In­for­ma­tion on the pro­cess­ing of your personal data at Sydbank

The below provides you with in­for­ma­tion on how Sydbank acts as a data con­troller in ac­cor­dance with the data pro­tec­tion rules. Sydbank's Privacy Policy comprises all relevant business lines, sub­sidiaries and employees. You can read how and when we collect, process, disclose and store your personal data.

Personal data is in­for­ma­tion which can be used to identify you - either by itself or combined with other in­for­ma­tion, eg your name, civil reg­is­tra­tion number, account number and income. The in­for­ma­tion is treated in con­fi­dence and in ac­cor­dance with the Danish Financial Business Act, the General Data Pro­tec­tion Reg­u­la­tion, the Danish Data Pro­tec­tion Act and Sydbank's Terms and Con­di­tions.

Our pro­cess­ing of your personal data depends on your re­la­tion­ship with us. In the following you can read more about how we process your personal data when you:

  • use our websites, newslet­ters, email services and ap­pli­ca­tions
  • are a customer
  • are con­sid­er­ing becoming a customer
  • have a con­nec­tion with one of our retail clients
  • have a con­nec­tion with one of our corporate clients or an as­so­ci­a­tion.

How we process personal data you have provided when using our websites, newslet­ters, email services and ap­pli­ca­tions

Via our websites and in our ap­pli­ca­tions we offer a number of services which imply that you enter necessary in­for­ma­tion such as your name, address, account number and email address. This in­for­ma­tion is only used to respond to your enquiry and provide you with the service in question. Moreover we receive in­for­ma­tion about your IP address read more in our in­for­ma­tion about cookies.

We only send newslet­ters if you have signed up and by doing so consented to us con­tact­ing you. You may un­sub­scribe at any time via a link in the newslet­ter.

How we process personal data at Sydbank - when you are a customer

1. Col­lec­tion and pro­cess­ing of personal data

Why do we process personal data about you?

We process personal data about you to be able to serve and advise you, to fulfil our agree­men­ts with you, to protect you and the Bank from fraud and to comply with the statutory re­quire­men­ts imposed on us as a financial un­der­tak­ing.

The Bank processes in­for­ma­tion for the purpose of offering financial services of any kind, including payments, advisory services, customer re­la­tion­ship man­age­ment, customer ad­min­is­tra­tion, insurance mediation and mortgage mediation, credit ratings, internal risk man­age­ment, marketing and ful­fil­ment of oblig­a­tions in ac­cor­dance with leg­is­la­tion.

Which personal data do we process?

Depending on the type of products and services you have or have shown an interest in, we process various in­for­ma­tion about you:

  • Basic personal data, eg name, address, tax-related issues, cit­i­zen­ship, civil reg­is­tra­tion number and any CVR number
  • Financial in­for­ma­tion, eg income, debt and assets
  • In­for­ma­tion about your job, oc­cu­pa­tion and education
  • In­for­ma­tion about your household and your family
  • In­for­ma­tion about the products and services you receive from us, how you use them as well as the purpose and expected scope of your customer re­la­tion­ship with the Bank
  • Copy of proof of identity, eg passport or driving licence
  • We register our com­mu­ni­ca­tions with you and record certain con­ver­sa­tions, eg in con­nec­tion with in­vest­men­ts. We have set up video sur­veil­lance, including at entrances and ATMs.

If you do not provide us with the in­for­ma­tion requested we may be unable to provide you with advisory services or otherwise serve you. In some instances it may mean that the customer re­la­tion­ship must be ter­mi­nated. This could be the case for instance if the in­for­ma­tion is necessary according to leg­is­la­tion.

Sensitive personal data

As a rule Sydbank only collects and processes sensitive in­for­ma­tion about you if you have given your consent, cf Article 9(2)(a) of the General Data Pro­tec­tion Reg­u­la­tion. However if you provide us with material, eg an email or a budget con­tain­ing sensitive personal data about your health or your mem­ber­ship of a political party or a trade union, this will be con­sid­ered your ac­cep­tance that the Bank may store the in­for­ma­tion, for example in the budget you have submitted. The Bank will not use the in­for­ma­tion in other contexts.

In­for­ma­tion from third parties

If you use credit cards or payment cards, e-banking or other payment services, we will obtain in­for­ma­tion from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank state­men­ts, payment overviews etc.

