Your Privacy in DNB Bank ASA Sweden Branch

Data controller

The data controller is responsible for determining what your personal data will be used for, how it will be processed and what aids and tools will be used.

The controller for the processing of your personal data is DNB Bank ASA, Sweden branch, org.no. 516406-0161 (“DNB”).

If you have any questions regarding the processing of your personal data, you may contact our Data Protection Officer (DPO) at dataskyddsombudet@dnb.se.

If you would like to exercise your rights below, such as request for access, data portability, rectification, deletion or restriction of your personal data, you must submit “Exercise your rights” below and send it to us.

Utöva dina rättigheter (Swedish form)

Exercise your rights(English form)

If you have access to the DNB Portal, please log in and send the request from this portal. You will find the form under “My profile.”

If you don’t have access to DNB Portal, you can submit the form by email to Dataprotection@dnb.se or you can print out a copy and post it to us at the following address:

DNB Bank ASA Filial in Sverige

Att. Dataprotection

105 88 Stockholm

You have the right to know whether we process your personal data. This means that you have a right to be given a copy of/access to this data. You also have the right to receive more detailed information about what personal data we process and how we process it.

There are some exceptions to the right of access. This typically applies where we have a statutory duty of confidentiality, or where we are required to keep information secret in the interest of preventing, investigating or prosecuting criminal acts. If DNB cannot provide you with the information you request, you will be notified of the reason for this in writing.

How to exercise your right of access

If you would like to request information about the personal data we hold about you (Data Subject Access Request), please fill out and send the form above or contact us in writing at the address provided under “How to exercise your rights”.

If you believe that we are processing personal data about you that is inaccurate or misleading, you may require the data to be corrected or supplemented by additional information. You must be able to show that the data is inaccurate and inform us as to what is correct. After your enquiry, we will make sure to correct the incorrect personal data as soon as possible, and normally no later than within one month.

There may be cases where rectification is not practically possible, or where the information is correct but gives an incorrect impression. In these cases, we will ensure that your data is supplemented with additional information. That is, we will include your understanding of the situation, so that others will have a comprehensive overview of your situation.

If we have corrected your personal data, and we have previously provided that data to any third parties, we will attempt to notify those recipients of the changes if relevant. The obligation to notify of any changes does not apply if it proves to be virtually impossible for the recipient to implement corrections.

How to request rectification or supplementation with additional information

If you would like to request rectification or supplementation with additional information of your personal data, please fill out and send the form above or contact us in writing at the address provided under “How to exercise your rights”.

Remember that you also can edit your own personal data in the DNB Portal.

The right to object gives you, in certain cases, the opportunity to request that we stop using your personal data. We will always consider and respond to such an objection.

When processing personal data for direct marketing purposes, you always have the right to object (right to opt out).

The right to object applies in different contexts with slightly different conditions:

• In cases where your personal data is processed because it is necessary to attend to a legitimate interest. Or because it is necessary to perform a task in the public interest. In such cases, you have the right to object on grounds relating to your particular situation. We address such objections specifically and individually. We may reject the objections if there are compelling reasons.
  
• In cases where your personal data is processed for direct marketing purposes without your consent. In these cases, we will always make sure to stop the processing of your personal data.
  
• If your personal data is processed for scientific or historical research purposes or for statistical purposes. In such cases, you may have the right to object on grounds relating to your particular situation. We will process your objection as quickly as possible.

How to exercise your right to object in DNB

If you would like to object to a specific processing of your personal data, please fill out and send the form above or contact us in writing at the address provided under “How to exercise your rights”.

For a more detailed overview of what types of processing you can object to, see the chapter entitled ‘Why we process personal data’. You may always request that we stop using your personal data for marketing aimed directly at you, including profiling for such a purpose.

For any use where we use your consent as a legal basis, you can revoke your consent at any time by contacting us at the contact details above or by following the steps below. If you revoke your consent, you may not be able to use our products and services in the intended way.

For DNB Corporate Banking and Markets customers:

All of our newsletter has a subscribe link where you can revoke your consent and unsubscribe the marketing emails. If you have access to DNB Alpha, you can also log in and revoke your consents on these pages.

For DNB Finance customers:

When you have access to DNB-portal, you can revoke your consent directly in the portal when you are l.

You have the right to receive certain personal data that we process about you so that it can be reused across different systems and services. The information you request is sent directly to you in a machine-readable format and may make it easier for you to transfer your information to a new service provider. This right is called ‘data portability’ and applies only to the personal data that:

• you yourself have provided directly, and
  
• is processed on the basis of your consent, or
  
• is processed on the basis of an agreement that we have with you.

Exceptions: You are not entitled to receive the following personal data, even if the above conditions are met:

Personal data that is only available in paper form or as scanned documents in our electronic archives.

The transfer of your data infringes the rights of others.

Personal data that is not collected directly from you and is thus not covered by this right.

Personal data prepared in analyses or assessments for internal use.

How to request to have your personal data in DNB transferred to others

To request a portable copy of the personal data in scope of data portability, please fill out and send the form above or contact us in writing at the address provided under “How to exercise your rights”.

We will provide your data in a structured, commonly used and machine-readable format.

If we process personal data about you, you have, in some cases, the right to demand that your data will be deleted.

You may request the erasure of personal data if one of the following grounds is met:

• You withdraw your consent for the processing.
  
• You have objected to the processing of the data that you request to be deleted, and your objection is upheld. See more about the right to object above.
  
