Privacy notice BRAbank
PRIVACY NOTICE BRABANK
Personal data is information or assessments, which can be linked to you as an individual. For example, this can be name, address, image, fingerprint etc.
We focus on your privacy and in this privacy notice, we will inform you about how BRAbank collect, use and secure your personal data and we will inform you about your rights. The term "you" in this context, means you as a customer or a prospective customer.
BRAbank is the data controller of the processing of personal data. If you have questions or other inquiries regarding the processing of personal data, please contact our Data Protection Officer at firstname.lastname@example.org.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
- Identification information
Date of birth and national identity number, name, customer number
- Authentication information
Authentication method, electronic signature, IP-address
- Contact information
Address (residence and e-mail), telephone numbers.
- Personal information
Age, marital status, children in the household.
- Financial information
Credit information regarding income, debt and wealth information, credit history, etc.
- Tax information
Citizenship, tax affinity and any tax registration number.
- Customer Engagement
Information about your products and agreements.
- Account and loan information
Application information, account/loan number, transaction data.
- Rejection and offer information
Application information, including refusals stored for 12 months.
- Anti-money laundering information
Information collected in connection with customer control and information on political exposure and sanctions that are obtained from the PEP (Politically Exposed Persons) and sanctions lists.
Including chat, SMS and e-mail.
Brabank may record telephone conversations to document insurance sales and in connection with security and fraud management and to comply with legal requirements. It will be noted that the conversation will be recorded. As a customer, you can opt out of being recorded.
The bank may be required to disclose information to public authorities and others who may request it in accordance with the law. In addition, information may be disclosed to the Norwegian Financial Services Complaints Board, including in connection with the handling of complaints.
Recordings are stored for as long as the customer relationship exists and for a maximum of three years. If the customer does not enter into a customer relationship with the bank, the recording will be deleted immediately.
- Location data APP
If you choose to turn on the geolocation credit card app, the phone’s location will be used to find the geographical location of a user site. The bank does not store general tracking information about where you are going. When you make a purchase, your position is saved. The position is indirectly linked to you, but is never shared with others.
FROM WHERE DO WE COLLECT THE INFORMATION?
We record information that we receive directly from you. This is typically in connection with your contractual relationship with us, or by your application for loans or other products or services from us.
We record information indirectly for the following reasons:
- When you apply for loans or other products through one of our credit brokers/loan agents, we collect the corresponding relevant information that you have provided to them in order to process your application.
- We collect personal data from public authorities such as the national registry, the property registry, and the tax authorities in order to verify the information that you provide in the application form.
- We collect information from the credit bureau and debt registers in order to assess your loan application.
- We collect personal data from authorities working with crime prevention, sanction lists (which are carried out by international organizations such as the EU and UN, as well as national organizations such as the Office of Foreign assets Control (OFAC)) in our efforts to prevent money laundering through the bank's operations, and other commercial information services that deliver information for example about politically exposed persons (PEP).
HOW DO WE USE YOUR INFORMATION?
- Processing applications and entering into agreements
In order to be able to provide you our products and services, we must process the information that you provide in the application form and when communicating with us, your account information and credit information, as well as controlling and processing these before we can enter into an agreement with you. We process information on rejected applications to be able to provide an objective justification of the rejection and later on be able to document the circumstances. This information may have an impact on a future application.
- Customer administration
In order for us to fulfil our obligations to you in regards to, among other things, sending invoices, responding to your requests and managing the customer relationship, we need to process information collected about you and your customer relationship.
- Verifying identity
In order to fulfil our legal obligations pursuant to the Money Laundering Act, the Financial Undertakings Act and the Financial Contracts Act, we process identification information, contact information and method for authentication to verify you as a customer.
- Work against money laundering, terrorist financing, and other criminal acts
We process personal data for the purposes of preventing, uncovering, solve and handling potential fraud and other criminal acts against you, other customers or us. We process such data to comply with our investigating and reporting obligation for suspicious transactions pursuant to the Money Laundering Act. Pursuant to the Personal Data Act, you are not entitled to access information registered for such purposes.
The company is required to report suspicious information and transactions to the Unit for Financial Intelligence at the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime. Pursuant to the applicable legislation, such data will be collected from and transferred to other banks and financial institutions, the police, and other public authorities.
- Risk classification
We process identity information, financial information including credit data, contact information, and personal data to develop decision-making models for rendering credit and credit line management. We also use the data to calculate capital requirements for credit risk and provision for bad debts. We do this in order to fulfil our obligations in accordance with the Financial Institutions Act with the associated regulations and to ensure proper lending practices and the control of risk exposure.
