Provide products and services
Account and payment services
We process your personal data when you create an account and enter into a payment services agreement with us. We do this in order to process invoices, carry out payment transactions on your accounts and fulfil other services that you have linked to your account by agreement with us or third parties.
We collect the information directly from you, from our internal systems, from credit information agencies and other public registers. We need to verify your identity in accordance with anti-money laundering rules and legislation.
If you have power of attorney as a manager for someone else's account, it is the account owner who registers the information about you.
DNB Bank ASA is responsible for the processing of your personal data.
The purpose of processing personal data is to offer, monitor and provide account and payment services. The legal basis for the processing is to be able to fulfil the agreement we have with you.
If you are a corporate customer, we have a legitimate interest in processing your personal data. Our legitimate interest is to offer, monitor and provide account and payment services to the company for which you are a contact person.
To comply with our legal obligations, we are responsible for complying with statutory reporting obligations and preventing money laundering and terrorist financing as part of the overall customer relationship.
- Identification data
- Contact details
- Relationship data
- Financial data
- For a corporate account, we process personal data about the person who creates the account or represents the company.
We retain your personal data for 13 years after the end of the contractual relationship, in accordance with the statutory period of limitation.
If you submit an online application, we will retain information about you for 95 days after the date of application, even if no agreement is entered into.
We use data processors in connection with payment and cloud services.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketing.
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".
Credit card and debt consumer loans (unsecured credit)
We process personal data when you apply for credit cards and consumer loans with us. In order to determine your application, we collect information from you directly and from third parties. In addition, we use information from our customer register. We obtain information about income, consumer debt and negative payment records from the Norwegian Tax Agency's registers, the Debt Register and credit reporting companies.
We use a computer program that analyzes the relevant personal data and gives you a credit score and a price proposal. Credit score is a number that indicates how likely you are to repay the loan. Based on your credit score and whether you have, among other things, outstanding claims with us, negative payment records, too low an income, too large a loan, or a combination of these. Based on this we make an automatic decision by offering a loan and price, or we reject your application.
When you have entered into an agreement, we process your personal data as part of the customer relationship, including for disbursements, repayments, invoicing and to inform about interest rate changes and follow up any default in the event of misuse of the card. When you use the card, we also process your ongoing transactions to calculate SAS EuroBonus bonus points and/or status points, and to give you an overview of your credit card invoice.If a breach of contract has resulted in a loss, we are required by law to retain certain personal data about you for future credit assessments.
During our administration of a breach of contract, we will try to enter into a dialogue with you about an amicable solution by e.g. offering refinancing. We can recover the bank's claims with the help of an external debt collection agency, or sell the portfolio and give information about defaulted credit or loans.
DNB Bank ASA is responsible for the processing of your personal data.
We can decide to sell the loan or credit to a collection agency if we do not succeed in getting a defaulted loan or credit back to the agreed condition. The collection agency will then take over the right to recover the claim and will be the data controller for the information they receive from DNB for this purpose.
The purpose of processing personal data is to offer, follow up and provide you with products. The legal basis for the processing is to be able to fulfil the agreement we have with you and fulfill legal requirements related to lending activities.
If you are a member of a trade union that provides you with bank benefits, we process information about your trade union membership with your consent.
In the event of loan defaults, we have a legitimate interest in sending personal data to debt collection agencies. Our legitimate interest is to safeguard the bank’s financial rights.
- identification data
- contact details
- relationship data
- financial data
- special categories of data (trade union membership).
We retain your personal data for 13 years after the end of the contractual relationship, in accordance with the statutory period of limitation.
If you submit an online application, we will retain information about you for 95 days after the date of application, even if no agreement is entered into.
In cases of default, we retain associated information for up to 4 years after the case has been resolved in our internal systems. The case is then placed in a protected status for 9 years, which requires special access from our employees.
We share information with our data processors who perform credit assessment and transaction services on our behalf.
