Information about Skandinaviska Enskilda Banken AB´s processing of personal data
We always handle the information that our customers entrust us with in a careful and responsible manner. This information explains how we gather and use your personal data. It also describes your rights regarding your personal data.
The personal data controller is:
Skandinaviska Enskilda Banken AB (publ)
Corporate identity number 502032-9081
Personal data is information that directly or indirectly can be coupled to a living person. It includes, for example, a person's name and personal identity number, but also other information that is specific to a person's physical, genetic, mental, financial, cultural or social identity. Information about your IP address and your recorded voice can also be personal data if it can be coupled to you.
Certain personal data is considered to be sensitive and its covered by special rules. By special categories of personal data is meant data that reveals
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data that identifies a natural person
- data concerning health
- data concerning a natural person's sex life or sexual orientation
By processing of personal data is meant everything that is done with the information, regardless of whether it is done by automated means or not. Examples of common processing of data include collecting, recording, structuring, storage, transfer and erasure. Only processing that is done by automated means or that is included in a register is covered by the data protection rules.
We collect information about you if you have entered into or seek to enter into an agreement with us. This can entail, for example, your role as a customer, creditor or pledgee. Sometimes we also need to collect information about you as a payer, trustee, administrator, agent, representative, signatory, some form of contact person, or beneficial owner. You can read more about when we collect this type of information in the following section.
We collect information about you that you yourself provide to us directly or indirectly. This can take place, for example, in connection with a notice of interest or an application, when you enter into an agreement with us, or in general in connection with our administration of agreements.
We may also store information that is collected or arises when you contact us. We record phone conversations, for example. We may also store communication that we collect via email. Further, we store information obtained from when you use the internet bank, our mobile app, or other internet services. This can pertain to, for example, information about how you use our services, your purchases and payments, your IP address, or your geographic location.
Information we collect about you
In addition to the information that you yourself provide to us, we may collect information about you from other sources. This happens, for example, when we
- continuously update information about names and contact information via SPAR, the Swedish state personal address register,
- request information from credit rating firms,
- and perform the controls that we must perform to prevent our products and services from being used for money laundering, by collecting information from sanction lists among international organisations.
To prepare and administer agreements
The most common purpose for which we process your personal data is to document, administer and execute agreements we have with you. We need to collect personal data for this purpose in order to be able to enter into agreements with you.
To meet our legal obligations
We also need to process your personal data to be able to meet our obligations pursuant to laws, other statutes or decisions by authorities. This can include the following, for example:
- to meet requirements under bookkeeping laws
- to meet requirements under anti–money laundering laws
- to check personal data against sanction lists, which we are required to apply by law or decision by authority
- to be able to report to the Swedish Tax Agency, the Swedish Police Authority, the Swedish Enforcement Authority, the Swedish Financial Supervisory Authority and other Swedish and foreign authorities
- to comply with laws governing risk management, which includes processing of data to quality-assure loans for capital adequacy purposes
- to comply with laws governing payment services, such by sharing data with third-party service providers that have licences to offer services involving account information or payment initiation, and through our measures to monitor payments for the purpose of detecting fraud
- to comply with laws governing securities business
When we have a legitimate interest
We process your personal data when it is necessary for a purpose for which we, after a consideration of interests, have determined that we have a legitimate interest.
When we have a legitimate interest, we may process your personal data to perform market and customer analyses for business development and to improve our product offering to our customers. This information may also be used to develop our systems and to perform customer analyses for the purpose of detecting fraud.
We may also process your data for the purpose of providing personal offers to you. Such marketing may at times be based on how you use our services and your behaviour in our digital channels. You can read more about profiling further below.
We may also use your personal data to target direct advertising and offers to you. If you do not want to receive direct advertising, you can notify us. You can read more about how to do this further below.
When you have given your consent
In certain cases we need your consent to process your personal data. In such cases we will ask for your consent to process your personal data for the specific purpose. This applies, for example, when you provide information about your so-called sensitive personal data. You can read about what constitutes sensitive personal data in the sections above.
You can withdraw a consent you have given at any time. The processing that we have already done will not be affected, but we will not continue processing your personal data if we do not have other grounds for the processing. If you withdraw your consent, it may affect certain contractual terms, for example if you have received a lower price because you have given your consent to use certain data.
We store your personal data during the term of the agreement. Thereafter, we store personal data normally for a maximum of 10 years, in view of the statute of limitations. In certain cases we store personal data for a longer period due to laws on capital adequacy that we must comply with. When we store personal data for other purposes than the contractual conditions, other times may apply – for example, for our compliance with anti–money laundering laws (5 years) and bookkeeping laws (7 years).
If you do not enter into an agreement with us, but for example have provided personal data to us in an application, we normally store the data for a maximum of three months. In certain cases we may need to store the data longer, for example due to anti–money laundering laws.
