we pay you, bank account number, information on any convictions and offences, signature.
- Legal basis: Legal obligation according to fund legislation.
- Storage period:As long as the assignment is valid.
Prepare and administer the agreement with you:
- Collected data: Name, title, role, email address, phone number, dietary preferences, the company you represent.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Process orders to subscribe and redeem fund shares and make payments:
- Collected data: Name, account ID, phone number, signature, bank account number, transaction amount.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Pay dividends:
- Collected data: Name, account ID, address, social security number or other unique identifier, signature, holding amount, transaction history.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Perform tax reporting:
- Collected data: Name, phone number, address, email address, tax identification number, holding amount.
- Legal basis: Legal obligation under tax legislation.
- Storage period: Up to 10 years after the end of the business relationship.
Fulfil our obligations under the Securities Market Act:
- Collected data: Data relating to customer classification, electronic communications relating to your transactions.
- Legal basis: Legal obligation under the Securities Market Act.
- Storage period: Up to 7 years after the service was performed.
Manage ongoing communication with you:
- Collected data: Name, telephone number, address, email address.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Send transaction-related notices and summaries of holdings:
- Collected data: Name, account ID, phone number, address, email address, bank account number, transaction amount.
- Legal basis: Fulfilment of an agreement.
- Storage period: As long as the agreement is valid.
Inform about the fund's position and important events concerning the fund:
- Collected data: Name, address, email address.
- Legal basis: Legal obligation according to fund legislation.
- Storage period: As long as the agreement is valid.
Direct marketing of our funds and services to you:
- Collected data: Name, address, email address.
- Legal basis: Legitimate interest
- Storage period: As long as the agreement is valid or until you object to the processing.
Follow instructions for reporting to and reviews by regulatory authorities:
- Collected data: Name, address, telephone number, e-mail address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, position, politically exposed person (PEP) status, reason for being on the PEP and sanctions lists, and information about family members and known close associates of PEP, credit involvement, property holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and wealth come from, information about any convictions and legal violations, account ID, investment amount/holding amount, bank account number, transaction amount, transaction history, tax identification number, customer classification information, electronic communications relating to your transactions; In relation to you as a director of one of our SICAV funds: name, address, telephone number, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, CV (i.e., information about your knowledge and experience), your picture, compensation amount we pay you, bank account number, information about any convictions and offences, signature.
- Legal basis: Legal obligation.
- Storage period: Up to 10 years after the end of the business relationship.
Establish, assert and defend legal claims:
- Collected data: Name, address, telephone number, e-mail address, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, position, status as a politically exposed person (PEP), the reason why the person is on the PEP and sanctions lists, information about family members and known close associates of PEP, credit involvement, real estate holdings, payment defaults, debt balance, registered credit information, tax identification number, transaction history, bank account number, information about where funds and wealth come from, information about any convictions and offenses, account ID, investment amount/holding amount, bank account number , transaction amount, transaction history, tax identification number, customer classification information, electronic communications relating to your transactions; In relation to you as a director of one of our SICAV funds: name, address, telephone number, nationality, date of birth, place of birth, social security number or other unique identifier, copies of identity documents, CV (i.e., information about your knowledge and experience), your picture, compensation amount that we pay you, bank account number, information about any convictions and offences, signature.
- Legal basis: Legal obligation.
- Storage period: Up to 10 years after the end of the business relationship.
We must have a legal basis to process your personal data. We use one of the following legal bases.
Fulfilment of an agreement
The most common basis for processing your personal data is that you entered into or intend to enter into an agreement with us. Your information is then necessary to document, administer and fulfil agreements that we have with you or to take preparatory measures before entering into an agreement.
Legal obligation
We need to process your personal data in order to be able to fulfil our obligations according to law, other administrative provisions or regulatory authorities’ decision(s). It can be, for example to
- meet the requirements of legislation relating to combatting money laundering, fund operations, taxes or security transactions
- be able to report to the Swedish Tax Agency, the Police authority, the Debt Collection (and more) Enforcement Agency, the Financial Supervisory Authority or other Swedish and foreign authorities.
Legitimate interest
We process your personal data when it is necessary for a purpose where, after a weighing of interests, we have assessed that we have a legitimate interest that outweighs your interest in the protection of your personal data. We believe that this applies when we process your data for direct marketing, to organise events in which you participate, transfer data to another company within the SEB group, carry out checks against the UN and OFAC sanctions lists, and to establish, enforce and defend legal claims.
We save your personal data for the duration of the agreement and for the time required by applicable law. After that, we normally save the data for a maximum of 5 or 10 years after the contractual relationship has ended, taking into account statutes of limitations. In some cases, we save the data for purposes other than due to the contractual relationship, where other times may apply. This may be, for example, to comply with the Money Laundering Act (5 years after the end of the business relationship or up to 10 years in cases where the authorities request it) or the Securities Market Act (up to 7 years after the service was performed).
