Why we process Personal Data: Applicable Legislation obliges us to identify Customers as well as their representatives and persons involved in one-off transactions where relevant.
How we process Personal Data: For this purpose, we ask you to provide a valid identity document as well as any other documents necessary to establish your identity. We use authentication tools to verify your identity. When processing Personal Data, we must ensure that your identification data are correct and up-to-date during the Service provision period. We also share your identification data with Swedbank Group companies operating in Lithuania when this is necessary to provide you with Services from these companies.
5.1.1. Identification
For the purpose of identification, we ask you to provide a valid identity document, the details of which we will check against the Invalid Personal Documents Database.
In cases where you are representing a minor (child) in concluding a contract, we ask you to provide a valid identity document for the minor, which we check against the Invalid Personal Documents Database. We will also check your (as the parent) right to represent the minor in the Population Register of the Republic of Lithuania.
When you continue to use the Services, we must ensure that your identification data are accurate and up-to-date. We therefore ask that you update the identification data provided to Swedbank.
We automatically update the identification data in your identity document according to the Personal Data processed in the Population Register of the Republic of Lithuania.
Your identification data are transferred to the Swedbank Group companies operating in Lithuania whose services you use or wish to use, in order to ensure that your Personal Data are correct and up-to-date.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Identify the Customer and ensure the provision of Services |
Discharge of a legal obligation Performance of the contract |
Swedbank Group companies Information Technology and Communications Department (Invalid Personal Documents Database) State Enterprise Centre of Registers (Population Register) |
Identify, manage and maintain relationships with a Customer’s representative |
Legitimate interest in ensuring the lawfulness of business relationships |
State Enterprise Centre of Registers (Register of Powers of Attorney, Population Register) |
5.1.2. Authentication
During authentication, we verify a person’s identity in order to provide Services at a Swedbank branch or remotely, for example, when you call us or use internet banking.
Authentication is usually performed with authentication tools provided by us or other service providers, such as Smart-ID from SK ID Solutions AS. You may also use other authentication tools that are acceptable to us under the law. Such tools include, for example, mobile signatures, ID cards and other solutions that we consider secure and acceptable (biometric login, use of a PIN on the Swedbank app, PIN generator). When you use an authentication tool provided by another company, we will transfer your identification data and communication and data collected using communication and other technical means (such as IP address and device type) to this company. Additionally, in this case, information will be transferred about your use of our Services.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Verify Customer identity |
Discharge of a legal obligation Performance of a contract |
Authentication tool service providers |
Why we process Personal Data: We process Personal Data to fulfil a legal obligation imposed by the Applicable Legislation in the areas of prevention of money laundering and terrorist financing and implementation of international sanctions.
How we process Personal Data: We collect Personal Data from you, as well as from external sources such as public registers, process data obtained when you use the Services, including when the “Know Your Customer” principle is applied and the Customer’s operations are monitored, and we store the collected information.
Where required to do so by the Applicable Legislation, we transfer your Personal Data to delegated public authorities.
The Applicable Legislation obligates us to perform due diligence activities, including application of the “Know Your Customer” principle, and to understand the purpose and nature of business relationships and one-off monetary operations. We must also assess the risks associated with money laundering and terrorist financing and implement international sanctions. This helps ensure that our Services are used for legitimate purposes and prevents their unauthorised use.
For these purposes, we are required to establish your identity (for more information, see “Identification and Authentication”). We also ask you to provide accurate and correct information about you and documentation to support the information you provide where necessary. We may use the information we have received from public registers, such as the Population Register, the Register of Legal Entities and the Real Real Property Register, as well as data provided by you. For this purpose, we may also review publicly available information about you.
In order to comply with the requirements of the Applicable Legislation or based on our legitimate interest, we check lists (databases) of persons subject to sanctions. We do this to ensure that our Services are not provided to persons subject to or associated with international sanctions and that our Services are not used to violate or circumvent such sanctions.
During your business relationship with us, we regularly (or depending on the specific situation) ask you to update the Personal Data you have provided; we also check to make sure that the data previously obtained from external are up-to-date. The Applicable Legislation also obligates us to constantly monitor business relations and concluded transactions in order to make sure that they are not suspicious. Due diligence activities and their regularity depend on the level of risk attributed to the Customer in relation to money laundering and terrorist financing.
In accordance with the requirements of the Applicable Legislation, we are obliged to notify the competent public authorities (the Financial Crime Investigation Service) of suspected cases of money laundering and terrorist financing and to ensure the confidentiality of such notification.
We also process the Personal Data of natural persons associated with Corporate Customers for the above purpose. We establish the identity of the representative of the legal entity (manager, authorised representative, procurator or other persons in management positions at the legal entity, e.g., insolvency administrators). For this purpose, we collect their identification data, demographic data, contact details and data on relationships with legal entities.
We also ask for the identification and demographic data of the legal entity’s participants and beneficiaries. If necessary, we ask the legal entity to provide additional documents and information about the beneficiaries, such as the source of funds and assets or data on relationships with legal entities. Where necessary, we also collect and regularly update the Personal Data of the legal entity’s representatives, participants and beneficiaries from registers such as the Population Register and the Register of Legal Entities, including the Information System of Legal Entities Participants, the Information Subsystem for Beneficiaries of Legal Persons, and the Real Property Register, and by using publicly available information. In order to ensure compliance with international sanctions, we check lists and databases of sanctioned persons.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Implement activities for the prevention of money laundering and terrorist financing |
Discharge of a legal obligation Legitimate interest in preventing money laundering and terrorist financing |
Swedbank Group companies State Enterprise Centre of Registers (Register of Population, Register of Legal Entities, Information System of Participants of Legal Entities, Information Subsystem of Beneficiaries of Legal Entities, Real Property Register) Processors intermediating in the provision and receipt of Personal Data |
Ensure compliance with the requirements related to international sanctions |
Discharge of a legal obligation Legitimate interest to ensure the implementation of sanctions that do not fall within national and EU regulation |
Swedbank Group companies Service providers managing lists and databases of sanctioned persons The Financial Crime Investigation Service when Swedbank applies restrictions to an asset in relation to the implementation of international sanctions |
Why we process Personal Data: We process your Personal Data to provide the everyday banking Services, such as bank accounts, deposits, payment services and other everyday banking Services that you would like to receive. We also process Personal Data for the purposes of communicating with you, and providing, controlling and administering access to these Services.
How we process Personal Data: Processing activities involve the collection of Personal Data from you and your use of the Services, and the transfer of Personal Data to Data Recipients in order to perform a Service contract or when it is required under the Applicable Legislation. Processing activities also include obtaining Personal Data from third parties, such as other payment service providers.
5.3.1. You have opened and are using a bank account
When you open a bank account, we process your Personal Data in order to provide this Service in accordance with the contract, as well as other Services related to the bank account that you would like to receive.
