Information on the processing of your personal data at Jyske Bank

The below provides you with information on how Jyske Bank acts as a data controller in accordance with the data protection rules. You can read how and when we collect, process, disclose and store your personal data.

Personal data is information which can be used to identify you – either by itself or combined with other information, eg your name, civil registration number, account number and income. The information is treated in confidence and in accordance with the Danish Financial Business Act, the General Data Protection Regulation, the Danish Data Protection Act and Jyske Bank’s Terms and Conditions.

Our processing of your personal data depends on your relationship with us. In the following you can read more about how we process your personal data when you:

How we process personal data you have provided when using our websites, newsletters, email services and applications

Via our websites and in our applications we offer a number of services which imply that you enter necessary information such as your name, address, account number and email address. This information is only used to respond to your enquiry and provide you with the service in question. Moreover we receive information about your IP address – read more in our cookie policy (in Danish).

We only send newsletters if you have signed up and by doing so consented to us contacting you. You may unsubscribe at any time via a link in the newsletter. When you open emails from us, we may collect information about your behaviour in connection with an email (including opening of the email, clicking links, unit, email client, browser type and screen resolution) with a view to know your response and to improve the user experience.

Our processing of personal data - when you are on the premises of Jyske Bank

We have set up video surveillance at building fronts, entrances and other places, including till areas, ATMs etc. to prevent/solve crime and to ensure security. As a rule video recordings are deleted after 30 days and are only passed on in accordance with the Danish TV Surveillance Act (TV-overvågningsloven).

How we process personal data at Jyske Bank – when you are a customer

1. Collection and processing of personal data

Why do we process personal data about you?

We process personal data about you to be able to serve and advise you, to fulfil our agreements with you, to protect you and the Bank from fraud and to comply with the statutory requirements imposed on us as a financial undertaking.

The Bank processes information for the purpose of offering financial services of any kind, including payments, advisory services, customer relationship management, customer administration, insurance mediation and mortgage mediation, credit ratings, internal risk management, marketing and fulfilment of obligations in accordance with legislation.

Which personal data do we process?

Depending on the type of products and services you have or have shown an interest in, we process various information about you:

  • Basic personal data, eg name, address, tax-related issues, citizenship, civil registration number and any CVR number
  • Financial information, eg income, debt and assets
  • Information about your job, occupation or education
  • Information about your household and your family
  • Information about the products and services you receive from us, how you use them as well as the purpose and expected scope of your customer relationship with the Bank
  • Copy of proof of identity, eg passport or driving licence
  • We register our communications with you and record certain conversations, eg in connection with investments
  • We have set up video surveillance, including at entrances and ATMs 

If you do not provide us with the information requested we may be unable to provide you with advisory services or otherwise serve you. In some instances it may mean that the customer relationship must be terminated. This could be the case for instance if the information is necessary according to legislation.

Sensitive personal data

As a rule Jyske Bank only collects and processes sensitive information about you if you have given your consent, cf Article 9(2)(a) of the General Data Protection Regulation. However if you provide us with material, eg an email or a budget containing sensitive personal data about your health, your membership of a political party or a trade union, this will be considered your acceptance that the Bank may store the information, for example in the budget you have submitted. The Bank will not use the information in other contexts.

Information from third parties

If you use credit cards or payment cards, e-banking or other payment services, we will obtain information from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank statements, payment overviews etc.

We obtain information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessments we examine whether information has been registered about you with credit information agencies and on warning lists. This information is updated for as long as you are a customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

According to the Danish Money Laundering Act, the Danish Bookkeeping Act etc., we will store information, documents and other relevant registrations for at least five years after the termination of the business relationship or completion of the individual transaction.

Subject to request registered communications and recorded conversations in accordance with the MiFID rules (rules on investments) are available to you for five years. In exceptional cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video recordings are stored for no more than 30 days in accordance with the Danish TV Surveillance Act.

