This Privacy Notice provides information as to how, when, and why SEB Kort Bank AB 556574-6624 (“SEB Kort” or “we” or “us”) will collect, process, store and share personal data for you as a private customer, cardholder or prospective customer or cardholder.
We will process your personal data in a careful and responsible manner. By personal data, we mean any information that can be directly or indirectly traced back to you.
Privacy Notice for SEB Kort Bank AB, Private cardholders (PDF)
Personal data is normally collected directly from you, for instance when you apply for our services or products or generated in connection with your use of our services and products. Sometimes additional information is required to keep the information up to date or to check that the information we have collected is correct.
We collect the following personal data categories directly from you:
In addition to the information that you provide us with yourself, we may collect information about you elsewhere. This applies, for example, when we:
In some cases, we also collect information from other entities in the SEB Group pursuant to Group internal service arrangements and appropriate data transfer mechanisms.
Please note that our websites use cookies. A cookie is a piece of information that a website transfers to the cookie file on your computer or device.
Read more about the use of cookies here
We are often required by law or as a consequence of our contractual relationship with our clients to collect certain personal data. Failure to provide this information may prevent or delay the fulfilment of these obligations.
The main purpose of our processing of personal data is to collect, control and process personal data before and when signing agreements with you, as well as to document, administer and perform what is required to fulfil the agreements. We process your personal data when:
We must be able to comply with the various laws and regulations in the jurisdictions that we operate in:
We have, in certain circumstances, a legitimate interest in processing your personal data. When vi process personal data with reference to “legitimate interest” we shall demonstrate that we have justified compelling reasons for the processing and that these reasons take precedence over your interests and rights.
The following are examples of situations where we process personal data using legitimate interest as the legal ground for processing:
We usually do not base the processing of your personal data on a consent.
If you provide us with your consent to process and store your personal data, you can at any time withdraw such consent. Withdrawal of consent will however not affect any processing of personal data based on the consent prior to the withdrawal.
There might however be other reasons for obtaining a consent from you than for processing of your personal data, e.g., when it is necessary in accordance with local marketing legislation.
Profiling is when your personal data is automatically processed, primarily your financial circumstances or personal preferences such as transaction data on your credit card or financial information from you or credit bureaus.
We use profiling for:
We use automatic decisions, for instance when you apply for a credit card using our online application form. Such application can be approved or declined by using automatic decisions.
Our automated decisions may sometimes be based on profiling. Where such a decision has legal consequences for you, e.g., a decline of an application or otherwise significantly affects you, you have a right to object to the automatic decision.
We will share personal data about you with other legal entities and affiliates within the SEB Group in order to meet our legal and regulatory obligations such as:
We will share personal data about you to external recipients for the following purposes:
We do not share your data with suppliers outside the EU/EEA (“European Union/European Economic Area”) also known as third countries unless it is required by law or necessary for fulfilling our service to you as a customer. One example of the latter is our cooperation with Mastercard where some of your data may be transferred to the United States of America (“USA”).
Another example is when we use Adobe Campaign for IT support services which are performed in EU/EEA as well as in India.
We only make such transfers after having performed a Transfer Impact Assessment (“TIA”) to ensure that GDPR has been followed and if any of the following conditions are met:
We will store your personal data for as long as it is necessary for fulfilling the purposes for which they were collected. The required retention period differs between the Nordic countries. Below we list some examples on relevant retention periods.
If you have downloaded one of our apps, we can send information to the device where the app is installed, for example in the form of push notifications. The message may, among other things, contain information that a purchase has been made, an incorrect PIN code has been used or if a purchase has been denied.
In your device's system settings, you can control whether the information is sent or not and how the information is displayed on the device's screen in locked mode.
When the information is sent outside the SEB Group, it is done with uninterrupted encryption until the information arrives at your app.
To be able to do aggregated analysis of user interactions we gather information about what services you use on our website, in our in-logged environment and apps and how you use them.
The information that we collect are:
We respect your rights to request access, modification, deletion, and portability of your personal data.
According to the GDPR, you are entitled to control your own personal data and to know how we process information about you. You can contact us if you want to exercise any of your rights.
Sometimes your rights are subject to limitations e.g., when we are unable to delete your personal data due to regulatory requirements and when the retention period has not been reached.
You have the right to obtain information about what personal data we process about you. You can obtain this by requesting an extract from us.
Should it turn out that we are processing personal data about you that is incorrect, you are entitled to request the personal data to be corrected. You may also request that an incomplete piece of personal data about you be supplemented.
You have the right to have any or all your personal data deleted. This is sometimes referred to as “the right to be forgotten”. In some cases, we may be unable to delete all the personal data because this is still necessary for its original purpose, and we still have a legal basis for processing it.
In some situations, you are entitled to ask for our processing of your data to be restricted for a certain period. This could be, for example, if you believe that some personal data about you is incorrect and we need to verify this. This may also be if you have objected to processing that is based on legitimate interest. In this case, we will assess whether our interests take precedence over yours.
If we process personal data about you based on legitimate interest, you may object to this processing. For instance, if we process your personal data for the purpose of direct marketing.
If we process your personal data based on an agreement or based on your consent, you have the right to access the personal data you have provided to us. If it is technically possible, you also have the right to have the data transferred to another party. This is known as data portability.
When a decision is based on automatic processing (including profiling), you have the right to contact us to object to being subject to an automatic processing of your personal data.
You are always welcome to contact us if you have any questions about your rights or about how we process your personal data.
Contact details to Data Protection Officer (DPO):
Head Office
SEB Kort Bank AB
SEB Data Dataskydd
106 40 Stockholm
Sweden
08-14 70 00
SEB Kort Bank AB, Denmark branch
Postbox 100
0900 København C.
Denmark
persondata@seb.dk
SEB Kort Bank AB, Norway branch
Personvernsombudet
Postboks 1843, Vika
0123 Oslo
personvernsombud@seb.no
SEB Kort Bank AB, Finland branch
Data Protection Officer
Eteläesplanadi 18
00130 Helsinki
Finland
Where applicable, you have the right to make a complaint to the competent supervisory authority.
Sweden:
Swedish Authority for Privacy Protection (“Integritetsskyddsmyndigheten (IMY)”)
Box 8114
104 20 Stockholm
imy@imy.se
Denmark:
Danish Data Protection Agency (“Datatilsynet”)
Carl Jacobsens Vej 35
2500 Valby
dt@datatilsynet.dk
Norway:
Data Protection Authority
(“Datatilsynet”)
Postboks 458 Sentrum
0105 Oslo
Finland:
Office of the Data Protection Ombudsman
Lintulahdenkuja 4
00530 Helsinki
tietosuoja@om.fi
If you are not satisfied with how we process your personal data and if your contact to our DPO, listed under “Contact details” did not provide you with a satisfying answer, please contact our responsible for complaints.
Sweden:
SEB Kort Bank AB
Att.: Klagomålsansvarig
106 40 Stockholm
kundrelationerkort@seb.se
Denmark:
SEB Kort Bank AB
Att.: Klageansvarlig
Postboks 351
0900 København C.
kundeklager@sebkort.dk
Norway:
SEB Kort Bank AB
Att.: Klageansvarlig
Postboks 1373 Vika
0114 Oslo
kundeklage@sebkort.no
Finland:
SEB Kort Bank AB
Att.: Asiakasvalitusvastaava
P.Box 1085
00101 Helsinki
asiakaspalaute@seb.fi