Why We Process Personal Data: the Applicable Law obligates us to identify our Customers and, in certain events, their representatives and persons participating in an occasional transaction.
How We Process Personal Data: for this purpose, We will ask You to provide a valid identity document and if necessary, other documentation necessary for identification. We use the authentication tools when verifying Your identity.
Identification
When You apply for a Service or conclude a Service agreement, We have a legal obligation to identify You. For identification, We will ask You to provide a valid identity document which We verify in the Register of Invalid Documents and in certain cases – in the Register of Natural Persons.
If You conclude a Service agreement on behalf of a child, We will ask You to provide a valid identity document of the child which We will verify in the Register of Invalid Documents, in addition to verifying Your child’s identity and Your right to represent the child by checking Personal Data in the Register of Natural Persons. In such cases We perform Personal Data Processing for the purposes of concluding and performing the agreement.
In Your interest and based on Your written submission, We can serve You in the presence of a person invited by You. This person does not have to be Our customer or Your authorized person. In this case, We process Your Personal data on the basis of the contract and the data of the person You invite to be present – on the basis of legitimate interests.
When You use Our Services continuously, We need to ensure that Your Identification Data is correct and up to date. For this purpose, We will ask You to update Your Identification Data provided to Us, and We may also update part of Your Identification Data automatically through the Register of Natural Persons.
We will share Your up-to-date Identification Data within the Swedbank Group entities depending on the products and Services You use or have requested, to ensure that Your Personal Data is up-to-date.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To identify Customer and to ensure Service provision |
Compliance with a legal obligation; Performance of an agreement |
Swedbank Group entities; Register of Invalid Documents; Register of Natural Persons |
To identify, manage and maintain relationship with Customer’s representative |
Legitimate interest to ensure lawfulness of transactions |
Swedbank Group entities; Register of Powers of Attorney; Register of Natural Persons; Register of Invalid Documents |
To fulfill the Customer's request to be served in the presence of a person invited by them |
Performance of an agreement with respect to the Customer; Legitimate interests in relation to the person present |
Swedbank Group entities |
Authentication
If You receive a Service, We are required to verify Your identity in accordance with Applicable Law.
Authentication is mainly carried out using the authentication tools provided by companies like SK ID Solutions AS (Smart-ID, Mobile-ID). You can also use authentication tools that We accept based on the regulatory requirements (eID card, eParaksts Mobile), or other solutions which We consider secure and efficient (biometrics, PIN in Swedbank’s mobile app, security token).
When You use an authentication tool provided by another company, We may share with that company Your Identification Data and Communication and Device Data (such as the IP address and device type). In addition, We inform such companies that You use our Services. As part of the authentication, We do not Process biometric data. Biometric data is Processed by the companies providing the authentication services as Data Controllers. Therefore, to find out more details about Personal Data Processing as part of authentication, please visit the websites of the relevant authentication service providers.
For the purposes described in this Section, based on a legal obligation which We are subject to or performance of an agreement, We may Process categories of Personal Data like Identification Data, Contact Data, Communication and Device Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To perform authentication of the Customer |
Performance of an agreement; Compliance with a legal obligation |
Providers of authentication services |
Why We Process Personal Data: We Process Personal Data to fulfil a legal obligation imposed by the Applicable Law on the prevention of money laundering and terrorism and proliferation financing, and enforcement of international and national sanctions.
How We Process Personal Data: We collect Personal Data from You and external sources such as public registers. Your Personal Data is transferred to data Recipients, such as the authorities, when it is required by and according to the Applicable Law.
Applicable Law obligates Us to perform Customer due diligence activities, including to know Our Customers and understand the purpose and nature of the business relationship and occasional transactions with Us. We must also assess the risks associated with money laundering, terrorism and proliferation financing, international and national sanctions, and to store this collected information. This helps to safeguard certain public interests, as well as ensure that Our Services are used for legitimate purposes and are protected against persons who have inappropriate intentions.
For this purpose, We are obligated to identify You (please see the “Identification and authentication” section), as well ask You to provide accurate and truthful Personal Data about yourself and, if necessary, documents confirming the Personal Data. We may use the Personal Data about You obtained directly from You or from the external registers such as the Register of Natural Persons, business registers, asset registers, publicly available databases of politically exposed persons (the “PEPs”), if necessary. Also, We may review Your data in the media. According to the Applicable Law We are obligated to review Your Personal Data against sanction lists to ensure that Our Services are not provided to sanctioned persons or persons related to sanctions.
During Our business relationship, We, regularly or based on a particular case, may ask You to update the Personal Data You’ve provided and may check if the data obtained from the external registers mentioned above is up to date. The Applicable Law also obligates Us to monitor Your activity and transactions to ensure that they are not to be regarded as suspicious and do not fall under sanctions. The scope of due diligence activities and their regularity depend on Our assessment of the risk of money laundering, terrorism and proliferation financing and sanctions risk. We stand guard over Your financial assets to prevent unauthorised activity with Your funds or other fraud attempts. In such cases We will act promptly by investigating information We receive about possible fraudulent activities. We also proactively, to the extent possible, in analysing Your transactions with the aim of identifying or preventing unauthorised or authorised but possibly fraudulent outflows of Your funds. In case of criminal investigation, We provide any relevant information that may contribute to the investigation.
According to the Applicable Law, We also Process Personal Data of individuals related to Corporate Customers. We identify the legal entity’s representatives (legal representatives, authorized persons, persons holding a position in the company’s highest management body such as the procurator, insolvency administrator) and ask to provide their Identification Data, Demographic Data, Contact Data, and Data on the Relationships with Legal Entities. We may also ask to provide Identification Data and Demographic Data about the legal entity’s shareholders. The legal entity has an obligation to disclose its beneficial owners and provide their Identification Data, Demographic Data and Contact Data. Where necessary, We ask the legal entity to provide additional documents and information about beneficial owners, for example, proof of source of wealth, or data on relationships with legal entities. Where relevant, We also collect and regularly update Personal Data on the legal entity’s representatives, shareholders and beneficial owners from the external registers such as the Register of Natural Persons, business registers, asset registers (such as the Land Registry) and others.
For the purposes described in this section, based on a legal obligation We are subject to, public interest or Our legitimate interest, We may Process such categories of Personal Data as Identification Data, Contact Data, Financial Data, Account Data, Data on Trustworthiness and Due Diligence, Family Data, Demographic Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To comply with requirements for the prevention of money laundering and terrorism financing |
Public interest; Compliance with a legal obligation; Legitimate interest in preventing money laundering and terrorism and proliferation financing |
Swedbank Group entities; The Register of Natural Persons, business registers, asset registers (such as the Land Registry), PEPs’ competent authorities to which Swedbank has an obligation to report suspicious financial operations or transactions, or to provide other information according to Applicable Law; Data processors intermediating in the provision and receipt of Personal Data |
To comply with requirements for sanction enforcement |
Compliance with a legal obligation; Legitimate interest to ensure enforcement of sanctions that do not fall within national and EU regulation |
Swedbank Group entities; Providers of databases and registers related to enforcement of sanctions; Competent authorities in case of circumvention/attempted circumvention of sanctions; The Financial Crime Investigation Service when Swedbank places restrictions on assets in relation to enforcement of international sanctions |
Why We Process Personal Data: We Process Your Personal Data to provide the daily banking Services in respect to, for example, current accounts, deposits, payment services and other daily banking Services requested by You, as well as to manage relationship with You, including the controlling and administering access to the Services.
