1. What personal data we collect and why
We mainly collect personal data that is necessary to fulfill the main purpose of our business, that is to secure deposits of up to NOK two million per depositor per member bank. This part of our business is mainly regulated in Chapter 19 of the Financial Institutions Act. It also follows from the Financial Institutions Act that we must keep our members informed about our business. In addition, we will, among other things, collect personal information in connection with employment. The current collection of personal data is necessary to carry out the statutory duties of the Norwegian Banks’ Guarantee Fund.
1.1 Communication with members and their stakeholders
If you are listed as contact person at one of our member banks, we will ask for your contact information in order to manage the banks' membership with us. The same applies if you are an auditor, adviser or analyst for one or more of our member banks.
The member banks are required to report what is necessary for us to be able to calculate contributions to the fund and for our risk assessments. In this connection, the Norwegian Banks’ Guarantee Fund can examine the members' accounts and business and claim a member to submit information that we deem necessary. In this work, it may happen that personal information other than contact information for the banks is collected.
We also process personal data to fulfill agreements and to contact our suppliers.
1.2 Information about member banks' customers
All member banks are subject to «forskrift om krav til rapportering av opplysninger om innskytere og innskudd til Bankenes sikringsfond (innskuddsgarantiforskriften)». What personal data is collected is stated in the regulations, and will include name, social security number, account number, address, telephone number and e-mail. As part of our contingency planning, we carry out regular testing of the member banks' customer lists where such personal information is collected from the member banks. After the test has been completed, personal data are deleted, within 6 months at the latest.
The Norwegian Banks’ Guarantee Fund also performs analysis of the member banks' accounts in accordance with Section 19-14 of the Financial Institutions Act. In order to be able to carry out such analyses, information is obtained about account information and loan commitments for private customers. Information obtained about private customers' loan commitments may contain sensitive personal data as defined in the Personal Data Protection Regulation's articles 9 and 10. There may also be information about children. The personal information is stored until the report and the response deadline for this has expired. The personal data is thereafter deleted.
If a bank is liquidated under public administration, and a payment is made from us to the bank's customers, we will send lists of customers that have received a payment through the deposit guarantee scheme to the relevant administrators.
In accordance with the Financial Institutions Act, the Norwegian Banks' Guarantee Fund must cooperate with deposit guarantee schemes where the deposit guarantee is triggered for a branch with its head office in another EU/EEA country. In such cases, we will exchange personal data with deposit guarantee schemes in other EU/EEA countries.
If the deposit guarantee is triggered and you are a customer of the relevant bank, we will collect personal data relating to your customer relationship. We will collect this information from a third party, i.e. publicly available sources, as well as information about the customer relationship in the relevant bank. We mainly collect:
- Contact information: telephone numbers and addresses, including e-mail address
- Statutory information: social security number, name, domicile for tax purposes and other information required to obtain sufficient information for a possible payment
Personal information collected in connection with a payment is not deleted. This is justified by the rules in the Public Information Act and the Accounting Act.
The basis for the processing of personal data that the Norwegian Banks' Guarantee Fund collects in relation to analysis of the bank's accounts, control of customer lists and payment of guaranteed deposits is to fulfill legal requirements according to the Financial Institutions Act, chapter 19 (GDPR article 6 (1) c)).
1.3 Employment processes
We also process personal data if you apply for a job with us. The employment process will involve the processing of information you and any recruiter convey to us and includes, among other things, CVs applications, certificates and notes from interviews. We will carry out our own investigations in an employment process, which means that we may receive personal data from others than the job seeker when we receive references.
The basis for the processing of personal data during recruitment is that the processing is necessary to carry out measures before a possible signing of an employment contract with a job seeker (GDPR article 6 (1) b).
If investigations are carried out by us in addition to contacting people who have been provided as a reference, history search etc., personal data is processed on the basis of our necessary legitimate interest to ensure the right candidate for the position (GDPR article 6 (1) f). For the latter, we have assessed that our legitimate interest in recruiting new employees outweighs the individual's privacy. We encourage you not to enter sensitive personal data, such as health, religion, political opinions, trade union membership etc., in your application.
