Overview of guidelines for Vestjysk Bank’s processing of personal data

Information on Vestjysk Bank’s processing of personal data

Our processing of your personal data

1. Purposes of processing your personal data

We process data about you for the purpose of providing financial services of any kind, including in connection with::

• payments,
• advisory services,
• customer service,
• customer administration,
• credit assessment,
• marketing, and
• compliance with regulatory requirements.

If you use credit or payment cards, online banking or other payment services, etc., the Bank will collect data from shops, banks and other places. The purpose is to be able to effect payments, prepare statements of account, payment overviews and the like.

We collect data from The Danish Central Office of Civil Registration and other publicly available sources and registers. For credit assessment purposes, we investigate whether credit information and warning registers have registered information about you. We update these data on an ongoing basis.

In connection with any type of payment received or made, we collect data from payers, businesses, banks and others in order for the payment to be made correctly and in order to comply with statutory requirements and to prepare statements of account, payment overviews, etc.

In compliance with applicable anti-money laundering legislation, we also regularly collect data about the purpose and intended scope of the customer relationship. We also regularly collect data about the origin of your funds and on any unusual transactions and transaction patterns. On the basis of a risk assessment, we moreover collect any data that we find necessary to ensure compliance with applicable legislation.

We receive information about you from business partners, including correspondent banks and other banks, if you have given your consent to the sharing of data or it is permitted by law.

Pursuant to applicable anti-money laundering legislation, information, documents and records must be stored for at least five years after the business relationship ends.

To enable you to transact securities trading through the Bank, we collect data about your citizenship, your Tax Identification Number (TIN) and/or other data required by the authorities, where relevant for purposes of reporting your security trades to the authorities.

We only store your data as long as this serves a purpose, including as long as the data are relevant and necessary.

2. Basis of processing your personal data

As a customer of the Bank, you are required to provide us with specific information to comply with legislation.

The legal basis of the Bank’s processing is the applicable financial regulation and other legislation, including

• The Danish Payments Act (betalingsloven)
• The Danish Bookkeeping Act (bogføringsloven)
• The Danish Data Protection Act (databeskyttelsesloven)
• The Danish Anti-Money Laundering Act (hvidvaskloven)
• The Danish Credit Agreements Act (kreditaftaleloven)
• The Danish Tax Control Act (skattekontrolloven)

Furthermore, your data may be processed if this is necessary due to an agreement you have entered into or are considering entering into with the Bank or if you have given your consent.

We also process your data when this is necessary in order for the Bank to pursue a legitimate interest. Examples of such interests are to prevent abuse and loss, to strengthen IT and payment security as well as for direct marketing purposes.

3. Disclosure of your personal data

Our employees are bound by professional secrecy.

Data about you will only be disclosed with your consent or where we are required or entitled by law to do so.

For example, information about customer relationships may be disclosed to business partners without consent for the purpose of performing administrative tasks.

We may also without your consent disclose data about you to other parties, including:

• SKAT (the Danish tax authorities), SØIK (the Public Prosecutor for Special Economic and International Crime), including the Danish Money Laundering Secretariat, Nationalbanken (the Danish central bank) and other public authorities, to the extent we are required to do so,
• Other banks for purposes of correct registration in connection with money transfers,
• Credit information agencies and warning registers for credit assessment purposes and where the customer is in breach of agreements.

4. Access to your personal data

You can obtain access to the data we processes about you, where we obtained them from and what we use them for. You have the right to be informed about how long we store your data and – to the extent we have disclosed your data – who the recipients are.

Your right of access may, however, be restricted by legislation, the protection of other persons’ privacy and the interest of our business and practices. The Bank’s intellectual property, business secrets as well as internal assessments and material may also be exempt from the right of access.

5. Rectification or erasure of your personal data

If the data about you that we process are inaccurate, incomplete or irrelevant, you are entitled to have them rectified or erased, subject to the restrictions that follow from legislation. Unless the data are necessary to exercise a legal claim, you have the right to demand that our processing be restricted to storage only, until the accuracy of the data can be established or it can be verified whether the Bank’s legitimate interests override your interests.

6. Restriction of processing

If you contest the accuracy of the data we have registered about you, or if you have objected to the processing operations performed on the data, you may demand that we restrict the processing of these data to storage. Processing will be restricted to storage only until the accuracy of the data can be established or it can be verified whether the Bank’s legitimate interests override your interests.

If you are entitled to have the data the Bank has registered about you erased, you may instead request the Bank to restrict the processing of these data to storage.

If the sole purpose of the Bank’s processing of the data it has registered about you is to exercise a legal claim, you may also demand that other use of these data be restricted to storage. The Bank may, however, be entitled to perform other processing operations if necessary to exercise a legal claim or if you have given your consent.

7. Objection to processing of data

If our processing of data about you is based on our legitimate interests, you have the right to object to such processing unless it serves a compelling legitimate purpose.

8. Data portability

If we process data about you based on your consent or as a result of an agreement and the data processing is automated, you have the right to receive an electronic copy of the data you have provided.

9. Withdrawal of consent

If you have consented to the processing of data, you have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of any processing prior to your withdrawal.

Complaints

If you want to complain about the Bank’s processing of personal data, please contact:
Datatilsynet (the Danish Data Protection Agency)
Borgergade 28, 5th floor
DK-1300 Copenhagen K, Denmark
Tel. + 45 33 19 32 00
www.datatilsynet.dk

Contact details

Vestjysk Bank’s contact details:
Vestjysk Bank
Industrivej Syd 13c
DK-7400 Herning, Denmark
Tel. +45 96 63 20 00
post@vestjyskbank.dk
CVR no.: 34631328

To contact our data protection officer, please call + 45 96 63 20 00.

Amendment of information letter

The Bank may amend this information letter without notice.

Notification of any amendments to the information letter will be in writing, in electronic form or by advertisement in the daily press, with reference to where on our website the amendments can be seen.