Change language:

Privacy policy

Privacy policy (PDF)

Contents

General matters
Introduction

Data
What data related to you do we process
What are the grounds for processing your data
What are our purposes for processing your data

Data processing
Where do we get your personal data from
In what countries do we process your data
How long do we store your data
What principles of data processing do we observe
To whom do we provide your data
Automated decision making

Your rights
What are your rights
How can you exercise your rights
How can underage persons exercise their rights

Other matters
Data protection officer's contact information
Privacy policy expiry and amendments
Personal data processing of SIA “SEB līzings”
Personal data processing of SEB Life and Pension Baltic SE

General matters

Introduction

With this Privacy policy (hereinafter “the Policy”) we aim to inform you about processing of personal data carried out by SEB Latvia. Should you have any questions, do not hesitate to contact our data protection officer whose contact information is provided in Chapter 14 of this Policy.

In order to inform you about the conditions of specific data processing, basic information about data processing is included in service agreements, informative announcements, as well as other documents related to the provision of the specific service. Also, information can be provided separately – as announcements in the internet bank, e-mail or social media. Information can also be provided to you by our employees, providing a verbal explanation or inviting you to familiarize yourself with the information specified in specific documents.

Our website seb.lv contains information about the use of cookies on our websites.

Your Personal Data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), the Personal Data Protection Law, and other laws and regulations. The terms used in GDPR and other laws and regulations are used in this Policy.

This Policy is our guideline for how we process personal data.

Considering that we are constantly developing our processes and improving the services provided to you, we may change and supplement this Policy occasionally. In case of significant changes, we will inform you about them, in accordance with the provisions of Chapter 15, using our website, postal services, e-mail, internet bank messages or in another way chosen by us.

On the website seb.lv you can find the current version of the Policy, as well as historical versions of the Policy.

You (as a data subject) – a natural person (an existing or potential customer, including a minor, his/her representative, family member, guarantor, collateral provider, insurance policyholder, beneficiary of insurance policy or pension plan, heir, beneficial owner, representative or employee of our cooperation partner, etc.) whose personal data we process.

SEB Latvia or we are SEB companies in Latvia – any legal entity owned by the SEB Group with the legal address being in Latvia. Within this Policy, SEB Latvia may mean AS SEB banka, SIA SEB līzings, AS SEB atklātais pensiju fonds, Investment Management Joint Stock Company SEB Investment Management, SEB Life and Pension Baltic SE, or all of the aforementioned companies together. Regarding the maintenance of individual IT systems, customer support and service desk, SEB banks in Latvia, Lithuania and Estonia act as joint Controllers, jointly determining the purposes and means of data processing.

SEB Group is Skandinaviska Enskilda Banken, AB (publ.), a company established in Sweden, as well as legal entities with all of their branches owned by it directly or indirectly.

Controller – personal data processing controller is the relevant legal entity of SEB Latvia with which you (or a person related to you, for example a company or organization whose representative or employee you are) have or have had contractual or pre-contractual relationships, or which services you plan to use, are using or have used.

Usually, SEB Latvia companies process personal data as separate controllers. In certain cases, joint controller relationships may exist between SEB companies in the Baltics (AS "SEB banka", AB SEB Bankas and AS SEB Pank).

The contact information of the Controllers (SEB Latvia legal entities) can be found here.

Data

  1. We process Personal Data in the following categories:
  • general personal and identification data, such as your name, surname, personal ID number, date of birth, identity document data (including document copies), parents’ representation rights, and other data;
  • contact information – telephone number, electronic mail address, contact address and other data;
  • information on your behaviour patterns or actions on our websites, including information on when and where our internet bank, mobile application, website and other electronic platforms have been accessed, as well as IP addresses and other related data;
  • information on your financial literacy, for example, education, knowledge and experience in investing;
  • information on your transactions within SEB Latvia – these are data regarding the services received by you, including bank account number, payment orders, payment instruments, as well as any actions performed with them, cash deposits and withdrawals (including ATM transactions), inquiries, complaints, information about contract execution and similar data;
  • financial data, for example, origin of funds and assets, registered tax residence country, accounts, payment documents, financial liabilities, payment discipline, asset types and values (including financial instruments and transactions involving them), security and its respective data, credit history and creditworthiness, your expenses and income, financial and investment goals, risk tolerance, account transactions, information about dependents and similar data;
  • information related to your economic activity – information about your workplace, employment, your economic or commercial activity (agriculture, self-employment, etc.), business partners, income stability, as well as information about your other sources of profit;
  • audio and video information, for example, visual surveillance, video and audio recording during your visits to our customer service locations or when you contact bank employees, or photos and video recordings made upon becoming the customer of SEB Latvia through the use of the mobile application;
  • biometric data when the initial remote identification of the customer is performed, by the use of the mobile application.
  • health data, such as liability deletion programs, Altum guarantee programs, student lending. More detailed processing of health data in the provision of insurance services can be found in Chapter 16 of the Policy.

