What personal data does the Bank handle?
We have divided personal data into different categories. The personal data we hold about you relates to the following categories with (not exhaustive) examples:
- Basic personal data (e.g. customer number, name, contact details, identification number)
- Personal preferences (e.g. acceptance of direct marketing, language, acceptance of cookies)
- Assessments and classifications (e.g. according to regulations relating to anti-money laundering, markets in financial instruments or information related to US taxpayers)
- Agreements (all kinds of information related to agreements, e.g. account numbers, loan numbers, cards, property designations, power of attorneys)
Financial transactions (e.g. account deposits and withdrawals, loan payments, card transactions and securities transactions)
- Communication (e.g. e-mail and, where relevant, telephony recordings)
Audit (e.g. IP or Mac address, logs of when you identify yourself electronically in our online services)
One category includes categories of personal data that are particularly sensitive, such as health information. We will, however, only process that kind of information where it is relevant for a specific product or service, such as our life insurance products.
To help us ensure the physical safety of you and our employees and to help us combat fraud, money-laundering and other crime, we use systems in our branches such as camera surveillance.
Where appropriate, we also handle personal data relating to your representatives, such as guardians, trustees or other approved representatives.
For what purposes does Handelsbanken handle personal data?
The Bank handles personal data for the various legal reasons and purposes described below. If you, for any reason, prefer not to provide us with certain necessary personal data, or wish to withdraw such data, we may not be able to provide you with our services and products.
Performance of a contract
The overall purpose for Handelsbanken to collect, process and hold personal data is in order to prepare, provide and administer the products and services we offer you – digitally, at our branches or by phone, with a contract as the legal basis.
We may also record and/or monitor your phone calls with us, and for certain products we are under a legal duty to do so. This legal requirement applies when you make securities transactions by phone with the Bank, but we also record phone calls to help us verify a contract or a conversation with you and for training purposes.
In order to comply with its legal obligations, the Bank handles your personal data for the following purposes (this list is not exhaustive):
- To check and verify your identity
- To monitor and analyse how you use your account(s) and other bank services, in order to prevent and detect fraud, money laundering or other crime
- To document and hold personal data relating to credits and loans as well as investment services in financial instruments
- To handle security requirements for online payments and account access
- Reporting to authorities, such as the Tax Authority or the Financial Supervisory Authority
- To comply with rules and regulations relating to accounting, risk management and statistics
The Bank's interests
Handelsbanken offers financial services with the aim of creating good, long-term relations with its customers. We therefore handle your personal data for the following purposes (this list is not exhaustive):
- To perform market and customer analyses in order to improve our products, services and channels
- To carry out direct marketing activities in order to help us identify and suggest any products and services which may be of interest to you, unless you have asked us not to
- To perform customer surveys
- To perform risk analyses and obtain statistics, for example, in order to improve our credit risk models
With your consent
For specific products or services, we may need your consent in order to handle your personal data. In this case we present this as a written declaration, separated from our product and service agreements or other matters. There we also describe how you can withdraw your consent and the effect this will have for you regarding that specific product or service.
Profiling and automated decision making
In some cases the Bank uses so-called profiling. This means an automated processing of personal data in order to perform analyses relating to the customer’s financial situation, personal preferences or behaviour in different channels. Profiling is also used in some of our home markets for automated decision-making, for example, an automated approval or refusal of a loan application via the internet.
How we obtain your personal data
We obtain the information from you directly, for example, when you open an account with Handelsbanken, when you apply for a loan or pay your bills, as well as from your activities with the Bank. We also obtain information from private and public records in Sweden such as Statens personadressregister (SPAR), Skatteverket, UC (Upplysningscentralen) and Lantmäteriet.
Who we share your information with
The Bank is under a legal obligation not to disclose your information unless for permitted purposes, such as the performance of a contract with you, or in connection with any other legally required or permitted purpose, such as reporting to authorities.
In order to fulfil the conditions of our product and service agreements with you, we may need to share information about you with other companies within the Handelsbanken Group as well as with companies outside the Group which provide contracted services to us or to you. Such recipients include banks, payment service providers and other financial infrastructure parties, suppliers, agents and other parties that are involved in the product agreement.
Examples of circumstances when we disclose personal data about you outside the Bank are (this list is not exhaustive):
- To licensed credit reference agencies when you apply for a loan with the Bank
- To third parties who provide contracted services to us or to you, e.g. payment service providers, approved sub-contractors or those who act as our agents
- To banks and payment institutions in countries inside and outside the EU/EEA, when we perform a transfer of money or funds at your request
- To governmental, regulatory or revenue authorities, for the purposes of complying with our legal and regulatory obligations e.g. tax, anti-money laundering, anti-terrorism and immigration laws and regulations
- To licenced fraud prevention agencies and other similar organisations to help us fight financial crime
Transfers to third countries
In some situations, we may transfer personal data to recipients outside the EU/EEA (the European Economic Area), so-called third countries. This mainly occurs when we transfer money or other assets to a recipient in a third country at your request with an agreement as the basis for the transfer. Another situation is when the Bank is obliged to provide personal data to an authority in a third country.
If we don’t have an agreement with you about a transfer to a third country, one of the following conditions must be met for us to make a transfer:
- That the EU Commission has decided that the third country ensures an adequate level of protection
- That there are other safeguards such as standard data protection clauses or binding corporate rules
- That there is a specific authorisation from a supervisory authority
- That it is permitted under applicable data protection legislation
For how long do we hold your personal data?
We only hold your personal data as long as it is required in order for us to fulfil the conditions in the contract for any products and services you have with the Bank. We also hold personal data to comply with our legal, regulatory and business record retention requirements.
If you close your account or a service with the Bank, we need to retain some of your personal data for a specific period of time relating to that account or service. For example, we need to retain some personal data for seven years in order to be able to report to tax authorities and up to ten years to comply with requirements from rules and regulations on anti-money laundering.
If you apply for a product or service but then do not enter into any agreement with the Bank, your personal data will usually be stored for up to three months.
How you can control and access your personal data
You have several rights concerning your personal data handled by the Bank:
- You can at any time request a copy of the personal data we hold about you, which is normally free of charge. If you want to make such a request you can easily do it via handelsbanken.se/registerutdragOpens in a new window, secure email in the Swedish version of Online Personal Banking or by visiting your local branch. We also need to identify you in a secure way in order to assure that the information will be sent to the right person.
- If you do not wish to receive direct marketing you can tell us so at any time by registration in our Swedish online banking service under Min profil/Kontaktuppgifter or by contacting Handelsbanken Direkt on telephone 0771-77 88 99 or turn to your local Handelsbanken branch
- If you find that we have inaccurate information about you, we will correct this as soon as we are made aware of it. Contact your local branch, Handelsbanken Direkt or the Data protection officer in the bank if we need to correct inaccurate personal data about you.
- You can request erasure or restriction of the processing of your personal data under certain conditions.
- You can object to our processing of your personal data that we base on the legitimate interest of the Bank, described above.
- You can obtain a digital copy of most of the personal data you have provided to the Bank, which we process in our systems. We can also, at your request and if technically feasible, transfer this personal data directly to other companies or authorities that handle your personal data. This is called data portability and it is requested in the same way as a copy of your personal data.