Personal data within SEB Asset Management AB
Last updated on September 30, 2025.

This Privacy Notice describes how SEB Asset Management AB (reg. no. 559419-2774) ("SEB AM", "we" or "us") collects and uses information about individuals in connection with the products and services we provide to our clients and customers. SEB Asset Management AB, including its branches in Denmark and Finland, is the securities company within the SEB Group.
By “you” in this notice, we mean you as an individual whose personal data is processed by SEB AM, including a (potential) customer, customer’s employee, officers, agents or representative. It can also mean other relevant parties, such as beneficial owners, authorised representatives and managers, beneficiaries, shareholders and associated parties.
We also inform about the rights individuals have in relation to their personal data and how to exercise those rights and get in contact with us.
1. Rights of individuals
You have certain rights related to the information that we hold about you, these rights and how to use them are explained below. Sometimes we may need to ask for additional information to confirm your identity. We do this to protect the information and ensure that no unauthorised person can access or change data that is not theirs.
You can request access to the information we hold about you, with some limited exceptions for example confidential information or trade secrets, internal drafts and memos. We will also inform you about:
- Why we are processing the information;
- Who we are sharing the information with and if any information is transferred to a country not deemed to have adequate protection in place for personal data;
- How long we will be keeping the information;
- The source of the information, if it was not collected directly from you; and
- If we are using the data for automated decision making or profiling.
If you make a request for a copy of the personal information that we are processing, please be as specific as possible. This will help us identify the relevant data more quickly and provide you with a copy without any undue delay.
You can learn more about your right of access on the Swedish Authority for Privacy Protection (IMY) website: Right of access
If you feel that the information we hold about you is inaccurate, you can ask us to correct and update it. If we have shared the personal data with a third party, we will inform such third parties so that they can correct inaccurate information.
You can learn more about your right to rectification on IMY's website: Right to have incorrect information corrected
You can also request that we erase information, although that might not always be possible if doing so means we cannot perform our contract with the customer, or we have a legal obligation or legitimate interest to keep the information. We will explain the consequences for erasing your information.
You can learn more about your right to erasure on IMY's website: Right to erasure of personal data
If you feel that we are processing the information unlawfully or with inaccurate information, you can request us to restrict the processing. Where personal data is subjected to restriction in this way, we will only process it with your consent or for the establishment, exercise or defence of legal claims unless we have your consent. If the processing is restricted, we will continue to store the information.
You can learn more about your right to restriction on IMY's website: Right to restriction
If you disagree with any legitimate interest or public interest, we have relied upon to process the information, you can object to the processing. We will then stop processing the information unless we can demonstrate a compelling legitimate basis that overrides your rights, or the processing is required to establish, exercise or defend a legal claim.
You can learn more about your right to object on IMY's website: Right to object
Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal information is processed by automatic means, you have the right to receive all such personal information which you have provided to SEB AM in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller, in a machine-readable format, i.e. a format that can be read with technical means. The right to data portability does not apply if the information:
- Is only available in paper form or as a scanned document in SEB AM’s electronic archive;
- Would infringe the rights of someone else;
- Does not come directly from individual; or
- Is created for internal use through analysis or evaluation.
You can learn more about the right to data portability on IMY's website: Right to move personal data
SEB AM is committed to safeguarding your information and upholding your rights as a data subject, but if you feel we have not done that, please contact us at dsr@seb.se or the SEB AB’s Data Protection Officer by e-mail (dataskyddsombud@seb.se) or through the following postal address:
SEB
Data Protection Officer
106 40 Stockholm
Please use the above postal address only for matters related to data protection. For all other correspondence, use the following postal address:
SEB
106 40 Stockholm
Without prejudice to other remedies, you can always reach out to the Swedish Data Protection Authority (IMY)
2. What personal data we collect and how we collect it
We collect the information directly from you or from our customer (such as your employer, company where you are an officer or director) when administrating the contractual or prospective contractual relationship, for example when filling out applications and forms and submitting specific document to us, when using our products and services, participating in meetings with us, and contacting us via phone, e-mail, chat, web form.
