Personal data is in most cases collected directly from you or generated as part of your use of our services, products and channels. Sometimes additional information is required to keep information up to date or to verify the information that we collect.
In some cases we also collect and process personal data about persons associated with you, for example employees, beneficial owners, agents, guarantors, chargers, payers, persons who are in contact with Nordea in respect of a single banking transaction, and other individuals with whom we interact and collaborate with.
1a. The types of personal data we collect
The categories of personal data that we collect and use are listed below. We have provided examples of the types of personal data that fall within each category. Please note that the list of examples is not exhaustive. The type of personal data that we collect about you will depend on the service or product we are providing to you as a customer.
-
Identification information: such as your national identification number, full name, copy of your passport or driver’s license, Netbank ID, Mobile bank ID and IP address.
-
Contact information: such as physical address, phone number and e-mail address.
-
Financial information: such as income, account information, asset and debt information, transactional data, credit history, insurance history, credit/payment card details, and type of agreement that you have with us.
-
Information related to legal requirements and taxation: such as asset and debt information, country of taxation or foreign tax payer reference, Energy Performance Certificate Data and information required to be collected for customer due diligence and preventing money laundering and terrorist financing.
-
Profile information: such as citizenship, demographic information, marital status, household composition and occupation.
-
Nordea relationship information: such as the history of the customer relationship between you and Nordea.
-
Special categories of personal data: such as information concerning health for some insurance-specific products provided from the Nordea life and pension companies, and information on trade-union membership related to certain loan or life and pension products.
1b. The sources from which we gather your personal data
From you
We collect information you provide directly to us. For example, when becoming a new customer, we collect personal data such as name, national identification number, e-mail address and phone number. We also collect income and debt information to be able to provide you with the product or service in question. Nordea furthermore collects information such as messages you have sent as feedback, requests in our digital channels, when subscribing to our newsletters, or when becoming a follower on or commenting in our social media channels.
From third parties
To offer you products and services, comply with statutory requirements, and for other purposes such as profiling and product optimisation, we may collect your personal data from third parties, including publicly available and other external sources.
For example, when you apply for a loan from us, we may collect information in relation to your loan from other sources, such as centralised credit information providers which collect loan information from other creditors. To ensure your personal data is accurate and up-to-date, we receive periodic updates of some personal data categories from third parties (e.g. public authorities).
Examples of third party data sources include:
-
Registers held by governmental agencies (such as population registers and registers held by tax authorities, company registration offices, enforcement authorities, etc.
-
Financial sanction lists (for example, lists held by international organisations such as the EU and UN as well as national organisations such as Office of Foreign Assets Control (OFAC)).
-
Registers held by credit-rating agencies and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
-
In connection with payments, we collect information from remitters, shops, banks, payment service providers and others.
-
Health data from health institutions (for our Life and Pension companies).
-
From other companies in the Nordea Group or other entities which we collaborate with.
-
Publicly available data, for example from social media or via search engines. Social media may also share data with us in accordance with your personalised privacy settings in those channels/media.
-
Providers of business-risk screening services.
-
Profiling data from external business partners.
1c. Recording of telephone conversations, online meetings and storage of chat conversations
We record phone calls and chat conversations for documentation of customer requests, verification of orders, security and fraud management purposes, and to fulfil legal requirements. For example, online meetings, telephone and chat conversations are stored to document what happened and was said during the conversation, including any agreements entered into. Moreover, we record conversations that lead or may lead to securities transactions. In some countries, we use a recording for quality control of services delivered, training of employees, educational purposes and for improvement of our processes, if allowed by law. You can read more about recording of conversations at this link.
1d. Video surveillance
For security purposes, including crime prevention, we have cameras in our branch offices and ATMs. In Nordea's premises, camera surveillance is used as part of our security work. Areas that are under camera surveillance are marked with signs. The purpose of camera surveillance is to prevent and investigate crime and increase security. Nordea has assessed that it is necessary for the bank's legitimate interest in preventing and investigating crime. In case of suspicion of a crime, we process personal data so that legal claims can be established, asserted or defended. Recorded material can be shared with authorities if it is necessary for criminal investigation.