Privacy Policy - Nordic Equities

Nordic Equities Asset Management values your personal privacy and always strives for a high level of data protection. This privacy policy explains how we collect and use your personal information in our operations according to the rules of the EU’s new data protection regulation, (EU 2016/679) [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC] (“GDPR”). It also describes your rights and how you can exercise them.

Nordic Equities Asset Management AB, registration number 556571-9126, located at Grev Turegatan 7, 114 46 Stockholm, is responsible for the Company’s processing of personal data.

Terminology and Definitions

In these guidelines, the following terms are used with the meanings specified below:

Personal data refers to any kind of information that can be directly or indirectly attributed to a living individual. For example, images and audio recordings processed electronically can be considered personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g., IP addresses) are personal data if they can be linked to physical persons.

Processing of personal data refers to anything that is done with personal data. Every action taken with personal data constitutes processing, regardless of whether it is automated or not. Examples of common processing activities include collection, recording, organization, structuring, storage, processing or modification, transfer, and deletion.

What personal data do we collect and for what purpose?

The Company collects and processes personal data in the areas and functions listed below. We process the following categories of personal data for the purposes specified below and based on the legal grounds indicated in relation to each processing activity.

Customer Relationship. What is the legal basis for processing?
When an individual becomes a customer with us, we process your personal data to fulfill legal obligations.

Which personal data is processed and who are the recipients?
The personal data processed mainly includes name, address, personal identification number, copy of ID, email, phone number, account details, financial information such as accounts, ownership, transactions, income, the customer’s financial experience and investment goals, risk tolerance, family situation, etc. Those who may come into contact with the personal data include the marketing department, back office, IT department, finance department, risk department, auditors, the funds’ custodian bank, and regulatory authorities.

For what purposes are personal data processed?
Personal data is processed for the following purposes: executing a transaction with the customer, managing the customer relationship, providing and administering access to products and services, managing the customer register, conducting suitability assessments for investment services, performing checks to prevent money laundering and financing of terrorism. Personal data may also be processed for the purpose of sending interesting offers and advertisements, news, and other information about the Company and our services and products via email. As stated in section 8.4.3, you always have the right to object to processing for direct marketing.

How long is the data stored?
The Company never stores data longer than necessary considering the purposes of the processing. Therefore, the Company regularly purges personal data and removes information that is no longer needed. To fulfill its legal obligations, the Company needs to retain certain data even after a customer relationship has ended. For example, data must be retained to meet legal obligations regarding taxation, accounting, or to defend legal claims. In these exceptional cases, data is stored for 5-10 years (regarding accounting, taxation, and statute of limitations).

Recruitment. What is the legal basis for processing?
To manage applications submitted by individuals, conduct interviews, and make decisions in a recruitment process, the Company must process certain personal data. The basis for this processing is legitimate interest. When we store personal data for future recruitment in our candidate database, consent is obtained.

Which personal data is processed and who are the recipients?
Personal data processed by the Company includes name, date of birth, address, information about experience and skills, and possibly a photograph, etc.

Those who may come into contact with the data are primarily the HR manager, supervisors, and hired recruitment firms. In cases where recruitment firms handle the recruitment, a data processing agreement is always established with the external party.

For what purposes are personal data processed?
In order for the Company to manage applications, interviews, and decision-making in a recruitment process, we collect and process personal data. We may also save the personal data in our candidate database to contact the applicant for future recruitments.

How long are personal data stored?
The Company never stores data longer than necessary considering the purposes of the processing. Therefore, the Company regularly purges stored personal data and removes data that is no longer needed. However, the Company may need to retain personal data after the recruitment process is completed if we deem it necessary to keep them to handle legal claims that may be directed against the Company. The retention period in such cases is 2 years.

We may also save applications from candidates who are of interest for future recruitments in our candidate database. In such cases, the data is stored for a maximum of 2 years. However, candidates are always given the opportunity to object to such future contact.

Marketing. What is the legal basis for the processing?
Personal data may also be processed for the purpose of sending interesting offers and advertisements, invitations to seminars, news, and other information about the Company and our services and products via email. The basis for this processing is a balance of interests. As stated in section 8.4.3, you always have the right to object to processing for direct marketing.

Which personal data is processed and who are the recipients?
The personal data processed by the Company includes name and email address, and in some cases, allergies and dietary preferences (mainly for seminars and training sessions).

Those who may come into contact with the data are primarily the Company’s administrative department and the marketing department.

