Why Swedbank processes client data: to ensure the legal obligation to identify the client and, where applicable, to identify the client’s representative and the persons involved in occasional transactions.
How Swedbank processes client data: in order to verify your identity, you will be asked to provide a valid identity document and, if necessary, other documents relevant for identification. Swedbank uses authentication tools to verify identity. Client data is shared with the Swedbank Group companies operating in Estonia in order to provide clients with the services of these companies.
Identification
Identity document submitted for identification is verified by Swedbank through an e-inquiry in the Police and Border Guard Board.
If you conclude a service agreement on behalf of a child, the identity of the child and your right to represent the child are also verified through the population register.
In order to ensure that your identification data is correct and up-to-date, Swedbank will ask you to regularly update the client data. The data in the identity document obtained from the population register are updated automatically.
Swedbank shares client identification data with the Swedbank Group companies registered in Estonia, depending on the products and services used or requested by the client in order to ensure that client data is correct and up-to-date in all entities of the Swedbank Group.
Authentication
During authentication, Swedbank verifies the identity of the client when the client uses the services at a bank branch or remote channel, for example, calls the Consultation Centre or uses the Internet Bank.
Authentication tools offered by Swedbank or other companies, such as SK ID Solutions AS (Smart-ID, Mobile-ID), are used for authentication. The client may also use an ID card or other solutions (biometrics (fingerprint and facial recognition), PIN in Swedbank mobile app, PIN calculator) as a means of authentication. If you use an authentication tool provided by another company, we will share your identity verification data, communication and device data (such as the IP address and device type) with that company and inform them that you are using Swedbank services.
Why Swedbank processes client data: to fulfil a legal obligations to prevent money laundering and terrorist financing and to comply with international and national sanctions.
How Swedbank processes client data: Swedbank collects data directly from clients and from external sources (e.g. public registers). The aim of collecting and analysing data is to fulfil the ‘Know Your Client’ (KYC) principle. In cases required according to the legislation, data is also transferred to recipients.
Swedbank is obliged by legislation to perform due diligence activities, including understanding the purpose and nature of the business relationship and occasional transactions. This helps to protect the public interest and ensure that services are used for legitimate purposes, and protected against misuse. Swedbank must assess the risks related to money laundering and terrorist financing and comply with and, if necessary, implement the established European Union and UN, as well as national sanctions. Swedbank also has a legitimate interest in ensuring compliance with the financial sanctions imposed by the United States of America and the United Kingdom.
Swedbank is obliged to identify the client (see Section ‘Identification and authentication’), and the client is also asked to provide accurate and truthful information about themselves. In specific cases, Swedbank may ask for documents confirming the submitted data. Swedbank uses client data obtained from external registers, such as population registers, commercial registers, or obtained directly from the client. Swedbank also uses the data published in the media about the client. To fulfil legal obligations or in case of a legitimate interest, Swedbank checks client data against sanctions lists to make sure that the services are not provided to sanctioned persons or persons related to the sanctions, or that the services are not used to violate or evade sanctions.
During the business relationship, Swedbank will ask you to update the provided client data on a regular basis or in a specific case. Swedbank verifies whether the data obtained from the above-mentioned external registers is up-to-date. The legislation also obliges Swedbank to constantly monitor your activities and transactions to ensure that there is no risk-raising circumstances in connection with them and that they are not subject to sanctions. Due diligence activities and its regularity depend on Swedbank’s assessment of the client’s risk of money laundering and terrorist financing.
Swedbank has a legal obligation to report suspicions of money laundering and terrorist financing to the authorities (Financial Intelligence Unit) and ensure the confidentiality of reports. Swedbank is obliged not to disclose information about the processing of personal data carried out within the framework of legislation and the Money Laundering and Terrorist Financing Prevention Act in the field of money laundering and terrorism and non-proliferation financing, unless the data is publicly available.
For the purposes described above, Swedbank also processes the data of persons related to business clients. Swedbank identifies the representatives of a legal person (legal representatives, authorised persons, persons belonging to the highest management body of the company, including a procurator, trustee in bankruptcy) and asks to provide their personal data, demographic data, contact details, and data on connections with other legal entities. Swedbank also asks to provide identification data and demographic data of the company’s shareholders. The company is obliged to disclose its final beneficiaries and provide their identification data, demographic data, and contact details. If necessary, the company is asked to provide additional documents and information about the final beneficiaries, such as evidence of wealth and the origin of assets or data on relations with other legal entities. Swedbank also regularly collects and updates the client data of the company’s representatives, shareholders, and final beneficiaries from external registers, such as the population register, commercial registers, property registers (e.g. land register), sanctions lists, and publicly available information (media).
