Data Protection Notice for SEB Investment Management AB
We at SEB Investment Management AB always handle the information that our clients entrust us with in a careful and responsible manner.
This notice explains how SEB Investment Management AB gathers and uses your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC It also describes your rights regarding your personal data.
The following information must, in accordance with Article 13 and 14 of GDPR, be provided by the data controller to Investors, ultimate beneficial owners, directors, authorised representatives, or contact persons of investors (the "Data Subjects").
The personal data controller is:
SEB Investment Management AB
Corporate identity number 556197-3719
In Luxembourg, in the case of funds managed by SEB Investment Management AB, and organized as an investment company with variable capital (“SICAVs”), SEB Investment Management AB acting through its Luxembourg Branch together with the relevant SICAV will act as joint data controllers.
Information of all the funds for which this notice applies is available on our website.
This information may be updated from time to time.
Personal data is information that directly or indirectly can be coupled to a living person. It includes, for example, a person's name and personal identity number, but also other information that is specific to a person's physical, genetic, mental, financial, cultural or social identity. Information about your IP address and your recorded voice can also be personal data if it can be coupled to you.
Certain personal data is considered to be sensitive and is covered by special rules. By special categories of personal data is meant data that reveals for example:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data that identifies a natural person
- data concerning health
- data concerning a natural person's sex life or sexual orientation
By processing of personal data is meant everything that is done with the information, regardless of whether it is done by automated means or not. Examples of common processing of data include collecting, recording, structuring, storage, transfer and erasure.
We collect information about you if you have entered into or seek to enter into an agreement with us. This can entail, for example, your role as a customer, creditor or pledgee. Sometimes we also need to collect information about you as a payer, trustee, administrator, agent, representative, signatory, some form of contact person, or beneficial owner. You can read more about when we collect this type of information in the following section.
Information you provide to us
We collect information about you that you provide to us directly or indirectly through our business relationship. This can take place, for example, when you enter into an agreement with us, or in general in connection with our administration of agreements.
We may also store information that is collected or arises when you contact us, for example identification data such as name, email, postal address, telephone number, country of residence, or passport. We may also record phone conversations and store communication that we collect via email.
Information we collect about you
In addition to the information that you provide to us yourself, we may collect information about you from other sources. This happens, for example, when we
- Perform the controls that we must perform to prevent our products and services from being used for money laundering, by collecting information from sanction lists among international organisations.
- Receive data through the relevant Distributor, nominee or from the Central Administration Agent.
We process your personal data only for certain, specific purposes and when we have legal grounds to do so.
To prepare and administer agreements
The most common purpose for which we process your personal data is to document, administer and execute agreements we have with you. We need to collect personal data for this purpose in order to be able to enter into agreements with you.
To meet our legal obligations
We also need to process your personal data to be able to meet our obligations pursuant to applicable laws, other statutes or decisions by authorities. This can include the following, for example:
- to meet requirements under bookkeeping laws
- to meet requirements under anti–money laundering laws
- to check personal data against sanction lists, which we are required to apply by law or decision by authority
- to be able to report to governmental, regulatory, court or tax authorities.
When we have a legitimate interest
We process your personal data when it is necessary for a purpose for which we, after a consideration of interests, have determined that we have a legitimate interest.
When you have given your consent
In certain cases we need your consent to process your personal data. In such cases we will ask for your consent to process your personal data for the specific purpose, for example when sending news letters or reports on your request.
You can withdraw a consent you have given at any time. The processing that we have already done will not be affected, but we will not continue processing your personal data if we do not have other grounds for the processing.
We store your personal data during the term of the agreement and for the length of time required by applicable law. Thereafter, we store personal data normally for a maximum of 5 or 10 years after the relationship has come to an end, in view of the statute of limitations. We may also store personal data for other purposes than the contractual conditions, such as for our compliance with anti–money laundering laws and local bookkeeping laws, if any.
We do our best to protect your personal data from unintentional or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access. We do this through both technical and organisational measures.
