Corporate governance, reporting and audit
Control, reporting and analysis
We in DNB Finans reuse personal data about you, or about the business for which you are a contact person, in order to ensure sound management of our operations and to maintain control over all the data we hold. Information about you and your customer relationship forms part of the total data we process when monitoring, analysing, and reporting figures for DNB Finans. The types of information that may be reused include customer numbers and associated contractual relationships.
To ensure that we have complete and accurate data registered in our systems, we process personal data when validating and quality‑assuring the information we hold.
Personal data is anonymised and aggregated for analytical purposes, for example to assess the profitability of the products we offer, or for other analyses we need to conduct to ensure proper management of the business.
The purpose of the processing of personal data is to ensure control of our business operations and to carry out necessary analyses and mandatory financial reporting.
We have a legal obligation to process your personal data for tax purposes.
We have a legitimate interest in controlling and quality assuring the personal data that we have stored in our systems.
After the analyses have been prepared, they will no longer contain identifiable personal data.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
- Identification data
- Contact details
- Financial data
We are obliged to disclose personal data to Swedish and international tax authorities.
Tax reporting
We report the status of all customers’ financing contracts in DNB annually to Swedish and, where applicable, international authorities for tax purposes. This includes information such as customer numbers, names, and addresses.
Reporting is carried out in accordance with applicable tax legislation and other relevant regulatory requirements.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
We store personal data for a period of 10 years, in accordance with applicable statutory retention requirements.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
The purpose of the processing is to comply with statutory tax reporting obligations and to contribute to the prevention of tax avoidance and tax evasion.
The processing of personal data is based on our legal obligations under applicable tax and financial regulations.
- Identification data
- Contact details
- Relationship data
- Financial data.
We are legally obliged to disclose personal data to Swedish tax authorities and other relevant public authorities, where required by law.
Risk management and risk modelling
We will process credit information and other personal data in accordance with the provisions of the Norwegian Financial Institutions Act and the Norwegian Securities Trading Act. This processing takes place in connection with the establishment of your customer relationship, determining which products and services are suitable for you and the use of systems to calculate capital adequacy requirements for credit risk.
The internal measurement systems include our models, work and decision-making processes for approving and managing credit, control mechanisms, IT systems and internal guidelines for classifying and quantifying our credit risk and other relevant risk. The personal data used for this purpose is obtained from credit information agencies.
We process personal data in models that are used to assess how much risk the bank is assuming. The models produce a set of key figures (PD, LGD and EAD), which are necessary to determine how much risk capital the bank must hold at any given time. The key figures are estimated for each agreement the customer has with the bank. The key figures may later also be used in our risk reporting on the processing of customer applications for e.g. credit at a high aggregated level. The information is collected on an ongoing basis, as it is necessary for us to continuously update the risk situation.
The purpose of the processing of personal data is to calculate the correct capital requirement and ensure better risk management for the DNB Group.
We have a statutory obligation to process your personal data for this purpose, including pursuant to the Norwegian Financial Institutions Act and regulations (cf. the CRR/CRD IV Regulations).
For PD and LGD models, we are required by law to retain personal data for a minimum of five and seven years, respectively.
The personal data used in the model calculations can be stored for up to 50 years.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketing. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data."
- Identification data
- Contact details
- Relationship data
- Financial data
- Demographic data.
We use a software supplier and a cloud solution provider as data processors for the processing of personal data.
Audit
In DNB Finans, Internal Audit is one of our central control bodies that will check and ensure that we are organized and operate in a prudent manner. Furthermore, we will ensure that we have satisfactory internal management and control systems that cover the overall business.
We do not collect personal data directly from you for this purpose. In order to carry out our audit work, a limited area in DNB has unrestricted access to the Group's documents, electronic data, physical assets/premises and personnel. Access to electronic data entails access to the Group's data warehouses, data sources and databases, including regular data collection in connection with topic-based activities and continuous audit monitoring. In this way, we will be able to reuse personal data collected by DNB business areas with direct customer contact. Employees who work with internal auditing have a duty of confidentiality and sign a separate non-disclosure agreement upon appointment. We have strict access control in our case management systems and physical premises.
The purpose of processing personal data is to be able to comply with legal requirements to be organized with proper management and control, including independent control functions responsible for internal auditing, risk management and compliance with requirements laid down in laws and regulations.
We have a statutory obligation to process your personal data for this purpose in accordance with the requirements of the Financial Institutions Act and the CRR/CRD IV regulations.
Any personal data processed as part of an audit will be stored for up to 10 years for any external quality control carried out every five years.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
- Identification data
- Contact details
- Relationship data
- Financial data
- Digital behavioural data
- Demographic data
We may disclose personal data to supervisory authorities in situations where DNB is required to do so.