(updated on 14th April, 2020)
3.WHEN THIS POLICY APPLIES?
4. WHAT DATA DOES NORDIGEN COLLECT AND HOW DOES NORDIGEN COLLECT IT?
5. HOW WILL NORDIGEN USE YOUR DATA?
6.HOW AND FOR HOW LONG DOES NORDIGEN STORE YOUR DATA?
7. WHAT ARE YOUR DATA PROTECTION RIGHTS?
8. WHAT ARE COOKIES?
9.WHAT TYPES OF COOKIES NORDIGEN USES AND HOW DOES NORDIGEN USE THEM?
10.HOW TO MANAGE COOKIES?
11.THIRD PARTIES AND TRANSFER OF PERSONAL DATA
13. HOW TO CONTACT US?
14. HOW TO CONTACT THE APPROPRIATE AUTHORITY?
" Account Aggregators" means licensed account information service providers that perform account information services and aggregate data from financial institutions (Account Aggregation)
" Data Controller" means the natural or legal entity/entities whichdetermines the purposes and means of the processing of Personal Data;
"Data Processor" means the legal entity processing Personal Data on behalf of the Data Controller(s);
"Personal Data" means any information relating to an identified or identifiable natural person;
"Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
" Services" means bank account statement analysis, transaction categorisation, behaviour factor generation and other services available within the Gateway and Analytics System.
" Sub-processor" means a third party subcontractor engaged by the Data Processor which, as part of the subcontractor's role of delivering the services, will process Personal Data on behalf of the Data Controller.
" You" means Client as defined in Terms.
WHEN THIS POLICY APPLIES?
WHAT DATA DO*ES NORDIGENCOLLECTAND HOW DOES NORDIGEN COLLECT IT?*
Nordigen only collects information You voluntarily provide us with.
When You register an account - we collect only mandatory account data:
Nordigen might also ask you to provide some optional data:
When You use Services available on Gateway and Analytics System, upload transaction data or import transaction data via Account Aggregators, we receive and process Your financial account details including but not limited to:
To support Account Aggregation Nordigen provides You access to licensed Account Information Services Providers (Account Aggregators) within the Gateway and Analytics system. Nordigen has engaged and the following Account Aggregators are available in Gateway and Analytics system:
Tink AB , company registration number 556898-2192, with office address Vasagatan 11, 111 20 Stockholm, Sweden.
KONTOMATIK UAB with its registered office in Vilnius at Upės 23, LT-08128 Vilnius, Lithuania, holding a legal entity identifier: 304852516, VAT number: LT100011837810, a payment institution providing only the account information service, supervised by the Bank of Lithuania;
KONTOMATIK Sp. z o.o. with its registered office in Warsaw at Prosta 51, 00-838 Warsaw, Poland, registered in the Business Register of the National Court Register kept by the District Court for the capital city of Warsaw, 12th Commercial Division of the National Court Register under number KRS 0000338706, holding Tax Identification Number (NIP): 5213542911, Statistical Number (REGON): 142043500.
HOW WILLNORDIGENUSE YOUR DATA?
Nordigen collects Your data to provide You Services pursuant to Terms(to fulfill contract between Nordigen and You), specifically:
Nordigen also will use Your e-mail and contact information to provide You relevant information regarding Services and personalized offers. If You do not want Nordigen to process Your personal data for direct marketing, You may notify Nordigen thereof in writing. Contact details for such notifications to Nordigen are provided in section "How To Contact Us?".
HOW AND FOR HOW LONG DOES NORDIGEN STORE YOUR DATA?
All personal data in electronic format (e-mail address, Your account data, etc) are stored and processed on cloud based servers. For cloud computing, data storage and service hosting services Nordigen has engaged a sub-processor - Amazon Web Services EMEA SARL, registered address 5 rue Plaetis, L-2338, Luxembourg, with data centres located in Dublin, Ireland (European Union).
In order to protect Your personal data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons under confidentiality agreements with a legitimate need to process personal data for the processing purposes stated in this policy.
WHAT ARE YOUR DATA PROTECTION RIGHTS?
Nordigen would like to make sure You are fully aware of Your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Nordigen for copies of Your personal data.
The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.
The right to erasure – You have the right to request that Nordigen erase Your personal data.
The right to restrict processing – You have the right to request that Nordigen restrict the processing of Your personal data.
The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.
If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org.
In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.
WHAT ARE COOKIES?
Cookies are text files placed on Your computer to collect standard internet log information and visitor behaviour information. When you visit Gateway and Analytics system, Nordigen may collect information from You automatically through cookies or similar tracking technology (pixels, etc.). Cookies can enable Nordigen to track and target the interests of our users to enhance the experience on Gateway and Analytics system.
WHAT TYPES OF COOKIES NORDIGEN USES AND HOW DOES NORDIGEN USE THEM?
Nordigen uses different types of cookies and similar technology in a range of ways, including but not limited to:
Usage of cookies is no way linked to any personally identifiable information in Gateway and Analytics system. The cookies and other similar technologies Nordigen use may be operated by Nordigen itself or by third parties.
HOW TO MANAGE COOKIES?
THIRD PARTIES AND TRANSFER OF PERSONAL DATA
Your personal data may be disclosed if it is required by the Applicable data privacy laws or competent authority in order to fulfill Nordigen's legal obligations.
Nordigen may also provide personal data to companies that process personal data on behalf of Nordigen such as marketing service providers. Nordigen will be responsible for the correct processing of Your personal data.
Your personal data may be transferred or stored in countries outside of the European Economic Area / European Union, if legal grounds for such transfer exist and there is an adequate level of protection. Nordigen and its data processors shall enter into a binding agreement based on the applicable EU model clauses (Commission Decision on standard contractual clauses for the transfer of Data to third countries). Adherence to "the Privacy Shield Framework", adopted by the European Commission on 12 July 2016, form an alternative to the EU model clauses for the Data Processors located in the U.S. By registering to access Gateway and Analytics System You agree that personal data may be transferred and stored outside of the EU/EEA according to the above.
HOW TO CONTACT US?
Address: Gustava Zemgala gatve 74, Riga, Latvia, LV-1039
HOW TO CONTACT THE APPROPRIATE AUTHORITY?
Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.
Phone: +371 67223131