Privacy policy

Introduction

With this Privacy policy (hereinafter “the Policy”) we aim to inform you about processing of personal data carried out by SEB Latvia. Should you have any questions, do not hesitate to contact our data protection officer whose contact information is provided in Section 13 of this Policy.

Basic information about the relevant data processing is included in service agreements, informative announcements, as well as other documents related to the provision of the specific service. Also, we can provide information separately – as announcements in the internet bank, e-mail or social media. Information can also be provided to you by our employees, providing a verbal explanation or inviting you to familiarise yourself with the information contained in the documents.

Our website seb.lv contains information about the use of cookies on our websites and the Policy’s current wording.

We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), the Personal Data Protection Law, and other laws and regulations. The terms used in GDPR are used in this Policy.

We are constantly developing our processes and improving the services provided to you. Therefore, we may change and supplement this Policy occasionally. We will inform you of any significant changes, , in accordance with the provisions of Section 14, through our website, by post, email, internet bank messages or in another way chosen by us.

You (as a data subject) – a natural person whose personal data we process. Data subject may be an existing or former customer, including a minor, his/her representative, family member, guarantor, collateral provider, insurance policyholder, beneficiary of insurance policy or pension plan, heir, beneficial owner, representative or employee of our cooperation partner and other.

SEB Latvia or we are SEB companies in Latvia – a legal entity owned by the SEB Group with the registered office in Latvia. SEB Latvia includes AS “SEB banka”, SIA “SEB līzings”, AS “SEB atklātais pensiju fonds”, IP AS “SEB Investment Management” investment management joint stock company, SEB Life and Pension Baltic SE. SEB Latvia may mean any of the individual or all of the mentioned companies together.

SEB Group is Skandinaviska Enskilda Banken, AB (publ.), a company established in Sweden, as well as its directly or indirectly owned legal entities with all of their branches.

Controller – a natural person or a legal entity that alone or together with others lay down the purposes and means of personal data processing. As regards our processing of the personal data, controller is the relevant legal entity of SEB Latvia with which you are related. That means that you or a persona related to you, such as your employer or organization represented by you:

• have or have had contractual or pre-contractual relationships, or
• the services of which you plan to use, are using or have used.

Usually, SEB Latvia companies process personal data as separate controllers. However, in some cases there might exist joint controllership relationships between SEB Group companies in Baltics (AS “SEB banka”, AB SEB Bankas un AS SEB Pank). For example, as regards the maintenance of various IT systems and resolving of customer support matters, SEB banks in Latvia, Lithuania and Estonia act as joint controllers. They jointly lay down the purposes and means of the data processing. The contact information of SEB Latvia can be found here.

Data

What data related to you do we process

1. We process the following personal data categories:

General personal and identification data. Such as your name, surname, personal ID number, date of birth, identity document data, including a copy of the document, parents’ representation rights, information on dependents, and other data;

• Contact information – telephone number, electronic mail address, contact address and other data;
• Information on your behaviour patterns or actions on our websites. For example, information on when and where our internet bank, mobile application, website and other electronic platforms have been accessed, IP addresses and other related data;
• Information on your financial literacy, for example, education, knowledge and experience in investing;
• Information on your transactions, services received within SEB Latvia. For example, bank account number, payment orders, payment tools , as well as any activities performed with them. Cash deposits and withdrawals, including ATM transactions, inquiries, complaints, information about contract execution and similar data;
• Financial data. Such as the origin of funds and assets, tax residence country, payment documents, financial liabilities, payment discipline. Asset types and their values, including financial instruments and transactions involving them. Data on the collateral, credit history, creditworthiness, your expenses and income, financial and investment goals, risk tolerance, account transactions, and similar data;
• Information related to your economic activity – information about your workplace, employment, your economic or commercial activity, business partners, income stability, as well as information about your other sources of profit;
• Audio and video information, for example, visual surveillance, video and audio recording during your visits to our customer service locations or when you contact bank employees. Photos and video recordings made when you become the customer of SEB Latvia through the use of the mobile application;
• Biometric data when the customer is initially remotely identified using the mobile application.
• Health data – for example, within the liability deletion programs, Altum guarantee programs, student lending. The processing of health data for the provision of insurance services is described in Section 16 of the Policy.