    NB: Although within the scope of its core business only SEB Life and Pension Baltic SE regularly processes special categories of Personal Data, such data is also processed by other SEB Latvia companies, if you disclose it within the scope of our services. For example, to grant grace periods for repayment of the principal loan − in this situation, we will process the relevant personal data, as our decision will be based on the information provided by you − or if such data is necessary as a prerequisite for receiving certain services.
  1. We receive certain categories of personal data of persons related to you, for example:
  • legal representatives (acting with relevant authorisation or on other basis);
  • insurance companies;
  • payers and payees;
  • co-contractors and parties to contracts;
  • beneficial owners;
  • your lenders, creditors;
  • your family members;
  • insurance policy or pension plan beneficiaries;
  • inheritors;
  • politically exposed persons and their family members.
  1. Furthermore, we may receive your personal data if you are related to our customers – legal entities, for example, if you are:
  • the general manager of a company;
  • a shareholder;
  • a member of the board or other administrative body;
  • a representative of a company, acting under a respective authorisation, or if you are specified as the contact person;
  • the true beneficiary;
  • an employee of the company who is provided with insurance or contribution to the pension plan.

What are the grounds for processing your data

We receive and process your personal data in the following cases:

  1. if you intend to conclude or have concluded an agreement with SEB Latvia;
  2. if you have given your consent to personal data processing;
  3. if processing of your personal data is possible on the grounds of laws and regulations;
  4. for the purposes of our legitimate interests, for example:
  • to improve the quality of our services, ensure consistency and sustainability of operations, comprehensibility of our services, as well as their adaptation to your wishes;
  • to defend legal interests (for example, to defend legal claims, pursue claims in court) and take other legal action in order to avoid or minimise losses;
  • to systematically look out for and avoid any unlawful actions, we regularly assess the related risks (for example, unauthorised use of payment cards or other means of payment issued to you by the bank, etc.).
  1. to update and/or verify your personal data, we access various available registries that contain your personal data.

If you have expressed an interest to receive a service offered by us or have expressed an intention to conclude an agreement with SEB Latvia, we are entitled to process your personal data for the purposes stated in item 1) above. On these grounds we will continue to process your personal data for as long as you receive our services or while the agreement is in effect. Depending on the services provided, these grounds can be combined with other grounds for personal data processing.

In some cases, processing of your personal data is required or allowed by particular laws and regulations, hence we will process personal data when it is our obligation or right arising from laws and regulations, for example – to meet requirements in the area of prevention of money laundering, terrorism and proliferation financing.

We process personal data based on our legitimate interests substantiating our desire to provide you with suitable and modern services (including to improve and develop secure channels for service provision, for example, website, internet bank, mobile application, etc.), to maintain and use uniform internal information technology systems and customer data bases, as well as to ensure efficient and competitive services.

We invite you to view Chapter 11 of this Policy, which outlines important aspects in relation to revoking consent to personal data processing.

NB: If you do not submit to us your personal data necessary for the conclusion and/or execution of an agreement, or the processing of which is prescribed by requirements of laws and regulations or an agreement, we will not be able to provide our services to you.

What are our purposes for processing your data

We process your personal Data for the following main purposes:

  1. to provide our services;
  2. to protect our rights;
  3. for marketing needs;
  4. for identification, assessment, documentation and management of risks in transactions with customers;
  5. to protect our and our customers' property;
  6. to perform our economic and administrative activities;
  7. to comply with regulatory requirements.

