This privacy policy applies as of April 1st, 2026.
1. Introduction
This website and the services described herein are provided by Nordic Legal Entity Identifier AB, a company incorporated in Sweden with corporate identity number 556708–1699 ("NordLEI") and registered address at Kungsgatan 56, 111 22 Stockholm, Sweden. At NordLEI, we work systematically with information security and data protection to ensure the secure handling of information and personal data. We take responsibility for ensuring that personal data processed by us is used only for the intended purposes and is protected against unauthorized access. All processing of personal data takes place in accordance with applicable data protection legislation.
In this Privacy Policy you will find information about our processing of your personal data. Personal data means data that either directly or indirectly can identify you. This information applies to you who use our services, are a contact person of our corporate client, supplier, counterparty, or partners to us, visit our websites, and otherwise are in contact with us regarding our business or are directly or indirectly affected in the performance of our services. You are encouraged to read this information carefully. Please stay updated on any changes to this Privacy Policy by regularly visiting our websites.
The term "our websites" refers to the following domains:
NordLEI is the data controller for the processing of your personal data when you visit our website, use our client portal, or otherwise are in contact with us. We are also the data controller for the processing of personal data related to our provision of the LEI services, as an accredited Local Operating Unit ("LOU"). In certain jurisdictions, we operate with a license as a ‘Registration Agent' ("RA"), on behalf of a LOU who is accredited in the jurisdiction. As RA, we are processors to the licensing LOU.
This Privacy Policy does not apply when we acts as processors or to products or services offered by our affiliates where the affiliate acts as the data controller, nor does it apply to third-party services or websites.
For questions or comments about anything stated in this policy or otherwise regarding our data protection work or use of cookies, or if you wish to assert any of your rights listed under section 7, please contact us at privacy@nordlei.org or at the above mentioned postal address.
We are a Swedish company, and this information has been produced in Swedish. In case of discrepancies between the language versions of the Privacy Policy, the Swedish language version prevails.
For questions or assistance with our services, please contact our corporate client service support@nordlei.org.
2. Information We Collect and Use
The personal data is collected through you, the company you work for or represent, or the person or legal entity who has been commissioned to administer LEI codes on your behalf, external persons, as well as from publicly available and public sources, such as websites, various registers, and databases as well as authorities (e.g., the Swedish Companies Registration Office). If you purchase our services through our Indian subsidiary, they provide us with your personal data. If you visit us on LinkedIn, we collect the personal data that you provide to us through that channel.
When you use our online services, we collect your electronic identification data and other information. When you visit our website, we collect data by using cookies and other technologies in your browser or device, some of which may constitute personal data. Please note that the placement of non-essential cookies requires your prior consent. We obtain your consent both to the use of such cookies and to the associated processing of personal data. See more in our cookie policy to find out if, and how, we use cookies and similar technologies.
The personal data that we collect about you when you use our services, visit our website, and otherwise interact with us regarding our business includes the following.
- Identity and contact information, such as name and social security number / organization number (if sole proprietorship), government-issued identification (such as passport, government issued ID, or driver’s license) including your photo.
- Contact details, such as postal address, e-mail address, telephone number.
- Profile information, such as job title/role, ownership interest in companies, organization number, name and address of the company or organization to which you belong.
- Order data, such as payment information and payment history
- Communication, including oral and written correspondence
- Other information, such as login information, signatory information for digital signing, LEI codes, IP adresses, browser and device information, online identifiers, session data, behavioural data and country and language settings.
3. Why do we process your personal data?
Below we list why we process personal data, where applicable. Which processing activities your personal data is subject to depends on the relationship you have with us.
When providing our LEI services, we use personal data to make an independent assessment of whether our corporate clients align with third party standards. As LOU we act as an independent validation party and are obligated to comply with industry standards developed and enforced by certain third-party organizations or authorities, such as the Global Legal Entity Identifier Foundation (GLEIF). A LEI code issued by us is therefore the result of a standalone assessment against the third-party validation criteria and under a process that the recipient of the LEI code is unable to influence or interfere with. For more information on our industry standards and LEI-related regulations, please visit each link or see www.gleif.org.