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Prevention of money laundering and terrorist financing |
Public interest |
Legal entities within Swedbank Group
Third parties keeping registers (e.g. Police and Border Guard Board, Population Register, Commercial Register, Land Register)
Public authorities to which Swedbank is obliged by legislation to report suspicious financial operations or transactions or provide other information
|
Compliance with international sanctions (national, European Union, and UN sanctions) |
Public interest |
Legal entities within Swedbank Group Third parties involved in the enforcement of sanctions (e.g. public authorities) |
Compliance with international sanctions (sanctions by the United Kingdom and the United States of America) |
Legitimate interest |
Legal entities within Swedbank Group Third parties involved in the enforcement of sanctions (e.g. public authorities) |
Why Swedbank processes client data: to provide everyday banking services, such as current accounts, deposits, payment services, and other everyday banking services, as well as for ensuring the management of your client relationship and access to services.
How Swedbank processes client data: processing includes the collection of client data from you and your use of the services, the transfer of client data to a recipient for the performance of a service contract and the receipt of personal data from third parties such as other payment service providers.
Current account
When you open an account with Swedbank, we process your data to fulfil the agreement concluded with you and to provide you with other services related to the current account that you wish to use.
In addition, we need to share client data about the accounts with us and related data with the tax authority, trustee in bankruptcy, notary, and other entitled persons.
If you use the account information service in Swedbank to see information about your payment account opened with another payment service provider, that payment service provider will, at your request, provide Swedbank with data on the designated account and related payment transactions.
If you have submitted a request to access your payment account information opened with Swedbank with another payment service provider, we will disclose to that account information service provider information about your designated Swedbank account and related payment transactions.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Performance and management of agreements concluded with the client |
Performance of agreement |
Legal entities within Swedbank Group Third parties keeping registers |
Processing of a third-party data for the performance of a current account agreement and related service agreements |
Legitimate interest |
Third-party payment service providers |
Responding to inquiries |
Performance of legal obligation |
Public authorities to whose inquiries Swedbank is obliged by legislation to respond (e.g. court, police, bailiff, trustee in bankruptcy) |
Compliance with the obligation to disclose information to an account information service provider |
Legal obligation |
Third-party payment service providers |
Payment cards
When you apply for a Swedbank payment card and enter into a payment card agreement, Swedbank processes your data for the purpose of concluding and fulfilling a payment card agreement, including ordering a card, personalising and activating the card, providing assistance with card-related issues, and preventing card fraud.
In order to carry out card transactions (including transactions initiated by merchants), Swedbank processes client data for the purpose of authorising and invoicing the transaction. If you make a complaint about a card transaction, transaction data is shared with the relevant international card organisation (such as Mastercard).
If you order an additional payment card linked to your account, Swedbank will process the data of the additional card holder.
For these purposes, Swedbank processes your identification data, account data, contact details, professional data, children’s data, demographic data, communications and device data (e.g. when to allow and manage digitised cards and mobile contactless payments), family data, financial data, data on reliability, habits, preferences, and satisfaction.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Conclusion and fulfilment of a payment card agreement |
Performance of agreement |
Legal entities within Swedbank Group
Participants and/or parties involved in domestic, European, and international payments (e.g. an international card organisation, such as Mastercard)
|
Issuing an additional card |
Legitimate interest |
Legal entities within Swedbank Group
Participants and/or parties involved in domestic, European, and international payments (e.g. an international card organisation, such as Mastercard)
|
Handling of card transaction complaints |
Legal obligation |
International card organisation, the institution providing the payee’s payment service |
Payments
Swedbank processes client data when making payments, including the provision of payment initiation services. In order to provide these services, Swedbank processes client data (including sharing data with third parties, such as the payee, payment service providers, payment systems, correspondent banks, and other similar persons), as indicated by the client when placing the payment order or how it is necessary for the execution of the payment order. When proxy payments are made, your data (phone number, name, and IBAN) will be shared with the payee.
Swedbank processes client data in order to start a payment transaction from your account initiated at your request at a third-party payment service provider. For that purpose, client data, such as authentication data, account details, and device data, will be disclosed to that payment service provider.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Making of payments |
Performance of agreement |
Participants and/or parties involved in domestic, European, and international payments, such as payee, payment systems, correspondent banks |
Making of payments |
Legitimate interest |
Third-party payment service providers |
Making of proxy payments |
Performance of agreement |
Bank of Latvia |
Compliance with the obligation to disclose information to the payment initiation service provider |
Legal obligation |
Third-party payment service providers (payment initiation service provider) if Swedbank has a legal obligation to provide such persons with access to client data |
Why Swedbank processes client data: to offer credit products.
How Swedbank processes client data: client data collected from you, internal and external sources (e.g. Commercial Register, Land Register, Population Register, Payment Default Register). Client data is disclosed to the recipient (see Section ‘Recipients, processors, and sources of client data’) if there is a legal ground for doing so.
Swedbank collects and processes client data, including automatically, in order to assess the client’s creditworthiness and offer suitable credit products. The client has the right to challenge the automated decision and ask a Swedbank employee to review it. In order to assess creditworthiness, the client data specified in the request and the client data collected from internal and external data sources are verified.
If you enter into a credit agreement, the fulfilment of which is guaranteed by third parties (e.g. surety providers, KredEx, holders of collateral), client data will be transmitted to them.