In addition to processing Personal Data for the purpose of performance of the contract, we also take into account the obligation established by the Applicable Legislation and transfer Personal Data related to the opened account to the tax administration authority (the State Tax Inspectorate of the Republic of Lithuania).
At your request, Swedbank provides you with the account information service, which allows you to receive online information about the bank accounts you have opened with other financial institutions. In this case, your Personal Data (identification data, bank account details, data collected using communication and other technical means) are transferred to us by the said financial institution.
In compliance with the legal obligation, we process your Personal Data in order to fulfil your requests for the account information service initiated from another financial institution. As part of this service, where you have given your consent to the other financial institution, you will be granted access to your account information held with Swedbank using your existing access at that financial institution. For this purpose, we disclose your Personal Data to the other financial institution, such as your identification data, bank account details and data collected using communication and other technical means.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Conclude and perform a contract for a bank account and related Services |
Performance of a contract |
Swedbank Group companies State Enterprise Centre of Registers (Population Register) Processors intermediating in the provision and receipt of Personal Data |
Conclude and perform a contract for a bank account and related Services |
Legitimate interest in ensuring the provision of the Services where Swedbank processes Personal Data of third parties (“silent parties”) |
Financial institutions (third party payment service providers) |
Comply with the legal obligation to provide information to the tax administration |
Discharge of a legal obligation |
The tax administration authority (the State Tax Inspectorate of the Republic of Lithuania) |
Comply with the legal obligation to provide information to an account information service provider |
Discharge of a legal obligation |
Financial institution (other payment service providers) in the event that Swedbank is required to provide access to the Customer’s Personal Data to said payment service provider |
Fulfil the legal obligation to transfer a bank account and related services to another financial institution |
Discharge of a legal obligation |
Financial institutions |
5.3.2. You are using a Swedbank payment card
When you apply for and conclude an agreement for a Swedbank payment card, we process your Personal Data for the purpose of concluding and performing this payment card agreement. We also process Personal Data for card ordering, card personalisation and activation, providing assistance in matters related to the payment card and preventing fraud with payment cards.
In order to execute card payments, we process your Personal Data for the purpose of authorisation and clearing of the payment operation (including operation initiated by the seller). If you file a complaint about a card payment operation, your Personal Data may be shared with the relevant international payment card organisation (e.g., Mastercard).
In the event that you order an additional card linked to your bank account, we process the Personal Data of the additional cardholder; this processing of Personal Data is based on our legitimate interest in carrying out business activities and ensuring the provision of Services.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Conclude and perform a payment contract |
Performance of a contract Legitimate interest in ensuring the provision of Services when an additional payment card is issued |
Payment participants and/or parties related to domestic, European and international payments such as payment card organisations (e.g., Mastercard) ATM service providers |
Handling complaints concerning card payments |
Discharge of a legal obligation |
International payment card organisation |
5.3.3. You make or receive payments
We process your personal data in order to execute payments, including payment initiation services. For this purpose, we process your Personal Data on the basis of the data provided in your payment order. We transfer them to third parties, such as recipients of funds, payment institutions, correspondent banks, etc.
If you have linked your telephone number to your bank account in the Proxy Lookup Service, your Personal Data are processed in order to include your data in this system, in accordance with your consent to these Services. This enables you to make payments by telephone number; this processing also includes the transfer of your Personal Data (telephone number, bank account number, name and surname) to the recipient of the payment. The Proxy Lookup Service is managed by the Bank of Lithuania, acting with Swedbank and other participants of the system as joint Data Controllers.
In order to comply with a legal obligation, we process your Personal Data in order to comply with requests to initiate a payment from your bank account where such a payment is initiated by a third-party payment service provider. As part of this service, where you have given your consent to the other financial institution, you will be granted access to your account information held with Swedbank using your existing access at that financial institution. For this purpose, we disclose your Personal Data to the other financial institution, such as your identification data, bank account details and data collected using communication and other technical means.
Similarly, your Personal Data are processed when you initiate a payment from an account with Swedbank using a third-party payment service provider’s online banking service. This includes a payment initiation service using Bank Link payments via the Open Banking interface.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Execute payments |
Performance of a contract Discharge of a legal obligation |
Payment participants and/or parties related to domestic, European and international payments, such as payment recipients, international payment card organisations, correspondent banks, payment service providers |
Execute payments |
Legitimate interest in ensuring the provision of the Services where Swedbank processes Personal Data of third parties (“silent parties”) |
Payment service providers |
Make payments by telephone number |
Consent |
The Bank of Lithuania, acting as a joint Data Controller with |
Comply with the legal obligation to provide information to a payment initiation service provider |
Discharge of a legal obligation |
Financial institutions (other payment service providers) in the event that Swedbank is obliged to provide access to the Customer’s Personal Data to the said payment service provider |
Why we process Personal Data: We process Personal Data for the purpose of providing the financing Services chosen by you and to comply with the Applicable Legislation in the area of financing Services.
How we process Personal Data: Personal Data are processed when we conclude, perform and terminate contracts, such as consumer credit contracts (small loans, car loans, home small loans, solar panels loans, credit cards, lines of credit, study loans), mortgage loans, leasing contracts and contracts for similar financing services to the Customer. We also process your Personal Data in order to comply with the Applicable Legislation, including managing debt during the term of the contract. In this case, the Personal Data are collected from you and from external sources. Depending on the Services provided and the particular situation of the Customer, Personal Data are transferred to the Data Recipients in order to perform a contract, comply with the requirements of the Applicable Legislation or pursue our legitimate interests.
5.4.1. You are a natural person who has applied for financing services
Swedbank has a legitimate interest to ensure the quick adoption of a decision when a Customer applies for financing. Considering this, we process, by automated means, the Customer’s Personal Data obtained from the Customer and the use of the Services thereby. In this case, we also process the data of payment operations in Swedbank accounts to ensure fast and accurate decision-making when a Customer submits a financing application.
Some credit applications are evaluated and decided upon using the automated processing of Personal Data, including profiling. This means we perform creditworthiness assessments by automated means. For this purpose, the Personal Data you provide in the application form are assessed, as are the Personal Data held by Swedbank and the Personal Data obtained from external sources.
The assessment of your creditworthiness is carried out in order to ensure that the provision of financing services complies with the requirements of the Applicable Legislation, such as responsible lending. This automated processing is necessary for the conclusion of an contract between you and Swedbank. In the event that a decision is taken by automated means alone, you have the right to ask Swedbank to have the decision reviewed by an employee.
For the purpose of the creditworthiness assessment and in order to verify whether the Customer meets the financing criteria, we process Personal Data such as the types and amounts of the desired financial and/or property liabilities for which a positive or negative decision was taken, data on the fulfilment of obligations, data on the workplace, income (including its types and sources), marital status and number of children, and data on the funds accumulated and operations carried out in Swedbank accounts. We also process other data necessary for risk assessment and debt management. In addition to the information we receive from you, we also collect data from external sources such as databases and registry service providers – UAB Creditinfo Lietuva, UAB Scorify, the Social Insurance Fund Board, and the registers managed by State Enterprise Centre of Registers. In certain cases, we use the services of persons who act as intermediaries in providing and receiving Personal Data (Processors) in order to obtain Personal Data.