We obtain in­for­ma­tion from the Danish Central Office of Civil Reg­is­tra­tion as well as other sources and records ac­ces­si­ble to the general public. In con­nec­tion with credit as­sess­men­ts we examine whether in­for­ma­tion has been reg­is­tered about you with credit in­for­ma­tion agencies and on warning lists. This in­for­ma­tion is updated for as long as you are a customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

According to the Danish Money Laun­der­ing Act, the Danish Book­keep­ing Act etc, we will store in­for­ma­tion, documents and other relevant reg­is­tra­tions for at least five years after the ter­mi­na­tion of the business re­la­tion­ship or com­ple­tion of the in­di­vid­ual trans­ac­tion.

Subject to request reg­is­tered com­mu­ni­ca­tions and recorded con­ver­sa­tions in ac­cor­dance with the MiFID rules (rules on in­vest­men­ts) are available to you for five years. In ex­cep­tion­al cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video record­ings are stored for no more than 30 days in ac­cor­dance with the Danish TV Sur­veil­lance Act.

We will store certain in­for­ma­tion con­cern­ing lending for at least 20 years in ac­cor­dance with the Capital Re­quire­men­ts Reg­u­la­tion for the purpose of preparing credit models. Fur­ther­more we will store your account number and the most recent entries for 20 years in ac­cor­dance with the pro­vi­sions of the Danish Time Lim­i­ta­tion Act where the in­for­ma­tion concerns a deposit account. This enables us to provide doc­u­men­ta­tion that the account balance has been paid out correctly.

2. Our legal basis for pro­cess­ing your personal data

Sydbank will register and use your personal data where:

  • necessary in order for us to fulfil agree­men­ts on products and services which we make available, cf Article 6(1)(b) of the General Data Pro­tec­tion Reg­u­la­tion
  • you have given consent to the pro­cess­ing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Pro­tec­tion Reg­u­la­tion
  • we are obliged to do so according to leg­is­la­tion, cf Article 6(1)(c) of the General Data Pro­tec­tion Reg­u­la­tion. In addition to the financial reg­u­la­tion in eg the Danish Financial Business Act, re­quire­men­ts exist under other leg­is­la­tion including in par­tic­u­lar:
    • the Danish Money Laun­der­ing Act, according to which we are under an oblig­a­tion to obtain proof of identity as well as in­for­ma­tion about the purpose and expected scope of the customer re­la­tion­ship. The in­for­ma­tion obtained is used for instance to classify the Bank's customers according to risk. Fur­ther­more we are obliged to monitor financial trans­ac­tions with the aim of pre­venting money laun­der­ing and terrorist financing and to report relevant in­for­ma­tion to public au­thor­i­ties. We are obliged to identify whether you are a po­lit­i­cal­ly exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.
    • the Danish Tax Reporting Act, according to which we are obliged to disclose in­for­ma­tion to the Danish Customs and Tax Ad­min­is­tra­tion about your financial cir­cum­stances. If according to our in­for­ma­tion your country of tax residence is outside Denmark we are moreover obliged to report in­for­ma­tion subject to special rules to the Danish Customs and Tax Ad­min­is­tra­tion, which may in turn exchange the in­for­ma­tion with the tax au­thor­i­ties of other countries.
    • the Danish Credit Agree­men­ts Act, according to which we are obliged in some cases to obtain and process in­for­ma­tion about your income, assets and your dis­pos­able amount when you request a loan or credit facility from us. We do this to be able to assess whether you are in a position to repay the loan or credit facility.
    • the Danish Book­keep­ing Act, according to which we are obliged to register and store book­keep­ing records - eg in­for­ma­tion about entries on your account.
    • the Danish Act on Payments, which regulates how and on which con­di­tions we may process your payment in­for­ma­tion.
  • necessary to pursue a le­git­i­mate interest for the Bank, cf Article 6(1)(f) of the General Data Pro­tec­tion Reg­u­la­tion, eg to prevent misuse and loss, to strength­en IT and payment security or for direct marketing purposes after con­sid­er­ing your interests and the Bank's interests.

