This privacy notice applies to all (sub)domains of Svenska Handelsbanken AB (publ) Nederland (“Handelsbanken”). Handelsbanken, with its registered office at Herikerbergweg 181,1101 CN Amsterdam is the controller for the processing of your data. This notice relates to the general provision of services by Handelsbanken. Additional information on the processing of your data may be relevant in relation to specific services. Where this is the case, this information will be provided when the service is offered.
If you have any questions after reading this privacy notice, please contact your Handelsbanken branch or Handelsbanken’s Data Protection Officer in the Netherlands via firstname.lastname@example.org.
How do we handle your personal data?
This privacy notice is intended to make clear to you which personal data we retain and process in relation to you. We set out why we do this and how we obtain your personal data. We also make clear who we may share your personal data with and for how long we retain these data. We explain how you can exert influence on the data we retain about you and how you can access those data. We also tell you where you can find additional information in this regard.
Which personal data do we have and process?
There are different categories of personal data which we hold about you and process. These include general personal data (such as your name, address and Citizen Service Number (BSN)), personal preferences which apply (such as language and acceptance of cookies), products which you purchase from us (such as accounts, loans and deposits), financial transactions (such as information on debit and credit entries and the purchase or sale of financial instruments) as well as data on communication (such as recordings of our telephone calls with you and email traffic between you and us) and technical data (such as your IP address and the manner in which you use online banking).
There is additionally a category with relevant sensitive data. We only process these data where that is necessary and relevant for products or services which we deliver. This may be the case in relation to debts registered with third parties, for instance, or your payment record. Where necessary, we also process personal data of your representatives, such as proxies and authorised agents. These personal data also constitute a separate category.
In order to protect your security and that of our employees, as well as for countering fraud, money laundering and other crime, we use security measures at our locations, for example by means of camera surveillance.
For what purposes do we process personal data?
We only collect personal data which are relevant for delivering our services or products to you. If you decide, for whatever reason, not to give the requested data to us, or if you no longer wish to provide previously supplied data to us, it is possible that we can no longer be of assistance to you. There are four legal bases underlying our processing of your personal data. These bases are set out below.
1) To fulfil an agreement
You purchase services from us based on the agreement you have concluded with us. The main purpose of collecting, processing and retaining your data is to facilitate the provision, preparation and (digital) administration of these services.
We can monitor and record your telephone calls with us. We are legally obliged to do this for some of our products, for example when you purchase financial instruments from us by telephone. In addition, we can use the recordings of the calls also to verify agreements made by telephone and to further improve our services to you.
2) Necessary to comply with legislation and regulations
In order to comply with applicable legal obligations, we use your personal data among other things to check and verify your identity and to monitor and analyse the use of your account(s) and other banking services. This enables us to prevent and detect fraud, money laundering and other criminal activities. We additionally document and retain your personal data in the case of transactions in financial instruments (such as equities and investment funds), for complying with security regulations (for example in relation to online and mobile banking), for reporting to the authorities (such as the Tax and Customs Administration or supervisory authorities), and for complying with regulations in relation to accounting, risk management and the keeping of statistics. We also make and retain, for your security and ours, video recordings.
3) The bank’s legitimate interest
We use your personal data to offer you appropriate products and services which we intend will form the basis for building a long-term relationship with you. For this reason, we use your personal data also to carry out market and customer analyses (with the aim of improving our products and services), to carry out direct marketing activities (to enable us to offer you products and services which may be of interest to you, unless you have asked us not to do so), and for the purposes of risk management and statistics (with the aim of improving our credit assessment models, for example).
4) With your consent
In some cases, we require your explicit consent to process certain personal data. Where this is the case, we request your consent via a separate written declaration. You can withdraw your consent at any time easily and simply; in the written declaration we set out how you can do this.
Profiling and automated decision-making
When providing certain services, there may be occasions where an automated decision is made on the basis of a known profile of you. Where this is the case, we will inform you accordingly.
How we obtain your personal data
We obtain your personal data directly from you, for example when you open an account with us, take out a loan with us or make payments via us. We also obtain data from private or public sources which are related to your activities with us, such as the Tax and Customs Administration, the Credit Registration Office (BKR) or the Land Registry Office (Kadaster).
