Processing of personal data
Nykredit Bank will process your personal data in connection with our banking operations and financial service offerings of all kinds. In the following, you will find information about the kind of personal data we process about you, what we use personal data for and how we protect your personal data. You will also find information about your rights in respect of our processing of your personal data.
1. Purpose of processing your personal data
Nykredit Bank collects personal data on existing and future customers. Nykredit Bank also collects personal data on persons related to our customers, such as staff, chargors and guarantors, and on persons who are in contact with Nykredit Bank in connection with single services or other matters.
Nykredit Bank processes your personal data for the purpose of offering you advice in connection with financial services of all kinds as well as any related advisory services, customer care, administration, credit assessment.
We therefore process your personal data in connection with our provision of financial services and products, including:
- payment services
- payment accounts
- loans and credit facilities
- digital banking solutions
- investment services and advice
- pension plans and advice
- administration of trust funds by authorised administrator
We also process your personal data for the purpose of optimising Nykredit Bank's internal processes, products and services, including for system testing.
We need specific personal data about you when you become a customer with Nykredit Bank and while being customer. If you wish to borrow money, we will, for example, need your civil registration (CPR) no and information about your financial position, including tax assessment notices from the Danish tax authorities, financial statements and budgets.
Whenever you use a debit or a credit card, we register the card number, the transaction amount and the time and place of use.
We use personal data for statistical and marketing purposes and in connection with competitions in which you have opted to participate. We also process personal data about you when you participate in functions, events or the like. Moreover, we use personal data for profiling and data modelling for the purpose of being able to offer you services and products that meet your preferences.
Nykredit Bank also processes your personal data for the prevention of misuse and loss, when filing statutory reports and to meet statutory requirements. In this connection, you are required by law to share your personal data with us.
We use your CPR no when filing statutory reports with the tax authorities. If you reside abroad, we also need information about your home country and foreign tax identification number.
The Danish Anti-Money Laundering Act ("AML Act") prescribes that we must have good knowledge of our customers and their business with us, and for this purpose we carry out a number of customer due diligence procedures when onboarding customers and on a regular basis during the customer relationship.
This entails that we must obtain proof of and check your identity, and you are therefore obliged to provide documentation for your name and CPR no using, for example, your passport, driver's licence or other official document, such as your national health insurance card. If you are a business customer, we will collect information about the legal structure, controlling owners, management, beneficial owners of the business as well as signatory rules of the undertaking. As with personal customers, we also require obtain proof of and check the identity of the beneficial owners of the undertaking. Anyone with access to your accounts, including joint account holders/agents, must supply the same details and documentation.
Nykredit Bank is also required to know the purposes and intended nature of your relationship with us, ie how you use your Nykredit products. This entails that, in some instances, we must also collect information about the origins of your funds and assets. We will also obtain information about you, the beneficial owners and politically exposed persons and their relatives from international data providers and other sources available to the public. Information will, for example, be collected via Internet searches when such searches are justified by a risk assessment and when it is in accordance with the guidelines of the Danish FSA.
Personal data collected with the sole purpose of complying with the rules of the AML Act are only used for the prevention of money laundering and terrorist financing.
Nykredit Bank sometimes records our telephone and video conversations with you together with other electronic communication as proof of what we have agreed and proof that we have offered you proper advice on fixed-price agreements, for example.We record and keep records of all telephone conversations and electronic communication which will or may result in a securities transaction.
Nykredit Bank uses television surveillance for the prevention and solution of crime and for enhanced security. Nykredit Bank uses television surveillance around our office buildings, at entrance doors of buildings, in reception and customer service areas and at ATMs and cashiers desks.
2. Data received from others – about you
In addition to the personal data Nykredit Bank receives from you, we collect property and personal data from public property and civil registers, including the Danish Civil Registration System and other sources and registers available to the public.
We also receive personal data about you from companies in the Nykredit Group and other business partners (including banks and other correspondents operating as a foreign financial undertaking cooperating with a financial undertaking based in Denmark on international credit and payment handling) subject to your prior consent or if we are required to do so by law.