3. Dis­clo­sure and transfer of personal data

In order to fulfil agree­men­ts with you, eg if you have asked us to transfer an amount, we will pass on in­for­ma­tion necessary to identify you and carry out the agreement. In some instances we will be obliged to disclose in­for­ma­tion about your identity to the bank which is to receive the money, cf the reg­u­la­tion on in­for­ma­tion ac­com­pa­ny­ing transfers of funds.

Moreover we will disclose in­for­ma­tion about you to public au­thor­i­ties to the extent we are obliged to do so according to leg­is­la­tion, including to the Money Laun­der­ing Sec­re­tari­at of the Danish State Pros­e­cu­tor for Serious Economic and In­ter­na­tion­al Crime in ac­cor­dance with the Danish Money Laun­der­ing Act and to the Danish Customs and Tax Ad­min­is­tra­tion in ac­cor­dance with the Danish Tax Reporting Act. The Bank exchanges in­for­ma­tion with branches abroad in con­nec­tion with reporting to the Money Laun­der­ing Sec­re­tari­at.

In addition we exchange in­for­ma­tion within the group and with external business partners (including cor­re­spon­dent banks and other financial in­sti­tu­tions) if you have given your consent or if such dis­clo­sure is possible according to leg­is­la­tion, eg the Danish Financial Business Act or the Danish Money Laun­der­ing Act.

We are obliged to pass on in­for­ma­tion about you and your loan and credit issues to Danmarks Na­tion­al­bank and the Danish FSA in ac­cor­dance with the National Bank of Denmark Act and the Danish Financial Business Act for the purpose of mon­i­tor­ing financial stability.

If you are in breach of your oblig­a­tions to us we may report you to credit in­for­ma­tion agencies and/or warning lists in ac­cor­dance with the Danish Data Pro­tec­tion Act.

In con­nec­tion with IT de­vel­op­ment, hosting and support your personal data is trans­fer­red to data proces­sors, including data proces­sors in third countries outside the EU and EEA. We employ a number of legal mech­a­nis­ms, including standard contracts approved by the EU Com­mis­sion or the Danish Data Pro­tec­tion Agency, to ensure that your rights and the level of pro­tec­tion follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available at sydbank.dk.

How we process personal data at Sydbank - when you are con­sid­er­ing becoming a customer

1. Col­lec­tion and pro­cess­ing of personal data

Why do we process personal data about you?

Sydbank processes personal data about you because you have shown an interest in becoming a customer with us. We need in­for­ma­tion about you to assess the pos­si­bil­ity of es­tab­lish­ing a customer re­la­tion­ship with you and to give you relevant offers.

Which personal data do we process?

Depending on the type of products and services in which you have shown an interest, we collect and register various in­for­ma­tion about you:

  • Basic personal data, eg name, address, tax-related issues, cit­i­zen­ship, civil reg­is­tra­tion number and any CVR number
  • Financial in­for­ma­tion, eg account and custody account numbers with your current bank, income, debt and assets
  • In­for­ma­tion about your job, oc­cu­pa­tion and education
  • In­for­ma­tion about your household and your family
  • Purpose and expected scope of your customer re­la­tion­ship with the Bank
  • Copy of proof of identity, eg passport or driving licence
  • We register our com­mu­ni­ca­tions with you and we have set up video sur­veil­lance, including at entrances and ATMs.

If you do not provide us with the in­for­ma­tion requested we may be unable to provide you with advisory services or otherwise serve you. In some instances it may mean that we cannot establish a customer re­la­tion­ship with you. This could be the case for instance if the in­for­ma­tion is necessary according to leg­is­la­tion.

Sensitive in­for­ma­tion

As a rule Sydbank only collects and processes sensitive in­for­ma­tion about you if you have given your consent, cf Article 9(2)(a) of the General Data Pro­tec­tion Reg­u­la­tion. However if you provide us with material, eg an email or a budget con­tain­ing sensitive personal data about your health or your mem­ber­ship of a political party or a trade union, this will be con­sid­ered your ac­cep­tance that the Bank may store the in­for­ma­tion, for example in the budget you have submitted. The Bank will not use the in­for­ma­tion in other contexts.

In­for­ma­tion from third parties

We obtain in­for­ma­tion from the Danish Central Office of Civil Reg­is­tra­tion as well as other sources and records ac­ces­si­ble to the general public. In con­nec­tion with credit as­sess­men­ts we examine whether in­for­ma­tion has been reg­is­tered about you with credit in­for­ma­tion agencies and on warning lists. This in­for­ma­tion is updated regularly.