To read more about which categories of personal data and on what legal basis we process the personal data, see our detailed information about our processing of personal data.
3.1. Providing our services
In order to provide our services, we process the personal data necessary for:
- Administration of user accounts.
- Provision of support, including the use of AI systems.
- Verification and validation of our corporate clients and/or corporate client’s signatories.
- Issuance, renewal, revocation, transfer, or challenge of LEI codes.
- Compliance with securities market rules.
- Fulfilment of agreements with the Global Legal Entity Identifier Foundation (GLEIF) as LOU and to maintain access to the Global Legal Entity Identifier System (GLEIS).
3.2. Manage relationships with corporate clients, suppliers, partners and GLEIF
If you are a contact person for a corporate client, supplier, partner or GLEIF, we process your personal data for the purpose of managing the corporate client or supplier relationship, cooperation, or our relationship with GLEIF and when necessary for follow-up and evaluation. Our handling is, for example:
- Registration of you as a contact person.
- Communication, including the use of AI systems.
- Marketing, including the use of cookies and similar technologies. Certain automated processing, including profiling, may be carried out for the purpose of personalizing our marketing
- Management and archiving of agreements.
- Administration of order confirmations and invoices.
3.3. Communicate about us and our business
We use your personal data to communicate about us and our business in various channels, for example through mailings before maintenance work in the client portal or in marketing.
The personal data that may be processed for marketing purposes includes your name, contact details (such as email address and telephone number), employer, job title, and information about your interactions with our website and communications, for example pages visited, clicks and e-mail engagement.
Certain automated processing, including profiling, may be carried out for the purpose of personalizing our marketing. We do not make decisions based solely on automated processing that produce legal effects or otherwise significantly affect you.
You can unsubscribe from our marketing communications at any time, either by clicking "unsubscribe" in mailings or by contacting us at privacy@nordlei.org.
3.4. Communicate internally and externally
In connection with communication, e.g., by e-mail, telephone, or other digital means, we may, where applicable, process your personal data. Communication on our behalf takes place both between employees and with external persons (e.g. consultants).
3.5. Evaluate and develop our business
Where applicable, we may use your personal data to compile reports and statistics at an overall level and analyse these for the purpose of following up and evaluating the business. We also use these reports and statistics to develop and improve our business, business practices and strategies, including the website. When compiling these reports and statistics, anonymization/pseudonymization of personal data takes place. No profiling or automated decisions takes place within these processing activities.
For analyses carried out within the framework of data quality issues, we may use personal data such as organization number, company form, addresses, company signatory, board of directors, etc. When it comes to quality control, no anonymization of the data takes place. No profiling or automated decision takes place within this processing activity.
We do not use personal data to train our internal AI models without your prior consent.
3.6. Carry out our business
When we carry out our business, except in the provision of services, we use your personal data to:
- Document the business, e.g., to manage and save agreements, underlying documentation, minutes, and presentations.
- Carry out recruitment processes or assess spontaneous applications, including reference contacts.
- Answer questions and provide corporate client service.
- Review the quality of our data.
- Detect and prevent misuse of our services, for your, others' and the service's safety.
- Ensure technical functionality and security, e.g., in security logging, error handling and backup.
- Manage and respond to legal claims, e.g., in connection with a dispute or legal process. For this purpose, we may share your information with other recipients, see more below.
- Comply with legal obligations, e.g., to comply with requirements of accounting, employment, or data protection legislation. For this purpose, we may share your information with other recipients, see more below.
4. Recipients with whom we share information
When necessary, we share your personal data with different recipients. For more information about categories of data and on what legal basis we share your personal data with recipients, please see our detailed information on when we share information. Where applicable, we share information, including personal data, with these recipients.