In connection with payment handling, such as the execution of payment orders, Nykredit Bank collects regular personal data from points of sale, banks and others for the purpose of completing payments and preparing bank statements, pre-notification statements and the like.
When you wish to borrow money, we will search for any data recorded about you in bad debtor and credit default registers, including international data providers and other publicly available resources, and, subject to your prior consent, by Group companies and business partners.
We receive data from Nykredit Group companies when they file reports with the Money Laundering Secretariat under the State Prosecutor for Serious Economic and International Crime in accordance with the AML Act.
3. Basis of processing your personal data
Nykredit Bank processes your personal data when:
- you have entered into or contemplate entering into an agreement with Nykredit Bank, cf Article 6(1)(b) of the General Data Protection Regulation ("GDPR").
- we are bound by a legal obligation to do so, cf Article 6(1)(c) of the GDPR, or if prescribed by law, cf section 11(2)(1) of the Danish Data Protection Act, in pursuance of, for example, anti-money laundering legislation, the Danish Tax Control Act, the Danish Bookkeeping Act, the Danish Credit Agreements Act, the Danish Act on Payments, the Danish Financial Business Act or the Danish Data Protection Act.
- it is necessary for us in order to pursue a legitimate interest, cf Article 6(1)(f) of the GDPR. Legitimate interests pursued by us include our interest in preventing and solving crime, our marketing interest and our interest in targeting the material we send out as well as our interest in optimising our internal processes, products and services such that we can offer you the best possible advice. You are entitled at all times to object to this processing of your personal data. For more information about our considerations with respect to our legitimate interests, please contact us.
- you have given us consent to process your personal data, cf Article 6(1)(a) of the GDPR.
Nykredit Bank is entitled to process sensitive personal data about you if authorised to do so under Articles 6(1) and 9(2) of the GDPR and section 7 of the Danish Data Protection Act if, for example, processing is required to establish, assert or defend a legal claim.
We are also entitled to process other personal data if necessary for the purpose of delivering specific product or services to you or if required by law.
4. Third parties with whom we share your personal data
We process your personal data with confidentiality, and generally, we do not disclose personal data to third parties.
Data are only disclosed to other commercial banks, pension companies, mortgage banks, payees, APIs and other financial infrastructure businesses, such as Nets, if required for the purpose of fulfilling our agreement with you on, for instance, advisory services, case processing and payment handling. If, for example, you have asked us to transfer an amount to someone, we will only disclose the personal data needed to identify you and complete the transfer.
In events where you have granted us permission according to which:
- Nykredit Forsikring (Gjensidige Forsikring) may contact you with an insurance offer
- Nærpension and AP Pension may contact you with a pension offer
- Nybolig and Estate may contact you about a house sale or purchase,
we will disclose any such personal data on you as may be necessary in order for others to be able to contact you about your needs and requirements.
Subject to your consent or if possible under applicable legislation, we also disclose personal data internally within the Nykredit Group and to Nykredit Bank's external business partners, including banks and other correspondents.
Nykredit Bank only discloses your personal data to public authorities if we are required to do so by law. These include:
- The Danish FSA in accordance with the Danish Financial Business Act
- The Danish tax authorities in accordance with the Danish Tax Control Act
- Danmarks Nationalbank for statistical and other purposes
- the courts for legal proceedings
- the State Prosecutor for Serious Economic and International Crime in accordance with the AML Act.
If Nykredit Bank knows, suspects or has reasonable grounds for assuming that transactions, funds or activities are or have been related to money laundering or terrorist financing, Nykredit Bank is under an obligation to report this to the authorities, for example.
We make international transfers of money via SWIFT, which is a collaboration between financial institutions worldwide. Under US legislation, SWIFT is obliged to disclose data to the US authorities on international money transfers in the event of suspicion of money laundering or financing of criminal or terrorist activities.
In case of default, Nykredit Bank may disclose your personal data to bad debtor registers, debt collection agencies and credit default registers, including Experian A/S (formerly RKI Kredit Information A/S).
