As the data controller, Nordic Investment Bank (“NIB”, “we” or “us”) is fully committed to protecting your individual rights and keeping your personal data safe.
2. Controller details
The contact details of the data controller are:
Nordic Investment Bank
P.O. Box 249,
Tel +358 10 618 001
3. Purposes and legal basis’ for processing personal data
NIB only processes personal data that is necessary for a specific, explicit and lawful purpose. In practice, we mainly process personal data for the following purposes:
- Providing, promoting, and developing our products and services, which may include marketing our products and services, sending newsletters and management of the customer relationship. Such processing is based on our legitimate interest to provide financial products and services which advance our mandate of improving competitivity in the Nordic region and mitigating climate change.
- Communicating with our customers and cooperation partners and maintaining business relationships with individuals close to us, which is based on our legitimate interest to maintain good business relationships, market our products and services and monitor implementation of our mandate.
- Carrying out the recruitment process, which may include assessing your qualifications and suitability for specific job openings, communicating with you and carrying out background checks (for specific positions). Such processing is necessary for preparing to enter into an employment agreement with you, but also for our legitimate interest to carry out our recruitment process.
- Carrying out procurement processes, which is based on NIB’s legitimate interest to ensure efficient and reliable procurement processes.
- Carrying out project appraisal processes, which is based on NIB’s legitimate interest to assess with the financial strength and eligibility of financing projects or proposals.
- Risk management and ensuring the security of services, which is based on NIB’s legitimate interest to maintain its financial strength so as to be able to continue to fulfil its mandate.
- Preventing and investigating misconduct and non-compliance, which is based on NIB’s legitimate interest to ensure accountability, ethical conduct and compliance with NIB’s relevant policies, regulations and governance requirements.
- Granting access to NIB’s premises and keeping track of visitors, which is based on our NIB’s legitimate interest to manage visitors and ensure the safety and security of our premises.
- Satisfying statutory obligations and any other official rules and regulations that NIB determines are required for the performance of its activities and in accordance with our Legal Framework. Such processing is based on NIB’s legitimate interest to comply with its Legal Framework.
4. Categories of personal data
NIB mainly processes the following information for the above-mentioned purposes:
Company and contact information
- Basic contact information (e.g. name, title, organisation, telephone number, email address, company address, and the primary address, if different from the company address)
- Information on services ordered by or provided to the customer (e.g. service delivery, contract and billing information)
- Customer communications (meetings, communications relating to the customer or other relationship)
- Identification and background information necessary for fulfilling our obligations relating to anti-money laundering and counter-terrorist financing
Internal procurement and project appraisal information
- Contact details
- CV’s from consultancy services
- Data relating to integrity screening (“IDD data”)
- Nationality and birth date
Information related to recruitment (for jobseekers)
- Applications, CVs and other information provided during the recruitment process
- Background security clearance information (for certain positions)
Information on the use of the NIB website
5. Sources of data
Personal data is collected either directly from you, received from our customer organisation, collected with cookies when you use our website or otherwise during the course of NIB’s business activities.
6. Storage periods
NIB will keep your data for as long as they are needed for the purposes for which your data was collected and processed. The maximum retention periods for personal data are as follows:
- Company and contact information on visitors to NIB’s premises: 3 months after your visit
- Client information: 10 years after the loan is fully paid or 10 years from the date of signing of the loan agreement (in case the loan was cancelled) or 5 years from the date on which the first steps of processing the transaction were taken (in case of non-approval of credit).
- Internal procurement information: 10 years after the expiry of the relevant agreement
- Project appraisal information: As for client information.
- Recruitment information: For applications to specific positions the retention period is 6 months. For open applications the data is stored for a longer period but will be deleted if requested by the candidate.
- Information on your use of the NIB website: information concerning website use is generally retained for a maximum of 4 weeks. Expiry periods for cookies are defined in our Cookie Declaration.
- Further details are available from the Data Protection Officer at email@example.com.
7. Transfers of personal data
When processing the data for the purposes mentioned above, NIB may disclose personal data to certain public authorities and other third parties to satisfy legal obligations that NIB determines are required for the performance of its activities and in accordance with our Legal Framework.
We have also outsourced the processing of certain personal data to third party service providers, such as IT service providers. When transferring personal data, NIB shall ensure that the party receiving the data maintains an adequate level of protection.
NIB may also transfer data outside of the EU or EEA. When data is transferred outside of the EU or EEA, we ensure a similar level of protection to your personal data by implementing necessary contractual or other safeguards to protect your data.
8. Your rights
You as a data subject have rights in respect of personal data we hold about you. You have the following rights:
- Right to request access to your personal data. You have the right to get a confirmation as to whether NIB processes personal data on you. If so, you are entitled to receive a copy of the personal data being processed.
- Right to request rectification of inaccurate or incomplete data. You have the right to ask NIB to rectify personal data concerning you. You also have the right to have incomplete personal data completed.
- Right to request erasure. You have the right to ask NIB to delete personal data on you in certain situations.
- Right to object to processing based on NIB’s legitimate interest. In cases where NIB’s processing is based on legitimate interest, you have the right to object to the processing on grounds relating to your particular situation. That is to ask, that the personal data shall no longer be processed for such purposes. In case of marketing, you always have the right to object to the data processing by NIB for such purposes.
- Right to request restriction of processing of personal data. You have the right to request that NIB restricts the processing of your personal data under certain circumstances. The restriction of processing means that the personal data that is subject to the restriction may, besides from storage, only be processed (i) with your consent; (ii) for the establishment, exercise or defence of legal claims; (iii) for the protection of the rights of another natural or legal person; or (iv) for reasons of important public interest.
- Right to data portability. You have the right to receive the personal data you have personally provided to NIB in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, if the processing is based on consent or contract, and is carried out by automated means.
- Right to withdraw consent. If the processing is based on consent, you have the right to withdraw your consent at any time.
If you wish to use your above rights as a data subject, please submit your request to the abovementioned Data Protection Officer.
If you consider that your personal data is not processed legally, you may file a complaint with the Data Protection Officer.
9. Principles of securing personal data
The personal data is protected by limited and assigned access to protected databases where such data is kept in a secure manner. Destruction of personal data is handled in a secured manner.