Danske Bank, Sweden
Danske Bank A/S is a Danish financial institution offering financial advice and financial services.
This privacy notice describes how Danske Bank process personal data in the Swedish functions of Danske Bank Group. The Swedish functions contains of Danske Bank A/S, Danmark, Sverige Filial, which is the Swedish branch of Danske Bank A/S, and Danske Hypotek AB which is a wholly-owned subsidiary of Danske Bank A/S.
Danske Bank A/S and Danske Hypotek AB are controllers for their respective processing of personal data. Danske Bank A/S also acts a processor, through the Swedish branch, in relation to Danske Hypotek AB when administrating mortgage loans on behalf of Danske Hypotek AB. Information about the controllers and the Swedish branch is available on our respective website www.danskebank.dk, www.danskebank.se and www.danskehypotek.se
In the course of our business, we collect, register and use information about you (personal data) when you interact with us as an individual regardless if it is in the capacity as a personal customer or an individual who is connected with or represents a personal customer, a business customer or a business partner to Danske Bank (for example guardian, authorised representative, employee, owner, contact person, pledger, guarantor).
We protect your data and privacy by taking all relevant measures in accordance with applicable legislation, amongst others the Swedish Data Protection Act and the General Data Protection Regulation (GDPR).
This privacy notice sets out the basis for how Danske Bank looks after your personal data and the privacy rights you are granted by law.
When do we collect, register and use your personal data?
We collect, register and use data about you in connection with applications, agreements or administration of agreements. We do so to offer you, our business customers and business partners the best advice and solutions, keep our customers’ finances safe, fulfil agreements with you, our business customers and business partners and comply with the legal requirements that apply to us as a financial institution.
This means that we collect, register and use personal data if we have legal grounds to do so, for instance when
- you, our business customers or business partners have made or are considering making an agreement with us for a service, product or a cooperation. If you are the customer, we do it in order to fulfil an agreement with you; otherwise, we do it because it is in our, our business customers’ or business partners’ legitimate interest
- you have granted us consent to use your personal data for a specific purpose
- it is our legal duty, for example in accordance with legislation, legal instructions or decisions made by authorities regarding
- Anti-money laundering
- Verification of personal data against sanction lists
- Credits, risks and capital requirements
- Financial business
- Payment services
- Reporting to authorities (for example tax authorities, police, public prosecutor, enforcement authorities, financial supervisory authorities)
- It is necessary to pursue a legitimate interest of Danske Bank or our business customer or business partner. For example, this may be to prevent abuse and loss, to strengthen IT and payment security, improve products and services and/or for direct marketing purposes. This could also be when we, our business customer or business partner have a commercial reason, such as to administer the services and products that the customer has requested and to give you the necessary access to digital services. We will only do so if our, our business customer’s or business partner’s interests outweigh your interests in not having your personal data processed by us.
What personal data do we collect, register and use?
We typically obtain and process the following types of personal data depending on the products and services and whether you are a customer of Danske Bank or only connected to a customer or business partner to Danske Bank:
- Basic personal data, for instance your name, social security number, address, contact information, country of residence.
- Financial information, for instance income, assets, debts, collateral and credit rating.
- Information about your education, profession, occupation, knowledge and experience.
- Information about your family and household.
- Identification documentation, for instance photocopies of your passport, driving licence, birth certificate or other documentation required by law.
- Information about your investment targets.
- Digital information related to your use of websites, platforms and digital applications, including traffic data, location data and other communication data.
- Information related to the devices you use to access our websites as well as technical information, including the type of device and operating system.
- Information about your visits to our premises.
- Telephone conversations. If we talk with you about investment services, we are legally required to record and store telephone conversations.
- Details about the services and products we provide to you, how you use them and your preferences in relation to them.
- Information provided by you about your preferences for various types of marketing events.
Sensitive personal data*
We register sensitive personal data only when we need it to advise you on or offer you a product or service or if we are required to do so by law or if you participate in customer events arranged by us. We will seek your explicit consent to register sensitive personal data, unless we are permitted by law to do so without your consent, for example when defending legal claims. Sensitive personal data which we may register includes
- trade union membership information
- information about your health and genetic background, for example inherited health issues and allergies, and biometric data such as facial image
- information about your religious or philosophical beliefs
*Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning a natural person’s sex life or sexual orientation.
See information about your rights to withdraw consents under Your rights.
We may also register other personal data if needed to provide you with specific products or services or if we are required by law to do so.
Our ability to offer you the best advice and solutions very much depends on how well we know you. Consequently, it is important that the information you provide is correct and accurate and that you keep us updated on any changes.
Why and how do we collect, register and use your personal data?
We collect, register and use personal data for the provision of financial services and products, including
- payment services
- loans and credits
- digital banking solutions
- investment services and advice
- insurance services
We also collect, register and use data for other activities related to the provision of certain services and products, including
- customer care, advice and administration
- credit assessment
- developing and managing our products, services and business
- marketing of our services and products
- setting fees and prices for our services and products
- customer identification and verification
- risk management
- recovering outstanding debt
- protecting you and Danske Bank against fraud
- complying with legal requirements
We collect the information directly from you or by observing your actions, for example when
- you fill out applications and other forms for ordering services and products
- you submit specific documents to us
- you call us. We will inform you if we record our telephone conversation. If we talk with you about investment services, we are obliged to record and store our telephone conversation.
- you use our website, mobile applications, products and services
- you participate in our customer surveys or promotions organised by us
How long do we store your personal data?