Subject to the main purposes, we also process your personal data for the following sub-purposes, for example:

To be able to identify you, we process your name, surname, personal ID number, date of birth, identity document data (including making and storing a copy of your personal identity document), as well as perform an automated check on these documents against the Register of Natural Persons maintained by the Office of Citizenship and Migration Affairs (if possible). If a minor is identified remotely, we will also check the Register of Natural Persons to determine whether the natural guardians of the minor (parents) have the right to represent the minor. Representatives of legal persons may also be identified in other SEB banks in the Baltics by identification as a processor.

NB: If you initially identify yourself remotely using the SEB Latvia mobile application, such identification is based on the processing of your biometric data, which takes the form of analysis of the photo and video images you submit. In such case, such data shall be considered as biometric data only at the moment when it is processed with special technological means that allow identification of a person according to biometric parameters. After such processing, biometric data is not stored for an extended period, but photo images that were used for such biometric verification may be stored on the basis of other legal grounds and purposes, such as keeping a copy of an personal identification document to meet regulatory requirements.

To provide you with services (including to evaluate your applications for services) and to properly comply with our contractual obligations, as well as to comply with the obligations specified in the relevant legislation, we process your general person and identification data, as well as data on your accounts, agreements and other transactions, and other information we receive when you use our services, products or receive our advice via branches or consulting centers, website, internet bank, mobile app, phone, video stream or other channel. In some cases, data on your health may also be processed within the framework of this purpose, for example, if the fact of pregnancy is a prerequisite for a service or relief, or if it affects the assessment of granting a grace period for loan obligations.

In cases where you have expressed an interest in receiving our services but have not onboarded as our customer (for example, by identifying remotely using a mobile application but not completing the admission procedure), we process – also store for a limited period of time – your personal data based on to our legitimate interests, for example, to eliminate technical issues, to examine the reason for nononboarding, to complete onboarding in presence.

To evaluate suitability and conformity of our products (including investment products and products related to financial instruments) with your interests, as well as to advise you on investments, we summarise personal data about your knowledge and experience in the financial investment field, income, current financial liabilities, financial goals and plans, as well as other information provided by you during meetings or remote consultations.

To assess your creditworthiness and to be able to offer you financing in line with the principles of responsible lending, to meet our operational risk management requirements, as well as to control your debt obligations towards the bank, we process the credit standing data of you and your guarantor, as well as personal data related to the security provided to the lender. To assess execution of an agreement and the ability to repay a loan, such personal data as information about your income, assets, financial liabilities, credit history, etc. may be processed.

To ensure organisational and administrative management and succession, which may include an exchange of personal data between companies within the SEB Group.

To ensure provision of remote services, we record telephone conversations or keep record of any other communication with you. For this purpose, we also store telephone numbers, electronic address, IP address, as well as content of communication and other technical data.

To ensure the safety of our employees and visitors, including the safety of your and our property, to prevent and detect violations of laws and regulations, as well as to provide access to parking lots managed by SEB Latvia, we carry out video surveillance and process your imaging data if you visit our customer service locations or use our
ATMs. We also summarise and systematise information on any possible fraud and misuse of SEB Latvia services. In order to manage access to SEB Latvia for parking lots, automatic car license plates may be used in certain facilities.

To be able to control our daily transactions and protect our legal interests, among other things, we may process information about judicial proceedings and administrative procedures that you are a party to, debts or other types of sums payable to third parties, and other information.

To improve our service quality, as well as to manage customer relations, we collect and use personal data related to our services, including inquiries, complaints and similar information.

To be able to send direct marketing offers (by phone, electronic mail, via our internet bank or mobile application), to carry out marketing activities, surveys, to inform about and offer our services, including customized and personalized services, we carry out customer assessment (profiling) based on the personal data at our disposal, for example, about usage of our products and services, performed transactions, etc. For this purpose, we may transfer your personal data to other companies within the SEB Group or to marketing service providers.

We also summarise and analyse personal data to monitor and assess trends in our products and services, to understand, which parts of our products and services consumers are most interested in, as well as to improve our services, electronic platforms and their content.

For most of our marketing-related activities, such as providing information about our services, we process your personal data based on your consent, where required by laws and regulations. For example, your consent is not required to offer and advertise our services in our internet bank or mobile application if the offer or advertisement is of a general nature and is not personalized based on the profiling of your personal data. In other cases, you have the freedom to revoke your consent to processing of your personal data.

To obtain your opinion about our services and their quality, when using customer surveys or within market research, we collect and use your personal data, including your electronic mail address and telephone number. We may also process such personal data as your age, gender, language of communication and other information.