Furthermore, we share information with our partners when you have reported insurance damage or loss during travel, as well as when you upgrade your credit card with Mastercard Upgrade. In these cases, we will send a message to SAS EuroBonus about linking your credit number to your SAS EuroBonus account. See SAS EuroBonus privacy statement here: | SAS (flysas.com)
We will also notify our partners when upgrading your SAGA credit card to secure access to LoungeKey. See Longekeys privacy statement here: Privacy notice | LoungeKey
If you report a need for emergency cash when travelling, we will share information with our partner who provides this service to you.
We can decide to sell the loan or credit to a collection agency if we do not succeed in getting a defaulted loan or credit back to the agreed condition. The collection agency will then take over the right to recover the claim and will be the data controller for the information they receive from DNB for this purpose.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".
We use automated decisions when you apply for credit cards and consumer loans in our channels. This is based solely on personal data we have about you, without human involvement.
When assessing whether an application should be granted, we use a computer program that analyzes your personal data and provides you with a credit score and a price proposal.
Your credit score is a number that indicates how likely you are to repay your loan. Based on your credit score and whether you have unsettled claims with us, payment remarks, too low income, too large a loan, or a combination of these, we will make an automated decision by offering an agreement and price, or rejecting your application. You will receive a copy letter when a credit assessment is made of you, where you will receive information about what credit information we have received.
You can always request a manual processing of your application or an explanation of what lies behind the automated decision and what its consequences are. You can also choose to dispute the decision.
Secured mortgage
We process personal data when you apply for various products related to secured loans from us. The products we offer are secured loans with collateral in real estate. We collect the information directly from you, from our internal systems and from public registers. We may also obtain information from the Norwegian Tax Administration, the Norwegian Debt Register and credit information agencies.
When you have entered into an agreement, we process your personal data to monitor the customer relationship, including your ongoing repayment, to prevent you from misusing the product, and to prevent and detect money laundering and terrorist financing.
You have the opportunity to put your personal touch on your mortgage by uploading a photo of your home in your online and mobile banking. You manage when you want to view, edit, and delete photos.
In order to safeguard our financial interests, we will in some cases transfer personal data to a debt collection agency. If a breach of contract has resulted in a loss, we are required to retain certain personal data about you for future credit assessments.
The credit assessment is automated, but based on a predefined model managed by DNB. If you suspect that the assessment is incorrect, or you want to complain about the assessment, you can do so via our complaints portal.
DNB Bank ASA and DNB Boligkreditt AS are joint data controllers when you enter into an agreement on a secured loan with collateral in real estate. DNB Boligkreditt’s processing responsibility does not apply to loans that are not secured with collateral in real estate up to 60 per cent of the loan amount.
The purpose of processing personal data is to offer, monitor and provide you with products. The legal basis for the processing is to be able to fulfil the agreement we have with you.
If you are a member of a trade union that provides you with bank benefits, we process information about your trade union membership with your consent.
In the event of loan defaults, we have a legitimate interest in sending personal data to debt collection agencies. Our legitimate interest is to safeguard the bank’s financial rights.
- identification data
- contact details
- relationship data
- financial data
- special categories of data (trade union membership).
- Photo, if you upload this in your online and mobile banking
We retain your personal data for 13 years after the end of the contractual relationship, in accordance with the statutory period of limitation.
If you submit an online application, we will retain information about you for 95 days after the date of application, even if no agreement is entered into.
In cases of default, we retain associated information for up to 4 years after the case has been resolved in our internal systems. The case is then placed in a protected status for 9 years, which requires special access from our employees.
We use data processors who assess the value of collateral provided, or who provide credit rating services and transaction services on our behalf.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".
Asset financing
We process personal data when you, either as a private or business customer, apply for asset financing. We provide asset financing for cars, boats, construction machinery and several other types of equipment and means of transport. We provide various product including, rental, loans, leasing and car management.
We obtain the information directly from you, from our internal systems, public registers or via our partners. We can also obtain information from the Norwegian Tax Agency and credit information agencies.
When you have entered into an agreement, we process your personal data to monitor the customer relationship, including your ongoing repayment, to prevent you from misusing the product, and to prevent and detect money laundering and terrorist financing.
In order to safeguard our financial interests, we will in some cases transfer personal data to a debt collection agency. If a breach of contract has resulted in a loss, we are required to retain certain personal data about you for future credit assessments.