We collect the following categories of personal information from you or from our customer:
- Identification information, for example name (first and last), national identification number and information included in government-issued ID documents such as gender, nationality, photo.
- Authentication information, information we use to identify and authenticate you, for example multi-factor identification details, signature and additional information that we receive from external sources we need for compliance purposes.
- Contact information, for example, email address, telephone number, information about our relationship with you and/or our customer.
- Work-related information, for example job title, area of responsibility, employment, company officer or director, professional certifications, membership in professional organisations, education, experience.
- Communication information, for example email and chat correspondence, notes, voice recordings, Teams recordings (where you are advised in advance of the recording). Information about the communication channels you use and ways of interacting with us.
- Transaction details, for example intermediary and industry identification numbers, investment details, payee/investee details, product details, transaction details and identification numbers.
- Information required by law, information we need to support our legal obligations, for example information about and information required for detection of any suspicious and unusual activity and information about parties connected to you or these activities.
- Sensitive personal data, for example political opinions which could be revealed by lists of so-called politically exposed persons (PEPs), including family members and close associates, includes information such as name, date of birth, place of birth, occupation or position, as well as the reason why the person is on such a list. Sensitive personal data can also be your possible food preferences when attending an event.
- Investigation and Risk rating information, for example, due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, internal investigation reports, content and metadata related to relevant exchanges of information between and among different representatives, credit risk rating/score, risk assessment reports, transactional behaviour and underwriting information.
- Crime data, for example information about criminal convictions or offences and recordings from our camera surveillance that are used to investigate crimes.
We may also collect and store information automatically about you when interacting with us, for example visiting our websites or mobile channels, or any other use of our online services. Such information is usually collected using so-called cookies or similar technologies. This is how we use cookies
- Device information, for example IP address, language settings, browser settings, time zone, operating system, platform, screen resolution, device identifiers, browser type and similar information about the device you use, such as mobile or computer, and device settings/usage.
- Technical information generated when using SEB AM’s products and services, for example technical data such as page response times, download errors, and logs of the date and time when the service was used.
- Location determination data, where you are when logging in to our digital services for example GPS coordinates and login timestamps.
- Recording of telephone conversations, online meetings and storage of chat conversations, to the extent permitted by applicable law, we record and log telephone calls and chat conversations for documentation of customer request, verification of orders, security and fraud management purposes and to fulfil legal requirements. For example, online meetings, telephone and chat conversations may be stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions.
Based on the specific products, services or business relationship as well as requirements under applicable law, we may collect the following categories of personal data on our own or from third parties about you:
- Public information, for example information you, your employer or other representative makes publicly available via a company website or in social media profiles and information about you available in news feeds, exchange data feeds and other public data sources (including the public interest)
- government/organisational information, for example information provided by relevant regulators, government agencies and non-government credentialing or professional organisations
- sanction information, for example information related to your status under economic sanctions, anti-money laundering and similar laws or other information that may impact our ability to engage in business with you or a company at which are an employee, officer or director
- profile information, for example information from companies providing professional contact information to their customers/subscribers
- other personal data, information to the extent permitted by applicable law and reasonably necessary for the performance of our business obligations, compliance with laws applicable to our business or pursuit of our legitimate business interests.
3. For what purposes do we process your personal data?
We may process your personal data for any of the following purposes, depending on the capacity in which you interact with us. If you want to know more details, please read the purpose table at the end of this document.
For example, to market our products and services by contacting you in your professional role or host events you attend to.
For example, to analyse your use for product improvement purposes, such as to analyse information about the communication channels you use and ways of interacting with us i.e. customer insights for product and service improvements.