4.1. Corporate clients
In order to deliver the agreed service, personal data may be shared with our corporate clients, for example during the verification process of LE-RD or in support cases (e.g. your organization and contacts).
4.2. Data processors
In our day-to-day operations, we use service providers. These service providers provide, for example, IT services (e.g., storage) and communication services (e.g., communication in support), in which case personal data may be processed. When the service providers process personal data on our behalf, they are data processors to us. They may not use your personal data for their own purposes and are obliged by law and data processing agreement with us to protect your data.
4.3. Companies that are data controllers for personal data
4.3.1. Government agencies (e.g., the Swedish Police, the Swedish Tax Agency)
Where required by law or in cases of suspected criminal activity. This includes disclosures to authorities both within and outside the EU/EEA
4.3.2. Payment service providers
To administer payments via the website or client portal, we use a payment service provider. We share and receive information from the payment service provider to enable you to pay for – and thus use – our services. In order to get paid, we may direct you to a third-party website that manages the payment. We are not responsible for the privacy processes of websites that we do not provide or operate. The payment service provider is the data controller/or processor for another controller, for its processing of your personal data. More information about their personal data management can be found at the payment service provider.
4.3.3. Affiliates within the NordLEI group of companies
We may share personal data with affiliates within our corporate group to achieve our business purposes and to market our services in accordance with applicable legislation. Each affiliate is considered controller for its processing of personal data for these purposes.
When you or your company engage our services through our Indian subsidiary Global LEI India Private Limited, we may receive and share personal data with them as necessary to facilitate the provision of LEI services. Our Indian subsidiary acts as processor to us for these purposes and the processing is governed by a data processing agreement.
4.3.4. Other
In order to comply with our legal obligations, your personal data may be shared with our auditor, external advisors, and the Global Legal Entity Identifier Foundation (GLEIF) for registration in the Global Legal Entity Identifier System (GLEIS).
In connection with a legal dispute, we may transfer data to other parties, such as external advisors, arbitration tribunals or counterparties. The processing is necessary to satisfy our legitimate interest in establishing, exercising, and defending legal claims.
We may also share information with potential buyers and sellers if we were to sell all or part of the business or in the event of a merger. The processing is necessary to satisfy our legitimate interest in conducting the divestment or merger.
4.4. Other recipients
In recruitment processes, we may share your personal data with external parties, such as provided references.
5. Transfer to third countries
We are accredited to provide LEI services in nearly 50 jurisdictions, some of which are located outside the EU/EEA. In connection with the provision of our services, personal data may be transferred to countries outside the EU/EEA - including deliveries of LEI codes to designated contact persons located in third countries. In such cases, we ensure that appropriate safeguards are in place in accordance with the GDPR.
When you or your company engage our services through our Indian subsidiary Global LEI India Private Limited, we transfer your personal data necessary for the provision of our LEI services to India. This transfer is made under a data processing agreement with incorporated EU standard contractual clauses.
When we use service providers based outside the EU/EEA, we ensure that the personal data processing is governed by a data processing agreement with incorporated EU standard contractual clauses or equivalent safeguards as required by GDPR.
In connection with interactions with authorities in the countries outside the EU/EEA where we operate, personal data may be disclosed. From the point at which an authority receives such personal data, e.g. in connection with audits, that authority acts as an independent data controller and is responsible for its own processing of the personal data.
If you would like more detailed information about to which countries outside the EU/EEA area the transfer may take place and what safeguards are applied to the transfer in question, you are welcome to contact us.
6. Specific information for data subjects outside the EU/EEA
This section applies to individuals who are located in countries outside the EU/EEA in which we operate and visit our website, use our services, or are otherwise subject to our processing of personal data. The information in this section supplements the Privacy Policy and is based on applicable local data protection laws, to the extent such laws impose requirements that are more stringent than the GDPR. In the event of any discrepancy between this section and the other parts of the Privacy Policy, this section shall prevail for data subjects located in the countries listed below.
