Control, reporting and analysis

We reuse personal data about you to ensure proper management of our business operations and to keep track of all the data we have. Information about you and your customer relationship is included in the data we process when we control, analyse and report figures for the Group. Information that is reused includes your customer number and associated contractual relationships.

To ensure that we have complete and correct data registered in our systems, we will process personal data when we control and quality assure data.

Personal data is anonymised and summarised for analysis purposes, for example to assess the profitability of the products we offer, or other analyses we need to ensure proper management of our business operations.

In order to report our financial statements as required by law, we must include, among other things, all payments made through our systems, including all customer transactions. 

Every year, we report the status of all customers’ accounts in DNB to Norwegian and international authorities for tax purposes. We are required to report information about customer number, name, address and overviews of commitments.

DNB Bank ASA is responsible for the processing of your personal data.

DNB Bank ASA also conducts financial reporting as the parent company and on behalf of other companies in the Group.

The purpose of the processing of personal data is to ensure control of our business operations and to carry out necessary analyses and mandatory financial reporting.

We have a legal obligation to process your personal data for tax purposes.

We have a legitimate interest in controlling and quality assuring the personal data that we have stored in our systems.

• Identification data
• Contact details
• Financial data

After the analyses have been prepared, they will no longer contain identifiable personal data.

We are obliged to disclose personal data to Norwegian and international tax authorities.

Every year, we report the status of all clients' fund accounts or fund holdings in DNB to Norwegian and international authorities for tax purposes. We are required to report details of customer number, name, address, and fund holdings.

As a result of international agreements on the automatic exchange of tax information, we must also collect and report information about which countries you as a customer have tax affiliation to. We disclose the information to the Norwegian tax authorities, who pass this on to the tax authorities in the respective countries where the account holder or beneficial owner is resident for tax purposes. For high-risk customers, this will also entail obtaining a tax return. The reporting is carried out annually. You can read more about this here.

DNB Bank ASA is the data controller for the processing of your personal data.

The purpose of processing personal data is to combat tax avoidance or evasion of international tax crime.

We are required by law pursuant to the Securities Regulations to report the status of all clients' fund accounts or fund holdings to Norwegian authorities. We are required by law under the FATCA and CRS regulations to identify and annually report the balance/value of our customers who have tax residency in a country other than the one in which the account is held.

• identification data
• contact details
• relationship data
• financial data.

We store personal data for 13 years. For international tax reporting, we store information for 5 years after the end of the year in which the customer relationship was reported to the tax authorities or new documentation has been obtained.

We are obliged to disclose personal data to Norwegian and international tax authorities.

We will process credit information and other personal data in accordance with the provisions of the Norwegian Financial Institutions Act and the Norwegian Securities Trading Act. This processing takes place in connection with the establishment of your customer relationship, determining which products and services are suitable for you and the use of systems to calculate capital adequacy requirements for credit risk. 

The internal measurement systems include our models, work and decision-making processes for approving and managing credit, control mechanisms, IT systems and internal guidelines for classifying and quantifying our credit risk and other relevant risk. The personal data used for this purpose is obtained from credit information agencies. 

We process personal data in models that are used to assess how much risk the bank is assuming. The models produce a set of key figures (PD, LGD and EAD), which are necessary to determine how much risk capital the bank must hold at any given time. The key figures are estimated for each agreement the customer has with the bank. The key figures may later also be used in our risk reporting on the processing of customer applications for e.g. credit at a high aggregated level. The information is collected on an ongoing basis, as it is necessary for us to continuously update the risk situation.

DNB Bank ASA is the data controller for the processing of your personal data.

The purpose of the processing of personal data is to calculate the correct capital requirement and ensure better risk management for the DNB Group.

We have a statutory obligation to process your personal data for this purpose, including pursuant to the Norwegian Financial Institutions Act and regulations (cf. the CRR/CRD IV Regulations).

• Identification data
• Contact details
• Relationship data
• Financial data
• Demographic data.

For PD and LGD models, we are required by law to retain personal data for a minimum of five and seven years, respectively.

The personal data used in the model calculations can be stored for up to 50 years.

We use a software supplier and a cloud solution provider as data processors for the processing of personal data.

In DNB, Internal Audit is one of our central control bodies that will check and ensure that we are organised and operate in a prudent manner. Furthermore, we will ensure that we have satisfactory internal management and control systems that cover the overall business.

We do not collect personal data directly from you for this purpose. In order to carry out our audit work, a limited area in DNB has unrestricted access to the Group's documents, electronic data, physical assets/premises and personnel. Access to electronic data entails access to the Group's data warehouses, data sources and databases, including regular data collection in connection with topic-based activities and continuous audit monitoring. In this way, we will be able to reuse personal data collected by DNB business areas with direct customer contact. Employees who work with internal auditing have a duty of confidentiality and sign a separate non-disclosure agreement upon appointment. We have strict access control in our case management systems and physical premises.

DNB Bank ASA is the data controller for the processing of your personal data.

The purpose of processing personal data is to be able to comply with legal requirements to be organized with proper management and control, including independent control functions responsible for internal auditing, risk management and compliance with requirements laid down in laws and regulations.

We have a statutory obligation to process your personal data for this purpose in accordance with the requirements of the Financial Institutions Act and the CRR/CRD IV regulations.

• Identification data
• Contact details
• Relationship data
• Financial data
• Digital behavioural data
• Demographic data.

Any personal data processed as part of an audit will be stored for up to 10 years for any external quality control carried out every five years.

We may disclose personal data to supervisory authorities in situations where DNB is required to do so.