When you enter into an contract (including when the contract is entered into by a co-borrower or surety provider), in order to comply with the requirements of the Applicable Legislation, we provide the Bank of Lithuania with your counterparty’s data about concluded financial services contracts and their performance and/or changes in the performance thereof.
To promote responsible lending on the market and based on our legitimate interest, we transfer your Personal Data about concluded financial services contracts, their performance and/or changes in the performance thereof, and non-fulfilment of obligations, to other financial institutions. We transfer these Personal Data when you apply to such a financial institution for financing. In this case, Personal Data are transferred using the services of intermediaries in the transmission of Personal Data, such as UAB Creditinfo Lietuva or UAB Scorify.
Where you conclude a contract for financing services, the fulfilment of which is guaranteed by a third party operating under an approved special financing programme, or where financing is provided for a specific purpose, your Personal Data may be transferred to third parties participating in these financing programmes. Such third parties providing a financing guarantee to the borrower are the Ministry of Social Security and Labour of the Republic of Lithuania, and in the case of a student loan – the State Studies Foundation.
For the purposes set out above, we process the following categories of your Personal Data: identification data, demographic data, family details, health data (when you request a deferral of your loan payment for health-related reasons). We also process your contact details, bank account data, financial data, related to the Customer’s reliability and performance assessment, data obtained and/or created in compliance with the requirements of the Applicable Legislation, and professional data.
The scope of Personal Data processed depends on your role in the financing process. If you are a Customer concluding a contract with us, your role in the financing process is different from, for example, that of a seller in the case of asset leasing, whose creditworthiness would not be assessed. If you are a contact person or an authorised representative, we will only process your identification data and contact details for the purpose states above.
In the event of default or insolvency of the Customer, we may disclose Personal Data to persons involved in loan restructuring or debt collection, based on our legitimate interest.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Assess creditworthiness and manage debt |
Discharge of a legal obligation |
For the purpose of obtaining information, Personal Data are provided to: the Bank of Lithuania, financial institutions (in using the services of the Processors – UAB Creditinfo Lietuva and UAB Scorify), the Social Insurance Fund Board, State Enterprise Centre of Registers (Register of Population, Real Property Register, etc.), UAB Creditinfo Lietuva – the manager of the consolidated debtor files Processors intermediating in the provision and receipt of Personal Data |
Assess whether the Customer meets the financing criteria |
Legitimate interest in ensuring a quick and efficient decision-making process |
Swedbank Group companies |
Provide a financing service, including profiling and automated decision making |
Performance of a contract |
Third parties, such as the State Studies Foundation and the Ministry of Social Security and Labour of the Republic of Lithuania, in the case of student loans Asset sellers and other authorised parties related to asset lease services |
Provide financing Services |
Legitimate interest in ensuring that the asset can be financed |
Parties that process motor vehicles and/or other asset registers |
Defend Swedbank’s interests in the event of a breach of legislation by the Customer |
Legitimate interest to defend against a claim |
Companies administering taxes and penalties related to leasing or such assets |
Ensure cooperation under specific funding programmes |
Legitimate interest in ensuring the provision of services and cooperation under specific funding programmes Discharge of a legal obligation |
UAB Investicijų ir Verslo Garantijos (INVEGA), UAB Žemės Ūkio Paskolų Garantijų Fondas (ŽŪPGF), European Investment Fund (EIF), European Investment Bank (EIB) Municipalities when data are provided in the framework of a block of flats modernisation programme |
Provide data about concluded financial services contracts and their performance and/or changes in the performance thereof |
Discharge of a legal obligation |
Bank of Lithuania The Processor intermediating the provision of Personal Data, such as UAB Creditinfo Lietuva or UAB Scorify |
Ensure that Swedbank’s mortgaged or leased assets are insured when an insurance requirement is stipulated in the loan/lease agreement |
Legitimate interest in ensuring the protection of mortgaged/leased assets |
Insurance companies |
Provide data about concluded financial services contracts and their performance and/or changes in the performance thereof to other financial institutions for the purpose of creditworthiness assessment when a Customer applies to these financial institutions for financing services |
Legitimate interest in ensuring that responsible lending principles are respected in the market |
Persons acting as intermediaries for financial institutions in the provision and receipt of Personal Data (UAB Creditinfo Lietuva and UAB Scorify) |
Collect a debt Sell a debt and/or transfer a claim to third parties |
Legitimate interest in protecting Swedbank’s interests in the event of a borrower’s default |
Persons and companies involved in debt collection, persons assuming rights and obligations under contracts and persons administering insolvency proceedings |
5.4.2. If you are a natural person related to a Corporate Customer
In the course of assessing the creditworthiness of a Corporate Customer, we also process the Personal Data of natural persons closely related to the Corporate Customer. For this purpose, we process the Personal Data of the participant and the beneficiary of the legal entity (identification data, data on relationships with legal entities, financial data such as fulfilment of financial liabilities, arrears, bankruptcy). Such Personal Data are obtained through the use of the Services by the Customer.
The processing of Personal Data for this purpose helps to determine the amount of financing to be provided to the Corporate Customer and to mitigate the lender’s risk of a possible default by the Corporate Customer.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Assess the creditworthiness and manage the solvency of a Corporate Customer |
Legitimate interest in managing risks related to lending |
Swedbank Group companies |
Why we process Personal Data: We process your Personal Data so that we can provide you with investment recommendations and provide you with the investment Services you have selected. We process Personal Data in order to properly administer your pension savings and comply with the Applicable Legislation related to a specific Service.
How we process Personal Data: Personal Data are collected and regularly updated when it is obtained directly from you through your use of the Services and through communications, as well as from external sources such as registrars (e.g., Sodra’s Republic of Lithuania Register of Pension Accumulation Participants, Pension Accumulation and Pension Benefit Agreements). For the purpose of assessing the suitability of a Service for you, the processing of your Personal Data also includes profiling. Depending on the Service provided, your Personal Data are disclosed to Data Recipients if this is necessary for the conclusion and performance of a contract and/or to comply with the requirements of the Applicable Legislation.
5.5.1. You are receiving investment services
When you apply for investment services and investment activities (hereinafter – “Investment Services”) or the provision of ancillary services, we process your Personal Data for the purpose of concluding, performing, administering and terminating the contract.
This includes the storage of your selected financial instruments and the execution of orders relating to them, as well as the processing of Personal Data necessary for the execution of material events (public offerings) relating to your financial instruments, the provision of investment recommendations, the provision of a portfolio management services to you, and the provision of other investment and ancillary services.
We process your Personal Data, including profiling, to assess the suitability and acceptability of a Service or financial instrument for you before providing the relevant Services.
Based on the Applicable Legislation, we are required to record telephone conversations or audio during video calls when providing investment and ancillary services.
