1.1 Data protection
1.1.1 As part of our business, we process personally identifiable information (personal data) about you as our customer and have therefore adopted this data protection policy, which describes how your data is processed and which rights you have as a data subject.
1.1.2 In order to protect your personal data in the best possible way, we assess how high the risk is that our data processing adversely affects your fundamental rights. In this context, we process your personal data based on the following basic principles:
- The processing happens in a lawful, fair and transparent way in regard to you.
- The processing is subject to a purpose limitation.
- The processing is carried out on a principle about data minimization.
- The processing is based on a principle of accuracy, which is intended to ensure that the data we process about you is accurate and up to date.
- Treatment is done based on a principle of retention limitation.
- The processing is based on a principle of integrity and confidentiality.
1.2 Data controller
1.2.1 Nordic Bloom Funds A/S, CVR no. 27 98 28 59, Tuborg Boulevard 5, DK-2900 Hellerup is responsible for the processing of your personal data.
1.2.2 This company thus responsible for ensuring that your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation) and applicable Danish national legislation.
1.2.3 If you have any questions regarding the company’s processing of personal data, please contact Torben Mauritzen, Chief Compliance Officer, at email@example.com
2 GENERAL INFORMATION ABOUT OUR PROCESSING OF PERSONAL DATA
2.1 Processing of personal data
2.1.1 The processing of personal data takes place as part of our marketing, advice on and management of the investment products that we offer and manage, including in connection with our contact with you as a potential or existing customer.
2.2 Types of personal data
2.2.1 The types of personal data we process about you are:
- Email address
- Telephone number
- Personal assets/property
- Tax matters
- Bank details
- Information about the pension company (if pension funds are invested)
2.2.2 We do not process special personal data (sensitive personal data) about you that includes:
- Racial or ethnic background
- Political, religious and philosophical beliefs
- Trade union membership
- Processing of generic or biometric data for the purpose of unique identification
- Health related conditions and sexual relations
2.3 The purpose of the processing of personal data, as well the legal basis for it:
2.3.1 We collect and store your data for specific and legitimate purposes, for example:
- When we need the information for our counseling to you as a potential or existing customer
- When we register you as a customer or contact person for the purpose of ongoing correspondence, money transfers, registration of ownership of shares in our investment products, etc.
- To fulfil our obligations to obtain information under the Danish Money Laundering Act
2.3.2 When we collect the information from you, or from third parties, you will be informed that we collect the information and for what specific purposes.
2.3.3 If we later need to use the information for a purpose other than that provided, we will contact you and obtain your consent.
2.3.4 Our legal basis for processing your personal data will typically be:
- Nature of the Data Protection Regulation. 6(1)(a): Consent
- Nature of the Data Protection Regulation. 6(1)(b): Performance of contract
- Nature of the Data Protection Regulation. 6(1)(c): Legal obligation
- Nature of the Data Protection Regulation. 6(1)(d): Protecting your or other private persons or vital interest
- Nature of the Data Protection Regulation. 6(1)(f): Balance of interests
2.3.5 In connection with the acquisition of your personal data, you will be informed of the legal basis for the processing.
2.4 The volume of data
2.4.1 Before processing your personal data, we examine whether it is possible to minimize the amount of personal data in relation to the purpose of the processing. We also investigate whether some of the types of data we use can be used in anonymous or pseudonymized form. This is possible if it does not adversely affect our legal obligations or our day-to-day operations.
2.4.2 We collect, process and store only the personal data necessary to fulfil the intended purpose, including fulfilling contractual or other legal obligations.
2.5.1 We continuously check that your personal data is not incorrect or misleading to the extent possible. In this regard, we ask you to inform us of relevant changes to your personal data.
3.1 In order to protect you from unauthorized access to your personal data, we use IT solutions that automatically ensure that all data is only available to relevant people.
3.2 In addition, we at Nordic Bloom P/S have adopted internal procedures and policies regarding information security. These procedures and policies contain instructions and actions that protect your data from being corrupted, lost, altered, published, and from unauthorized access or sharing.
4 DISCLOSURE OF PERSONAL DATA
4.1 As part of our business, we are sometimes obliged to disclose personal data to third parties. For example, this may be in connection with regulatory reporting to public authorities.
4.2 Third parties include, for example:
- The Danish Business Authority (typically the register of legal and ultimate owners)
- The Danish tax authorities
- The tax authorities of the countries where investments are made through our investment products (e.g. IRS, US tax authorities)
- The Danish Financial Supervisory Authority
- Danish Central bank
- Pension company, if the customer has invested pension funds
4.3 Disclosure of personal data to a third party will always be legally justified and/or necessary to safeguard your or your company’s interests.
5 YOUR RIGHTS
5.1 Right of access
5.1.1 You can obtain, on request, what personal data and category of personal data we process about you and what the purpose of the processing is if you have not already been informed. You can also gain insight into how long we store your personal data and who else has access to your personal data.
5.2 Right to object
5.2.1 You may object to the processing of your personal data at any time and withdraw a previously issued consent for the processing of your personal data.
5.2.2 However, please be aware that there will be certain personal data that we will be able to process without your consent if we have a legitimate interest and if the protection of your interests does not exceed that interest.
5.3 Right of rectification
5.3.1 If you believe that the personal data, we process about you is inaccurate or misleading, you have the right to have it corrected. In this regard, you must contact Torben Mauritzen, Chief Compliance Officer, at firstname.lastname@example.org
5.4 Right to have personal data limited or erased
5.4.1 As long as you are a customer with us and up to 10 years after the termination of the client relationship, we will retain your personal data for the purpose of fulfilling obligations to public authorities and in the event that legal disputes should arise.
5.4.2 However, in some cases, we will have an obligation to delete your personal data earlier. This applies, for example, if you withdraw consent or if the retention of your personal data is no longer necessary for the specified purposes.
5.4.3 If you request that your personal data be corrected or deleted, we will check if the conditions are met and in the case we will make the necessary changes or deletions as soon as possible.
5.5 Right to data portability
5.5.1 If you request information about the personal data we process about you and the conditions for this are met, you are entitled to receive these in a structured, commonly used and machine-readable format, and we cannot and will not prevent you from transmitting this information to third parties. If you request it and it is technically possible, we will make sure to transmit the requested personal data directly from us to a third party.
5.6 Right to complain
5.6.1 If you believe that your personal data is processed in violation of applicable law or other legal obligations, you have right to lodge a complaint with the Danish Data Protection Agency (email@example.com)