You can read more about the storage time we apply for different purposes in the section "What personal data do you process and why?".
Within the SEB Group
Sometimes another company within the SEB Group may process your personal data. When that happens, we support that processing when based on legitimate interest.
Outside the SEB Group
It may happen that your data is processed by third parties, of course always within the framework of applicable rules on confidentiality. These are
- our service providers and partners, including the central administrator, distributors, external fund managers, payment agents, IT providers, lawyers, accountants and consultants
- persons to whom you have authorised to obtain information such as trustees and attorneys
- various authorities to which we are obliged to provide information.
The fact that other companies process your personal data means that the data can be made available to the companies' employees, subsidiaries and their legal and professional advisors.
Transfers to third countries
In some cases, we may transfer personal data to countries outside the EU and EEA (also called third countries) and to international organisations. We only make such transfers after a special risk assessment and if other rules in the data protection regulation are followed, and if any of the following conditions are met:
- The EU Commission has decided that there is a sufficient level of protection in the country in question.
- We have taken other appropriate safeguards, such as standard contractual clauses or binding corporate rules.
- There is a special permit from the regulatory authority.
- Where in special cases it is permitted according to current data protection legislation.
You can find information about which countries are considered to have an adequate level of protection via the link Adequacy decisions (europa.eu), and view the standard contractual clauses we use for transfers via the link EUR-Lex - 32021D0914 - EUR-Lex (europa.eu).
We do not perform any automated decision-making or profiling regarding personal data that has legal consequences for you, or in any similar way significantly affects you.
According to the GDPR, you have a number of rights regarding the processing of your data. This section describes what they are and how to exercise them. You can contact our Data Protection Officer (contact information can be found in the "Data Protection Officer" section) if you wish to exercise any of your rights.
Request access to your personal data
You have the right to information about whether your personal data is processed by SEB IM. If your personal data is processed, you have the right to receive a copy of the data, information about how we process your personal data, and information regarding your rights. In most cases, you will receive this in the form of a register extract from us after you have contacted our Data Protection Officer.
Your right of access may be limited by laws or other regulations. In some cases, your right to receive a copy of the data may be limited due to, for example, the protection of our trade secrets or intellectual property rights and the protection of another person’s privacy.
Correct incorrect or incomplete information
If it turns out that we are processing personal data about you that is incorrect, you have the right to request that the data be corrected. You can also request to have incomplete information about you completed.
Delete your data
You have the right to have some, or all of your personal data deleted. It is sometimes called the right to be forgotten, and applies in the following cases:
- The data is no longer necessary for the purposes for which it was collected,
- You withdraw your consent and there is no other legal basis for the processing.
- You object to the processing due to legitimate interests, where your reason for objection outweighs our legitimate interest.
- You object to processing for direct marketing.
- The processing is illegal.
- Deletion is required to comply with a legal obligation.
In some cases, we cannot delete all the data. For example, this may be because we are required to retain the data under applicable law, such as money laundering and accounting legislation, or it is needed to deal with legal claims.
Limit how we process your data
In certain situations, you have the right to demand that our processing of your data be limited only to storage for a period of time. This could be, for example, if you believe that information about you is incorrect and we need to check this. It may also be if you have objected to processing in conjunction with what we base on legitimate interests. Then we have to check if our reasons outweigh yours.
Restriction can also be requested if the processing is illegal and you object to the deletion of the data. The right to restriction also applies in cases where we no longer need the data, but you want us to keep it so that you can assert legal claims.
Object to how we process your data
If we process information about you on the basis of legitimate interests, you can object to this processing. We must cease processing if your reason for objection outweighs our legitimate interests. However, we may continue the processing if it is to establish, exercise or defend legal claims.
If you do not want us to use your data for direct marketing, you can object to this at any time by notifying us at dataskyddsombud@seb.se. In that case, we will immediately stop processing.
Move your data to another actor
If we process your personal data with the support of an agreement or consent, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. If it is technically possible, you also have the right to have the data moved to another actor. This is called data portability.
File a complaint with the regulatory authority
If you have a complaint about how we have processed your personal data, you can contact the supervisory authority. In Sweden, it is the Swedish Authority for Privacy Protection (IMY), (formerly Datainspektionen). IMY can be reached via www.imy.se/en/.
We have appointed a data protection officer, whose task is to monitor that we comply with the rules on the protection of personal data. The data protection officer must fulfil their task in an independent manner in relation to SEB. If you want to get in touch with our data protection officer, you can do so by writing to the following addresses:
If you want to get in touch with our data protection officer, you can do so by writing to the following postal addresses or at dataskyddsombud@seb.se.
Sweden:
SEB
Data Protection Officer
SE-106 40 Stockholm, Sweden
Luxembourg:
SEB Investment Management AB, Luxembourg Branch
Data Protection
4 rue Peternelchen
L-2370 Howald, Luxembourg
Finland:
SEB
Data Protection Officer
Eteläesplanadi18,
00130 Helsinki, Finland