Personal Data Processing

Data protection safeguards your privacy and is of paramount importance to us at OP Corporate Bank plc Latvia branch. We want you to be aware of what data protection is, what constitutes personal data, how we use your personal data and how you will benefit from trusting us with your data.

What do personal data and data protection mean?

The definition of personal data is broad. In practice, all information from which a person can be identified either directly or when combined with other data constitutes personal data. In addition to your name, address, personal identity code and telephone number, information such as your bank account number, or your private property or, typically, other data related to your customer relationship are also personal data. The purpose of data protection is to safeguard personal data.

How do we process your personal data?

We will keep your data safe and process it in the manner required by law.

Handling your personal data carefully and cautiously is of primary importance to us. We will only use your data for purposes defined in advance or for purposes compatible with such predefined use. Our Privacy Notice provides information on such predefined purposes of data processing. We process your personal data in compliance with the law and good data processing practice.

We always make sure that there are legal grounds for the processing of your data. The most common legal grounds used by us are agreement, binding legislation and legitimate interest.

We monitor access to and the handling of your personal data closely. Our personnel is under a confidentiality obligation not to disclose the information of our customers. We ensure the competence of our personnel who process personal data through regular training and evaluations. We also monitor the use, access rights and log data of systems that contain personal data. If we notice something wrong, we make an immediate intervention.

This information on data protection describes our principles of personal data processing in the manner required by law. The purpose is to give an overview of the methods with which OP Corporate Bank plc Latvia branch processes personal data.

More information on the processing of your personal data is provided in the Privacy Notice which can be found here.

Our website may include links to the websites or services of other companies which have their own privacy protection practices independent of OP Corporate Bank plc Latvia branch. We recommend that you take the time to familiarise yourself with such practices when necessary.

Our practices may change with service development or amendments to legislation. We will notify you of such changes on our website.

What personal data do we collect?

OP Corporate Bank plc Latvia branch does not service private customers, that is why the categories of data subjects who’s personal data we process, are: (i) representatives, owners, beneficial owners of corporate customers, (ii) sole entrepreneurs, (iii) guarantors and other security providers.

Typically, we will collect personal data when you or a company you represent submit a credit or account opening application, use our products and services. We only collect data relevant to the purpose in question.

The data collected by us includes

• personal data related to identification and authentication, such as your name and personal identity code;
• contact details, such as your address, e-mail address and telephone number;
• various details related to the customer relationship and its management, such as your customer number and category and various information related to service use;
• data directly required by law, such as the data required for Know Your Customer purposes; and
• information on products and services, such as the details of an agreement, amounts etc.

Where do we obtain your personal data?

In the first instance, we obtain your information directly from you. In addition, we obtain data from registers maintained by the authorities, the credit information register, as well as from other reliable registers.

Why do we collect your personal data and what do we use it for?

We use your personal data to be able to process your orders and implement your agreements and to answer your requests and questions.

Your data will also be used for the fulfilment of our statutory obligations.

We analyse your personal data, for example, when performing the required client and risk categorisations, such as for opening an account or granting credit.

We do not utilise automated decision-making without human influence on the decision.

We use your personal data in OP Financial Group’s risk management and to fulfil obligations based on laws and official regulations and instructions, such as authenticating users and ensuring data security as well as preventing and investigating fraud.

To whom do we disclose your personal data?

The disclosure of personal data refers to situations in which we give your personal data to other data controllers for their own, independent purposes. We can disclose your data, within the limits permitted by law, within OP Financial Group for the purposes of customer service and customer relationship management. We may also disclose your data within OP Financial Group for risk management purposes.

We can also disclose your personal data to the authorities to fulfil a statutory obligation (e.g. to the tax authorities).

Who processes your personal data and where?

Your data will only be processed by OP Financial Group entities and employees whose duties require the processing of your data.

We use subcontractors and partners for service provision. For this reason, your personal data may be transferred to such parties for processing commissioned by us. Such parties are only permitted to process your data in accordance with our instructions. They are not entitled to use your data for their own purposes, such as direct marketing.

We use various contractual and other arrangements to ensure that our subcontractors and partners process your data carefully and in accordance with good data processing practice.

As a rule, we process your data within the EEA. The EEA refers to EU Member States and Iceland, Liechtenstein and Norway. If we transfer data outside the EEA, such as to the United States, we will ensure a sufficient level of personal data protection in the manner required by law and use data transfer mechanisms approved by the European Commission, primarily the European Commission’s standard contractual clauses.

What are your rights as our customer?

You have the right to receive open and transparent information on the processing of your personal data, check your information, demand correction of inaccurate or incomplete data and demand the deletion of unnecessary or out-of-date data.

How do we protect your personal data?

We take information security and the protection of our customers’ data seriously. We safeguard the confidentiality, integrity and availability of your personal data by careful processing practices.

We protect your personal data with appropriate technical and organisational safeguards. Such methods include proactive and reactive risk management and the use of firewalls, encryption techniques, secure data centres and access management and safety systems. We also make use of security planning, grant and supervise user rights in a controlled manner, ensure the competence of personnel who process personal data and choose our subcontractors carefully. We are continuously updating our in-house practices and guidelines.

How do we store your personal data and keep it up to date?

We will retain the data required by your customer relationship for at least the duration of the customer relationship. After the end of the customer relationship, the length of the retention period depends on the data and its purpose of use. We comply with statutory obligations concerning the storage of data. For example, we retain your KYC information for five years of the end of the customer relationship.

We seek to keep the personal data we process accurate and up to date by deleting unnecessary data and updating outdated data. You should nevertheless check your data every now and then.