Privacy Policy

Of Nordigen’s account information service

Updated 01/12/2020

This privacy policy will explain how Nordigen uses the personal data we collect once You access and use the Account Information Service (as defined in Terms and Conditions of Nordigen’s account information service).

Account Information Services are provided by SIA "Nordigen Solutions", a private limited liability company registered under the laws of the Republic of Latvia, company registry code 40103982535 (hereinafter referred to as Nordigen). Nordigen is committed to protect your personal data and to respect your privacy. By accessing and using Account Informations Services You agree to the data processing practices described in this Privacy Policy.
Applicable data privacy laws means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR ) or any national or internationally binding data privacy laws or regulations that may be applicable at any time during the term of this Privacy Policy.

Data Controller means the natural or legal entity/entities which determines the purposes and means of the processing of Personal Data;

Data Processor means the legal entity processing Personal Data on behalf of the Data Controller(s);

Personal Data means any information relating to an identified or identifiable natural person;

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Account Information means information relating to Your payment accounts.

Account Information Service means a service which enables You to access, view or share (where relevant) information relating to Your payment accounts.

Sub-processor means a third party subcontractor engaged by the Data Processor which, as part of the subcontractor's role of delivering the services, will process Personal Data on behalf of the Data Controller.

You means You or the legal entity You represent.

Nordigen Partner means a third party, for example bank, credit institution or other service provider, which requires Account Information to provide You services.

This Privacy Policy applies when You access and use Nordigen’s Account Information Services.

When You access and use Account Information Services via Nordigen’s Partner app or website, the Partner app or website will redirect You to an Account Information Service provided by Nordigen. This policy describes how Nordigen will use Your data when providing account information services.

This policy does not apply to services provided to You by Nordigen’s Partner. Such services may be subject to Nordigen’s Partner terms and conditions and privacy policies.

The provision of Account Information Services requires Nordigen to collect information regarding Your payment accounts, transactions and other financial information from Payment Account Provider (banks or other financial institutions providing You a payment account) You have selected. Collection of such information is always based on Your explicit consent.

When providing You the Account Information Service, Nordigen may process the following data:
  • Name, Surname
  • Date of birth
  • Contact information (email, phone number), address
  • Personal identification number, social security number
  • Bank account information – account type, account number (IBAN, SWIFT), currency
  • Bank account records (transaction date, amount and/or payment recipient/sender, transaction details, current balance, available balance);
  • Information on loans, credits and other financial products
  • Other financial information derived from Your account
  • Other information (Information about Your browser - user agent, browser signature, geographic location, IP address, date and time when the service was used, language in which the service was used)

Nordigen may also collect information about You from Nordigen Partner..

Nordigen collects Your data to provide You Account Information Service pursuant to Terms and Conditions of Nordigen’s account information service (to fulfill contract between Nordigen and You).

When applicable (when using Nordigen Partner services), Your data will be shared with Nordigen Partners if You have requested Nordigen to do so. In such case the Nordigen Partner becomes responsible for the data as the data controller right after the data transfer.

Nordigen also process Your data to fulfil Nordigen’s obligations under applicable laws and to improve the Account Information Service which is Nordigen’s legitimate interest.

All personal data in electronic format (name, address, Your bank account data, etc) are stored and processed on cloud based servers. For cloud computing, data storage and service hosting services Nordigen has engaged a sub-processor - Amazon Web Services EMEA SARL, registered address 5 rue Plaetis, L-2338, Luxembourg, with data centres located in Dublin, Ireland (European Union).

Nordigen keeps Your data for the time necessary to fulfil the purpose of collection or further processing, namely providing the Account Information Service. After the provision of the Account Information Service is completed, the data is deleted or anonymised. However, some data may be kept for longer period when it is necessary for Nordigen’s legitimate interest or to fulfill Nordigen’s legal obligations, for example the applicable anti-money laundering laws. You can request to delete Your data You have provided to Nordigen if You wish to, by sending an e-mail to: legal@nordigen.com.

In order to protect Your personal data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons under confidentiality agreements with a legitimate need to process personal data for the processing purposes stated in this policy.

Nordigen would like to make sure You are fully aware of Your data protection rights. Every user of the Account Information Service is entitled to the following:
The right to access – You have the right to request Nordigen for copies of Your personal data.
The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.
The right to erasure – You have the right to request that Nordigen erase Your personal data.
The right to restrict processing – You have the right to request that Nordigen restrict the processing of Your personal data.
The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.

If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email: legal@nordigen.com.

In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.

Your personal data may be disclosed if it is required by You according to the Terms and Conditions of Nordigen’s account information service, the Applicable data privacy laws or competent authority in order to fulfill Nordigen's legal obligations.

Your personal data will not be transferred or stored in countries outside of the European Economic Area / European Union unless there are legal grounds for such transfer exist and there is an adequate level of protection.

Nordigen keeps this privacy policy under regular review and places any updates on this web page. Nordigen will inform You about any upcoming changes to this privacy policy. Nordigen has the right to change this privacy policy solely at any time. You will be asked to accept any changes made to this privacy policy. If You do not accept the changed privacy policy Nordigen has the right to terminate the contract (Terms and Conditions of Nordigen’s account information service) with You.

How to contact us?

If You have any questions about this privacy policy, the data Nordigen holds on You, or You would like to exercise one of Your data protection rights, please do not hesitate to contact us.

E-mail: legal@nordigen.com

Address: Ģertrūdes str. 44A, Riga, Latvia, LV-1011

How to contact the appropriate authority?

Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.

E-mail: info@dvi.gov.lv

Phone: +371 67223131

Get started now!

No trial period. No credit card. Free forever.