How We Process Personal Data: the Processing involves the collection of Personal Data from You and from the use of the Service, transfer of Personal Data to the Recipients in order to perform a Service agreement, when it’s required under the Applicable Law, and the receipt of Personal Data from third parties, such as other payment service providers.
You have a current account with Us
When You open an account with Us, We Process Your Personal Data for the purpose of serving You according to the agreement and to provide You with other Services related to the bank account as requested by You.
In accordance with Applicable Laws, We are obliged to provide Personal Data about accounts held by You to the tax administration authority.
When the account information Service is provided to You by Us, which allows You to access account information from Your account held at another financial institution, Your Personal Data, such as the Identification Data, Account Data, Communication and Device Data, is transmitted to Us by this financial institution.
Based on a legal obligation We are subject to, We Process Your Personal Data to fulfil the account information Service requests initiated through an account information Service provider. This Service provides You with access to Your Swedbank account information at another financial institution. For this purpose at Your request, We disclose Your Personal Data, such as Identification Data, Account Data, Communication and Device Data, to that financial institution.
For the purposes described in this section, based on a legal obligation We are subject to or Our legitimate interest, We may Process such categories of Personal Data as Account Data, Identification Data, Contact Data, Demographic Data, Family Data, Children’s Data, and Financial Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To conclude and perform bank account and related services agreement |
Performance of an agreement |
Swedbank Group entities; Providers of databases and registers, such as the Register of Natural Persons |
To conclude and perform bank account and related services agreement |
Legitimate interest to ensure Service provision when Swedbank processes third party („silent“ party) Personal Data |
Financial institutions (third party payment service providers) |
To comply with the legal obligation to provide information to the tax administration authority |
Compliance with a legal obligation |
Account Register (State Revenue Service) |
To comply with the legal obligation to provide information to the centralized |
Compliance with a legal obligation |
Financial institutions (other payment service providers) if Swedbank has a legal obligation to provide such account information service provider |
To fulfil the obligation to switch the bank account and related services to another financial institution |
Compliance with a legal obligation |
Financial institutions |
You use a Swedbank payment card
If You request and conclude an agreement for a Swedbank payment card (credit or debit card), We Process Your Personal Data for the purpose of concluding and fulfilling the respective payment card agreement, including card ordering, personalization and activation, providing support in card related issues and preventing card fraud.
We Process Your Personal Data in order to execute card transactions, authorize transactions (incl. transactions initiated by the merchant) and perform payment processing. If You file a complaint about a card transaction, Your transaction data may be shared with the relevant international payment card organisation (for example, Mastercard).
When You order a supplementary payment card linked to the Your account, We Process the Personal Data of the holder of the supplementary card to perform the agreement and provide the Service.
Based on a legal obligation We are subject to, We process Your Personal Data in order to comply with the requirements under Applicable Law in respect of reporting cross-border transactions to the tax administration authorities.
For the purposes described in this section, based on a legal obligation, performance of an agreement or Our legitimate interest, We may Process such categories of Personal Data as Identification Data, Account Data, Contact Data, Professional Data, Children’s Data, Demographic Data, Communication and Device Data (for example, when enabling and managing digitized cards and mobile contactless payments), Family Data, Financial Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To conclude and perform the payment card agreement |
Performance of an agreement; Legitimate interest to ensure Service provision related to issuance of a supplementary card |
Participants of and/or parties related to domestic, European and international payments such as payment card organizations (for example, Mastercard); ATM service providers |
To handle complaints on card transactions |
Compliance with a legal obligation |
International payment card organization; Payment service provider of the payee |
To comply with the legal obligation to provide information on transactions |
Compliance with a legal obligation |
Tax administration authorities (for example, State Revenue Service) |
You make or receive payments
We Process Personal Data when providing domestic and international payments, including payment initiation services. When You submit a payment order, for providing these Services We Process Your Personal Data (including sharing data with external parties like the payee, payment organisations, correspondent banks) according to Your instructions.
If You have registered Your phone number linked to Your account with the Proxy Registry "Instant Links" maintained by the Bank of Latvia acting as an independent Data Controller, Your Personal Data is Processed for the purpose of including it in the register based on out agreement to use the Service. The Processing involves sharing Personal Data (Your phone number, full name and IBAN) with the payee.
Based on a legal obligation We are subject to, We Process Your Personal Data to fulfil requests and to provide payment initiation services from Your account initiated through a payment initiation service provider. This service enables authorizing payments from Your Swedbank account through the interface provided by another financial institution. For those purposes Your Personal Data, such as Identification Data, Account Data, Communication and Device Data, is disclosed to the relevant financial institution.
Similarly, Your Personal Data is Processed when You initiate payments from Your account held at another financial institution through Swedbank as a payment initiation service provider. We provide the payment initiation service through multiple tools such as Swedbank Internet Banking, mobile app or Bank Link service.
Based on a legal obligation We are subject to, We process Your Personal Data in order to comply with the requirements under Applicable Law in respect of reporting cross-border transactions to the tax administration authorities.
For the purposes described in this section, based on a legal obligation, performance of an agreement or Our legitimate interest, We may Process such categories of Personal Data as Identification Data, Account Data, Communication and Device Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To execute payments |
Performance of an agreement; Compliance with a legal obligation |
Participants of and/or parties related to domestic, European and international payments such as payee, payment organizations, correspondent banks, payment service providers |
To execute payments |
Legitimate interest to ensure Service provision when Swedbank processes third party‘s („silent“ party) Personal Data |
Payment service providers |
To execute domestic payments based on payee’s phone number |
Performance of an agreement |
The Bank of Latvia; Members of Proxy Registry "Instant Links" and their customers |
To fulfil the obligation to disclose information on the payment initiation service provider |
Compliance with a legal obligation |
Financial institutions (other payment service providers) if Swedbank is obligated to provide access to the Customer’s Personal Data to such payment service providers |
To fulfil the legal obligation to provide information on transactions |
Compliance with a legal obligation |
Tax administration authorities (for example, State Revenue Service) |
Why We Process Personal Data: We Process Personal Data for the purpose of providing the financing Services chosen by You and to comply with the Applicable Law in the area of financing Services.
How We Process Personal Data: Personal Data is Processed when We conclude, perform and terminate agreements for consumer credit (like Small Loan, Car Loan, Home Small Loan, Solar Panels Loan, Study Loan, credit card limits), mortgage loan, leasing and similar Services related to the provision of financing to You. Personal Data is collected from You and from external sources. Depending on the financing Service and Your particular situation, Personal Data is disclosed to the Recipients in order to conclude and perform the agreement, to comply with the Applicable Law or to defend Our legitimate interest.