We keep your data only for as long as it is needed for the purpose for which your data were registered and used. Therefore, we keep your information for as long as we are providing a financial service or product to you. When your business relation with us has terminated, we normally keep your data primarily due to our obligations under the Swedish Bookkeeping Act (seven years) and the Swedish Anti-Money Laundering Act (five years). In certain circumstances, we keep your information for a longer period of time. This is, for example, the case in the following situations:
- if the statute of limitation is ten years, we may keep your data ten years to defend ourselves against claims
- If we need your personal information to make calculations of our capital requirements
If we do not enter into a business relation, personal data will normally be kept for three months. However, it may be kept longer for certain purposes, for example if stipulated by anti-money laundering legislation.
Third parties and your personal data
Personal data from third parties
We collect, register and use data from third parties, for instance from
- Shops, banks, payment and service providers when you use your credit or payment card, eBanking or other payment services. We register and use the data to execute payments and prepare account statements, payment summaries and the like.
- The Swedish Central Office of Civil Registration (Statens personadressregister (SPAR)) and other publicly accessible sources and registers like the Swedish Companies Register (Bolagsregistret) and the Swedish Real Property Register (Fastighetsregistret). We register and use the data, for example to check data accuracy.
- Credit rating agencies (for instance UC AB). We register and use the data to perform credit assessments. We update the data regularly.
- Entities of Danske Bank Group and its business partners (including correspondent banks and other banks) if we have your consent or are allowed to under statutory provisions. We register and use the data for example to enable you to use banking services abroad.
Third parties that we share your personal data with
In some instances, we may share personal data with third parties inside or outside Danske Bank Group:
- If you have asked us to transfer an amount to others, we disclose data about you that is necessary to identify you and fulfil the agreement.
- We disclose data about you to public authorities as required by law, including to the Swedish Financial Intelligence Unit in accordance with the Anti-Money Laundering Act, to the Swedish Tax Agency in accordance with the Swedish Tax Procedure Act and to the Swedish Central Bank (Riksbanken) for statistical and other purposes.
- We may disclose data with your consent to fulfil an agreement with you or, if permitted under existing legislation, internally within the group and to external business partners (including correspondent banks and other banks).
- We share your personal data with credit rating agencies (UC AB). If you default on your obligations to Danske Bank, we may report you to various credit rating agencies in accordance with applicable regulation.
- In connection with certain services, we transfer personal data to suppliers/data processors, for example Bankgirocentralen AB and Finansiell ID-Teknik BID AB (BankID).
- In connection with IT development, hosting and support, we transfer personal data to data processors, including data processors in third countries outside the EU and the EEA, such as Danske Bank India. We ensure that your rights are safeguarded and that the level of protection is maintained in connection with such data transfers by using, for example, standard contracts approved by the European Commission. You can get a copy of the standard contract by contacting us.
Profiling and automated decisions
Profiling is a form of automated processing of your personal data. For instance, we use profiling and data modelling to be able to offer you specific services and products that meet your preferences, prevent money laundering, determine prices of certain services and products, detect fraud and fraud risk, evaluate the likelihood of default risk, valuate assets and for marketing purposes.
With automated decision-making, we use our systems to make decisions based on the data we have about you. For example, we use automated decisions to approve loans or credit cards and to prevent fraud. Automated decision-making helps us make sure that our decisions are quick, fair, efficient and correct, based on what we know.
See information about your rights to insight and manual processing under Your rights.
Insight into your personal data
You can obtain insight into the personal data we register and use, where it comes from and what we use it for. You can obtain information as to for how long we store your data and who receives data about you, to the extent that we disclose data in Sweden and abroad. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business and practices. Our know-how, business secrets as well as internal assessments and material may also be exempt from the right of insight.
You can obtain insight into how an automated decision was made and the effects of the decision, and you are entitled to manual processing of an automated decision.
Right to object
In certain circumstances, you have a right to object to our processing of your personal information. This is the case for example when the processing is based on our legitimate interest.
Objection to direct marketing – MARKETING BLOCK
You have the right to object to our use of your personal information for direct marketing purposes, including profiling related to such purpose.
You can always contact us and request a block concerning all types of direct marketing.Correction or erasure of Danske Bank’s dataIf the data is incorrect, incomplete or irrelevant, you are entitled to have the data corrected or erased with the restrictions that follow from existing legislation and rights to process data. These rights are known as the ‘right to rectification’, ‘right to erasure’ or ‘right to be forgotten’.
Restriction of use
If you believe that the data we have registered about you is incorrect, or if you have objected to the use of the data, you may demand that we restrict the use of these data to storage. Use will only be restricted to storage until the correctness of the data can be established, or it can be checked whether our legitimate interests outweigh your interests.
If you are entitled to have the data we have registered about you erased, you may instead request us to restrict the use of these data to storage. If we need to use the data we have registered about you solely to assert a legal claim, you may also demand that other use of these data be restricted to storage. We may, however, be entitled to use the data for other purposes to assert a legal claim or if you have granted your consent to this.
Withdrawal of consent
You can withdraw your consent at any given time. Please note that if you withdraw your consent, we may not be able to offer you specific services or products. Note also that we will continue to use your personal data, for example to fulfil an agreement we have made with you or if we are required to do so by law.
If we use data based on your consent or as a result of an agreement, and the data processing is automated, you have a right to receive a copy of the data you have provided in an electronic machine-readable format.
Contact details and how to complain
You are always welcome to contact us if you have questions about your privacy rights and how we register and use personal data. You can contact our Data Protection Officer by sending an e-mail to firstname.lastname@example.org.
If you are dissatisfied with how we register and use your personal data, and your dialogue with the Data Protection Officer has not led to a satisfactory outcome, you can contact our complaints handling unit: Danske Bank, Legal Department, Box 7523, 103 92 Stockholm. You can also file a complaint with the Swedish Data Protection Agency: Datainspektionen, Box 8114, 104 20 Stockholm, e-mail: email@example.com.