Background
When personal data is processed, the controller has a duty to supply certain information to the data subjects. As a consequence of the engagement, personal data will be processed by Scandinavian Trust and by its network firms, if any.
For this reason, the following information is provided.
Scandinavian Trustee’s processing of personal data
Scandinavian Trustee will process personal data in accordance with applicable law. The personal data that will be processed is obtained from the client, its group companies (if applicable) or other entity, for example the Norwegian Tax Agency, the Norwegian Companies Registration Office or publicly available sources and relates to authorised representatives and other persons whose personal data is needed to deal with the client relationship and beneficial owner.
The personal data is processed prior to the acceptance of clients and/or engagements and as a consequence of the performance of the engagement in order to undertake checks of independence, quality checks, checking of conflicts of interest, measures under the Act (2017:630) on Measures Against Money Laundering and Terrorist Financing (“the Anti-Money Laundering Act”) and in order to document measures taken.
Such processing is necessary in order to fulfil the legal obligations of Scandinavian Trustee and is necessary for Scandinavian Trustee’s legitimate interest in fulfilling professional duties. Scandinavian Trustee may also process personal data for other risk management measures (such as insurance matters) and in order to carry out internal financial reporting. This processing is necessary for Scandinavian Trustee’s legitimate interest in managing risks and any claims.
The categories of personal data that may be processed for the above-mentioned purposes include contact details such as name, address, personal identity number/coordination number, telephone umber, e-mail address and details of departmental affiliation and position. In connection with registration of the client Scandinavian Trustee may also process copies of identity documents for those persons who represent the client within the framework of the customer due diligence measures taken under the Anti-Money Laundering Act.
Transfer to third countries
Personal data may be processed by Scandinavian Trustee’s network firms and other entities engaged by Scandinavian Trustee for the purpose of carrying out the measures referred to above on behalf of Scandinavian Trustee; they may be based either in or outside the EU/EEA Recipients of the information Scandinavian Trustee is obliged to ensure that the information processed as a consequence of the engagement does not become available to unauthorised persons, which means that personal data will be processed confidentially.
Scandinavian Trustee may disclose personal data to network firms, or another entity engaged by Scandinavian Trustee for the purpose of checking and maintaining the impartiality and independence of Scandinavian Trustee, carrying out quality checks and taking other risk management measures.
Scandinavian Trustee may also disclose personal data to insurance companies or legal advisers in connection with a judicial procedure to the extent required to enable Scandinavian Trustee to look after its legal interests or to another recipient if such an obligation exists under applicable laws and regulations, professional obligation or decision of an authority.
Security in processing of personal data
Scandinavian Trustee is responsible under applicable law for the personal data that is processed being protected by necessary technical and organisational security measures, having regard to what is appropriate in relation to the nature and sensitivity of the personal data. Scandinavian Trustee’s system and organisation are arranged so that unauthorised persons do not have access to the personal data processed as a consequence of the engagement.
Storage of personal data
The personal data will not be processed for a longer time than is necessary for the purposes for which the personal data is processed.
Rights of the data subject
Data subjects have the right in certain cases to request receipt of information concerning whetherpersonal data relating to the data subject is processed, and if so to obtain access to the personal data in the form of what is known as an extract from a filing system.
Data subjects furthermore often have the right to obtain the rectification of inaccurate personal data concerning them. Furthermore, data subjects may have the right to erasure of their personal data and the right to request restriction of the processing of personal data concerning the data subject or to object to such processing.
If the Data subjects are dissatisfied with how we are processing the personal data, the Data subjects has the right to submit a complaint to the Norwegian Authority for Privacy Protection (NO “Datatilsynet”) which is the supervisory authority concerning the processing.
With regard to personal data processed in connection with the acceptance of clients and engagements and as a consequence of the engagement, Scandinavian Trustee is obliged to retain documentation in this respect for at least ten years.
This means that it is not permitted to erase personal data included in such documentation beforehand, and sometimes neither is it permitted to rectify the data. For the reasons mentioned, it is not possible for Scandinavian Trustee in such cases on request from a data subject to restrict or limit the processing of personal data.
Contact persons for questions:
post@scandinaviantrustee.com