We will store information concerning lending for at least 20 years in accordance with the Capital Requirements Regulation for the purpose of preparing credit models. Furthermore we will store your account number, your civil registration number and the most recent entries for 20 years in accordance with the provisions of the Danish Time Limitation Act where the information concerns a deposit account. This enables us to provide documentation that the account balance has been paid out correctly.

2. Our legal basis for processing your personal data

Jyske Bank will register and use your personal data where:

  • necessary in order for us to fulfil agreements on products and services which we make available, cf Article 6(1)(b) of the General Data Protection Regulation
  • you have given consent to the processing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Protection Regulation
  • we are obliged to do so according to legislation, cf Article 6(1)(c) of the General Data Protection Regulation. In addition to the financial regulation in eg the Danish Financial Business Act, requirements exist under other legislation including in particular:
    • the Danish Money Laundering Act, according to which we are under an obligation to obtain proof of identity as well as information about the purpose and expected scope of the customer relationship. The information obtained is used for instance to classify the Bank’s customers according to risk. In addition, we are under an obligation to monitor financial transactions and to perform screenings according to sanctions lists with a view to preventing money laundering and financing of terrorism and to submit relevant reports to the public authorities. We are obliged to identify whether you are a politically exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.
    • the Danish Tax Reporting Act, according to which we are obliged to disclose information to the Danish Customs and Tax Administration about your financial circumstances. If according to our information your country of tax residence is outside Denmark we are moreover obliged to report information subject to special rules to the Danish Customs and Tax Administration, which may in turn exchange the information with the tax authorities of other countries.
    • the Danish Credit Agreements Act, according to which we are obliged in some cases to obtain and process information about your income, assets and your disposable amount when you request a loan or credit facility from us. We do this to be able to assess whether you are in a position to repay the loan or credit facility.
    • the Danish Bookkeeping Act, according to which we are obliged to register and store bookkeeping records – eg information about entries on your account.
    • the Danish Act on Payments, which regulates how and on which conditions we may process your payment information.
    • Civil Registration Numbers (CPR-nr.) are collected and used for a necessary unambiguous identification related to existing client relationships in connection with administrative tasks and advisory services in accordance with the Danish Financial Business Act and the rules on data protection.
    • the rules in the capital market legislation, including MiFID II and the Market Abuse Regulation, in relation to monitoring securities transactions to prevent market abuse and to submit relevant reports to the public authorities.
  • necessary to pursue a legitimate interest for &Ubanken, cf Article 6(1)(f) of the General Data Protection Regulation. This may, for instance, be for the protection against unauthorised use and loss, the pricing of your commitment with the bank, the strengthening of IT and payment security, the calculation of property value or for direct marketing purposes after balancing your and our interests. To learn more about our use of your data for pricing read https://www.jyskebank.dk/priser/prispolitik

3. Disclosure and transfer of personal data

In order to fulfil agreements with you, eg if you have asked us to transfer an amount, we will pass on information necessary to identify you and carry out the agreement. In some instances we will be obliged to disclose information about your identity to the bank which is to receive the money, cf the regulation on information accompanying transfers of funds.

Moreover we will disclose information about you to public authorities to the extent we are obliged to do so according to legislation, including to the Money Laundering Secretariat in accordance with the Danish Money Laundering Act and to the Danish Customs and Tax Administration in accordance with the Danish Tax Reporting Act. 

In addition we exchange information within the group and with external business partners (including correspondent banks and other financial institutions) if you have given your consent or if such disclosure is possible according to legislation, eg the Danish Financial Business Act or the Danish Money Laundering Act.

We are obliged to pass on information about you and your loan and credit issues to Danmarks Nationalbank and the Danish FSA in accordance with the National Bank of Denmark Act and the Danish Financial Business Act for the purpose of monitoring financial stability.

If you are in breach of your obligations to us we may report you to credit information agencies and/or warning lists in accordance with the Danish Data Protection Act.

In connection with IT development, hosting and support your personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. We employ a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency, to ensure that your rights and level of protection follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available here (in Danish).