The extent to which client data is processed depends on whether you are a client entering into an agreement or have another role in the financing process, for example, you are the seller of the leased property or the holder of the collateral.
If the client fails to fulfil their obligations, Swedbank will publish data about the client’s debt to the payment default register (e.g. Creditinfo Eesti AS) in accordance with the terms and conditions notified at the conclusion of the credit agreement. Swedbank also discloses client data to persons who are involved in processing overdue debts.
For these purposes, Swedbank processes your identification data, demographic data, family data, health data, contact details, account data, financial data, data on your association with legal entities, reliability data, and professional data.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Creditworthiness assessment and credit risk management |
Legal obligation |
Legal entities within Swedbank Group External databases (e.g. Creditinfo Eesti AS) |
Assessment of the suitability of credit products |
Legitimate interest |
Internal sources and external databases (e.g. Creditinfo Eesti AS) |
Provision of financial services |
Performance of agreement |
External partners (e.g. KredEx (EIS), Ministry of Education and Research) |
Guarantee of the insurance of pledged/leased assets if required under the loan/lease agreement |
Legitimate interest |
Insurance companies |
Forwarding the client’s personal data and information on the fulfilment of financial obligations to the payment default register so that other credit and financial institutions can assess the creditworthiness of the client when the client requests credit products from them (to comply with the principles of responsible lending) |
Legitimate interest |
Payment default register (Creditinfo Eesti AS) |
Debt adjustment, sale and/or assignment of claim to third parties |
Legitimate interest |
External parties involved in debt adjustment (trustees in bankruptcy or trustees) and other cooperation partners |
Why Swedbank processes client data: to advise you on selecting the right product for you and the services of your choice.
How Swedbank processes client data: client data is collected from you, as well as when you use our services, including when you interact with Swedbank, and from external sources (e.g. AS Pensionikeskus, Central Register of Securities). As part of the suitability assessment, the processing of your client data also includes profiling.
Investment services
When providing investment services, Swedbank processes client data for the safekeeping of your securities, the execution of orders and corporate events related to securities, the provision of investment advice or portfolio management services to you, and the provision of other investment services.
This includes use of profiling to assess the suitability and appropriateness of a particular service or security for you before providing it.
According to legislation, when providing investment services, we must record phone calls and video streams.
Swedbank processes client data to provide clients with mandatory reports on expenses and fees, execution of transactions, losses in securities and securities held, and other types of reports.
Client data will be disclosed to local and foreign supervisory authorities and tax authorities, central securities depositories, stock exchanges or other execution venues, issuers of securities or third parties appointed by issuers, management companies, and other financial intermediaries.
For these purposes, Swedbank processes your identification data, contact details, children’s data (if the child uses the services), family data, demographic data, professional data, financial data, financial experience data, account data, data on habits, preferences, and satisfaction, data on reliability, data on communications and devices, data on connections with legal entities, client status data and other client data that is necessary under specific terms of service.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Assessment of the suitability and appropriateness of the service |
Legal obligation |
Legal entities within Swedbank Group |
The provision of an investment service, including the execution of orders or orders from a client when a client buys, sells or transfers a security |
Performance of agreement |
Legal entities within Swedbank Group |
Disclosure to the client of regular and event-based reporting on expenses and fees, execution of transactions, safekeeping of securities, losses, etc. |
Legal obligation |
Legal entities belonging to the Swedbank Group |
Regular and event-based reporting and disclosure to public authorities and market participants |
Legal obligation |
Supervisory and tax authorities (e.g. Financial Supervision Authority, US Internal Revenue Service, US Commodity Futures Trading Commission), central securities depositories
Stock exchanges or other execution venues, issuers of securities or third parties appointed by issuers, management companies and other financial intermediaries |
Ensuring investment account taxation reporting |
Consent |
Public authorities (e.g. Tax and Customs Board) |
Retention of information on securities transactions (including telephone and video recordings) and submission of evidence upon request |
Legal obligation |
Legal entities within Swedbank Group |
Resolution of complaints |
Legal obligation |
Legal entities belonging to Swedbank Group |
Pension funds
If you invest in Swedbank pension funds, Swedbank processes client data, for example, to provide you with the necessary information, to process your orders for buying and selling of fund units, to keep records of your accounts, and pay-outs from funds. In addition, we exchange information about your investments in pension funds with the pension registrar, who keeps a record of all investments made in your pension funds.
Based on your application, we will transfer your pension fund payments or cash received from the redemption of your accured pension fund units from Swedbank to other pension funds managed by third-party management companies.
For these purposes, Swedbank processes your account data, demographic data, contact details, financial data, and identification data.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Management of the fund, including the organisation of settlements related to the management of the fund’s assets and the provision of necessary information to investors |
Legal obligation |
Legal entities within Swedbank Group |
Processing of purchase and sale orders for fund units |
Performance of agreement |
Legal entities within Swedbank Group |
Transfer of pension fund payments or money received from the redemption of pension fund units accumulated by the client to pension funds managed by other pension fund managers according to the client’s application |
Legal obligation |
Pension fund managers |
Assurance of data exchange with the pension registrar on the management of the client’s pension assets (II pillar funds, pension investment account, III pillar funds) |
Legal obligation |
Pension registrar |
Why Swedbank processes client data: to provide life insurance and/or investment risk life insurance services, including the assessment of your individual risk and the calculation of the insurance premium, the handling of claims related to the insurance contract, and the payment of insurance indemnities.
