Personal data within SEB Asset Management AB

You can request access to the information we hold about you, with some limited exceptions for example confidential information or trade secrets, internal drafts and memos. We will also inform you about:

• Why we are processing the information;
• Who we are sharing the information with and if any information is transferred to a country not deemed to have adequate protection in place for personal data;
• How long we will be keeping the information;
• The source of the information, if it was not collected directly from you; and
• If we are using the data for automated decision making or profiling.

If you make a request for a copy of the personal information that we are processing, please be as specific as possible. This will help us identify the relevant data more quickly and provide you with a copy without any undue delay.
You can learn more about your right of access on the Swedish Authority for Privacy Protection (IMY) website: Right of access

If you feel that the information we hold about you is inaccurate, you can ask us to correct and update it. If we have shared the personal data with a third party, we will inform such third parties so that they can correct inaccurate information.

You can learn more about your right to rectification on IMY's website: Right to have incorrect information corrected

You can also request that we erase information, although that might not always be possible if doing so means we cannot perform our contract with the customer, or we have a legal obligation or legitimate interest to keep the information. We will explain the consequences for erasing your information.

You can learn more about your right to erasure on IMY's website: Right to erasure of personal data

If you feel that we are processing the information unlawfully or with inaccurate information, you can request us to restrict the processing. Where personal data is subjected to restriction in this way, we will only process it with your consent or for the establishment, exercise or defence of legal claims unless we have your consent. If the processing is restricted, we will continue to store the information.

You can learn more about your right to restriction on IMY's website: Right to restriction

If you disagree with any legitimate interest or public interest, we have relied upon to process the information, you can object to the processing. We will then stop processing the information unless we can demonstrate a compelling legitimate basis that overrides your rights, or the processing is required to establish, exercise or defend a legal claim.

You can learn more about your right to object on IMY's website: Right to object

Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal information is processed by automatic means, you have the right to receive all such personal information which you have provided to SEB AM in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller, in a machine-readable format, i.e. a format that can be read with technical means. The right to data portability does not apply if the information:

• Is only available in paper form or as a scanned document in SEB AM’s electronic archive;
• Would infringe the rights of someone else;
• Does not come directly from individual; or
• Is created for internal use through analysis or evaluation.

You can learn more about the right to data portability on IMY's website: Right to move personal data

SEB AM is committed to safeguarding your information and upholding your rights as a data subject, but if you feel we have not done that, please contact us at dsr@seb.se or the SEB AB’s Data Protection Officer by e-mail (dataskyddsombud@seb.se) or through the following postal address:

SEB
Data Protection Officer
106 40 Stockholm

Please use the above postal address only for matters related to data protection. For all other correspondence, use the following postal address:

SEB
106 40 Stockholm

Without prejudice to other remedies, you can always reach out to the Swedish Data Protection Authority (IMY) 

We collect the information directly from you or from our customer (such as your employer, company where you are an officer or director) when administrating the contractual or prospective contractual relationship, for example when filling out applications and forms and submitting specific document to us, when using our products and services, participating in meetings with us, and contacting us via phone, e-mail, chat, web form. 

We collect the following categories of personal information from you or from our customer:

• Identification information, for example name (first and last), national identification number and information included in government-issued ID documents such as gender, nationality, photo.
• Authentication information, information we use to identify and authenticate you, for example multi-factor identification details, signature and additional information that we receive from external sources we need for compliance purposes.
• Contact information, for example, email address, telephone number, information about our relationship with you and/or our customer.
• Work-related information, for example job title, area of responsibility, employment, company officer or director, professional certifications, membership in professional organisations, education, experience.
• Communication information, for example email and chat correspondence, notes, voice recordings, Teams recordings (where you are advised in advance of the recording). Information about the communication channels you use and ways of interacting with us.
• Transaction details, for example intermediary and industry identification numbers, investment details, payee/investee details, product details, transaction details and identification numbers.
• Information required by law, information we need to support our legal obligations, for example information about and information required for detection of any suspicious and unusual activity and information about parties connected to you or these activities.
• Sensitive personal data, for example political opinions which could be revealed by lists of so-called politically exposed persons (PEPs), including family members and close associates, includes information such as name, date of birth, place of birth, occupation or position, as well as the reason why the person is on such a list. Sensitive personal data can also be your possible food preferences when attending an event.
• Investigation and Risk rating information, for example, due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, internal investigation reports, content and metadata related to relevant exchanges of information between and among different representatives, credit risk rating/score, risk assessment reports, transactional behaviour and underwriting information.
• Crime data, for example information about criminal convictions or offences and recordings from our camera surveillance that are used to investigate crimes.

We may also collect and store information automatically about you when interacting with us, for example visiting our websites or mobile channels, or any other use of our online services. Such information is usually collected using so-called cookies or similar technologies. This is how we use cookies

• Device information, for example IP address, language settings, browser settings, time zone, operating system, platform, screen resolution, device identifiers, browser type and similar information about the device you use, such as mobile or computer, and device settings/usage.
• Technical information generated when using SEB AM’s products and services, for example technical data such as page response times, download errors, and logs of the date and time when the service was used.
• Location determination data, where you are when logging in to our digital services for example GPS coordinates and login timestamps.
• Recording of telephone conversations, online meetings and storage of chat conversations, to the extent permitted by applicable law, we record and log telephone calls and chat conversations for documentation of customer request, verification of orders, security and fraud management purposes and to fulfil legal requirements. For example, online meetings, telephone and chat conversations may be stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions.