How we process personal data at Jyske Bank – when you are considering becoming a customer

1. Collection and processing of personal data

Why do we process personal data about you?

Jyske Bank processes personal data about you because you have shown an interest in becoming a customer with us. We need information about you to assess the possibility of establishing a customer relationship with you and to give you relevant offers.

Which personal data do we process?

Depending on the type of products and services in which you have shown an interest, we collect and register various information about you:

  • Basic personal data, eg name, address, tax-related issues, citizenship, civil registration number and any CVR number
  • Financial information, eg account and custody account numbers with your current bank, income, debt and assets
  • Information about your job, occupation and education
  • Information about your household and your family
  • Purpose and expected scope of your customer relationship with the Bank
  • Copy of proof of identity, eg passport or driving licence
  • We register our communications with you and record certain conversations, eg in connection with investments
  • We have set up video surveillance, including at entrances and ATMs

If you do not provide us with the information requested we may be unable to provide you with advisory services or otherwise serve you. In some instances it may mean that we cannot establish a customer relationship with you. This could be the case for instance if the information is necessary according to legislation.

Sensitive information

As a rule Jyske Bank only collects and processes sensitive information about you if you have given your consent, cf Article 9(2)(a) of the General Data Protection Regulation. However if you provide us with material, eg an email or a budget containing sensitive personal data about your health, your membership of a political party or a trade union, this will be considered your acceptance that the Bank may store the information, for example in the budget you have submitted. The Bank will not use the information in other contexts.

Information from third parties

We obtain information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessments we examine whether information has been registered about you with credit information agencies and on warning lists. This information is updated regularly.

Storage of your data

We will store information you have given us for up to two years – even if you do not become a customer with us. We do this for instance to safeguard against fraud and to be able to provide documentation of our correspondence and any consent to receive marketing communications.

2. Our legal basis for processing your personal data

Jyske Bank will register and use your personal data where:

  • necessary in order for us to assess whether you can become a customer, cf Article 6(1)(b) of the General Data Protection Regulation
  • you have given consent to the processing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Protection Regulation
  • we are obliged to do so according to legislation, cf Article 6(1)(c) of the General Data Protection Regulation. In addition to the financial regulation in eg the Danish Financial Business Act, requirements exist under other legislation including in particular:
    • the Danish Money Laundering Act, according to which we are under an obligation to obtain proof of identity as well as information about the purpose and expected scope of the customer relationship. The information obtained is used for instance to classify the Bank’s customers according to risk. We are obliged to identify whether you are a politically exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.
    • the Danish Credit Agreements Act, according to which we are obliged in some cases to obtain and process information about your income, assets and your disposable amount when you request a loan or credit facility from us. We do this to be able to assess whether you are in a position to repay the loan or credit facility.
    • Civil Registration Numbers (CPR-nr.) are collected and used for a necessary unambiguous identification related to existing client relationships in connection with administrative tasks and advisory services in accordance with the Danish Financial Business Act and the rules on data protection.
    • The rules in the capital market legislation, including MiFID II and the Market Abuse Regulation, in relation to monitoring securities transactions to prevent market abuse and to submit relevant reports to the public authorities.
  • necessary to pursue a legitimate interest for the Bank, cf Article 6(1)(f) of the General Data Protection Regulation. This may, for instance, be for the protection against unauthorised use and loss, the strengthening of IT and payment security, the calculation of property value or for direct marketing purposes after balancing your and our interests.

3. Disclosure and transfer of personal data

In connection with IT development, hosting and support your personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. We employ a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency, to ensure that your rights and the level of protection follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available here.

How we process personal data at Jyske Bank – when you have a connection with a retail client

1. Collection and processing of personal data

Why do we process personal data about you?

Jyske Bank processes personal data about you because you have a connection with one of our retail clients or a potential customer, eg if you are a beneficiary, executor/administrator, guardian, hold a power of attorney, are a guarantor or a third-party chargor. We process information about you in order to comply with the statutory requirements imposed on us as a financial undertaking, because the customer relationship requires us to do so and so that you can conduct transactions in accordance with the requests of our customer.

