Norway

SEB Kort processes account and personal information in accordance with Personopplysningsloven (The Personal Data Act), the rules on confidentiality for financial institutions, and in accordance with special rules laid down by the international payment networks.

To fulfil the requirements that follow from these rules and because we want to protect you as a customer against unauthorised access, a number of different security measures have been put in place so that unauthorised persons will not have access to information about you as a customer. In addition, information about you and your activity as a customer will only be processed by those of our employees who have an official need for access to the registered information.

Under section 18 of Personopplysningsloven § 18 (the Personal Data Act) you as a customer have the right to demand access to any and all personal information we as a company have stored about you. According to the provision, you can also request information about the number of electronic searches carried out with respect to your account, as well as the date of the searches that employees at SEB Kort have carried out, in the last 3 months.

If you want access to information that is registered about you, or how many electronic entries have been made, you can obtain information about this by sending a written request to SEB Kort.

The company shall, on its own initiative, regularly verify that employees, data processors and others performing tasks on behalf of the company are authorised to access the registered information. If you, as a customer, on the basis of the information provided, believe that there is reason to believe that persons with no official needs have had access to your registered information, you may request that the company conduct an internal investigation to confirm or deny the suspicion. Such a request must be in writing and must be justified. The internal investigation will be carried out by the company's Compliance Officer, and any deviations will be reported to Datatilsynet (the Data Inspectorate).

---

If you, the customer, believe there is a special need for only a limited number of employees having access to your personal information, you can submit an application for special access restrictions to be placed on your account and personal data. An internal group will then assess whether there is a basis for establishing access restrictions on your information. It should be noted that the criteria for placing such restrictions are strict. One disadvantage of access restriction on accounts and personal data is that at times you may experience reduced availability and longer response times when contacting us.

---

Processing of account and personal data, including disclosure, is necessary for you as a customer to be able to use your card and for SEB Kort to fulfil its obligations under the card agreement. Such disclosure will only take place where there is a legal basis for such disclosure, cf. Personopplysningsloven § 8 (the Personal Data Act) In addition, the company will ensure that the recipient of the information processes them in a satisfactory manner.

---

Account and personal information should as a rule be deleted when it is no longer necessary to store this information. However, SEB Kort will store such information in accordance with Personopplysningsloven (the Personal Data Act), Bokføringsloven (the Bookkeeping Act) and Hvitvaskingsloven (the Money Laundering Act).

Sweden

Personal data provided in an application / agreement or which is otherwise registered in connection with the preparation for or administration of an assignment (for example, credit report, business assessment and information on the use of the card), is processed by SEB Kort Bank AB in order to fulfil the relevant assignment. Data processing also takes place in order for SEB Kort Bank AB to fulfil its obligations under law.

The personal data may also form the basis for SEB Kort Bank AB’s market and customer analyses, business and method development as well as statistics and risk management, for example in risk calculation models that the SEB Group uses to meet capital adequacy rules. SEB Kort Bank AB may also use the data for marketing purposes, if direct marketing has been consented to.

In order to maintain a good customer and register service, SEB Kort Bank AB may supplement the personal data by obtaining information from private and public records, including updating address information using the state's personal and address register, Spar.

The personal data may for certain purposes – with due regard to applicable confidentiality provisions – sometimes be disclosed to companies within the SEB Group or to companies with which the SEB Group cooperates. In some cases, SEB Kort Bank AB is also obliged by law to disclose information to e.g. Finansinspektionen (the Swedish Financial Supervisory Authority), Skatteverket (the Swedish Tax Agency), and Försäkringskassan (the Swedish Social Insurance Agency).

Account holders who wish for information about which personal data SEB Kort Bank AB processes can submit or send a written and signed request to SEB Kort Bank AB, PUL, 106 40 Stockholm. At the same address, the account holder can also report that he or she does not want to receive direct marketing from SEB Kort Bank AB or request that SEB Kort Bank AB remove or correct information that has proven to be incorrect or incomplete.