How Swedbank processes client data: client data is collected from you and external sources (doctors and medical institutions), and regularly updated. Depending on the life insurance service, client data is disclosed to the recipient.
You are applying for insurance, have entered into an insurance contract or have submitted an application for insurance indemnity
When you submit an application for a risk-based life insurance contract, Swedbank processes client data to assess the insurance risk related to you, calculate the insurance payment and the sum insured, and make a decision on concluding an insurance contract. Among other things, Swedbank processes health data automatically and makes automated decisions based on profiling to make quick decisions about concluding an insurance contract. If you need additional information or want the decision to be made by an employee, you have the right to challenge the automated decision and ask a Swedbank employee to review it. For the above purposes, Swedbank processes health data received from you, doctors, and medical institutions, as well as health data related to your existing and previous insurance contract(s), claims submitted, and insured event(s).
When applying for a unit-linked life insurance contract, Swedbank processes client data, including the use of profiling, to assess the suitability and relevance of the relevant service for you.
After concluding the insurance contract, Swedbank processes client data for the purpose of amending and terminating the contract, refunding the insurance premium, making payouts, and taxing the insurance indemnity. In addition, Swedbank processes client data for sending notices related to the insurance contract and mandatory notices and annual reports if you have entered into an insurance contract with an investment risk.
For these purposes, Swedbank processes personal identification data, account data, contact details, financial data, family data, children’s data, health data, data on links with legal entities, communications and device data, client status data and demographic data, data on the client’s financial experience, data on reliability and due diligence.
If you have submitted an insurance benefit application, Swedbank processes client data for the purpose of handling the claim, including making a decision and paying the insurance indemnity. To this end, Swedbank processes health data received from you, doctors, and medical institutions, as well as client data related to your existing and previous insurance contract(s), claims submitted, and insured event(s). To make a decision and pay indemnity, Swedbank also processes your financial data, which we have received from Swedbank and the public authorities, as well as client data, such as data on criminal convictions and offences. In addition to the personal data listed above, Swedbank also processes your professional data, data on habits, preferences, and satisfaction.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Assessment of the client’s individual risk and making a decision on concluding an insurance contract |
Performance of the agreement and, in addition, consent if it is necessary to process health data to achieve the goal |
Legal entities within Swedbank Group Doctors and medical institutions |
Use of the client’s risk history when making a decision on the assessment of individual risk and the conclusion of an insurance contract |
Legitimate interest |
Legal entities within Swedbank Group |
Assessment of the suitability and appropriateness of an investment-based insurance service |
Legal obligation |
Legal entities within Swedbank Group |
Identification of insurance interest and need |
Legal obligation |
Legal entities within Swedbank Group |
Insurance contract conclusion and management of contracts |
Performance of agreement |
Legal entities within Swedbank Group Persons related to the provision of services to Swedbank (e.g. postal service providers) |
Processing of the data of third parties (e.g. beneficiaries, family members) when concluding and performing an insurance contract |
Legitimate interest |
Legal entities within Swedbank Group |
Withholding of income tax from the insurance indemnity |
Legal obligation |
Public authorities |
Ensuring of mandatory notifications and reporting to the client |
Legal obligation |
Legal entities within Swedbank Group Postal service providers |
Handling of claims, including making a loss decision and paying insurance indemnity in the event of an insured event |
Performance of agreement |
Legal entities within Swedbank Group Public authorities Doctors and medical institutions, experts Beneficiaries, heirs |
Processing of the data of third parties (e.g. beneficiaries, heirs) for the purpose of handling the claims, including making a decision on damage and paying insurance indemnity in the event of an insured event |
Legitimate interest |
Legal entities within Swedbank Group |
Processing of personal data for the purpose of managing the insurance risk
If you have submitted an insurance indemnity application, we will provide the reinsurance undertaking with your client details (including health data) to fulfil our obligations under the reinsurance contract.
For the said purpose, Swedbank processes your identification data, account data, contact details, financial data, family data, children’s data, health data, professional data, data on criminal convictions and offences, data on connections with legal persons, data concerning communications and devices, data on habits, preferences, and satisfaction, and demographic data.
Why Swedbank processes client data: to provide the non-life insurance service of your choice, including the assessment of your insurance risk and the calculation of your insurance premium, the handling of claims related to the insurance contract, and the payment of insurance indemnities.
How Swedbank processes client data: client data is collected from you and external sources, and is regularly updated. Based on the non-life insurance service, client data is disclosed to the recipient for the conclusion and performance of the agreement.