We process your Personal Data in order to provide you with mandatory information about costs and fees, transaction execution, accounting for financial instruments, losses of a certain service or financial instrument, and other types of reports and information.
Your Personal Data may be disclosed to national and foreign supervisory authorities, the Central Securities Depository, stock exchanges and trading venues, issuers of financial instruments, fund managers and financial intermediaries.
For the purposes set out above, we process certain categories of your Personal Data, such as identification data, contact details, children’s data (where a child is a user of the Services), family details, demographic data, professional data and financial data. We also process data on your financial experience and investment goals, your bank account details and data on your behaviours, priorities and satisfaction with the Services. Where necessary, we process data related to the Customer’s reliability and performance assessment, data collected using communication and other technical means, data on relationships with legal entities, data that are obtained and/or created in compliance with the requirements of the Applicable Legislation, data on the status of the relationship with Swedbank, as well as any other Personal Data necessary for the provision of the relevant Services.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Assess the suitability and acceptability of a Service for the Customer |
Discharge of a legal obligation |
Swedbank Group companies |
Provide investment services, including execution of the Customer’s orders or orders when the Customer buys, sells or transfers financial instruments |
Performance of a contract |
Swedbank Group companies |
Provide regular and event-based reports to the Customer about costs and fees, transaction execution, financial instrument accounting, losses, etc. |
Discharge of a legal obligation |
Swedbank Group companies responsible for carrying out communication with the Customer |
Provide information to public authorities and market participants, regularly or as needed |
Discharge of a legal obligation |
Supervisory and tax authorities (e.g., the financial supervisory authority, the US tax authority, the US Commodity Futures Trading Commission), the central securities depository, exchanges and other trading venues; issuers of financial instruments or their nominees, fund managers and other financial intermediaries |
Store and provide evidence of the execution of a transaction in financial instruments (including recording telephone conversations) |
Discharge of a legal obligation |
Swedbank Group companies responsible for Customer service and transaction monitoring |
Handle complaints |
Discharge of a legal obligation |
Swedbank Group companies |
Assess whether the service can be offered and provided to the Customer |
Legitimate interest in ensuring the lawful and efficient operation of Swedbank |
Swedbank Group companies |
Identify the Customer’s spouse for the purpose of providing investment services |
Legitimate interest in establishing the identity of the Customer’s spouse when the Customer disposes of investment instruments under joint ownership |
Swedbank Group companies Register of Powers of Attorney, Population Register |
Provide issuer proxy services, including ensuring the issuer’s representation on the Nasdaq CSD, calculation of coupons and redemptions, calculation of standard coupon fees, and the provision of this information to the issuer |
Legitimate interest in ensuring proper representation of the issuer |
Supervisory and tax administration authorities, issuer, Nasdaq CSD |
5.5.2. You are contributing to pension funds
If you accumulate savings in Swedbank pension funds, we process your Personal Data in accordance with the requirements of the Applicable Legislation and the rules of these funds. This includes providing you with mandatory information, administering and executing various applications for pension accrual, managing personal pension accounts and fund accounting, managing the disbursement and inheritance of funds accumulated in the funds, and applying restrictions on assets in accordance with the instructions of judicial officers.
For these purposes, we need to process your bank account details, demographic data, contact details, financial data and identification data, including your social security number.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Ensure the conclusion of a pension contract, registration of the contract and other applications, and payment of the accrued amount |
Discharge of a legal obligation |
State Social Insurance Fund Board for the purpose of registering a P2P pension accumulation agreement |
Administer the funds, including managing fund assets and providing relevant information to investors |
Discharge of a legal obligation |
For administration of the funds, e.g., management and registration of fund units, Personal Data are transferred to Swedbank Group companies |
Buy and sell pension fund units |
Performance of a contract |
Personal Data are transferred to Swedbank Group companies |
Transfer funds received from the redemption of a Customer’s accrued pension fund units to other pension funds managed by other pension fund management companies, based on the Customer’s application to move to a different pension accumulation company |
Discharge of a legal obligation |
Other pension fund management companies |
Why we process personal data: We process Personal Data in order to provide the term and/or whole life insurance services you have chosen. We process Personal Data to assess individual insurance risk and calculate the insurance premium, and, where necessary, to examine applications for insurance benefits and pay such benefits; we also process them to comply with the requirements of the Applicable Legislation related to term and whole life insurance.
How we process personal data: Personal Data are processed when we conclude, perform and terminate term and/or whole life insurance contracts. In addition, we process Personal Data in order to comply with the requirements of the Applicable Legislation relating to life insurance. Personal Data are collected directly from you, Swedbank AB, as well as from external sources. Personal Data are regularly updated. Depending on your choice of life insurance services, Personal Data are transferred to Data Recipients in order to conclude and perform the contract or to fulfil the requirements of the Applicable Legislation.
5.6.1. If you are applying for an insurance contract, are concluding one, or have submitted an insurance claim
If you are applying for a term insurance contract, we process your Personal Data in order to assess your needs and individual risk, calculate the insurance premium and the coverage amount, and take a decision regarding insurance risk. In order to make a quick decision on insurance risk, we process your Personal Data, including health data, by automated means and take decisions by automated means. We also use profiling.
When additional information is needed or you request that the decision be taken manually, the application is reviewed by our specialist. For this purpose, we process your health data, which are provided by you, as well as by doctors and medical institutions; we also process health data related to your current or previous insurance contracts, submitted insurance applications, applications for payment of an insurance benefit, and insured events. In the event that a decision is taken by automated means alone, you have the right to ask that it be reviewed by an employee.
If you apply for a whole insurance contract, we also process your Personal Data, including profiling, in order to assess the suitability of the Service for you.
When you conclude an insurance contract, we process your Personal Data in order to perform the insurance contract, amend or, where necessary, terminate the insurance contract, refund the premium or pay the insurance benefit under the contract, and tax the benefits. We also process Personal Data for the purpose of sending insurance-related notifications, debt notifications, annual statements or, in the case of a whole life insurance contract, other statements as needed.
For the purposes set out above, we process your identification data, bank account details, contact details, financial data, family details and children’s details (where the provision of the Services is related to a child). We also process health data, data on relationships with legal entities, data collected using communication and other technical means, data on the status of the relationship with Swedbank and demographic data.
If you submit an insurance claim, we process your Personal Data in order to examine the claim, take a decision on the insurance benefit and pay the insurance benefit in the case of an insured event. This processing includes your health data, which are provided by you, as well as by doctors and medical institutions, as well as Personal Data related to your current or previous insurance contracts, submitted insurance applications, applications for payment of an insurance benefit, and insured events. Where it is necessary for the payment of an insurance benefit, we process your financial data, which we receive from Swedbank AB. We also process Personal Data obtained from public authorities, such as data on criminal convictions and criminal offences.
