Privacy Policy

Of Nordigen’s website and services

Last Updated on 1st December, 2021

This privacy policy explains how Nordigen uses the personal data that is collected from You once You access or use website www.nordigen.com and services available on this website and all related subdomains, including ob.nordigen.com (Open Banking Portal) ( hereinafter - Services).

INTRODUCTION

Services are provided by SIA "Nordigen Solutions", a private limited liability company registered under the laws of the Republic of Latvia, company registration number 40103982535 (hereinafter referred to as Nordigen, we or us). Nordigen is committed to protect your personal data and to respect your privacy. By accessing and using the Services You agree to the data processing practices described in this Privacy Policy.

DEFINITIONS OF TERMS USED IN THIS PRIVACY POLICY

"Applicable data privacy laws" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR ) or any national or internationally binding data privacy laws or regulations that may be applicable at any time during the term of this Privacy Policy.

"Data Controller" means the natural or legal entity/entities which determines the purposes and means of the processing of Personal Data;

"Data Processor" means the legal entity processing Personal Data on behalf of the Data Controller(s);

"Personal Data" means any information relating to an identified or identifiable natural person;

"Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Services" means Open Banking Portal.

"You" or “User” means You or the legal entity You represent.

“Account Information” means information relating to payment accounts.

"Account Information Service" means a service which enables to access, view or share (where relevant) information relating to payment accounts.

“Account Servicing Payment Service Provider” means an entity which provides and maintains a payment account for a payer.

“Nordigen Partner” means a third party, for example bank, credit institution or other service provider, which requires Your Account Information via Nordigen Account Information API to provide You services.

WHEN THIS POLICY APPLIES?

This Privacy Policy applies when You visit Nordigen’s website or access and use the Services.

If You are an end-user of Nordigen’s Account Information Service or You have connected Your bank account to Open Banking portal please refer to our End-User Privacy Policy

This Privacy Policy does not apply to services provided to You by Nordigen Partners. Such services may be subject to Nordigen’s Partner terms and conditions and privacy policies.

PERSONAL DATA, PROCESSING PURPOSES AND LEGAL BASIS

If You are Open Banking Portal user

Types of personal data we are Processing

Purpose of Processing

Lawful basis of Processing

Registration and login data (including email, information on company You work for)

To provide Services; to carry out customer support and Service maintenance

Performance of contract between You and Nordigen

Email, first name, last name, IP address, client/account ID, personal identity code and other information provided by You or obtained by performing Services

User identification and administration; to investigate any fraud, illegal activity or wrongdoing in connection with the Services; to conduct any due diligence required for us to provide You Services

To comply with our legal obligations (including regulatory requirements that we are subject to)

Contact details (including email, first name, last name, address, phone number and other data provided by You)

To contact You send You relevant information regarding Services and personalized offers; 

Your consent

Contact details (including email, first name, last name and other data provided by You)

To record Your feedback and inquiries for the purpose of improving Services

Our legitimate interest in ensuring that we can provide You with the Services and to continuously improve our Services

If You are visitor of Nordigen website

Types of personal data we are Processing

Purpose of Processing

Lawful basis of Processing

Contact details (including email, first name, last name, address, phone number and other data provided by You)

To contact You and send You relevant information regarding Services and personalized offers;

Your consent

HOW DOES NORDIGEN COLLECT PERSONAL DATA?

Nordigen collects information You voluntarily provide us via website or by registering and using the Services. Information You provide when registering to use our Services is mandatory to enter into a contract with Nordigen and for Nordigen to be able to provide You the Services. In case You don’t provide the required information we may not be able to provide You the Services.

When You use the Open Banking Portal and connect Your bank account, we obtain Account Information from Your Account Servicing Payment Service Provider. When You add additional users under Your Open Banking Portal account, we obtain email address and name of the users You have added directly from You.

Nordigen may also collect data we obtain from cookies. Information on how Nordigen uses cookies or similar tracking technologies is described in Cookie Policy

FOR HOW LONG DOES NORDIGEN STORE YOUR DATA?

In general, Nordigen only keeps Your Personal Data for the time necessary to fulfil the purpose of collection or further Processing, namely providing the required Services.To determine data retention periods Nordigen takes into account:

  • whether Personal Data is processed based on Your consent;
  • our legal obligations under applicable law; 
  • our contractual obligations and rights;
  • our legitimate interests;
  • potential disputes, necessity to be able to investigate any fraud, illegal activity or wrongdoing in connection with the Services;

Where Personal Data is processed based on Your consent, Personal Data is deleted after you have withdrawn Your consent or unsubscribed to receive relevant information. You can withdraw Your consent at any time by sending an e-mail to: legal@nordigen.com or by clicking ‘unsubscribe’ where such option is present.

You can delete Your Open Banking Portal account and the Personal Data You have provided to Nordigen at any time, by clicking ‘delete account’. Please note that Nordigen still may keep log data and other Personal Data associated with Your account up to 5 years after deletion of Your account to fulfil applicable legal obligations.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

Nordigen would like to make sure You are fully aware of Your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Nordigen for copies of Your personal data.

The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.

The right to restrict Processing – You have the right to request that Nordigen restrict the Processing of Your personal data.

The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.

Where Personal Data is Processed for direct marketing purposes or Processing is based on our legitimate interests, You have the right to object to such Processing.

If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email: legal@nordigen.com.

In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.

RECIPIENTS OF PERSONAL DATA AND TRANSFERS

Your Personal Data may be accessed and Processed only by authorized Nordigen employees in connection with provision of Services. All authorized employees are under confidentiality agreements with a legitimate need to process personal data for the Processing purposes stated in this policy.

We have also engaged multiple suppliers and vendors as Data Processors to help us provide You Services, e.g. cloud service providers, client relations management service providers, email service providers, payment processors etc. Nordigen will be responsible for the correct Processing of Your Personal Data according to Nordigen’s instructions given to such Data Processors and Applicable data privacy laws.

Your Personal Data may be disclosed if it is required by the Applicable data privacy laws or competent authority in order to fulfil Nordigen's legal obligations.

Your Personal Data will not be transferred or stored in countries outside of the European Economic Area / European Union unless there are legal grounds for such transfer and there is an adequate level of data protection.

SECURITY MEASURES

In order to protect Your Personal Data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the Processing and the nature of the Personal Data being processed. Organisational measures include restricting access to the Personal Data solely to authorised persons under confidentiality agreements with a legitimate need to process Personal Data for the Processing purposes stated in this policy.

CHANGES TO OUR PRIVACY POLICY

Nordigen keeps this privacy policy under regular review and places any updates on this web page. Nordigen will inform You about substantial changes to this privacy policy via Nordigen’s website, via email or other means of electronic communication. Nordigen has the right to change this privacy policy solely at any time.

HOW TO CONTACT OUR DATA PROTECTION OFFICER?

If You have any questions about this privacy policy, the data Nordigen holds on You, or You would like to exercise one of Your data protection rights, please do not hesitate to contact our data protection officer:

E-mail: legal@nordigen.com

Address: Ģertrūdes str. 44A, Riga, Latvia, LV-1011

HOW TO CONTACT THE APPROPRIATE AUTHORITY?

Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.

E-mail: info@dvi.gov.lv

Phone: +371 67223131