The entity within the Handelsbanken Group with which you have a relationship is generally the controller of your personal data. In the description below, the terms “Handelsbanken”, “we”, “the Bank”, or “us” refer to all entities within the Handelsbanken Group. You can find our contact details at Contact us.
The information provided below is, as applicable, based on the different relationships you may have with the Bank, for example if you are:
- An existing or prospective customer
- A guardian, trustee or other approved representative
- A payer, pledgee or guarantor
- A beneficial owner, account signatory or authorised user for a corporate customer of the Bank
- In contact with the Bank in your professional role, for example as employee of another bank, consultancy company, supplier or authority
- An individual without a current agreement with the Bank whom we contact in connection with a direct marketing activity
- A shareholder of the Bank and its representatives
What personal data does the Bank process?
We have divided personal data into different categories. The personal data we hold about you relates to the following categories with (not exhaustive) examples:
- Basic personal data (e.g. customer number, name, contact details, identification number)
- Personal preferences (e.g. acceptance of direct marketing, language, acceptance of cookies)
- Assessments and classifications (e.g. according to regulations relating to anti-money laundering, markets in financial instruments or information related to US taxpayers)
- Agreements (all kinds of information related to agreements, e.g. account numbers, loan numbers, cards, property designations, power of attorneys)
- Financial transactions (e.g. account deposits and withdrawals, loan payments, card transactions and securities transactions)
- Communication (e.g. e-mail and, where relevant, telephony recordings)
- Audit (e.g. IP or MAC address, logs of when you identify yourself electronically in our online services)
One category includes categories of personal data that are particularly sensitive, such as health information. We will, however, only process this type of information if it is relevant to a specific product or service, such as our life insurance products.
For what purposes does Handelsbanken process personal data?
The Bank processes personal data for the various legal reasons and purposes described below. If, for any reason, you prefer not to provide us with certain necessary personal data, or wish to withdraw such data, we may not be able to provide you with our services and products.
Performance of a contract
The overall purpose of Handelsbanken collecting, processing and holding personal data is in order to prepare, provide and administer the products and services we offer you – digitally, at our branches, or by phone, with a contract as the legal basis.
We may also record and/or monitor your phone calls with us, and for certain products we are under a legal duty to do so. This legal requirement applies when you make securities transactions by phone with the Bank, but we also record phone calls to help us verify a contract or a conversation with you and for training purposes.
In order to comply with its legal obligations, the Bank processes your personal data for the following purposes (this list is not exhaustive):
- To check and verify your identity
- To prevent, detect and investigate fraud, money laundering, terrorism financing or other financial crime, for example by monitoring transactions
- To document and hold personal data relating to credits and loans as well as investment services in financial instruments
- To handle security requirements for online payments and account access
- Reporting to authorities, such as the Tax Authority or the Financial Supervisory Authority
- To comply with rules and regulations relating to accounting, risk management and statistics
The Bank's interests
Handelsbanken offers financial services with the aim of creating good, long-term relations with its customers. We therefore process your personal data for the following purposes (this list is not exhaustive):
- To perform market and customer analyses in order to improve our products, services and channels
- To carry out direct marketing activities in order to help us identify and suggest any products and services which may be of interest to you, unless you have asked us not to. In some countries we do not carry out direct marketing activities without your approval
- To perform customer surveys
- To develop and improve our products, services and IT systems, including for the purpose of testing
- To develop, maintain and validate models and methods for risk analyses e.g. anti-money laundering, fraud prevention or capital adequacy
- To perform risk analyses and obtain statistics, for example, in order to improve our credit risk models
- To ensure the physical security of our customers and employees, and to counteract crime, the Bank uses surveillance cameras on some of its premises.
With your consent
For specific products or services, we may need your consent in order to process your personal data. In this case we present this as a written declaration, separated from our product and service agreements or other matters. There we also describe how you can withdraw your consent and the effect this will have for you regarding that specific product or service.