The purpose of processing personal data about you is to offer financial services and products of any kind to our customer and to communicate with you and/or our customer in this regard.

Which personal data do we process?

Depending on your connection with our customer we collect and register various information about you. We always register:

  • basic personal data, eg name, address, civil registration number and any CVR number
  • our communications with you and we record certain conversations, eg in connection with investments.
  • we have set up video surveillance, including at entrances and ATMs.

Additional personal data will be collected if you hold a power of attorney or you are a guardian:

  • Information about the products and services you receive from us, eg e-banking or cards, and how you use them
  • In some instances copy of proof of identity, eg passport or driving licence, depending on the specific authority or guardianship.

Additional personal data will be collected if you are a beneficiary or an executor/administrator:

  • Copy of proof of identity, eg passport or driving licence.

Additional personal data will be collected if you are a guarantor or a third-party chargor:

  • Copy of proof of identity, eg passport or driving licence
  • Information about your job, occupation and education
  • Financial information, eg account and custody account numbers, income, debt and assets.

If you do not provide us with the information requested we may be unable to provide you with advisory services or otherwise serve you or our customer. This could be the case for instance if the information is necessary according to legislation.

Sensitive information

As a rule Jyske Bank only collects and processes sensitive information about you if you have given your consent, cf Article 9(2)(a) of the General Data Protection Regulation. However if you provide us with material, eg an email containing sensitive personal data, this will be considered your acceptance that we may store such information. The Bank will not use the information in other contexts.

Information from third parties

If on the basis of a power of attorney or a guardianship you use credit cards or payment cards, e-banking or other payment services, we will obtain information from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank statements, payment overviews etc.

We obtain information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessments if you are a guarantor or a third-party chargor, we examine whether information has been registered about you with credit information agencies and on warning lists. We will update the information regularly for as long as required by your connection with our customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

In accordance with the Danish Money Laundering Act, depending on your connection with our customer, we will store information, documents and other relevant registrations about you for at least five years after termination of the business relationship with the customer with whom you are connected.

Subject to request registered communications and recorded conversations in accordance with the MiFID rules (rules on investments) are available to you for five years. In exceptional cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video recordings are stored for no more than 30 days in accordance with the Danish TV Surveillance Act.

2. Our legal basis for processing your personal data

Jyske Bank will register and use your personal data where:

  • necessary in order for us to fulfil agreements on products and services which we make available, cf Article 6(1)(b) of the General Data Protection Regulation
  • you have given consent to the processing of your personal data for a specific purpose, cf Article 6(1)(a) of the General Data Protection Regulation
  • we are obliged to do so according to legislation, cf Article 6(1)(c) of the General Data Protection Regulation. In addition to the financial regulation in eg the Danish Financial Business Act, requirements exist under other legislation including in particular:
    • the Danish Money Laundering Act, if you are a guarantor, third-party chargor, holder of a power of attorney, executor/administrator, guardian or beneficiary: We are under an obligation to obtain identity information from you, and we are generally under an obligation to monitor financial transactions and to perform screenings according to sanctions lists with a view to preventing money laundering and financing of terrorism and to submit relevant reports to the public authorities.
    • Civil Registration Numbers (CPR-nr.) are collected and used for a necessary unambiguous identification related to existing client relationships in connection with administrative tasks and advisory services in accordance with the Danish Financial Business Act and the rules on data protection.
    • The rules in the capital market legislation, including MiFID II and the Market Abuse Regulation, in relation to monitoring securities transactions to prevent market abuse and to submit relevant reports to the public authorities.
  • necessary to pursue a legitimate interest for the Bank, cf Article 6(1)(f) of the General Data Protection Regulation. This may, for instance, be for the protection against unauthorised use and loss, the strengthening of IT and payment security, the calculation of property value or for direct marketing purposes after balancing your and our interests.