6.1. Australia
If you are located in Australia and visit our website or are otherwise subject to our processing of personal data, e.g. as a contact person for one of our LEI customers or as involved in a recruitment process, this section applies to you. The applicable law is the Privacy Act 1988 (Cth), including the Australian Privacy Principles and the Notifiable Data Breaches scheme.
6.1.1. Processing of personal data
We do not collect personal data about you other than the categories described in Section 2 of this Privacy Policy, and, where applicable, in our Cookie Policy. We also do not process personal data for purposes other than those described Sections 3 and 4 of this Privacy Policy.
6.1.2. Consent
Given the nature of our services, we generally process personal data relating to individuals who act as contact persons, administrators, or representatives of our customers, or whose name is included in a customer’s company information. Such processing is necessary for the provision of our services, including verification and validation activities related to the issuance and maintenance of LEI codes. We assume that the individual specified as the contact person or administrator for our customer, or the individual whose name is included in the customer's company, is aware that we will process this personal data. We also assume that the individuals concerned are to some extent aware of the processing of personal data required for the issuance of an LEI code, and that our verification process involves, among other things, the collection and verification of the provided data and that consent has therefore been given.
Where consent is required under applicable law, we rely on consent as a legal basis for the processing of personal data. If you provide personal data that we have not specifically requested, including information that may be considered sensitive under applicable law, we will treat such provision as consent to the processing of that information for the relevant purpose, including storage or deletion, unless otherwise required by law.
If we intend to process your personal data for purposes other than those described in this Privacy Policy and where required by applicable law, we will obtain your explicit consent prior to such processing.
You may withdraw your consent at any time by contacting us using the contact details set out in Section 1 or in Section 6.1.5 below. Withdrawal of consent may affect our ability to provide services to the customer you represent or to perform certain activities. Personal data processed prior to the withdrawal of consent may continue to be processed where permitted by law.
6.1.3. Your rights
Subject to applicable law, you have the right to request access your personal data. We will respond to such requests within 30 days, or within any other rime period permitted or required by law. The right of access applies only to your personal data and does not extend to documents or information relating to third parties or other individuals.
In certain circumstances, access to specific data may be restricted or refused as permitted by law. If this occurs, we will inform you of the reasons in writing. Where permitted by law, we may charge an administrative fee for handling an access request. If a fee applies, you will be informed in advance.
If you believe that any of the personal data we hold about you is inaccurate or incomplete, you may request that it be corrected in accordance with Section 7.2 of this Privacy Policy. We do not charge a fee for rectification requests. For security reasons, we may need to verify your identity before making any corrections. You may also request that we notify relevant recipients of the correction.
We strive to ensure that personal data is processed in accordance with applicable law. If you believe that we have processed your personal data incorrectly, please contact us using the contact details below.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
6.1.5. Contact details
If you have any questions about this Privacy Policy, or our processing of your personal data, you may contact us at privacy@nordlei.org.
6.2. India
For customers located in India, information about the processing of personal data in relation to our services provided by our Indian subsidiary is available in the privacy policy published on the website of Global LEI India Private Limited.
For questions regarding the processing of personal data by Global LEI India Limited outside of their role as a data processor, please contact support@globallei.in.
6.3. Other countries outside the EU/EEA
As part of our international expansion, we may offer our services in additional countries outside the EU/EEA in the future. This section will be updated on an ongoing basis to reflect new jurisdictions in which we operate.
7. Your rights
As the data subject, you have certain rights in relation to your personal data that we process under applicable data protection legislation. In this section, we provide more detailed information about these rights. You also have the right to receive this information verbally, provided that your identity has been verified. More information about your rights can be found on the website of the Swedish Authority for Privacy Protection (IMY) (www.imy.se).
Please note that certain rights are limited with respect to our obligations under financial market regulation and under GLEIF regulations.