Storage of your data

We will store in­for­ma­tion you have given us for two years - even if you do not become a customer with us. We do this for instance to safeguard against fraud and to be able to provide doc­u­men­ta­tion of our cor­re­spon­dence and any consent to receive marketing com­mu­ni­ca­tions.

2. Our legal basis for pro­cess­ing your personal data

Sydbank will register and use your personal data where:

  • necessary in order for us to assess whether you can become a customer, cf Article 6(1)(b) of the General Data Pro­tec­tion Reg­u­la­tion
  • you have given consent to the pro­cess­ing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Pro­tec­tion Reg­u­la­tion
  • we are obliged to do so according to leg­is­la­tion, cf Article 6(1)(c) of the General Data Pro­tec­tion Reg­u­la­tion. In addition to the financial reg­u­la­tion in eg the Danish Financial Business Act, re­quire­men­ts exist under other leg­is­la­tion including in par­tic­u­lar:

the Danish Money Laun­der­ing Act, according to which we are under an oblig­a­tion to obtain proof of identity as well as in­for­ma­tion about the purpose and expected scope of the customer re­la­tion­ship. The in­for­ma­tion obtained is used for instance to classify the Bank's customers according to risk. We are obliged to identify whether you are a po­lit­i­cal­ly exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.

the Danish Credit Agree­men­ts Act, according to which we are obliged in some cases to obtain and process in­for­ma­tion about your income, assets and your dis­pos­able amount when you request a loan or credit facility from us. We do this to be able to assess whether you are in a position to repay the loan or credit facility.

necessary to pursue a le­git­i­mate interest for the Bank, cf Article 6(1)(f) of the General Data Pro­tec­tion Reg­u­la­tion, eg to prevent misuse and loss, to strength­en IT and payment security or for direct marketing purposes after con­sid­er­ing your interests and the Bank's interests.

3. Dis­clo­sure and transfer of personal data

In con­nec­tion with IT de­vel­op­ment, hosting and support your personal data is trans­fer­red to data proces­sors, including data proces­sors in third countries outside the EU and EEA. We employ a number of legal mech­a­nis­ms, including standard contracts approved by the EU Com­mis­sion or the Danish Data Pro­tec­tion Agency, to ensure that your rights and the level of pro­tec­tion follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available at sydbank.dk.

How we process personal data at Sydbank - when you have a con­nec­tion with a retail client

1. Col­lec­tion and pro­cess­ing of personal data

Why do we process personal data about you?

Sydbank processes personal data about you because you have a con­nec­tion with one of our retail clients or a potential customer, eg if you are a ben­e­fi­cia­ry, executor- /ad­min­is­tra­tor, guardian, hold a power of attorney, are a guarantor or a third-party chargor. We process in­for­ma­tion about you in order to comply with the statutory re­quire­men­ts imposed on us as a financial un­der­tak­ing, because the customer re­la­tion­ship requires us to do so and so that you can conduct trans­ac­tions in ac­cor­dance with the requests of our customer.

The purpose of pro­cess­ing personal data about you is to offer financial services and products of any kind to our customer and to com­mu­ni­cate with you and/or our customer in this regard.

Which personal data do we process?

Depending on your con­nec­tion with our customer we collect and register various in­for­ma­tion about you. We always register:

  • basic personal data, eg name, address, civil reg­is­tra­tion number and any CVR number
  • our com­mu­ni­ca­tions with you and we record certain con­ver­sa­tions, eg in con­nec­tion with in­vest­men­ts. We have set up video sur­veil­lance, including at entrances and ATMs.

Ad­di­tion­al personal data will be collected if you hold a power of attorney or you are a guardian:

  • In­for­ma­tion about the products and services you receive from us, eg e-banking or cards, and how you use them
  • In some instances copy of proof of identity, eg passport or driving licence, depending on the specific authority or guardian­ship.

Ad­di­tion­al personal data will be collected if you are a ben­e­fi­cia­ry or an executor/ad­min­is­tra­tor:

  • Copy of proof of identity, eg passport or driving licence.

