Privacy Notice of Saxo Bank A/S
In accordance with disclosures required by the General Data Protection Regulation (“GDPR”), the following information provides an overview of how Saxo Bank A/S (“we”, “us”, “our”) use personal data we collect on our individuals such as clients, leads and other partners (all referred to below as “you”).
- Who is legally responsible for the safeguarding of your personal data
Saxo Bank A/S
Philip Haymans Allé 15,
(Company No: 15731249)
We are required to handle (“process”) your personal data securely and otherwise in accordance with the GDPR and if any national legislation requires a higher level of protection for personal data than the GDPR, such stricter requirements are to be complied with.
Should you have queries or complaints about the way in which we process your personal data, you may raise these with firstname.lastname@example.org or else with our Data Protection Officer via the contact details above or the following email address: email@example.com.
- What personal data might we collect about you and where do we get it from?
We will only collect data about you that is relevant in the context of the business relationship which we have with you. This information we will obtain directly from you. However, we also process personal data from other sources, which may include other Saxo Bank A/S entities, other companies and financial institutions, publicly available sources (e.g. the press, registers of companies, internet websites, including social media platforms) and from providers of business-risk screening services, anti-fraud databases, sanctions lists and databases of news articles.
The types of personal data that we process may include:
- Name, contact information;
- Records relation to our business relationship and relevant services, including data deriving from your usage of our IT platforms (including electronic communications), mobile apps; recorded telephone lines, office buildings, and from your engagement with our marketing activities;
- KYC (know your customer) records, such as passport details, social security number, date and place of birth, source of wealth, rationale for use of corporate structures, relationships with public officials, criminal record;
- Financial information, such as bank account details, specimen signature, income, assets, outgoings, investment objectives, marital status and details of knowledge about financial products and services, risk appetite, capacity for loss, tax status, domicile.
The purpose for which we process your personal data are summarized below, together with the specific grounds under data protection law which allow us to do this.
- For the performance of a contract
It may be necessary for us to process your personal data in order to perform a contract with you relating to our financial services, or to take steps at your request prior to entering into a contract. For further details, please refer to your contractual documentation with us.
- For compliance with a legal obligation or acting in the public interest
As a licensed bank, we are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes or to respond to investigations or disclosure orders from the police, regulators of our group entities, and tax or other public authorities.
- For the purposes of legitimate interests
Where necessary, we process your personal data to serve our legitimate interests or those of a third party. (The law permits this only insofar as such interests are not outweighed by a greater need to protect your privacy). Cases where we rely on our legitimate interests to process your personal data includes:
- Know-your-customer checks;
- Client and vendor relationship management;
- Business analysis and development of products and services;
- Activities relating to information security and building security, including use of recording;
- Managing the risk and optimizing the efficiency of our group operations;
- Recording of telephone lines and monitoring of electronic communications for business and compliance purposes;
- Prevention and detection of financial crime;
- Evaluating, bringing or defending legal claims;
- Servicing of Saxo Bank A/S’ products;
- Business restructurings.
- On the basis of your consent
If we wish to process your personal data in a way not covered by the legal justifications above, we would need your consent. Where you give consent, you are entitled to withdraw it at any time. Note that withdrawing your consent does not render our prior handling of your personal data unlawful, and that it might have an impact on our ability to continue to provide our services in the same way in future.
There are some categories of personal data which the law deems so sensitive that we generally need an individual’s consent to be able to store and use it. Information about a person’s biometric data is an example. If you voluntarily provide such information to us in circumstances where this could be relevant to the financial products and services we offer you (as could be the case for appropriate investment planning), we will take it that this constitutes your consent to use this information as appropriate. You could withdraw that consent but it may hamper our ability to ensure you receive the most suitable advice for your circumstances.
Where necessary to fulfil your instructions to us and for the other purposes outlined above, we may share information about you with a range of recipients including the following: background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, public authorities (including tax authorities), group entities and service providers, professional advisers, auditors, insurers and potential purchasers of elements of our business.
We will only disclose information about you as permitted under the contractual terms we have in place with you, the GDPR and client confidentiality obligations.
Please click here to see our categories of recipients of personal data.
We are active globally, which is part of our DNA and to offer you the best possible service and thus information relating to you may, in line with the purposes described above, be transferred to counties outside the EU/ EEA or so-called “third countries”, meaning countries outside the EU or the EEA that does not by default ensure the same safeguarding of your personal data.
However, if we use service providers in a third country, we are required to have them apply the same level of protection of your data as would be necessary within in the EU. We would typically achieve this through the use of standard data protecting clauses approved and published by the European Commission for these purposes. We will only transfer your personal data to a third country in a way that is permitted under the GDPR.
In general terms, we retain your personal data as long as necessary for the purposes for which we obtained it. In making decisions about how long to retain data we take account of the following:
- The termination date of the relevant contract or business relationship;
- Any retention period required by law, regulation or internal policy;
- Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.
Profiling in the context of this privacy notice is the use of an automated process to analyze personal data in order to assess or predict aspect of your behavior. We may use profiling in the following circumstances:
- To help identify potential cases of financial crime;
- To provide you with information on our products and services that seem likely to be of interest.
Subject to certain exceptions and limitations, by law you have right to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data that we hold about you corrected.
- Request erasure of your personal data. The enables you to ask to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your data, such as during the period of time it might take us to respond to a claim by you that the data is inaccurate or that our legitimate interest in processing it is outweighed by yours.
- Request us to transfer personal data that you gave us to you in a commonly used electronic format. This is known as the right to portability.
- Object to processing of your data. This enables you to object to processing of your personal data which is carried out.
- Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you that affect your legal position (or has some other significant effect on you) based purely on automated processing of your data. (We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did).
To exercise any of these rights, please write to us at firstname.lastname@example.org.
You are also entitled to submit any complaint you may have about our processing of your personal data to the Danish Data Protection Agency.
You are not required by law to provide us with personal data. However, if you refuse to do so we may not be able conduct further business with you. For example, in order to satisfy our anti-money laundering obligations, we have to verify the identity of you among other matters if you are to engage in a client trading relationship. This inevitably requires us to collect certain personal data from prospective clients.
We may update this privacy notice from time to time in order to clarify it or address changes in law or our business operations. We will notify you if we make any substantial updates.