Max Matthiessen will process its customers’ personal data for one or more of the following purposes, depending on the nature of the business relationship and the services provided. The overall purpose is providing insurance mediation or investment services, and related services.
If Max Matthiessen provides you with insurance mediation- or related services, your personal data are processed for these purposes. In addition to personal data provided by you, we may also process data we receive from your employer (see below). Furthermore, if you have given us a power of attorney, we will collect data from your insurance providers, so-called valcentraler and other financial institutions.
If Max Matthiessen is contracted by your employer to provide you with insurance mediation or thereto related services, your personal data are processed for these purposes. In this situation, the following categories of data will be collected from your employer: name, personal identification number, employment date, percentage of full-time employment, salary, absence from work, employment number, cost centre, e-mail address and deduction of salary.
Investment advice etc.
If Max Matthiessen provides you with investment advice we collect personal data on you and your economic situation in order to provide suitable advice. The following categories are processed for this purpose: name, personal identification number, wealth and contact information, e-mail address etc.
If the investment advice results in you making a choice to invest in financial instruments, Max Matthiessen may also provide the service reception and transmission of orders relating to one or more financial instruments – i.e. we receive an order regarding, for instance, an investment fund you choose to invest in, and transmit said order for execution. We may also, in certain situations, execute the order directly, with no intermediary or broker. In either case we will process data on your chosen financial instruments.
If you have chosen investment in a portfolio management service provided by Max Matthiessen, i.e. a service where Max Matthiessen will make investment decisions on your behalf, we collect and process the categories of data specified under Investment advice etc.,above also for the purpose of portfolio management. Portfolio management is provided only in combination with investment advice by Max Matthiessen.
Customer due diligence and archival
The Anti-Money Laundering Act requires Max Matthiessen to apply know your customer measures when establishing a business relationship or when carrying out an occasional transaction. The purposes are mitigating the risks of money laundering and terrorist financing involved with the business relationship. The documentation of this is archived in accordance with said act.
When providing insurance mediation or investment advice Max Matthiessen has an obligation to document this and archive said documentation in accordance with the Insurance Mediation-, and the Securities Markets Acts, respectively.
Product and service marketing
Personal data of existing customers may be processed for the purpose of marketing other products and services provided by Max Matthiessen.
Troubleshooting and software development
Personal data processed in Max Matthiessen’s IT-systems may be processed for the purposes of troubleshooting specific issues, and further development of the company’s software and systems.
The provision of personal data is not a required according to the agreement between you and Max Matthiessen. Nor are you required by law to provide us with the personal data we request. The information is needed in order for us to fulfil our commitment to you or, when applicable, to your employer. In order for us to fulfil our obligations according to the Insurance Mediation Act, the Securities Markets Act and the Anti-Money Laundering Act, we are obliged to request and, in some cases, collect certain personal data. The consequence of us not obtaining the sufficient data is us being unable to provide certain insurance mediation or securities services, or a lower quality of such services.
Our processing of personal data is based on a combination of the performance of a contract (GDPR article 6.1b), compliance with a legal obligation (article 6.1.c), and legitimate interests (article 6.1.f), and the establishment, exercise or defence of legal claims (art. 9.2f). We have a legitimate interest to collect personal data concerning you in order to come into contact with you and offer you and your employer insurance mediating services. We also have a justified interest in processing your personal data in order to charge for the services which we have provided. Furthermore, we may process your personal data in order to develop new and current IT systems, and to ensure the security thereof. Lastly, we have a legitimate interest to present your insurances and other investments in our private services.
The personal data may be disclosed to the insurance companies or securities companies of which you are or intend to become a customer. The data may also be disclosed to other companies within the Max Matthiessen group and engaged data processors. If you have savings through Maxfonder.se, certain personal data will be disclosed to Fondab AB. The personal data may also, upon request or in order to comply with a legal obligation, be disclosed to government authorities such as the Swedish Tax Authority, the Swedish Financial Supervisory Authority or the Swedish Police Authority.
For the purposes of Insurance Mediation, Investment Advice etc. and Portfolio Management, personal data will be stored and processed for the duration of the business relationship. For the purposes of Product and Service Marketing personal data will be stored and processed for up to one year after the termination of the business relationship. For the purposes of Customer Due Diligence och Archival personal data are stored in accordance with the Insurance Mediation Act, the Securities Markets Act and the Anti-Money Laundering and Counter-Terrorist Financing Act. For the purposes of Troubleshooting and Software Development the personal data may be processed while they are stored for some other purpose.
Information and access to personal data
You have the right to obtain a confirmation as to whether or not we process your personal data, and, when that is the case, information regarding the processing. You also have the right to obtain a transcript of the personal data which is being processed. Additional transcripts may be subject to a reasonable cost.
Rectification and erasure
You have the right to require rectification of inaccurate personal data. You also have the right to require the addition of supplementary personal data which is missing. Furthermore, you have the right to request the deletion of your personal data. We will assess each request and delete the personal data if we have the legal right to do so according to, for example, the Insurance Mediation Act.
Limitation of processing
Under certain circumstances, you have the right to restrict the processing of your personal data.
Objecting to processing
You have the right to, in certain cases, object to our processing of your personal data. We must then cease said processing unless we are able to demonstrate that there are compelling legitimate reasons for processing and that override your interests, rights and freedoms, or if the processing is carried out for the establishment, exercise or defence of legal claims.
You have the right to require that the personal data which you have provided to Max Matthiessen in a structured, commonly used and machine-readable format, be transmitted to another data controller. The right to data portability is contingent on our processing of the personal data in question being based on consent (art. 6.1.a) or the performance of a contract (art. 6.1.b).
If you are dissatisfied with our processing of your personal data, we would like you to contact us at email@example.com and describe in what way you think the processing is incorrect. We will investigate your complaint and, if necessary, improve our procedures. You may also contact our Data Protection Officer at firstname.lastname@example.org. Regardless, you always have the right to direct your complaints to the Swedish Data Protection Authority, see https://www.datainspektionen.se/other-lang/in-english/about-us/complaints-and-tips/ for more information.
Max Matthiessen AB, org. nr 556421-0911, and Max Matthiessen Värdepapper AB, org. nr 556523-8606, are joint controllers of all the processing described above, with the exception of Portfolio Management. Within the scope of the joint controllership, Max Matthiessen AB provides the point of contact and handles any data protection-related issues. Max Matthiessen AB has also been engaged to handle data protection issues related to Portfolio Management, for which Max Matthiessen Värdepapper AB is the sole controller. The controller’s contact details are:
Max Matthiessen, Att: Dataskydd
114 89 STOCKHOLM
Max Matthiessen AB and Max Matthiessen Värdepapper AB have designated a data protection officer to review their processing of your personal data and that they comply with applicable laws, regulations and internal guidelines. The data protection officer’s contact details are:
Max Matthiessen, Att: Dataskyddsombud
114 89 STOCKHOLM