Within the scope of its core business only SEB Life and Pension Baltic SE regularly processes special categories of personal data. However, such data may also be processed by other SEB Latvia companies, if you disclose it within the scope of our services. For example, in order to grant a grace period for the repayment of the loan principal, we will base our decision on the information provided by you. The provision of such personal data may also be a prerequisite for receiving certain services.

2. We receive certain personal data of the persons related to you, for example:

• legal representatives acting with relevant authorisation or on other basis;
• insurance companies;
• payers and payees;
• co-contractors and parties to contracts;
• beneficial owners;
• your lenders, creditors;
• your family members;
• insurance policy or pension plan beneficiaries;
• inheritors;
• politically exposed persons and their family members.

3. We may receive your personal data if you are related to our customers – legal entities. For example, if you are the respective legal entities:

• manager;
• shareholder;
• member of the board or other administrative body;
• representative, acting under a respective authorisation, or if you are specified as the contact person;
• the true beneficiary;
• employee, who is provided with insurance or contribution to the pension plan..

What are the bases for processing your data

We process your personal data in the following cases:

1. You have expressed interest to receive our offered service, conclude an agreement or have already concluded an agreement with SEB Latvia. In such a case we process your personal data as long as you receive our service or the agreement is in force. Depending on the service provided this basis may be combined with other personal data processing grounds.
2. You have given your consent to personal data processing. In Section 10 of the Policy the procedure for revoking the consent to personal data processing is described;
   AS SEB banka 2 (7)
3. Personal data processing is required or allowed in the normative enactments. In such cases we process your personal data if that is our duty or right arising from the normative enactments. For example, to comply with the requirements in the field of prevention of money laundering and terrorism and proliferation financing;
4. for the purposes of ensuring our legitimate interests, such as:

• To provide you with suitable and modern services, and to improve quality and clarity of our services. For example, to enhance and develop secure remote service delivery channels – website, internet bank, mobile application and others;
• To maintain and use joint internal information technology systems and customer databases;
• To ensure the consistency and sustainability of our operations;
• To protect our legal interests and claims. For example, to file claims in court and carry out other legal actions in order to avoid or reduce losses;
• To monitor and prevent unlawful activities. For example, we process data on the use of our issued payment cards or other payment instruments to detect unauthorized usage;
• To update or verify your personal data. For example, we obtain your personal data from various state-maintained registers.
  If you do not provide your personal data necessary for the conclusion or execution of an agreement, or processing of which is required by requirements of normative enactments or an agreement, we will not be able to provide our services to you.

What are our purposes for processing your data

We process your personal data for the following main purposes:

1. to provide our services;
2. to protect our rights;
3. for marketing needs;
4. for identification, assessment, documentation and management of risks;
5. to protect our and our customers' property;
6. to perform our economic and administrative activities;
7. to comply with respective normative enactments.

Subject to the main purposes, we also process your personal data for the following sub-purposes:

To be able to identify you. We process your name, surname, personal ID number, date of birth, identity document data as well as make and store copy of this document. If possible, we also perform an automated check on these documents against the Register of Natural Persons maintained by the Office of Citizenship and Migration Affairs. If a minor is identified remotely, we will also check the Register of Natural Persons to determine whether the natural guardians of the minor (parents) have the right to represent the minor.

Representatives of legal persons may also be identified in other SEB banks in the Baltics. The said banks carry out identification as data processors.

