Information on how we process personal data
To ensure we earn your trust, we strive to be open about how we process your personal data.
Below you can read about how we process your personal data. You will also receive information about your rights and how you can exercise your rights in practice.
The data controller is responsible for determining what your personal data will be used for, how it will be processed and what aids and tools will be used.
DNB Bank ASA Denmark Branch, CVR-no. 27 64 80 29 (“DNB Denmark”) is a branch of DNB Bank ASA. DNB Bank ASA is therefore the controller and is responsible for the processing of your personal data.
If you have any questions or inquires relating to the processing of your personal data, you may contact the branch at dpo@dnb.dk.
DNB is an international financial group consisting of the parent company DNB Bank ASA and a number of Norwegian and international subsidiaries and branches. Together, this constitutes the DNB Group.
See a more detailed illustration of the legal structure of the DNB Group here.
The company within the DNB Group which you have a relationship generally acts as the controller for the processing of your personal data. You can read further about the DNB Group’s processing of personal data in the privacy policy of the DNB group here: Privacy Policy | From A to Z - DNB.
When we collect and process information about you, you have rights under data protection rules and legislation. Below, we will provide you with an overview of your rights, what they entail, and how you can exercise your rights.
We are obliged to respond to you as soon as possible and normally within 30 days at the latest. Sometimes we need some more time to respond to you. If so, we will provide you with an explanation of why it is taking us longer to process your request and when you can expect a response from us.
If you would like to exercise any of your rights described below, or have any questions about how we process your personal information, please contact us in writing at the following address:
Postal address: Arne Jacobsens Allé 15, 2300 København S.
E-mail:dpo@dnb.dk
Phone: +45 33 36 62 00
We strive to continuously improve ourselves and our products and services that we offer you. If you are unsatisfied after having talked to us, you can submit a complaint by following the address above. When you submit a complaint, we will process your complaint as soon as possible.
If you do not agree with us and wish to complain further, you can send your complaint directly to the Danish Data Protection Authority at:
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Tlf. 33 19 32 00
You have the right to know whether we process your personal data. This means that you have a right to be given a copy of/access to this data. You also have the right to receive more detailed information about what personal data we process and how we process it.
There are some exceptions to the right of access. This typically applies where we have a statutory duty of confidentiality, or where we are required to keep information secret in the interest of preventing, investigating or prosecuting criminal acts. If DNB cannot provide you with the information you request, you will be notified of the reason for this in writing.
How to exercise your right of access?
If you would like to request information about the personal data, we hold about you (Data Subject Access Request), please contact us in writing at the address provided under “How to exercise your rights”.
The right to object gives you, in certain cases, the opportunity to request that we stop using your personal data. We will always consider and respond to such an objection.
When processing personal data for direct marketing purposes, you always have the right to object (right to opt out).
The right to object applies in different contexts with slightly different conditions:
How to exercise your right to object in DNB?
If you would like to object to a specific processing of your personal data, please contact us in writing at the address provided under “How to exercise your rights”.
For a more detailed overview of what types of processing you can object to, see the chapter entitled ‘Why we process personal data’. You may always request that we stop using your personal data for marketing aimed directly at you, including profiling for such a purpose.
For any use where we use your consent as a legal basis, you can revoke your consent at any time by contacting us at the contact details above or by following the steps below. If you revoke your consent, you may not be able to use our products and services in the intended way.
f we process personal data about you, you have, in some cases, the right to demand that your data will be deleted.
You may request the erasure of personal data if one of the following grounds is met:
In many cases, we are required to retain information about you, even if you request erasure. This applies both during your customer relationship, and for a certain time after agreements and your customer relationship has ended. In practice, this means that you cannot demand that your personal data be deleted when we have a legal obligation to retain your personal data or we must safeguard our legitimate interests. This also applies if we need to establish, exercise or defend a legal claim.
How to exercise your right to erasure in DNB?
If you wish to request the erasure of your personal data, please contact us in writing at the address provided under “How to exercise your rights”.
Automated decision-making is the process of making decisions solely based on personal data we are processing about you, without any human involvement.
You can always get an explanation of what is behind the automated decision and express your opinion. You can also contest the decision and demand that the decision made via the algorithm be reviewed by a person.
In DNB Denmark we use automated decision as part of the credit assessment when you apply for a loan or leasing which may lead to a rejection of the application.
If you believe that we are processing personal data about you that is inaccurate or misleading, you may require the data to be corrected or supplemented by additional information. You must be able to show that the data is inaccurate and inform us as to what is correct. After your enquiry, we will make sure to correct the incorrect personal data as soon as possible, and normally no later than within one month.
There may be cases where rectification is not practically possible, or where the information is correct but gives an incorrect impression. In these cases, we will ensure that your data is supplemented with additional information. That is, we will include your understanding of the situation, so that others will have a comprehensive overview of your situation.