For the above purpose, in addition to these specified Personal Data, we also process your professional data, data on criminal convictions and criminal offences, and data on behaviours, priorities and satisfaction with the Services.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Assess the Customer’s individual risk and take a decision on insurance risk (including recording conversations) |
Performance of a contract Legitimate interest in ensuring risk management Consent to the processing of health data |
Swedbank Group companies, doctors, medical institutions |
Assess the suitability of the unit-linked life insurance service for the Customer |
Discharge of a legal obligation Performance of a contract |
Swedbank Group companies |
Conclude and perform an insurance contract, including submitting an insurance offer and insurance policy, amending or terminating the insurance contract, refunding an insurance premium or paying an insurance benefit under the contract, and taxing the insurance contract |
Performance of a contract Discharge of a legal obligation Legitimate interest in ensuring the conclusion of a contract where the Personal Data of a third party are processed |
Swedbank Group companies, postal service providers, beneficiaries, heirs, state institutions |
Provide a Customer with mandatory notifications and statements |
Discharge of a legal obligation |
Swedbank Group companies, postal service providers |
Examine an insurance claim, including when it is to take a decision on an insurance benefit and pay it out in the case of an insured event (including recording conversations) |
Performance of a contract Legitimate interest in ensuring the examination of an insurance claim when processing Personal Data of third parties Legitimate interest in ensuring risk management Consent to the processing of health data |
Swedbank Group companies, postal service providers, medical experts, state institutions, doctors and medical institutions, beneficiaries, heirs |
5.6.2. Processing of personal data for the purpose of insurance risk management
If you have submitted an insurance claim, we transfer your Personal Data, including health data, to the reinsurance service provider. In this case, Personal Data are transferred in order to comply with the obligations imposed on us in the reinsurance contract. Your Personal Data transferred to the reinsurance service provider is stored in data centres in Switzerland, which ensure an adequate level of data protection.
For the purposes set out above, we process your identification data, bank account details, contact details, financial data, family details and children’s details (where the provision of the Services is related to a child). We also process health data, professional data, data on criminal convictions and criminal offences, data on relationships with legal entities, data collected using communication and other technical means, data on behaviours, priorities and satisfaction with the Services, and demographic data.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Comply with the obligations set out in a reinsurance contract |
Legitimate interest in ensuring risk management Consent to the processing of health data |
Reinsurance service providers |
Why we process personal data: We process Personal Data in order to provide you with the non-life insurance services you have selected.
We process Personal Data to assess insurance risk, to calculate the insurance premium, and, where necessary, to examine applications related to the insurance contract, to pay out insurance benefits, as well as to comply with the requirements of the Applicable Legislation related to non-life insurance.
How we process personal data: Personal Data are processed when we conclude, perform and terminate non-life insurance contracts. In addition, we process Personal Data in order to comply with the requirements of the Applicable Legislation relating to non-life insurance. Personal Data are collected directly from you as well as from external sources, and are regularly updated. Depending on your choice of non-life insurance services, Personal Data are transferred to Data Recipients in order to conclude and perform the contract or to fulfil the requirements of the Applicable Legislation.
5.7.1. If you are applying for an insurance contract, are concluding one, or have submitted an insurance claim
If you are applying for a term insurance contract, we process your Personal Data in order to assess your reliability, calculate the premium and determine the terms and conditions of insurance according to your risk level. In order to assess the insurance risk, calculate the insurance premium and conclude the insurance contract, we process your Personal Data by automated means. To ensure quick decision-making regarding insurance risk, we take decisions by automated means and use profiling.
When additional information is needed or you request that the decision be taken manually, the application is reviewed by our specialist. We process Personal Data obtained from you, from public registers, as well as Personal Data we hold about you, such as data about previous insurance contracts, insured events and data obtained from Swedbank AB and Swedbank Lizingas UAB. In the event that a decision is taken by automated means alone, you have the right to ask that it be reviewed by an employee.
When you enter into an insurance contract, we also process your Personal Data for the purposes of performing the insurance contract, sending insurance policy renewals, amending and terminating the insurance contract, and refunding the insurance premium or paying the insurance benefit under the contract. We also process Personal Data for the purpose of providing insurance-related notifications, debt notifications or statements as needed.
For the purposes set out above, we process your identification data, bank account details, contact details, financial data, family details and children’s details (where the provision of the Services is related to a child). We also process health data, professional data, data on relationships with legal entities, data collected using communication and other technical means, data on behaviours, priorities and satisfaction with the Services, data on the status of the relationship with Swedbank, and demographic data.
If you submit an insurance claim, we process your Personal Data in order to examine the application, take a decision on the insurance benefit and pay the insurance benefit in the case of an insured event. We process your Personal Data that are obtained from other insurance companies, public registers, public authorities, doctors and medical institutions, Swedbank AB and Swedbank Lizingas UAB, as well as other Personal Data, including health data, relating to your previous insurance claims.
For the above purpose, in addition to these specified Personal Data, we also process your professional data, data on criminal convictions and criminal offences, and data on behaviours, priorities and satisfaction with the Services.
When you require medical assistance under travel insurance in connection with an insured event related to a country outside the EU/EEA, your Personal Data are transferred to the respective country outside the EU/EEA to confirm the validity of the insurance coverage. The transfer of your Personal Data is necessary for the performance of the contract between you and Swedbank.
Your Personal Data may also be transferred to a country outside the EU/EEA in order to examine an insurance claim for motor third-party liability in the case of an insured event related to the said country (such as Albania, Andorra, Azerbaijan, Bosnia and Herzegovina, Macedonia, Moldova, Montenegro, Morocco, Serbia, Switzerland, the United Kingdom, Tunisia, Turkey and Ukraine).
The transfer of your Personal Data is necessary for the performance of the contract between you and Swedbank. Please note that the European Commission has adopted decisions that Andorra, Switzerland and the United Kingdom ensure an adequate level of personal data protection.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Assess a Customer’s reliability and manage non-standard risks, calculate the insurance premium and set the terms and conditions of the insurance contract according to the Customer’s risk |
Legitimate interest in ensuring risk management Performance of a contract |
Swedbank Group companies, insurance service providers, Motor Insurers’ Bureau of the Republic of Lithuania; AB Regitra (Register of Road Vehicles); State Enterprise Centre of Registers (Real Property Register and Cadastre) |
Conclude and perform an insurance contract, including calculating the insurance premium, submitting an insurance offer and insurance policy, amending or terminating the insurance contract, refunding an insurance premium or paying an insurance benefit under the contract |
Performance of a contract Legitimate interest in ensuring the conclusion of a contract where the Personal Data of a third party are processed |
Swedbank Group companies, public registers, Processors intermediating in the provision and receipt of Personal Data, Motor Insurers’ Bureau of the Republic of Lithuania |
Provide a Customer with mandatory notifications |
Discharge of a legal obligation |
Swedbank Group companies, postal service providers |
Examine insurance claims, including taking decisions on insurance benefits and paying them out in the case of an insured event (including recording conversations) |
Performance of a contract Legitimate interest in ensuring the examination of an insurance claim when processing Personal Data of third parties Legitimate interest in ensuring risk management Consent to the processing of health data |
Swedbank Group companies, public registers, Processors intermediating in the provision and receipt of Personal Data, state institutions, doctors and medical institutions, insured persons, beneficiaries, persons entitled to receive compensation for damage, injured persons, heirs, witnesses of insured events, persons liable for damage, postal service providers, service providers administering insured events, car repair companies, technical experts and appraisers, real estate appraisers and inspectors, travel insurance medical assistance service providers, motor third-party liability claim analysis service providers, Motor Insurers’ Bureau of the Republic of Lithuania, State Enterprise Centre of Registers (Real Property Register and Cadastre) |
5.7.2. Processing of personal data for the purpose of insurance risk management
We process your Personal Data in order to develop pricing, carry out quality control of vehicle repair work, and submit a claim for compensation to the third party who caused you damage. Also, when we pay you an insurance benefit, your Personal Data are transferred to the reinsurance provider in order to fulfil the obligations imposed on us in the reinsurance contract.