To meet the requirements of applicable laws and regulations in the area of money laundering, terrorism and proliferation financing prevention and to evaluate you as our potential customer, we process personal data about your employer, your position, citizenship, business activity, business and cooperation partners, origin of financial resources, information on whether you are a politically exposed person, as well as other information necessary for customer research and for system maintenance to uncover unusual and suspicious transactions. We also exchange information with other credit and financial institutions to prevent money laundering, terrorist financing and proliferation financing in the public interest and to comply with the requirements and objectives set out in the Law on the Prevention of Money Laundering, Terrorism and Proliferation Financing.

To comply with the obligations prescribed by laws and regulations, we process your personal data in order to submit reports to the Credit Register of the Bank of Latvia (Latvijas Banka). We also provide information to public authorities, investigating authorities and other law enforcement authorities within the scope and in situations as
prescribed by the applicable laws and regulations. We also process your personal data in order to meet various solvency, accounting and audit requirements, as well as to verify your documents in the Register of Invalid Documents, or your identity − in the Register of Natural Persons.

We also process various types of your personal data, including the storage of data, which is not predicted in the category or character in advance, but which you freely provide to us during our cooperation, for example, by submitting a free-form application for granting a grace period for the repayment of the principal amount of a loan. In the situation, we will process the personal data in question, as the decision we make will be based on the information you submit. Such personal data may also be received and processed, if necessary as a mandatory prerequisite for receiving individual services.

To meet the requirements of applicable laws and regulations and realize our legitimate interest in ensuring fraud prevention, we process your payment data (amount, currency, recipient), information about when and where the user accesses the SEB Latvija internet banking or mobile application (IP address), information about the device used to make payments, and how the user uses it.

Data processing

Where do we acquire your personal data

We use the personal data which you provide to us when you apply to use our services, when you fill out customer data forms, submit requests or file claims, as well as the data we document on the SEB Latvia website, our internet bank, and the data we obtain through video surveillance or telephone conversation records,
as outlined in this Policy.

We may receive your personal data from other sources, for example, insurance companies, medical institutions (within the scope for receiving insurance services), partners or other legal entities that render services with our help, our suppliers, other financial institutions, payment authorities, state, municipal and other public data bases or registers.

We may also process your personal data if data are provided to us about spouses, children, other relatives, guarantors, co-borrowers, providers of security, insured persons, insurance beneficiaries, etc. Lastly, we process publicly available information about you, as well as personal data obtained using search engines – to assess insured risks or credit risks, as well as to meet requirements of laws and regulations (for example, in the area of international and national sanctions).

In what countries do we process your data

Normally, we process your personal data in the territory of the European Union or the European Economic Area (EU/EEA). We may process Personal Data outside the EU/EEA, provided that adequate security measures are taken and at least one of the following requirements apply:

  1. The European Commission has recognised that the respective country ensures an adequate level of Personal Data protection;
  2. There is an agreement to comply with the standard terms and conditions approved by the European Commission;
  3. Codes of conduct and other security measures in line with the GDPR are applied.

Regarding the maintenance of individual IT systems, providing customer support and resolving questions, SEB banks in Latvia, Lithuania and Estonia act as joint controllers by jointly setting data processing purposes and resources. In such cases, your personal data may be stored in data centers in Lithuania and Estonia.

NB: Providers of payment services involved in execution of a financial instrument or payment (including SWIFT payments) may be established or operate in a country which does not ensure an appropriate level of data protection (i.e., a country that has not joined the European Economic Area Agreement and has not been included by the European Commission in the list of countries with adequate level of data protection). We take all measures in order that your data are used in a secure way; however, there is a risk that we will not be able to ensure that the data recipient observes the requirements laid down by the European Union in all cases. For this reason, before engaging in such transactions, we urge you to carefully evaluate the potential risks related to personal data processing.

