For whom the information is intended
The information is intended for you, where relevant, based on the various relationships you have with the Bank, such as when you are:
- An existing or prospective customer of the Bank
- A, trustee, administrator, holder of power of attorney or other agent
- A payer, pledgee or guarantor
- A beneficial owner, authorised signatory or representative for one of our corporate customers
- In contact with the Bank in your professional role, such as employee of another bank, consultancy firm, broker, supplier or public authority
- A private individual without an existing agreement with the Bank whom the Bank contacts as part of marketing activities
- Shareholders in the Bank and its representatives
What personal data the Bank process
The personal data we collect and process is divided into different categories:
- Basic personal data for example civic registration number or equivalent, name, contact details and information about ID documents and associated details
- Personal choices for example relating to direct marketing, language or acceptance of cookies
- Assessments and classifications according to rules regulating money laundering, securities trading or, for example, liability for taxation in the USA
- Agreements including all types of information linked to such agreements, such as account numbers, loan numbers, card details, property designations and powers of attorney
- Financial transactions such as deposits, withdrawals, loan payments, card purchases and securities transactions
- Communication between you and the Bank, for example via e-mail, sms, chat and recorded telephone conversations
- Review logs for example IP or MAC address, logins to Online Banking or the Bank’s app
- Special categories of personal data referring to particularly sensitive personal data, such as information about your health. We only process this type of personal data when it is relevant for a specific product or service, such as our life insurance products or when required to do so by law.
For what purposes and legal grounds do we process your personal data
Handelsbanken processes personal data on the basis of the various legal grounds and purposes described below. If, for any reason, you do not wish to provide us with the necessary personal data, or if you wish to delete such personal data, there is a risk that we will be unable to offer you our products and services.
Fulfilling the terms and conditions of our agreements
The basic purpose for which Handelsbanken collects, processes and stores personal data is to enable us to prepare, provide and administer the Bank’s products and services to you – whether digitally, at a branch, or via telephone. The legal grounds for this is to fulfil the terms and conditions of our agreements.
Complying with laws and decisions from public authorities
The Bank is required to comply with numerous laws and decisions from public authorities, and in this context, we process your personal data in order to, for example:
- To check and verify your identity
- Monitor and analyse how you use your accounts, enabling us to prevent, or identify fraud, money laundering, and other crimes, and to meet the Bank's obligations on measures against money laundering and terrorist financing
- Document and save personal data linked to credit testing and advice on securities
- Manage the security requirements for online payments and account access
- Report to public authorities, such as the Tax Agency or the Financial Supervisory Authority
- To comply with rules and regulations relating to accounting, risk management and statistics
- Managing analyse and follow up complaints
The Bank's interests
Handelsbanken offers financial services with the objective of creating good, long-term relationships with our customers. To this end, we process your personal data for the following purposes for example:
- Market research and customer research to develop our products, services and channels, offerings and meeting places
- Marketing activities through which we identify and suggest products or services that may be relevant to you, unless you have informed us that you would not like to take part in such activities and receive such offerings. You may receive offers about these activities via, for example, sms, push notifications, e-mail or telephone. In some countries we do not carry out marketing activities without your approval
- Quality surveys in collaboration with customer survey companies
- Developing, improving and managing our products, services, applications, technical systems and IT infrastructure and testing associated with these activities,
- Developing, maintaining and validating our models and methods for risk analyses for example capital adequacy, and preventing and identifying fraud, money laundering and terrorist financing
- Risk analyses, and developing statistics to improve our credit risk models, for example
With your consent
For certain products, we require your consent to process your personal data, and in such cases, we request this separately from the agreement in the product or other documentation. We also describe how you can revoke your consent and how this affects you are about that specific product or service.
Profiling and automated decision-making
In some cases, the Bank uses profiling. This refers to the automatic processing of personal data to conduct analyses of our customer’s financial situation, personal choices or behaviour in different meeting places. Profiling is used, for example, to analyse our advisory documentation, in conjunction with marketing, in the development of our systems or in connection with preventive measures against money laundering and terrorist financing.
Automated decision-making, including profiling, is also used in some of our home markets in conjunction with the granting/refusal of an application for a committed loan offer or a credit application via the internet, app or Bank branch. Automated credit assessments facilitate increased speed, objectivity and correctness in our offering of services. Decisions regarding committed loan offers and credits are based on, among other things, the information provided in connection with the application, together with other external credit scoring information such as income and records of non-payment. An overall assessment is made as to whether the credit application can be granted or not. When applying for a committed loan offer or credit, you are always entitled to contact your branch to object to an automated decision and request re-assessment.
We also use automated decision-making, including profiling, in conjunction with transaction monitoring, in order to identify and prevent fraud.
From where we obtain your personal data
We collect personal data directly from you, for example, when you open an account at Handelsbanken, when you pay bills, apply for a loan or when you use various services offered by the Bank. Data is also collected in connection with interactions you have with the Bank, for example telephone conversations, e-mails or via our digital channels.
