Our processing of your personal data
At Nordiska, we attach great importance to protecting the privacy of our customers. All personal data is being processed in accordance with the applicable data protection legislation at any given time. Here, we briefly describe how we collect, process and share personal data. If you want to know more, you can find our data protection policy at the bottom of this page!
In general, regardless of what type of customer you are, we may need to process personal data in order to be able to enter into and administer agreements and fulfil the obligations contained therein. In addition, we process data to meet the requirements imposed on us by laws and regulations, as well as to further develop our business.
Personal data is processed for the purposes of:
processing and administration of the service applied for (e.g. credit information or other credit assessments);
confirmation of identity;
fulfilment of concluded agreements (e.g. invoicing, credit register);
to prevent and counter money laundering and terrorist financing and fraud; and
to fulfil other obligations pursuant to laws, ordinances and government regulations.
When applying for a private loan, our personal data processing may include a certain type of automated decision-making based on the financial information provided by the customer and information we collect from credit reporting companies. Such an automated decision can, for example, mean that the application for a loan is denied if the applicant's income is below our minimum requirements.
Nordiska's Data Protection Policy
Nordiska strongly respects you as a customer, as well as your personal privacy. This Data Protection Policy explains how Nordiska collects, uses, stores and shares personal data. It also describes your rights vis-à-vis Nordiska and how you can enforce your rights.
By using Nordiska's services or products, you accept our Data Protection Policy and our processing of your personal data. You also agree that Nordiska uses electronic communication channels to send information to you. It is important that you read and understand our Data Protection Policy before using our services or products. You can always contact us with questions about privacy and data protection by sending us an e-mail at info@nordiska.se.
In order to be able to offer you our services, such as loans, factoring or deposits, we need to process your personal data as follows.
What personal data does Nordiska collect?
Information that you provide to us
You can directly or indirectly provide us with information about yourself in a number of different ways, such as when you apply for a product, contact us, when you use our customer website or any of Nordiska's services where you provide personal information. This information can be:
Personal and contact information (e.g. name, national identification number, copy of identity document, marital status, nationality, postal address, e-mail address, mobile phone number, employment, etc.)
Payment information (e.g. bank account number, invoice information, etc.)
Information required by law and for taxation purposes (e.g. tax domicile, foreign tax registration number, information required for basic customer knowledge and the prevention of money laundering)
Information we collect about you
When you use any of our services, we may need to collect information about you, either from yourself or through third parties (eg credit reporting companies or public databases). This information can be:
Personal and contact information (e.g. name, date of birth, national identification number, marital status, nationality, postal address, e-mail address, mobile phone number, etc.)
Financial information (e.g. your income, credit history, negative payment history, previous payment and credit approvals, transaction information, etc.)
Information about goods / services (e.g. details regarding goods / services you have purchased, assuming these are relevant to the credit information, etc.)
Historical information (e.g. payment and credit history, previous purchase history)
Information about how you interact with Nordiska (e.g. how you use our services, including information about outstanding and historical debt and your repayment history, page response times, download errors, the way in which you reached and left the website, interactions with customer service, delivery notices whenever we contact you, etc.)
Device information (e.g. IP address, language settings, browser settings, time zone, operating system, platform and screen resolution)
Geographic information (your geographical location)
Recorded phone calls (we record customer service phone calls)
Information from PEP lists and external sanction lists (we may compare your personal data against lists of persons who constitute so-called politically-exposed persons (PEP) and lists of persons who are subject to sanctions. The lists include information such as name, date of birth, place of birth, occupation or position and the reason why they are on the lists).
The information you provide to us and your financial information is generally necessary to enter into a contractual relationship with us, while the other information we collect is generally necessary for other purposes, as described below.
How can we process your personal data and on what legal basis?
Provides, performs and improves our services.
