Privacy note

Here you find information about the processing of personal data when using Lysa’s services.

Latest updated on 2021-07-14. 

When you use Lysa’s services, we will process certain personal data about you. Lysa AB is the personal data controller for all such processing. When visiting our website, we may also process certain personal data by using cookies after your consent (read more about our work with cookies here). In this privacy policy you can read about (i) what data about you we collect, (ii) why we process your data, (iii) how we use automated decision making, (iv) which other companies and authorities we share your data with, (v) how long we store your data and (vi) your rights in relation to your data.

Lyse takes great care to protect your personal privacy and will only use your data as specified in this privacy note. We also want to emphasise that Lysa’s customer register and other information which Lysa has about you as a customer is protected by confidentiality in accordance with Chapter 1, Section 11 of the Securities Market Act (2007:528). This means that Lysa may not unauthorised reveal this information.

What personal data do we collect? 

Information you provide to us

When you become a customer or when you register your interest to become a customer of ours, you (or where applicable, your representative) submit personal data to us so that we can administer your request. The personal data we collect include e.g. name, social security number, where applicable, a picture of your ID, e-mail address, address, bank account number, financial position, bank statements and information regarding know your customer as required by law with the purpose to restrain money laundering. In connection with certain transactions we may also need to collect additional information from and about you, such as receipts, invoices or other documents proving that a transaction is legal. When using the service, we will also process data about your monthly savings, the frequency and size of deposits and withdrawals, investment guidelines and risk levels, and your balance over time. We also record communication with our customers, such as e-mails and telephone calls when you contact our customer service. 

Information we receive from sources other than you 

We may supplement your personal data by obtaining data from private and public registers, and information about account numbers, account holder and account balance from your bank or payment service providers.

Why do we process your personal data? 

We use your personal data only for the purposes and under the lawful bases for processing set out below, or in accordance with specific information about a certain processing for a specified purpose to which you can consent. The duration of the processing is specified under the heading “Duration of the processing” (note, however, that we are required by law to keep certain data for longer periods, see more under “Legal requirements”).

Acceptance of customer 

Purpose of the processing 

If you register your interest to become a customer of ours, we will process your personal data to verify your identity and your information. The processing is done to decide whether we can approve you as a customer. The decision is a so-called “automated decision”. If we do not get a hit against sanction lists that we are required by law to apply, you will be able to become a customer of ours. You can always contact our customer service if you wish to contest such a decision or otherwise if you wish to discuss the decision with us.

Lawful basis for the processing

The processing is necessary for Lysa to comply with legal obligations. 

Duration of the processing 

We will process the data as long as required by applicable legislation (such as the Swedish Money Laundering and Terrorism Financing (Prevention) Act). 

The service

Purpose of the processing 

When you are a customer of ours, we will process your personal data to provide you the services in accordance with the customer agreement.

We use profiling when we make an investment proposal for you. The profiling is based on the information you provide to us in connection with the preparation of an investment proposal: your financial situation, risk tolerance, knowledge and experience and investment horizon.

Lawful basis for the processing 

The processing is necessary for the performance of the customer agreement with you. 

Duration of the processing

We will process the data during the time you are a customer. 

Contact person (corporate customers) 

Purpose of the processing 

If you are the contact person of a corporate customer, we will process your personal data in order to provide the service to the corporate customer.

Lawful basis for the processing 

The processing is necessary for our legitimate interest in providing the service to the corporate customer. 

Duration of the processing 

We will process your data as long as you are registered as a contact person of the corporate customer. 

Beneficial owner (corporate customers) 

Purpose of the processing

If you are the beneficial owner of a corporate customer, we will process your personal data in order to comply with applicable law. 

Lawful basis for the processing 

The processing is necessary for Lysa to comply with legal obligations. 

Duration of the processing 

We will process your data as long as required by applicable legislation (such as the Swedish Money Laundering and Terrorism Financing (Prevention) Act).

Insurance distribution (corporate customers)

Purpose of the processing

In order to provide insurance distribution of company-owned endowment insurance, Lysa processes personal data, for example in order to assess whether a certain solution fits the corporation as a customer. Lysa will also process personal data about the beneficiary of the insured. 

Lawful basis for the processing 

The processing is necessary for the performance of the customer agreement with the corporate customer and for Lysa to comply with legal obligations. 

Duration of the processing 

We will process your data as long as required by applicable legislation (such as the Swedish Money Laundering and Terrorism Financing (Prevention) Act).

Potential customer

Purpose of the processing 

If you are not a customer of ours, but have received an investment proposal on the website or register an interest in becoming a customer, we will process your data in order to nurture our potential relationship with you.

Lawful basis for the processing

The processing is necessary for our legitimate interest to nurture potential customer relationships.

Duration of the processing

If you have not become a customer or contacted us within three months from the date you registered your interest in becoming a customer, or from the date of the investment proposal, in such a way that there is reason for us to assume that your interest in becoming a customer of ours remains, we will delete your data.

Support 

Purpose of the processing 

If you contact us through our customer service or otherwise, we will process your information in order to assist you with the relevant question. In connection with this, we may for example save e-mail correspondence and record telephone calls. If we record a telephone you will always be informed.

