1. Personal
  2. /
  3. Privacy notice

Privacy notice

This privacy notice describes how we handle personal information about you and others, so that you can get an overview of your rights and understand how we protect your privacy.
The privacy statement was last modified 05.11.2019

Handelsbanken NUF org.no. 971 171 324 and Handelsbanken Eiendomskreditt NUF org.no. 991 303 995 is collectively referred to in this privacy notice as "Handelsbanken" or "we". Handelsbanken NUF is a Norwegian branch of Svenska Handelsbanken AB (publ) and Handelsbanken Eiendomskreditt NUF is a Norwegian branch of Stadshypotek AB.

This privacy notice describes how Handelsbanken processes personal information about our customers, potential customers, former customers, creditors, guarantors or authorized representatives, business card holders and affiliates (hereinafter "the Data Subjects"). We also handle data from the customer representatives with our customers and suppliers.
Personal information is any piece of information that can be linked to an individual. You can rest assured that we process all personal information about you satisfactorily and in accordance with statutory requirements for the processing of personal data.
Please read below about how Handelsbanken processes your personal data in connection with your contractual relationship.

1 Who is the controller?

Handelsbanken NUF and Handelsbanken Eiendomskreditt NUF are Norwegian branches of Svenska Handelsbanken AB and Stadshypotek AB respectively. Svenska Handelsbanken AB and Stadshypotek AB are the formal controllers of the branches processing of your personal data. The responsibility lies with the CEO of these companies, and he or she decides the purpose of the processing within the framework of our business, and what means to be used. However, this is followed up on a daily basis by the Norwegian branch operations.

Which branch that formally carries out the processing of your personal data depends on which products you have entered into an agreement for. The branch that processes your personal information will be stated in the agreement you have entered into with us. The operation of Handelsbanken Eiendomskreditt NUF is placed under Handelsbanken NUF. This means that Handelsbanken AB (by Handelsbanken NUF) is also a data processor in this relationship, see more about this below in section 7.

2 Where do we collect personal data from?

The personal data we register will mainly be collected directly from you as a customer, by completing an application form, inquiries to one of our offices or using our services, such as for example online banking or mobile banking. In other cases, we obtain personal information from other Data Subjects, such as information about family information or tips about acquaintances who may be potential customers for Handelsbanken. Furthermore, we also process personal information obtained through camera surveillance of our bank premises and ATMs and by statutory audio recording of telephone calls.
In order to provide you services and comply with legal requirements, we will also collect personal information from other sources such as:
  • Public registers such as the National Population Register, the Brønnøysund Registers, and registers managed by the tax authorities and crime-fighting authorities
  • Sanctions lists maintained by international organizations such as the EU, the UN and the Office of Foreign Assets Control (OFAC)
  • Credit bureaus
  • Agents and distributors
  • Information services related to licensees and politically exposed persons
  • Account information from financial institutions other than Handelsbanken when you use various payment services or want to collect your account information in one place
  • Debt register with information on consumer debt

Handelsbanken also has a central group customer register. We collect some information from this, but of course only within the limits of the law. Examples of such, may be your name and contact information. Still, you can consent to sharing more information between the companies in the Handelsbanken Group, see more about the group customer register and consent below.

3 What types of personal information do we collect?

Below are examples of the types of personal data that Handelsbanken collects. Please note that the type of personal data collected depends on what product or service we offer you as a customer or any other relationship you have with us.
  • Identification information such as birth number and copy of identification papers.

  • Contact information such as name, telephone number, address and e-mail address.

  • Financial information such as transaction data, balance from other banks, credit history and updated debt and tax information, including income information

  • Information necessary to comply with statutory obligations such as anti-money laundering and reporting to public authorities.

  • Special categories of personal information such as trade union membership for certain products.

4 Legitimate grounds and purpose for processing

Handelsbanken processes personal data for specified purposes, and only when we have legitimate grounds for the processing. You may find examples of this below.

4.1 To enter into or fulfill an agreement

Handelsbanken processes your personal information if it is necessary for entering into an agreement with you or to fulfill the agreement (s) you have entered into with us. This can be an account agreement, loan agreement or similar. We also need to process your personal data if you place a Handelsbanken card in a digital wallet, or if you use one of our apps. Retention of contact information, contract documentation, recording of transactions and payments as well as information from communication with customer advisor, are key examples of daily processing we must carry out in order to fulfill ongoing agreements between us and our customers.

