The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a new EU-regulation which enters into force on 25 May 2018. GDPR replaces the Swedish Personal Data Act and strengthens the individual’s rights through stricter requirements for companies on how to process your personal data.
Norron AB (the ”Company”) is a Nordic investment manager with offices in Stockholm and Oslo. The Company manages UCITS-funds with primary focus on the Nordic capital markets. The Company only carries out the investment management of the funds. The day-to-day operations and administration of the funds are conducted by SEB Fund Services S.A., the Management company. Since the Company only focuses on the investment management, and is excluded from the administration of the funds, the Company does not hold any data about the funds’ investors and therefore the processing of personal data with regard to third parties is limited.
It is important for the Company that the personal data that the Company collects and uses is processed in a secure and transparent way and in compliance with the GDPR. Thus, the Company has established this policy to provide you with information about what personal data that the Company processes about you, for what purposes we use it, how we process the personal data, and for how long we keep your personal data.
What type of personal data do we process about you and why?
The Company may process personal data about you for different purposes. For example the Company stores personal contact details for communication purposes and/or to be able to provide you with information about our investment management or to invite you to events. The company also processes personal data about you if you apply for employment with the Company or submit a complaint about the Company. More information about what personal data the Company processes is to be found below.
The Company does not process any special categories of personal data (article 9 GDPR) about you.
Records of contact information, communication and marketing
The Company stores and uses information about those who have a business relationship with the Company or have been in contact with the Company for any other matters, such as email correspondence, arranging meetings or contact through other means of communication. The information we store about you for these purposes is mainly contact details – i.e. name, phone number, email address, title, company/employer – but could also be notes from meetings etc. The Company keep emails or similar communication information for one year or for such a period that the Company finds it necessary to fulfil the purpose for which the personal data was collected. The Company must also consider our need to answer any queries, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes.
It is important for the Company that your personal data is kept safe and that the Company can keep track of the information that we process. For this purpose, the Company uses a CRM-system to store and manage your contact information. By using this system, the Company can customise its mailings so that you only receive the information that you have requested such as information about the Company’s business and/or invitations to different events hosted by the Company. In the CRM-system we only store your contact details such as your name, phone number, email address, title/role, and company.
When the Company is going through a recruitment process it is necessary for the Company to process applicants’ personal data. During such a process the Company must store additional personal information about the applicant than what is outlined above. Besides your contact details we must also store your CV, information about previous work experience, references, personal ID number, and potentially a picture of you if you decide to add that to your application. This is necessary so that we can make an informed decision of whom we decide to hire and also to evaluate your suitability for the position. If you apply for a vacant position that the Company has advertised, the Company will store your personal data throughout the hiring process. If you submit an application for a position that has not been advertised, the Company will store your personal data during a reasonable period of time until the Company has been able to assess whether or not you would be relevant for a future hiring process. For safeguarding purposes the Company will store information about each applicant for a period of two years upon completion of a hiring process.
The Company will store information about anyone who enters into contract with the Company. What type of personal data that will become necessary to store depends on the purpose of the contract, but will mainly concern information such as name, phone number, email address, title/role, and company. The information will be stored throughout the duration of the contract or during such period the Company finds necessary considering legal requirements under applicable laws and for safeguarding purposes.
In the case of the Company being subject to any complaints from investors the Company must process information necessary to manage the complaint. The Company has a legal obligation to store and keep a record of each complaint that it receives. For that purpose, the Company will store all necessary data in relation to such complaint for five years, including your personal contact details and any other information in relation to the complaint that the Company finds necessary to keep.
The Company may also in other cases than the above need to process personal data of a third party if such processing is necessary for the purposes of the legitimate interests pursued by the Company except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
The lawfulness of the Company’s processing of personal data
Processing of personal data based on consent
If the Company is processing personal data about you based on your consent, you will in advance receive all necessary information in relation to the purpose of the processing in accordance with GDPR. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Processing of personal data necessary for the fulfilment of a contract
The Company store personal data in fulfilling obligations related to agreements.
