Information on the processing of personal data at BRFkredit

General duty of disclosure

Before BRFkredit acts as a data controller, you must according to the General Data Protection Regulation be informed about how and when we collect, process and/or disclose your personal data.

Personal data submitted through this website 

At our website, we offer a number of services that presuppose that you enter specific personal data such as your name, address, civil registration number (CPR), email address and phone number.

When processing such data, confidentiality is ensured in accordance with the Danish Financial Business Act, the General Data Protection Regulation, the recommended guidelines of the Danish Data Protection Agency and our general terms and conditions.

First and foremost, the data will be used to accommodate your enquiries and requests and to offer the best possible service to you as a client and a user. In addition, the data are used to extend our knowledge of the website's users. This use of data may include surveys and analyses aimed at improving our products, services and technologies and display of content and ads, which are tailored to your interests. You can rest assured that we will not ask you for more information than required for the particular purpose.

Processing of personal data at BRFkredit 

  1. Collection and processing of data 

To enable BRFkredit to provide its services to you, we need your name, address, civil registration number (CPR) and possibly business registration number (CVR), and you must provide information about your tax situation. You must provide documentation of the information given by showing your passport or other documentation with photo and CPR number.

In addition, you must provide information about the purpose of your client relationship with BRFkredit.

Providing us with data is optional for you. If you decide not to provide such information, the Bank may be unable to provide advisory services to you or otherwise serve you.

Generally, we do not collect and process sensitive personal data about you. However, if you have yourself provided us with material containing sensitive personal data - for instance, data stated in an email or a budget relating to your health situation or membership of a certain political party or union - we will consider this your acceptance that we may store such data. We will not, however, use such data in other contexts.

We collect information for the purpose of offering mortgage loans, advisory services, client administration, client relationship management, credit rating, internal risk management, marketing and fulfilment of obligations in accordance with legislation.

BRFkredit will obtain information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessment, we will enquire whether you are registered at credit information agencies or included on warning lists. The Bank updates the information on an ongoing basis.

We register communication with you and record certain telephone conversations. We have established video monitoring at our entrances

According to the Danish legislation on measures to prevent money laundering and financing of terrorism, we are obliged to investigate the background behind and the purpose of all complex and unusual transactions and activities and to register the results of these investigations.

We will exchange data with other companies in the Jyske Bank Group through reports to the Danish State Prosecutor for Serious Economic and International Crime according to the Danish legislation on measures to prevent money laundering and financing of terrorism.

Moreover, we obtain information about you from our group companies in the instances when consent has been given or in accordance with the law.

We store this information as long as it is necessary in relation to the purposes that were the reason behind the collection, processing and storing of your data.

According to the Danish legislation on measures to prevent money laundering and financing of terrorism, we will store information, documents and other relevant registrations for at least five years after the termination of the business relations or the completion of the individual transaction. Generally, video recordings will be stored for no more than 30 days.

We store data you have provided us with in order to establish a client relationship for a period of up to two years - even though the client relationship is not established. We do this in order to protect us against fraud, among other things.

  1. Basis for data processing

The legal framework for the processing by BRFkredit is the financial regulation and other legislation, including

  • The Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism
  • The Danish Tax Control Act
  • The Danish Bookkeeping Act
  • The Danish Credit Agreements Act
  • The Danish Data Protection Act

Moreover, we will process your information if necessary due to an agreement you have entered into or consider entering into with us or if you have given your consent, cf. Article 6(1), paragraphs a and b of the General Data Protection Regulation or if one of the other rules on the processing of data of Article 6(1) and Article 9 of the General Data Protection Regulation apply.

We will process your information when this is necessary to pursue a legitimate interest. This may, for instance, be for the protection against unauthorised use and loss, for the strengthening of IT security and for direct marketing purposes.

  1. Disclosure and transfer of data

In order to fulfil agreements with you, for instance if you have asked us to transfer an amount to others, then we will disclose the information about you that is necessary to identify you and implement the agreement.