Ad­di­tion­al personal data will be collected if you are a guarantor or a third-party chargor:

  • Copy of proof of identity, eg passport or driving licence
  • In­for­ma­tion about your job, oc­cu­pa­tion and education
  • Financial in­for­ma­tion, eg account and custody account numbers, income, debt and assets.

If you do not provide us with the in­for­ma­tion requested we may be unable to provide advisory services or otherwise serve you or our customer. This could be the case for instance if the in­for­ma­tion is necessary according to leg­is­la­tion.

Sensitive in­for­ma­tion

As a rule Sydbank only collects and processes sensitive in­for­ma­tion about you if you have given your consent, cf Article 9(2)(a) of the General Data Pro­tec­tion Reg­u­la­tion. However if you provide us with material, eg an email con­tain­ing sensitive personal data, this will be con­sid­ered your ac­cep­tance that we may store such in­for­ma­tion. The Bank will not use the in­for­ma­tion in other contexts.

In­for­ma­tion from third parties

If on the basis of a power of attorney or a guardian­ship you use credit cards or payment cards, e-banking or other payment services, we will obtain in­for­ma­tion from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank state­men­ts, payment overviews etc.

We obtain in­for­ma­tion from the Danish Central Office of Civil Reg­is­tra­tion as well as other sources and records ac­ces­si­ble to the general public. In con­nec­tion with credit as­sess­men­ts if you are a guarantor or a third­party chargor, we examine whether in­for­ma­tion has been reg­is­tered about you with credit in­for­ma­tion agencies and on warning lists. We will update the in­for­ma­tion regularly for as long as required by your con­nec­tion with our customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

In ac­cor­dance with the Danish Money Laun­der­ing Act, depending on your con­nec­tion with our customer, we will store in­for­ma­tion, documents and other relevant reg­is­tra­tions about you for at least five years after ter­mi­na­tion of the business re­la­tion­ship with the customer with whom you are connected.

Subject to request reg­is­tered com­mu­ni­ca­tions and recorded con­ver­sa­tions in ac­cor­dance with the MiFID rules (rules on in­vest­men­ts) are available to you for five years. In ex­cep­tion­al cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video record­ings are stored for no more than 30 days in ac­cor­dance with the Danish TV Sur­veil­lance Act.

2. Our legal basis for pro­cess­ing your personal data

Sydbank will register and use your personal data where:

  • necessary in order for us to fulfil agree­men­ts on products and services which we make available, cf Article 6(1)(b) of the General Data Pro­tec­tion Reg­u­la­tion
  • you have given consent to the pro­cess­ing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Pro­tec­tion Reg­u­la­tion
  • we are obliged to do so according to leg­is­la­tion, cf Article 6(1)(c) of the General Data Pro­tec­tion Reg­u­la­tion. In addition to the financial reg­u­la­tion in eg the Danish Financial Business Act, re­quire­men­ts exist under other leg­is­la­tion including in par­tic­u­lar:
    • the Danish Money Laun­der­ing Act, if you are a guarantor, third-party chargor, holder of a power of attorney, executor/ad­min­is­tra­tor, guardian or ben­e­fi­cia­ry: We are under an oblig­a­tion to obtain proof of identity from you and in general we are obliged to monitor financial trans­ac­tions with the aim of pre­venting money laun­der­ing and terrorist financing and to report relevant in­for­ma­tion to public au­thor­i­ties.
  • necessary to pursue a le­git­i­mate interest for the Bank, cf Article 6(1)(f) of the General Data Pro­tec­tion Reg­u­la­tion, eg to prevent misuse and loss, to strength­en IT and payment security or for direct marketing purposes after con­sid­er­ing your interests and the Bank's interests.

3. Dis­clo­sure and transfer of data

In order to fulfil agree­men­ts with you and our customer we will pass on in­for­ma­tion necessary to identify you and carry out the agreement.

Moreover we will disclose in­for­ma­tion about you to public au­thor­i­ties to the extent that we are obliged to do so according to leg­is­la­tion, including to the Money Laun­der­ing Sec­re­tari­at of the Danish State Pros­e­cu­tor for Serious Economic and In­ter­na­tion­al Crime in ac­cor­dance with the Danish Money Laun­der­ing Act. The Bank exchanges in­for­ma­tion with branches abroad in con­nec­tion with reporting to the Money Laun­der­ing Sec­re­tari­at.

