The personal data controller is Landshypotek Bank AB (hereinafter referred to as the Bank).
How we process your personal data within Landshypotek Bank
The protection of every individual’s right of their personal integrity is vital for Landshypotek Bank. Therefore, we work actively to ensure that our products, services and internal processes live up to the requirements regarding protection of your data with the help of systems and technology. We also use advanced security solutions that further increase the security of your privacy.
For what purposes does Landshypotek process personal data?
Your personal data is primarily used for the purpose of fulfilling the agreement we have, or are about to enter into, with you as a customer and fulfill the legal obligations we have as a bank. The information the bank processes is used, for example, to be able to identify you as a customer and thereby be able to protect your accounts and commitments in the bank, and to promote security and safety in and outside our services, for example by investigating suspected activity or breaches such as money laundering or terrorism.
In addition to this, your personal data may be used within the framework of method, business and system development in order to improve the bank's product range towards you as a customer as we are constantly working to offer you the best possible products. We can also process your personal data in market and customer analyzes that form the basis for marketing. The personal data may, if you have not requested a direct mail block (see section below), be used for direct advertisements and offers to you.
What information do we collect?
The bank processes the personal data provided, for example, in connection with registration of interest, application and / or agreement or other information in connection with the administration of an agreement. The bank may also save e-mail communication or otherwise document interaction and communication that you have had with the bank. Names and address information are continuously updated via the state personal address register (SPAR).
Depending on which services you use, we collect different types of information from, or about, you. Below you see which categories of personal data we process and examples of which personal data are included in these categories.
- Individual information - name, address, social security number, telephone number
- Customer information - customer number, account number, loan number
- Credit information - mortgage deed, credit information (UC), real estate information
- Insurance information - insurance number, insurance amount and transactions linked to the insurance
- Information regarding money laundering or terrorist financing - real principal, purpose of credit and account, sanction information
- Bankruptcy information - case number, amount due
- Health information - information about health in connection with the application for amortization freedom
For what purpose does Landshypotek process personal data?
Our processing of personal data has different purposes, see an overview further below.
Processing of personal data by someone other than Landshypotek Bank
Processing of personal data can, within the framework of current rules on bank secrecy, take place by Landshypotek Ekonomisk Förening and by companies who processes personal data on behalf of the bank or by companies which the bank cooperates with to perform its services, for example Upplysningscentralen (UC), Bankgirocentralen (BGC), Finansiell ID-teknik (Mobile Banking ). The legal basis for the processing is the bank's performance of an agreement or due to the bank's legitimate interest.
Transfers to third countries
In some situations, we may transfer personal data to recipients outside the EU and the EEA (the European Economic Area), so called “third countries” as well as to international organizations. Transfer of personal data to a recipient outside of the EU/EEA will only be made if such transfer if compliant with the General Data Protection Regulation (GDPR).
For how long do we hold your personal data?
We only hold your personal data as long as it is required in order to fulfil the conditions in the contract for any products and services you have with the bank and thereafter for a maximum of 10 years. Other deadlines may apply when personal data is stored for purposes other than due to the contractual relationship and is for the bank to comply with current legislation regarding, for example, statute of limitation (10 years), counteracting money laundering (5 years) and accounting rules (7 years).
In some cases, the information may be stored for a longer period of time due to capital adequacy regulation that the bank must comply with.
If you do not enter into an agreement with the bank, the personal data is normally stored for a maximum of 3 months, but the data may in some cases be stored longer due to, for example, money laundering legislation.
You as a customer have the right to receive information about which of your personal data that the bank processes and thus have the right to receive a register extract. In addition, you also have the right to:
a) request correction of incorrect or incomplete information
(b) request the deletion or restriction of the processing of personal data
c) object to the treatment
d) under certain conditions, and if the bank processes personal data with the support of an agreement or consent, obtain the personal data from the bank that you have provided to the bank and the right to have it transferred directly to another personal data controller if technically possible (data portability).
A request to exercise one of these rights is examined by the bank in each individual case. In some cases, the bank cannot delete data, or restrict the processing of it, either because the data needs to be saved due to a contractual relationship or due to legislation.
Profiling and automated decision-making
Profiling refers to the automatic processing of personal data that is used to assess certain personal characteristics of a person, in particular to analyze or predict, the persons financial situation, preferences, interests and residence for example.
Profiling is used by Landshypotek Bank in risk assessment of financial situation (see below) and in transaction monitoring to counter money laundering and terrorist financing. The legal basis for profiling is the fulfillment of an agreement or legal obligation.
The bank uses automated decision-making when approving / rejecting a digital account application.
You have the right not to be the subject of a decision based solely on any form of automated decision-making, including profiling, if the decision may have legal consequences for you or significantly affect you in any other way. However, the bank has the right to use automated decision-making if it is necessary for concluding or fulfilling agreements.
Block against direct marketing
You can contact the bank to request a ban on direct marketing.
Data Protection Officer
We have appointed a data protection officer to monitor that the bank complies with the General Data Protection Regulation (GDPR) and other applicable data protection rules. The data protection officer shall fulfill the assignment in an independent manner in relation to the bank. Contact information for the Data Protection Officer can be found below.
You also have the right to lodge a complaint or report an infringement of the GDPR to the IMY (Swedish Authority for Privacy Protection).
Processing of personal data
|Purpose of processing||Lawful basis||Automated individual decisionmaking?|
|Storage of personal data related to previous business of insurance mediation.||Contract||No|
|Use of personal data for marketing and information purposes.||Legitimate interest||No|
|Use of personal data to manage Landshypotek Bank’s members/owners.||Contract||No|
|Use of personal data in investigating insolvency cases.||Contract||No|
|Use of personal data to manage the risk of money laundering and terrorist financing (AML).||Legal obligation||Yes|
|Use of personal data to test, provide and administrate credits.||Contract. In order to process AML information, legal obligation is the lawful basis. In order to process health information in connection with amortization grace period, consent is the legal basis.||Yes|
|Use of personal data to compile internal reporting and business analysis.||Legitimate interest||No|
|Use of personal data to identify, measure, manage, internally report on and have control over the bank’s risks.||Legal obligation||No|
|Use of personal data to fulfill statutory external reporting, including government reporting.||Legal obligation||No|