For the purpose of performing an insurance contract or exercising a right of recourse, we also transfer your Personal Data to the other insurance company at the request thereof.
For the purposes set out above, we process your identification data, bank account details, contact details, financial data, family details and children’s details (where the provision of the Services is related to a child). We also process health data, professional data, data on criminal convictions and criminal offences, data on relationships with legal entities, data collected using communication and other technical means, data on behaviours, priorities and satisfaction with the Services, and data on the status of the relationship with Swedbank, and demographic data.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
In accordance with legal acts, file a claim for compensation for damages against a third party who caused the damage to the Customer |
Legitimate interest in claiming damages |
Swedbank Group companies, insurance and service providers, public registers, Processors intermediating in the provision and receipt of Personal Data; state institutions, individuals and service providers related to insurance services, heirs, persons liable for the damage caused |
Analyse data and develop pricing |
Legitimate interest in ensuring risk management and protecting Swedbank’s interests |
Swedbank Group companies, external service providers |
Carry out quality control of vehicle repair work, determine whether the declared damage corresponds to the evidence provided |
Legitimate interest in ensuring fair compensation |
Technical experts |
Fulfil the obligations set out in reinsurance contracts and receive insurance benefits |
Legitimate interest in ensuring risk management Consent to the processing of health data |
Reinsurance service providers |
Reduce insurer’s operational risk and perform fraud prevention (transfer of the Customer’s Personal Data to another insurance company) |
Legitimate interest in ensuring risk management |
Insurance service providers |
Perform insurance contracts and exercise the right of recourse in ensuring the execution thereof (transfer of the Customer’s Personal Data to another insurance company) |
Discharge of a legal obligation |
Insurance service providers |
Why we process Personal Data: We process Personal Data in order to prepare and provide offers and relevant information that meet your needs, conduct opinion surveys, organise promotions and campaigns, and implement customer service programmes.
How we process Personal Data: We process your Personal Data that we receive directly from you and when you use the Services. We also create a profile for you to provide you with customised marketing information. We share your Personal Data with Swedbank Group companies operating in Lithuania for this purpose. We use social media for marketing and communication purposes (such as Facebook, LinkedIn, Instagram, TikTok). When you contact us on these social media sites, your Personal Data are processed in accordance with the terms and conditions of that site.
5.8.1. Profiling and your rights in marketing
We carry out profiling using your Personal Data for marketing purposes in order to assess which product or Service is appropriate and relevant to your interests and needs. This allows us to provide you with tailored offers and Services rather than general information.
For these purposes, we evaluate certain personal aspects relating to you, primarily in order to analyse or predict aspects related to your economic situation, personal preferences and interests. We collect your Personal Data as a Customer and process them by automated means in order to create a profile for you and provide recommendations for services and offers to you as a Customer accordingly.
The Personal Data that are processed include information about your products and use of the Services. We also collect information about your economic situation, behaviours and personal preferences based on your use of the Services, the operations you perform, and the information you provide to Swedbank. These data are used for creating customer segments and profiles, which are needed to implement customer service programmes and provide you with relevant offers. The result of this processing is recommendations for Services and offers tailored to your needs, your inclusion in the customer service programme and, accordingly, the application of special prices and service conditions or removal from the programme.
In all cases, you have the right to object to the processing of your Personal Data for marketing purposes or to withdraw consent where the processing is based on consent. Information about the Personal Data being processed when you provide consent or do not object to the processing of your Personal Data based on legitimate interest is provided together with such consent or permission to process the Personal Data (in the case of legitimate interest).
5.8.2. Preparation of offers
In order to provide you with the best experience and prepare relevant and timely suggestions based on your interests and needs at a given time, we prepare the following types of offers:
- Personalised offers – practical offers to help you choose the most appropriate Services, improve your day-to-day use of them or to avoid inconveniences. This includes other suggestions designed to best serve your interests and needs, such as updating the Services or replacing some Services with others (applicable to Customers aged 14 and over).
- Personalised financing and insurance limits – calculated offers to help you understand what lending and leasing options are available to you, as well as what insurance premiums might apply to you (for Customers aged 18 and over).
- Joint offers with partners – practical offers to help you choose the right Services and benefits from Swedbank’s partners. In this case, Personal Data are not transferred to said partners (applicable to Customers aged 14 and over).
- Personalised offers and information to help your child develop financial literacy – practical offers and educational information related to you and your child (consent may be given by parents or guardians for children under 14 years of age).
- Other types of offers for which you have given consent.
You can receive these offers if you give your consent. You can choose to give your consent to all types of offers, some of them or none of them. You can submit, manage or revoke your consents in the internet banking Privacy Settings section, by visiting any Swedbank customer service unit or by incoming call.
If you want to track your spending and see an overview of your expenses in different areas, you can use the My Budget tool, which is available in internet banking and on the Swedbank app. The processing of your Personal Data using this tool is carried out with your consent.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Prepare relevant offers: personalised offers, personal financing and insurance limits, joint offers with partners and other offers chosen by the Customer |
Consent |
Swedbank Group companies |
Prepare an overview of expenses in the Customer’s bank accounts in the My Budget tool |
Consent |
Swedbank Group companies |
Conduct Customer opinion surveys through marketing research companies |
Consent |
Swedbank Group companies Marketing research companies |
5.8.3. Preparation of other information
In order to familiarise the Customer with Swedbank news and Services, we prepare the following types of information for Customers:
- Relevant information – information created to invite the Customer to events and to send greetings and newsletters.
- Customer opinion surveys – surveys conducted to invite the Customer to provide feedback on the Services and their use so that we can improve them.
We prepare this information based on our legitimate interest, so we do not ask for your consent, but you can decide whether to allow us to do so. You can individually choose what type of information you wish to receive or what type you object to.