The credit assessment is partially automated,but based on a predefined model managed by DNB. If you suspect that the assessment is incorrect, or you want to complain about the assessment, you can do so via our complaints portal.
DNB Bank ASA is responsible for the processing of your personal data.
The purpose of processing personal data is to offer, follow up and provide you with products.
The legal basis for the processing is to be able to fulfil the agreement we have with you. If you’re a corporate customer, or a contact person for a corporate customer, we have a legitimate interest in processing your personal data. Our legitimate interest is to offer, follow up and provide services to the business you are a contact person for.
In the event of loan defaults, we have a legitimate interest in sending personal data to debt collection agencies. Our legitimate interest is to safeguard the bank’s financial rights.
- identification data
- contact details
- relationship data
- financial data
- Serial number or registration number
We retain your personal data for 13 years after the end of the contractual relationship, in accordance with the statutory period of limitation.
In cases of default, we retain associated information for up to 4 years after the case has been resolved in our internal systems. The case is then placed in a protected status for 9 years, which requires special access from our employees.
We use services providers as data processors which process personal data on our behalf.
We share information with Fremtind as an insurance provider, as well as dealers and partners who deliver the objects that we finance. We also share information with our partners associated with car administration.
In the event of default on a loan, we share information with debt collection agencies.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".
Investment services
We process your personal data in order to offer and provide our investment services. We collect the information directly from you and from our internal systems.
In order to offer investment advisory services and portfolio management, we must also carry out a suitability assessment of you. This means that we must, among other things, obtain information about your work experience, knowledge, education, financial situation, including risk appetite, risk profile and goals.
DNB Bank ASA is responsible for the processing of your personal data.
The purpose of processing personal data is to offer and provide investment services to our customers. The legal basis for the processing is to be able to fulfil the agreement we have with you.
We are also legally obliged to perform a suitability assessment of you pursuant to the Norwegian Securities Trading Act.
- identification data
- contact details
- relationship data
- financial data.
We retain information about investments and investment plans for 13 years in our systems.
We use a software supplier as a data processor for the processing of personal data.
Personal data about you may, in accordance with our reporting obligations, be disclosed to public authorities and registers, as well as others who have a legal basis for obtaining your personal data.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".
Audio recordings to ensure documentation
In order to provide our investment services, we are legally required to make audio recordings of our telephone conversations with you and retain electronic communications. We do this when you as a customer receive advice on loans, savings, investments or similar services. We will record all conversations that you have with our advisers or brokers, for example in Markets and Private Banking.
DNB may listen to conversations and review other electronic communication for quality control purposes. All information on audio recordings is protected against unauthorised access by strict access control and internal procedures.
DNB Bank ASA is responsible for the processing of your personal data.
The purpose of the processing of personal data is to make audio recordings of telephone conversations and retain electronic communications to ensure the necessary documentation of the advisory services.
We are legally obliged to make audio recordings of telephone conversations in accordance with the Norwegian Securities Trading Act.
- identification data
- contact details
- audio logs
- financial data.
We retain recordings for five years to ensure correct documentation.
We use a software supplier as a data processor for the processing of personal data. The data processor administers the audio logging system and makes recordings of calls available on our behalf.
We may be required by law to disclose information to public authorities. In addition, personal data about you may be disclosed to the Norwegian Financial Services Complaints Board in connection with the processing of complaints.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
Schedule a meeting with an advisor
We process personal data when you arrange a meeting with one of our advisers in DNB. We do this so that the advisors can search and verify your identity in our internal systems and public systems and follow up on your inquiry.
We obtain contact information directly from you in the form you fill out yourself, or via our partner if you have consented to this. The collection of other financial information first takes place in dialogue with an advisor.
DNB Bank ASA is responsible for the processing of your personal data.
The purpose of processing of personal data is to arrange a meeting with you as a person, so that we can offer and follow up your inquiries.
The legal basis is to perform an assignment on your behalf, including an agreement that we have with you.
- contact details
We store your personal data in five years after registration of your contact details.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing. We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketin
Read about how you can exercise your data protection rights in our privacy notice under "Your rights".