- To perform know your customer (KYC), by obtaining information required to comply with to detection and prevention of money laundering and terrorist financing under the AML Act
- to record telephone conversations relating to, at least, transactions concluded when dealing on own account and providing client order services that relate to the reception, transmission and execution of client orders to comply with MiFID II and applicable EU member state laws and MIFIR, and related acts and regulations.
For example, to defend a legal claim or complaint, where we are subject to a regulatory investigation, or where we may need to defend ourselves in legal proceedings or respond to a regulator or to a valid legal request, such as a preservation order, subpoena or search warrant.
For example, to ensure information security in our products and services and to monitor for security threats and fraud involving use of our products, services, sites or physical facilities. This processing involves the use of video surveillance and CCTV at the entrance to our offices, reception and customer areas.
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
For example, to share information with companies within the SEB Group, authorities or other third parties such as suppliers and subcontractors, please see more details about sharing in section 7.
To improve the quality of our digital services and tailor them to your preferences. We use cookies and similar technologies on our website and in our digital apps, including for marketing via digital channels.
4. What is our legal basis for processing your personal data?
We will only collect and use your information if we have a so-called legal basis to do so. This is a summary of the legal basis. If you want to know more details, please read the purpose table at the end of this document.
- The most common basis for processing your personal data is that you entered into or intend to enter into an agreement with us. Your information is then necessary to document, administer and fulfil agreements that we have with you or to take preparatory measures before entering into an agreement.
- We use your information based on ours and our customer’s legitimate interest. In a balance of interests, we assess whether our interest of processing your personal data outweighs your right not to have your data processed for the specific purpose. If you want more information about how the assessments are being made, you are always welcome to contact us.
- We also use your information where we must comply with a certain legal obligation or obligations to comply with court orders arising in civil or criminal court proceedings, binding requests from regulatory authorities.
- We may ask for consent to certain processing which is not otherwise justified on any of the other legal basis. If consent is required for the processing in question, it will be sought directly from you to make sure it is freely given, informed and explicit. Information about such processing will be provided to you at the time consent is requested along with the impact of not providing such consent.
You should be aware that it is not a condition or requirement to consent. Where consent is given, it may be withdrawn by you at any time, but this will not impact any other lawful basis for processing relied on by SEB AM.
5. For how long will SEB AM retain your personal data?
SEB AM will retain personal data for as long as needed or permitted considering the purpose(s) for which it was obtained. The criteria used to determine our retention period include:
- the length of time we have an ongoing relationship with our customer and provide our products and service
- if there is a legal obligation to which we are subject
- if retention is advisable in light of our legal position (such as in regard to applicable statutes of limitation, litigation or regulatory investigations).
The appropriate retention period is determined on a case-by-case basis and will depend on the length of time we need to keep your personal data for the purpose(s) for which it was collected, for example:
- To administrate the customer relationship for example verifying who is authorised to represent the customer, communicate about the product and services, documenting agreements until the termination of the customer relationship and relevant time period thereafter
- where it is reasonably necessary for reasons related to a legal claim or complaint, where we are subject to a regulatory investigation, or where we may need to defend ourselves in legal proceedings or respond to a regulator or to a valid legal request, such as a preservation order, subpoena or search warrant
- to meet our legal and regulatory obligations to detect and prevent money laundering and terrorist financing under the AML Act
- to meet our legal obligations to retain information regarding all services, activities and transactions that our in-scope entities undertake under MiFID II and applicable EU member state laws and MIFIR, and related acts and regulations. Such information includes recording of telephone conversations or electronic communications relating to, at least, transactions concluded when dealing on own account and providing client order services that relate to the reception, transmission and execution of client orders.
When we no longer need to retain personal data, we will destroy, delete or anonymise. Information about how long we are entitled to use your information in relation to a specific purpose, please read the purpose table at the end of this document.
6. Profiling and Automated Decision Making
We do not perform any automated decision-making or profiling regarding personal data that has legal consequences for you, or in any similar way significantly affects you. Risk scoring is subject to human review.
