Danske Bank s privacy ntice Danske Bank A/S is a financial cmpany that prvides yu with financial advice and related services. This privacy ntice describes hw we prcess yur persnal data in Finnish functins f the Danske Bank Grup. Danske Bank s Finnish functins have the fllwing cntrllers: Finnish branch f Danske Bank A/S, Danske Invest Fund Management Ltd and Danske Mrtgage Bank Plc. Infrmatin abut the cntrllers is available n ur website. When d we save and use yur persnal data? We save and use yur persnal data s that we can ffer yu the best pssible advice and slutins, enter int agreements with yu and fulfil ur statutry bligatins. This means that we save and use persnal data when: Yu have signed r are cnsidering signing an agreement n a prduct r service we are ffering. (GDPR art. 6.1(b)) Yu have given yur cnsent t use yur persnal data fr a specific purpse. (GDPR art. 6.1(a)) This is ur statutry bligatin in accrdance with the fllwing acts, fr example: Act n Detecting and Preventing Mney Laundering and Terrrist Financing Tax Assessment Prcedure Act Cnsumer Prtectin Act Act n Strng Electrnic authenticatin and Finnish Trust Netwrk Credit Infrmatin Act Act n Credit Institutins Payment Services Act Act n the Prtectin f Privacy in Electrnic Cmmunicatins This is necessary in rder t prtect the lawful interests f Danske Bank r a third party. Fr example, this means preventing any unlawful use and lsses, safeguarding infrmatin security and safe payments and/ r marketing ur services. We nly act in this way if the basic rights and liberties requiring persnal data prtectin d nt replace lawful interests as the basis f prcessing. What type f persnal data d we save and use? We save and use the fllwing persnal data: Yur name, cntact details and persnal identity cde Yur financial infrmatin, such as infrmatin abut yur incme, securities r yur lan r credit rating Infrmatin abut yur educatin, prfessin r wrk Infrmatin abut yur family and husehld Cpies f yur identity dcuments, such as yur passprt, driving licence r fficial certificate Infrmatin abut the prducts and services delivered t yu, yur use f the prducts and services, and yur preferences. Reference n. 373/08 Dcument n. 576889-v1 Registered dmicile and address Helsinki, Televisikatu 1, FI-00075 DANSKE BANK Danske Bank A/S, Cpenhagen Danish Business Authrity CVR-n 61 12 62 28
Infrmatin abut specific persnal data grups We nly save infrmatin abut specific persnal data grups when this is necessary in rder t give advice r t ffer a prduct r service t yu. We request yu express cnsent t saving infrmatin abut specific persnal data grups (GDPR art. 9.2(a)), unless we are legally authrised t save it withut yur cnsent (GDPR art. 9.2(f)), fr example, in rder t fulfil legal requirements. We may save the fllwing infrmatin abut yu: Infrmatin abut an emplyee assciatin membership Health and bimetric infrmatin Our ability t ffer the best pssible advice and slutins t yu largely depends n hw well we knw yu. This is why it is imprtant that the infrmatin yu prvide is crrect and accurate, and that yu keep us infrmed f any changes in yur persnal data. Why and hw d we save and use yur persnal data? We save and use yur persnal data in rder t ffer yu financial advice and services, such as: Payment services Accunts Lans and credit Electrnic banking slutins Investment services and advice Insurance services We als save and use yur persnal data fr ther purpses related t the prvisin f specific prducts and services, such as: Custmer service, advice and management Evaluatin f the credit rating Develpment and management f ur prducts, services and business peratins Marketing ur prducts and services Defining the prices and fees f ur prducts and services Identifying and authenticating ur custmers Risk management Cllecting utstanding debts Prtecting Danske Bank and its custmers against misuse Fllwing statutry requirements We cllect persnal data, fr example, when: Yu cmplete applicatins and ther frms t rder prducts and services. Yu send us dcuments. Yu call us. We will tell yu if we recrd ur telephne cnversatins. If we talk t yu abut investment services, we are bligated t save and stre ur telephne cnversatins. Yu use ur website, mbile banking services, prducts and services. Yu take part in ur custmer surveys r campaigns. Reference n. 373/08 Dcument n. 576889-v1 Registered dmicile and address Helsinki, Televisikatu 1, FI-00075 DANSKE BANK Danske Bank A/S, Cpenhagen Danish Business Authrity CVR-n 61 12 62 28