Television surveillance footage will only be passed on in accordance with the rules set out in the Danish Act on Television Surveillance.
We will transfer personal data to data processors in connection with Nykredit Bank's business operations, including in the context of IT development, hosting and support. Nykredit Bank's key data processors are JN Data A/S and BEC (Bankernes EDB Central) a.m.b.a.
We will also transfer personal data to processors in countries outside the EU and the EEA in connection with Nykredit Bank's business operations, including in connection with IT development, hosting and support. We ensure that your personal data are protected by way, for example, of standard contracts approved by the EU Commission or the Danish Data Protection Agency or by way of binding corporate rules, cf Article 46(2) or Article 47 of the GDPR. This is to ensure that your rights and the level of protection follow your personal data. For a copy of these standard contracts, please contact us. Moreover, we can, if, for instance, you have asked us to transfer an amount to a third party in a third country, transfer the personal data to such third party if necessary for payment purposes, cf Article 49(1) of the GDPR.
We store your personal data as long as they are required for the purposes for which they were collected, processed and stored.
Nykredit Bank must comply with the storage requirements set out in financial legislation, including the Act on Payments, the AML Act, the Capital Markets Act, the Credit Agreement Act, the Capital Requirements Regulation and other relevant legislation, such as the Tax Control Act and the Bookkeeping Act. Consequently, we may be obliged to store your personal data for a certain period of time, even though you are no longer a customer of ours.
For example, the AML Act requires that we store your personal data for five years after termination of our customer relationship if the data were obtained for the purpose of complying with the anti-money laundering rules. Furthermore, Nykredit Bank is obliged to store data collected in accordance with the AML Act, including copies of the proofs of identity. Nykredit Bank must also store other data, documents and recordings collected or made to comply with the rules of the AML Act.
Television surveillance footage will be deleted according to the Danish Act on Television Surveillance no later than 30 days from when the footage was recorded.
6. Your rights
6.1. Right of access
You are entitled to get access to the personal data we process about you and to obtain information about their origin, how long we store them and what we use them for. You can also obtain information about who receives your personal data and which personal data we are entitled – subject to your consent – to disclose when and to whom. Your right of access may, however, be restricted by legislation and by our need to protect the privacy of other persons or Nykredit Bank's business concept or practice. Also, Nykredit Bank's know-how, trade secrets as well as internal assessments and material may be exempt from your right of access. You can access your personal data here.
6.2. Automated decision-making, including profiling
Automated decision-making means that a decision is made solely with the use of IT systems. When we use IT systems, including in connection with profiling, they are subject to regulation under Article 22 of the GDPR. You can learn more about how decisions involving you have been made and about the consequences of processing, and you may opt for manual processing of an automated decision.
6.3. Data portability
If Nykredit Bank processes personal data on the basis of your consent or further to agreement, and where such processing is automated, you are entitled to receive the data you have given us in electronic format. You can order a list of your personal data here.
6.4. Inaccurate/misleading personal data
If you inform Nykredit Bank that your personal data are inaccurate or misleading, we will correct them.
6.5. Erasure of personal data
In special circumstances, you have a right to request erasure of your personal data. Your may do so if personal data are no longer required for the purposes for which they were collected, processed and stored. You can apply for erasure of your personal data here.
6.6. Right of objection
In certain cases, you are entitled to object to our otherwise lawful processing of your personal data. You are at all times entitled to object to our use of your personal data for direct marketing.
6.7. Restricted processing
In certain cases, you may demand that we restrict the use of your personal data to storage.If, for example, you are entitled to have your personal data erased, you may instead request that we restrict the use of your personal data to storage. Please note that such a restriction will not prevent Nykredit Bank from using your personal data if necessary for the purpose of asserting a legal claim or if you have given your consent to such use.
6.8. Withdrawal of consent
You may revoke your consent to Nykredit Bank at any time. For example, you can at any time stop the disclosure of personal data that are subject to your consent by withdrawing the consent you have given us. If you withdraw your consent, we may not know the full extent of your business with the Nykredit Group and may therefore not be able to offer you optimum advisory services or the best terms.