You are applying for insurance, have entered into an insurance contract or have submitted a claim
If you have submitted an application for concluding an insurance contract, Swedbank processes client data to assess your reliability and, based on your risk level, calculate the insurance premium and determine the conditions. For this purpose, Swedbank processes client data automatically, including profiling. If we need additional information, or if an additional risk assessment is necessary, or if the client wants the decision to be made manually, our specialist will evaluate the received request. Swedbank processes client data that we receive from registers and client data that we have about you, such as data about previously concluded insurance contracts and insured events that have occurred, and data that we receive from legal entities belonging to the Swedbank Group.
After the conclusion of the insurance contract, Swedbank processes the client’s data for the purposes of renewal of the contract, amendment and termination of the insurance contract, and refunding of the insurance premium. In addition, Swedbank processes client data for sending notices and mandatory notices related to the insurance contract. For these purposes, Swedbank processes your identification data, account data, contact details, financial data, family data, children’s data, health data, professional data, data on criminal convictions and offences, data on connections with legal persons, data concerning communications and devices, data on habits, preferences, and satisfaction, client status data, and demographic data.
If you have submitted a claim application, Swedbank processes client data for the purpose of handling the claim, including making a claim decision and paying the insurance indemnity in the event of an insured event. Swedbank processes client data received from other insurance companies, registrars, authorities, doctors and medical institutions, as well as client data, including health data, that Swedbank has in connection with your previous claims. In addition, Swedbank processes your professional data, data on convictions and offences, and data on habits, in addition to the personal data listed above.
If you need medical assistance in connection with a travel insurance insured event in a country outside the EU/EEA, Swedbank will transfer your personal data to that country to confirm the validity of the insurance cover. Your personal data will be transferred to a country outside the EU/EEA to handle motor third party liability insurance claims for insured events related to that country. Client data must be transferred for the performance of the agreement concluded between you and Swedbank.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Assessment of the reliability of the client and mitigation of non-standard risks, calculation of the insurance premium corresponding to the client’s risk, and determination of the insurance conditions |
Legitimate interest |
Legal entities within Swedbank Group Insurance service providers |
Identification of insurance interest and need Legal obligation Legal entities within Swedbank Group |
Conclusion and management of insurance contract |
Performance of agreement |
Legal entities within Swedbank Group Third parties keeping registers (e.g. motor register, motor third party liability insurance register)
Persons related to the provision of services to Swedbank (e.g. postal service providers) |
Assurance of event-based reporting for clients |
Legal obligation |
Legal entities within Swedbank Group Persons related to the provision of services to Swedbank (e.g. postal service providers) |
Handling of the claim, including making a decision and paying insurance indemnity in the event of an insured event |
Performance of agreement |
Legal entities within Swedbank Group Third parties keeping registers (e.g. Traffic Register, Motor Third Party Liability Insurance Register, Commercial Register, Population Register, Land Register)
Public authorities Insured persons, beneficiaries, persons entitled to compensation, injured persons, heirs, witnesses of insured events, persons liable for the insured event, and persons who have suffered damage
Persons involved in the provision of services to Swedbank (e.g. technical experts and assessors and building surveyors) |
Handling of the claim, including the processing of health data for making a decision and paying insurance indemnity in the event of an insured event |
Fulfilment of a statutory obligation in accordance with subsection 218 (2) of the Insurance Activities Act |
Doctors and medical institutions |
Processing of the data of third parties (e.g. insured persons, injured parties) for the purpose of handling a claim, including making a decision and paying insurance indemnity in the event of an insured event |
Legitimate interest |
Legal entities within Swedbank Group Third parties keeping registers (e.g. Traffic Register, Motor Third Party Liability Insurance Register, Commercial Register, Population Register, Land Register)
Public authorities Doctors and medical institutions Insurance service providers Insured persons, beneficiaries, persons entitled to compensation, injured persons, heirs, witnesses of insured events, persons liable for the insured event, and persons who have suffered damage
Persons involved in the provision of services to Swedbank (e.g. technical experts and assessors and building surveyors) |
Swedbank processes client data in order to offer an insurance payment that corresponds to your risk and to develop pricing models, to inspect the quality of vehicle repairs, and bring a claim for damages against the third party who caused you the damage or against another insurance provider or you. We may also transfer your personal client data, including health data, to a reinsurance undertaking in order to fulfil our obligations under the reinsurance contract relating to the handling of the claim and the receipt of insurance indemnity.