Hw lng d we stre yur persnal data? We nly stre yur persnal data fr as lng as is necessary cnsidering the purpse f use, fr which yur data was riginally saved and used. Fr example, accrding t the Act n Detecting and Preventing Mney Laundering and Terrrist Financing, we stre data fr at least five years after the end f a business relatinship r a single transactin. Therefre, we keep yur infrmatin as lng as we are prviding a financial service r prduct t yu. When yur business cnnectin with us has terminated we nrmally keep yur data fr a further 7 years. This is primarily due t ur bligatins under the Bkkeeping Act, the Anti-Mney Laundering Act and requirements frm the Financial Supervisry Authrity. In certain circumstances we keep yur infrmatin fr a lnger perid f time. This is the case fr example: if yur persnal infrmatin frm part f ur calculatin f ur capital requirements then we may keep yur infrmatin fr up t 20 years, If the statute f limitatin is 10 years then we may keep yur data fr up t 10 years. Third parties and yur persnal data Yur persnal data disclsed by third parties We save and use yur persnal data btained frm third parties, such as: Shps, banks and ther payment service prviders when yu use yur credit r payment cards, nline banking services r ther payment services. We save and use yur persnal data s that we can carry ut payment assignments and prepare accunt statements, lists f transactins and ther similar summaries. The Ppulatin Register Centre and ther public surces and registers. We save and use infrmatin btained frm third parties, fr example t check the crrectness f yur persnal data. Credit rating institutins. We save and use yur persnal data t assess yur credit rating, and we update this data regularly. Danske Bank Grup s units and partners, including crrespndent banks and ther banks, if yu have given yur cnsent t this r if this is permitted by law. We save and use yur infrmatin, fr example, s that yu can use banking services abrad. Yu can get a cpy f the standard cntract by cntacting us. Third parties t which we disclse yur persnal data We can disclse yur persnal data within the Danske Bank Grup r t third parties in the fllwing situatins: If yu have asked us t transfer a payment, we will disclse necessary persnal data t third parties t authenticate yu and t cmplete the payment transactin. We can disclse yur persnal data t the authrities in different situatins defined in the legislatin, such as tax fficials, the plice and executin and supervisry authrities. If yu have given yur cnsent r if this is permitted in accrdance with the valid legislatin, we can disclse yur persnal data within the Danske Bank Grup and t its external parties, including crrespndent banks and ther banks. If yu fail t fulfil yur bligatins twards Danske Bank, we can reprt it t credit rating institutins in accrdance with applicable regulatins. We transfer yur persnal data t data prcessrs, including data prcessrs lcated utside the EU and the EEA, and t Danske Bank India fr ICT develpment, maintenance and supprt. We ensure that yur rights are prtected and that yur data privacy is maintained in data transfers by fllwing standard agreements apprved by the Eurpean Cmmissin and the Data Prtectin Ombudsman. Reference n. 373/08 Dcument n. 576889-v1 Registered dmicile and address Helsinki, Televisikatu 1, FI-00075 DANSKE BANK Danske Bank A/S, Cpenhagen Danish Business Authrity CVR-n 61 12 62 28