If you choose to withdraw your consent, it will not affect the lawfulness of our processing of your personal data based on your previous consent and up to the time of withdrawal. If you withdraw your consent, the withdrawal will take effect as from the time of withdrawal.
7. Specifically on cookies
When you visit Nykredit online, you will encounter cookies.
7.1. What is a cookie?
A cookie is a text file placed on your computer or another IT device. This will allow recognition of your computer or logging of data on which Nykredit websites and features you visit with your browser – but not on who you are, what your name is, where you live or whether the computer is being used by one or more persons. A cookie cannot spread computer viruses or other malware.
Cookies are used on almost all websites, and some websites will not work without cookies.
- Measuring traffic
- Advertising management, so that we can control how often the same advertisement is shown to the same user and register how many people click the advertisement
- Behaviour-based individual targeting of advertisements, so that you only see the advertisements we believe to be of most relevance to you
Nykredit uses Adtech, Dansk Udgivernetværk, nugg.ad, OpenAdExchange and other networks in connection with advertising. You can find a list of advertising networks here: nykredit.dk/personoplysninger.
The data we obtain about you via cookies include:
- Which webpage you visited before you visited Nykredit
- Which Nykredit webpages you have browsed and when
- Which browser you are using
- Your IP address
- Your operating system (eg Windows XP).
7.3. Acceptance, rejection and deletion of cookies
We do, however, save a cookie to remember your choice.
You can withdraw your acceptance at any time or avoid cookies entirely by disabling them in your browser. Please note that if you withdraw your acceptance, your access to nykredit.dk and mitnykredit.dk will be limited.
You can always rejects cookies on your computer by changing your browser settings. The location of your settings depends on the browser you use. However, please note that if you reject cookies, you will be unable to use many functionalities and services as they work only if the website can remember your clicks.
All browsers permit you to delete cookies individually or en bloc; however, the method used depends on your browser. If you are using several browsers, you must delete cookies in them all. Most browsers allow you to delete your cookies by using the shortcut keys: CTRL+SHIFT+Delete.
Guides on how to delete cookies in:
- Internet Explorer
- Mozilla Firefox
- Flash cookies (All browsers)
- iPhone, iPad and other Apple devices
- Smartphones with Android operating system
- Smartphones with Windows 7
7.4. Facebook, Twitter and LinkedIn (third-party cookies)
On some of our websites, you can link to/use the Like button for Facebook, Twitter and LinkedIn. Please note that if you do so, Facebook, Twitter and LinkedIn will receive technical data on your browser, IP address and the websites you visit. When you use these services/websites, their cookie rules apply.
For further information about cookies and the legal basis for using them, see the Executive Order on Information and Consent Required in Case of Storing or Accessing Information in End-User Terminal Equipment at the website of the Danish Business Authority (erhvervsstyrelsen.dk).
8. Data controller and contact information
The legal entity responsible for processing your personal data is Nykredit Bank A/S, Kalvebod Brygge 1-3, DK-1780 Copenhagen V and CVR no 10519608.
If you have any questions about the way we process your personal data or wish to withdraw your consent or exercise your rights, do not hesitate to contact:
Nykredit Bank A/S
Kalvebod Brygge 1-3
DK-1780 Copenhagen V
CVR no 10519608
Tel +45 70 10 90 00
or contact our Data Protection Officer:
Kalvebod Brygge 1-3
DK-1780 Copenhagen V
9. How to file a complaint
If you are dissatisfied with the way we process your personal data, you can file a complaint with:
Nykredit Bank A/S
Kalvebod Brygge 1-3
DK-1780 Copenhagen V
The Danish Data Protection Agency
Borgergade 28, 5.
DK-1300 Copenhagen K
Tel +45 33 19 32 00
10. Updating of this information
Nykredit Bank regularly updates the information included herein on our processing of personal data. This information will take effect as from 28 January 2020 and replaces any information on the processing of personal data that you received previously.
We will inform you via Nykredit's online banking service, e-Boks or ordinary post if we make any significant changes to this information.