3. Disclosure and transfer of data

In order to fulfil agreements with you and our customer we will pass on information necessary to identify you and carry out the agreement.

Moreover we will disclose information about you to public authorities to the extent that we are obliged to do so according to legislation, including to the Money Laundering Secretariat in accordance with the Danish Money Laundering Act. 

In addition we exchange information within the group and with external business partners (including correspondent banks and other financial institutions) if you have given your consent or if such disclosure is possible according to legislation, eg the Danish Financial Business Act or the Danish Money Laundering Act.

If you have provided security for a facility we may be obliged to disclose information about you to Danmarks Nationalbank and the Danish FSA in accordance with the National Bank of Denmark Act for the purpose of monitoring financial stability.

In connection with IT development, hosting and support your personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. We employ a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency, to ensure that your rights and the level of protection follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available here (in Danish).

How we process personal data at Jyske Bank – when you have a connection with a corporate client or an association

1. Collection and processing of data

Why do we register and use information about you?

Jyske Bank processes personal data about because you have a connection with one of our association clients, corporate clients or a potential association client or corporate client, for instance if you are a beneficial owner (including if you take part in the day-to-day management or are a board member of an association), executive manager, authorised signatory, guarantor, third-party chargor, holder of a power of attorney, contact person or because an agreement has been concluded between you and one of our corporate clients (eg a stockbroker or a lawyer). We process information about you in order to comply with the statutory requirements imposed on us as a financial undertaking, because the customer relationship requires us to do so and/or so that you can conduct transactions in accordance with the requests of our customer.

The purpose of processing personal data about you is to offer financial services and products of any kind to our customer and to communicate with you and/or our customer in this regard.

Which personal data do we register and use?

Depending on your connection with our customer we collect and register various information about you. We always register:

  • basic personal data, eg name, address, civil registration number and any CVR number
  • our communications with you and we record certain conversations, eg in connection with investments
  • we have set up video surveillance, including at entrances and ATMs

Additional personal data will be collected if you hold a power of attorney:

  • Information about the products and services you receive from us, eg e-banking or cards, and how you use them
  • In some instances copy of proof of identity, eg passport or driving licence, depending on the specific authority.

Additional personal data will be collected if you are a beneficial owner (including if you take part in the day-to-day management or are a board member of an association):

  • Information about citizenship and copy of proof of identity, eg passport or driving licence.

Additional personal data will be collected if you are a guarantor or a third-party chargor:

  • Copy of proof of identity, eg passport or driving licence
  • Information about your job, occupation and education
  • Financial information, eg account and custody account numbers, income, debt and assets.

If you do not wish to provide us with the information requested or if we assess that the information is insufficient, we may be unable to provide you with advisory services or otherwise serve you or our customer. This could be the case for instance if the information is necessary according to legislation. In some cases it may mean that we are unable to establish a customer relationship with the corporate client with whom you have a connection or that the customer relationship must be terminated.

Sensitive information

As a rule Jyske Bank only collects and processes sensitive information about you if you have given your consent, cf Article 9(2)(a) of the General Data Protection Regulation. However if you provide us with material, eg an email containing sensitive personal data, this will be considered your acceptance that we may store such information. The Bank will not use the information in other contexts.

Information from third parties

If on the basis of a power of attorney you use credit cards or payment cards, e-banking or other payment services, we will obtain information from you, shops, banks and others. We do this for instance in order to execute and adjust payments and to prepare bank statements, payment overviews etc.

The Bank obtains information from the Danish Central Office of Civil Registration as well as other sources and records accessible to the general public. In connection with credit assessments if you are a guarantor or a third-party chargor, we examine whether information has been registered about you with credit information agencies and on warning lists. We will update the information regularly for as long as required by your connection with our customer.

Storage of your data

We will store your data for as long as it is necessary in relation to the purposes for which we collected and processed your data.

In accordance with the Danish Money Laundering Act, depending on your connection with our customer, we will store information, documents and other relevant registrations about you for at least five years after termination of the business relationship with the customer with whom you are connected.