• The data you request to be deleted has been processed unlawfully.
  
• The information must be deleted in order to comply with a legal obligation to which we are subject.

In many cases, we are required to retain information about you, even if you request erasure. This applies both during your customer relationship, and for a certain time after agreements and your customer relationship has ended. In practice, this means that you cannot demand that your personal data be deleted when we have a legal obligation to retain your personal data or we must safeguard our legitimate interests. This also applies if we need to establish, exercise or defend a legal claim.

How to exercise your right to erasure in DNB

If you wish to request the erasure of your personal data, please fill out and send the form above or contact us in writing at the address provided under “How to exercise your rights”.

Do not use this channel if you wish to terminate a product or agreement. Instead, please contact customer service by chat or phone at the following numbers.

For DNB Corporate Banking and Markets customers:

cmservices@dnb.se

+46(0)84734100

For DNB Finance customers:

+46(0)4734710

You can also login with your Bank-ID through DNB Portal and contact us in a written form.

Depending on your relationship with us and the products and services you use, we process the following types of personal data:

• Identification data: full name, gender, Swedish national identity number, temporary identification number (D number), customer number, copy of passport, driving licence.
  
• Contact details: name, address, telephone number, email address.
  
• Business relations: profession, roles in own and others’ customer relationships.
  
• Relationship data: information about spouse, cohabitant, children and marital status.
  
• Demographic data: income, education level and family structure.
  
• Financial data: information related to type of product and service agreement, employment situation (salary, FTE percentage), transaction data, credit history, account number and insurance history.
  
• Images, video or audio files.
  
• Data relating to the status of a "politically exposed person" such as a member of a national parliament, member of government, holder of a senior position in a state-owned company or the like.
  
• Digital behavioural data: type and technical number of digital device (e.g. PC or mobile phone), clicks, login and how the digital device arrived at our site, browser type and operating system.
  
• Special categories of data: health data e.g. in connection with insurance products you have purchased, trade union membership, biometric data for proof of identity.
  
• Criminal convictions
  
• Other: In addition to the categories above, we also process other types of personal data when necessary for a specific type of processing. We will inform you about this when we collect the data.

Most of the personal data that we collect and process will come directly from you, for instance when we process an application for a loan and other products and services we offer.

If you are affiliated with a company or other business that is a customer of DNB, we will collect and use your personal data if you are the owner, signatory or user of the company’s account.

Other examples where we collect personal data directly from you are:

• When you become a customer and we need to ask for your personal data in order to provide you with the product or service we offer.
  
• When you provide feedback through our digital channels and via chat.
  
• When you have been in contact with us, and we ask about your experience in order to provide better customer service.
  
• When we provide investment services and are required by law to make and retain recordings of phone- and video calls and sms-conversations.

Cookies are small text files that are stored and read on your device, for example on your computer or mobile phone, when you visit a website. Among other things, cookies make it possible to distinguish visitors to a website from each other and to collect data about how they use the website.

DNB.se only use necessary cookies.

As a visitor, you can decide for yourself whether you want your device to accept necessary cookies or not. If you do not want your device to receive cookies, you have the option to adjust the settings on your browser so that it automatically declines cookies. You can also choose to be informed each time a website wants to store a cookie on your device.

Please note that if you do not accept your device to receive cookies, this will affect the technical functionality of the website.

There are several situations where we share personal data with third parties. Such third parties include e.g. the authorities, payment service providers and business partners. In some cases, we may also need to provide information at the request of authorities such as the Swedish Financial Supervisory Authority, the Swedish Tax Agency, The Swedish Financial Intelligence Unit and the Swedish Social Insurance Agency, or to other parties in the context of judicial or corporate acquisition processes or the like.

Data protection rules and legislation regulate how and when such sharing with third parties may take place. In addition, there are provisions on confidentiality in several other acts that apply to the financial and securities sectors.

In order to provide our services and products, there are situations where we need to disclose your personal data. For example, if you have instructed us to transfer money or securities, we will need to disclose certain information to relevant third parties in the transaction to perform the transfer.

A data processor is a third party who processes personal data on our behalf. The data processor does not have its own purposes for processing personal data.

We have a data processor agreement with all our data processors, which regulates how and what personal data should be processed. This is how we ensure that personal data is processed in accordance with data protection rules and legislation and meets our own requirements for the processing of personal data.

We have data processors in Sweden and in other countries both inside and outside the EEA, such as:

• software providers
  
• cloud solution providers
  
• distributors and agents
  
• sourcing partners
  
• consultants
  
• companies in the DNB Group.

DNB is a group consisting of different companies, and thus there are multiple companies that are data controllers. There may be one or more companies within the Group that are the data controller for your personal data, depending on your relationship with one or more companies.

Sometimes we need to share personal data about you within the Group. For instance, this may be to fulfil customer agreements, to meet obligations under company law because requirements to our information security make it necessary, or due to anti-money laundering obligations. It may also be because we have a legitimate interest for various purposes mentioned in the privacy notice.

There are strict rules on confidentiality for financial services and investment firms, including for companies in the DNB Group. Before sharing personal data, we will always ensure that we also comply with our duty of confidentiality.

DNB has a shared customer register. The purpose of the Group customer register is to manage your customer relationship and coordinate offers of services and advice from the various companies in the DNB Group. The Group customer register contains information about you, such as name, date of birth, address and other contact details, which Group company you are a customer of, and the services and products for which you have entered into an agreement.