To assess Your creditworthiness and enable fast decision-making, We Process Your Personal Data by automated means, including Profiling and Automated Decision-Making. To do this, We evaluate the Personal Data provided in Your application as well as Personal Data collected from internal and external data sources. Assessment of Your creditworthiness is carried out to ensure compliance with legal obligations, such as the responsible lending requirements. Such an assessment is also necessary for entering into an agreement with You. You have the right to object to Profiling and to ask the Automated Decision-Making to be reviewed. In such an event, this decision will be reviewed by Our employee. The legal basis for Automated Decision-Making is the conclusion and performance of an agreement.
When You enter into an agreement with Us (including a pledge or surety agreement), We have a legal obligation to provide data on the concluded financial Services agreements, their performance and/or changes in the performance, therefore We share certain Personal Data of contracting parties with an external register like the Credit Register of the Bank of Latvia.
When You conclude a financing agreement, the fulfilment of which is secured by a third party under special approved programmes or when You conclude an agreement on granting financing for a specific purpose, Your Personal Data may be shared with third parties involved in such approved financing programmes, for example a third party providing a guarantee for the borrower (Altum Development Finance Institution), or in case of a student loan, the State Education Information System.
For the purposes described in this section, based on a legal obligation, performance of an agreement or Our legitimate interest, We may Process such Personal Data categories as Identification Data, Demographic Data, Family Data, Account Data, Financial Data, Contact Data, Professional Data, Data on Trustworthiness and Due Diligence.
The amount of Your Personal Data which We Process depends on Your role in the financing process, i.e. whether You are the Customer concluding the agreement with Us or You have a different role in the financing relationship, for example, Your creditworthiness will not be assessed if You are the seller of an asset in a leasing deal. In case of the role of a contact person or authorized representative We only Process Identification Data and Contact Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To assess creditworthiness and manage solvency, including Profiling |
Compliance with a legal obligation |
External databases where data about your creditworthiness is checked (for example, AS Kredītinformācijas Birojs, Credit Register of the Bank of Latvia) |
To assess if Customer meets financing criteria, including Profiling |
Legitimate interest to ensure fast and effective financing process |
External databases where data about your creditworthiness is checked (for example, AS Kredītinformācijas Birojs, Credit Register of the Bank of Latvia) |
To provide financing Services, including Profiling and Automated Decision-Making |
Performance of an agreement |
Swedbank Group entities External parties like the State Education Development Agency (study loans), AS Attīstības Finanšu Institūcija Altum; Asset sellers and other authorised parties related to asset leasing services |
To provide financing Services |
Legitimate interest to ensure that asset can be financed |
External parties handling the motor vehicle register and other asset registers |
To defend Swedbank’s interests in the event of a breach of law by the Customer |
Legitimate interest to defend against claims |
Companies administering the fees and penalties related to the leased property |
To provide data on concluded financing agreements, their performance and/or changes in performance, including Profiling |
Compliance with a legal obligation |
Credit Register of The Bank of Latvia, AS Kredītinformācijas Birojs acting as an intermediary in data exchange between financial institutions, insurance companies |
To ensure that Swedbank’s mortgage or lease agreement assets are either pledged or insured where the insurance requirement is stipulated in the loan/lease agreement |
Legitimate interest to protect collateral/liquid assets |
Insurance companies, notaries, land registries |
To disclose Personal Data about the Customer’s financial commitments and their performance to other financial institutions for creditworthiness assessment when the Customer applies for financing service of such other financial institution |
Legitimate interest to ensure that the responsible lending requirement can be fulfilled by all market participants |
Persons acting as intermediaries between financial institutions in the provision and receipt of Personal Data (AS Kredītinformācijas Birojs) |
To recover borrowed funds; To sell debts and/or assign claim to third parties |
Legitimate interest to protect our legal interests in case of Customer’s default |
External parties involved in debt restructuring (like bailiffs, notaries) as well as other cooperation partners |
You are a person related to a Corporate Customer
For purpose of creditworthiness assessment of Corporate Customer, based on legitimate interest We Process Personal Data of individuals related to a Corporate Customer, such Identification Data, Data on Relationships with Legal Entities, Financial Data.
This enables Us to evaluate if funding may be granted to the relevant Corporate Customer and minimizes the default risks.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To assess creditworthiness of Corporate Customers and manage solvency |
Legitimate interest to manage credit risk |
Providers of databases and registers; Credit Register of the Bank of Latvia, SIA Creditreform Latvija, Inolvency Registry |
Why We Process Personal Data: We Process Your Personal Data to advise You on selecting suitable products, provide the Services chosen by You and in order to comply with the Applicable Law.
How We Process Personal Data: Personal Data is collected and regularly updated from You directly, from Your use of our Services, including communication with Us, and from external sources such as third-party registry providers (for example, State Social Insurance Agency of the Republic of Latvia). Depending on the Service, Personal Data is disclosed to the Recipients if necessary to conclude and perform an agreement and/or to comply with a legal obligation set forth in Applicable Law.
Investment Services
When You have applied for an investment Service or ancillary Service, We Process Your Personal Data for the conclusion, performance, maintenance and termination of the agreement. This involves safekeeping of Your financial instruments, execution of Your orders, performing the activities necessary for the execution of corporate actions related to Your financial instruments, provision of investment advice or portfolio management to You, as well as the provision of other investment and ancillary Services.
We process Your Personal Data, including Profiling, for purpose of applying target market rules, as well as assessing the suitability and appropriateness of the relevant Service or financial instrument to You.
Based on Applicable Law, We must also record phone conversations and video streams in the provision of investment and ancillary services.
We Process Your Personal Data to prepare and provide mandatory reports to You about the fees and other charges, trade execution, financial instrument holdings, losses in connection with certain Services and financial instruments, and for other types of reports.
Your Personal Data may be disclosed to local and foreign supervisory and tax authorities, central securities depositories, exchanges, issuers of financial instruments or third parties appointed by the issuers, fund managers and other financial intermediaries.
Personal Data is collected and regularly updated from Your use of the Services, including Your communication with Us, and from external sources, such as the Register of Natural Persons, business registers, asset registers.