We also obtain information from public registers and other databases such as Tax Agencies or Credit reference agencies.
If you are not a customer of the Bank and are contacted by us as part of our marketing activities, we have obtained your personal data from a public database, unless another specific source is disclosed for the activity in question.
The Bank uses video surveillance in some home countries as part of our security work for the Bank’s employees and customers. It is used, for example, to prevent and investigate crimes, counter fraud, money laundering and other criminal activities, and to ensure your and your employees’ physical security. Video surveillance takes place in or immediately outside the Bank’s premises. Areas in which video surveillance is in operation are clearly signposted. Video surveillance may in some home countries also be in operation on ATMs close to the Bank’s branches. If the Bank suspects a crime, video and sometimes sound are recorded.
Surveillance is permitted under local legislation and it is deemed necessary to protect the Bank’s legitimate interest in appropriate security work. In assessing whether surveillance is to be used, we have taken personal privacy into account and determined that video recordings, and in certain cases sound recordings, entail a limited infringement of your right to privacy which is outweighed by the increased security provided by surveillance cameras in or immediately outside the Bank’s premises.
Where a crime is suspected, personal data is processed to establish, support or defend a legal claim. We share video and audio recordings with authorities where required by law, such as when the recordings are needed as part of a criminal investigation.
We store your information for as long as necessary to fulfil the purposes for which the data has been collected, processed and stored.
Recording of telephone conversations
We record, save and potentially review telephone conversations in some home countries for various purposes. This is done for the following reasons, for example:
- Documentary evidence, whereby we are required by law to document that we have reached an agreement during a telephone conversation, in conjunction with securities transactions, for example
- Educational purposes, for which we invoke the legal grounds of the Bank’s legitimate interest
- Suspicions of fraud or other criminal activity
- Threats against the Bank’s employees
- Other purposes, including documentary evidence not required by law, recording invokes the legal grounds of the Bank’s legitimate interest. This includes, for example, when we collect, process and store personal data in order to enable ourselves to prepare, provide and administer the Bank’s products and services to you. We also make recordings to enable the verification of agreements or conversations between you and the Bank.
Information we receive from you about other private individuals
If you, with regard to a product or service at the Bank, provide us with information about another person, you must show this document ‘Group Privacy Notice’ to these individuals, and gain assurance that the person in question is aware of, and does not object to, the sharing of their personal data, to the extent required for the purposes of the processing. This may be applicable, for example, when you, as a private individual, make a joint credit application with another person or provide a power of attorney enabling another person to handle your affairs at the Bank.
It may also be applicable when you, as a representative of a company or organisation that is a customer of the Bank, provide us with information about other individuals as a part of our business relationship or in conjunction with other corporate actions. Such individuals may refer to our own customers, tenants, employees, business partners, board members, shareholders or holders of power of attorney, from whom the Bank assumes you have authorisation to disclose their personal data.
With whom we share your personal data
By law, The Bank may not share information relating to you unless there is a clear support for this, either as required for us to fulfil the terms and conditions of an agreement with you, or for legal purposes that require or permit sharing , such as reporting to the public authorities.
In order to fulfil the terms and conditions of our product and service agreements we need to share information regarding you with other companies in the Handelsbanken Group, and at times also with external companies that provide the Bank and our customers with agreed services. This may refer to, for example, other banks, payment intermediaries and other financial infrastructure parties, suppliers, that that act on behalf of customers, or other parties in the product agreement.
Examples of when we share your personal data outside the Group are:
- To approved credit information agencies when we obtain credit scoring information in conjunction with an application for a loan
- To parties that constitute part of payment flow linked to a product of service, such as a card issuer or acquirer of card transactions
- To established payment intermediaries when we make a payment on your behalf, e.g. MasterCard
- To other banks in or outside the EU/EEA (the European Economic Area), when we transfer funds or other assets on your behalf
- To other public authorities in order to, of comply with laws and other regulations relating to, for example taxes, money laundering or terrorist financing
- To companies in which you, as a private individual, are a shareholder, in order to comply with laws relating to information that must be disclosed about shareholders
- We may also share information about customers of the Bank with other companies in the Handelsbanken Group for marketing purposes.
- In addition, we work with customer survey companies that perform quality surveys on behalf of the Bank.
Transfers to a third country
On occasion, we may transfer personal data to recipients in a country outside the EU and EEA. This is then called a ‘third country’. This mainly occurs when we transfer funds or other assets to a recipient in a third country as assigned by you, in order to fulfil an agreement between you and the Bank. Another reason for such transfers may be that the Bank is obliged to submit personal data to a public authority in a third country.