In addition we exchange in­for­ma­tion within the group and with external business partners (including cor­re­spon­dent banks and other financial in­sti­tu­tions) if you have given your consent or if such dis­clo­sure is possible according to leg­is­la­tion, eg the Danish Financial Business Act or the Danish Money Laun­der­ing Act.

If you have provided security for a facility we may be obliged to disclose in­for­ma­tion about you to Danmarks Na­tion­al­bank and the Danish FSA in ac­cor­dance with the National Bank of Denmark Act and the Danish Financial Business Act for the purpose of mon­i­tor­ing financial stability.

In con­nec­tion with IT de­vel­op­ment, hosting and support your personal data is trans­fer­red to data proces­sors, including data proces­sors in third countries outside the EU and EEA. We employ a number of legal mech­a­nis­ms, including standard contracts approved by the EU Com­mis­sion or the Danish Data Pro­tec­tion Agency, to ensure that your rights and the level of pro­tec­tion follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available at sydbank.dk.

How we process personal data at Sydbank - when you have a con­nec­tion with a corporate client or an as­so­ci­a­tion

1. Col­lec­tion and pro­cess­ing of personal data

Why do we process personal data about you?

Sydbank processes personal data about you because you have a con­nec­tion with one of our as­so­ci­a­tion clients, corporate clients or a potential as­so­ci­a­tion client or corporate client, for instance if you are a ben­e­fi­ci­al owner (including if you take part in the day-to-day man­age­ment or are a board member of an as­so­ci­a­tion), executive manager, au­tho­rised signatory, guarantor, third-party chargor, holder of a power of attorney, contact person or because an agreement has been concluded between you and one of our corporate clients (eg a stock­broker or a lawyer). We process in­for­ma­tion about you in order to comply with the statutory re­quire­men­ts imposed on us as a financial un­der­tak­ing, because the customer re­la­tion­ship requires us to do so and/or so that you can conduct trans­ac­tions in ac­cor­dance with the requests of our customer.

The purpose of pro­cess­ing personal data about you is to offer financial services and products of any kind to our customer and to com­mu­ni­cate with you and/or our customer in this regard.

Which personal data do we register and use?

Depending on your con­nec­tion with our customer we collect and register various in­for­ma­tion about you. We always register:

  • basic personal data, eg name, address, civil reg­is­tra­tion number and any CVR number
  • our com­mu­ni­ca­tions with you and we record certain con­ver­sa­tions, eg in con­nec­tion with in­vest­men­ts. We have set up video sur­veil­lance, including at entrances and ATMs.

Ad­di­tion­al personal data will be collected if you hold a power of attorney:

  • In­for­ma­tion about the products and services you receive from us, eg e-banking or cards, and how you use them
  • In some instances copy of proof of identity, eg passport or driving licence, depending on the specific authority.

Ad­di­tion­al personal data will be collected if you are a ben­e­fi­ci­al owner (including if you take part in the day-today man­age­ment or are a board member of an as­so­ci­a­tion):

  • In­for­ma­tion about cit­i­zen­ship and copy of proof of identity, eg passport or driving licence.

Ad­di­tion­al personal data will be collected if you are a guarantor or a third-party chargor:

  • Copy of proof of identity, eg passport or driving licence
  • In­for­ma­tion about your job, oc­cu­pa­tion and education
  • Financial in­for­ma­tion, eg account and custody account numbers, income, debt and assets.

If you do not wish to provide us with the in­for­ma­tion requested or if we assess that the in­for­ma­tion is in­suf­fi­cient, we may be unable to provide advisory services or otherwise serve you or our customer. This could be the case for instance if the in­for­ma­tion is necessary according to leg­is­la­tion. In some cases it may mean that we are unable to establish a customer re­la­tion­ship with the corporate client with whom you have a con­nec­tion or that the customer re­la­tion­ship must be ter­mi­nated.

Sensitive in­for­ma­tion

As a rule Sydbank only collects and processes sensitive in­for­ma­tion about you if you have given your consent, cf Article 9(2)(a) of the General Data Pro­tec­tion Reg­u­la­tion. However if you provide us with material, eg an email con­tain­ing sensitive personal data, this will be con­sid­ered your ac­cep­tance that we may store such in­for­ma­tion. The Bank will not use the in­for­ma­tion in other contexts.