What is the legal basis for the processing?
Personal data may also be processed for other purposes such as responding to inquiries, establishing, asserting, and defending legal claims, for example, to handle complaints and in connection with legal disputes, managing, protecting, and developing our systems and services, and to fulfill legal obligations, such as accounting regulations. The basis for this processing is legal obligation.

Which personal data is processed and who are the recipients?
The personal data processed by the Company includes name, contact details (e.g., address and phone number), information about completed assignments, log information, details of paid fees, remuneration, and other financial transactions with the registered individual.

Those who may come into contact with the data are primarily the Company’s administrative department, legal department, finance department, and customer complaints manager.

How long are personal data stored?
The Company never stores data longer than necessary considering the purposes of the processing. Therefore, the Company regularly purges stored personal data and removes data that is no longer needed. The Company retains data for responding to inquiries for 24 months from the date the inquiry was received. For legal claims and similar matters, the Company applies applicable limitation periods. For managing, protecting, and developing our systems and services, the Company stores the data for 24 months from the time of the log event. For fulfilling legal obligations, such as those under the Accounting Act, the Company stores data for 10 years from the end of the calendar year in which the relevant financial year ended.

From which sources do we collect your personal data?

In addition to the data you provide to us, we may also collect personal data from other sources (so-called third parties). The data we collect from third parties includes the following:

Address details from public registers to ensure we have the correct address information for you,

Creditworthiness information from credit rating agencies, banks, or credit information companies.

Who may we share your personal data with?

Processors
Where necessary for us to provide our services, we share your personal data with companies that act as processors for us. A processor is a company that processes the information on our behalf and according to our instructions. We have processors that assist us with:

IT services – companies that manage essential operations, technical support, and maintenance of our IT solutions.

Providers of systems for the administration of unit holder registers.

Back-office services – companies that handle administrative tasks, such as sending reports to customers.

When your personal data is shared with processors, it is only for purposes that are compatible with the purposes for which we collected the information (e.g., to fulfill our obligations under the agreement with you as a customer). We check all processors to ensure they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all processors (data processing agreements) through which they guarantee the security of the personal data processed and commit to complying with our security requirements and requirements regarding the international transfer of personal data.

Other Independent Data Controllers
We also share your personal data with certain companies that are independent data controllers. Being an independent data controller means that we do not control how the information provided to the company is processed. Independent data controllers with whom we share your personal data include:

Financial and Legal Consultants, Accountants
Credit Institutions and Financial Institutions, Insurance Providers and Intermediaries of Financial Services, Third Parties Involved in the Execution of Orders, Settlement, or Reporting.

Third parties maintaining databases and registers, such as credit registers, population registers, commercial registers, securities registers, or other registers that hold or transmit personal data.

Credit Reporting Agencies
Participants and/or Parties Related to Domestic, European, and International Payment Systems.

When your personal data is shared with a company that is an independent data controller, that company’s privacy policy and data management practices apply.

Where do we process your personal data?

In general, your personal data is processed only within the EU/EEA, [but may in some cases be transferred to and processed in countries outside the EU/EEA].

Transfer and processing of personal data outside the EU/EEA may occur if there is a legal basis, i.e., a legal obligation or consent from the data subject, and appropriate safeguards are in place. Appropriate safeguards include:

There is an agreement in place that includes EU Standard Contractual Clauses or other approved clauses, codes of conduct, certifications, etc., approved in accordance with GDPR.

The country outside the EU/EEA where the recipient is located has an adequate level of data protection as determined by the European Commission.

The recipient is certified under the Privacy Shield (applies to recipients in the USA).

Upon request, additional information can be obtained regarding the transfer of personal data to countries outside the EU/EEA.

How long do we retain your personal data?

We never retain personal data longer than necessary for each respective purpose. See more about the specific retention periods under each purpose.

The Data Subject’s Rights

Right of Access (also known as a Data Subject Access Request)

The data subject has the right to contact the Company in its capacity as data controller and request access to the personal data processed by the Company, as well as be informed about, among other things, the purposes of the processing and the recipients of the personal data.

The Company, as the data controller, shall provide the data subject with a free copy of the personal data being processed. For any additional copies, the Company may charge an administrative fee.

Right to Rectification, Erasure, or Restriction

The data subject has the right to have their personal data rectified without undue delay or, under certain conditions, restricted or erased. If the data subject believes that the Company is processing personal data about them that is incorrect or incomplete, they can request that these be corrected or supplemented.

