DNB will use your personal data to meet its obligations when executing orders for you and according to service agreements with you, and in connection with customer administration and invoicing.
When entering into agreements with you and during the term of such agreements, DNB will register information about you and other persons involved in the contractual relationship, e.g. authorised users. DNB will also register information about individuals with whom it has declined to enter into agreements as a basis for informing the individuals that their application was declined and to be able to document the circumstances later on, if necessary.
The financial institutions in the DNB Group are entitled to share neutral information about you among them and use it for marketing purposes without obtaining your consent, within the limits set by the Norwegian Marketing Act. Such information includes name, contact details, date of birth, and the services and/or products you have subscribed to. The Group’s investment firm, DNB Markets, and asset management firm, DNB Asset Management, are subject to strict confidentiality rules that limit the extent to which personal data can be shared between these entities and the bank.
DNB is entitled to process personal data for marketing purposes when this is necessary to pursue a legitimate interest that overrides your right to protection of personal privacy. Your consent is required for the marketing of products and services in categories other than those you have agreed with DNB if this involves using other than neutral customer data.
Marketing using customer matching
As our customer, we want to provide you with relevant information and marketing on social media platforms and websites. To do so, the various platforms must recognise you. Using the contact information you have provided us, external platforms can match you with the information you have provided them. Once the link is made, you may receive messages and information that we assume will be of interest. For example, we can show you marketing information related to home mortgages if we assume that you are interested in a home mortgage, or possibly not show ads for a home mortgage if you already have a loan from DNB.
Email addresses and phone numbers are the most common contact information used in this type of matching, but name, city, postal code, county, country, age, mobile advertiser ID, mobile device ID and uid (app ID) may also be used. We currently use customer matching on the following social media platforms and websites: Schibsted.
We transfer your contact information encrypted to the platform, who can automatically get a match if you are a registered user there with the same contact information. After this matching, the information is deleted. We do not share other information about you or your finances.
The service provider is DNB’s data processor and is subject to a data processor agreement, which ensures that your data is not used in any other way than for DNB’s purpose, namely, to provide you, as our customer, with relevant information and marketing.
The processing of personal data as described above takes place on the basis of the Art. 6(1)(f) of the General Data Protection Regulation (GDPR) and DNB’s legitimate interest in being able to conduct marketing. You have the right to opt out of this processing. You can do this under “Objection to processing” in the section on your rights in the privacy statement.
Customer matching is not the same as the use of cookies. You can read more about DNB’s use of cookies in the sections “Sources from which we gather your personal data” / “From cookies” in the privacy statement.
By “profiling” we mean all forms of automated processing of personal data for the purpose of evaluating characteristics associated with you. This includes, for example, analysing or predicting elements of your financial situation, your personal preferences or transaction patterns.
DNB uses profiling when preparing and carrying out advertising campaigns, for customer follow-up and when preparing offers for products. The bank has a legitimate interest to use profiling, for example when performing a customer analysis for marketing purposes or monitoring transactions to enable the detection of fraud.
The DNB Group has a shared customer register. The data in the register is used to manage customer relationships and coordinate offers of services and advice from the different companies in the Group.
The group-wide customer register will contain neutral information about you like your name, date of birth, address and other contact information, as well as information about the companies in the Group you are a customer of, and the services and products for which you have entered into agreements. Your national identity number may be shared and registered in a group-wide customer register when the purpose is administration of the customer relationship.
DNB has implemented technical and organisational security measures to protect your personal data. DNB continuously seeks to ensure that your personal data is protected against loss, destruction, corruption or unauthorised access. Our security framework is updated regularly in line with technological developments.
In addition, DNB is permitted to process personal data to pursue the legitimate interest of securing the Group’s assets, for instance in connection with logons to servers, the operation of infrastructure, firewalls, access controls and video surveillance.
DNB will process credit information and other personal data in accordance with the provisions of the Norwegian Financial Institutions Act and Securities Trading Act. This processing takes place in connection with the establishment of your customer relationship, determining which products and services are suitable for you and the use of systems to calculate capital adequacy requirements for credit risk. The internal measurement systems include DNB’s models, work and decision-making processes for approving and managing credit, control mechanisms, IT systems and internal guidelines for classifying and quantifying the Group’s credit risk and other relevant risk. The personal data used for this purpose is obtained from credit agencies.
DNB is permitted to process personal data for the purpose of preventing, detecting, investigating and handling fraud and other criminal acts. In such cases, DNB may need to gather information and disclose it to other banks and financial institutions, the police and other public authorities. The collected information may be stored for up to ten years after it is registered. DNB will process personal data to fulfil its obligation to investigate and report suspicious transactions in accordance with the Norwegian Money Laundering Act. DNB has a statutory obligation to report suspicious information and transactions to the Financial Investigation Unit in ØKOKRIM (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime). According to the Norwegian Personal Data Act and the Money Laundering Act, you are not entitled to inspect certain information registered by DNB in this connection as long as an investigation is still ongoing.
DNB will otherwise process personal data to the extent this is required or permitted by law or when you have given your consent. In addition, DNB is permitted to process personal data for the purpose of preventing and detecting criminal acts if this is necessary to protect a legitimate interest that overrides the right to protection of your personal privacy.
When you use DNB’s electronic services, DNB is permitted to register your user behaviour and user environment and any deviations from these, identify the computer or mobile device you use to carry out the banking service, the state of the computer/unit etc. DNB will use this data to make sure that the right person is using the service in question. DNB may also use the data in a risk assessment to adjust the authentication method that you have to use for the service.
In connection with the improvement of existing services or development of new ones, DNB may collect information for the purpose of analysing how you, as a customer, use DNB’s services.
In some cases, DNB is permitted to process personal data for the legitimate purpose of analysing usage patterns to identify potential demand for new products and services, improving existing products and services and performing tests in connection with development.
In some cases, we can use automated decisions when this is permitted by law and you have explicitly consented to this, or if it is necessary for the performance of an agreement, e.g. automated credit decisions in our online channels. You may, at any time, request manual processing instead, state your opinion or contest a decision that is exclusively based on automated processing, including profiling, if such a decision could have legal or other significant consequences for you.
When we use automated decision-making processes, we will give you additional information about the underlying logic that is used and the consequences it can have for you.
At DNB Bank, we process personal data to provide statistics to public and private companies. The statistics we share are never personal information only non identifiable. The companies may use the statistics to improve goods, services, communications and offers to their consumers. Our legal basis of processing for this purpose is legitimate interest. The statistics we create are based on demographic information, product information and transaction information. In some cases, we also use additional information from public registers, such as from the Mapping Authority (Kartverket). Examples of statistics can be groups of residents who travel collectively, which age groups most often go to the cinema, how many customers live in detached houses, the time of day that most people in the grocery store, or what average people in a municipality pay in electricity, telephone subscriptions, food consumption, etc. You have the right to object to including your personal data in the statistics. You can do so in the online banking, through the menu Settings.