1. Types of personal information collected
Below you will find examples of types of personal information that Helgeland Sparebank (HSB) may collect. Note that the type of personal information collected depends on the product or service we offer you as a customer.
Identification information: Social security number and name. We are obliged to obtain documentation of such information, for example in the form of a copy of ID, passport, driver's license or the like.
Contact information: telephone numbers and addresses, including postal address - also home country for foreign addresses.
Financial information: customer and product agreements, transaction data, credit history and insurance history.
Statutory information: tax domicile or foreign tax registration number, information required to gain basic knowledge of customers and in connection with anti-money laundering work.
Specific categories of data: For example, health information can be obtained on behalf of insurance companies for certain insurance products.
2. Where do we collect the information?
From the customer
The bank will primarily receive personal data that must be registered in the bank directly from the customer.
From 3rd party
When collecting information from third parties (e.g. sources such as other banks / financial institutions, credit information companies and the banks' abuse register), the customer will be notified.
Exception: When the collection is statutory, notification is impossible, or difficult, or the customer already knows the information the notification should contain.
If the bank wishes to obtain information from the customer that is not necessary for the contractual relationship, the bank must first inform the customer that it is voluntary to give away the information and how the information will be used (i.e. the purpose of the handling).
A bank that collaborates with other companies within the same financial group or group of companies may have a common customer register. This applies, among other things, for insurance companies, finance companies and management company for mutual funds. The purpose of the Group customer register is to manage the customer relationship and coordinate the provision of services and advice from the various companies in the group / group.
The group customer register will contain neutral information about the customer, such as name, date of birth, address and contact information, information about the group company in which he is a customer and which services and products the customer has agreed upon. The national identity number can be handed over to, and registered in, a joint corporate customer register when the purpose is to manage customer relationships.
To improve your user experience and to further develop the site, information about how the site is used is stored in cookies on your computer. These are used, among other things, to give users access to functions and to log which pages users visit.
The storage of information and the processing thereof is not permitted unless the user is informed and has consented to the information being processed, the purpose of this processing and who is processing the information.
The purpose of using cookies:
- Obtain statistics and information about the use of our website
- For marketing purposes, we use Google remarketing tag that allows us to display our ads on other websites after you visit hsb.no
How to avoid cookies:
However, if you choose to block cookies, this may result in some services on our site not working optimally or that you will not be able to access some parts of our site.
3. What purposes are personal information used for?
The purpose of the bank's processing of personal data is primarily customer administration and invoicing, and to fulfill the requirements that the bank has undertaken for the execution of assignments and service agreements with the customer. The bank will process personal data as required by law, or allowed to, or the customer has agreed to.
Beyond this, personal data is processed, among other things. for the following purposes:
Customer follow-up and marketing
The bank will inform the customer about products within the product categories where there is already a contractual relationship between the customer and the bank. The bank products are divided into the following categories:
- Savings and deposit products
- Loans and other credits
The bank may use the following neutral information for customer follow-up and marketing without the consent of the customer: The customer's name, contact information, date of birth and which services or product the customer has entered into agreement with. Such neutral information will possibly be obtained by the bank from a common corporate customer register.
Marketing of products and services in a different product categories than the one the bank and the customer have entered into agreement (see the first paragraph) requires the consent of the customer to use other customer information than the neutral ones. The customer can contact the bank and claim their name blocked for use in marketing (see point 4)
Risk classification of customers and credit portfolios
According to the rules in the Financing Activities Act, the Bank will process credit information and other personal data by establishing and using a system for calculating capital requirements for credit risk.
System for internal measurement methods means the bank's models, work and decision processes for credit granting and credit management, control mechanisms, IT system and internal guidelines that are related to the classification and quantification of the institution's credit risk and other relevant risk. Personal information for this purpose can be obtained from credit information companies.
Prevention and detection of illegal activities
The Bank is required to process personal data for the purpose of preventing, uncovering, resolving and handling fraud and other criminal acts. The information can be obtained from and handed over to other banks and financial institutions, the Banking Abuse Register (common register of abuse of own and other accounts and payment instruments), the police and other public authorities. The information can be stored up to ten years after registration.
The Bank will process personal data to fulfill the investigation and reporting obligation for suspicious transactions under the Anti-Money Laundering Act. Under the Personal Data Act, section 23, first paragraph, letter b) and letter f), the customer does not have access to the information the bank has registered for these purposes.
In order to prevent and detect criminal offenses, the Bank use video surveillance of bank premises, dispatch locations and ATMs. Such recordings are automatically deleted three months after the date of admission, unless they are disclosed to the police, or that the bank is entitled to process the recordings for other purposes.
Sound recording of telephone calls and storage of other customer communications through investment services
As an investment firm, the bank is obliged to record audio calls of all telephone calls and document other customer communications in connection with investment services. Such audio recordings of calls to / from landline and mobile phones and documentation of other types of communication with the customer shall be stored for three years. The sound recording can be identified by the bank on the basis of incoming and outgoing telephone numbers, the time of the call and / or employees of the bank / company that took part in the conversation.