How long do we store your data

We store your personal data for as long as it is required in order to meet at least one of the following criteria:

  1. Personal data is necessary for the fulfilment of the purposes for which the data was obtained (for example, while you have a current account with the bank, while there is a loan agreement or pledge agreement);
  2. While we are obliged to store personal data to meet the requirements of regulatory enactments (for example, regulatory enactments in the field of money laundering, terrorism and proliferation financing or in accordance with the Law on Accounting);
  3. Until a situation may arise when we need to prove our obligations to be properly secured against claims (for example, in accordance with the Civil Law, which provides for the limitation period of the general obligation – 10 years);
  4. In certain cases where our legal interests or the legal interest or third parties are required, personal data may be stored until complete resolution of the specific legal interest (for example, until the entry into force of a relevant court judgment or until the full enforcement of the judgment).

Information on specific storage terms may be included in information notices or other documents related to the specific case of personal data processing.

After the storage term ends, personal data will be deleted or anonymized (permanently converted so that they are no longer related to you as a particular person).

What principles of data processing do we observe

In processing of your personal data, which you have entrusted to us, including personal data that we have obtained from other sources, we observe the following principles:

  1. Your personal data are processed in a legitimate, fair and transparent manner in such way as to ensure the accuracy, correctness and security of the processed personal data (principle of legality, fairness and transparency);
  2. Your personal data are collected for a specific, clearly defined and legitimate purpose and are not further processed in a way incompatible with these purposes (principle of purpose limitation);
  3. Your personal data are processed for no longer than is necessary in relation to the purpose, for which they are processed;
  4. Your personal data are adequate, up-to-date and only such that are required in relation to the purposes for which they are processed (principle of data minimisation);
  5. The processed personal data are accurate and, where necessary, updated (principle of accuracy);
  6. Your personal data are kept in a form that allows you to be identified for no longer than necessary in view of the purposes that the data are processed for (principle of retention limitation);
  7. Your personal data are processed in such a way that application of relevant technical or organisational measures would ensure adequate personal data security, including protection from unauthorised or unlawful data processing and accidental loss, destruction or damage (principle of integrity and confidentiality).

In addition to what is laid down in this Policy, more information on the processing of your Personal Data may be included in service agreements or other documents related to the services rendered by SEB Latvia.

We may outsource any actions or functions that might include Personal Data processing. Before we do so, we will ensure that our outsourcing partners comply with our instructions with regard to data processing, including our security and confidentiality requirements, as well as requirements of applicable laws and regulations.

To whom do we provide your data

  1. We transfer your Personal Data for processing based on the grounds for data processing stated in Chapter 3 of this Policy. For example:
  • companies within the SEB Group and their branches, including Skandinaviska Enskilda Banken AB (publ), registration
    No. 5020329081, registered in the Kingdom of Sweden. Personal data is transferred to these companies as independent controllers in the areas as follows: prevention of money laundering, terrorism and proliferation financing, compliance with international and national sanctions, and prevention of fraud;
  • other banks and financial institutions;
  • providers of payments and other services involved in the execution of your chosen transactions (for example, to make a payment or to personalise a payment card, or to add your card to a digital wallet), international payment card organisations, providers involved in the provision of payment card and POS services, as well as providers of digital wallet solutions;
  • payment system operators;
  • payment initiation service providers, account information service providers, or other service providers, which use the open cooperation platform (Open Banking);
  • companies providing insurance services in cases where we render such services as intermediaries, or companies providing services that we use in relation to fulfil provisions of a collateral agreement, or reinsurance companies;
  • stock exchanges, funds, brokers or other participants involved in the trade of financial instruments, which render services to us in relation to safekeeping of financial instruments, as well as directly or indirectly provide services in relation to investments in financial instruments and perform other activities;
  • guarantors, co-borrowers, providers of collaterals;
  • our professional activity consultants, auditors, translation service providers, archivers, postal, electronic message and courier service providers;
  • other third parties in relation to sale or merger of companies, complete or partial acquisition or reorganisation of companies, or in the introduction process of similar business changes (including, among other things, potential or existing buyers of the company and their consultants).

    NB: At the same time, with regard to loans secured by a pledge or collateral, please note that the provider of the pledge or collateral may require us to provide information about the rights of the borrower for the purpose of protecting their legal interests. In such cases we provide to the provider of the pledge or collateral your personal data regarding the liabilities secured by the respective pledge or collateral.
  1. We may transfer your personal data to persons to whom we have the right or obligation to disclose such data in accordance with requirements of laws and regulations, for example:
  • to the Bank of Latvia, the European Central Bank, as well as bodies performing operational activities, notaries, bailiffs, the State Revenue Service and other persons prescribed in the Credit Institution Law and other laws and regulations, so that they are able to perform their duties established by laws and regulations;
  • to the Credit Register of the Bank of Latvia and the Credit Bureau, or to any other register of liabilities related to the customer's financial liabilities, in order to provide information to users of the respective register (for example, credit institutions and other creditors) about the customer's payment history in accordance with requirements of laws and regulations;
  • in order to ensure information exchange with the central depositary of securities, we transfer personal data in relation to the financial instruments owned by you and transactions performed with them;
  • to courts, courts of arbitration or other dispute resolution bodies.