If you initially identify yourself remotely using the SEB Latvia mobile application, such identification is based on the processing of your biometric data. It happens in the form of analysis of the photo and video images you submit. Such data shall be considered as biometric data only at the moment when it is processed with special technological means that allow identification of a person according to biometric parameters. After such processing, biometric data is not stored for an extended period. However, we may store the photos that were used for such biometric verification on the basis of other legal grounds and purposes. For example, keeping a copy of a personal identification document to meet the regulatory requirements.

To provide you with services, evaluate your applications for services, and to properly comply with our obligations under agreements and relevant normative enactments. We process your general person and identification data, as well as data on your accounts, agreements and other transactions. We also process other information we receive when you use our services, products or receive our advice in different channels. In some cases, as part of this purpose, we may also process your health data. For example, if the fact of a pregnancy is a prerequisite for a service or some privilege, or if it affects the assessment of granting a grace period for loan obligations.

We also process and store your personal data, the categories of which is impossible to predict in advance, but which you provide to us at your own discretion as part of our cooperation. For example, submitting a free form application for granting a grace period for repayment of the loan principal. In such case we will process the respective personal data because our decision will be based on your provided information.

To eliminate technical shortcomings and check why provision of the service was not completed. These are cases where you have expressed an interest in receiving our services but have not become our customer. For example, by identifying remotely using a mobile application but not completing the onboarding procedure. In this case we process, including continue to store, your personal data for a limited period of time. The basis of processing personal data is our legitimate interest to examine the reason for non-onboarding, and if necessary, to complete onboarding in presence.

To evaluate suitability and conformity of our products, including investment products and products related to financial instruments, with your interests. To provide you investment advice. We process personal data about your knowledge and experience in the financial investment field, income, current financial liabilities, financial goals and plans. We also process other information you provide to us during meetings or remote consultations.

To assess your creditworthiness and offer you financing in line with the principles of responsible lending. To comply with our operational risk management requirements and control your debt obligations towards the lender. We process your and your guarantor’s creditworthiness data, as well as data related to the collateral provided to the lender. To assess execution of an agreement and the ability to repay a loan, we process personal data about your income, assets, financial liabilities, credit history and other.

To ensure organizational and administrative management and succession. We exchange your personal data with SEB Group companies.

To ensure provision of remote services. We record telephone calls or keep a record of any other communication with you. For this purpose, we also store telephone numbers, electronic address, IP address, the content of communications and other technical data.

To ensure the safety of our employees, visitors and property. To prevent and detect violations of normative enactments. To provide access to parking lots managed by SEB Latvia. We carry out video surveillance and process your image data if you visit our customer service locations or use our ATMs. We summarise and systematise information on any possible fraud and any abuse of SEB Latvia services. To manage access to SEB Latvia parking lots, we use automatic reading of car license plates in specific objects.

To exercise and protect our legal interests. We, among other things, process information about judicial proceedings and administrative procedures that you are a party to, debts or other types of payments to third parties, and other information.

To improve our service quality, electronic platforms and their content. To manage customer relations. We process the personal data related to our services, including inquiries, complaints and similar information.

To deliver direct marketing offers by phone, electronic mail, via our internet bank or mobile application. To carry out marketing activities and surveys. To offer and inform about our services. We carry out customer evaluation, including profiling, customise and personalise services, based on the personal data at our disposal. For example, about usage of our products and services, performed transactions and similar data. For this purpose, we may transfer your personal data also to other SEB Group companies or to marketing service providers.

We process personal data to analyse the trends of our products and services and to understand, in which products and services consumers are most interested in.

Usually when we carry out marketing related activities, we process your personal data based on your consent. In such cases you always have the right to revoke your consent. However, exceptions apply in certain cases. For example, your consent is not required to present generalized offers and advertisements that are not personalised based on the profiling of your data in our internet bank or mobile application.

To obtain your opinion about our services and their quality. We carry out customer surveys or market research events within which we process your personal data. For example, electronic mail address, telephone number, your age, gender, language of communication and other information necessary for the relevant activity.