Prfiling and autmatic decisins Prfiling Prfiling means that yur persnal data is prcessed autmatically. We use prfiling and mdelling, fr example, t ffer targeted prducts and services, prevent mney laundering, define the prices f specific prducts and services, discver any misuse and assciated risks, assess the prbability f the nn-payment risk, evaluate assets and carry ut marketing activities. Autmatic decisins Autmatic decisins mean that we use ur systems t make decisins n the basis f the infrmatin we have abut yu. Fr example, we use autmatic decisins t grant lans r credit cards and t prevent any misuse. Thrugh autmatic decisins, we aim t ensure that ur decisins are quick, fair, efficient and accurate. Yur rights Viewing persnal data Yu can view yur persnal data we have saved and use, and btain infrmatin abut where the data has been btained and fr what purpses d we use it. Yu can als btain infrmatin abut hw lng we stre yur persnal data and wh has access t yur persnal data, insfar as we disclse it. Hwever, the legislatin, the prtectin f ther peple s persnal data and any limitatins set by ur business activities and practices may restrict yur right t btain infrmatin. Furthermre, ur knw-hw, business secrets and internal audits and material can be excluded frm yur rights t btain infrmatin. Manual prcessing Yu can btain infrmatin abut hw an autmatic decisin was made and what cnsequences the decisin has. Yu als have the right t request an autmatic assessment t be prcessed manually. Right t bject In certain circumstances, yu have a right t bject t ur prcessing f yur persnal infrmatin. This is the case fr example when the prcessing is based n ur legitimate interest. Objectin t direct marketing Yu have the right t bject t ur use f yur persnal infrmatin fr direct marketing purpses, including prfiling that is related t such purpse. Crrecting r remving yur persnal data held by Danske Bank If yur persnal data is incrrect, incmplete r irrelevant, yu have the right t request that the data is crrected r remved. This means that yu have the right t have yur data rectified r remved and the right t be frgtten. Restricted use If yur persnal data is incrrect r if yu have refused the use f yur persnal data, yu have the right t demand that the use f yur persnal data is restricted t saving it. The use f yur persnal data will be restricted t saving, until the crrectness f the data can be verified r until it can be checked whether ur lawful interests are mre significant than yur interests. Yu can have the right t have yur persnal data remved, r yu can request us t restrict the use f yur persnal data t saving it. If we need t use yur persnal data t prepare a legal claim, yu can demand that the use f this data is restricted t saving it. Hwever, we may have the right t use yur data fr ther purpses in rder t prepare a legal claim r if yu have given yur cnsent t it. Revking cnsent Yu can, at any time, revke yur cnsent. Please nte that, if yu revke yur cnsent, we may nt be able t ffer yu specific prducts r services. Furthermre, please nte that we will cntinue t use yur persnal data in rder t fulfil an agreement signed with yu r if this is necessary n the basis f the legislatin. Reference n. 373/08 Dcument n. 576889-v1 Registered dmicile and address Helsinki, Televisikatu 1, FI-00075 DANSKE BANK Danske Bank A/S, Cpenhagen Danish Business Authrity CVR-n 61 12 62 28
Transfer f data If we use yur persnal data n the basis f yur cnsent r an agreement and yur persnal data is prcessed autmatically, yu have the right t btain a cpy f the data yu have prvided in electrnic machine-readable frmat. Cntact infrmatin and cmplaints Yu can cntact us at any time if yu have any questins abut yur rights t prtect yur persnal data r abut the saving and use f yur persnal data. Yu can send a cntact request in nline banking services, by using the nline frm at www.danskebank.fi, by calling the telephne service (+358 200 2580) r by visiting a branch ffice during its pening hurs. Yu can als cntact ur data prtectin functin (dpfunctin@danskebank.cm). Yu can file a cmplaint with the Data Prtectin Ombudsman: Data Prtectin Ombudsman, Ratapihantie 9, 00520 Helsinki; email: tietsuja@m.fi. Reference n. 373/08 Dcument n. 576889-v1 Registered dmicile and address Helsinki, Televisikatu 1, FI-00075 DANSKE BANK Danske Bank A/S, Cpenhagen Danish Business Authrity CVR-n 61 12 62 28