On the following pages you can read about our processing of your data and about your rights. The information has been updated with effect from 8 October 2021.
This page has been translated from Danish into English. However, the original Danish text is the governing text for all purposes, and in case of discrepancy the Danish wording will be applicable.
Read the original Danish textFollowing the introduction of the EU’s General Data Protection Regulation (GDPR) we have updated our policy on data processing. On the following pages you can read about our processing of your data and your rights. The document is divided into seven sections:
1. Processing of personal and customer data
Which types of data do we process and store and for which purposes?
2. Legal basis for processing personal and customer data
What is the legal basis for our processing of your data?
3. Disclosure and transfer of personal and customer data
When do we disclose data about you – internally at Nordea and to other parties?
4. Your rights
What rights do you have to access your data, to have your data erased or to restrict the use of your data?
5. Changes to Data processing policy
When and how can we change this document?
6. Complaints about Nordea’s data processing
What are your options to complain about our processing of personal data?
7. Controller and contact information
How can you contact us?
We collect and process data about existing and potential corporate and personal customers. In some cases we also collect and process data about persons associated with our customers, for example employees, beneficial owners, agents, guarantors, chargors – and persons who are in contact with Nordea in respect of a single banking transaction. All data about you is comprised by the bank secrecy rules. The data is protected by us and cannot be disclosed without valid reasons.
Nordea collects data for the purpose of conducting banking operations and providing financial services of any kind. For example:
The data can be grouped into the following overall categories:
As regards the latter category we are legally required to collect the following data (and relevant documentation) for identification of you and reporting to the authorities:
We moreover collect data that we – based on a risk assessment – find necessary to comply with the Danish Money Laundering Act and to prevent money laundering. Personal data collected in compliance with the Danish Money Laundering Act may only be processed with a view to preventing money laundering and financing of terrorism. Other examples of laws that require us to process specific types of data are the Danish Tax Reporting Act:
When you buy and sell financial instruments (for example equities and bonds) through Nordea, we collect data about citizenship and tax identification number and/or other data required or relevant for reporting your transactions in financial instruments to the authorities. We also collect corporate customers’ LEI codes (legal entity identifier).
In accordance with the provisions of legislation, we anonymise all types of financial, demographic, transaction and card data for statistical purposes and for the development and testing of new products and services.
In order to make payments, prepare bank statements, payment summaries etc we collect data from beneficiaries, shops and banks when you use credit or cash cards, Netbank, payment services or other forms of payment transmission services.
We collect data from publicly available sources and registers, for example the Danish Civil Registration System, the Central Business Register, virk.dk and EU or UN sanctions registers (see the Danish Ministry of Foreign Affairs’ list of sanctions) or similar (for example US authorities such as OFAC). We also collect data about you, the beneficial owners and politically exposed persons and their closely related parties from international information providers and other publicly available sources. We search for inform<ation on the internet, for example, when this, after a risk assessment, is deemed warranted and in accordance with the guidelines issued by the Danish Financial Supervisory Authority. When doing a credit assessment we may check whether other companies of the Nordea Group (if allowed under the law or you have given your consent), credit rating agencies or warning registers have registered data on you.
We also receive information from other companies of the Nordea Group when they report to the Money Laundering Secretariat with the Danish State Prosecutor for Serious Economic and International Crime as required by the anti-money laundering legislation.
In addition, we receive data about you from other companies of the Nordea Group and collaboration partners (including correspondent banks and other financial institutions) if you have given your consent or there is a legal basis, including Article 6(1) of the General Data Protection Regulation (GDPR).
Social media may share data with us in accordance with your personalised privacy settings in those channels/media.
We keep your data as long as the data is necessary for the purposes for which they were collected, processed and/or kept on record.
Under the Danish Money Laundering Act, data, documents and registrations are kept for at least five years after the termination of the business relationship or execution of the individual transaction.
Telephone and chat conversations, including online meetings, are recorded and stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions etc.
For security reasons, including crime prevention and investigation purposes, we use video surveillance etc to monitor, for example, customer transactions, entrance areas, fronts of buildings, access and escape routes and ATMs.
We process data on the use of nordea.dk and our digital platforms such as Netbank and the mobile banking app.
We use cookies and similar technologies to deliver targeted products and services and to provide a safe online environment. The aim is to provide better digital experiences and make our content more relevant for you.
You can find more information on cookies, including our cookie policy and access to cookie settings at nordea.dk/persondata.
To be a customer of Nordea you are legally or contractually required to provide us with certain data. See the preceding section for examples of such data.