For the purposes described in this section, based on a legal obligation, performance of an agreement or Our legitimate interests, We may Process such Personal Data categories as Identification Data, Contact Data, Children’s Data, Family Data, Demographic Data, Professional Data, Financial Data, Data on the Customer’s Financial Experience, Account Data, Data on Habits, Preferences and Satisfaction, Data on Trustworthiness and Due Diligence, Communication and Device Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To assess suitability and appropriateness of Service to the Customer |
Compliance with a legal obligation |
Swedbank Group entities |
To provide investment services, including execution of Customer’s orders or applications when Customer buys, sells or transfers a security |
Performance of an agreement |
Swedbank Group entities |
To provide regular and event-based reports to the Customer about costs and charges, trade execution, financial instrument holdings, losses and others |
Compliance with a legal obligation |
Swedbank Group entities responsible to ensure communication with Customers |
To provide regular and event-based reports and disclosures to authorities and market participants |
Compliance with a legal obligation |
Supervisory and tax authorities (for example financial industry supervision authorities, US tax authorities, US Commodity Futures Trading Commission), central securities depositories, exchanges or other execution venues, securities issuers or third parties appointed by issuers, fund managers and other financial intermediaries |
To keep and provide on request proof of transactions with financial instruments, including phone call recording |
Compliance with a legal obligation |
Swedbank Group entities responsible for customer service and transaction monitoring |
To handle complaints |
Compliance with a legal obligation |
Swedbank Group entities |
To assess if a service can be offered and provided to the Customer |
Performance of an agreement; Legitimate interest to ensure lawful and effective operation of Swedbank |
Swedbank Group entities |
2nd pension pillar investment plans
If You build up Your 2nd pillar pension savings with Swedbank, We process Your Personal Data in accordance with the requirements of Applicable Law. This involves receiving information from the State Social Insurance Agency (VSAA) on the participants in the 2nd pillar pension plans managed by Swedbank, Processing it in accordance with Applicable Law and the relevant mandatory communication with You (from the age of 15).
For the purposes described in this section, We may process categories of Personal Data such as Your Identification Data, Demographic Data, Contact Data, Children's Data (for mandatory communications from the age of 15), Family Data, Data on Habits, Preferences and Satisfaction, and Communication and Device Data based on Our legal obligation, legitimate interests or Your consent.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To inform on the most appropriate investment plan for the age and needs of the 2nd pension pillar participant, on the performance of 2nd pension pillar investment plans and on investments in them, on the functioning of the pension system in order to improve the financial literacy of the 2nd pension pillar participant, as well as informing the 2nd pension pillar participant on the potential risks associated with the investments |
Compliance with a legal obligation |
Swedbank Group, business partners who handle mail, SMS, e-mail messages |
To identify 2nd pension pillar participants whose 2nd pension pillar assets are managed by Swedbank, to determine the appropriateness of selected 2nd pension pillar plans for their age and needs, as well as informing these participants about the inappropriateness of the selected plan and the most appropriate investment plan for the participant's age |
Compliance with a legal obligation |
Swedbank Group, business partners who handle mail, SMS, e-mail messages |
To carry out other mandatory communication with participants of 2nd pillar pension plans managed by Swedbank as required by Applicable Law |
Compliance with a legal obligation |
Swedbank Group, business partners who handle mail, SMS, e-mail messages |
To use the digital channels to ensure the mandatory communication with participants of 2nd pillar pension plans managed by Swedbank |
Legitimate interest; Compliance with a legal obligation |
Swedbank Group |
Presentation of 2nd pension pillar account statement for 2nd pension pillar participants in Swedbank Internet Banking |
Consent (valid during the session) |
Swedbank Group |
3rd pension pillar pension plans
If You invest under Swedbank’s 3rd pension pillar pension plans, We Process Your Personal Data according to the requirements of Applicable Law and pension plan regulations. This includes providing You with necessary information, administering and processing Your investments in the pension plan, keeping record of Your individual pension account, pay-outs from the pension plans and inheritance, providing information to tax authorities and supervisory authorities.
Based on Your application, We transfer Your accrued pension capital from Swedbank to other pension funds managed by third-party pension fund management companies. In such an event, the Processing of Your Personal Data involves sharing Your Personal Data with the pension fund specified in Your application.
For the purposes described in this section, based on compliance with a legal obligation or performance of an agreement, We may Process such Personal Data categories as Your Account Data, Demographic Data, Contact Data, Financial Data and Identification Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To administer pension funds, to manage pension plan assets and to provide relevant information to pension plan participants |
Compliance with a legal obligation |
Swedbank Group entities |
To process Personal Data for buying and selling fund units |
Performance of an agreement |
Swedbank Group entities |
To transfer the Customer’s accrued supplementary pension capital to other pension funds managed by third-party investment management company according to the Customer’s application |
Compliance with a legal obligation |
Other pension fund management companies |
Why We Process Personal Data: We Process Personal Data to provide You with the life and unit-linked life insurance Service chosen by You, including to assess Your individual risk and calculate insurance premiums where necessary, to handle claims related to the insurance contract and pay the insurance benefit, as well as to conclude and perform the insurance contract with You. Personal Data is also Processed in order to comply with a legal obligation set forth the Applicable Law in relation to the life and unit-linked life insurance Service, as well as to protect Our legitimate interests.
How We Process Personal Data: Personal Data is collected and updated from You directly and from external sources. Depending on the type of life insurance Service, Personal Data is disclosed to data Recipients in order to conclude and perform the agreement or to comply with a legal obligation.
When You have submitted an application for a risk life insurance Service, We Process Your Personal Data, including Profiling, to assess Your individual risk level, calculate the life insurance premium and the sum insured and make an underwriting decision. For this purpose, We Process Your Personal Data that is already at our disposal and health data that We receive from You, from medical practitioners and medical institutions. In such cases the legal basis for data Processing is the performance of the agreement or compliance with a legal obligation or the consent You’ve given.
We Process Your Personal Data, including health data, by automated means and perform Automated-Decision Making. You have the right to object to Profiling and ask Automated-Decision Making to be reviewed. In such an event the decision will be reviewed by Our employee.
If You have applied for the unit-linked life insurance Service or to assess the suitability and appropriateness of the Service for You, We Process Your Personal Data, including by Profiling. In such cases the legal basis for data Processing is compliance with a legal obligation.
After concluding a life insurance contract, We Process Your Personal Data to perform the life insurance contract (including sending messages related to the insurance contract), if necessary, amend and terminate it, and make a pay-out based on the contract. In order to comply with a legal obligation, additionally We Process Your Personal Data to send event-based messages and reports and annual reports regarding the unit-linked life insurance contract, as well as to comply with a legal obligation set forth in the Applicable Law regarding taxation of the insurance benefit.
If You have submitted a life insurance benefit claim, We Process Your Personal Data in order to handle that claim (including, making a decision in the insurance payout case), including health data We receive from You and medical institutions or medical practitioners, as well as Personal Data that is already at our disposal. We also Process Your Financial data held by Us and if it is necessary for the payment of insurance compensation and other Personal Data received from the authorities or registry providers, for example data about criminal convictions and offences. In such cases the legal basis for data Processing is the performance of the agreement or compliance with a legal obligation.
We may share Your Personal Data, including health data, with a reinsurance company to fulfil Our obligations arising from the reinsurance agreement regarding claim handling and receiving the insurance benefit. In such cases the legal basis of data Processing is Our legitimate interest.