In­for­ma­tion from third parties

If on the basis of a power of attorney you use credit cards or payment cards, e-banking or other payment services, we will obtain in­for­ma­tion from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank state­men­ts, payment overviews etc.

The Bank obtains in­for­ma­tion from the Danish Central Office of Civil Reg­is­tra­tion as well as other sources and records ac­ces­si­ble to the general public. In con­nec­tion with credit as­sess­men­ts if you are a guarantor or a third-party chargor, we examine whether in­for­ma­tion has been reg­is­tered about you with credit in­for­ma­tion agencies and on warning lists. We will update the in­for­ma­tion regularly for as long as required by your con­nec­tion with our customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

In ac­cor­dance with the Danish Money Laun­der­ing Act, depending on your con­nec­tion with our customer, we will store in­for­ma­tion, documents and other relevant reg­is­tra­tions about you for at least five years after ter­mi­na­tion of the business re­la­tion­ship with the customer with whom you are connected.

Subject to request reg­is­tered com­mu­ni­ca­tions and recorded con­ver­sa­tions in ac­cor­dance with the MiFID rules (rules on in­vest­men­ts) are available to you for five years. In ex­cep­tion­al cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video record­ings are stored for no more than 30 days in ac­cor­dance with the Danish TV Sur­veil­lance Act.

2. Our legal basis for pro­cess­ing your personal data

Sydbank processes personal data about you where:

  • you have given your consent, cf Article 6(1)(a) of the General Data Pro­tec­tion Reg­u­la­tion
  • necessary in order for us to fulfil agree­men­ts on products and services which we make available, cf Article 6(1)(b) of the General Data Pro­tec­tion Reg­u­la­tion
  • we are obliged to do so according to leg­is­la­tion, cf Article 6(1)(c) of the General Data Pro­tec­tion Reg­u­la­tion. In addition to the financial reg­u­la­tion in eg the Danish Financial Business Act, re­quire­men­ts exist under other leg­is­la­tion including in par­tic­u­lar:
    • the Danish Money Laun­der­ing Act, if you are a guarantor, third-party chargor, holder of a power of attorney or a ben­e­fi­ci­al owner: We are under an oblig­a­tion to obtain proof of identity from you and in general we are obliged to monitor financial trans­ac­tions with the aim of pre­venting money laun­der­ing and terrorist financing and to report relevant in­for­ma­tion to public au­thor­i­ties. If you are a ben­e­fi­ci­al owner we are moreover obliged to identify whether you are a po­lit­i­cal­ly exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.
  • necessary to pursue a le­git­i­mate interest for the Bank, cf Article 6(1)(f) of the General Data Pro­tec­tion Reg­u­la­tion, eg to prevent misuse and loss, to strength­en IT and payment security or for direct marketing purposes after con­sid­er­ing your interests and the Bank's interests

3. Dis­clo­sure and transfer of data

We will disclose in­for­ma­tion about you to public au­thor­i­ties to the extent that we are obliged to do so according to leg­is­la­tion, including to the Money Laun­der­ing Sec­re­tari­at of the Danish State Pros­e­cu­tor for Serious Economic and In­ter­na­tion­al Crime in ac­cor­dance with the Danish Money Laun­der­ing Act. The Bank exchanges in­for­ma­tion with branches abroad in con­nec­tion with reporting to the Money Laun­der­ing Sec­re­tari­at.

In addition we exchange in­for­ma­tion within the group and with external business partners (including cor­re­spon­dent banks and other financial in­sti­tu­tions) if you have given your consent or if such dis­clo­sure is possible according to leg­is­la­tion, eg the Danish Financial Business Act or the Danish Money Laun­der­ing Act.

If you have provided security for a facility we may be obliged to disclose in­for­ma­tion about you to Danmarks Na­tion­al­bank and the Danish FSA in ac­cor­dance with the National Bank of Denmark Act and the Danish Financial Business Act for the purpose of mon­i­tor­ing financial stability

In con­nec­tion with IT de­vel­op­ment, hosting and support your personal data is trans­fer­red to data proces­sors, including data proces­sors in third countries outside the EU and EEA. We employ a number of legal mech­a­nis­ms, including standard contracts approved by the EU Com­mis­sion or the Danish Data Pro­tec­tion Agency, to ensure that your rights and the level of pro­tec­tion follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available at sydbank.dk.