We normally provide access to your data protection rights free of charge. However, if a request is manifestly unfounded, unreasonable, or repetitive, we reserve the right to charge a reasonable administrative fee or to refuse to act on the request. We may also decline to comply if fulfilling the request would violate applicable law.
7.1. Right of access (extract from the register), art. 15 GDPR
You have the right to request confirmation from us as to whether we are processing your personal data. If you want to get a deeper insight into what personal data we process about you, you can request access to the information. The information is provided in the form of a register extract stating the purpose, categories of personal data, categories of recipients, storage periods, information about where the information has been collected from and the existence of automated decision-making, and, where applicable, with the support of which safeguards transfer takes place to countries outside the EU/EEA.
The right to a copy of the register extract must not have a negative impact on the rights of others, including ours. If we make the assessment that your right to a copy of the register extract has a negative impact on the rights of others and we therefore exclude information from the copy, you will be informed of this and the reason why.
A request for an extract from the register must be made in writing and be signed in person. The request should be sent to Kungsgatan 56, 111 22 Stockholm. Please be aware that if we receive a request for access, we may ask for additional information to ensure effective handling of your request and that the information is provided to the right person.
7.2. Right to rectification, Art. 16 GDPR
If you believe that the information, we have about you is inaccurate or misleading, you have the right to request correction. Within the scope of the stated purpose, you also have the right to supplement any incomplete personal data. You can request correction by contacting us at privacy@nordlei.org. If you are logged in to our client portal, you can change certain information yourself.
Please note that a historical information is not automatically considered incorrect, as it may have been correct at the time of registration.
7.3. Right to erasure, Art. 17 GDPR
You can request the deletion of personal data (the right to be forgotten) we process about you if:
- the data are no longer necessary for the purposes for which they have been collected or processed;
- you object to a balance of interests we have made based on legitimate interest and your reason for objection outweighs our legitimate interest;
- you object to processing for direct marketing purposes;
- the personal data is processed in an unlawful manner; or
- the personal data must be deleted in order to comply with a legal obligation to which we are subject.
We do not process any personal data of a child (under the age of 16) whose collection has taken place in connection with the provision of information society services (e.g., social media).
If you request deletion, we will review whether your request can be met. We have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from, for example, accounting and tax legislation, banking, and money laundering legislation, but also from EU directives and regulations. Continued processing may also be necessary for us to be able to establish, exercise or defend legal claims. Should we be prevented from complying with a request for deletion, we will ensure that the processing of personal data is limited to only the purposes that prevent the requested deletion.
7.4. Right to restriction of processing, Art. 18 GDPR
You have the right, in certain cases, to request a restriction of our processing of your personal data. If you dispute that the personal data we process is correct, you can request limited processing for the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need it to be able to establish, exercise or defend legal claims, you can request limited processing of the data from us. This means that you can request that we do not delete your data.
If you have objected to our balancing of interests for the processing of your personal data, you can request limited processing during the time we need to check whether our legitimate interests outweigh your interests in having the data deleted.
If the processing has been restricted in accordance with any of the situations above, we may only, in addition to the storage itself, process the data to establish, exercise or defend legal claims, to protect someone else's rights or if you have given your consent.
7.5. Right to data portability, art. 20 GDPR
You have the right to receive the personal data that you have provided to us and that concerns you in an electronic format that is widely used. You also have the right to request a transfer of such data to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can be automated. A further prerequisite for the right to data portability is that the processing takes place on the basis of your consent or to fulfil an agreement with you (Art. 6.1(a) and 6.1(b) GDPR respectively). In our detailed information you can see when we handle your personal data on the basis of consent or to fulfil an agreement with you.
If your personal data has been used for training of our internal AI models, you may request access to, or the transfer of, the personal data you have provided to us (raw data), in accordance with applicable data protection law. Please note that personal data that has been incorporated into an AI model is transformed during the training process and no longer constitutes personal data in a retrievable form. Such data cannot be extracted from the trained model.
