Security and IT operations
Incident management
We may be required to process personal data both before and if a crisis or incident occurs in DNB. This will be personal data that is related to an incident such as violence, threats, unwanted behaviour, or an accident. Personal data processed in this context relates to the event itself. The incidents may contain both general personal data, but also special categories of personal data such as health data.
The purpose of the processing is to detect and handle a crisis. We are legally obliged to process personal data for this purpose, and the legal basis is the regulatory statutory requirements that apply to the financial industry regarding security and incident management.
We store events in access-controlled internal information systems and retain the personal data for as long as necessary to fulfil the purpose of the processing.
Some logs are kept 10–15 years in accordance with our internal archiving routines.
When we collect and process information about you, you have several rights under data protection rules and legislation.
This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketing.
Read about how you can exercise your data protection rights in our privacy notice under Your rights’.
DNB Denmark is responsible for the processing of your personal data.
- identification data
- special categories of personal data collected from the data subject during incident management, including health data.
We may share personal data within the Group for internal processing purposes. In addition, we may share information with external authorities such as the police.
We may also share data with suppliers who process personal data on our behalf.
IT security
We register personal data about you when you visit our offices and when we arrange meetings with you as a person. We do this so to verify your identity and follow up your visit in the office.
The personal data we collect is your name and phone number. If you wish, you can also register whether you represent a company or are a private individual. We obtain the contact information directly.
For security purposes we also have live-feed cameras to prevent unwanted incidents from occurring. The camera is installed at fixed locations inside our building.
The purpose of the processing is to keep track of where visitors are in our buildings. This is to ensure the safety of people, our assets and our property, as well as to handle incidents and criminal offences that should arise.
The purpose is based on both preventive and reparative considerations. We have a legitimate interest for this processing of your personal data. Our legitimate interest is to keep track of where visitors are in our buildings.
We retain your personal data for as long as it is necessary to achieve the purpose. This is up to a maximum of three years, unless the purpose entails a special need to keep the data longer.
DNB Denmark is responsible for the processing of your personal data.
- digital behaviour data
When we collect and process information about you, you have several rights under data protection rules and legislation.
This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketing.
Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.