Information on the processing of personal data at Jyske Bank
General duty of disclosure
Before Jyske acts as a data controller, you must according to the General Data Protection Regulation be informed about how and when the bank collects, processes and/or discloses your personal data.
Personal data submitted through this website
At our website, we offer a number of services that presuppose that you enter specific personal data in a webform (such as your address, civil registration number (CPR) or email address).
When processing such data, confidentiality is ensured in accordance with the Danish Financial Business Act, the General Data Protection Regulation, the recommended guidelines of the Danish Data Protection Agency and Dealing with Jyske Bank - General Terms and Conditions.
The data are used exclusively to comply with your enquiries and requests and to offer the best possible service to you as a client and a user. You can rest assured that we will not ask you for more information than required for the particular purpose.
Processing of personal data when you receive news emails or messages from ‘mailservice’
We only send news emails to you if you have subscribe to these and therefore consented to our contacting you. You can at any time unsubscribe to such emails by clicking a link in the email. The data that we process in relation to you are your name and your email address. In addition, we receive information of whether you have opened our email, your IP address and whether you have clicked links in the email.
If you unsubscribe, we will delete such data immediately after you have unsubscribed to our emails. For additional information about our processing of personal data, please see below.
Processing of personal data at Jyske Bank
1. Collection and processing of data
To enable the bank to provide its services to you, we need your name, address, civil registration number (CPR) and possibly business registration number (CVR), and you must provide information about your tax situation. You must provide documentation of the information given by showing your passport or other documentation with photo and CPR number.
In addition, you must provide information about the purpose and the expected scope of your client relationship with the Bank.
Providing the Bank with data is optional for you. If you decide not to provide such information, the Bank may be unable to provide advisory services to you or otherwise serve you.
Generally, the bank does not collect and process sensitive personal data about you. However, if you have yourself provided us with material containing sensitive personal data - for instance, data stated in an email or a budget relating to your health situation or membership of a certain political party or union - we will consider this your acceptance that the bank may store such data. The bank will not, however, use such data in other contexts.
The bank collects information for the purpose of offering all kinds of financial services, including payments, advisory services, client administration, client relationship management, credit rating, internal risk management, marketing and fulfilment of obligations in accordance with legislation.
If you use credit or payment cards, Netbank or other kinds of payment services, the Bank will obtain information from you, shops, financial institutions and others. We do this in order to execute and adjust payments and prepare bank statements, payment overviews, etc.
The Bank will obtain information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessment, we will enquire whether you are registered at credit information agencies or included on warning lists. The Bank updates the information on an ongoing basis.
We register communication with you and record certain telephone conversations, for instance regarding investment. We have also established video monitoring, for instance at client entrances and ATMs.
According to the Danish legislation on measures to prevent money laundering and financing of terrorism, we are obliged to investigate the background behind and the purpose of all complex and unusual transactions and activities and to register the results of these investigations.
The bank will exchange data with Jyske Bank group companies through reports to the Danish State Prosecutor for Serious Economic and International Crime according to the Danish legislation on measures to prevent money laundering and financing of terrorism.
Moreover, we obtain information about you from our group companies and business partners (including correspondent banks and other financial institutions), in the instances when consent has been given or in accordance with the law.
We store this information as long as it is necessary in relation to the purposes that were the reason behind the collection, processing and storing of your data.
According to the Danish legislation on measures to prevent money laundering and financing of terrorism, we will store information, documents and other relevant registrations for at least five years after the termination of the business relations or the completion of the individual transaction. Recorded communications and telephone conversations (voice logs) according to the MiFID rules are accessible for you for at least five years if you contact the Bank in this regard. Generally, video recordings will be stored for no more than 30 days.
We store data, you have provided us with in order to establish a client relationship, for a period of at least two years as from time to time when we establish you as a potential client - also even though the client relationship is not established. We do this, among other things, in order to protect us against fraud and to be able to document consent to receive marketing material.
2. Basis for data processing
The legal framework for the processing by Jyske Bank is the financial regulation and other legislation, including
- The Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism
- The Danish Tax Control Act
- The Danish Bookkeeping Act
- The Danish Credit Agreements Act
- The Danish Act on Payments (Lov om betalinger)
- The Danish Data Protection Act
Moreover, the bank will process your information if necessary due to an agreement you have entered into or consider entering into with the bank or if you have given your consent, cf. Article 6(1), paragraphs a and b of the General Data Protection Regulation or if one of the other rules on the processing of data of Article 6(1) and Article 9 of the General Data Protection Regulation apply.