Processing of personal data based on the Company’s legitimate interests
The Company may process personal data based on the Company’s legitimate interest. In these cases the Company considers the Company’s or third parties’ legitimate interest of the processing of the personal data to override the interests or fundamental rights and freedoms of the data subject, which requires protection of personal data. However, you will always receive relevant information of the processing of your personal data in accordance with GDPR. This is usually the case when the Company collects personal data for the purposes of communication in relation to the above, marketing, hiring of personnel and processing of complaints.
Period during which the personal data will be stored
The Company stores personal data for the period it finds necessary in fulfilling the purpose for which each specific personal data was collected, including the consideration of being able to meet the data subject’s specific needs and queries, complying with applicable laws and regulations as well as for safeguarding purposes. When the Company no longer considers the processing of personal data to be necessary, the Company will delete the data. Thus, the processing of personal data is depending on the purpose of the processing, but also on what legal ground the processing of personal data is based on. If the processing of personal data is based on consent the Company will delete the data if the data subject withdraws his/her consent. The Company keeps emails or similar communication for one year or for such period that the Company finds necessary to fulfil the purpose for which the personal data was collected. Contact details for business partners and others will be stored for the period the Company finds necessary to fulfil the purpose for which the personal data was collected. However, the data subject always has the right to object to the processing of its personal data, please see below.
Rights of the data subject
To the extent that the Company processes personal data the data subject has certain rights in relation to the Company;
i. the right to access the personal data;
ii. the right to rectification and erasure of the personal data;
iii. the right to request restriction of the processing of personal data and the right to object the processing;
iv. the right to withdraw consent to the processing of personal data (where applicable); and
v. the right to data portability.
If the data subject enforces any of its rights above, the Company will, without undue delay and under any circumstances within a month after the request by the data subject, respond to the data subject regarding what measures has been taken by the Company due to the request. If the request is deemed complex by its nature by the Company, the Company may extend such period to up to two months.
Any queries in relation to the above should be sent electronically to email@example.com.
In case the data subject is of the opinion that the Company has been in breach of the provisions under GDPR, the data subject has the right to file a complaint to the competent authority. In Sweden this is Datainspektionen (www.datainspektionen.se) and in Norway Datatilsynet (www.datatilsynet.no).
In order to always improve its services, the Company stores information about how users navigate the website. The purpose of this is to track which pages on the website that users find the most interesting, so that these pages can be easier to access in the future.
If you do not want to accept a cookie you can use your in-built browser or device settings to deny or accept specific or all cookies. Previously stored cookies can also be deleted in your web browser. However, please be aware this may impact the website access.
You can find more information about cookies on website on Kommunikationsmyndigheten Post- och telestyrelsen (PTS). If you have any further question with regards to the Company’s usage of cookies, please send an email to firstname.lastname@example.org.
Processors and other recipients of the personal data
The Company may use processors to store and process personal data on behalf of the Company. This mainly concerns the processing of data through IT-solutions, cloud services, CRM-system etc. Where the processing is to be carried out on behalf of the Company, the Company only uses processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
The Company may also share/transfer the personal data to recipients if necessary and in accordance with applicable laws and regulations.
The Company will not share/transfer any personal data to a third country outside the EU/EES, provided that the Company has not ensured that such country has an adequate protection of personal data.
Security of processing
The Company has in accordance with applicable laws and regulations implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing of personal data.
Bolaget förbehåller sig rätten att när som helst ändra denna integritetspolicy. Den registrerade rekommenderas därför att regelbundet läsa igenom Bolagets integritetspolicy. Skulle däremot Bolaget ämna att göra några väsentliga ändringar av policyn som kan riskera att påverka den registrerades grundläggande fri och rättigheter kommer den registrerade att meddelas om detta i förväg.
Contact the Company