We do our best to protect your personal data from unintentional or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access. We do this through both technical and organisational measures.
We always strive to not process more data than is necessary, and we pseudonymise and anonymise your personal data where possible. If a business partner processes personal data for us – a personal data processor – the processor must always undertake to maintain a suitable level of security and to use the corresponding security measures.
Within the SEB Group
At times another company in the SEB Group may process your personal data. This may be done, for example, to direct offers to you about other products or to be able to offer you advice. When this happens, we base such processing on the grounds of a legitimate interest.
Outside the SEB Group
It may happen that your personal data is used by other companies that we cooperate with – naturally always within the framework of applicable rules governing confidentiality. These may include, for example, Upplysningscentralen (UC), Bankgirocentralen (BGC), or Finansiell ID-Teknik (mobile BankID). When companies such as us process your personal data, it is done so that we can fulfil our agreement with you or on the grounds of our legitimate interest.
By law, in certain cases we are also required to provide your personal data to various authorities. You can read more about his in the sections above.
Transfers to third countries (countries outside the EU and EEA)
In certain cases we may transfer personal data to countries outside the EU and EEA (also referred to as third countries), and to international organisations. We only make such transfers if it is in compliance with other rules in the General Data Protection Regulation and if any of the following conditions are met:
- The European Commission has decided that there is an adequate level of protection in the country in question
- We have taken other suitable protection measures, such as standard contractual clauses or binding company stipulations
- Special permission has been obtained from a supervisory authority
- It is permissible in special cases under applicable data protection laws
According to the data protection laws, you have the right to exercise control over your personal data and to obtain information about how we process your personal data. You can contact us if you want to exercise any of your rights.
Request a register extract of personal data
You have the right to obtain information about which personal data about you that we process. You can obtain this by requesting a register extract from us. You can request a simplified register extract via the internet bank, which you can read immediately. If you do not have access to the internet bank, or if you want to order a complete register extract, you can contact us.
Rectify inaccurate or incomplete personal data
If it turns out that we process personal data about you that is inaccurate, you have the right to request a rectification of the personal data. You can also request to have incomplete personal data about you completed.
Erasure of your personal data
You have the right to have any or all of your personal data erased. This is also referred to as the right to be forgotten. In certain cases we cannot erase all of your personal data. In such case this would be due to the fact that we need to store your personal data due to a contractual relationship or law.
Restrict how we process your personal data
I certain situations you have the right to demand that our processing of your personal data be restricted for a period of time. This can pertain, for example, to a situation where you believe data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours.
Object to how we process your personal data
If we process personal data about you on the grounds of a legitimate interest, you can object to this processing. In order for us to be able to continue processing such personal data, we must be able to show that we have compelling, legitimate grounds for this processing that override your interests and rights. You can read more about legitimate interests in the sections above.
When we have a legitimate interest
Transfer your personal data to another party
If we process your personal data on the grounds of an agreement or consent, you have the right to receive the personal data that you yourself have provided to us. Where technically feasible, you also have the right to have the personal data transmitted to another party. This is called data portability.
Submit an objection to the supervisory authority
If you have an objection about how we have processed your personal data, you can turn to the supervisory authority concerned. In Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
Read more on the Swedish Authority for Privacy Protection's website
Profiling is when your personal data is automatically processed to determine certain personal characteristics, particularly your financial situation, personal preferences, interests, or where you are located.
We collect statistical data from external sources. This may pertain to data about lifestyle and typical behaviours based on demographic household data. With this statistical data we create profiles, and we can combine them with data that we already have about you.
We use profiling to perform customer analyses for marketing purposes. Such marketing may, among other things, be based on information that is learned when you use our services and navigate in our digital channels. We also use profiling to improve your experience when you use our digital services, such as by customising certain services and products that are shown when you use the internet bank and by creating offers that are personalised for you. We may also use profiling to monitor transactions for the purpose of preventing fraud and for automated individual decision-making. You can read more about automated individual decision-making in the following section.
When we process personal data for profiling, we do so on the grounds of our legitimate interest, to fulfil an agreement, or based on your consent. If we need your consent, we will ask you if you consent to the processing.
Our automated decisions may sometimes be based on profiling. If such a decision produces legal effects for you or in some other way significantly affects you, certain restrictions apply. We only make these types of decisions if you have given your express consent to it or if it is necessary to be able to enter into or fulfil an agreement with you.
We have appointed a Data Protection Officer who is responsible for monitoring our compliance with the rules on the protection of personal data. The Data Protection Officer shall perform his or her duties independently in relation to SEB. If you want to contact our Data Protection Officer, you can write to SEB, Data Protection Officer, SE-106 40 Stockholm, Sweden.
To contact us by post about personal data questions, please write
to SEB, Data Protection,
SE-106 40 Stockholm, Sweden.
You can also contact us by phone on +46 (0)771-365 365.