General Data Protection Regulation (GDPR)

What is GDPR?

The General Data Protection Regulation (GDPR) is a new regulation which is intended to strengthen and unify data protection for all individuals. It will replace the existing Data Protection Directive and is due to come into force on 25th May 2018.

At Danske Bank (which is a trading name of Northern Bank Limited, Donegall Square West, Belfast. Registered in Northern Ireland R568), we are committed to ensuring the protection of your personal information.

In line with our aim of making more possible, we will continue to enhance the procedures we have in place to safeguard your privacy and ensure that you feel confident about the security of your personal information, in line with GDPR guidelines.

What does it mean for me?

Some of the key benefits for you are that:

  • You will have greater control over your personal information and data
  • You will have new rights in terms of accessing your information free of charge, and if you notice that any of the information we hold on you is inaccurate, we’ll put this right
  • We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary
  • We’ll only send you marketing messages if we have your consent to do so

What do I need to know?

  • You do not need to do anything differently - we will provide you with more information on the GDPR changes closer to the time
  • Our guidelines on how we use your personal and business information will be updated in line with the General Data Protection Regulation guidelines and will become effective from 25th May 2018 – How we use your personal and business information

Data Protection Privacy Notice

The Data Protection Laws change on 25 May 2018.

This notice explains how we use your personal information, sets out your rights under the new laws and explains how the law protects you.

If we provide you with an account or other banking services then we will use your personal and, if you are a business customer, your business information, in the ways set out in this notice. If you are not content that we will use your information in these ways we may not be able to provide you with an account or other banking services.

Data Protection Privacy Notice

  • Who are we

    Danske Bank is a trading name of Northern Bank Limited which is a member of the Danske Bank Group (the Group). This privacy notice is to let you know how companies within the Group will look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. Danske Bank wants to be recognised as a trusted financial partner and is committed to protecting and respecting your privacy. We will treat your information as confidential at all times, even when you are no longer a customer.

    Under Data Protection Laws we can only process your personal information where we have a proper reason for doing so, such as:

    • It is in our own legitimate interests to do so
    • We are required to do so by law i.e. a legal obligation
    • You have entered or you are considering entering into a contract with us for a financial product or service
    • You have granted us consent to process your personal information

    A legitimate interest is when we have a business or commercial reason to use your information for example to prevent abuse and loss, to strengthen IT and payment security or for marketing purposes. We must, however, still treat you fairly and consider what is right for you. We only rely on legitimate interest as a reason for processing if our legitimate interest clearly outweighs your interest in not having your personal data processed by us.

  • What personal data do we collect

    Depending on the services you have ordered or you are interested in, we collect and process different kinds of personal data, including:

    • Your core personal data, e.g. your name and contact information
    • Your financial information, e.g. your credit rating or history
    • Data about your education, profession or work
    • Information about your family and other relationships
    • Details about the services and products we provide to you and your preferences towards them
  • Where do we collect your information from

    We hold personal and financial information about you which you have provided to us or which we have collected/received from elsewhere such as:

    • Information you give us on application forms;
    • Information we get from how you use your accounts;
    • Details of who supplies goods and services to you;
    • Information from other organisations, such as credit reference and fraud prevention agencies;
    • Information from people who know you, such as joint account holders and people you are financially linked to; and
    • Information that other people (such as your advisors) give us during financial reviews and interviews, as well as information we get from analysing your banking transactions

    There may be times when the information we hold about you includes sensitive personal data, such as information relating to your health, racial or ethnic background, sexual life, criminal convictions or legal proceedings. We will only hold this data when we need to for the purposes of the product or services we provide to you or where we are legally required to do so. We will always seek your explicit consent to process sensitive personal data.

    Once you have given us your consent you can withdraw it at any time, unless there is another legal reason under Data Protection Laws that allows us to process your information. Please note that if you withdraw your consent, we might not be able to provide you with specific services or products.

    You can withdraw your consent at any time by getting in touch with us using the contact details at the end of this notice.