- Improve products and services
We use data about how the services are used in order to develop and improve our website and services.
- Bookkeeping purposes
In order to fulfil our legal obligations pursuant to the Bookkeeping Act, we process account and product information for up to 10 years after the end of the engagement.
- Marketing and follow-up
We will process your personal information in order to inform you about products within the product categories where you have already entered into an agreement with us. The products are divided into the following categories:
– Payment Services
– Savings and bank deposits
– Loans and other credits
Marketing and customer follow-ups including our legitimate interest in informing our customers about relevant offers. We process the following neutral information for customer follow-ups and marketing: contact information, date of birth and product information. In addition, we provide you with personalized customer follow-up and marketing with a background in analyses carried out based on your identity information, product information, technical information and account information (profiling). At any time, you can choose to object to our use of profiling for marketing purposes.
If we want to market products and services in other product categories than those you and the bankhave entered into agreement about, your consent is required in order to use other customer information about you than the neutral information. You can at any time opt out of marketing e.g. in the bank's online bank or apps, and you can at any time withdraw your consent.
The information we collect are assessed against our internal policies and models on which applications we authorize. This determines whether you will be granted the application and, if so, the size of the credit. The applications are usually processed automatically. Some types of information (such as recent payment remarks) always lead to rejection, while other types of information (e.g. income and debt ratio) will be weighted against each other in the evaluation of your application.
You can request manual processing if you wish to give your opinion or contest a decision that is solely based on automated processing including profiling.
We use machine-learning and artificial intelligence to find connections that we can use in our pricing and credit rating. However, we do not allow the software itself to make decisions; the rules for our decisions are always decided by the management of the company and are entered into the machines for automated processing.
TRANSFER OF PERSONAL DATA AND THE USE OF DATA PROCESSORS
When statutory obligations require transferring or rights to transferring apply, we disclose registered personal data to public authorities and third parties. In connection with certain operating services, our subcontractors within the EU/EEA may process personal data. These suppliers process personal data on our behalf, and through our data processing agreement we put forth corresponding requirements of confidentiality, integrity and availability as when we process such information ourselves. The transfer of personal data to our data processors is not regarded as disclosure. If the legislation allows and our duty to confidentiality does not hinder it, personal data may also be disclosed to other banks and financial undertakings, as well as partners for use within the purposes specified for the processing, for example by handling of payment orders for customers.
FOR HOW LONG DO WE STORE YOUR DATA?
- Personal data that are processed through the customer relationship
Contact information, personal information, financial information, product information and transaction information is deleted no later than 10 years after the customer relationship is terminated.
- Information on rejection and offers that are not accepted
Such information is deleted after no later than 12 months.
- Authentication/method for identification
Information related to the verification of identify shall be stored for at least five years after the customer relationship has been terminated pursuant to section 22 of the Money Laundering Act.
- Anti-money laundering information
Such information is stored for five years after the customer relationship is terminated or a transaction is carried out in accordance with The Money Laundering Act.
Right to access
You can request access to information on how we process information about you and you can request access to what information is stored on you.
This applies to information that you have provided us with, information we have obtained from external sources, and information about the processing of data. We would like to note that internal assessments and similar internal data that we as data processors create on basis of the personal data you provide us, fall outside the scope of the right to access. The same goes for certain personal data that we have obtained in order to comply with statutory obligations, such as the anti-money laundering obligations.
Right to rectification
If the information we have about you is incorrect or misleading, you can ask us to correct or supplement the data. Right to erasure In instances where we no longer have a legal basis for processing your personal data, you can require erasure of the data.
Right to restrict of processing
In some cases, you may request that the processing of your personal data be restricted.
Right to object
You may have the right to object to the processing of your personal data. If we process
Information about you based on public interest or based on a balancing of interest, you have the right to object to our processing of information about you.
Right to data portability
If we process data about you based on your consent or a contract, you can ask us to transfer the data about you to yourself or to another data controller.
Right to lodge a complaint with the Norwegian Data Protection Authority
If you believe that we do not comply with the regulations in the Personal Data Act, please contact our data protection officer. You can also lodge a complaint with the Norwegian Data Protection Authority regarding our processing of personal data.
Changes to this privacy notice
We may update the privacy notice from time to time. You will always find the latest version of our privacy notice on our website.
CEO of BRAbank is responsible for your personal data we process.
Contact information for BRAbank is:
Address: Holbergs gate 21, 0166 Oslo
Phone: +47 22 99 14 00
Org. no .: 986 144 706
BRAbank's privacy representative:
Sissel Bogen Asplin can be reached at email@example.com.