    NB: For the purposes of personal data processing specified in this Policy, we may involve other service providers, making sure beforehand that their operation complies with requirements of the GDPR and applicable laws and regulations to ensure that personal data is protected and processed in compliance with the requirements of applicable laws and regulations.

Automated individual decision making

Please note that SEB Latvia may process your personal data in order to make automated individual decisions that have legal consequences for you. Such automated decisions allow you to receive the service or its offer faster.
For example, in accordance with regulatory requirements, SEB Latvia makes decisions on the provision of services, which includes, among other things, the decision to issue a loan; this includes automated analysis of personal data using information related to your income, financial liabilities, as well as other circumstances that, in our opinion, are important. Such automated individual decision making may also take place by offering you insurance products or advising you on products; in such cases, we perform an automated analysis of your voluntarily submitted personal data, within which SEB Latvia evaluates your health data, data on age, gender, income in order to evaluate – what offer can be made.

Automated individual decision making is used to determine your risk class within the regulatory framework for the prevention of the legalization of money laundering and financing of terrorism and proliferation.

Automated individual decision making is also performed when you become our customer remotely, using a mobile application. In this case, an analysis of biometric data is performed and a decision is made as to whether your identity is true and whether you have the opportunity to remotely become a customer of SEB Latvia.

Your rights

What are your rights?

  1. You have the following rights:
  • to request information about processing of your personal data;
  • to request rectification of incorrect, inaccurate or incomplete personal data;
  • to limit the processing of your personal data until the lawfulness of your personal data processing is verified;
  • to request erasure of your personal data;
  • to not consent or revoke consent to personal data processing for marketing purposes, including profiling;
  • to request and receive personal data in a format convenient for you, if you have provided these personal data to us and their processing is automated based on a consent or execution of an agreement, as well as if these personal data need to be transferred to another Personal Data controller, if technically feasible, pursuant to respective regulatory framework;
  • to request not to be the subject of such decision which have legal consequences for you and on the basis of which is automated processing only;
  • to revoke your consent without affecting the use of your personal data before the consent was revoked;
  • to file a complaint with the Data State Inspectorate (for more information, please visit www.dvi.gov.lv).
  1. Please note that we will not be able to fully satisfy a request to erase personal data, if the personal data are processed on several grounds for personal data processing, for example, personal data can be simultaneously processed to execute a service agreement, or to comply with obligations arising from applicable laws and regulations. In this event, we will not be able to ensure complete erasure of your personal data, of which we will inform you separately. In any case, we will carefully assess your request to ensure the most appropriate solution to respect your rights in situations where it is not possible to completely erase your personal data.
  2. In situations where it is not possible to completely erase personal data, based on the principles of GDPR, we will ensure anonymisation or pseudonymisation of the personal data:
  • Within the framework of anonymisation of personal data, the data are irrevocably changed and can no longer be linked to a specific person. We are entitled to keep such data after the legal grounds for processing thereof have expired. Processing of such anonymous personal data can be continued, for example, for the purposes of statistics, and to improve and develop the services of SEB Latvia;
  • Within the framework of pseudonymisation of personal data, an identifier is assigned to the data, observing a certain algorithm, so that the data is not instantly recognisable. By using this algorithm, it is possible to obtain the content of the personal data. Such data are considered personal data with increased data processing security level.

    NB: A decision on which of the aforementioned solutions to apply in relation to personal data processing is made by SEB Latvia single- handedly in line with the GDPR principles.
  1. Please note that your rights in relation to personal data processed for the purpose of the prevention of money laundering, terrorism and proliferation financing are restricted in accordance with the procedure prescribed in the Law on the Prevention of Money Laundering, Terrorism and Proliferation Financing.

How can you exercise your rights?