The bank will process your information when necessary to pursue a legitimate interest of the bank. This may, for instance, be for the protection against unauthorised use and loss, for the strengthening of IT and payment security and for direct marketing purposes.
3. Disclosure and transfer of data
In order to fulfil agreements with you, for instance if you have asked us to transfer an amount to others, then we will disclose the information about you that is necessary to identify you and implement the agreement.
The bank will also disclose information about you to public authorities to the extent we are obliged to do so according to the law, including the Money Laundering Secretariat at the Danish State Prosecutor for Serious Economic and International Crime according to the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism, and to the Danish Customs and Tax Administration (SKAT) in accordance with the Danish Tax Control Act.
In addition, the bank discloses information internally in the Group and to external business partners (including correspondent banks and other financial institutions) if you have consented to this or if such disclosure is possible according to legislation.
If you are in breach of your obligations to the Bank, the Bank may report you to credit information agencies and/or warning lists according to the rules in force.
In connection with IT development, hosting and support personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. A list of such non-EU and non-EEA countries is available on jyskebank.dk. We use a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency to ensure that your rights and protection level follow your data.
4. The Bank’s duty of confidentiality and your right of access to information
The Bank’s employees are under a duty of confidentiality and are not allowed to disclose information which has come to their knowledge in the course of their employment with the Bank unless authorised to do so.
You are entitled to know which data the bank processes about you where it derives from and for which purpose it is used. Also, you can be informed of how long we store your data and the recipients of your data.
However, access to such information can be limited by legislation. For instance, you cannot obtain information as to whether we have registered any information and, if so, which information, in connection with the investigations we are obliged to make according to legislation on money laundering. Also, you cannot obtain information as to whether we inform the Danish State Prosecutor for Serious Economic and International Crime or which information, we disclose to the Danish State Prosecutor for Serious Economic and International Crime in case of suspicion of money laundering or financing of terrorism.
Such limitation may also be imposed in order to protect other persons' personal life and the bank's business foundation and business procedures; and also the bank's know-how, business secrets and internal assessments and material may be exempted from the right of access to data.
5. Profiling and automatic decisions
In certain cases, the bank will carry out an automatic assessment of your personal data, for instance, to analyse your financial situation or your preferences. We do this, for instance, if we must prepare a statutory credit rating (credit score) or investment profile and with a view to targeting our marketing to you. The bank does not use automatic decisions.
6. Right to have your data corrected or deleted
If the information that the bank has registered about you is incorrect, incomplete or irrelevant, you are entitled to a correction or deletion of the data subject to the restrictions ensuing from legislation or other legal basis.
If the Bank has given other erroneous information, we will make sure that the information is corrected.
7. Limitations to data processing
If you contest the correctness of the information that the bank has registered about you or if you have, according to Article 21 of the Danish General Data Protection Regulation, objected to the processing of the information, you may demand that the bank limits the processing of such information for storage. The processing is exclusively limited to storage until the correctness of the information can be ascertained or it can be controlled whether the legitimate interests of the bank are prioritised higher than your interests.
If you have a right to have the information deleted that the bank has registered about you, you can instead request the bank to limit the processing of such information for storage.
If the processing of the information that the bank has registered about you is necessary solely to assert a legal claim, you may also demand that other processing of this information is limited to storage. The bank may apply other processing procedures if it is necessary to assert a legal claim or if you consent in this respect.
8. You can withdraw your consent
Permission to disclose information that requires your consent may at any time be terminated when you withdraw your consent.
9. Right to receive your data (data portability)
If the bank processes information on the basis of your consent or due to an agreement, you are entitled to have the information you delivered to us handed out in an electronic format.
10. Complaint about the bank's processing of data
If you are dissatisfied with the way we handle your personal data, you may file a complaint with the bank. You may also file a complaint with the Danish Data Protection Agency, (Datatilsynet), Borgergade 28, 5th floor, DK-1300 Copenhagen K or firstname.lastname@example.org.
Contact details on data controller and data protection compliance officer
The data controller is:
Jyske Bank A/S
Business Reg. No. 17 61 66 17
Tel.:+45 89 89 89 89
Jyske Bank's data protection compliance officer (DPO) can be contacted at DPO@jyskebank.dk