Communication through other communication channels can be identified on the basis of the identity of the customer, the time of communication and the employees of the bank / company that took part in the communication.
Customer authentication using electronic services
When using HSB's online services, HSB may record user behaviour and user environment as well as deviations from it, identify the computer or mobile device you use to perform the banking service, the computer / device state, and so on. This information may be used by HSB to verify that the right person is using the service in question. HSB can also use the information in a risk assessment to customize the authentication method that you will use for the service.
We may, in some cases, use automated decision making if approved by law, if you have expressed consent to it or if necessary for the performance of an agreement, such as automated online credit decisions. You may request a manual processing at any time, give your opinion or contest a decision based solely on automated processing, including profiling, if such a decision would have legal consequences or otherwise significantly affect you.
4. Legal treatment basis
The Personal Data Act with regulations and the Norwegian Data Inspectorate's license terms regulate how the bank shall process personal data.
Personal information is customer information and assessments that can be linked to you as a personal customer. If there is no other legal basis, the bank's treatment will be based on voluntary, expressed and informed consent from the customer.
Upon entering into a contract, the customer must consent to the bank obtaining information in order to fulfill the conditions attached to the conclusion of the agreement. The information related to you as a customer can be used for purposes that you agree to. You will find the current consents in relevant customer areas (online banking and mobile banking). Here it will be possible to update consent if there is something you want to change.
5. Information about treatment, right of access and data portability
The right of access gives you the right to obtain confirmation whether personal data is stored and access to the data stored about you. This applies to information you have provided, information we have obtained from external sources, and information about the processing of the information.
Internal assessments and similar internal data created, by the person responsible for treatment of the personal data you have provided to us fall outside the right of access. The same applies to certain personal information that we have obtained in order to fulfill statutory obligations, such as anti-money laundering obligations.
You will find detailed information and history about your products and services in the online bank. If you are not an online banking customer, you have received this information in our regular mailings.
Data portability is your right to receive personal information you have provided us with. The customer can request information via web mailbox built into the online banking solution, and the bank delivers it there. The information will be sent in a machine-readable format. This applies to information you have given us directly, based on your consent or to fulfill an agreement. You can also download detailed information and history about your products and services in the online bank. If the customer does not have an online bank, or can otherwise read electronic documents, information can be conveyed on paper.
6. Personal data that the bank records
At the conclusion of the agreement and under the contractual relationship, the bank will record information about the customer and other persons who are related to the contractual relationship, e.g. account manager. The bank can also register information about persons whom the bank has refused to enter into an agreement with, in order to be able to inform the person concerned of the refusal, and if necessary subsequently to be able to document that refusal was objectively justified.
7. Who can we disclose your personal information to
Registered personal data will be provided to public authorities and others outside the bank, when this follows the statutory duty of information, or information right. If the legislation permits and the secrecy of the bank is not obstructed, we also provide personal information to other banks and financial institutions and partners, for use within the purposes specified for the treatment.
Transfer of personal data to the bank's data processors is not disclosure.
The bank will also disclose personal information to other companies in the group, or group of companies, if disclosure is necessary to satisfy group-based management, control and / or reporting requirements laid down by law, or pursuant to law. The processing of personal data is subject to the duty of confidentiality in the enterprise that receives the information.
When carrying out international payment orders, associated personal data is disclosed to the foreign bank and / or assistant. The legislation of the recipient country regulates how such personal data will be provided to public authorities or controlling bodies, in order to comply with tax and tax legislation in the recipient country, and measures against anti-money laundering and terrorist financing.
8. Your rights
As long as you have one or more active agreements with us, it will be necessary for us to keep your personal information related to the agreement. Once a deal is terminated, your personal information will be kept for a period of time to provide you with the best possible customer service. In addition, we retain information after the agreement has been concluded in order to fulfill the statutory retention obligation. Then your personal information is permanently deleted.
Some information is required by HSB to store, including personal data, for example for accounting, tax reporting and government reporting. This data will also be deleted automatically, but normally after a long period of time. It is important to point out that these personal data are only used for these purposes and are therefore strictly restricted.
If you find that HSB stores your personal data unlawfully, you have the right to ask us to delete them ("the right to be forgotten").
Correcting incorrect personal information about yourself
If the information is incorrect or incomplete, you have the right to have the information corrected by the limitations of the law.
9. Contact information
Questions and complaints
Complaints to HSB can also be submitted electronically. If you wish, you can send complaints to the Data Inspectorate. You can find information on this at Datatilsynet's own website.
Data Protection Officer
HSB also has a privacy representative who can be contacted by e-mail email@example.com.
The person responsible for treatment in Helgeland Sparebank is represented by the bank's board of directors and managing director.