All data is used to provide, perform and improve Nordiska's services. Nordiska processes personal data for the following purposes based on the following legal bases:
Processing Purpose / purpose | Legal basis for processing | Possible automated decision-making |
---|---|---|
Confirmation of your identity and verification of your personal details and contact details. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) Furthermore, we are legally obligated to verify the identity of our customers (Article 6(1)(c) GDPR) in accordance with Act (2017:630) on measures against money laundering and terrorist financing | YES |
To administer your payment and customer relationship. For example, to fulfil our potential obligations towards you and to provide you with information, products and services that you request from us. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) | YES |
To determine what services we can offer you, for example through internal or external credit assessments. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) | YES |
For customer analysis, administration of Nordiska's services and for Nordiska's internal operations , including troubleshooting, data analysis, testing, research and for statistical purposes. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) and the balance of interests (Article 6(1)(f) GDPR) | YES |
To ensure that content is presented correctly and effectively to you. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) | YES |
To prevent misuse of Nordiska's services or criminal activity. | The processing is necessary for the fulfilment of Nordiska’s agreement with you (Article 6(1)(b) GDPR) Furthermore, we are legally obligated to verify the identity of our customers (Article 6(1)(c) GDPR) in accordance with Act (2017:630) on measures against money laundering and terrorist financing | YES |
To perform risk analysis, prevent fraud and money laundering, as well as risk management. | To comply with the law (Article 6(1)(c) GDPR) (Act (2017:630) on measures against money laundering and terrorist financing) | YES |
To improve our services and for general business development, such as to improve credit risk models with the aim of, for example, minimizing fraud, developing new products and features and new business opportunities. | The processing is based on a balance of interests (Article 6(1)(f) GDPR). | NO |
To comply with applicable laws, such as the law on money laundering and terrorist financing, as well as accounting laws and capital adequacy requirements. | To comply with the Law (Article 6(1)(c) GDPR) (Act (2017:630) on measures against money laundering and terrorist financing) | PARTLY |
To perform debt collection services, i.e. to collect and sell debt. | The processing is based on a balance of interests (Article 6(1)(f) GDPR). | NO |
To protect Nordiska from legal claims and safeguard Nordiska's legal rights. | The processing is based on a balance of interests (Article 6(1)(f) GDPR). | NO |
Automated decision making
Nordiska uses automated decision-making, including profiling, in connection with out credit assessment process for credit applications. Nordiska is obligated by law to assess your creditworthiness before we grant credits. To ensure the objectivity of our decisions regarding your credit application and to protect your integrity, we minimize our employees' access to your personal data and use automated decision-making to process applications. Your data is evaluated against our internal policy and our models that reflect the evaluation of your liquidity and the repayment ability, in combination with scoring models from credit reporting companies. The assessment determines whether you will be granted the requested credit or not. If a credit application is rejected due to a search in a database, we will immediately notify you of the result of such a search to the extent that such disclosure would not be contrary to current legislation.
Nordiska has the right to use automated decisions if it is necessary for the completion of an agreement with you or if you have given your consent. However, you always have the right to object to an automated decision with legal consequences or decisions that similarly significantly affect you. More information about your right to object can be found in the section "Your rights" below.
Communication
Nordiska may also use your data to communicate relevant information regarding services you have used or similar services and to carry out customer satisfaction surveys regarding our services (e.g. after you have contacted Nordiska's customer service) via electronic communication channels and by telephone. If you do not wish to receive such communication, you are welcome to send an e-mail to nix@nordiska.se.
Who can we share your information with?
Your personal data is protected by banking secrecy, which means that we are not allowed to disclose your information without authorization. However, certain information is shared with other recipients when permitted in accordance with banking secrecy. We may transfer information to, or share your information with, selected third parties for the performance of our contractual obligations towards you and for other purposes that appear in this Data Protection Policy. To which recipients we share your data with, and for which purposes, depends on which of Nordiska's services you use. We take all reasonable legal, technical and organizational measures to ensure that your data is handled securely and with an adequate level of protection when transferred to or shared with such selected third parties.
Suppliers
In order to fulfil the purpose of processing of your personal data, we share your personal data with companies that provide services to us, e.g. identification providers, communication providers, providers of payment services, providers of notification services, as well as providers of IT services. These companies may only process your personal data according to our specific instructions and may not use your information for their own purposes. Furthermore, they are also obligated by law and agreement to protect your personal data.
Payment recipients and payment service providers
Personal data can be shared with the payee and the payee's bank during a payments process, as well as payment service providers, e.g. Bankgirocentralen. The information shared is, among other things, identity information, such as name, national identification number and account information, e.g. account number. This processing is required for the fulfilment of our agreement with you and in order to verify your identity.
Other banks and identification service providers
When using BankID, personal data is shared with the provider of the BankID e-service, i.e. your identification service provider. The information shared is, among other things, identity information, such as name, national identification number and account information, e.g. account number. This processing is required for the fulfilment of our agreement with you as well as ensuring your rightful identity.
Credit reporting company
Your personal data may be shared with credit reporting companies and providers of similar services in order to assess your creditworthiness when you apply for one of Nordiska's credit products, as well as to confirm your identity and address. We may also disclose information about potential defaults on payments to credit reporting companies.
Credit intermediary
If you have a loan with us through a credit intermediary, we share certain information to the credit intermediary in order to fulfil our agreement with the credit intermediary. The information disclosed is identity information (e.g. name and national identification number) and credit information (e.g. credit amount, payment date). The processing is based on balance of interests between your legal interests and ours. Our legal interest in processing your personal data is to be able to fulfil our agreement with the credit intermediary with whom you have been in contact. National identification number is processed to ensure a secure identification and verify your rightful identity.
Debt collection companies
Nordiska may share your personal data based on our legal interest in collecting and selling debts. If we have a claim against you, we may share the personal data necessary with debt collection companies to establish, assert and exercise our legal claim or to other companies that take over our claim against you (either by us assigning our claim or by selling all or parts of our business).
Authorities and counterparties
Nordiska may provide necessary information to authorities such as the police, tax authorities or other authorities if obliged to do so by law, if you have approved to do so or if it is required to administer tax deductions. An example of a legal obligation to provide information is for measures against money laundering and terrorist financing. In Sweden, Nordiska also shares information about interest with the tax authorities to calculate your tax. Your personal data may also be shared with anti-fraud agencies to combat criminal activity.