You will find more information about our apps and digital wallets under the overview.
As of 18.02.2020 we offer the following apps and digital wallets:
  • Mobilbank PM
  • Mobilbank BM
  • Kortkompis
  • Garmin Pay
  • Fitbit Pay
4.2 Legal Obligations
We have a number of legal obligations that require that we process personal data. By legal obligation we mean requirements arising from law, regulation or government decisions. Below are some examples of our legal obligations that require us to process your personal information.
4.2.1 Prevention and detection of criminal offenses
As a financial institution, Handelsbanken has a statutory obligation to help prevent, detect, resolve and handle fraud and other criminal acts, such as financing terrorism and money laundering. We are obliged to investigate and report suspicious transactions under the Money Laundering Act.
4.2.2 Audio recording of telephone calls and storage of other customer communications at investment services
In connection with the provision of investment services and advice, we are obliged to record audio and store other customer communications, for example via e-mail or chat, in order to document the content of such conversations should, for example, disagreement about what has been agreed and to clarify when specific information was communicated. This is set out in the securities regulations.
4.2.3 Compliance with industry-specific regulation
We are also subject to other legal obligations that may necessitate the processing of personal data, such as:
  • Duty of storage in accordance with the accounting regulations

  • Sanctions Monitoring

  • Reporting to tax authorities, regulators and police authorities

  • Requirements and obligations related to payment services

  • Other obligations related to product-specific legislation for funds, securities, mortgages or mortgages

  • Electronic Signature Act 

4.3 Legitimate interest
We also process personal data when it is necessary to protect a legitimate interest that outweighs your privacy. We make concrete and documentable balancing tests of interest before such treatment is carried out. For example, Handelsbanken is of the opinion that it has a legitimate interest in processing personal data for the following purposes:

4.3.1 Development and analysis
Handelsbanken may collect information used to analyze how you use our services in connection with the improvement of existing products or the development of new services. In some cases, we also have a legitimate interest in analysing your data, such as usage patterns, to identify whether new products and services may be relevant to you. Such analysis can be done either manually or automatically (profiling). We also have a legitimate interest in improving the functionality of pre-existing products and services, as well as performing tests related to development.
4.3.2 Group Customer Register
The Handelsbanken Group consists of several legal entities, which as a whole  is a full-range supplier of services and products to our customers.
In order to facilitate the management of the customer relationship, and to coordinate the provisioning of services and advice to you as a customer, we have a legitimate interest in processing personal data about customers in the group customer register. Unless you have   consented otherwise, we will only register so-called neutral customer information about you in this register. Neutral customer information is for example name, contact information, date of birth and information about services and products. We also have a legitimate interest in using neutral customer data for marketing purposes within the Group. You may reserve yourself at any time against such marketing activities. Sharing of more information within the Group than neutral customer information requires valid consent from you.
The following branches in Norway share information with Handelsbanken's joint group customer register in Sweden, as described above:
  • Handelsbanken NUF
  • Handelsbanken Eiendomskreditt NUF
  • Handelsbanken Liv NUF
  • SHB Liv Forsikringsaksjeselskap NUF
4.3.3 Security measures
We make recordings using camera surveillance of bank offices and ATMs to prevent and detect criminal offenses. We will always inform you if an area is monitored.
4.3.4 Documentation and other
The bank has a legitimate interest in storing information on the data subjects in order to be able to refute a possible future legal claim or compensation claim. Access to this information is limited to employees who have a material need for access to such. We will also be able to implement other measures as part of our anti-money laundering efforts, based on Handelsbanken's legitimate interest in this.
4.4 Consent
Some processing of personal data requires the bank to obtain your consent. Below are some examples of this. 
You can change or withdraw consent in the online bank at any time.
4.4.1 Sharing of information within the Group
For example, we obtain your consent to share more of your customer information than the "neutral" within the Group so that we can best assist you as a customer, manage your customer relationship and provide you with the best possible advice. See more about sharing customer information in the group without consent, under the section on group customer register above.
4.4.2 Marketing
We obtain your consent to be able to send you marketing in digital channels or to send you marketing inquiries from our partners. This may be other companies in the Handelsbanken Group such as our insurance companies, or other companies we work with, such as information about new features in Vipps.
We also obtain your consent to use information from your customer relationship to customize our marketing activities so that you receive the most relevant communication from us.
4.4.3 Use of cookies
We use cookies when you use our website by placing a cookie with a unique ID in your browser. Cookies are text files that are stored in your browser's internal memory when you visit a website. The purpose of the use of cookies is to provide you with a better user experience by enabling us to evaluate how the site is used and to identify improvement potential while ensuring that various services on our website work. We never use cookies to map individual usage patterns or collect other information that violates your privacy.
4.4.4 View your accounts in another bank

