1. Processing of personal and customer data
1.1 Collection of personal and customer data
Nordea collects data for the purpose of conducting banking operations and providing financial services of any kind. For example:
- Cards
- Digital banking solutions
- Insurance and pension services
- Payments
- Advisory services, customer care and customer administration
- Credit assessment
- General compliance with legislative requirements
- New products, research and marketing, including analyses of the use of social media to provide better and more targeted marketing, services and advice.
The data can be grouped into the following overall categories:
- Identity data, such as name, passport and driving licence
- Contact data, such as postal address, e-mail address and phone number
- Financial data, such as income, assets and liabilities
- Data traffic on our digital platforms
- Sensitive data
- Legally required and taxation data
As regards the latter category we are legally required to collect the following data (and relevant documentation) for identification of you and reporting to the authorities:
- Data about you: name (documented by copies of passport, driving licence, health insurance card or similar), addresses and personal registration (CPR) number or business registration (CVR) number. For corporate customers we are required to collect data on the company’s legal form, controlling owners, management and provisions regulating the powers to bind the company as well as data about the company’s beneficial owners. In case of a foreign address, data about the home country and foreign tax identification number is collected.
- Data about your customer relationship with us, the origin of your funds, and transaction data so that we can identify any unusual transactions and transaction patterns.
We moreover collect data that we – based on a risk assessment – find necessary to comply with the Danish Money Laundering Act and to prevent money laundering. Personal data collected in compliance with the Danish Money Laundering Act may only be processed with a view to preventing money laundering and financing of terrorism. Other examples of laws that require us to process specific types of data are the Danish Tax Reporting Act:
When you buy and sell financial instruments (for example equities and bonds) through Nordea, we collect data about citizenship and tax identification number and/or other data required or relevant for reporting your transactions in financial instruments to the authorities. We also collect corporate customers’ LEI codes (legal entity identifier).
In accordance with the provisions of legislation, we anonymise all types of financial, demographic, transaction and card data for statistical purposes and for the development and testing of new products and services.
In order to make payments, prepare bank statements, payment summaries etc we collect data from beneficiaries, shops and banks when you use credit or cash cards, Netbank, payment services or other forms of payment transmission services.
We collect data from publicly available sources and registers, for example the Danish Civil Registration System, the Central Business Register, virk.dk and EU or UN sanctions registers (see the Danish Ministry of Foreign Affairs’ list of sanctions) or similar (for example US authorities such as OFAC). We also collect data about you, the beneficial owners and politically exposed persons and their closely related parties from international information providers and other publicly available sources. We search for inform<ation on the internet, for example, when this, after a risk assessment, is deemed warranted and in accordance with the guidelines issued by the Danish Financial Supervisory Authority. When doing a credit assessment we may check whether other companies of the Nordea Group (if allowed under the law or you have given your consent), credit rating agencies or warning registers have registered data on you.
We also receive information from other companies of the Nordea Group when they report to the Money Laundering Secretariat with the Danish State Prosecutor for Serious Economic and International Crime as required by the anti-money laundering legislation.
In addition, we receive data about you from other companies of the Nordea Group and collaboration partners (including correspondent banks and other financial institutions) if you have given your consent or there is a legal basis, including Article 6(1) of the General Data Protection Regulation (GDPR).
Social media may share data with us in accordance with your personalised privacy settings in those channels/media.
1.2 Storage of personal and customer data
We keep your data as long as the data is necessary for the purposes for which they were collected, processed and/or kept on record.
Under the Danish Money Laundering Act, data, documents and registrations are kept for at least five years after the termination of the business relationship or execution of the individual transaction.
1.3 Recording of telephone conversations, online meetings and video surveillance and storage of chat conversations
Telephone and chat conversations, including online meetings, are recorded and stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions etc.
For security reasons, including crime prevention and investigation purposes, we use video surveillance etc to monitor, for example, customer transactions, entrance areas, fronts of buildings, access and escape routes and ATMs.
1.4 Data traffic
We process data on the use of nordea.dk and our digital platforms such as Netbank and the mobile banking app.
We use cookies and similar technologies to deliver targeted products and services and to provide a safe online environment. The aim is to provide better digital experiences and make our content more relevant for you.
You can find more information on cookies, including our cookie policy and access to cookie settings at nordea.dk/persondata.