If we do not perform an assignment to fulfil an agreement with you, one of the following conditions must be met for us to execute a transfer to a third country:
- That the European Commission has determined there is an appropriate level of protection in the country in question
- That there are other protective measures such as standard contractual clauses or binding corporate rules
- That the transfer there is a specifically permitted by a supervisory authority, or
- That the transfer is permitted under applicable data protection legislation
For how long we save your personal data
We only save your personal data for as long as it is necessary to provide the products and services for which you have an agreement with us. We also save personal data to be able to fulfil requirements in laws and decisions by public authorities, such as those for accounting records or tax reporting.
If you close your account or discontinue another service at the Bank, we need to save the parts of your personal data that are related to that product or service according to local requirements on retention.
If you apply for one of the Bank’s services but do not subsequently enter into any agreement with the Bank, your personal data may need to be saved to comply with rules relating to money laundering according to local requirements on retention.
If you are not a customer of the Bank and have been contacted by us as part of a marketing activity, your personal data is saved for the duration of the marketing activity according to local requirements on retention.
On social media
The Bank is in some of our home markets active on several social media networks, such as Facebook, Instagram and LinkedIn. If you contact us via our social media accounts, your personal data will be collected and processed by both us and the social media network in question, in accordance with their data protection policies.
The Bank and the individual social media networks have a shared responsibility for personal data, meaning that you as a registered user have the right to know what information both parties hold. The Bank is responsible only for the processing linked to the Bank’s accounts.
You as a social media user can take part of the processing of personal data linked to your account via their Data Policies, which can be found on respective networks’ websites. Information on how you can take part of the division of responsibilities’ in the joint controllership for example for Facebook and Instagram, can be found via the link ‘Controller AddendumOpens in a new window’.
We may also analyse your activities and send targeted messaging to different target groups on social media for marketing purposes. The purpose of such analyses is to ensure that you, as a customer, receive relevant information. You can find more information about how we work with social media under ‘Handelsbanken on social mediaOpens in a new window’ on our website.
If you have downloaded one of the Bank’s apps, we may in some of our home markets send information to the device on which the app is installed in the form of push notifications. Such messages may, for example, include information that a card purchase has been made, or that the terms and conditions of a product have been updated. You can choose whether the information is sent or not via the settings for the Bank’s apps. You can also decide how the information is displayed on the device’s screen when locked, via the device’s system settings. The information sent to your device is encrypted.
Your rights regarding processing of personal data
You have several rights regarding your personal data that is processed by the Bank. Contact your local branch or the local Handelsbanken Data Protection Officer if you want to exercise any of your rights. Further information on how to contact us can be found on the ‘Contact usOpens in a new window’ page of our website and under ‘Further information’ below.
We will respond to your query as soon as possible and as a general rule within 30 days. In most cases, the administration of your query is free of charge. Before sending the requested information, the Bank must ensure that the right person will receive it, for which reason you will need to securely identify yourself.
Requesting access to your personal data
You have a right to request a copy of your personal data being processed by the Bank.
In some cases, the right of access may be restricted, due to for example legislative requirements, confidential information or information linked to business secrets. Internal information that constitutes part of the preparatory work for ensuring correct administration, or information kept secret in order to prevent, investigate or uncover criminal activity are other examples of when access to information is restricted.
Requesting the correction of erroneous or incomplete data
If you discover that the Bank has erroneous or incomplete data about you, you are entitled to request correction. The Bank corrects the data it holds as soon as we are made aware of the matter, unless restrictions are in place due to legislative requirements. If the Bank has shared information with a third party, we also ensure that this information is corrected.
You can request the deletion of your personal data processed by the Bank under some circumstances. This is possible when, for example, the data is no longer needed for the purposes for which it was collected, when you revoke your consent and the Bank has no legal grounds for continued processing, when the processing is illegal, or when the processing is related to direct marketing and you object to this.
The right to deletion of the data may sometimes be restricted, such as when the Bank needs the information to administer your agreements, or when the Bank is legally required to store certain information for the duration of your relationship with the Bank. Following the conclusion of such a relationship, we may also be required to retain some of your personal data due to stipulations in legislation regarding Anti-Money Laundering, rules about accounting information and rules regarding the limitation of claims.
Object to the Bank´s processing
You have the right to object to the Bank processing your personal data when this takes place on the legal grounds of the Bank’s legitimate interest. Objections to the Bank’s processing of your personal data for direct marketing can be made at any time, and will result in the Bank discontinuing this type of processing.
Request restriction of processing
You have the right to request restrictions to the processing of personal data in the event that you object to the accuracy of the information relating to you that the Bank has registered, or if you object to the legality of the processing. Restrictions can also be requested when you have objected to the processing and, for example, requested the deletion of personal data. In such cases, the processing is restricted to specific limited purposes, such as retention until the data is corrected, or until it is established that the Bank is entitled to process the persona data on the legal grounds of the Bank’s legitimate interest.
You can obtain a digital copy of most of the personal data that you have submitted to the Bank, for which the processing is based on the legal grounds ‘consent’ or ‘agreements’ and is automated. We can, on your behalf and where technically possible, transfer this data directly to another company or public authority for processing of your personal data.