To meet the requirements of normative enactments in the area of money laundering, terrorism and proliferation financing prevention. To evaluate you as our potential customer. We process personal data about your employer, position, citizenship, business activity, cooperation partners, origin of financial resources, whether you are a politically exposed person. We may process other information necessary for customer research and to identify unusual and suspicious transactions. We exchange information with other credit and financial institutions to prevent money laundering, terrorist financing and proliferation financing in the public interest and to comply with the requirements set out in the respective normative enactments.

To comply with the obligations under normative enactments. We process your personal data in order to submit reports to the Credit Register of the Bank of Latvia and Account Register. We provide information to public authorities, investigating authorities and other law enforcement authorities in the scope and cases specified in normative enactments. We process your personal data in order to meet various solvency, accounting and audit requirements, and to comply with the requirements in the field of international and national sanctions. We also process your personal data to verify your documents in the Register of Invalid Documents, or your identity in the Register of Natural Persons.

To meet the requirements of applicable normative enactments and realize our legitimate interest in ensuring fraud prevention. We process your payment data – amount, currency, recipient, information about when and where the user accesses our mobile application (IP address). We also process data about the device used to make payments, and how the user uses it.

Data processing

Where do we acquire your personal data

We process the personal data that you provide to us. For example, when you apply for our services, use them, fill in customer data questionnaires and submit requests or file claims to us.

We process the data we obtain when you visit and use our website and internet bank. We also obtain data through video surveillance or telephone call recording.

We may receive your personal data from third parties. For example, from insurance companies and medical institutions as part of provision of insurance services. Cooperation partners, our suppliers or other legal entities that provide services with our assistance. We may also receive data from other financial institutions, payment institutions, state, municipal and other public data bases or registers.

We process your personal data provided by our customers. For example, data about spouses, children, other relatives, guarantors,
co-borrowers, providers of collateral, insured persons, insurance beneficiaries and others.

Lastly, we process publicly available information about you, as well as personal data that we obtain using search engines.

In what countries do we process your data

Usually we process your personal data in the territory of the European Union (EU) or the European Economic Area (EEA). We may process personal data outside the EU/EEA, provided that adequate security measures are taken and at least one of the following requirements applies:

1. The European Commission has recognised that the respective country ensures an adequate level of personal data protection;
2. The concluded agreement contains provisions that are consistent with the standard terms approved by the European Commission – standard contractual clauses;
3. Other GDPR-compliant safeguards are applied – approved binding corporate rules, code of conduct, or certification mechanism.

With SEB Group companies cooperating, e.g., in the field of IT system maintenance, your personal data may be stored in data centers in Lithuania, Estonia, and Sweden.

Providers of payment services involved in execution of a financial instrument or payment, including SWIFT payments, may be established or operate in a country outside the EU/EEA which does not ensure an appropriate level of personal data protection . We strive to do everything we can to ensure the security of your personal data. However, we cannot guarantee that the data recipient will always comply with the requirements set within EU. Therefore, before carrying out such transactions, we ask you to carefully evaluate the potential risks related to personal data processing.

How long do we store your data?

We store your personal data as long as at least one of the following criteria exists:

1. Personal data is necessary for the fulfilment of the purposes for which the data were originally obtained. For example, as long as you have a current account with the bank, as long as a loan agreement or pledge agreement is in force and being executed;
2. As long as we are obliged to store personal data to meet the requirements of normative enactments. For example, the statutory requirements in the field of money laundering, terrorism and proliferation financing or Accounting Law;
3. As long as there is a possibility that we will need to prove proper fulfillment of our obligations or to insure against claims. For example, in accordance with the Civil Law, which provides for a general limitation period for obligations – 10 years;
4. When it is necessary to secure our legal interests or those of third parties, personal data may be stored until complete resolution of the specific legal interest. For example, until the entry into force of a relevant court judgment or until the full enforcement thereof.

