For a data broker that deals with highly sensitive data, your privacy policy is very broad and unspecific (and as such not actually GDPR compliant). I would not trust you with my data that you will (amongst other purposes) use for:
"in order to derive statistical models for future data enrichment purposes", "to improve the performance and accuracy of the Services", "to improve Your experience while using the Services" and "to send Users and website visitors relevant informational content regarding Services and personalized offers they subscribed to".
"Nordigen may also provide personal data to companies that process personal data on behalf of Nordigen such as marketing service providers." - wonderful, thank you for doing that. not.
GDPR requires you to be more specific in terms of "purpose", to actually list your data processing partners, what purpose the data sharing with that particular partner serves, and which data exactly is shared with which partner.
"in order to derive statistical models for future data enrichment purposes", "to improve the performance and accuracy of the Services", "to improve Your experience while using the Services" and "to send Users and website visitors relevant informational content regarding Services and personalized offers they subscribed to".
"Nordigen may also provide personal data to companies that process personal data on behalf of Nordigen such as marketing service providers." - wonderful, thank you for doing that. not.
GDPR requires you to be more specific in terms of "purpose", to actually list your data processing partners, what purpose the data sharing with that particular partner serves, and which data exactly is shared with which partner.