You can object to the preparation of this information at any time and manage your choices in the internet banking Privacy Settings section, by visiting any Swedbank customer service unit or by incoming call.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Prepare relevant information |
Legitimate interest in increasing Customers’ knowledge about Swedbank news and Services |
Swedbank Group companies |
Conduct customer opinion surveys |
Legitimate interest in improving and developing the Services |
Swedbank Group companies |
5.8.4. Receipt of offers and other information
You may receive marketing offers and other relevant information that you have consented to or not objected to through the following communication channels: 1) e-mail; 2) SMS; 3) telephone; 4) post.
You may receive offers and other information by providing your consent to one, some or all channels. You may give or withdraw your consent in the same manner as specified in item 5.8.2 of the Principles. You can also opt out of direct marketing by e-mails by clicking on the link in the footer of each e-mail.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Provide the Customer with offers and other information via the channels chosen by the Customer to receive offers (e-mail, SMS, post, telephone) |
Consent |
Swedbank Group companies Postal, parcel delivery, and other messaging service providers Processor providing text messaging services |
5.8.5. Customer service programmes
We offer a number of customer service programmes, with special service conditions, preferential pricing and additional benefits to their members. In order to enrol a Customer in a customer service programme and apply the special conditions, we process Personal Data by automated means. Information about the relevant customer service programme is contained in the terms and conditions of each programme or in an additional notice to the Customer. Personal Data are processed for the purpose set out above unless you have objected to such processing where it is based on a legitimate interest. They are also processed if you have accepted the terms and conditions of participation in the customer service programme and have thus agreed to participate in the programme.
To run customer service programmes, we process your identification data and contact details in each case. Depending on the specific programme, we additionally process other relevant Personal Data, such as demographic data, data on the status of the relationship with Swedbank, data on relationships with legal entities, data collected using communication and other technical means, bank account details, data on behaviours, priorities and satisfaction with the Services, and financial data.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Run the Youth Programme and other programmes, including providing related Services and organising events and campaigns for programme members |
Performance of a contract |
Processor providing online platform services |
Run customer loyalty programmes (including enrolment and exclusion), provide related Services and apply special service conditions |
Legitimate interest in increasing Customer loyalty Performance of a contract |
|
5.8.6. Promotions and campaigns
We process Personal Data for the purpose of organising and carrying out promotions and campaigns. This includes the enrolment of a Customer who is eligible to participate in a promotion or campaign in the promotion or campaign.
Personal Data are processed for the above purpose if you have not objected to such processing where it is based on a legitimate interest, or if you have confirmed the terms and conditions of participation in the promotion or campaign and thus agreed to participate. You have the right to request to be removed from the list of participants in the promotion or campaign; this request will be implemented within five days.
In order to organise promotions, games, campaigns and events for our Customers, we process bank account details, professional data, financial data, contact details, data on behaviours, priorities and satisfaction with the Services, demographic data, family details, identification data, and data on relationships with legal entities.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Organise and run promotions, games, campaigns and events for Customers |
Legitimate interest in increasing awareness of Swedbank services Performance of a contract |
Swedbank partners – Processors (media and creative companies) |
Why we process personal data: The processing of Personal Data is necessary to ensure the quality of the Services, protect the interests of the Customer and Swedbank, investigate Customer complaints and ensure compliance with the requirements of the Applicable Legislation.
How we process Personal Data: To ensure the quality of our Services, we record telephone conversations and audio during video calls. For the purpose of ensuring the quality of Services and in order to examine Customer complaints, we also process Personal Data related to written correspondence.
We process Personal Data when recording telephone conversations and audio during video calls in order to improve the quality of the Services and protect the interests of the Customer and Swedbank. For this purpose, telephone conversations and audio during video calls are recorded if you give your consent thereto.
In addition, in order to improve the quality of the Services, we process, based on Swedbank’s legitimate interest, Personal Data related to written correspondence received by e-mail or via Internet banking, as a message or in the chat window. We also process Personal Data when we examine and respond to Customer complaints – this processing is based on the discharge of a legal obligation.
The categories of your Personal Data processed for the purposes set out above depend on the Services provided to you and/or the complaint or other request you have submitted.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Ensure the quality of Services and protect the interests of the Customer and Swedbank (recording of telephone conversations and audio during video calls) |
Consent |
Swedbank Group companies Processor providing call/call centre services |
Ensure the quality of Services and protect the interests of the Customer and Swedbank (processing written correspondence) |
Legitimate interest in ensuring a standard of service quality when processing written correspondence and ensuring the quality of the Services |
Swedbank Group companies |
Examine Customer complaints |
Discharge of a legal obligation |
Swedbank Group companies |
Why we process Personal Data: We process Personal Data in order to provide the Customer with advice and information regarding the Services used by thereby.
How we process Personal Data: We process your Personal Data when we serve you at any Swedbank customer service unit or other Swedbank Service locations. We also process your Personal Data when you contact us by phone, live chat, e-mail or otherwise. In order to ensure that your Personal Data are up-to-date, data such as your contact details are transferred to Swedbank Group companies operating in Lithuania when you apply for or use their Services.
In cases where you register to visit a Swedbank customer service unit, we process your Personal Data in order to identify you, ensure successful registration of the visit and prepare to provide the Services you requested.
We process Personal Data held by Swedbank such as your financial data in order to provide you with the consultation you requested regarding the Services. For this purpose, your Personal Data may be obtained from other Swedbank Group companies operating in Lithuania.
When we provide you with information and communicate with you by telephone, live chat, e-mail or otherwise, we must process your Personal Data in order to ensure the provision of the Services or to comply with the requirements of the Applicable Legislation. In this case, we process your contact details, information about the requested and/or provided Services, and the performance of existing contracts.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Register a Customer for a visit to a Swedbank customer service unit |
Performance of a contract |
Swedbank Group companies |
Provide a Customer with consultation and advice based on the Customer’s financial situation, Services used and plans for the future |
Legitimate interest in ensuring a standard of service quality when processing written correspondence and ensuring the quality of the Services |
Swedbank Group companies |
Provide information to the Customer and communicate with the Customer |
Performance of a contract Discharge of a legal obligation |
Swedbank Group companies |
Why we process Personal Data: We process Personal Data to manage risks and ensure that Swedbank operates safely and soundly and in compliance with the Applicable Legislation.
How we process Personal Data: We process Personal Data in order to perform legal obligations established by the Applicable Legislation in the areas of risk management, capital adequacy, fraud prevention and incident management, among others. We disclose Personal Data to Data Recipients, such as public authorities where necessary in accordance with the requirements of the Applicable Legislation and in order to protect Swedbank’s legitimate interests.
Sound risk management is part of the Applicable Legal Requirements that we must comply with in order to provide you with the Services, ensure safe banking or protect your funds from fraud. We focus on low-risk activities because this is the basis for building trust and value for you in the long term.