For the purposes described in this section, based on performance of an agreement, a legal obligation We are subject to, Our legitimate interest or Your consent, We may Process such Personal Data categories as Identification Data, Contact Data, Children’s Data, Communication and Device Data, Family Data, Data on Relationships with Legal Entities, Demographic Data, Professional Data, Financial Data, Data on the Customer’s Financial Experience, Account Data, Health Data, data on criminal convictions and offences, Data on Trustworthiness and Due Diligence, Data on Habits, Preferences and Satisfaction.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To assess the Customer’s individual risk and take underwriting decision, including Profiling |
Performance of an agreement; Compliance with a legal obligation; Legitimate interest to organize risk management; Consent |
Swedbank Group entities; Medical practitioners and medical institutions; Postal service providers |
To assess suitability and appropriateness of unit-linked insurance services for the Customer, including Profiling |
Compliance with a legal obligation |
Swedbank Group entities |
To conclude contracts, including the provision of insurance offers, to issue insurance policies, including Profiling and Automated Decision-Making |
Consent; Performance of an agreement; Compliance with a legal obligation; Legitimate interest to ensure agreement conclusion when third party’s Personal Data is Processed |
Swedbank Group entities, external service providers, persons and suppliers related to life insurance services |
To perform insurance contracts, including to amend or terminate contracts, to refund the insurance premium, to make a pay-out based on contract and taxation of the benefit |
Performance of an agreement; Legitimate interest to perform insurance contract when third party’s Personal Data is Processed; Compliance with a legal obligation |
Swedbank Group entities, external service providers, persons and suppliers related to the provision of life insurance service, as well as beneficiaries, heirs, authorities |
To ensure regular and event-based reporting to the Customer |
Compliance with a legal obligation |
Swedbank Group entities; Postal service providers |
To handle claims, including to take claim decision and pay insurance benefit in the case of insured event |
Performance of an agreement; Legitimate interest in ensuring the processing of an insurance claim where Personal Data of third parties is Processed; Legitimate interest to organize risk management; Compliance with a legal obligation |
Swedbank Group entities, authorities, persons, and suppliers related to the provision of life insurance services, medical practitioners, medical institutions, insured persons, beneficiaries, heirs |
Why We Process Personal Data: We Process Personal Data to provide You with the non-life insurance Service chosen, including to assess Your insurance risk, to calculate insurance premiums, to handle claims related to the insurance contract and to pay out the insurance benefit. Personal Data is also Processed in order to comply with legal obligations set forth in the Applicable Law in relation to the non-life insurance Service, as well as to protect Our legitimate interests.
How We Process Personal Data: Personal Data is collected and updated from You directly and from external sources. Depending on the Service, Personal Data is disclosed to data Recipients in order to conclude and perform the contract or to comply with a legal obligation.
We Process Your Personal Data to conclude an insurance contract with You, assess Your trustworthiness, calculate the insurance premium and conditions according to Your risk level. In order to assess the insurance risk, calculate the insurance premium and conclude the insurance contract, We Process Your Personal Data by automated means, including Profiling, and perform Automated Decision-Making. You have the right to object to Profiling and ask Automated-Decision Making to be reviewed. In such an event the decision will be reviewed by Our employee.
For the purposes set out above, We Process Personal Data We receive from You and registry providers and the Personal Data at Our disposal regarding You, and the data provided by other Swedbank Group entities. In such cases the legal basis for data Processing is the performance of an agreement or compliance with a legal obligation.
After concluding the insurance contract, We Process Your Personal Data to perform the contract, to send policy renewals, amend and terminate the insurance contract, as well as to refund insurance premiums. In compliance with Our legal obligation, additionally We Process Your Personal Data to send messages related to the insurance Service. In such cases the legal basis for data Processing is the performance of the agreement or compliance with a legal obligation.
If You have submitted an insurance benefit claim, We Process Your Personal Data to handle the claim, including making the decision in the insurance payout case. We Process Your Personal Data We receive from other insurance service providers, registry providers, the authorities, medical practitioners and medical institutions, other Swedbank Group entities, as well as Personal Data on health at Our disposal in connection with Your previous claims or contracts. In such cases the legal basis for data Processing is the performance of the agreement or compliance with a legal obligation.
When You need medical assistance in connection with an insured event under travel insurance or in order to handle a motor third party liability insurance claim in relation regarding an event that has occurred in a country outside the EU/EEA, to order to perform the contract, Your Personal Data is transferred to the respective country outside the EU/EEA.
In addition, We Process Your Personal Data to provide You with an insurance price corresponding to Your personal level of risk, to develop pricing models, to control the quality of vehicle repair work and to submit a claim for the compensation of damage against the third party who caused damage to You, or to raise a claim against another insurance service provider. We may share Your Personal Data, including health data, with the reinsurance company to fulfil our obligations under the reinsurance agreement regarding claim handling and receiving the insurance benefit. We may also share Your Personal Data with other insurance service providers in order to reduce their operational risks and risk of fraud. In such cases the legal basis for data Processing is the performance of an agreement, compliance with a legal obligation set forth in Applicable Law or Our legitimate interests.
For the purposes described in this section, based on the performance of an agreement, compliance with a legal obligation We are subject to or Our legitimate interest, We may Process such Personal Data categories as Identification Data, Account Data, Contact Data, Financial Data, Family Data, Children’s Data, Sensitive Data (data on health, criminal convictions and offences), Professional Data, Data on Relationships with Legal Entities, Communication and Device Data, Data on Habits, Preferences and Satisfaction, Relationship Status Data, Demographic Data, Data on Trustworthiness and Due Diligence.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To assess Customer’s trustworthiness and manage non-standard risks, to set the insurance premium and conditions according to Customer’s risk, including Profiling |
Legitimate interest to organize risk management; Performance of an agreement; Compliance with a legal obligation |
Swedbank Group entities, insurance service providers, Motor Insurers’ Bureau of Latvia, State Register of Vehicles and their Drivers, State Land Service |
To conclude insurance contracts, including to provide insurance offers, to issue and renew insurance policies, including Profiling, and Automated Decision-Making |
Compliance with a legal obligation; Performance of an agreement |
Swedbank Group entities in Latvia, Motor Insurers’ Bureau of Latvia, State Register of Vehicles and their Drivers, postal service providers |
To perform insurance contracts, including amend or terminate the contract, to refund the insurance premium |
Performance of an agreement; Compliance with a legal obligation; Legitimate interest to ensure agreement conclusion when third party’s Personal Data is Processed |
Swedbank Group entities, Motor Insurers’ Bureau of Latvia, State Register of Vehicles and their Drivers, postal service providers |
To ensure event-based reporting to the Customer |
Compliance with a legal obligation |
Swedbank Group entities, postal service providers |
To handle insurance claims, including taking claim decision and paying out insurance benefit in case of insured event |
Performance of an agreement; Compliance with a legal obligation; Legitimate interest to handle insurance claims when third party’s Personal Data is processed; Legitimate interest to organize risk management |
Swedbank Group entities, Motor Insurers’ Bureau of Latvia, State Register of Vehicles and their Drivers, authorities, medical practitioners, medical institutions, insured persons, beneficiaries, persons entitled to receive indemnity, injured persons, heirs, witnesses of insured events, persons responsible for and having suffered damage, insurance service providers, persons and suppliers related to provision of non-life insurance service, technical experts and evaluators, building inspectors in relation to property |
Why We Process Personal Data: We Process Personal Data to prepare and provide You with offers that meet Your needs, relevant information and to conduct opinion surveys, organise lotteries and campaigns, and provide customer service programs for You. For marketing purposes, Personal Data Processing is carried out based on Your consent or Our legitimate interest. You have the right at any time to object to the Processing of Your Personal Data, as well as to withdraw Your consent.
