X

Home ESG Respecting your privacy

We respect your privacy and are committed to protecting your Personal Data. Read here how we deliver on that promise and look after your Personal Data.

We want to ensure that we execute the rights and obligations arising from law and from what we have agreed with our clients. It means that all Personal Data is

  • Processed lawfully, fairly, and transparently;
  • Collected for specified, explicit and legitimised purposes only and not further processed in a manner that is incompatible with those purposes;
  • Kept adequate, relevant and limited to what is necessary in relation to the purposes for which the Personal Data are processed;
  • Kept accurate and, where necessary, up to date;
  • Kept in a form which permits identification of the Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
  • Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Sharing data

Sharing data

Financial services require us to share Personal Data to process transactions and run our everyday business. However, rest assured as we only share Personal Data in line with financial industry secrecy obligations and with

  • Carefully selected and trusted partners that need the data to provide the requested service
  • Third parties that are performing duties arising from the law
  • Those that the individual has given consent to share data with

Security requirements

The general security requirements for processing of Personal Data in Multitude are:

  • The pseudonymisation, anonymisation or encryption of Personal Data
  • Ensuring continuity, confidentiality, integrity, availability and resilience of the systems and services processing Personal Data at all times
  • Availability and access to restore Personal Data promptly in the event of a physical or technical/logical incident
  • Preventing physical access for unauthorised persons to gain access to Personal Data
  • Preventing Personal Data from being used without authorisation
  • Personal Data only being accessible and manageable by adequately authorised and trained personnel with a well-defined “need-to-know” basis
  • Personal Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport between entities
  • Having the possibility to check and establish whether and by whom Personal Data has been entered into data processing systems, modified or removed
  • Back-ups of databases in the services are taken regularly, secured and encrypted
  • Personal Data is logically segregated to ensure that Personal Data that is collected for different purposes may be processed separately
  • Periodic testing, assessment, and evaluation of the effectiveness of technical and organisational measures for ensuring the security of Personal Data and its processing
  • Keeping accurate records of all processing of Personal Data

Training and awareness

All Multitude employees attend yearly internal training about protecting Personal Data with additional internal training in the case of significant changes in legislation.

Our training and awareness programs make requirements known, understood, and applied. They aim to ensure implementation and compliance with applicable data protection requirements. We hold particular, more comprehensive and intensive programs for personnel with regular contact with Personal Data and personnel that develops tools to handle Personal Data.

ESG Policies

Diversity and inclusion

Responsible lending