    We want our service to meet your expectations at all times and therefore we need the information we hold about you to be accurate and up to date. Please help us by telling us straightaway if there are any changes to your personal information. You can check the contact details that we have for you through eBanking or Business eBanking or by contacting your branch or Account Manager. It is important that you tell us about any changes to your contact details, including your email address or mobile number.

  • Why do we collect your information

    At Danske Bank we store and use your information to manage your accounts and to provide services that suit your needs. This includes payments, customer advice, customer care, customer administration, credit assessment and marketing as well as compliance with statutory obligations.

As well as using your information to manage the products and services we provide to you, we may need to use your data for a number of other reasons. These include the following:

  • Assessing the suitability of products or services

    We will use your information to assess whether our products and services are suitable for you, including making credit decisions about you. This may involve credit scoring and regular statistical analysis to produce management information relating to risk.

    If you are financially linked to another account holder within the Group, we may look at your information when deciding whether to approve an application for credit by the person you are linked to, including when that person applies on behalf of a business that he or she owns. For a full list of companies in the Group, please contact your branch or write to the Data Protection Officer:

    Data Protection Officer
    Danske Bank
    Donegall Square West
    Belfast
    BT1 6JS

    We may link information about your accounts with us to information about other products and services we provide you. We may also link your information to the information relating to other people you are financially linked to, if you make a joint application or if you tell us that you have a husband, wife, civil partner or partner. You should make sure you have shared the relevant information from this notice with them.

  • Preventing fraud or recovering debt

    We may use your information to prevent fraud and recover debts. We may use credit reference and fraud prevention agencies to help us make decisions when you apply for a loan or for a product which allows you to get credit.

    If you provide false or inaccurate information and we find that you have committed fraud, we will pass your details to fraud prevention agencies.

    Law enforcement agencies may also access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

    • Checking details on applications for credit and credit related accounts or other facilities;
    • Managing credit and credit related accounts or facilities;
    • Recovering debt;
    • Checking details on proposals and claims for all types of insurance; and
    • Checking details of job applicants and employees.

    If you want to receive details of the relevant fraud prevention agencies, please contact your branch or use the contact details at the end of this notice.

    We and other organisations may access and use from other countries the information the fraud prevention agencies record.

    Before we provide you with credit, we will carry out credit searches using credit reference agencies. These checks are necessary before we enter into a contract for credit related products or services with you. During our business relationship with you, we may also share your information with credit reference agencies as part of our legitimate interests to promote responsible lending and prudent account management. To learn more about what credit reference agencies do, what information they hold and what your rights are, go to the Experian - Credit Reference Agency Information Notice (CRAIN) website.

    We will provide you with further information when you ask us for credit.

  • Protecting you

    We may use your information to protect you in the following ways:

    • We may record or monitor phone calls to confirm details of our conversations, for your protection, to train our staff and to maintain the quality of our service
    • We use CCTV to record images in and around our premises to prevent and detect crime
    • Before we provide any service, we will carry out anti-money laundering checks, which may include searches to confirm your identity

    Using your personal information in this way allows us to comply with our legal obligations and meet our legitimate interests.

  • Research purposes

    We may also use your information for research purposes and undertake automated decision making including profiling to understand your buying preferences.

    Using your personal information in this way allows us to develop, improve and market our products and services to meet our legitimate interests.

  • Sharing your information

    There are other circumstances where we need to provide information to other people to help us and you to run your accounts. We do so when it is in your interests as well as ours. We have set out these circumstances below.

    • We may provide information about you to someone you nominate or authorise to act on your behalf
    • If we provide you with products and services involving insurance, we must pass your details to insurers. Insurers may keep a record, on a register of claims, of information you provide in connection with any claims made under the insurance. Insurers may use this register to prevent fraudulent claims. You can get a list of companies who use the register, and details of the register operator, from the insurers.
    • We may exchange information about you with other companies in the Group to assess credit risk, to prevent fraud or manage risk, or to help us run your accounts. We may also share your information within the Group to prepare research and analyse statistics (including analysing risk and credit) so that we can improve our services.
    • We will sometimes arrange for service providers, agents and subcontractors, including from outside the EEA, to provide services and process your information on our behalf. We will make sure that these service providers, agents and subcontractors have a duty to keep your information confidential and secure, and that they only process your information as set out in a written contract.
    • To meet our duties to regulators, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a customer.
    • To meet our legal obligations under the Payment Services Regulations, if we have received a request to return a payment that has been made into your account where the Payer has told his/her bank that the payment was made by mistake, we must, on receipt of a written request, provide to the payer all relevant information in order for the payer to claim repayment of the funds from you. This means that we can provide your name and address to the payer’s bank. The payee’s bank should inform you before disclosing your name and address to the payee.
    • We may also share information with certain statutory bodies, e.g. the Financial Services Compensation Scheme (FSCS) if required by law.
  • How long do we keep your information?