How We Process Personal Data: We Process Your Personal Data that is collected from You and from Your use of Services for marketing purposes, including for building Your profile to provide You with personalised marketing communication. For this purpose, We share Your Personal Data with Swedbank Group entities. We use social media platforms for marketing and communication purposes (e.g., Facebook, LinkedIn, Instagram, TikTok). When You communicate with Us on these social networks, Your Personal Data is Processed in accordance with the terms and conditions of the specific platform.
Profiling in marketing
We carry out Profiling for marketing purposes in order to assess which products and Services may be suitable and relevant to Your interests and needs. This enables producing offers and Services tailored to You, rather than general information.
For these purposes, We assess certain personal characteristics of You, in particular to analyse or predict, for example, the individual’s economic situation, personal preferences and interests. For the purpose of providing You with suitable recommendations and offers, We Process Personal Data automatically. Such data may be, for example, information about Your product holdings and Your usage of the Services. We Process the information at Our disposal, as well as information on Your transactions, Your economic situation, typical behaviour and lifestyle patterns. This data may be used for building segments and profiles necessary to execute Your customer service programs and to provide offers suitable for You. The Processing may result in advice and offers provided based on Your needs, Your inclusion in or exclusion from the customer service programs, and application of special prices and Service conditions.
You have the right at any time to object to the Processing of Your Personal Data, including Profiling. In such an event, We will no longer Process the Personal Data except in cases when the Data Controller provides compelling legitimate reasons for the Processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Preparation of offers
Based on consent, to provide You with the best user experience and to prepare relevant offers at the most convenient time by identifying Your interests and needs at the time, We prepare the following types of offers:
- Personalized offers – practical marketing offers to You to choose the most appropriate Services, to improve their everyday use or to refrain from inappropriate use and other suggestions to best serve Your interests and needs, for example, product upgrade, replacement.
- Personalized financing and insurance limits – practical calculations designed to help You understand what lending and leasing options, as well as insurance premiums, are available to You (applicable only from the age of 18).
- Offers in cooperation with partners – practical offers designed to help You (from the age of 16) choose suitable services and benefits offered by Swedbank's cooperation partners. No Personal Data is shared with the cooperation partners.
- Financial literacy and personalized suggestions – practical offers for Your child(ren), such as suggestions for safe and convenient banking, invitations to educational games and other activities, as well as relevant offers for Our products and Services (applicable if the legal representative of the child up to 15 years (including) has agreed to it).
- Other types of offers for which You have given consent.
If You wish to track Your spending and get a categorized overview of it in all Your accounts in a single view, You can use Our My Budget tool available via Our Internet Banking and mobile app. Your consent is required for using this tool.
You may receive these offers by providing consent to all or some of the types of offers. You can give and manage Your consent by logging in to Our Internet Banking and going to the “Privacy settings” section or by visiting any Swedbank branch.
You can withdraw Your consent at any time:
- By visiting our Internet Banking site’s section "Privacy settings";
- By visiting any Swedbank branch;
- Via Telephone Banking.
We will occasionally remind You of the consents You have given and invite You to consider whether these are in line with Your current wishes by offering to renew or withdraw them.
Please note that any changes made by You in the offer preparation settings will take effect within 5 days after making the changes.
For the purposes described in this section and based on Your consent or in order to prepare relevant offers, We may Process such categories of Personal Data as Identification Data, Contact Data, Account Data and Demographic Data, information on products/Services/channels You are already using, Your previous experience with using them, Financial Data including income and transactions in Your accounts and property-related data (dwelling type), as well as data on whether You are eligible for special customer program offers. We Process Your Family Data if submitted by You to Us. When You visit Our website, Internet Banking, mobile app or open an e-mail sent by Us, We also take into account Your browsing patterns and targeting technologies collected by cookies or similar tracking technologies to the use of which You have consented.
Regarding offers with financing and insurance limits, before setting the limits, Swedbank first considers if You meet the basic lending and insurance requirements.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To prepare relevant offers: personalized suggestions, offers together with partners, personalized financing and insurance limits, financial literacy and personalized suggestions, and other offers chosen |
Consent |
Swedbank Group entities |
To prepare a spending overview for all the Customer’s accounts in one view (My Budget tool) |
Consent |
Swedbank Group entities |
To perform Customer opinion surveys by engaging a marketing research company |
Consent |
Swedbank Group entities; Marketing research company |
Preparation of other information
To improve Your awareness of Swedbank’s news and Services, We prepare the following information for You based on Our legitimate interest:
- Relevant information – information created to invite You to events, to send greetings and newsletters.
- Customer satisfaction surveys – questionnaires designed to invite You to provide feedback on the Services You use and to help Us improve those.
We prepare this information based on Our legitimate interest without asking for consent, but You can decide whether or not to permit Us to do so. You can choose which types of information You wish to receive.
You can object to the preparation of this information at any time and further manage Your permissions:
- By visiting Our Internet Banking site’s section “Privacy settings”;
- By visiting any Swedbank branch;
- Via Telephone Banking.
Please note that any changes made by You in the information preparation settings will take effect within 5 days after making the changes.
For the purposes described in this section and based on Our legitimate interest, We may Process Personal Data categories such as Account Data, Relationship Status Data, Data on Habits, Preferences and Satisfaction, Communication and Device Data, Contact Data, Demographic Data, Family Data, Identification Data and Financial Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To prepare relevant information |
Legitimate interest to increase the Customers’ awareness of Swedbank’s news and Services |
Swedbank Group entities |
To conduct Customer opinion surveys |
Legitimate interest to improve and develop Services |
Swedbank Group entities |
You may receive Our marketing offers and other relevant information to which You have given consent or permission as described in the previous sections through the following communication channels:
- e-mail;
- SMS;
- phone;
- post.
You may receive offers and other information by giving Your consent to one, some or all the channels. You can give or withdraw this consent in the same manner as described in Section 2.8.2. In addition, You may opt out of receiving marketing e-mails by clicking on the link in the footer of all e-mails sent.
Please note that the choice of the channels may affect the offers and other information You receive. Each offer and information prepared has a dedicated communication channel. For example, some offers and surveys are sent only by e-mail, while other types of offers will also be available via Our Internet Banking and mobile app, for example:
- If You consent to the preparation of offers but do not consent to any communication channel, We will prepare an offer which might be valuable for You to receive in the form of an e-mail, but We will not be able to send it. In this case, however, some of the offers may be available via Our Internet Banking, mobile app, branch and Telephone Banking;
- If You consent to any or all the communication channels but, for example, do not consent to the preparation of offers, We will not be able to prepare an offer to send to You.
Please note that consent to the communication channels is not required for sending service messages to You in relation to the Services used by the Customer, for example, information on the expiry of a concluded agreement or important information on fraudulent activity in the current account. We will send such information to perform an agreement entered into between Us, ensuring that You are informed in a timely manner of the current status of the Services used.