Based on the specific products, services or business relationship as well as requirements under applicable law, we may collect the following categories of personal data on our own or from third parties about you:

• Public information, for example information you, your employer or other representative makes publicly available via a company website or in social media profiles and information about you available in news feeds, exchange data feeds and other public data sources (including the public interest)
• government/organisational information, for example information provided by relevant regulators, government agencies and non-government credentialing or professional organisations
• sanction information, for example information related to your status under economic sanctions, anti-money laundering and similar laws or other information that may impact our ability to engage in business with you or a company at which are an employee, officer or director
• profile information, for example information from companies providing professional contact information to their customers/subscribers
• other personal data, information to the extent permitted by applicable law and reasonably necessary for the performance of our business obligations, compliance with laws applicable to our business or pursuit of our legitimate business interests.

For example, to market our products and services by contacting you in your professional role or host events you attend to.

For example, to analyse your use for product improvement purposes, such as to analyse information about the communication channels you use and ways of interacting with us i.e. customer insights for product and service improvements.

• To perform know your customer (KYC), by obtaining information required to comply with to detection and prevention of money laundering and terrorist financing under the AML Act
• to record telephone conversations relating to, at least, transactions concluded when dealing on own account and providing client order services that relate to the reception, transmission and execution of client orders to comply with MiFID II and applicable EU member state laws and MIFIR, and related acts and regulations.

For example, to defend a legal claim or complaint, where we are subject to a regulatory investigation, or where we may need to defend ourselves in legal proceedings or respond to a regulator or to a valid legal request, such as a preservation order, subpoena or search warrant.

For example, to ensure information security in our products and services and to monitor for security threats and fraud involving use of our products, services, sites or physical facilities. This processing involves the use of video surveillance and CCTV at the entrance to our offices, reception and customer areas.

If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

For example, to share information with companies within the SEB Group, authorities or other third parties such as suppliers and subcontractors, please see more details about sharing in section 7.

To improve the quality of our digital services and tailor them to your preferences. We use cookies and similar technologies on our website and in our digital apps, including for marketing via digital channels.

This is how we use cookies

The appropriate retention period is determined on a case-by-case basis and will depend on the length of time we need to keep your personal data for the purpose(s) for which it was collected, for example:

• To administrate the customer relationship for example verifying who is authorised to represent the customer, communicate about the product and services, documenting agreements until the termination of the customer relationship and relevant time period thereafter
• where it is reasonably necessary for reasons related to a legal claim or complaint, where we are subject to a regulatory investigation, or where we may need to defend ourselves in legal proceedings or respond to a regulator or to a valid legal request, such as a preservation order, subpoena or search warrant
• to meet our legal and regulatory obligations to detect and prevent money laundering and terrorist financing under the AML Act
• to meet our legal obligations to retain information regarding all services, activities and transactions that our in-scope entities undertake under MiFID II and applicable EU member state laws and MIFIR, and related acts and regulations. Such information includes recording of telephone conversations or electronic communications relating to, at least, transactions concluded when dealing on own account and providing client order services that relate to the reception, transmission and execution of client orders.

When we no longer need to retain personal data, we will destroy, delete or anonymise. Information about how long we are entitled to use your information in relation to a specific purpose, please read the purpose table at the end of this document.

SEB AM may need to share information within the SEB Group to provide the products, services and functionalities to our customer or due to money laundering legal obligations. In some cases, we also collect information about you from other companies within the SEB Group to be able to offer better advice as well as for customer surveys and profitability calculations.

SEB AM has a public or legal duty to provide information to authorities such as the Swedish Police Authority, the Swedish Financial Supervisory Authority, the Swedish Tax Agency or other authorities. We may also need to share your information in connection with regulatory reporting, litigation or asserting or defending legal rights and interests.

We engage suppliers to provide services and functionalities that SEB AM cannot offer itself, such as suppliers of IT services, payment agents, administration, distributors, external fund managers, lawyers, accountants and consultants. Your data may also be processed by third parties to whom you have authorised to obtain information, such as trustees and attorneys. Suppliers and subcontractors may only process the personal data they receive from us on our instructions and to the extent necessary for their delivery to us, so-called personal data processors.

In connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with our customer, we may need to share your information with a third party.

If you choose to contact us via social media, such as through Facebook, Instagram or X, your information will be collected and processed by these companies. The processing carried out by these companies is carried out in accordance with their own respective privacy notices.

Transfers to a third country can be made if any of the following conditions apply:

• The European Commission has decided that there is an adequate level of protection for individuals’ personal data in the third country in question.
• The recipient of the personal data is bound by the European Commission's agreements, so-called Standard Contractual Clauses or binding corporate rules.
• The data protection supervisory authority has granted a specific authorisation for certain transfers.
• It is otherwise permitted under applicable data protection legislation, for example to fulfil an agreement with or situations where You have given us consent to carry out the specific transfer.

When using Standard Contractual Clauses, we assess the legal framework of the third country and implement supplementary measures such as encryption and access controls.

If you want more details about the protection of personal data when it is transferred outside of the EU/EEA you can contact us using the details in section 10.

Our safeguards include both technical and organisational safeguards, such as:

• Encryption of personal data.
• Access restriction when handling personal data.
• Automatic deletion of personal data when a specific purpose for processing ceases to apply.
• Regular tests to assess and evaluate the effectiveness of applicable security measures.
• SEB AM always ensures that we do not process more information than what is strictly necessary.
• When a partner processes personal data on our behalf (a so-called data processor), we require that they have appropriate levels of protection and use equivalent safeguards as SEB AM.