In addition, Swedbank processes client data in order to inform the mortgagees about setting a term for you to pay the insurance premium and about the cancellation of the agreement and the occurrence of an insured event. Also in order to inform mortgagees about the existence of insurance cover and the amount of the insurance sum. At the request of another insurance service provider, we will provide them with the personal client data necessary to file a claim for refund in order to determine the obligation to indemnify the damage. For these purposes, Swedbank processes your identification data, account data, contact details, financial data, family data, children’s data, health data, professional data, data on criminal convictions and offences, data on connections with legal persons, data concerning communications and devices, data on habits, preferences, and satisfaction, and demographic data.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Filing a claim for indemnification against a third party or another insurance service provider or against you |
Legitimate interest |
Legal entities within Swedbank Group Insurance service providers Third parties keeping registers (e.g. land register, population register)
Public authorities Successors Persons responsible for damage |
Calculation of the insurance premium corresponding to the client’s risk and development of pricing models |
Legitimate interest |
Legal entities within Swedbank Group |
Inspection of the quality of vehicle repair work |
Legitimate interest |
Persons involved in providing services to Swedbank (e.g. technical experts)
Performance of an obligation arising from a reinsurance contract in order to receive the insurance indemnity Legal obligation Reinsurance service provider
Informing the mortgagee about the determination of the term for payment of the insurance premium and the cancellation of the contract and the occurrence of an insured event, as well as the existence of insurance cover and the amount of the insurance sum Legal obligation Legal entities within Swedbank Group
Other credit and financial institutions |
Forwarding client data to another insurance company for the purpose of assessing the insurance risk and for the performance and enforcement of the insurance contract |
Legitimate interest |
Insurance service providers |
Forwarding client data to ensure the performance of the insurance contract or to file a claim for refund |
Legal obligation |
Insurance service providers Public authorities Doctors and medical institutions |
Why Swedbank processes client data:to prepare and provide offers that meet the needs of the client and business client, to provide relevant information, and to organise opinion surveys, lotteries, campaigns, and client programmes.
How Swedbank processes client data:Swedbank collects client data, including to create your profile, to provide you with personalised marketing communications. To achieve this goal, we share client data with the Swedbank Group companies operating in Estonia.
Profiling and your marketing rights
Swedbank carries out profiling to assess which products and services may be suitable and relevant to your interests and needs. This allows you to receive offers and services tailored to you.
Swedbank automatically collects and processes client data to create a client profile and thereby make recommendations and offers to the client. Such data includes, for example, information about the client’s product portfolios and service usage. We also collect data about the client’s financial situation, behaviour, and habits, which are based on the client’s use of the service, the transactions made by the client, and the information provided by the client to Swedbank. Such data is used to create profiling that is necessary to serve the client in the client programme (e.g. young or gold customers) and to make suitable offers to the client. As a result of the processing, advice and provision based on the needs of the client, involvement of the client in client programmes, and thus the application of special prices and service conditions are provided.
You have the right to object at any time to the processing of personal data for marketing purposes or to withdraw your consent to the processing of data.
Preparation of offers
We want to provide you with the best user experience and prepare relevant offers at the most appropriate time. As a result of identifying the interests and needs of the client and business client, we prepare various offers:
- personal recommendations – practical marketing offers to choose the services that are most suitable for you, to improve your daily use or to avoid inappropriate use, and other proposals that best serve your interests and needs, such as product upgrades, replacements;
- personal loan and insurance limits – a practical calculation designed to help you understand what loan and lease options and insurance payments are available to you;
- offers made in cooperation with partners – practical offers that help you choose suitable services and discounts from Swedbank’s cooperation partners; client data is not shared with these partners;
From time to time, we conduct opinion surveys among our clients, also using the services of professional market research companies.
If you are interested in tracking and categorised insights on your spending, as well as spending across all your accounts in one view, you can use the ‘My Budget’ tool, which is available in the Internet Bank and the mobile app.
For these purposes, Swedbank processes your identification data (except for your personal identification code), contact details, account details and demographic data, information about the products/services/channels already used by the client, the client’s previous experience in using them, financial data, as well as data indicating whether the client is entitled to receive offers from the client programmes. If the client uses Swedbank’s website, Internet Bank or mobile app, we also take into account the client’s browsing behaviour and targeted technologies. In the case of offers with financing and insurance limits, Swedbank first considers whether the client meets the basic loan and insurance conditions before establishing the limits.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Preparation of relevant offers: personal recommendations, offers with partners, as well as personal loan and insurance limits |
Consent |
Legal entities within Swedbank Group |
Preparation of a cost overview for all client accounts in one view (‘My budget’ tool) |
Consent |
Legal entities within Swedbank Group |
Preparation of client opinion polls, which may involve marketing research companies |
Consent |
Legal entities within Swedbank Group Marketing research companies |
Compiling other information
To inform clients and business clients about Swedbank’s news and services, we prepare two types of information for them:
- relevant information – information designed to invite a client to events, send them greetings and newsletters;
- client satisfaction surveys – questionnaires asking you to give feedback on the services used and help Swedbank to improve them.
For this purpose, Swedbank processes account data, client status data, data on habits, preferences, and satisfaction, communications and device data, contact details, demographic data, family data, identification data (except personal identification code), and financial data.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Preparation of relevant information |
Legitimate interest |
Legal entities within Swedbank Group |
Performing client satisfaction surveys |
Legitimate interest |
Legal entities within Swedbank Group |
Receipt of offers and relevant information
As a client, you may receive marketing offers and other relevant information through four communications channels:
- email;
- SMS;
- telephone;
- post.