For the purposes described in this section and based on Your consent, We may Process such Personal Data categories as Identification Data and Contact Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To provide offers the Customer has consented to receive and/or allowed to prepare via channels like e-mail, SMS, post, phone |
Consent |
Swedbank Group entities, cooperation partners handling postal letters, SMS, e-mails |
We offer special customer service and loyalty programs for our Customers, where better prices and/or additional benefits are available for the members of the programs. In order to be able to include in and apply the special terms of the customer service programs, We Process Personal Data by automated means. Information about Processing of Personal Data in connection with the project or program is provided in the terms and conditions of the respective project or program or in an additional notification. The Processing of Personal Data for the above purpose is performed if the Customer does not object to the Processing when the Processing is based on the legitimate interest of Swedbank, or if the Customer has accepted the terms or the conditions of the loyalty programme in order to perform the agreement.
For the purposes described in this section, in order to execute customer service programs, We may Process such Personal Data categories as Identification Data, Contact Data, Demographic Data, Relationship Status Data, Data on Relationships with Legal Entities, Account Data, Financial Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To execute Swedbank’s Youth Program or small business strengthening program, including to provide specific services, organize events or campaigns for members of the programs |
Performance of an agreement |
The service provider that owns the platform, Swedbank Group companies |
To execute Customer loyalty programs, including to include or exclude from the specific program, to provide dedicated services or to apply special service conditions |
Legitimate interest to execute the program; Performance of an agreement |
Swedbank Group companies |
In order to improve the financial literacy of the society and/or increase Our brand recognition, We organize lotteries, competitions, campaigns and events for Our Customers.
For the purposes described in this section, based on consent given by You or Our legitimate interest, in order to organize lotteries, competitions, campaigns and events for our Customers, We may Process such Personal Data as Account Data, Professional Data, Financial Data, Contact Data, Data on Habits, Preferences and Satisfaction, and Demographic Data.
Purpose of Personal Data Processing |
Legal ground |
Recipients or categories of Recipients |
To organize lotteries, competitions, campaigns, and events for the Customers |
Consent; Legitimate interest to increase the Customers’ awareness of Swedbank’s news and Services |
Swedbank’s partners – Data Processors (media and creative companies) |
Why We Process Personal Data: Processing of Personal Data is necessary to ensure the quality of Services, to protect Your and Swedbank’s interests, to handle Your complaints, to perform an agreement or to comply with a legal obligation set forth in the Applicable Law.
How We Process Personal Data: We may record telephone calls with You to improve the Service quality and to protect the Customer’s and Swedbank’s interests, as well as to verify business transactions or conduct other business communications regarding the provision of investments in accordance with the Applicable Law.
We also Process Personal Data in connection with written correspondence received via email, Internet Banking messages and chat in order to ensure the quality of the Service by pursuing Swedbank’s legitimate interest. We Process the Personal Data for handling and replying to Your complaints and this Processing is based on compliance with the legal obligations of Swedbank.
For the purposes described in this section, based on Our legitimate interest, We may Process Personal Data categories such as Communication and Device Data, Account Data, Professional Data, Financial Data, Data on Habits, Preferences and Satisfaction, Contact Data, Data on Trustworthiness and Due Diligence, Data on Relationships with Legal Entities, Data obtained while performing a statutory obligation, Data on the Customer’s Financial Experience, Identification Data and Demographic Data, Children’s Data in case the Service is related to children, special data (health data) which is necessary in relation to a life and non-life insurance service or to handle Your complaints.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To improve the Service quality and to protect the interests of the Customer and Swedbank (recordings of phone calls, video streams, audio during video conversations or handling of written correspondence) |
Legitimate interest to achieve certain quality standard in communication with the Customers, getting insight for development of Services; Special categories of data disclosed on the Customer’s initiative during a remote consultation is used based on explicit consent |
Swedbank Group entities; Data processor providing call/call Centre services |
To handle Customer complaints |
Compliance with a legal obligation |
Swedbank Group entities |
Why We Process Personal Data: We Process Personal Data to provide consultations and service communication to You.
How We Process Personal Data: We Process Your Personal Data when We serve You at the branches of Swedbank or in other Customer service locations, as well as when We communicate with You via phone, chat, email and other means of communication. Your Personal Data, such as Contact Data, is shared within the Swedbank Group entities in order to ensure that the Contact Data is up-to-date.
When You book a consultation at the branches of Swedbank, We Process Your Personal Data in order to be able to identify You and successfully register You for a consultation at a time of Your choice and prepare in advance for the provision of the Services You’ve requested.
We Process Your Personal Data at Our disposal, such as Financial Data, in order to provide You with the requested consultation on Our Service. For this purpose, Your Personal Data can be obtained from the Swedbank Group entities.
For the purposes described in this section, based on compliance with a legal obligation We are subject to, performance of an agreement or Our legitimate interest, We may Process Personal Data categories such as Contact Data, information about requested, provided Services and/or performance of a Service agreement, when We provide information to You and contact You by phone, via chat, e-mail or other communication channels.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To register the Customer for the Services consultation |
Performance of an agreement |
Swedbank Group entities |
To provide consultations and recommendations to the Customer about Services used and future plans, taking into account the Customer’s financial situation and ensure follow-up contacts in the form of calls or meetings when relevant |
Legitimate interest to achieve a certain quality standard in communication with the Customers, getting insight for the development of Services |
Swedbank Group entities |
To communicate and provide information to Customer |
Performance of an agreement; Compliance with a legal obligation |
Swedbank Group entities |
Why We Process Personal Data: We Process Personal Data to manage risks, ensuring that Swedbank operates safely and soundly and in compliance with the Applicable Law.
How We Process Personal Data: We Process Personal Data in order to comply with the legal obligations set forth in the Applicable Law in relation to risk management, fulfilment of capital requirements, preventing fraud and managing incidents. We disclose Personal Data to data Recipients, such as law enforcement authorities, when it is required under the Applicable Law or to protect the legitimate interest of Swedbank.
Sound risk management is required under the Applicable Law which we must comply with so that We are able to provide You with safe banking Services and protect Your money from fraudsters. We strive to maintain low risk because it is the basis for building trust and delivering value in the long-term.
For complying with legal obligations in risk management area, We Process Your Personal Data in the following areas:
- Assessing and managing the credit risk, liquidity risk, market risk and counterparty risk.
- Risk hedging and fulfilling Swedbank’s capital requirements.
- Preventing incidents with potential impact on our core processes which may affect the Services provided, as well as Personal Data breaches which may affect Your privacy.
- Discovering, investigating and reporting potentially suspicious transactions and market abuse.
- Monitoring transactions, including card transactions, to detect and prevent fraud and reviewing, diagnosing and responding to detected activity that has been identified as potential fraud cases.
- Monitoring in connection with compliance with the Applicable Law and relevant internal regulations.
- Ensuring business continuity and crisis management.
- Communicating with supervisory and other authorities, including regular mandatory and event-based reporting.
