privacy notice for lending customers

Here you can read about how we handle your personal data as a business customer, valid from 1 July 2021 for both existing and new applicants.

We are committed to protecting and respecting your data and your privacy. When you want to become a customer at kompasbank a/s, we as the data controller process your personal data.

This Privacy Notice applies to you as a private person associated with a company with a customer relationship or potential customer relationship with kompasbank. You can be a subscriber, rightful owner, director, employee, guarantor, mortgagor or a third party associated with our business customers.

In the Privacy Notice, we describe a number of matters regarding our processing of your personal data when your company makes a loan agreement with us.

Be aware that if there are any inconsistencies between the Danish and English privacy notices, the Danish privacy notice takes precedence.

1. What is personal data?

Personal data is any kind of information that can be attributed to you. When your company enters into a loan agreement with us, we register contact information as well as identification information on the management and beneficial owners – all information – which individually or in combination can be attributed to individuals associated with the company.

2. How do we process your personal data?

At kompasbank, we process your personal data confidentiality and of course in compliance with the Danish Data Protection Act, the General Data Protection Regulation (GDPR), the Danish Data Protection Agency’s guidelines and other relevant legislation.

We receive personal information from you if, e.g., you fill in our contact form or send information on request in a correspondence. In addition, we obtain information from publicly available sources via Experian or directly via e.g. Virk.dk, the Danish Financial Supervisory Authority’s PEP list, the Central Personal Register, etc., as well as in the case of a credit assessment, whether information is registered about you with credit reference agencies and warning registers.

We collect and process both general (non-sensitive) and sensitive personal information:

  • Name, address, telephone number and email are general personal data that we process, just as we process information about your possible status as a Politically Exposed Person (PEP) or a close relative of a PEP as well as your financial information (which is considered personal data in sole proprietorships).

  • In addition, we can collect sensitive information if, e.g., you are a PEP due to your political affiliation, just as we in our required customer due diligence procedure can register and process publicly available information on the web, which may relate to criminal matters (if, e.g., it appears in a news article that you have been charged).

  • Finally, we process your CPR no. and CVR no. in relation to identification (identity check), cf. the Money Laundering Act and reporting to SKAT, cf. the Tax Control Act.

3. Purpose of processing and the legal basis

We process your personal data for the following purposes:

  • Onboarding as a customer in kompasbank.

  • Credit assessment in relation to loan agreement (relevant for sole proprietorships).

  • Ongoing administration of your customer relationship.

  • Marketing.

  • Termination of customer relationship.

  • Compliance with applicable law.

We do not ask for information beyond what is necessary and relevant to fulfil the purposes above .

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

  • Keeping to our contracts and agreements with you (GDPR art. 6, no. 1, litra b). In order to comply with contracts and agreements with you, we need to process your personal data, such as contact details and CVR no. (which in the case of sole proprietorships is considered personal data). Without your personal data, we cannot offer our products and services to you.

  • Legal obligations (GDPR art. 6, no. 1, litra c). In some cases, we have a legal responsibility to collect and store your personal data, ie. identity information of the management and beneficial owners in accordance with the Money Laundering Act, CPR no. and CVR no. in accordance with the Tax Control Act as well as engagement and transactions in accordance with the Tax Control Act, the Money Laundering Act and the Accounting Act.

  • Consent to processing of personal data (GDPR art. 6, no. 1, litra a). Processing of your personal data requires your consent in certain contexts. We therefore obtain your consent for specific purposes such as marketing. The consent can be withdrawn at any time and has no effect on your terms or current services in kompasbank, but you will of course not be notified if, ie. we launch a relevant product for your company.

4. How long will you keep my personal data for?

If you become a lending customer at kompasbank, we will store your personal data as long as you are our customer. If you cease to be a customer of kompasbank, we will store your personal data for five years plus the current year from the time of termination. Certain information will be processed and stored longer due to the legislation on e.g. statistics. However, this information will be anonymised.

If you do not become a customer at kompasbank, we will store your personal data for six months, after which your personal data will be anonymised. If you have given marketing consent, we store your contact information for two years or until you withdraw your marketing consent.

5. Protection of your personal data

We have established a number of technical and organisational measures to ensure that your personal data is not accidentally or illegally deleted, published, made known to unauthorised persons or misused.

6. The right to information and other rights

You have the right to get access to the information we have collected about you, and the right to get incomplete or inaccurate personal data about you corrected or deleted. You also have the right to request restrictions on how we may process your information, just as in certain cases you have the right to object to our processing of your personal data based on our legitimate interest. In the event of an objection, we will assess whether the processing can continue to take place, or whether your situation means that your objection can be met. Finally, you have the right to have your information transferred to you or another company (data portability). You can read more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights, which you can find at datatilsynet.dk.

We keep records that we have complied with (or possibly rejected) your request to use one of your rights for two years.

You make use of your rights by contacting our data protection officer. See the contact information below.

7. Transfer of information (including third country transfers)

We share your personal information to the following recipients:

  • Public authorities, e.g. SKAT in relation to tax reporting of your balance and interest as well as other public authorities whose disclosure is necessary to comply with legal obligations to which we may be subject – including, e.g., in connection with money laundering reports, statistics, subpoenas, court orders or search warrants.

We also use third parties (data processors) for storage and processing of data, i.e. processing and storage of your personal information in our IT systems provided by private companies. They process information solely on our behalf and are prohibited to use it for their own purposes.

We only use data processors and/or sub-processors in the EU or in countries that can provide your information with satisfactory protection.

8. Right to withdraw your consent at any time

You can withdraw your consent to marketing at any time. You do this by writing to us directly.

Note that if you choose to withdraw your consent, the processing we have already carried out based on your previous consent will not be affected. The fact that you withdraw your consent therefore only takes effect from the time we receive your inquiry.

9. Duty of confidentiality

All our employees have a duty of confidentiality. This means that information about you, including your personal data, will not be unjustifiably passed on to third parties.

10. Contact

If you have any questions about our processing of your personal data or wish to exercise your rights, you are welcome to contact us or our data protection officer.

11. Data controller

We, kompasbank a/s, CVR.no. 38803611, Frydenlundsvej 30, 2950 Vedbæk, are Data Controller with regards to the personal information we collect.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO), who is responsible of controlling that kompasbank complies with the relevant data protection regulation. You can always contact our DPO with inquiries or questions regarding our processing of personal information:

kompasbank a/s Att. Data Protection Frydenlundsvej 30 2950 Vedbæk Phone +45 38 42 33 00 Email: databeskyttelse@kompasbank.dk

13. The Danish Data Protection Agency (Datatilsynet)

If you are unhappy with the way we process your personal information, you can always submit a complaint to the Danish Data Protection Agency. You can find the contact information at datatilsynet.dk.

14. Changes to the Privacy Notice

As a customer of kompasbank, you will receive notification if we make changes to the way we collect and process personal data that is important to you. The date from which it applies appears at the beginning of the document.