We always strive to not process more data than is necessary, and we pseudonymise and anonymise your personal data where possible. If a business partner processes personal data for us – a personal data processor – the processor must always undertake to maintain a suitable level of security and to use the corresponding security measures.
Within the SEB Group
At times another company in the SEB Group may process your personal data. When this happens, we base such processing on the grounds of a legitimate interest.
Outside the SEB Group
It may happen that your personal data is used by other companies that we cooperate with – naturally always within the framework of applicable rules governing confidentiality. These may include, for example, Central Administration Agent, Distributors, Paying Agents, the Auditor and other service providers of the fund (including its information technology providers), any affiliates of the foregoing, the employees of those entities, the appointed legal and professional advisers of those entities in connection with the operations of the relevant fund, its subsidiaries and investments, and that require such information for the purposes indicated above, and the legal advisors, investment consultants and custodian banks of each of the Data Subjects and the financial intermediaries of such Data Subjects.
In the case of nominees, the data may be collected by the nominee. In those cases the nominee will be acting as independent data controller in accordance with the provisions of GDPR. Investors subscribing through a nominee should consult the data privacy notice of the nominee.
By law, in certain cases we are also required to provide your personal data to various authorities. You can read more about his in the sections above.
Transfers to third countries (countries outside the EU and EEA)
Personal Data will in principle not be transferred outside the European Economic Area (the "EEA"). If Personal Data were ever to be transferred outside the EEA, SEB Investment Management AB is required to ensure that the processing of investors' Personal Data is in compliance with the General Data Protection Regulation and, in particular, that any of the following conditions are met:
- The European Commission has decided that there is an adequate level of protection in the country in question
- We have taken other suitable protection measures, such as standard contractual clauses
- Special permission has been obtained from a supervisory authority
- It is permissible in special cases under applicable data protection laws
According to the data protection laws, you have the right to exercise control over your personal data and to obtain information about how we process your personal data. You can contact us if you want to exercise any of your rights.
Request a register extract of personal data
You have the right to obtain information about your personal data that we process. You can obtain this by requesting a register extract from us.
Rectify inaccurate or incomplete personal data
If it turns out that we process personal data about you that is inaccurate, you have the right to request a rectification of the personal data. You can also request to have incomplete personal data about you completed.
Erasure of your personal data
You have the right to have any or all of your personal data erased. This is also referred to as the right to be forgotten. In certain cases we cannot erase all of your personal data. In such case this would be due to the fact that we need to store your personal data due to a contractual relationship or law.
Restrict how we process your personal data
In certain situations you have the right to demand that our processing of your personal data be restricted for a period of time. This can pertain, for example, to a situation where you believe data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on a legitimate interest. In such case we must verify if our grounds override yours.
Object to how we process your personal data
If we process your personal data on the grounds of a legitimate interest, you can object to this processing. In order for us to be able to continue processing such personal data, we must be able to show that we have compelling, legitimate grounds for this processing that override your interests and rights. You can read more about legitimate interests in the sections above: When we have a legitimate interest"
Transfer your personal data to another party
If we process your personal data on the grounds of an agreement or consent, you have the right to receive the personal data that you yourself have provided to us. Where technically feasible, you also have the right to data portability, i.e. to have the personal data transmitted to another party.
Submit an objection to the supervisory authority
If you have an objection about how we have processed your personal data, you can turn to the supervisory authority concerned.
Sweden: Data Protection Authority (Datainspektionen).
Luxembourg:Commission Nationale pour la Protection des Données
Finland: Data Protection Ombudsman
and the relevant authority of the Member State in which the Data Subject resides or works in accordance with the provisions of Article 77 of the GDPR
Read more on the Data Protection Authority's website
We have appointed a Data Protection Officer who is responsible for monitoring our compliance with the rules on the protection of personal data. The Data Protection Officer shall perform his or her duties independently in relation to SEB Investment Management AB. If you want to contact the data controller or our Data Protection Officer, you can write to the following addresses:
Data Protection Officer
SE-106 40 Stockholm
SEB Investment Management AB, Luxembourg Branch
4 rue Peternelchen
L-2370 Howald, Luxembourg
Data Protection Officer