We will also disclose information about you to public authorities to the extent we are obliged to do so according to the law, including the Money Laundering Secretariat at the Danish State Prosecutor for Serious Economic and International Crime according to the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism, and to the Danish Customs and Tax Administration (SKAT) in accordance with the Danish Tax Control Act.

In addition, we will disclose  information internally in the Group, if you have consented to this or if such disclosure is possible according to legislation.

If you are in breach of your obligations to BRFkredit, we may report you to credit information agencies and/or warning lists according to the rules in force.

In connection with IT development, hosting and support, personal data may be transferred to a data processor.  In this connection, we use a number of legal mechanism, including Processor Agreements, to ensure that your rights and protection level follow your data.

  1. Our duty of confidentiality and your right of access to information

BRFkredit's employees are under a duty of confidentiality and are not allowed to disclose information which has come to their knowledge in the course of their employment unless authorised to do so.

You are entitled to know which data we process about you, where it derives from and for which purpose it is used. Also, you can be informed of how long we store your data and the recipients of your data.

However, access to such information can be limited by legislation. For instance, you cannot obtain information as to whether we have registered any information and, if so, which information, in connection with the investigations we are obliged to make according to legislation on money laundering. Also, you cannot obtain information as to whether we inform the Danish State Prosecutor for Serious Economic and International Crime or which information, we disclose to the Danish State Prosecutor for Serious Economic and International Crime in case of suspicion of money laundering or financing of terrorism.

Such limitation may also be imposed in order to protect other persons' personal life and our business foundation and business procedures; and also, our know-how, business secrets and internal assessments and material may be exempted from the right of access to data.

  1. Profiling and automatic decisions

In certain cases, BRFkredit will carry out an automatic assessment of your personal data, for instance, to analyse your financial situation or your preferences. We do this, for instance, if we must prepare a statutory credit rating (credit score) and with a view to targeting our marketing to you. BRFkredit does not use automatic decisions.

  1. Right to have your data corrected or deleted

If the information that we have registered about you is incorrect, incomplete or irrelevant, you are entitled to a correction or deletion of the data subject to the restrictions ensuing from legislation or other legal basis.

If the Bank has given other erroneous information, we will make sure that the information is corrected.

  1. Limitations to data processing

If you contest the correctness of the information that we have registered about you or if you have, according to Article 21 of the Danish General Data Protection Regulation, objected to the processing of the information, you may demand that we limit the processing of such information for storage. The processing is exclusively limited to storage until the correctness of the information can be ascertained or it can be controlled whether the legitimate interests of BRFkredit are prioritised higher than your interests.

If you have a right to have the information deleted that we have registered about you, you can instead request us to limit the processing of such information for storage.

If the processing of the information that we have registered about you is necessary solely to assert a legal claim, you may also demand that other processing of this information is limited to storage. We may apply other processing procedures if it is necessary to assert a legal claim or if you consent in this respect.

  1. You can withdraw your consent

Permission to disclose information that requires your consent may at any time be cancelled through your withdrawal of your consent.

  1. Right to receive your data
    (data portability)

If BRFkredit processes information on the basis of your consent or due to an agreement, you are entitled to have the information you delivered to us handed out in an electronic format.

  1. Complaint about BRFkredit's processing of data

If you are dissatisfied with the way we handle your personal data, you may file a complaint with BRFkredit. You may also file a complaint with the Danish Data Protection Agency, (Datatilsynet), Borgergade 28, 5th floor, DK-1300 Copenhagen K or dt@datatilsynet.dk.

  1. Contact details on data controller and data protection compliance officer

The data controller is:

BRFkredit a/s
Klampenborgvej 205
2800  Kgs. Lyngby
Business Reg. No. 13 40 98 38

brf.dk

Tel.: +45 45934593

BRFkredit is part of the Jyske Bank Group, and you can contact the Group's data protection compliance officer (DPO) at DPO@jyskebank.dk.