Product Privacy Notice

Last updated: January 23, 2024

Bureau van Dijk Electronic Publishing AB, a Moody’s Corporation company of Brunnsgränd 7, 111 30 Stockholm, Sweden (“BVD Sweden”, “we”, “us”, or “our”) respects your privacy. This privacy notice explains in detail how we process Personal Data collected from publicly available sources for regulatory compliance use cases.
 

“Personal Data” means information which identifies, or can be used to identify, a living individual.
 

  • Purposes of Processing
  • Personal Data Collected
  • Sources of Personal Data
  • Uses & Disclosures of Personal Data
  • Retention of Personal Data
  • Your Rights & Choices
  • Supplementary Information for the European Union, Switzerland and the UK
  • Contact & Queries
  • Updates to this Privacy Notice

Purposes of Processing

BVD Sweden collates Personal Data from public sources for regulatory compliance use cases. Financial institutions and other entities (“End Clients”) with regulatory compliance requirements use the Personal Data to conduct regulatory screening of their customers or those with whom they are looking to do business, some of which are companies or other legal entities, and some are individuals or sole traders. End Clients use the Personal Data as part of their compliance with their legal and regulatory obligations including know-your-client (“KYC”), anti-money laundering (“AML”), and anti-bribery and corruption (“ABC”) obligations. We collect the Personal Data from public records. End Clients are responsible for ensuring that their use of the Personal Data complies with applicable laws and regulations. End Clients are responsible for how they use the results of a check performed using the Personal Data, for example, whether to do business with a customer. BVD Sweden does not make decisions on behalf of End Clients about individuals.


Personal Data Collected

We collate the following types of Personal Data about politically exposed individuals and their family and close associates located in the Nordic region:
 

  • Identifiers including: current and previous name and title, current and previous contact details, date or year of birth, ID number, and city of residence.
  • Details of political exposure, including information relating to political and professional roles, and beneficial ownership of companies.
  • Information relating to close associates and family members, including: marital status, names and date or year of birth of parents, children, current and previous partners and their children.
     

The Personal Data is limited to those necessary for the purposes. For example, without name and contact details, End Clients would be unable to look up individuals; without date of year of birth, it would be easy to mix up individuals with the same or similar names leading to cases of mistaken identity.
 

We do not obtain email addresses for individuals, and we rely on End Clients (who do hold contact details) to notify those individuals that they will run checks on them, if required under applicable law. 


Sources of Personal Data

We source the Personal Data from public records, such as from the Swedish Tax Authority, the Swedish state personal address register (“SPAR”), the Swedish State Calendar, the Swedish Companies Registration Office (“Bolagsverket”), the Finnish Patent and Registration (“PRH”), the Finnish State Calendar, the Norwegian property owner register (“Grunnboken”), the Norwegian National Registry (“FREG”), the Norwegian company registry (“Brønnøysundregistrene”), the Danish Civil Registration System, the Danish Central Business Register, the Danish property owner register, and Krak’s “who is who*.


Uses & Disclosures of Personal Data

End Clients use the Personal Data to assist them with their legal, regulatory and compliance obligations in relation to KYC, AML and ABC.
 

We do not sell or otherwise disclose Personal Data we collect, except as described below or otherwise disclosed to you by us, End Clients, or the vendor or business partner that you represent, at the time the data is collected:
 

  • Affiliates and Business Partners. We may share the Personal Data we collect or receive with our affiliates and other offices, and business partners to whom it is reasonably necessary or reasonable for us to disclose your Personal Data to operate our business and to perform services for our clients or for our business partners or their customers or for other legitimate purposes.
  • Service Providers. We may share Personal Data with our service providers who perform services on our behalf and in relation to the purposes described in this Privacy Policy. Where we use any service providers we contractually require them to only process Personal Data in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements.
  • Compliance with Law. We may disclose Personal Data to third parties to comply with the law, respond to valid legal process, establish, assert or defend our legal rights, or prevent fraud. In particular, we may disclose your Personal Data in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
  • Business Transfers. If we are involved in a reorganization, merger, acquisition or sale of any or all of our company, business or assets, Personal Data may be transferred as part of that deal or disclosed in connection with due diligence. We will put in place contractual provisions designed to ensure that any other parties commit to keep your Personal Data confidential and to only use it for the purpose of the relevant transaction and for purposes that are consistent with those outlined in this privacy policy.

Retention of Personal Data

The Personal Data is stored for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal, regulatory, tax, accounting or other requirements.


Your Rights & Choices

You may have rights under applicable data privacy laws. If you would like to request to review, correct, update, suppress, delete or otherwise limit our use of your Personal Data, you may make a request by contacting us using the information provided in the “Contacts & Queries” section below. If you are a California resident, please see the Additional Information for California Section of our main privacy policy for information on your specific rights regarding your Personal Data. 
 

You may also have the right to complain to your local data protection authority if you have concerns about how we process your Personal Data. However, we hope we can solve any queries or concerns you may have, so please contact us directly in the first instance.


Supplementary Information for the European Union, Switzerland and the UK

The relevant legal bases for the use of your Personal Data are:
 

  • We or a third party (for example, business partner or End Client) have a legitimate interest in using your Personal Data. Our clients have a legitimate interest in the processing of your Personal Data for meeting compliance and regulatory obligations.
  • In relation to political data, this is processed on the basis that the Personal Data has manifestly been made public by the data subject, for example, where it is a matter of public record that an individual belongs to a certain political party.
     

We have put in place measures to protect Personal Data which is transferred from the European Economic Area, Switzerland and the UK. To transfer Personal Data outside of the EEA, BVD Sweden has put in place EU standard contractual clauses to ensure that an equivalent level of data protection applies. To request a copy of these clauses, please contact us as specified in the “Contact & Queries” section below. We may also transfer Personal Data to countries for which the EU Commission has issued an adequacy decision where applicable.
 

We take commercially reasonable steps to ensure that Personal Data is reliable, accurate, complete, and current for its intended purpose, primarily by accessing public records only.


Contacts & Queries

If you have any questions or comments regarding BVD Sweden’s privacy practices you can do this via email at privacy@moodys.com or write to us at:
 

Legal Department
Moody’s Corporation
7 World Trade Center at 250 Greenwich Street
New York, NY 10007
Phone: +1-212-553-1653 or 1-866-995-9659
E-mail: privacy@moodys.com


Updates to this Privacy Notice

The most current version of this Privacy Notice will always be available here. You can check the “effective date” posted at the top to see when this Privacy Notice was last updated.