Account information from payment accounts that you own or have charge of can be disclosed to other financial institutions than Handelsbanken if you consent to it. This gives you the opportunity to view the information in the online bank of this institution. You consent to the disclosure in the online bank of the relevant financial institution. The institution will automatically route you to our online bank, where you must consent to the transfer. Your consent may later be withdrawn in our or the other institution's online bank.

5 Who do we disclose personal data to?

In some cases, Handelsbanken has a duty to disclose personal data to public authorities or other third parties. Such disclosure will only take place where there is a legal obligation or right to disclosure, such as to the police, debt information companies, the Financial Supervisory Authority or the tax authorities.
Personal data may also be disclosed to other banks and financial institutions to the extent permitted by law, and further provided that our  statutory duty of confidentiality does not prevent it.
If necessary in order to comply with the Handelsbanken Group's management, control or reporting requirements pursuant to a statutory provision, we will also share personal data with another company in the group. All Handelsbanken employees are subject to a duty of confidentiality, and sign a declaration of confidentiality before being granted access to personal data.

Disclosure to affiliates and payment service providers may be necessary for the bank to provide services and products to you. For example, we provide information to credit reporting agencies when applying for loans, and to payment service providers involved in a payment transaction as far as necessary to secure the transaction. In cases where the bank carries out payment orders to or from abroad, certain personal information will necessarily have to be disclosed to the foreign bank or banks that are part of the transaction chain.

If you use another payment service provider to initiate payments from accounts at Handelsbanken, we will share the personal information needed to make the payment. This applies, for example, if you pay from one of your Handelsbanken accounts through Vipps.

6 Transfer to third countries

In some cases, we may transfer personal data to recipients outside the EU / EEA (European Economic Area), so-called third countries. This mainly happens when we have an agreement as the basis for the transfer, for example with one of our data processors. 

We will only transfer personal data to third countries if the transfer takes place with an adequate degree of protection. We will then use special agreements with those who handle your personal data based on EU Model Clauses, to parties who are US Privacy Shield certified, or have approved corporate rules (BCR). You can find more information about such security mechanisms at datatilsynet.no. All sharing will be in accordance with laws and regulations Handelsbanken is subject to and your personal data will not be used for anything other than what we have already informed you of.

In some cases, we are also obliged to disclose personal information to the authorities of a third country.

7 Using Data Processors

A data processor is a company that processes personal data on our behalf and only in the way and for the purposes we decide. Therefore, the use of data processors is not a disclosure of personal data. When we use data processors to collect, store or otherwise process personal data on our behalf, we will enter into an agreement with the data processor to ensure that the processing of the data complies with the privacy regulations and the bank's requirements for the processing of personal data.

When Handelsbanken NUF provides services on behalf of Handelsbanken Eiendomskreditt NUF, this means that Handelsbanken AB, at Handelsbanken NUF, is the data processor for Stadshypotek AB, at Handelsbanken Eiendomskreditt NUF. Furthermore, we use, for example, data processors in connection with IT deliveries and the provision of payment services.

8 Data retention

We will delete your personal data when the purpose of processing the data is fulfilled. This means, among other things, that we store personal data as long as it is necessary to fulfill the agreement we have entered into with you.

Even though the agreement has been terminated, there is still some information we can and must keep. One reason for this is to comply with statutory storage obligations. For example, according to the money laundering regulations, we must store information obtained in connection with customer control for five years after the end of the customer relationship. The information should then be deleted after one year. Furthermore, the bank has the right to retain some information about the contractual relationship and payment information after the customer relationship has been concluded in order to meet possible future claims, such as a claim for damages, see section above on "Documentation and other". Such information will be retained until any claims will be outdated and only a few people will have access to the information.