Personal data is deleted as soon as the recruitment is completed, unless you have consented to a longer storage period.
1.4 Communication and contact
We process personal data about those who contact us in order to answer and document the communication. This applies to all forms of communication, physical and digital, written and spoken.
In such cases, we process names, telephone numbers, e-mail addresses and any personal data that may result from the enquiry, including history/logs of the enquiry.
The processing of information is based on the fact that we have a necessary legitimate interest in processing personal data related to the above (see GDPR article 6 (1) f). We have therefore considered that our legitimate interest in having contact with the outside world is part of our business and in documenting the business we run, as well as responding to those who contact us and registering such contact. We have assessed it necessary for us to handle inquiries we receive, and that the privacy of those registered does not come ahead of these interests.
It is voluntary to provide us with personal information, but it will be necessary to provide us with the information in order for us to be able to respond to inquiries.
1.5 Conferences and events
If you register for a conference or other event with us, we will ask for information such as your name, email, telephone number and emplyer. The purpose of the collection of the information is administration of the event. The information is stored until the event has ended.
2. How we protect your personal data
We process your personal data safely and securely. We use appropriate technical, organisational and administrative security measures to protect the information against loss, misuse, accidental access, disclosure, alteration or destruction.
2.1 Your rights
If your personal data is registered with us, you have rights related to the personal data we hold about you. You have the right to request:
- Access to the personal data we hold about you. However, the right to access may be limited by law.
- Correction of incorrect or incomplete data
- Restriction of processing of personal data if you dispute the correctness or legality of personal data we hold about you. Processing will then be limited to storage only until the information is corrected, or it can be determined that our legitimate interests take precedence over your interests.
- Deletion, including if:
- You withdraw your consent to the processing and there is no other justified reason for the processing
- You raise objections to processing and there is no justified reason to continue the processing
- The processing is illegal
2.2 How long we process your personal data
We process your personal data for as long as it is needed for the purposes for which the information was collected and processed, or as long as required by law and regulations.
An example where we are required to keep the personal information after the purpose has been fulfilled is where the Bookkeeping Act requires us to keep the information.
3. Information to third parties and data processor agreements
We may share your personal data with others, mainly authorities and the member bank from which we have received the information about you. Before we share such information, we will always make sure that we follow the applicable provisions on confidentiality that apply in the financial sector.
We have entered into agreements with suppliers who process data on our behalf. Data processing agreements regulate the suppliers' responsibilities related to personal data. Please contact us if you would like further information about these agreements.
3.1 Web analysis and cookies
When you visit bankenessikringsfond.no, we use Google Analytics, which is a tool to analyse your use of the website. The purpose of this is to prepare statistics that we use to improve and further develop the information offered on the website. Examples of what the statistics provide answers to are how many people visit various pages, how long the visit lasts, which websites the users come from and which browsers are used. The information is processed in de-identified and aggregated form. De-identified means that we cannot trace the information we collect back to the individual user.
You can set or change settings in your browser to accept or reject cookies. For more information about cookies, see the paragraph about cookies here.
4. Registration by contacting us
Telephone calls to us are counted anonymously. The information is used to map the number of calls, as well as to call back. Emails, including those received via the contact form on the website, are stored so that we can respond to inquiries and improve our FAQ page on our website. We use encryption to secure our e-mail communication, but ask that you do not send sensitive information by e-mail, as we cannot guarantee that your e-mail provider supports encryption. All incoming and outgoing e-mails are scanned for viruses and malware.
5. Contact information
E-mail: [email protected]
Mail: The Norwegian Banks’ Guarantee Fund, PO Box 1213 Vika, 0110 Oslo, Norway.
Any complaints about the Norwegian Banks’ Guarantee Fund’s processing of personal data about you can also be directed to the Norwegian Data Protection Authority. You can find information about this at the webpage of the Norwegian Data Protection Authority.