Aktieinvest’s data privacy policy

When the term “you” is used below, it refers to you as a customer, potential customer or as another relevant party, such as beneficial owner or a party related to the customer.

This data privacy policy includes the following elements:

1. The categories of personal data that we collect and process
2. How we may use your personal data and the basis on which we use it
3. How we protect your personal data
4. The other parties that may be privy to your personal data
5. The rights that you have as a data subject
6. When we remove your personal data
7. Cookies policy
8. How changes are made to our data privacy policy
9. Contact Aktieinvest’s Data Protection Officer or the Swedish Authority for Privacy Protection.

The categories of personal data that we collect and process

We generally collect personal data in the following categories:

• Personal data for identification (such as personal identity number and name)
• Contact details (such as telephone number, address and email address)
• Financial information (such as bank account number, transaction information)
• Various statutory information (such as Know Your Customer (KYC) information and to prevent money laundering)

We obtain most of the information directly from you. Other information will be obtained from external sources, such as the state personal address register (Statens personadressregister, SPAR).

How we may use your personal data and the basis on which we use it

The ultimate purpose of our processing of your personal data is to ensure that you are able to use our services. This entails certain legal requirements. We also have certain legitimate interests.

Signing and administrating agreements in accordance with the general terms and conditions

We will process your personal data in order to prepare and administrate your engagement with us in accordance with the general terms and conditions in effect at any time.

Legal requirements

Being an institution entails certain legal requirements. These include the following:

• Measures to prevent, uncover and investigate money laundering and financing of terrorism, as well as sanction monitoring, including Know Your Customer
• The Bookkeeping Act
• Reporting to authorities, such as the Swedish Financial Supervisory Authority (Finansinspektionen) and the Swedish Tax Agency (Skatteverket)
• Risk management

Legitimate interests

Since we work with client analyses in order to offer our clients the right products, certain personal data will be used in market and client analyses, business monitoring, business and method development and in marketing. In respect of direct marketing, this is something that you as a client can reject by informing us of your wishes.

Consent

If you are not a client but have consented to our processing your personal data, your data will be processed within the framework of a consent. This may, for example, involve you providing your consent, thus permitting us to market our services to you. You can at any time withdraw your consent. In such cases, we will cease our processing. This does not affect the validity of the processing of your personal data prior to the withdrawal of consent.

How we protect your personal data

We assign the highest priority to comprehensive protection of your personal data. We have taken organisational and technical security measures to protect your personal data. These measures are designed to protect your personal data from unintentional deletion or another type of change, and from unauthorised interference, amendment or destruction.

Other parties that may be privy to your personal data

We may potentially share your personal data with third parties who are controllers. Should this happen, we will always ensure in advance that the data is transferred in a secure manner. Such sharing may occur, for example, due to a legal obligation, such as providing information to the Swedish Tax Agency or to the police authority.

Personal data may be provided to a third country, meaning a country outside the EU, if we have an obligation to do so. This could, for example, involve parties who are registered as taxpayers in the United States, known as FATCA reporting.

Transfers may also occur due to your engagement with us, for example due to trading rules, or terms and conditions governing a certain security, custodial bank or clearing institution. It could also involve our subcontractors who process your personal data on behalf of us, such as IT suppliers and suppliers used for the administration of mailings.

The rights that you have as a data subject

As a data subject, you have a number of rights.

You are entitled to receive what are known as extracts of registered personal data. The extracts of registered personal data shall be provided within a month and contain information about you as a data subject, where the information came from and the purpose of the processing, as well as any recipient or categories of recipients to whom the data may be provided. In most cases, the information is available when in a logged-in state on our Internet service. If there is information that you consider is not available when in a logged-in state as a client or that in other cases is difficult to access, you may send a request for an extract of registered personal data to the company’s Data Protection Officer. The relevant contact details are provided at the bottom of the page. Certain access may be denied due to legislation, internal assessments or other limitations.

You are entitled to have incorrect or incomplete personal data corrected, subject to any legal limitations. You are not permitted to have certain personal data corrected, such as civil registration data from the state personal address register (SPAR).

You are entitled to have personal data deleted if:

• you object to the processing and there are no legitimate grounds for continued processing
• you object to direct marketing
• the processing is illegal
• the processing relates to minors and the data was collected in connection with an offering of information society services (services that are usually performed for payment, remotely, electronically or at the individual request of a service recipient), or
• the processing is based on consent, the consent is revoked and there is no legal basis for the processing

You are entitled to request that our processing of your personal data be limited to storage only by us. The processing will then be limited until such time as it is possible to determine whether our legitimate interests outweigh your interests as a data subject.

You are always entitled to object to processing of personal data that is performed for a marketing purpose.

You are entitled to receive your personal data in a generally used, machine-readable format; known as data portability. This applies to the personal data that is processed on an automated basis and within the framework of a consent granted or an agreement. When in a logged-in state, functionality is available in the new Internet service and the data will then be downloaded directly to your unit in a JSON format. This is a format that is readable in Windows Notes and macOS Notes. Should we consider it secure and technically possible, we may at your request transfer the personal data to another controller.

Any request in accordance with the above will be assessed on a case-by-case basis. As a result of legislation governing the financial sector, we are in a number of cases obligated, due to our legal undertakings, to process your personal data several years after you have terminated your client engagement.

When we remove your personal data

In many cases, we will save your personal data for longer than a client relationship with us lasts. This is primarily due to certain legal requirements to which we as an institution are subject. For example, due to legal requirements, we have to save information about orders and client engagements. Accordingly, it is not always certain that we will be able to satisfy your request to delete personal data.

In a number of cases, you are entitled to request the deletion of your personal data. If you email or call us, we will save your email message or telephone call for five years. You are entitled to request the deletion of email messages or telephone calls. They will then be deleted, assuming that Aktieinvest is not subject to any legal requirement to save the message, such as if it involves electronic communications that do not relate to orders.

Cookies policy

We use cookies to improve the usability of our website and to make our services more relevant to you. We store certain general information, such as about which browser you use. More information on our handling of cookies is available at https://www.aktieinvest.se/cookies

Contact Aktieinvest’s Data Protection Officer or the Swedish Authority for Privacy Protection

Aktieinvest has appointed a Data Protection Officer. Should you have any questions about our processing of your personal data, you can contact the Data Protection Officer at:

Attn: Data Protection Officer
Aktieinvest FK AB
SE-113 89 Stockholm, Sweden

Alternatively, you can email dataskyddsombud@aktieinvest.se

As a customer of Aktieinvest, you can download your personal data in our internet service under your profile settings. If you would like more information about how we process your personal data, please fill out this form. You can also download the form and send it to us.

You may also submit complaints to or contact the supervisory authority for data protection matters – the Swedish Authority for Privacy Protection. More information about how to do this is available at https://www.datainspektionen.se/