The personal information we process on the basis of your consent will be deleted if you withdraw your consent. Personal data processed to safeguard a legitimate interest in the business is deleted when we can no longer document a legitimate interest that outweighs your right to privacy.

9 Your rights

As a Data Subject you have a number of rights. These are described in more detail below. Your rights can be exercised without incurring any costs on your part.

You may demand access to registered personal data, a description of the types of data processed and further information about our processing of the data. The information must be provided in writing and electronically if the request is electronic. In some cases, there are exceptions to the right of access. This is, for example, where we are required by law to maintain confidentiality or where it is required to keep the information confidential for the purposes of prevention, investigation, disclosure and legal prosecution of criminal offenses, or if information is contained only in documents prepared for internal case preparation and exceptions to the right of access are required to ensure proper case management.

Furthermore, you have the right to have data corrected, for example if we have incorrect or incomplete data recorded about you.

You also have the right to request that your information is deleted, where the information is no longer necessary for the purpose for which it was collected or where the consent to the treatment is withdrawn. This does not imply an obligation to delete the information if there is still a need to process the information for the purpose. The same applies if we still need the information to fulfill a legal obligation or to establish, enforce or comply with a legal or compensation claim as described above.

You have the right to object to the processing of your personal data on the basis of legitimate interests unless our interests override your fundamental rights or freedoms. In cases where the processing of your personal data is based on our legitimate interest and the information is used for direct marketing and profiling in connection with such marketing, you are always entitled to raise objections to the processing.

You may ask us to limit the processing of your personal data to storage only, if you dispute the accuracy of the information we have recorded about you or the legality of the processing, or if you have objected to the processing of the information in accordance with your right to object. The processing will be limited to storage only until the information has been corrected or it may be determined that our legitimate interests take precedence over your interests.

If you do not have the right to delete the information we have recorded about you, you may request that we limit the processing of this information to storage only. If the processing of the information we have recorded about you is necessary to put forward a legal claim, you may also require that other processing of this information is restricted to storage. We may process your information for other purposes if this is necessary to further a legal claim or if you have consented to it.

If you request a restriction on the processing of your personal data, some products and services may no longer be available to you.

You are also entitled to data portability in some cases. This means that you are entitled to obtain personal data that you have provided to us in a simple, machine-readable format. The right to data portability applies where the processing is based on consent or agreement and where the processing of the data is automated.

If you would like to exercise any of your rights, please contact our Privacy Officer at po-no@handelsbanken.no. In order to respond to your request, we must confirm your identity. We do this to make sure that we only give access to your personal information to you and not to others who claim to be you. We will respond to your inquiry as soon as possible, and within 30 days at the latest.

10 Security

Handelsbanken processes personal data to protect you from misuse of such data, unintentional access and in order to safeguard the bank's values, for example when logging on servers and operating our infrastructure. In order not to compromise the security of your personal data, we cannot go into detail about how the data is secured. Nevertheless, it is a clear goal for us to provide a safe and sufficiently secure processing of personal data, whether it is through the security of electronic systems, our websites and applications, physical security of our premises or by other means. 

Communication of information where confidentiality is required

For security reasons, we would like to inform you that sending and receiving e-mails from ordinary e-mail accounts without encryption does not constitute a sufficiently secure sending of the e-mail content. Please avoid sending us emails containing your national ID-number or other personal data that requires protection.

If you send us information as mentioned above, we recommend that you use the mailbox in the online bank for the secure transfer of information or Digipost.

SecurityOpens in a new window

11 Contact information and complaints

If you have a question or would like to complain about how we handle your personal data, please contact our Data Protection Officer on: dpo-no@handelsbanken.no. We will reply within 30 days.

You also have the right to file a complaint with the regulating authority  regarding our handling of your personal data. More information about the complaint to the Data Inspectorate can be found at datatilsynet.noOpens in a new window.

12 Changes and Updates

We are constantly working to improve our products and services. If we change the way we process personal data, we will update this privacy notice. When we make changes to this notice, we will change the revision date at the top of this page, and a revised privacy notice will take effect from the revision date. We therefore recommend that you periodically check for changes to the notice.