Data Controller means the natural or legal entity/entities which determines the purposes and means of the processing of Personal Data;
Data Processor means the legal entity processing Personal Data on behalf of the Data Controller(s);
Personal Data means any information relating to an identified or identifiable natural person;
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Account Information means information relating to Your payment accounts.
Account Information Service means a service which enables You to access, view or share (where relevant) information relating to Your payment accounts.
Sub-processor means a third party subcontractor engaged by the Data Processor which, as part of the subcontractor's role of delivering the services, will process Personal Data on behalf of the Data Controller.
You means You or the legal entity You represent.
Nordigen Partner means a third party, for example bank, credit institution or other service provider, which requires Account Information to provide You services.
When this Policy applies?
When You access and use Account Information Services via Nordigen’s Partner app or website, the Partner app or website will redirect You to an Account Information Service provided by Nordigen. This policy describes how Nordigen will use Your data when providing account information services.
This policy does not apply to services provided to You by Nordigen’s Partner. Such services may be subject to Nordigen’s Partner terms and conditions and privacy policies.
What data does Nordigen collect and how does Nordigen collect it?
The provision of Account Information Services requires Nordigen to collect information regarding Your payment accounts, transactions and other financial information from Payment Account Provider (banks or other financial institutions providing You a payment account) You have selected. Collection of such information is always based on Your explicit consent.
When providing You the Account Information Service, Nordigen may process the following data:
- Name, Surname
- Date of birth
- Contact information (email, phone number), address
- Personal identification number, social security number
- Bank account information – account type, account number (IBAN, SWIFT), currency
- Bank account records (transaction date, amount and/or payment recipient/sender, transaction details, current balance, available balance);
- Information on loans, credits and other financial products
- Other financial information derived from Your account
- Other information (Information about Your browser - user agent, browser signature, geographic location, IP address, date and time when the service was used, language in which the service was used)
Nordigen may also collect information about You from Nordigen Partner..
How will Nordigen use Your data?
Nordigen collects Your data to provide You Account Information Service pursuant to Terms and Conditions of Nordigen’s account information service (to fulfill contract between Nordigen and You).
When applicable (when using Nordigen Partner services), Your data will be shared with Nordigen Partners if You have requested Nordigen to do so. In such case the Nordigen Partner becomes responsible for the data as the data controller right after the data transfer.
Nordigen also process Your data to fulfil Nordigen’s obligations under applicable laws and to improve the Account Information Service which is Nordigen’s legitimate interest.
How and for how long does Nordigen store Your data?
All personal data in electronic format (name, address, Your bank account data, etc) are stored and processed on cloud based servers. For cloud computing, data storage and service hosting services Nordigen has engaged a sub-processor - Amazon Web Services EMEA SARL, registered address 5 rue Plaetis, L-2338, Luxembourg, with data centres located in Dublin, Ireland (European Union).
Nordigen keeps Your data for the time necessary to fulfil the purpose of collection or further processing, namely providing the Account Information Service. After the provision of the Account Information Service is completed, the data is deleted or anonymised. However, some data may be kept for longer period when it is necessary for Nordigen’s legitimate interest or to fulfill Nordigen’s legal obligations, for example the applicable anti-money laundering laws. You can request to delete Your data You have provided to Nordigen if You wish to, by sending an e-mail to: firstname.lastname@example.org.
In order to protect Your personal data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons under confidentiality agreements with a legitimate need to process personal data for the processing purposes stated in this policy.
What are Your data protection rights?
Nordigen would like to make sure You are fully aware of Your data protection rights. Every user of the Account Information Service is entitled to the following:
The right to access – You have the right to request Nordigen for copies of Your personal data.
The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.
The right to erasure – You have the right to request that Nordigen erase Your personal data.
The right to restrict processing – You have the right to request that Nordigen restrict the processing of Your personal data.
The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.
If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email: email@example.com.
In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.
Third parties and transfer of personal data
Your personal data may be disclosed if it is required by You according to the Terms and Conditions of Nordigen’s account information service, the Applicable data privacy laws or competent authority in order to fulfill Nordigen's legal obligations.
Your personal data will not be transferred or stored in countries outside of the European Economic Area / European Union unless there are legal grounds for such transfer exist and there is an adequate level of protection.
Address: Ģertrūdes str. 44A, Riga, Latvia, LV-1011
Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.
Phone: +371 67223131