Profiling and automated decision making
In some cases the Bank uses "profiling". This means automated processing of personal data in order to perform analyses relating to the customer’s financial situation, personal preferences or behaviour in different channels. Profiling is also used in some of our home markets for automated decision-making, for example, an automated approval or refusal of a loan application via the internet.
How we obtain your personal data
We obtain the information from you directly, for example, when you open an account with Handelsbanken, when you apply for a loan or pay your bills, as well as from your activities with the Bank. We also obtain information from private and public records such as tax authorities or credit reference agencies.
Who we share your information with
The Bank is under a legal obligation not to disclose your information unless this is for legitimate purposes, such as the fulfilment of a contract with you, or in connection with any other legally required or permitted purpose, such as reporting to authorities.
In order to fulfil the conditions of our product and service agreements with you, we may need to share information about you with other companies within the Handelsbanken Group as well as with companies outside the Group which provide contracted services to us or to you. Such recipients include banks, payment service providers and other financial infrastructure parties, suppliers, agents and other parties that are involved in the product agreement.
The following are examples of circumstances when we disclose personal data about you outside the Bank (this list is not exhaustive):
- To licensed credit reference agencies when you apply for a loan with the Bank
- To third parties who provide contracted services to us or to you, e.g. payment service providers, approved sub-contractors or those who act as our agents
- To banks and payment institutions in countries inside and outside the EU/EEA, when we perform a transfer of money or funds at your request
- To governmental, regulatory or revenue authorities, for the purposes of complying with our legal and regulatory obligations e.g. tax, anti-money laundering, anti-terrorism and immigration laws and regulations
- To licenced fraud prevention agencies and other similar organisations to help us fight financial crime
We may also share your personal information with other companies within the Handelsbanken Group for direct marketing purposes.
Transfers to third countries
In some situations, we may transfer personal data to recipients outside the EU/EEA (the European Economic Area) – “third countries”. This mainly occurs when we transfer money or other assets to a recipient in a third country at your request with an agreement as the basis for the transfer. Another situation is when the Bank is obliged to provide personal data to an authority in a third country.
If we do not have an agreement with you about a transfer to a third country, one of the following conditions must be met for us to make a transfer:
- That the European Commission has decided that the third country ensures an adequate level of protection
- That there are other safeguards such as standard data protection clauses or binding corporate rules
- That there is a specific authorisation from a supervisory authority
- That it is permitted under applicable data protection legislation
For how long do we hold your personal data?
We only hold your personal data as long as it is required in order for us to fulfil the conditions in the contract for any products and services you have with the Bank. We also hold personal data to comply with our legal, regulatory and business record retention requirements.
Recordings from camera surveillance will be stored according to local requirements on retention. Local requirements on retention are also applicable if you apply for a product or service but then do not enter into any agreement with the Bank, or if you are not a customer at the Bank and we have contacted you in a direct marketing activity.
If you close your account or a service with the Bank, we will need to retain some of your personal data for a specific period of time relating to that account or service. For example, we will have to be able to report to tax authorities and comply with requirements from rules and regulations on anti-money laundering or accounting.
How you can control and access your personal data
You have several rights concerning your personal data processed by the Bank:
- You can at any time request a copy of the personal data we hold about you, which is normally free of charge. Contact your local Handelsbanken branch or write to us with your request
- If you do not wish to receive direct marketing you can tell us so at any time by contacting your local Handelsbanken branch
- If you find that we have inaccurate information about you, we will correct this as soon as we are made aware of it
- You can request erasure or restriction of the processing of your personal data under certain conditions
- You can object to our processing of your personal data that we base on the legitimate interests of the Bank, as described above
- You can obtain a digital copy of most of the personal data you have provided to the Bank, which we process in our systems. We can also, at your request and if technically feasible, transfer this personal data directly to other companies or authorities that process your personal data. This is called data portability.
- You can, when the Bank uses profiling and automated decision-making, contact your local branch for an explanation and raise your objections to the decision.
Contact your local branch or the local Handelsbanken Data Protection Officer in your country if you want to exercise any of your rights. We also need to identify you in a secure way in order to assure that the information will be sent to the right person.