    We will keep your personal information during the lifecycle of you being our customer and thereafter for as long as we are required to do so by regulation/law.

  • Your privacy rights

    You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. We will aim to respond to any request received from you in relation to exercising your rights within one month from your request, although this may be extended in some circumstances in line with Data Protection Laws.

    You have the right to access the information that we, as a bank, are processing about you and to be told where the information comes from and what we use it for. You also have the right to be informed about how long we store your information and about those with whom we share your information. Your right of access may, however, be restricted by law, the need to protect another individual’s privacy or consideration for the bank’s commercial business strategies and operations. You must write to us if you want to see this information at this address. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.

    The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete.

    The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it. This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’. There may however be legal or regulatory reasons why we need to keep or use your information. We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights. In these situations we would not use or share your information while it is restricted.

    Profiling and automated decision making. Danske Bank uses automated decision making, including profiling, to approve applications for loans or credit cards, to prevent fraud and, in the case of profiling, to be able to offer you specific services and products that meet your preferences and to target our marketing in general. You have the right not to be subject to automated decision making (including profiling), where it affects your legal rights or has an adverse impact on you, for example, the refusal of an online credit application.

    If you have given us your consent to process your data and the processing is automated, you have the right to get your personal information from us in an electronic format that can easily be reused. You can also ask us to pass your information in this format to other organisations.

    If you wish to exercise any of these rights, please write to the Data Protection Officer;
    Data Protection Officer
    Danske Bank
    Donegall Square West
    Belfast
    BT1 6JS

    Or contact us at: yourprivacyrights@danskebank.co.uk.

  • Market research

    To help us improve and measure the quality of our products and services we undertake market research from time to time. This may involve sharing your information with specialist market research companies. If you do not want to take part please contact us and we will record this.

  • Keeping you up to date via emails and text message

    We are keen to keep you up to date with changes to the service we provide (for example, if we extend our opening hours at your local branch) or interruptions to our service, or also to remind you to activate and use the online services for which you have registered.

    If we have your email address or mobile number, we will use these to send you messages. If you do not want us to contact you by text message or email, please contact us and we will delete these details from our records. If you are a personal customer you can delete the details yourself through eBanking (under the heading ‘Are your details correct?’).

  • Marketing and customer experience

    Through our marketing programme, we will identify and tell you about products and services supplied by us or other chosen organisations that we consider may be of interest to you. We may do this by phone, mail, email, text or through other digital media where you have given us your consent to being marketed by these methods. You can decide how much direct marketing you want to accept. We will also use the information we have gathered on you to personalise your experience on digital media such as websites, apps, ATMs, social media sites, mobiles and tablet devices. This may include giving you product and service content we believe might be of interest to you.

    You do not have to accept the products or services we offer. You can tell us in writing at any time if you do not want to receive marketing information.

  • Cookies

    You can find out about cookies and how we use them in our cookie policy at the bottom of our Personal or Business home page.

  • How to complain

    If you are unhappy with how we have handled your personal information, you have the right to complain to the Information Commissioner’s Office. You can contact them by writing to the:

    Information Commissioner's Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF
  • Data Protection Officer

    We have appointed a Data Protection Officer to advise us about our data protection obligations and to monitor compliance. You can contact the Data Protection Officer by writing to:

    Data Protection Officer
    Danske Bank
    Donegall Square West
    Belfast
    BT1 6JS

    Or by emailing us at yourprivacyrights@danskebank.co.uk.