Your rights

1. The Bank's duty of con­fi­den­tial­ity and your access to in­for­ma­tion

The Bank's employees are under a duty of con­fi­den­tial­ity and are not allowed to disclose in­for­ma­tion which has come to their knowledge in the course of their em­ploy­ment with the Bank unless au­tho­rised to do so.

You are entitled to know which data the Bank processes about you, where it derives from and for which purpose it is used. Moreover you have the right to be informed of how long we store your data and who receives in­for­ma­tion about you. However access to such in­for­ma­tion may be limited by leg­is­la­tion. For instance you cannot obtain in­for­ma­tion as to whether and which in­for­ma­tion we have reg­is­tered in con­nec­tion with the in­ves­ti­ga­tions we are obliged to make according to the Danish Money Laun­der­ing Act. Nor can you obtain in­for­ma­tion as to whether we have notified the Money Laun­der­ing Sec­re­tari­at of the Danish State Pros­e­cu­tor for Serious Economic and In­ter­na­tion­al Crime or which in­for­ma­tion we have disclosed to the Money Laun­der­ing Sec­re­tari­at in the event of suspicion of money laun­der­ing or terrorist financing.

Fur­ther­more your access may be limited in order to protect other persons' privacy and the Bank's business foun­da­tion, business pro­ce­dures, know-how, business secrets, internal as­sess­men­ts and material.

2. Profiling and automated decision-making

In certain cases the Bank carries out an automated eval­u­a­tion of your personal data, eg to analyse your financial cir­cum­stances or pref­er­ences. We do this for instance when preparing a statutory credit rating or in­vest­ment profile or with the aim of targeting our marketing to you.

The Bank makes use of automated decision-making to a limited extent. If decision-making is automated you will be informed of this in advance.

3. Right to object to pro­cess­ing

Under certain cir­cum­stances you are entitled to object to our otherwise legal pro­cess­ing of your personal data. This is, among other things, the case when the pro­cess­ing takes place on the basis of our le­git­i­mate interest.

You are always entitled to object to our use of your personal data in con­nec­tion with direct marketing purposes, including profiling related to such purpose.

4. Right to have your data corrected or deleted

If the data that the Bank has reg­is­tered about you is incorrect, in­com­plete or ir­rel­e­vant, you are entitled to have the data corrected or deleted subject to the re­stric­tions ensuing from leg­is­la­tion or other legal basis. If we have disclosed incorrect data about you we will make sure that it is corrected.

5. Lim­i­ta­tions to data pro­cess­ing

In certain cases you are entitled to have the pro­cess­ing of your personal data limited. If you are entitled to limited pro­cess­ing, in future we may only process the data - except for storage - subject to your consent. We may also process your data with a view to making it possible to establish, enforce or defend a legal claim or to protect a person or important public interests.

6. You may withdraw your consent

You may at any time revoke your consent to the Bank's pro­cess­ing of your personal data by con­tact­ing the Bank. Please note however that we may not be able to offer you our products or services. Even if you have revoked your consent you should be aware that in certain cases we may still process your data, for instance where it is necessary to carry out an agreement concluded with you or where we are required to do so according to leg­is­la­tion.

7. Right to receive your data (data porta­bil­ity)

If the Bank processes in­for­ma­tion on the basis of your consent or due to an agreement you may be entitled to receive the in­for­ma­tion you provided in an elec­tron­ic format.

8. Data Pro­tec­tion Officer and com­plain­ts

If you have any questions, you may contact the Bank's Data Pro­tec­tion Officer (DPO) at dpo@sydbank.dk.

If you are not satisfied with our pro­cess­ing of your personal data, you may file a complaint with the Bank. In addition you can file a complaint with the Danish Data Pro­tec­tion Agency, Carl Jacobsens Vej 35, 2500 Valby, Denmark, or via its website datatil­synet.dk.

9. Contact details for data con­troller

Sydbank
Peberlyk 4
6200 Aabenraa
Denmark
CVR No 12626509
sydbank.dk
info@sydbank.dk

Trans­la­tion

The above is a trans­la­tion of the Danish "In­for­ma­tion om be­han­dling af dine per­son­o­plysninger i Sydbank". In case of doubt the Danish original applies.