7.6. Right to object to certain types of processing and direct marketing, Art. 21 GDPR
Some of our processing takes place with a balance of interests as a legal basis. You have the opportunity to object to these. If you make such an objection, we need to be able to show a legitimate reason for the processing in question that outweighs your interests, rights, or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.
You have the opportunity to object to your personal data being processed for direct marketing. The objection also covers the analyses of personal data (so-called profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (e.g., by post, e-mail, and SMS). Marketing measures where you as a corporate client have actively chosen to use one of our services or otherwise sought us out to find out more about our services are not counted as direct marketing.
We do not carry out any so-called automated decision-making that produces legal consequences or otherwise significantly affects you.
7.7. Right to withdraw consent, art. 7 GDPR
When, where applicable, we base our processing of your personal data on your consent, you have the right to withdraw from this at any time. Such revocation may be limited to only part of the processing.
7.8. Right to lodge a complaint
In addition to the rights listed above, you also have the right to lodge a complaint with your relevant data protection authority. In Sweden, the Swedish Authority for Privacy Protection (IMY) is the supervisory authority. Their contact details can be found on www.imy.se. If you live or work within the EU/EEA, but in a country other than Sweden, you can turn to the privacy protection authority in that country. You can find your privacy protection authority here: Our Members | European Data Protection Board (europa.eu)-(https://edpb.europa.eu/about-edpb/about-edpb/members_en)
Detailed information on the processing of personal data
Our processing of personal data
In this section you can see detailed information about which categories of personal data we process, on what legal basis and for how long we save the data for each processing.
| Purpose | Personal data | Legal basis | Duration |
|
User account administration |
|
Legitimate interest Fulfillment of contracts |
Personal data is retained for this purpose for as long as required by the agreement with GLEIF (normally 10 years). |
|
Provision of support |
|
Legitimate interest Fulfillment of contracts |
Personal data is retained for this purpose for as long as required by the agreement with GLEIF (normally 10 years). |
|
Issuance, renewal, transfer, or challenge of LEI codes |
|
Legitimate interest Fulfillment of contracts |
Personal data is retained for this purpose for as long as required by the agreement with GLEIF (normally 10 years). |
|
Compliance with securities market rules |
|
Comply with legal obligation Legitimate interest |
Personal data is retained for this purpose for as long as required by the agreement with GLEIF and by the rules of the financial market (normally 10 years). |
|
Fulfillment of agreements with GLEIF to maintain access to GLEIS |
|
Comply with legal obligation Legitimate interest |
Personal data is retained for this purpose for as long as required by the agreement with GLEIF and by the rules of the financial market (normally 10 years). |
|
Manage relationships with corporate clients, suppliers, partners and GLEIF |
|
Legitimate interest Fulfillment of contracts Comply with legal obligation |
Personal data is retained for this purpose as long as there is an active relationship and for a period of 10 years thereafter to meet our legitimate need to handle and respond to any legal claims. The relationship is considered active if you have had contact with us in the last 12 months. |
|
Marketing |
|
Consent You have given your consent to our processing of personal data for marketing purposes, either through your choice of cookies in our cookie pop-up or otherwise actively provided your consent Legitimate interest For certain marketing, where your consent is not required, we have considered that the processing is necessary to satisfy our legitimate interest in marketing our services and maintaining business relationships and, in the case of an interest balance, have made the assessment that our interest outweighs our interest |
Personal data is retained for this purpose for as long as there is an active relationships and for a period of 12 months thereafter for the same purpose, unless otherwise stated in the cookie-policy. Reports at an overall level that do not contain personal data and anonymous statistics are kept until further notice or until they are deleted. |
| Monitoring and evaluation of the relationship with customers, suppliers, partners and GLEIF |
|
Legitimate interest: The processing is necessary to satisfy our legitimate interest in following up and evaluating the relationship with customers, suppliers, partners and GLEIF. | Personal data is retained for this purpose for a period of 2 years from the time of collection. Reports at an overall level that do not contain personal data and anonymous statistics are saved until further notice or until they are deleted. |
|
Monitoring, evaluation, and development of operations and services (including training of our internal AI models) |
|
Legitimate interest Consent Where applicable, you have provided your consent for pesonal data submitted through our AI chatbot to be used for the training of our internal AI models.