Lawful basis for the processing 

The processing is necessary for the performance of the customer agreement with you and for Lysa to comply with legal obligations.

Duration of the processing

We will delete your personal data within 12 months after the case has been handled.

Marketing and customer surveys

Purpose of the processing 

If you sign up to receive newsletters or other information from us, we will process your personal data in order to provide you with the requested information and to be able to send you customer surveys in order to further develop our services.

Lawful basis for the processing

The processing is necessary for our legitimate interest in maintaining good customer relationships and to market our services.

Duration of processing

We will cease the processing of personal data if you decline marketing (you can decline marketing when signed in to  Lysa’s website or through a link in each marketing mail). We will then delete your data, unless you are a customer of ours and the data therefore is necessary for other processing.

Requirements by law 

Purpose of the processing 

If you are a customer of ours or if you have received an investment proposal from us, we must process your data in order to fulfill applicable legislation, such as rules and regulation relating to money laundering and terrorism financing (including requirements of risk assessments, know your customer, risk classifications, monitoring of transactions, review and reporting of suspicious transactions), suitability assessments, checks against santion lists, capital adequacy requirements, as well accounting and tax rules. 

Lawful basis for the processing 

The processing is necessary for Lysa to comply with legal obligations. Certain processing is also necessary for our legitimate interest in sending you such information we need to comply with legal obligations (e.g. tax information).

Duration of processing

We will process your data as long as required by applicable legislation (such as the Swedish Accounting Act, the Swedish Money Laundering and Terrorism Financing (Prevention) Act, the Swedish Financial Supervisory Authority’s regulations on securities business, the Swedish Tax Procedure Act).

Abuse of the service 

Purpose of the processing

If you register an interest in becoming a customer or if you are a customer of ours, we will process your personal data in order to prevent and detect abuse of the service (including measures for risk management, traceability and evidence and fraud detection). 

Lawful basis for the processing 

The processing is necessary for our legitimate interest in preventing and detecting abuse of the service. 

Duration of processing

We will process the data during the time you are a customer of ours.  

Anonymization

Purpose of the processing

We will anonymize certain of your personal data in order to compile anonymous and aggregated statistics (among other things regarding the behaviour of website visitors, website traffic, page views, searches, customer analysis, business follow-up and service development).

Lawful basis for the processing 

The processing is necessary for our legitimate interest in creating anonymous statistics. 

Duration of processing 

We will anonymize your personal data every day. When your personal data has been anonymized, it is no longer considered as personal data under applicable data protection legislation.

Recipients of your personal data (including third country-transfers)

Suppliers/processors

We use the services of suppliers providing storage- and communication services. The suppliers will, as part of their services provided to us, process certain of your personal data on behalf of us. Certain of these suppliers are located within the EU/EEA, but the majority of the suppliers are located in the US. The transfers to the US are subject to appropriate security measures, such as standard contractual clauses approved by the EU Commission. 

When providing insurance distribution, in order to provide customers with company-owned endowment insurance, Lysa cooperates with an external insurance company which, when applicable, will process certain personal data on behalf of Lysa. 

Authorities and other third parties 

Lysa may disclose information about you to the Swedish Financial Supervisory Authority, the Police Authority, the Tax Agency, Enforcement Agency and other relevant authorities where Lysa is obliged to do so under applicable law, regulation or governmental decision. We may also share certain data with your connected bank, Lysa’s custodian or payment service providers. 

Your rights 

As a registered, you are entitled to exercise the following rights in relation to our processing of your personal data: 

The right of access. You have the right to have access to your personal data (including copies thereof) and certain information regarding the processing of the data. 

The right to rectification. You have the right to have inaccurate data rectified and incomplete data completed. If you are a customer you can make such adjustments on your own when signed in to Lysa’s website.

The right to erasure. Under certain circumstances, you have the right to have your personal data erased (“the right to be forgotten”). Lysa may still need to keep certain personal data in order to fulfill legal requirements (such as the Swedish Accounting Act, the Swedish Money Laundering and Terrorism Financing (Prevention) Act, the Swedish Financial Supervisory Authority’s regulations on securities business, the Swedish Tax Procedure Act).

The right to restriction of processing. Under certain circumstances, you have the right to have the processing of your personal data restricted. 

The right to data portability. You have the right to receive your personal data (or under certain circumstances transmit such data to another controller) in a structured, commonly used and machine-readable format. 

The right to object. Under certain circumstances, you have the right to object to certain processing. For example, you may unsubscribe for electronic marketing when signed in to  Lysa’s website. 

You may also complain about Lysa's processing to the supervisory authority the Swedish Authority for Privacy Protection. You will find contact details to the Authority for Privacy Protection here: https://www.imy.se/other-lang/in-english/about-us/contact-us/ .

Contact details to Data Protection Officer

Lysa’s Data Protection Officer is Jessica Sædén. You can contact our DPO at dpo@lysa.se.

Amendments to the privacy note

Lysa may amend this privacy note as necessary. You will be informed about any changes affecting the processing of your personal data. The latest version of the privacy note can always be found on Lysa’s website. At the top of this privacy note you will find the date for the latest amendment.