We make every effort to observe your rights and respond to any questions you may have regarding this Policy and the topics covered in it. You may file a complaint, application or request (hereinafter together referred to as the “Request”). Requests signed with a secure electronic signature should be sent to the e-mail address info@seb.lv or personasdati@seb.lv. You may also submit a Request using our internet bank, or at our nearest customer service location. We will respond to your Request within one month from the date of receipt. In exceptional circumstances requiring extra time, we will prolong the response time by giving you a notice about it in a timely manner.

We will assess your suggestions or objections regarding processing of your personal data. However, we will not always be able to fully meet your demands if the actions of SEB Latvia are in compliance with the requirements of the GDPR and/or restricted by other laws and regulations.

How can minors exercise their rights?

In relation to the services we offer to minors, we assess the possibility to allow such persons to exercise certain rights independently.
In the cases prescribed by laws and regulations, as well as considering the minor’s awareness level and ability to decide on exercising their rights in certain matters, we will ask the minor’s legal custodian or guardian to provide consent or approval for personal data processing on their behalf.

NB: Parents or legal custodians are entitled to exercise all the rights in relation to their minor child before the age of 13 in personal data processing matters, as well as to supervise processing of data of their minor children regardless of the child's age.

Other matters

Data protection officer's contact information

If you have any questions about the processing of personal data, please contact the data protection officer of SEB Latvia by sending an e-mail to: personasdati@seb.lv or by post at the following address: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia.
If you have any questions about the processing of personal data by SEB Life and Pension Baltic SE, please contact the SEB Life and Pension Baltic SE data protection specialist by sending an e-mail to dpo_life@seb.lv or by post at the following address: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia.
If you have any questions about the processing of personal data by AS “SEB atklātais pensiju fonds”, please contact the AS “SEB atklātais pensiju fonds” data protection specialist by sending an e-mail to dpo_pensija@seb.lv or by post at the following address: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia Please see Chapter 12 of the Policy for a more detailed explanation of Introduction your right to inquire about the processing of your personal data.

Privacy policy expiry and amendments

This Policy will come into effect starting from 24 April 2024 and will replace its previous version, which has been in effect from 5 June 2023.
This Policy may be unilaterally amended or supplemented in connection with amendments to laws and regulations or as part of changes in our operations. On Policy amendments that are not related to changes in legal requirements and substantially affect existing data subjects or data processing activities, we will inform you 1 month prior. Information on amendments is available in our webpage at seb.lv.

Personal data processing of SIA SEB līzings

SIA “SEB lizings”, as a controller, carries out the processing of personal data of customers (including potential, existing and former customers, guarantees, as well as clients and guarantors) for the purposes specified in this Policy, taking into account the general principles set out in the Policy, as well as specifications and additional data processing mentioned in this clause.
In the event that the objectives specified in Chapter 4 of the Policy (for example, for the assessment of creditworthiness, to meet the requirements of regulatory enactments in the field of AML/KYC) SIA "SEB līzings" needs to receive customer account statements and the customer is also a customer of AS “SEB banka”, to provide a simpler, safer and more customer friendly approach regarding information transfer between SEB Group companies, SIA “SEB līzings” provides the receipt of account statements from AS “SEB banka” without the customer involvement.
The legal basis of the specific data processing for receiving account statements from AS “SEB banka” without involving the customer is the legitimate interest of the controller.

Communication via SMS and “robocalls” in connection with breach of agreement terms are carried out with the goal to reach the customer in a timely manner and to remind about a delayed payment or insufficient payment’s amount, thus shortening the debt period and reducing situations where the debt is due to partial non- payment, thus protecting customers from damaged credit history.

The legal basis for the processing of these data is the legitimate interest of the controller – to reduce the number of debtors and the duration of debt in a customer friendly manner.

Personal data processing of SEB Life and Pension Baltic SE

In order to assess the insured risks when concluding an insurance agreement and deciding on the payment of insurance indemnity, when the insurance event occurs, SEB Life and Pension Baltic SE processes personal data on the health status of the insured person, disability or heredity (special category personal data), including processing the data provided by medical personnel and institutions, which carried out a medical examination of the insured person or treated the insured person, regarding the results of the examinations, diagnoses, treatment selected, etc. In some cases, to conclude an insurance agreement, the special category personal data may be transferred to reinsurance companies to make a risk assessment of insured risk.