If the data subject requests that the data be rectified, erased, or restricted in processing, the Company, as the data controller, routinely makes reasonable efforts to notify each recipient of the personal data about the data subject’s request.

You can request the erasure of personal data we process about you if:

The data is no longer necessary for the purposes for which it was collected or processed.

You object to a balancing of interests we have conducted based on legitimate interest, and your reason for objection outweighs our legitimate interest.

You object to processing for direct marketing purposes.

The personal data is processed unlawfully.

The personal data must be erased to comply with a legal obligation we are subject to.

Personal data has been collected about a child (under 13 years old) for whom you have parental responsibility, and the collection has occurred in connection with the offering of information society services (e.g., social media).

Please note that we may have the right to deny your request if there are legal obligations preventing us from immediately deleting certain personal data. These obligations arise from accounting and tax legislation, banking and anti-money laundering laws, as well as consumer rights legislation.

It may also be necessary to process the data to establish, exercise, or defend legal claims. If we are unable to comply with a deletion request, we will instead block the personal data from being used for purposes other than the one preventing the requested deletion.

Right to restriction. You have the right to request that our processing of your personal data be restricted. If you dispute the accuracy of the personal data we process, you can request restricted processing for the time we need to verify whether the personal data is correct. If we no longer need the personal data for the established purposes, but you need them to establish, exercise, or defend legal claims, you can request restricted processing of the data with us. This means you can request that we do not delete your data.

If you have objected to a legitimate interest assessment that we have made as a legal basis for a purpose, you can request restricted processing for the time we need to verify whether our legitimate interests outweigh your interests in having the data deleted.

If the processing has been restricted according to any of the situations above, we may only, in addition to storage, process the data to establish, exercise, or defend legal claims, to protect someone else’s rights, or if you have given your consent.

Right to object to certain types of processing

As a data subject, you have the right to object at any time to the processing of your personal data if the legal basis for the processing is a public interest or legitimate interest assessment according to Article 6.1 (e) and (f) of the General Data Protection Regulation.

If we use a legitimate interest assessment as the legal basis for a purpose, you have the right to object to the processing. To continue processing your personal data after such an objection, we need to demonstrate a compelling legitimate reason for the processing that outweighs your interests, rights, or freedoms. Otherwise, we may only process the data to establish, exercise, or defend legal claims.

You also have the right to object to the processing of your personal data for direct marketing purposes. This objection also includes the analysis of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing actions (e.g., via mail, email, and SMS). Marketing actions where you as a customer have actively chosen to use one of our services or otherwise sought us out to learn more about our services are not considered direct marketing (e.g., product recommendations or other offers). If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing actions.

Right to data portability

If our right to process your personal data is based either on your consent or the fulfillment of a contract with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically feasible and can be carried out automatically.

Right to withdraw consent

If the processing of personal data is based on your consent, you have the right to withdraw this consent at any time. Such withdrawal does not affect the legality of the processing before the consent was withdrawn.

How do we handle personal identification numbers?

We will only process your personal identification number when it is clearly justified with regard to the purpose, necessary for secure identification, or if there is another significant reason. We always minimize the use of your personal identification number as much as possible by, where sufficient, using your birth number instead.

What are cookies and how do we use them?

Cookies are small text files consisting of letters and numbers that are sent from our web server and stored on your browser or device. On www.nordeq.se, we use the following cookies:

1) Sessionscookies (en tillfällig cookie som upphör när du stänger din webbläsare eller enhet).

The cookies we use generally improve the services we offer. Some of our services need cookies to function correctly, while others enhance the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other preferences.

You can control the use of cookies yourself by changing the settings in your browser or device.

How are your personal data protected?

We use IT systems to protect the confidentiality, integrity, and availability of personal data. We have implemented specific security measures to protect your personal data against unauthorized or unlawful processing (such as unauthorized access, loss, destruction, or damage). Only those individuals who actually need to process your personal data to fulfill our stated purposes have access to them.

Supervisory Authority

The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) is responsible for monitoring the application of the legislation. Anyone who believes that a company is handling personal data incorrectly can file a complaint with the Swedish Authority for Privacy Protection.

Contact Information
Phone number: 08-657 61 00
Email address: Imy@imy.se

Changes to the Policy

The Company reserves the right to amend and update the policy. In the event of material changes to the policy or if existing information is to be processed in a manner different from that stated in the policy, the Company will inform about this in an appropriate manner.

Contact

For questions about the Company’s handling of personal data, contact Mikaela Fredriksson.

Menu