Security and incident management
Incident management
We may be required to process personal data both before and if a crisis situation or incident occurs in DNB. This will be personal data that is related to an incident such as violence, threats, unwanted behavior or an accident.
Personal data processed in this context relates to the event itself. The incidents may contain both general personal data, but also special categories of personal data such as health data.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
We store events in access-controlled internal information systems and retain the personal data for as long as necessary to fulfil the purpose of the processing. Some logs are kept 10–15 years in accordance with our internal archiving routines.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
The purpose of the processing is to detect and handle a crisis situation.
We are legally obliged to process personal data for this purpose, and the legal basis is the regulatory statutory requirements that apply to the financial industry regarding security and incident management.
- Identification data
- Special categories of personal data collected from the data subject during incident management, including health data
We may share personal data within the Group for internal processing purposes. In addition, we may share information with external authorities such as the police. We may also share data with suppliers who process personal data on our behalf.
IT Security
Security in DNB primarily relates to protecting the bank against crime and other intentional and undesirable incidents, but also unintentional incidents as a result of errors and accidents.
It is very important for us to protect our equipment, systems and information from damage, misuse, unauthorised access, alteration and vandalism. In this regard, a number of different security measures and systems are needed to detect and prevent unwanted incidents and damage to our assets and services, as well as to handle incidents that do occur.
We process personal data to achieve this purpose. This will typically be personal data such as your user identity and IP address. The information is processed by analysing internet activities on our secure networks and the use of our systems. We continuously seek to ensure that your personal data is protected against loss, destruction, corruption or unauthorized access.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
We retain your personal data as long as is necessary to achieve the purpose. This is up to a maximum of three years, unless the purpose entails a special need to keep the data longer.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
The purpose of the processing is prevention, detection and handling of IT security incidents in DNB.
DNB is legally obliged to process personal data for this purpose, and the legal basis is the regulatory statutory requirements that apply to the financial industry regarding security and incident management, as well as data protection rules and legislation.
- Identification data
- IP address
- Digital behavior data
We may share personal data within the Group for internal processing purposes. In addition, we may share information with external authorities such as the police. We may also share data with suppliers who process personal data on our behalf.
Physical security - Guest registration
When you visit our offices and register as a guest in our system, we register personal data about you.
The personal data we collect is your name and phone number. If you wish, you can also register whether you represent a company or are a private individual.
The purpose of the processing is to keep track of where visitors are in our buildings. This is to ensure the safety of people, our assets and our property, as well as to handle incidents and criminal offences that should arise.
The purpose is based on both preventive and reparative considerations. We have a legitimate interest for this processing of your personal data. Our legitimate interest is to keep track of where visitors are in our buildings. The guest must consent to the legal basis for processing so that we may store their contact details for one year.
The personal data provided during guest registration is anonymised after 90 days. If the visitor wishes to be remembered beyond 90 days, they must consent to this. In this case, their personal data will be retained for 365 days.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
- Contact details
We share personal data with our data processor and the supplier of the visitor registration system.
Physical security - Camera surveillence
We use camera surveillance for security purposes to help prevent unwanted incidents and to ensure proper handling and evidence collection in connection with the investigation of criminal acts. The video and camera equipment is permanently installed and located outside our buildings.
Through video surveillance, we record footage/images of employees, customers, visitors, and other third parties. The number of cameras at DNB Finans has been reduced to the minimum necessary in order to safeguard privacy and avoid unnecessary recordings. The need for cameras has been assessed in relation to different zones and purposes. Each camera’s coverage area is carefully evaluated, and areas that should not be part of the processing are excluded.
Recordings are deleted on a continuous basis in accordance with the retention periods defined for the respective zones.
The purpose of the processing is to keep track of where visitors are in our buildings. This is to ensure the safety of people, our assets and our property, as well as to handle incidents and criminal offences that should arise. The purpose is based on both preventive and reparative considerations.
We have a legitimate interest for this processing of your personal data. Our legitimate interest is to keep track of where visitors are in our buildings.
The guest must consent to the legal basis for processing so that we may store their contact details for one year.
The personal data provided during guest registration is anonymized after 90 days. If the visitor wishes to be remembered beyond 90 days, they must consent to this. In this case, their personal data will be retained for 365 days.
When we collect and process information about you, you have several rights under data protection rules and legislation. This includes the right of access, the right to data portability, the right to rectification of any errors and the right of erasure, which means that we must, on our own initiative, delete information that is no longer necessary for the purpose of the processing.
We will always consider any objections you may have to the processing of your personal data, and we will follow up when you opt out of direct marketing. Read about how you can exercise your data protection rights in our privacy notice under ‘Your rights’.
DNB Finans AS, filial Sverige, Org.nr. 516414-0104 ("DNB Finans Sweden") is a branch of DNB Finans AS.
DNB Finans AS is therefore the controller and is responsible for the processing of your personal data.
- Images
- Video
We share personal data with our data processor and the supplier of the visitor registration system.