Subject to request registered communications and recorded conversations in accordance with the MiFID rules (rules on investments) are available to you for five years. In exceptional cases the Danish FSA among others may request that the data is available for up to seven years. As a rule video recordings are stored for no more than 30 days in accordance with the Danish TV Surveillance Act.

2. Our legal basis for processing your personal data

Jyske Bank processes personal data about you where:

  • you have given your consent, cf Article 6(1)(a) of the General Data Protection Regulation
  • necessary in order for us to fulfil agreements on products and services which we make available, cf Article 6(1)(b) of the General Data Protection Regulation
  • we are obliged to do so according to legislation, cf Article 6(1)(c) of the General Data Protection Regulation. In addition to the financial regulation in eg the Danish Financial Business Act, requirements exist under other legislation including in particular:
    • the Danish Money Laundering Act, if you are a guarantorthird-party chargorholder of a power of attorney or a beneficial owner: We are under an obligation to obtain identity information from you, and we are generally under an obligation to monitor financial transactions and to perform screenings according to sanctions lists with a view to preventing money laundering and financing of terrorism and to submit relevant reports to the public authorities. If you are a beneficial owner we are moreover obliged to identify whether you are a politically exposed person (PEP) or closely related to one because special measures must be observed. A PEP is a person who is entrusted with one or more prominent public functions.
    • Civil Registration Numbers (CPR-nr.) are collected and used for a necessary unambiguous identification related to existing client relationships in connection with administrative tasks and advisory services in accordance with the Danish Financial Business Act and the rules on data protection.
    • The rules in the capital market legislation, including MiFID II and the Market Abuse Regulation, in relation to monitoring securities transactions to prevent market abuse and to submit relevant reports to the public authorities
  • necessary to pursue a legitimate interest for the Bank, cf Article 6(1)(f) of the General Data Protection Regulation. This may, for instance, be for the protection against unauthorised use and loss, the strengthening of IT and payment security, the calculation of property value or for direct marketing purposes after balancing your and our interests.

3. Disclosure and transfer of data

We will disclose information about you to public authorities to the extent that we are obliged to do so according to legislation, including to the Money Laundering Secretariat in accordance with the Danish Money Laundering Act. 

In addition we exchange information within the group and with external business partners (including correspondent banks and other financial institutions) if you have given your consent or if such disclosure is possible according to legislation, eg the Danish Financial Business Act or the Danish Money Laundering Act.

If you have provided security for a facility we may be obliged to disclose information about you to Danmarks Nationalbank and the Danish FSA in accordance with the National Bank of Denmark Act for the purpose of monitoring financial stability.

In connection with IT development, hosting and support your personal data is transferred to data processors, including data processors in third countries outside the EU and EEA. We employ a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency, to ensure that your rights and the level of protection follow your personal data. A list of countries to which the Bank transfers personal data as well as draft standard contracts are available here.

Privacy Policy on Recruitment

1. Which companies does this privacy policy apply to?

It applies to all companies in the Jyske Bank Group as well as any sub-group.

  • Jyske Bank A/S, Vestergade 8-16, DK-8600 Silkeborg A/S, business registration number (CVR): 17616617
  • Jyske Realkredit A/S, Klampenborgvej 205, DK-2800 Kongens Lyngby, business registration number (CVR): 13409838
  • Jyske Finans A/S, Kastaniehøjvej 2, DK-8600 Silkeborg, business registration number (CVR): 10157676
  • Gammel Skovridergaard A/S, Vestergade 8-16, DK-8600 Silkeborg, business registration number (CVR): 10157676
  • Jyske Invest Fund Management, A/S, Vestergade 8-16, DK-8600 Silkeborg, business registration number (CVR): 15501839

2. What is the basis and the purpose of collecting data?

We are the data controller in connection with the data that we collect about you, and we ensure that the personal data are collected and processed according to the legislation in force from time to time.

