For Handelsbanken, every individual´s right to protection of their personal integrity is vital, and awareness of the duty of banking confidentiality as well as integrity is a natural part of everyday business. When we design and develop our products and services we have put in place technical, physical and organisational controls to protect the confidentiality, integrity and availability of your personal data and the information we hold and process about you.
Here we explain what personal data Handelsbanken handles and why we do this. You will also find information about how we obtain your personal data, with whom we might share it and for how long we hold your personal data. We describe in what situations we use profiling and automated decision-making and how you can access your personal data. Information is also given about how you can contact us for comments or questions relating to our processing of personal data.
Handelsbanken France is as the data controller responsible for the processing of the personal data that you may provide in conjunction with entering into the business relationship with Handelsbanken France.
What personal data does the Bank handle? We have divided personal data into different categories. The personal data we hold about you relates to the following categories with (not exhaustive) examples:
Basic personal data (e.g. customer number, name, contact details, identification number)
Personal preferences (e.g. acceptance of direct marketing, language, acceptance of cookies)
Assessments and classifications (e.g. according to AML, FATCA or MiFID regulations)
Agreements (all kinds of information related to agreements, e.g. account numbers, loan numbers, cards, property designations, power of attorneys)
Financial transactions (e.g. account deposits and withdrawals, loan payments, card transactions and securities transactions)
Communication (e.g. e-mail and, where relevant, telephony recordings)
Audit (e.g. IP or Mac address, logs of when you identify yourself electronically in our online services)
One category includes categories of personal data that are particularly sensitive, such as health information. We will, however, only process that kind of information where it is relevant for a specific product or service, such as our life insurance products.
To help us ensure the physical safety of you and our employees and to help us combat fraud, money-laundering and other crime, we use systems in our branches such as camera surveillance.
Where appropriate, we also handle personal data relating to your representatives, such as guardians, trustees or other approved representatives.
For what purposes does Handelsbanken handle personal data? The Bank handles personal data for the various legal reasons and purposes described below. If you, for any reason, prefer not to provide us with certain necessary personal data, or wish to withdraw such data, we may not be able to provide you with our services and products.
Performance of a contract The overall purpose for Handelsbanken to collect, process and hold personal data is in order to prepare, provide and administer the products and services we offer you – digitally, at our branches or by phone, with a contract as the legal basis.
We may also record and/or monitor your phone calls with us, and for certain products we are under a legal duty to do so. This legal requirement applies when you make securities transactions by phone with the Bank, but we also record phone calls to help us verify a contract or a conversation with you and for training purposes.
Legal obligations In order to comply with its legal obligations, the Bank handles your personal data for the following purposes (this list is not exhaustive):
To check and verify your identity
To monitor and analyse how you use your account(s) and other bank services, in order to prevent and detect fraud, money laundering or other crime
To document and hold personal data relating to credits and loans as well as investment services in financial instruments
To handle security requirements for online payments and account access
Reporting to authorities, such as the Tax Authority or the Financial Supervisory Authority
To comply with rules and regulations relating to accounting, risk management and statistics
The Bank’s interests Handelsbanken offers financial services with the aim of creating good, long-term relations with its customers. We therefore handle your personal data for the following purposes (this list is not exhaustive):
To perform market and customer analyses in order to improve our products, services and channels
To carry out direct marketing activities in order to help us identify and suggest any products and services which may be of interest to you, unless you have asked us not to
To perform customer surveys
To perform risk analyses and obtain statistics, for example, in order to improve our credit risk models
With your consent For specific products or services, we may need your consent in order to handle your personal data. In this case we present this as a written declaration, separated from our product and service agreements or other matters. There we also describe how you can withdraw your consent and the effect this will have for you regarding that specific product or service.
An example where we use consent is when you use our website, where we add a cookie with an unique ID in your web browser that we use for web analysis that makes us understand how our web site is used. Consent is given when you accept cookies the first time you visit our website from a specific web browser. However, we do not track how individuals use the site and therefore we do not collect or store personal data such as the name, IP address or email in our cookies.
Profiling and automated decision making In some cases the Bank uses so-called profiling. This means an automated processing of personal data in order to perform analyses relating to the customer’s financial situation, personal preferences or behaviour in different channels. Profiling is also used in some of our home markets for automated decision-making, for example, an automated approval or refusal of a loan application via the internet.
