In use from 2021-01-19
How MCL processes personal data?
MCL protects your right to personal privacy and ensures that your personal data is processed in a secure, correct and legal manner. When we develop MCL’s services, these are preceded by technical, physical and organizational measures to ensure both privacy and accessibility of personal data and other information we process. As personal data controller, MCL is constantly working to ensure that our services and internal processes meet the requirements when processing your personal data.
The Policy describes the categories of personal data that MCL processes and the reasons for processing. Furthermore, information is also given about how we collect your personal data, who we share your information with and for how long we store collected data. The policy also describes how you can access your personal data, make comments regarding the processing and how to contact us with questions about our processing.
Personal data that may be collected by MCL
MCL processes different categories of personal data. We have therefore divided personal data into different categories. For example, the following personal data may be processed:
- Basic personal data (social security number, name, contact details and identification number),
- Data needed for MCL to e.g. conduct customer due diligence and to manage the risk of money laundering and terrorist financing, such as data about you and your financial assets and the purpose of transactions);
- Contracts (all types of information related to agreements relating to MCL’s services, such as account numbers and proxies), and
- Communication (both physical and electronic communications).
Purpose and legal basis for processing
Your personal data is primarily used to fulfill agreements that MCL has or is about to enter into and to enable MCL to fulfill the legal obligations that are imposed on us. Below is a description of the purposes that MCL has for processing personal data, what the intent is for the purpose and legal basis for each purpose.
Fulfilling of agreement
MCL collects, processes and stores your personal data in order to prepare, provide and administer MCL’s services to you – electronically, physically or over the phone.
MCL is obliged to comply with securities law and other applicable legislation for our operations, as well as applicable regulatory regulations at all times. In the context of this, we handle your personal data in order to, for example:
- Perform anti money laundering controls,
- Perform client approvals and establish contracts,
- Establish and maintain insider lists, as well as
- Report to competent authorities such as the Swedish Tax Agency and the Swedish
- Financial Supervisory Authority.
MCL offers legal services with the goal of creating long-term and good relationships with our customers. Therefore, we need to process your personal information for the following purposes:
- Conduct marketing activities where we identify and suggest services that may be relevant to you. However, you always have the opportunity to choose to unsubscribe from news releases and offers by contacting us.
Where we collect your personal data
We may collect your personal data directly from you, for example when registering as a client with MCL. We may also obtain information from public and other registers, such as Bisnode, the Swedish Companies Registration Office and government agencies.
Who do we share your personal data with
By law, MCL may not disclose information about you unless there is clear support in connection with the fulfillment of the terms of an agreement with you or for a legal purpose that requires or permits, such as reporting to authorities.
In order to fulfill the terms of our customer agreements and other commitments, we may share information about you internally within MCL and sometimes even with external companies that provide contracted services to MCL and our customers. This may include, for example, financial infrastructure partners, suppliers, actors acting on behalf of clients or other parties to the customer agreement.
Situations when we may share your personal information outside the organization are:
- To approved credit reporting agencies for credit reporting in connection with entering into an agreement with us,
- To various external actors to fulfill our contractual obligations, as well as
- To various authorities for the purpose of complying with laws and other regulations concerning, for example, taxes and money laundering or terrorist financing.
Transfer to third countries
Processing of personal data takes place within the EU / EEA and MCL does not transfer any personal data outside the said area. In rare cases, however, personal data may be transferred to and processed in countries outside the EU / EEA (so-called third countries). Before such a transfer occurs, MCL ensures that the transfer is performed only once appropriate safeguard measures have been taken and in accordance with the regulations in force for such transfer at any time such as standard contract clauses approved by the European Commission.
MCL only stores your personal data for as long as we need to be able to provide contracted services or as long as we have your consent to the processing and the legal basis for such processing exists. We also store personal information in order to fulfill our legal obligations, e.g. securities law and accounting law obligations, and when there is an obligation as a result of law or authority decisions.
Upon termination of any service provided by MCL, we might need to save some of your personal data that is linked to the relevant service for some time, due to legal obligations. For example, the Swedish Tax Agency requires that we retain certain personal data for seven (7) years in order for us to fulfill our reporting obligation.
When your personal data is processed by MCL, you have the following rights:
- You have the right to access the personal data we process about you. The information is provided in the form of a copy (through a register extract). Requests for registry extracts are usually free of charge.
- If the information we have about you is incorrect or incomplete, you can request that we correct or supplement it.
- You have the right, under certain conditions, to request that the processing of your personal data is restricted for certain stated purposes.
- You have the right to object to processing of your personal data that is based solely on consent or a justified interest.
- You have the right to request that we delete your personal data permanently under certain conditions (“right to be forgotten”). However, we have the right to refuse deletion in certain situations, e.g. if we are required by law to save certain data.
- If you do not wish to receive direct marketing from MCL, you can contact us at any time.
- You have the right to data portability, which means that, under certain conditions, you have the right to have your personal data transferred to another personal data controller in a structured, commonly used and machine-readable format.
You are normally entitled to exercise the above rights free of charge. MCL will respond to the request without undue delay and usually within one (1) month after receiving the request. However, if the request is unreasonable or clearly unfounded, MCL has the right to not comply with your request. In addition, MCL may request additional information to verify your identity.
We may make changes to this Policy and the latest version of the Policy is always available on our website.
If you have any questions or comments regarding how we process your personal data, you are welcome to contact MCL via firstname.lastname@example.org or at the following postal address:
Markets & Corporate Law Nordic AB
211 22 Malmö, Sweden
You can also contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) with any complaints regarding the processing of your personal data.