Processing and storage take place with a view to enabling us to implement a recruitment process and qualify the impression we have of you and your competencies. Moreover, Jyske Bank A/S must meet special, legal obligations, for instance in relation to criminal record checks.

See below for further details, among other things about your rights as a submitter of data.

3. General information about personal data that are submitted

Usual data

Personal data that we process in connection with the recruitment process will normally include the following data:

  • First and last name
  • Contact details, including residential address, telephone number and email address
  • The area in which you live and also in which you seek employment - geographic locations
  • Your application, including your description of yourself and other details that you include
  • Resume, including relevant experience and education
  • Grade reports/certificate of education
  • The position applied for
  • Other details that you yourself choose to give us, including, for instance link to LinkedIn profile, recommendations from previous employers, and photo

If you continue the recruitment process after the first interview, we will obtain the following confidential information about you.

  • Certificate of criminal record
  • References
  • Psychometric test results

The authority to collect, process and store data is based on a legitimate interest in being able to assess you and your professional as well as social competencies with a view to a specific job position. The collection, processing, and storage take place under the authority of Art. 6(1)(f) of the General Data Protection Regulation.

Certificates of criminal record

You must produce a certificate of criminal record, as the Jyske Bank Group is under an obligation to secure that an employee has not been punished for violation of the legislation applicable to financial services companies, among others Loven om Finansiel Virksomhed (the Danish Financial Business Act) and Loven om Forsikringsformidling (the Danish Consolidated Insurance Mediation Act). The actual certificate of criminal record will not be stored.

The collection and processing take place under the authority of Art. 6(1)(c) of the General Data Protection Regulation.

Residence permits

If you are not an EU/EEA citizen, you must produce a passport as well as a valid residence permit. This residence permit will be stored in a closed system if you are hired.

If you are not hired, the residence permit will not be stored.

The collection and processing take place under the authority of Art. 6(1)(c) of the General Data Protection Regulation.

References

Objective and subjective information from references (previous and current employees) provided by you will only be obtained subject to your consent, cf. S.12(3) of Databeskyttelsesloven (the Danish Data Protection Act).

You can at any time revoke your consent. We will process the information obtained on the basis of our legitimate interest in the objective information about your period of employment, work tasks, etc. as well as the subjective information about your professional and social competencies, among other things, to assess whether you are qualified for the job, cf. Art. 6(1)(f) of the General Data Protection Regulation.

Job agents created via the Jyske Bank Group’s internet

In connection with the creation of a job agent on the Jyske Bank Group’s website, you must at least state an email address, as otherwise it would not be possible to forward relevant job offers to you.

Processing and storage of these data take place according to Art. 6(1)(a) and (f) of the General Data Protection Regulation.

4. Transfer and use of data processors

In connection with IT development, hosting and support, your personal data will be transferred to data processors, including data processors in third countries outside EU and EEA. We use a number of legal mechanisms, including standard contracts approved by the EU Commission or the Danish Data Protection Agency to ensure that your rights and the protection level follow your personal data. Click here to see a list of countries to which the Bank transfers personal data and examples of such standard contracts.

5. Storage and deletion

We store your data as long as they are needed in relation to the purposes of our collection and processing.

Depending on your connection with us, we will according to Forældelsesloven (the Danish Limitations Act) as well as the stipulations of the General Data Protection Regulation, store information, documents, and other relevant registrations about you for at least five years after the last day of your employment.

6. Your rights

The bank’s duty of confidentiality and your right of access to information

The Bank’s employees are under a duty of confidentiality and are not allowed to disclose information which has come to their knowledge in the course of their employment with the bank unless authorised to do so.

You are entitled to know which data the bank processes about you where it derives from and for which purpose it is used. Also, you may be informed of how long we store your data and the recipients of your data. However, the right of access to information may be restricted by legislation. For instance, you cannot obtain information as to whether we have registered any information and, if so, which information we have registered, in connection with the investigations that we are obliged to make according to the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism. Nor can you obtain information as to whether we inform the Danish State Prosecutor for Serious Economic and International Crime or which information we disclose to the Money Laundering Secretariat (the Danish FIU) in case of suspicion of money laundering or financing of terrorism.