How we obtain your personal data We obtain the information from you directly, for example, when you open an account with Handelsbanken, when you apply for a loan or pay your bills, as well as from your activities with the Bank. We also obtain information from private and public records such as tax authorities, Banque de France, or credit reference agencies.
Who we share your information with The Bank is under a legal obligation not to disclose your information unless for permitted purposes, such as the performance of a contract with you, or in connection with any other legally required or permitted purpose, such as reporting to authorities.
In order to fulfil the conditions of our product and service agreements with you, we may need to share information about you with other companies within the Handelsbanken Group as well as with companies outside the Group which provide contracted services to us or to you. Such recipients include banks, payment service providers and other financial infrastructure parties, suppliers, agents and other parties that are involved in the product agreement.
Examples of circumstances when we disclose personal data about you outside the Bank are (this list is not exhaustive):
To licensed credit reference agencies when you apply for a loan with the Bank.
To third parties who provide contracted services to us or to you, e.g. payment service providers, approved sub-contractors or those who act as our agents.
To notaries, where necessary for the conducting of the activities of Handelsbanken France (e.g. constitution of a mortgage).
To banks and payment institutions in countries inside and outside the EU/EEA, when we perform a transfer of money or funds at your request, such as SWIFT (Society for Worldwide Interbank Financial Telecommunication).
To governmental, regulatory or revenue authorities, for the purposes of complying with our legal and regulatory obligations e.g. tax, anti-money laundering, anti-terrorism and immigration laws and regulations.
To licenced fraud prevention agencies and other similar organisations to help us fight financial crime.
Transfers to third countries In some situations, we may transfer personal data to recipients outside the EU/EEA (the European Economic Area), so-called third countries.
This mainly occurs when we transfer money or other assets to a recipient in a third country at your request with an agreement as the basis for the transfer. Another situation is when the Bank is obliged to provide personal data to an authority in a third country.
If we don’t have an agreement with you about a transfer to a third country, one of the following conditions must be met for us to make a transfer:
That the EU Commission has decided that the third country ensures an adequate level of protection
That there are other safeguards such as standard data protection clauses or binding corporate rules
That there is a specific authorisation from a supervisory authority
That it is permitted under applicable data protection legislation
For how long do we hold your personal data? We only hold your personal data as long as it is required in order for us to fulfil the conditions in the contract for any products and services you have with the Bank. We also hold personal data to comply with our legal, regulatory and business record retention requirements.
If you close your account or a service with the Bank, we need to retain some of your personal data for a specific period of time relating to that account or service. For example, we have to be able to report to tax authorities and comply with requirements from rules and regulations on anti-money laundering or accounting.
For personal data that is related to a contract that you have executed with the Bank, the retention period is the duration of the contract, plus the period until claims under this contract become time-barred, unless mandatory statutory or regulatory requirements require a longer or shorter retention period. After the expiry of this period your personal will be removed from our systems.
How you can control and access your personal data You have several rights concerning your personal data handled by the Bank:
You can at any time request a copy of the personal data we hold about you, which is normally free of charge.
If you do not wish to receive direct marketing you can tell us so any time by contacting Handelsbanken France at the following e-mail address: firstname.lastname@example.org or at the following telephone number: +33 (0)4 92 00 80 90.
If you find that we have inaccurate information about you, we will correct this as soon as we are made aware of it
You can request erasure or restriction of the processing of your personal data under certain conditions
You can object to our processing of your personal data that we base on the legitimate interest of the Bank, described above
You can obtain a digital copy of most of the personal data you have provided to the Bank, which we process in our systems. We can also, at your request and if technically feasible, transfer this personal data directly to other companies or authorities that handle your personal data. This is called data portability
Contact your local branch or the group Data Protection Officer, at the address indicated below, if you wish to use any of your rights.
If you have a question or want to raise a complaint about how we handle your personal data, please contact your branch or alternatively write to the local Data Protection Officer.
You find the contact details to your local branch on: www. handelsbanken.fr
The contact details of the bank’s group Data Protection Officer are the following:Svenska Handelsbanken AB (publ)Dataskyddsombud106 70 STOCKHOLMSWEDENE-Mail: email@example.com
You also have the right to lodge a complaint with the Bank or the supervisory authority regarding the handling of your personal data, i.e. the French data protection regulator, the CNIL (www.cnil.fr).