The offers and other information you receive will vary depending on the channel you choose. Each offer and other information has a communications channel, for example, some offers and surveys are sent only by email, other types of offers also via Internet Bank and mobile app.
Client programmes
Swedbank offers its clients a variety of client programmes. For example, special service conditions, better prices and/or added value are available to the programme participants. For Swedbank to be able to add and apply the special terms and conditions of client programmes, Swedbank processes client data automatically. Information about the processing of personal data in connection with the client programme is provided in the terms and conditions of the programme or in an additional notice. Client data is processed for the above purpose if the client does not object to the processing, or if the client agreed to the terms and conditions of the client programme and thus also agreed to participate in the programme.
To include clients in the client programme, Swedbank processes identification and contact information for each programme. Based on the programme, Swedbank processes relevant additional categories of personal data, such as demographic data, data on client status, data on relationships with legal entities, data on communication and devices, account data, data on habits, preferences, and satisfaction, and financial data.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
To implement the client programmes (e.g. gold customers, seniors, young people), including inclusion or exclusion from a specific programme or to apply the special terms of service |
Legitimate interest |
Legal entities within Swedbank Group |
To provide special services in the private banking client programme or to apply the special terms of service |
Performance of agreement |
Legal entities within Swedbank Group |
Lotteries and campaigns
Swedbank processes client data for the purpose of conducting raffles and campaigns – this means involving clients who meet the criteria of participants in the raffle, campaign or client programmes. The client has the right to demand that they are removed from the list of participants in the raffle, campaign or client programme.
To organise raffles, competitions, campaigns, and events for its clients, Swedbank processes account data, professional data, financial data, contact details, data on habits, preferences, and satisfaction, demographic and family data, identification data, as well as data on connections with legal entities.
Why Swedbank processes client data: to ensure the quality of the service and to protect the interests of the client and Swedbank, to handle client complaints, and to comply with legislation.
How Swedbank processes client data: Swedbank records telephone and video calls. In addition, Swedbank processes client data, which is collected via email, bank messages, and other communications channels.
For these purposes, Swedbank processes your communications and device data, account data, client status data, professional data, financial data, data on habits, preferences, and satisfaction, family data, children’s data where the service relates to children, contact details, reliability data, data on links with legal entities, data obtained in the performance of a legal obligation, identification data and demographic data, special categories of data (health data) where necessary in connection with a non-life and life insurance service or a client complaint.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Improving the quality of service and protecting the interests of the client and Swedbank (recordings of phone calls, audio during video chats or correspondence) |
Legitimate interest |
Legal entities within Swedbank Group |
Protecting the interests of the client and Swedbank (recordings of phone calls, audio during video chats and correspondence) |
Performance of agreement |
Legal entities within Swedbank Group Telecommunications service providers |
Processing of special categories of personal data published at the initiative of the client in the course of a consultation for the purpose of improving the quality of service or protecting the interests of the client and Swedbank |
Consent |
Legal entities within Swedbank Group |
Handling of client complaints |
Legal obligation |
Legal entities within Swedbank Group |
Why Swedbank processes client data: to provide consultations and service to the clients.
How Swedbank processes client data: Swedbank processes your data when we serve you at a Swedbank branch and when we communicate with you by telephone, chat, email, and other means of communication. Client data, such as contact details, is transferred to the Swedbank Group companies operating in Estonia to ensure that personal data is up to date.
Swedbank processes client data that is available to Swedbank, such as financial data, to provide you with the requested consultation.
For these purposes, Swedbank will process your contact details, information about the service requested, the service provided and/or the performance of the service agreement, when we provide you with information and communicate with you by telephone, chat, email, and other communications channels as necessary in connection with the provision of the service.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Registration of the client for a consultation |
Performance of agreement |
Legal entities within Swedbank Group |
Provision of the client with consultations and recommendations based on the client’s economic situation, the services used, and future plans |
Legitimate interest |
Legal entities within Swedbank Group |
Communication with the client and transmission of information |
Performance of agreement |
Legal entities within Swedbank Group |
Why Swedbank processes client data: to comply with risk management obligations established by legislation, to comply with capital requirements, to prevent fraud and to manage potential incidents.
How Swedbank processes client data: we disclose client data to recipients, such as public authorities and the Swedbank Group companies.
Risk management is important for Swedbank to provide services to you and protect your money from fraudsters. The goal of Swedbank is to maintain a low level of risk in its activities, as this is the basis for building trust and offering you greater value in the long term.
In the field of risk management, we use client data for the following purposes:
- assessment and management of credit risk, liquidity risk, market risk, and counterparty risk;
- mitigation of risks and performance of Swedbank’s capital requirements;
- settlement of incidents and personal data breaches that may affect Swedbank’s core processes and services;
- detection, investigation, and reporting of potential suspicious transactions and market abuse;
- monitoring of transactions, including card transactions, in order to detect and prevent fraud, and to review, assess, and respond to activities identified as potential fraud;
- compliance with legislation and internal regulations;
- assurance of business continuity and crisis management;
- communication with supervisory and other authorities, including regular mandatory and ad hoc reporting, an obligation to alert public authorities about suspicious behaviour in relation to client market abuse, cooperation with public authorities in carrying out various supervisory procedures or investigations;
- cooperation with and provision of information to an external auditor.