Other third parties
Nordiska may share your information with other third parties. This can happen if Nordiska sells or buys operations or assets. In such a case, Nordiska may provide your personal data to a potential seller or buyer of such operations or such assets. Furthermore, if Nordiska, or a significant part of Nordiska's assets, is acquired by a third party, personal data about Nordiska's customers may be shared.
We will not sell your personal data to third parties unless we have your permission to do so.
Transfer of personal data to third countries and protective measures
As a general rule, our suppliers, partners and we only process your personal data within the EU/EEA. However, in some cases, personal data may be processed outside the EU/EEA if there is a decision from the Commission that the third country in question ensures an adequate level of protection or after appropriate protective measures have been taken.
Appropriate protective measures may be:
binding corporate regulations,
standard contract clauses that the EU Commission has decided on,
approved codes of conduct or certification mechanisms,
legally binding instrument between authorities.
If you would like a copy of the safeguards we have taken or information about where these have been made available, please contact us.
How long do we store your personal information?
How long Nordiska saves your personal data depends on the purpose for which the personal data is used. Personal data that we process for the purpose of administering the contractual relationship and to fulfil our agreement with you is processed as a starting point during the time the agreement applies, and thereafter for a maximum of ten (10) years due to statutes of limitation. We may also process the personal data for as long as is necessary to protect ourselves from legal claims and exercise our rights under the agreement based on a balance of interests.
In some cases, Nordiska must save personal data to meet applicable legal requirements, such as accounting and money laundering legislation, which stipulate that personal data is saved for seven (7) and five (5) years respectively (see the Accounting Act (1999:1078) and the Act (2017:630) on measures against money laundering and terrorist financing).
Your rights
Below you will find a summary of your rights, i.e. what you are entitled to vis-à-vis Nordiska.
Right to information. You have the right to receive information about how your personal data is processed. We primarily provide the information through this Privacy Policy and by answering questions from you.
Right to access your data (“data portability”). You can request a copy of the personal data we process free of charge. Under certain conditions, you have the right to request the data in a structured and machine-readable format so it can be transferred to another recipient.
Right to correction. You have the right to correct incorrect or incomplete information we have about you.
Right to be deleted ("the right to be forgotten"). Under certain conditions, you have the right to have your personal data deleted. This applies, for example, to data that is no longer necessary to process for the purpose for which it was collected, or if you withdraw your consent for a certain processing. However, there may be cases where Nordiska cannot delete your data. This may be because the data is still necessary to process for the purpose for which it was collected, that Nordiska's interest in continuing to process the data outweighs your interest in having it deleted, or that Nordiska has legal obligations that prevent us from immediately deleting the data. If you submit a request to have your personal data deleted, we will block the data that we have to save in order to prevent it from being processed for purposes other than the reasons mentioned above. We will inform you of this when you submit a request for deletion.
Right to limitation of Nordiska’s processing. You can object to our processing based on Nordiska's legitimate interest (see Article 6(1)(f) GDPR) with reference to your personal circumstances. You can also always object to us using your data for direct marketing, see above under the section "Communication".
Right to withdrawal of consent. In cases where Nordiska processes your personal data based on your consent (e.g. when you have given us power of attorney for a third party to access your data), you have the right at any time to revoke all or part of a given consent with effect as of the time the revocation is made.
Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by Nordiska if the decision involves legal consequences or constitutes a decision that similarly significantly affects you.
Right to file a complaint. If you have a complaint about Nordiska’s processing of personal data, you can contact our Data Protection Officer by sending an email to dataskyddsombud@nordiska.se. You can also contact the Swedish Data Protection Authority (IMY), which is the Swedish supervisory authority for Nordiska’s processing of personal data. Contact details can be found on their website http://imy.se.
Cookies
Read more about the cookies we use and your options in our Cookie policy.
Contact Nordiska or Swedish Authority for Privacy Protection (IMY)
Nordiska Kreditmarknadsaktiebolaget (publ) is registered with the Swedish Companies Registration Office with organization number 556760-6032 and is based at Riddargatan 10, 114 35 Stockholm.
Nordiska has a data protection representative. Our customer service is an important part of our business and is happy to receive your questions about data protection and personal data. You can always reach Nordiska's customer service at info@nordiska.se. You can also send an e-mail to our Data Protection Officer at their email: dataskyddsombud@nordiska.se.
Nordiska Kreditmarknadsaktiebolaget (publ) is responsible for the processing of your personal data as described above. Nordiska Kreditmarknadsaktiebolaget (publ) complies with Swedish data protection legislation.
You can also submit a complaint or contact the Swedish Privacy Protection Agency (IMY), contact information can be found on their website http://imy.se.
Other
We may make changes to this Privacy Policy. The latest version of the Privacy Policy is always available here on the website.
***
The Privacy Policy was last updated on September 28, 2022.