Information about specific retention periods for particular data processing may be included in information notices or other documents related to the respective data processing.

After the retention period ends, personal data will be deleted or made anonymous. That is, data will be permanently modified so that they are no longer related to you as a particular person.

To whom do we provide your data?

1. We transfer your personal data to, for example:

• SEB Group companies and their branches. The said companies receive the data as independent data controllers in the following areas: prevention of money laundering, terrorism and proliferation financing, compliance with international and national sanctions, and prevention of fraud;
• other credit institutions and financial institutions;
• providers of digital wallet services, providers of payment and other services, which are involved in the execution of your card transactions. For example, to make a payment, personalize a payment card or add your card to a digital wallet. International payment card organizations and service providers involved in the acceptance of payment cards, such as point-of-sale (POS) terminals and e-commerce services;
• payment system operators;
• payment initiation service providers, account information service providers, or other service providers, which use the open cooperation platform – Open Banking;
• providers of insurance services in cases where we provide such services as intermediaries. Companies whose services we use to fulfil provisions of a collateral agreement. Reinsurance companies;
• stock exchanges, funds, brokers. Other participants involved in the trade of financial instruments, which render services to us in relation to the custody of financial instruments, investments in financial instruments and other;
• guarantors, co-borrowers, providers of collaterals;
• our professional activity consultants, auditors, translation service providers, archivers, postal, electronic message and courier service providers;
• other third parties in the process of full or partial disposal, merger, acquisition, reorganisation of companies, or in the course of implementing similar business changes. As part of this process, among other things, we may transfer data to potential buyers of the company and their consultants.

In cases when a loan is secured by a pledge or another collateral, the collateral provider has rights to request us information about liabilities of the borrower. In such cases we provide to the collateral provider information on your liabilities that are secured by the respective pledge or collateral.

2. We may transfer your personal data to third parties if we have such rights or obligations stated in the normative enactments, for example:

• to the Bank of Latvia, the European Central Bank, the bodies performing operational activities, investigative authorities, notaries, bailiffs, the State Revenue Service and other persons listed in the Credit Institution Law and other laws and regulations. These third parties use the personal data to fulfil their obligations established by respective normative enactments;
• to the Credit Register of the Bank of Latvia and the Credit Bureau, or to any other liabilities’ register about financial liabilities of the customer. These registers use the data to provide information on customer’s payment history to users of the respective register in accordance with applicable normative enactments. For example, to credit institutions and other creditors.
• to the central depositary of securities we provide data about financial instruments owned by you and transactions carried out with them;
• to courts, courts of arbitration or other dispute resolution bodies.

We may outsource such activities or functions that include personal data processing. We supervise that the providers of the outsourced services comply with our personal data processing instructions, security and confidentiality requirements and the requirements laid down in the normative enactments.

For the purposes of personal data processing referred to in the Policy, we may engage other service providers as data processors. When engaging the processors we supervise that their operation complies with the requirements of the GDPR and other normative enactments.

Automated individual decision making

We may process your personal data in order to make automated individual decisions that have legal consequences for you. Such automated decisions allow you to receive the service or its offer faster. Automated decision-making occurs, for example, in the cases when we:

1. make decisions on the provision of services, including on issuing a loan. As part of this process we carry out an automated analysis using information on your income, financial liabilities and other circumstances that, in our opinion, are important.
2. advise you regarding insurance products to assess what we can offer you. In such cases we carry out an automated analysis, during which we assess your health data, data on age, gender and income;
3. determine your risk class as part of complying with the normative enactments related to anti-money laundering and preventing terrorism and proliferation financing;
4. carry out an analysis of biometric data in cases when you become our customer remotely, using the mobile application. As a result of an automated individual decision, we decide whether your identity is true and whether you can become our customer remotely.

Your rights

What are your rights?

