GDPR – what is it?
- The GDPR or General Data Protection Regulation is the name of the regulation on the protection of private individuals with regard to the processing of personal data and on the free flow of such data (hereinafter “GDPR”).
- The GDPR aims to protect the privacy of private individuals in the European Union (EU) as well as harmonise the laws of the European countries. The European Parliament adopted the Regulation on 27 April 2016.
- The GDPR does not prohibited to receive and process personal data, but defines the principles for the processing, storage and deletion of data.
The Regulation come into force on 25 May 2018 and it replaces the current Personal Data Protection Law.
The GDPR requirements apply to all companies, institutions, and organisations that process personal data. The requirements must be met not only by banks, but also by insurance companies, medical institutions, retailers and others.
Yes, generally, the Regulation only applies and is referred to personal data. However, the data of legal entities may include personal data. For example, information about shareholders, management board members, etc. If a single shareholder owns a company, the data on that company may also apply to the shareholder as an individual.
We already follow the data security and protection requirements, therefore the GDRP will not change our relationship with customers significantly. The Regulation specifies the options for the customer to control the use of their data.
In the interests of customers, SEB has been reviewing applications for services and agreements to make sure that the collection and processing of personal data has an appropriate reason and that in certain cases the customer’s consent has been obtained.
Data processing at the bank
Personal data include all information (written, audio, video, electronic, biometric) about the relevant individual, i.e., their date of birth, telephone number, postal and email addresses, photos, as well as any other information that helps to identify that individual.
In a broader sense, personal data may also include such information, which relates to the individual indirectly. For example, an individual’s birth data, phone, and address identify that individual directly, whereas the real estate register with the Land Registry or the GPS system in a car which shows the coordinates of movement enable that individual to be identified indirectly.
SEB processes data only for specific purposes and the data are not stored for longer than necessary. SEB maintains the data, which is necessary for providing the services selected by the customer and SEB is able to deliver it to the customer.
SEB processes customer data in one or more of the cases mentioned below:
- for signing and executing the agreement;
- requested by the law;
- for pursuing legitimate (lawful) interests;
- the consent has been obtained from the customer.
SEB uses the data for content and marketing campaigns, lotteries, commercial information, and similar activities only with the customer’s consent.
SEB processes customer data only for as long as needed for a particular purpose to perform its liabilities towards the customers and comply with the legal data processing requirements. For example, we store data on the customer until the expiry of their agreement. To protect SEB's legitimate interests, we may store the data for ten (10) years after termination of the agreement. The law may require SEB to store the data for a specific term.
SEB may share customer data only in the cases set in the laws (credit institutions must also comply with requirements of the Credit Institutions Law on data protection and transfer):
- If the data are required by a public authority (for example, the Bank of Lithuania, the State Data Protection Inspectorate, the Financial Crime Investigation Service, etc.);
- If necessary for the performance of any contract. Information processing companies (data processors) can use the name of SEB bank. SEB must take the necessary measures to ensure that the authorized data processors handle the data in accordance with the guidelines provided by SEB Bank, comply with the security and confidentiality requirements and act in accordance with the law.