The legal basis for our data processing is financial sector regulations and other legislation, including:
Also, we may process your data if this is required in connection with an agreement you have entered into or are considering entering into with us. Processing is also possible if you have given your consent as stated in points (a) and (b) of Article 6(1) of the General Data Protection Regulation (GDPR) or if any of the other conditions for processing set out in Article 6(1) and Article 9 apply.
In addition, we process your data when required on the basis of a legitimate interest of Nordea – for example to prevent misuse and losses, strengthen IT and payment security and/or for direct marketing purposes.
To comply with agreements with you – for example if you have instructed us to transfer an amount – we disclose the information about you that is necessary to identify you and to execute the transaction.
We also disclosure information about you to public authorities. This is done to the extent that we are legally required to do so. As part of this, we disclose data to the Money Laundering Secretariat with the Danish State Prosecutor for Serious Economic and International Crime as required by the Danish Money Laundering Act, to the Danish tax authorities under the Danish Tax Reporting Act and the Danish Tax Control Act and to the Danish central bank, which for example uses the data for statistical purposes.
Outward international transfers are made through SWIFT, which is an international partnership between financial institutions. Under US legislation, SWIFT is under an obligation to disclose information to the US authorities about international transfers if there is reason to believe that the transfer concerns money laundering or financing of crime or terrorism. Accordingly, such information may be disclosed to the US authorities.
Anonymised data, which is information that cannot be linked to a natural person, can be disclosed to or otherwise shared with public authorities and private undertakings. You can object to your personal data being used in external statistics and manage your consent via Nordea’s digital channels or by contacting Nordea.
In addition, with your consent or if it is allowed under the law, we disclose data about you internally at the Nordea Group and to collaboration partners (including correspondent banks and other financial institutions) and other businesses if compliant with current legislation. This data can include images recorded during video surveillance.
If you default on your obligations, we may report you to credit reference agencies and/or warning registers in accordance with the rules in force.
In connection with IT development, hosting and support, personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. A list of such third countries is available at nordea.dk/persondata.
We use standard contractual clauses approved by the EU Commission or the Danish Data Protection Agency to ensure that your rights and the data protection level follow your data. See the standard contractual clauses at nordea.dk/persondata.
You have a right of access to the data that we process about you and to know where it comes from and what we use it for. You also have the right to know who receives your data to the extent that such data is disclosed.
However, your right of access may be restricted by law or in order to protect other persons’ privacy or our business concept and practice. Moreover, our know-how and protected business knowledge and internal assessments and material may be exempted from the right of access.
You may at any time object to the processing of your personal data for the purpose of direct marketing and profiling in connection with marketing.
We may in some cases use automated decision-making, for example when it is authorised by legislation, when you have provided an explicit consent or when it is necessary for the performance of a contract. One example is the automated credit approval process in our online channels. You have the right to know how an automated decision about you was made and the consequences of the processing. Also, you can require manual processing of an automated decision.
If data about you is incorrect, incomplete or irrelevant, you are entitled to have it corrected or erased to the extent allowed by law.
If you contend the correctness of the data we have registered on you, or you have objected to the processing of your data in accordance with Article 21 of the General Data Protection Regulation (GDPR), you may require that we restrict our processing of such data to storage.
Our processing is only restricted to storage until it is ascertained that the data is correct or that our legitimate interests override your interests.
If you are entitled to erasure of the data which we have registered about you, but the data is necessary to enforce a legal claim, you may request that Nordea restricts the processing of such data to storage.
Even when processing of your data has been restricted as described above, Nordea may process your data in other ways if this is necessary to enforce a legal claim or you have given your consent.
You may at any time withdraw your consent to disclose data that requires your consent. You can always contact us if you want to withdraw your consent (see under section 7).
If we process your data based on your consent or as part of an agreement, and the processing is done automatically, you are entitled to receive the data electronically that you have yourself disclosed to us.
Our Data processing policy is effective from 8 October2021 and Nordea may change it by giving one month’s notice. The notice is communicated via nordea.dk, Netbank, Netbank konto-kik or one of Nordea’s office banking systems. It may also be communicated via national media.
Changes to your advantage may be implemented without notice.
Complaints about our processing of your personal data should be directed to: Datatilsynet (the Danish Data Protection Agency), Carl Jacobsens Vej 35, 2500 Valby or dt [at] datatilsynet.dk.
Nordea Bank Abp, Finland, is the controller for processing of personal data at Nordea in Denmark, see the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.
Contact information for Nordea:
Nordea Danmark, filial af Nordea Bank Abp, Finland, Grønjordsvej 10, 2300 Copenhagen S, Denmark
Tel: +45 70 33 33 33
nordea [at] nordea.dk Contact information for the data protection officer for Nordea Bank Abp, Finland: Nordea, Group Data Protection Office, Grønjordsvej 10, 2300 Copenhagen S
dataprotectionoffice [at] nordea.com