- Cooperating with and providing information to external auditors.
For the purposes described in this section, based on a legal obligation We are subject to or Our legitimate interest, We may Process Personal Data categories such as Identification Data, Contact Data, Financial Data, Data on Trustworthiness and Due Diligence, Communication and Device Data, Data Obtained while Performing a Statutory Obligation, Professional Data, Data on Habits, Preferences and Satisfaction, Family Data, Data on Relationships with Legal Entities, Demographic Data, Data on the Customer’s Financial Experience.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To ensure compliance with the Applicable Law, for example, in relation to credit risk, liquidity risk management, incident management and handling |
Compliance with a legal obligation; Legitimate interest to ensure compliance with Applicable Laws |
Swedbank Group entities |
To prevent fraud, including by providing Customers with information about fraud prevention |
Compliance with a legal obligation; Legitimate interest to ensure safe and sound operation of Swedbank |
Swedbank Group entities |
To comply with solvency capital requirements and prepare different analyses |
Compliance with a legal obligation |
Public authorities and other persons exercising functions entrusted to them by law |
To execute programs related to risk management arising from business relationship and transactions with Customers |
Legitimate interest to ensure safe and sound operation of Swedbank |
Swedbank Group entities |
Why We Process Personal Data: We Process Personal Data to manage, maintain, develop, analyse and improve Our business, the Services and Your user experience, as well as to protect Our legitimate interest.
How We Process Personal Data: We need to Process Personal Data when We perform activities like document management and archiving, perform analysis and testing for improving Our Services, ensuring security and compliance of IT solutions, comply with legal obligations set forth in the Applicable Law or protect Our legitimate interest.
For running Our business, We have a legal obligation to maintain accounting records. As a part of this, We Process Your Identification Data, Account Data, Contact Data and Demographic Data when processing payments and issuing invoices. We use Profiling to assess and set the strategical goals of Our business. For this purpose, We Process Your Financial Data (economic situation) and Data on Habits, Preferences and Satisfaction.
Personal Data Processing is also necessary for the activities supporting Our core business of providing Services. This includes, for example, document management and archiving, storage of digital information and documents, based on legal obligations or Our legitimate interest.
We have a legitimate interest to maintain, develop, examine and improve Our business, the Services and Your user experience. Your Personal Data is Processed for administering Our website and network, including to ensure the quality, security and compliance of IT solutions to be deployed. We may use artificial intelligence tools. In each case, Personal Data Processing is limited to the actual Processing of Personal Data necessary in the particular case.
We also Process Personal Data for the establishment, exercise or defence of legal claims. When We need to protect our legal rights or a claim has been lodged, the data relevant to the specific case is Processed. Depending on the case, this may also involve sharing data with other Swedbank Group entities, supervisory authorities, courts or out-of-court dispute resolution bodies for the settlement of disputes, and providers of legal services to Us.
For the purposes described in this section, based on a legal obligation We are subject to or Our legitimate interest, We may Process Personal Data categories such as Identification Data, Contact Data, Financial Data, Demographic Data, Account Data.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
Compliance with legal obligation, for example, in relation to accounting, tax administration |
Compliance with a legal obligation |
Swedbank Group entities; Authorities and other persons or entities performing their functions under Applicable Law |
To perform mandatory reporting to state authorities |
Compliance with a legal obligation |
Authorities and other persons or entities performing their functions under Applicable Law |
To ensure the adequate provision of the Services and the protection of information in the provision of the Services, and to maintain, develop, evaluate and improve Swedbank’s operations |
Legitimate interest to maintain, develop, examine and improve our business, the Services, the Customer’s user experience |
Swedbank Group entities; Providers of telecommunications, IT, hosting, cloud computing, archiving, postal services |
To establish, exercise or defend legal claims |
Legitimate interest to respond to claims and defend our position in disputes; Compliance with a legal obligation |
Swedbank Group entities; Providers of telecommunication, IT, hosting, cloud computing services, archiving, postal services |
Why We Process Personal Data: We Process Personal Data of persons related to Corporate Customers for concluding and maintaining agreements, communicating with Corporate Customers, providing Services under the agreement, and ensuring that We comply with the Applicable Law.
For the sake of clarity, “Customer” also includes all individuals related to a Corporate Customer whose data We Process.
How We Process Personal Data: Personal Data is collected from the Data Subject, from the representatives of and persons affiliated with the Corporate Customer and from external sources, as well as being regularly updated. Personal Data is disclosed to Recipients in order to conclude and perform the agreements with the Corporate Customer and to comply with legal obligations set forth in the Applicable Law.
When You represent a Corporate Customer, We Process Your Personal Data to conclude and fulfil agreements between that Corporate Customer and Us. This could be, for example, for communication with the Corporate Customer’s representatives and contact persons and keeping information about the legal and authorized representatives up to date. This also ensures that only authorized persons can sign agreements, perform transactions, submit documents, access information or take other necessary actions on behalf of the Corporate Customer.
For the purposes described in this section, the Personal Data categories that We Process include Identification Data, Contact Data, Professional Data, Data on Relationships with Legal Entities, Data on Trustworthiness and Due Diligence, Demographic Data, Financial Data, Data Obtained while Performing Statutory Obligations arising from the Applicable Law, data on criminal convictions and offences, other Personal Data (if business relationship with the Corporate Customer is terminated due to it ceasing to exist, We need to have the fact of the Corporate Customer’s status stored in Our systems so We do not carry out certain activities like communication and reporting).
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To conclude and perform agreements with Corporate Customers, to communicate with Corporate Customers |
Legitimate interest to maintain relationship with Corporate Customers; Performance of an agreement |
Swedbank Group entities |
Why We Process Personal Data: to ensure Your security and the security of Swedbank’s visitors, employees, premises and assets; to defend Swedbank’s legal claims and legitimate interests; to detect and prevent unlawful activities.
How We Process Personal Data: for the purpose of conducting video surveillance as part of safety measures, We use surveillance cameras at Our premises and other locations where Swedbank renders Services. Areas under video surveillance are marked with informational signs that video surveillance is carried out.
The material obtained through Swedbank’s video surveillance – visual images, video recordings and audio recordings – contains Personal Data. This Personal Data is shared with the Recipient only in certain cases when the recorded material is needed for criminal investigation according to the procedure set forth in Applicable Law, or with a Recipient that maintains and services the video surveillance systems on behalf of Swedbank.
Purpose of Personal Data Processing |
Legal basis |
Recipients or categories of Recipients |
To ensure the security of Swedbank’s employees and visitors and the protection of property (video surveillance and/or audio recordings) |
Legitimate interest to ensure the security of Swedbank’s visitors, employees, premises and assets |
Swedbank Group entities, Data Processors who maintain and service video surveillance equipment, public authorities in the event of investigation of unlawful acts |
To comply with Double identification requirements and monitor double identification process when serving Customers in person |
Legitimate interest |
Swedbank Group entities |
We use cookies on Our website. We invite You to read more about the use of cookies in Swedbank’s Cookie Policy, available on the website under “Cookies” at www.swedbank.lv.