Why Swedbank processes client data: to manage, maintain, develop, analyse, and improve business activities, services, and your user experience.
How Swedbank processes client data: we process client data when we manage and archive our documents, carry out analyses and tests to improve our service, security, and compliance of IT solutions.
Swedbank must keep accounting data. As part of this, Swedbank processes your identity data, account data, contact details, and demographic data when submitting and issuing invoices.
The processing of personal data is also necessary for activities that support the main activity. This includes, for example, document management and archiving, including the storage of information stored on paper and digitally.
Swedbank’s legitimate interest is to maintain, develop, research, and improve its business activities and services, as well as the client’s user experience. This includes, but is not limited to, the use of your data to manage our website and network, including testing to ensure the quality, security, and compliance of the IT solution used.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Fulfilment of legal obligations, for example, in connection with accounting or tax administration |
Legal obligation |
Legal entities within Swedbank Group |
Assurance, maintenance, development, and analysis of the adequate provision of services and the safety of the information contained in the services and improvement of Swedbank’s business |
Legitimate interest |
Telecommunications, IT, web hosting, cloud computing, archiving, postal service providers |
Filing, performance or protection of legal claims |
Legitimate interest |
Legal entities within Swedbank Group Archiving service providers Public authorities (such as the Financial Supervision Authority, courts) |
Why Swedbank processes client data: Swedbank processes client data related to business clients, including the client data of a representative of a business client, for the purpose of concluding and storing agreements, communicating with business clients, providing contractual services, and ensuring compliance with applicable law. For the sake of clarity, the concept of client includes all natural persons related to a business client, whose data is processed by Swedbank.
How Swedbank processes client data: client data is collected from the client, business client, and external sources, and is regularly updated. Client data is disclosed to the recipient for the purpose of concluding and performing an agreement with a business client and for complying with legislation.
The European Union’s General Data Protection Regulation does not apply to business clients. Business client data is protected by banking secrecy and their disclosure is regulated by legislation. Swedbank may disclose or transfer business client data to the recipient to the extent necessary to achieve the purposes of the data transfer.
If you represent a business client, Swedbank processes client data, for example, to communicate with business client’s representatives and contact persons, and to keep the information of legal and authorised representatives up to date. This ensures that only persons with the right of representation can sign agreements, make transactions, submit documents, access information or perform other necessary actions on behalf of a business client. For more information on data processing related to a particular service, please refer to the specific service in Section „What are our purposes?“.
Business client data is also processed for the purpose of preventing money laundering and terrorist financing and complying with international and national sanctions, see for more details in Section ‘Prevention of money laundering and terrorist financing and compliance with sanctions’.
In the course of assessing the creditworthiness of a business client, Swedbank processes client data of persons related to the business client. These are shareholders with a holding in the company of 20% or more, the final beneficiaries, as well as members of the board of directors and procurators. For this purpose, Swedbank obtains data from Creditinfo Eesti AS on the external credit history of persons closely related to the company. This allows Swedbank to assess whether financing services can be provided to clients who are legal persons, and reduces the risks of insolvency for the credit provider.
For the purposes listed above, the categories of personal data processed include identification data, contact details, professional data, data relating to links with legal entities, reliability and due diligence data, demographic data, financial data, data obtained in the performance of a legal obligation, data relating to convictions and offences, other client data (if a business relationship with a business client is terminated because it ceases to exist, we need to keep records of the business client’s status in our systems so as not to prevent some activities, such as communication and reporting).
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Conclusion and performance of agreements with a business client and communication with a business client |
Performance of agreement |
Legal entities within Swedbank Group
|
Communicating with the natural person representing the business client and keeping the representative’s information up to date |
Legitimate interest |
Legal entities within Swedbank Group
|
Assessment of the creditworthiness of a business client and management of solvency |
Legal obligation |
Third parties keeping registers (e.g. Creditinfo Eesti AS (payment default register))
|
Why Swedbank processes client data: ensuring the security of Swedbank’s visitors, employees, premises and assets; protecting Swedbank’s claims, as well as detecting and preventing illegal activities.
How Swedbank processes client data: Swedbank uses surveillance cameras in its premises and ATMs. Areas with video surveillance are marked with a corresponding sign.
If Swedbank uses video surveillance in its branches, personal data is included in visual images, and video and audio recordings.
Visual images, video and audio recordings containing client data are shared with the relevant recipient if the recorded material is needed for criminal investigations, or with the recipient who maintains the video surveillance systems on behalf of Swedbank.
Purposes of processing client data |
Legal basis |
Recipients and sources of client data |
Ensuring security and Swedbank’s legal requirements; detection and prevention of illegal activities |
Legitimate interest |
Legal entities within Swedbank Group
Video surveillance service providers
|