Data Controller means the natural or legal entity/entities whichdetermines the purposes and means of the processing of Personal Data;
Data Processor means the legal entity processing Personal Data on behalf of the Data Controller(s);
Personal Data means any information relating to an identified or identifiable natural person;
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Services means Nordigen website, Nordigen Dashboard and Nordigen Open Banking Portal.
Sub-processor means a third party subcontractor engaged by the Data Processor which, as part of the subcontractor's role of delivering the services, will process Personal Data on behalf of the Data Controller.
You or User means You or the legal entity You represent.
Account Information means information relating to payment accounts.
Account Information Service means a service which enables to access, view or share (where relevant) information relating to payment accounts.
Nordigen Partner means a third party, for example bank, credit institution or other service provider, which requires Account Information to provide You services.
When this Policy applies?
What data does Nordigen collect and how does Nordigen collect it?
Nordigen collects information You voluntarily provide us with by using the Services, data we obtain from providing Account Information Services and data we obtain from Cookies. When You register an account - we collect only mandatory account data:
Nordigen might also ask you to provide some optional data:
- First name
- Last name
- Phone number
- Company name
- Postal Code
When You use the Services, upload financial data or You access Your Account Information via Account Information Service, we receive and process financial data including but not limited to:
- Name, Surname
- Date of birth
- Contact information (email, phone number), address
- Personal identification number, social security number
- Bank account information – account type, account number (IBAN, SWIFT), currency
- Bank account records (transaction date, amount and/or payment recipient/sender, transaction details, current balance, available balance);
- Information on loans, credits and other financial products
- Other financial information derived from Your account
- Other information (Information about Your browser - user agent, browser signature, geographic location, IP address, date and time when the service was used, language in which the service was used)
Nordigen may also process other data You have provided to us.
How will Nordigen use Your data?
Nordigen collects Your data to provide You Services pursuant to Terms and Conditions of Nordigen services (to fulfill contract between Nordigen and You), to fulfil Nordigen’s legal obligations and for various business purposes and legitimate interests of Nordigen, specifically:
- to provide, administer, protect and improve the Services;
- to carry out support (including customer support), maintenance and other operational services as well as in order to derive statistical models for future data enrichment purposes;
- to improve the performance and accuracy of the Services;
- to transfer and provide access to Account Information after performing Account Information Service which may include normalization of financial data for consistent storage and display purposes, enrichment (categorisation), statistics calculation and insights generation, changing data formats;
- improve Your experience while using the Services;
- to handle and process inquiries submitted by the Users and visitors of the website;
- to investigate any fraud, illegal activity or wrongdoing in connection with the Services;
- to send Users and website visitors relevant informational content regarding Services and personalized offers they subscribed to;
How and for how long does Nordigen store Your data?
All Personal Data in electronic format (e-mail address, financial data, etc) are stored and processed on cloud based servers. For cloud computing, data storage and service hosting services Nordigen has engaged a sub-processor - Amazon Web Services EMEA SARL, registered address 5 rue Plaetis, L-2338, Luxembourg, with data centres located in Dublin, Ireland (European Union).
In order to protect Your Personal Data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the Personal Data being processed. Organisational measures include restricting access to the personal data solely to authorised persons under confidentiality agreements with a legitimate need to process personal data for the processing purposes stated in this policy.
What are Your data protection rights?
Nordigen would like to make sure You are fully aware of Your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Nordigen for copies of Your personal data.
The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.
The right to erasure – You have the right to request that Nordigen erase Your personal data.
The right to restrict processing – You have the right to request that Nordigen restrict the processing of Your personal data.
The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.
If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org.
In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.
Cookies are text files placed on Your computer or browser to collect standard internet log information and website visitor behaviour information. When you visit website or access and use the Services, Nordigen may collect information from You automatically through cookies or similar tracking technology (pixels, etc.). Cookies can enable Nordigen to track and target the interests of Users to enhance their experience on website or while using the Services.
We collect information through cookies for following purposes:
The cookies we use may be operated by us or by third parties. We collect information through the following categories of cookies for the following purposes:
|Essential||For our Website and the Services to function properly|
|Preferences||To remember Your settings and preferences, such as language and location|
|Analytics||We use these cookies to better understand how You interact with our website and the Services provided on the Website so that we can improve them. We may use these cookies to determine if You have interacted with certain content or features. We can also use these cookies to learn more about which features are the most popular with our users and where we may need to make improvements.|
|Advertising||We and our trusted advertising partners use these cookies to display advertisements, to make advertisements more relevant to visitors of our Website, and to track the efficiency of any advertising campaigns on our Websites.|
Usage of cookies is no way linked to any personally identifiable information provided by You while using the Services. The cookies and other similar technologies Nordigen use may be operated by Nordigen itself or by third parties.
You may also choose whether to accept Cookies. However, Cookies can be an important part of the Services and Your experience using our website and the Services. If You remove or reject cookies, this could affect the availability and functionality of our website and the Services. Some ways You can control, or limit cookies used on our website and the Services:
- Although most browsers and devices accept cookies by default, you can usually manage settings to remove or reject browser cookies manually within your browser’s configuration settings. Please note that if you remove or reject cookies some of the features of our website may not function properly;
- To prevent Your data from being used by Google Analytics, you can install Google’s opt-out browser add-on;
- For information on online behavioral advertising how our advertising partners may allow You to opt out of receiving ads based on Your web browsing history, please visit https://youronlinechoices.com.
Third parties and transfer of personal data
Your personal data may be disclosed if it is required by the Applicable data privacy laws or competent authority in order to fulfill Nordigen's legal obligations.
Nordigen may also provide personal data to companies that process personal data on behalf of Nordigen such as marketing service providers. Nordigen will be responsible for the correct processing of Your personal data.
Your personal data will not be transferred or stored in countries outside of the European Economic Area / European Union unless there are legal grounds for such transfer exist and there is an adequate level of protection.
Address: Ģertrūdes str. 44A, Riga, Latvia, LV-1011
Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.
Phone: +371 67223131