If we have corrected your personal data, and we have previously provided that data to any third parties, we will attempt to notify those recipients of the changes if relevant. The obligation to notify of any changes does not apply if it proves to be virtually impossible for the recipient to implement corrections.
How to request rectification or supplementation with additional information?
If you would like to request rectification or supplementation with additional information of your personal data, please contact us in writing at the address provided under “How to exercise your rights”.
You have the right to receive certain personal data that we process about you so that it can be reused across different systems and services. The information you request is sent directly to you in a machine-readable format and may make it easier for you to transfer your information to a new service provider. This right is called ‘data portability’ and applies only to the personal data that:
Exceptions: You are not entitled to receive the following personal data, even if the above conditions are met:
How to request to have your personal data in DNB transferred to others?
To request a portable copy of the personal data in scope of data portability, please contact us in writing at the address provided under “How to exercise your rights”.
We will provide your data in a structured, commonly used and machine-readable format.
You may request that we restrict the way we process your personal data. This means that we cannot use your personal data actively. This is often in combination with other rights, for example to restrict the processing of your personal data while we consider a request for erasure or rectification.
For example, if you have asked us to correct your personal data, you can in the meantime request that we restrict the processing of this data until the error has been rectified.
We are obliged to restrict processing in some specific cases:
How to restrict the processing of personal data in DNB?
If you would like to restrict the way we process your personal data, please contact us in writing at the address provided under “How to exercise your rights”.
Depending on your relationship with us and the products and services you use, we process the following types of personal data:
In order to provide you with services, comply with statutory requirements and quality assure the information you have provided to us, we collect personal data about you from third parties such as:
Most of the personal data that we collect, and process will come directly from you, for instance when we process an application for a loan and other products and services we offer.
If you are affiliated with a company or other business that is a customer of DNB, we will collect and use your personal data if you are the owner, signatory or user of the company’s account.
Other examples where we collect personal data directly from you are:
When you visit us, one or more files are stored in your internet browser, known as “cookies.” To ensure the highest level of security, we use “cookies” while you are visiting our website (“session cookies”). These cookies are a prerequisite for accessing content on the website. In addition, cookies are also stored on your computer to collect information about you, as a user. If you want to block cookies, this can be done in the browser settings. If cookies are blocked or disabled, the online banking service cannot be used.
User behavior on our website is recorded via WebTrends. Our servers log the communication between your browser and our website, including, for example, which internet browser is used, date and time, cookies that identify the user, and which website the user came from.
The information collected via our website is used for statistical purposes, so that the website’s functionality, user experience, and content can continue to be improved.
As a user of our website, it is important to understand how security is best maintained and how we handle the information that is recorded.
DNB therefore encourages our users of the website to read this information carefully.
The website is encrypted to protect the electronic traces that result from using the site, for example, in relation to information sent via the internet between the user’s browser and the bank’s servers.
The bank’s website may contain links to external websites, which may have a lower level of security. We assume no responsibility for the security of such websites.
DNB may, within the framework of current bank secrecy rules, disclose your personal data to third parties, such as to other companies in DNB Group, as well as to IT suppliers and companies we collaborate with to provide our products and services. In some cases, we may also need to provide information at the request of authorities or to other parties in the context of judicial or corporate acquisition processes or the like. We will not sell your personal data to third parties.
DNB is a group consisting of different companies, and thus there are multiple companies that are data controllers. There may be one or more companies within the Group that are the data controller for your personal data, depending on your relationship with one or more companies.
Sometimes we need to share personal data about you within the Group. For instance, this may be to fulfil customer agreements, to meet obligations under company law because requirements to our information security make it necessary, or due to anti-money laundering obligations. It may also be because we have a legitimate interest for various purposes mentioned in the privacy notice.
There are strict rules on confidentiality for financial services and investment firms, including for companies in the DNB Group. Before sharing personal data, we will always ensure that we also comply with our duty of confidentiality.
DNB has a shared customer register. The purpose of the Group customer register is to manage your customer relationship and coordinate offers of services and advice from the various companies in the DNB Group. The Group customer register contains information about you, such as name, date of birth, address and other contact details, which Group company you are a customer of, and the services and products for which you have entered into an agreement.
We use data processors in several situations. A data processor is a third party who processes personal data on our behalf. The data processor does not have its own purposes for processing of personal data. We have data processors in Denmark and in other countries both inside and outside the EEA, such as:
DNB Bank ASA Denmark Branch always strives to process your personal data within the EU/EEA. In certain cases, we may disclose your personal data to countries outside the EU/EEA. If personal data is transferred to such a country, we will ensure that the personal data is still secure and that the transfer takes place in accordance with the law.
When transferring personal data to a country outside the EU/EEA that does not provide an adequate level of data protection, we apply the European Commission's standard contractual clauses for the transfer of personal data to countries outside the EU/EEA. In order for us to transfer your personal data outside the EEA, the GDPR requires us to have a valid legal basis for the transfer.
One of the following conditions must also be met:
This text was last updated 13.10.2025