|
Personal data is retained for this purpose for a period of 2 years from the time of collection, if not specified otherwise in the cookie policy. Aggregated reports that do not contain personal data and anonymised statistics are retained until they are no longer necessary or are deleted |
|
Communicate about us and our business |
|
Legitimate interest Consent |
Personal data is retained for this purpose as long as there is an active relationship and for a period of 12 months thereafter for the same purpose. Published personal data in digital channels, e.g., in our feeds on LinkedIn, is saved until further notice. |
|
Communication between employees and external persons |
|
Legitimate interest |
Personal data is retained for this purpose for 12 months from the time of the last communication in the same conversation, then for a period of 10 years to satisfy our legitimate interest in handling and responding to any legal claims. |
|
Communication in the event of an accident, illness, or similar event |
|
Legitimate interest |
Personal data is retained until the employee, consultant or contractor concerned reports otherwise, but no later than the date the employee's employment or consultants or contractors’ assignment ended. |
|
Document the business |
|
Legitimate interest |
Personal data is retained for this purpose until further notice. |
|
Detect and prevent misuse of our services |
|
Legitimate interest |
Personal data is retained for the same period as stated in relation to the respective purpose of the processing. Personal data in logs is retained for troubleshooting purposes for a period of 10 years from the time of the log event. Personal data in backup copies is stored for a period of 10 years from the time of backup. |
|
Ensure technical functionality and security |
|
Legitimate interest |
Personal data is retained for the same period as stated in relation to the respective purpose of the processing. Personal data in logs is retained for troubleshooting purposes for a period of 10 years from the time of the log event. Personal data in backup copies is stored for a period of 10 years from the time of backup. |
|
Manage and respond to legal requirements |
|
Legitimate interest |
Personal data is retained for the same period as stated in relation to the respective relevant purpose of the processing, and in the individual case for the time necessary to handle the current legal claim. |
|
Comply with legal obligations |
|
Comply with legal obligation The processing is necessary to satisfy our legitimate interest in handling and responding to legal claims. |
Personal data is retained for the time necessary for us to be able to fulfill the respective legal obligation that we have and for a period of 10 years thereafter in order to satisfy our legitimate interest in handling and responding to legal claims, as well as for the time thereafter necessary for handling the current legal claim. |
With whom we share personal data
In this section you will find detailed information about which categories of personal data we share with various categories of recipients, for what purpose and what legal basis we rely on.
| Receiver | Purpose | Personal data | Legal basis |
|---|---|---|---|
|
Corporate clients |
Fulfill agreements with the corporate client, communication and handle and respond to legal claims. |
|
Legitimate interest Fulfillment of contracts |
| Service providers |
Communication between employees and external persons, use of services for the purpose of running the business and delivering LEI services. |
|
Legitimate interest Fulfillment of contracts |
|
Government agencies such as courts, the Swedish Tax Agency or the Police Authority, arbitration tribunals and external advisors |
When there is a legal obligation or suspicion of a criminal offence and to handle and respond to legal claims on one's own behalf (determine, assert, and defend). |
|
Comply with legal obligation Legitimate interest |
|
Group companies |
To achieve our business purposes and to market our services. |
|
Legitimate interest The processing is necessary to satisfy our legitimate interest in providing our services |
|
GLEIF |
Fulfill agreements with the corporate client, fulfill agreements with GLEIF, communication and to comply with regulations for the securities market. |
|
Comply with legal obligation Legitimate interest |
|
Auditors, external advisors, authorities |
Comply with legal obligations. |
|
Comply with legal obligation |
|
External persons |
Communication between employees and external persons. |
|
Legitimate interest |