7. Who we may share your personal data with
We only share personal data with others if it is lawful to do so, to provide you with products and services requested by our customer, if it is required to comply with a legal obligation (for example, to assist with detecting and preventing fraud, reporting to an authority, where sharing of data is mandatory or permitted), if we have a legitimate interest for doing so (for example, to manage risk or to verify identity), or we if you have given permission to share it. When we share personal data with others, we ensure that the recipient processes the personal data in accordance with this Privacy Notice, for example by entering into so-called data transfer agreements or data processing agreements with the recipient.
Categories of recipients with whom we may share your information with:
SEB AM may need to share information within the SEB Group to provide the products, services and functionalities to our customer or due to money laundering legal obligations. In some cases, we also collect information about you from other companies within the SEB Group to be able to offer better advice as well as for customer surveys and profitability calculations.
SEB AM has a public or legal duty to provide information to authorities such as the Swedish Police Authority, the Swedish Financial Supervisory Authority, the Swedish Tax Agency or other authorities. We may also need to share your information in connection with regulatory reporting, litigation or asserting or defending legal rights and interests.
We engage suppliers to provide services and functionalities that SEB AM cannot offer itself, such as suppliers of IT services, payment agents, administration, distributors, external fund managers, lawyers, accountants and consultants. Your data may also be processed by third parties to whom you have authorised to obtain information, such as trustees and attorneys. Suppliers and subcontractors may only process the personal data they receive from us on our instructions and to the extent necessary for their delivery to us, so-called personal data processors.
In connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with our customer, we may need to share your information with a third party.
If you choose to contact us via social media, such as through Facebook, Instagram or X, your information will be collected and processed by these companies. The processing carried out by these companies is carried out in accordance with their own respective privacy notices.
8. Transfer of personal data to countries outside the EU and EEA
We may need to transfer your information to a country outside the EU/EEA (a so-called third country), for example for the performance of a contract with our customer, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interest. When we transfer personal data to a third country, we ensure that the transfer is covered by an approved transfer mechanism and supplementary safeguards have been implemented and that the transfer is lawful.
Transfers to a third country can be made if any of the following conditions apply:
- The European Commission has decided that there is an adequate level of protection for individuals’ personal data in the third country in question.
- The recipient of the personal data is bound by the European Commission's agreements, so-called Standard Contractual Clauses or binding corporate rules.
- The data protection supervisory authority has granted a specific authorisation for certain transfers.
- It is otherwise permitted under applicable data protection legislation, for example to fulfil an agreement with or situations where You have given us consent to carry out the specific transfer.
When using Standard Contractual Clauses, we assess the legal framework of the third country and implement supplementary measures such as encryption and access controls.
If you want more details about the protection of personal data when it is transferred outside of the EU/EEA you can contact us using the details in section 10.
9. How do we protect your personal data?
We are constantly working to improve our safeguards to ensure the integrity, availability and confidentiality of personal data.
Our safeguards include both technical and organisational safeguards, such as:
- Encryption of personal data.
- Access restriction when handling personal data.
- Automatic deletion of personal data when a specific purpose for processing ceases to apply.
- Regular tests to assess and evaluate the effectiveness of applicable security measures.
- SEB AM always ensures that we do not process more information than what is strictly necessary.
- When a partner processes personal data on our behalf (a so-called data processor), we require that they have appropriate levels of protection and use equivalent safeguards as SEB AM.
10. Contact
If you have any further questions, you are always welcome to contact us by sending an email to dsr@seb.se.
If you want to get in touch with SEB Group Data Protection Officer, send an e-mail to dataskyddsombud@seb.se, or via post:
SEB
Data Protection Officer
106 40 Stockholm
Please use the above postal address only for matters related to data protection. For all other correspondence, use the following postal address:
SEB
106 40 Stockholm
11. Changes to this information
This Privacy Notice may be updated from time to time.
This notice was last updated on September 30, 2025.