Who may we share your data with?
We may not share your data, unless we do this for a permitted purpose, such as fulfilling the contractual obligations we have with you. We may also be legally obliged to share your data, for reporting information to the authorities, for example.
In order to fulfil our contractual obligations, it may be necessary for us to share your data with a company outside the Handelsbanken Group. This company then helps us to provide our services to you. Examples of other companies or parties with whom we share your personal data include third parties who provide us with contractual services (such as payment service providers), credit rating organisations (when you apply for a loan from us), banks and payment institutions in countries in and outside the European Union or European Economic Area (when we transfer funds at your request), and the public authorities, supervisory authorities or Tax and Customs Administration (in order to comply with our legal obligations).
Sharing personal data with third countries
Sometimes it is necessary for us to share your personal data with parties outside the European Union or European Economic Area, so-called third countries. This happens in particular when we, at your request, and on the basis of an agreement concluded between you and us, transfer money or another asset to a recipient in that third country. In addition, the authorities in third countries may oblige us to share your personal data with them.
Where we have not concluded any agreement with you on sharing your personal data with third countries, we may only share such data under the following conditions:
For how long do we retain your personal data?
- The European Commission has established that adequate protection safeguards exist in the third country;
- Other safeguards exist, such as clauses in agreements concluded by us with third parties and company regulations;
- Specific consent has been obtained from a Supervisor, or;
- The sharing of data is permitted on the basis of applicable legislation.
We retain your personal data for as long as we consider necessary for fulfilling our agreement with you, and for ensuring we can continue to provide you with our products and services. Where you no longer use a product or service supplied by us, we must, depending on the type of service or product, nonetheless retain your personal data for a certain period. We must be able, for example, to report to the Tax and Customs Administration, to satisfy the requirements for the prevention of money laundering and to comply with accounting rules. Information on products purchased by you, for instance, are retained for up to seven years after our relationship with you has terminated. Where you discuss a specific product or service with us but eventually decide not to enter into an agreement with us, we retain your personal data for a maximum period of thirteen months.
How can you exert influence on the data we retain about you and how can you access those data?
Right of inspection - You can request from us at any time (in principle free of charge) access to (part of) the personal data we retain about you.
Right to be forgotten / erasure - You have the right to have data which we process about you erased. This possibility does not always exist. We will delete the data at your request, subject to the exemptions provided for by law, if:
Right to restriction of processing - You can request us to (partly) restrict our processing of your personal data. If this request is considered well-founded, your data will, with the exception of storage, only be processed insofar as you give your consent to such processing, subject to legal exemptions.
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw the consent necessary for processing and there is no other legal ground for the processing;
- you object to the processing on the ground of a legitimate interest of Handelsbanken, unless there are overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- when the data have to be erased for compliance with a legal obligation.
Right to rectification - If the data we retain about you are inaccurate, we will rectify those data immediately after you have informed us of the inaccuracy.
Objection to legitimate interest - You can object to the processing of your personal data on the basis of the bank’s legitimate interest.
Stopping direct marketing - If you do not wish to receive any direct marketing materials from us, you can inform us of this at any time via email@example.com or by contacting your Handelsbanken branch.
Right to data portability - You have the right to receive most of the personal data which you have provided to us, and which we retain in our systems, in the form of a digital file which you can forward directly to other companies, for example, or to authorities which process personal data. Where technically possible, Handelsbanken can forward the data at your request to another controller.
Please contact your Handelsbanken branch or Handelsbanken’s Data Protection Officer in the Netherlands if you wish to exercise one or more of your rights. Any request made or objection expressed by you as described above will be carefully assessed by us at an individual level. Based on this assessment, we will determine whether, and if so to what extent, we can legally comply with the request.
Our General Terms (pdf) also include information on how we use your personal data.
If you have any questions or wish to make a complaint about the manner in which we use your personal data, please contact your Handelsbanken branch or Handelsbanken’s Data Protection Officer in the Netherlands. You can also submit a complaint to the Dutch Data Protection Authority.
You can find the contact details of your Handelsbanken branch at handelsbanken.nl. You can reach Handelsbanken’s Data Protection Officer in the Netherlands via firstname.lastname@example.org.