In order to ensure compliance with legal obligations in the field of risk management, we process your Personal Data in:
- assessing and managing credit risk, liquidity risk, market risk and counterparty risk;
- meeting capital requirements;
- resolving incidents that may affect our core business processes that are necessary to provide the Services, and investigating Personal Data security breaches that relate to your privacy;
- identifying, investigating and reporting suspicious transactions and market abuse;
- taking steps to prevent fraud, identify and investigate potential cases of fraud by monitoring operations, including payment card operations, and reviewing, assessing and taking action on activities that may constitute fraud;
- monitoring compliance with laws, internal regulations and other legal acts;
- ensuring business continuity and crisis management;
- providing information to supervisory and other state authorities, including mandatory regular provision of information and provision of information upon separate request, complying with the obligation to notify the authorities of Customer activity suspected of market abuse, and cooperating with public authorities in carrying out their supervisory functions and inspections;
- working with and providing information to external auditors.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Ensure compliance with the Applicable Legislation related to credit and liquidity risk management, incident management and resolution |
Discharge of a legal obligation Legitimate interest in ensuring compliance of Swedbank’s operations with the Applicable Legislation |
Swedbank Group companies |
Conduct fraud prevention, including providing Customers with information for the purpose of fraud prevention |
Discharge of a legal obligation Legitimate interest in ensuring the sound and secure operation of Swedbank |
Swedbank Group companies |
Provide mandatory information to public authorities and ensure cooperation |
Discharge of a legal obligation |
Swedbank Group companies Public authorities and other persons performing the functions assigned to them by law |
Ensure capital adequacy requirements and perform analysis |
Discharge of a legal obligation |
Swedbank Group companies |
Why we process Personal Data: We process Personal Data to maintain, expand, assess and improve Swedbank’s operations, Services and Customer experience, as well as to protect our legitimate interests.
How we process Personal Data: We need to process your Personal Data when we perform activities such as document management and archiving. We process Personal Data when we perform analysis and testing to ensure the security and compliance of information technology solutions, in order to comply with the Applicable Legislation or to pursue our legitimate interests.
We carry out certain administrative activities to ensure the operational efficiency and appropriateness. For example, we have an obligation to maintain accounting records. Part of this is the processing of your Personal Data – your identification data, bank account details, contact details, demographic data – when we issue an invoice. We use profiling to assess and determine the strategic directions of our business. For this purpose, we process information such as your financial data (economic situation) and data on behaviours, priorities and satisfaction with the Services.
The processing of Personal Data is also necessary for activities related to our core business – the provision of Services. This encompasses, for example, document management and archiving, including the storage of paper documents and digital information, based on discharge of a legal obligation or our legitimate interests.
It is our legitimate interest to maintain, develop, assess and improve our operations and Services, and to improve the Customer experience. This activity includes the processing of your Personal Data in order to administer our website, as well as testing in order to ensure the quality of the Services and the security and compliance of the information technology solutions we develop, or to manage the incidents that occur. We may use artificial intelligence. In each case, the processing of Personal Data is limited according to its necessity in the particular case, including the categories of Personal Data and Data Subjects.
We also process Personal Data for the establishment, exercise or defence of legal claims. As a rule, this processing of Personal Data is limited to storing information to handle potential claims. When we need to defend our rights or when a claim is made, information that is relevant to the specific case is processed. Depending on the situation, this may include transferring information to other Swedbank Group companies, public authorities (such as the financial supervisory authority), judicial and out-of-court dispute settlement bodies in order to resolve a dispute, and companies and individuals providing legal services.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Comply with legal obligations, such as accounting in the areas of tax administration |
Discharge of a legal obligation |
Swedbank Group companies |
Ensure proper provision of the Services and information protection, provide the Services, and maintain, expand, assess and improve Swedbank’s operations |
Legitimate interest in maintaining, expanding, assessing and improving Swedbank’s operations, Services and Customer experience |
Telecommunications service providers Processors providing IT, hosting, cloud computing and archiving services Postal and parcel delivery service providers |
Establish, exercise and defend legal claims |
Legitimate interest in ensuring the provision of a response to a potential claim and defending a position in the event of a dispute Discharge of a legal obligation |
Swedbank Group companies Processors providing IT, hosting, cloud computing and archiving services Postal and parcel delivery service providers |
Why we process Personal Data: We process Personal Data of Data Subjects related to Corporate Customers in order to conclude and administer contracts with Corporate Customers, maintain relations with them, provide Services and ensure compliance with the requirements of the Applicable Legislation.
In these Principles, the term “Customer” also includes all natural persons whose Personal Data we process and who are related to a Corporate Customer.
How we process Personal Data: Personal Data are obtained directly from Data Subjects and Corporate Customers, as well as from public registers, and are updated regularly. Personal data are provided to Data Recipients in order to conclude and perform a contract with a Corporate Customer and ensure compliance with the Applicable Legislation.
When you represent a Corporate Customer, we process your Personal Data based on our legitimate interest to conclude and perform the contract with the Corporate Customer. This processing includes communicating with the Corporate Customer’s representative or contact person and storing relevant information about managers and authorised representatives. This helps ensure that only a person with the authority to do so can sign contracts, perform operations, submit documents, access information or take other necessary actions on behalf of the Corporate Customer. You can find more information about the processing of Personal Data for a specific Service in the section about that Service in the Principles.
The categories of your Personal Data processed for the purposes set out above include identification data, contact details, professional data, and data on relationships with legal entities. For these purposes, we also process Data related to the Customer’s reliability and performance assessment, demographic data, financial data, and data that are obtained and/or created in compliance with the requirements of the Applicable Legislation.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Conclude and perform contracts with Corporate Customers and communicate with Corporate Customers |
Legitimate interest in maintaining a business relationship with a Corporate Customer |
Swedbank Group companies |
Why we process Personal Data: To ensure the security of Swedbank’s visitors, employees and assets.
How we process Personal Data: As one of the safeguards implemented by Swedbank for the protection of persons and property, Swedbank carries out, on the basis of legitimate interest, video surveillance and/or audio recording on Swedbank’s premises and in other places where Swedbank provides services. Areas under video surveillance are marked with informative signs.
When Swedbank conducts video surveillance, the Personal Data processed by Swedbank includes the Customer’s facial image and video recording. When Swedbank conducts video surveillance at customer service units, Personal Data may include facial images, video recordings and audio recordings.
Swedbank’s processing of Personal Data in the context of audio/video surveillance and recording is based on the legitimate interest of ensuring the safety of Swedbank’s employees and visitors and the protection of its assets and premises. Video and/or audio recording information may be provided to Data Recipients when this is necessary for the investigation of unlawful acts, or to a Data Recipient responsible for looking after and managing video surveillance equipment on behalf of Swedbank.
Purpose of the processing of personal data |
Legal grounds |
Data Recipients or Categories of Data Recipients |
Ensure the safety and security of Swedbank employees and visitors and the protection of assets (video surveillance and/or audio recording) |
Legitimate interest in ensuring the safety of Swedbank employees and visitors and the protection of premises and assets |
Swedbank Group companies Processors responsible for looking after and managing video surveillance equipment Public authorities in the event of an investigation of unlawful acts |