1. You have the rights:

• to request information about processing of your personal data;
• to request rectification of incorrect, inaccurate or incomplete personal data;
• to request the restriction of the processing of your personal data until the lawfulness of your personal data processing is verified;
• to request erasure of your personal data;
• to not consent or revoke consent to personal data processing for marketing purposes, including profiling;
• to request and receive, in a format convenient for you, personal data you have provided to us and which are processed in an automated mode. These rights apply if the personal data are processed on the basis of a consent or execution of an agreement. In such cases, based on you request, we can transfer the personal data to another personal data controller if that is technically feasible and compliant with applicable normative enactments;
• to request not to be the subject of such decision which have legal consequences for you and is based solely on automated processing;
• to revoke your consent without affecting the use of your personal data before the consent was revoked;
• to file a complaint with the Data State Inspectorate (for more information, please visit www.dvi.gov.lv).

2. Please note that we will not be able to fully satisfy a request to erase personal data, if we process them on several grounds for personal data processing. For example, we can process personal data simultaneously to execute a service agreement, and to comply with the obligations laid down in the normative enactments. In such a case, we will not be able to ensure complete erasure of your personal data, of which we will inform you separately. We will carefully assess each your request to ensure the most appropriate solution to respect your rights in such a case.
3. In cases where it is not possible to completely delete personal data, we can ensure anonymization or pseudonymization of the personal data:

• Within the framework of anonymization of personal data, the data are irrevocably changed and can no longer be linked to a specific person. They are no longer considered personal data. We can continue to process such anonymous personal data, for example, for the purposes of statistics, and to improve and develop our services;
• Within the framework of pseudonymisation of personal data, an identifier is assigned to the data, observing a certain algorithm, so that the data is not instantly recognizable. By using this algorithm, it is possible to obtain the content of the personal data. Such data are considered personal data with increased data processing security level.
  
  The decision on which of the aforementioned solutions to apply in relation to personal data processing, we make independently in accordance with the GDPR principles.

4. Please note that the Law on the Prevention of Money Laundering, Terrorism and Proliferation Financing sets restrictions on the exercise of your rights.

How can you exercise your rights?

To exercise your rights you may file a complaint, application or request (collectively referred to as the “Request”).
Requests signed with a secure electronic signature should be sent to the e-mail address info@seb.lv or personasdati@seb.lv. 

You may also submit a Request using our internet bank, or at our nearest customer service location.

We will respond to your Request within one month from the date of receipt. In cases requiring extra time to review the Request, we will prolong the response time by giving you a notice about it in a timely manner.

We will assess your suggestions or objections regarding processing of your personal data. However, we will not always be able to fully meet your demands if the actions of SEB Latvia are in compliance with the requirements of the GDPR or restricted by other normative enactments.

How can minors exercise their rights?

In relation to the services we offer to minors, we assess the possibility to allow such persons to exercise certain rights independently.

We take into account the minor’s level of awareness and their ability to make decisions regarding the exercise of their rights in certain matters. Based on the assessment or in cases stipulated by normative enactments, we request the legal guardian of the minor to give consent or approval for the processing of personal data on behalf of the minor.

Legal guardians may exercise all the rights on matters concerning personal data processing in relation to their minor children before the age of 13. Legal guardians can supervise the processing of their minor children’s data regardless of the child’s age.

Other matters

Data protection officer’s contact information

If you have queries related to the processing of personal data carried out by AS “SEB banka” or SIA “SEB līzings”, please contact our data protection officer by sending:
- an email to: personasdati@seb.lv or
- a letter to the address at: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia.

If you have queries related to the processing of personal data carried out by SEB Life and Pension Baltic SE, please contact SEB Life and Pension Baltic SE data protection officer by sending:
- an email to dpo_pensija@seb.lv or
- a letter to the address at: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia.

If you have queries related to the processing of the personal data carried out by AS “SEB atklātais pensiju fonds” or IP AS “SEB Investment Management”, please contact our data protection officer by sending:
- an email to dpo_pensija@seb.lv or
- a letter to the address at: Meistaru 1, Valdlauči, Ķekava parish, Ķekava county, LV-1076, Latvia.

Privacy policy expiry and amendments

This Policy will come into effect starting from 26 June 2025 and will replace its previous version, which has been in effect from 24 April 2024. Policy may be unilaterally amended or supplemented in connection with amendments to normative enactments or as part of changes in our operations.

We will notify you one month in advance on any changes to the Policy, that are:

• not related to the regulatory requirements, and
• significantly affects existing data subjects or the existing data processing activities.

Information on amendments to the Policy is available in our webpage at seb.lv.

Personal data processing of SIA SEB līzings

SIA “SEB lizings”, as a controller, carries out the processing of your personal data as provided for in this Policy. This section contains clarifications and additional personal data processing activities that are specific to SIA “SEB līzings”.

For some of the purposes provided for in the Policy SIA “SEB līzings” needs to receive the account statements of customers. For example, to assess creditworthiness, to comply with the requirements of normative enactments in the field of AML/KYC. In case the relevant customer is also the customer of AS “SEB banka”, SIA “SEB līzings” will ensure receipt of account statements from AS “SEB bank” without involving the customer. The purpose of such data processing is our legitimate interest to make information exchange between SEB Group companies simpler, more secure and more customer friendly.

We carry out SMS communication and “robocalls” about breaches of agreement conditions to inform you in a timely manner about late leasing payments or missing amounts. The purpose of such data processing is our legitimate interest to reduce the number of debtors and shorten the debt period. Such communication also decreases number of situations, when debt occurs because of partial non-payment.

Personal data processing of SEB Life and Pension Baltic SE

SEB Life and Pension Baltic SE, as a controller, carries out the processing of your personal data as provided for in this Policy. This section contains clarifications and additional personal data processing activities that are specific to SEB Life and Pension Baltic SE.

To provide you with insurance services, SEB Life and Pension Baltic SE must process special categories of personal data. For example, information about your health condition, disability, medical examinations, diagnoses, or treatment. We receive this information either from you or from doctors and medical institutions that have carried out examinations or medical check-ups. We use this information to assess insurance risks before concluding a contract or, in the event of an insurance claim, to make a decision regarding the payment of compensation. In certain cases, in order to conclude an insurance contract, this information may also be transfered to reinsurance companies that help us assess risks.

In accordance with Section 9 of the Policy, SEB Life and Pension Baltic SE can process your personal data to make automated individual decisions. We carry out such processing to speed up the review of insurance claim applications, process payments, or assess the suitability and appropriateness of the service for you. Information about automated decisions related to a specific service is included in the documents or informational notices associated with that service. You have rights to request a review of an automated decision.

Personal data processing at AS “SEB atklātais pensiju fonds”

AS “SEB atklātais pensiju fonds”, as a controller, carries out the processing of your personal data as provided for in this Policy. This section contains clarifications and additional personal data processing activities that are specific to AS “SEB atklātais pensiju fonds”.

Based on your application, we will transfer private pension capital to another pension fund. Such transfer involves sharing your personal data with the pension fund specified in your application.

Personal data processing at IPAS “SEB Investment Management”

IPAS “SEB Investment Management”, as a controller, carries out the processing of your personal data as provided for in this Policy. This section contains clarifications and additional personal data processing activities that are specific to IPAS “SEB Investment Management”.

We process personal data of participants in SEB’s 2nd pillar pension investment plans received from the State Social Insurance Agency in accordance with requirements of normative enactments.

We contact participants of SEB’s 2nd pillar pension investment plans via digital channels or postal services. The purpose of this communication is to inform them about the suitability of the chosen plan based on their age, identify their needs, and to provide other information required by normative enactments.

Based on the consent you provided, we may display the 2nd pillar pension account statement in our internet bank. The consent is valid only during the specific session in the internet bank.