Your access may also be restricted for the purpose of the privacy protection of other people and in order to secure the Bank’s business foundation, business practice, know-how, business secrets and internal assessments and material.

Profiling and automated decision-making

In connection with your employment, no profiling and automated decision-making will take place.

Right to object to processing

Under certain circumstances you are entitled to object to our otherwise legal processing of your personal data. This is, among other things, the case when the processing takes place on the basis of our legitimate interest.

You are always entitled to object to our use of your personal data in connection with direct marketing purposes, including profiling related to such purpose.

Right to have your data corrected or deleted

If the data that the Bank has registered about you are incorrect, incomplete or irrelevant, you are entitled to a correction or deletion of the data subject to the restrictions ensuing from legislation or other legal basis. If we have disclosed incorrect information about you, we will see to it that the error is rectified.

Limitations to data processing

In certain cases, you will be entitled to limited processing of your personal data. If you are entitled to limited processing of your data, we will in future only process the data - except for storage - subject to your consent. We may also process your data with a view to establishing, enforcing or defending legal claims, or in order to protect a person or important public interests.

You can withdraw your consent

By contacting Jyske Bank HR, you can at any time revoke your consent to the Bank’s processing of your personal data. You should, however, be aware that we may then not be able to offer you employment as the data in question were collected with a view to employment. Even if you have withdrawn your consent, you must be aware that in certain cases we are still entitled to process your data, for instance if this is necessary in order to perform an agreement that we have concluded with you or because we are under an obligation to do so by law.

Right to receive your data (data portability)

If the bank processes information on the basis of your consent or due to an agreement, you are entitled to have the information you delivered to us handed out in an electronic format.

7. Data protection officer and lodging of complaints

If you have any questions, please contact the Bank’s data protection officer (DPO). You can contact the Bank’s data protection officer at [email protected].

If you are dissatisfied with the way we handle your personal data, you may file a complaint with the bank. Moreover, you may lodge a complaint with the Danish Data Protection Agency, Carl Jacobsens Vej 35, DK-2500 Valby or on the Danish Data Protection Agency’s website www.datatilsynet.dk.

Your rights

1. The bank’s duty of confidentiality and your access to information

The Bank’s employees are under a duty of confidentiality and are not allowed to disclose information which has come to their knowledge in the course of their employment with the Bank unless authorised to do so.

You are entitled to know which data the Bank processes about you, where it derives from and for which purpose it is used. Moreover you have the right to be informed of how long we store your data and who receives information about you. However access to such information may be limited by legislation. For instance you cannot obtain information as to whether and which information we have registered in connection with the investigations we are obliged to make according to the Danish Money Laundering Act. Nor can you obtain information as to whether we have notified the Money Laundering Secretariat or which information we have disclosed to the Money Laundering Secretariat in the event of suspicion of money laundering or terrorist financing.

Furthermore your access may be limited in order to protect other persons’ privacy and the Bank’s business foundation, business procedures, know-how, business secrets, internal assessments and material.

2. Profiling and automated decision-making

In certain cases, the Bank will carry out an automatic assessment of your personal data, for instance, to analyse your or your households financial situation or preferences. We do this, for instance, if we must prepare a statutory credit rating or investment profile, in connection with the pricing of your commitment with the Bank or with a view to targeting our marketing at you. To learn more about our use of your data for pricing read https://www.jyskebank.dk/priser/prispolitik 

The Bank makes use of automated decision-making to a limited extent. If decision-making is automated you will be informed of this in advance.

3. Right to object to processing

Under certain circumstances you are entitled to object to our otherwise legal processing of your personal data. This is, among other things, the case when the processing takes place on the basis of our legitimate interest or in connection with profiling and automated decisions.

You are always entitled to object to our use of your personal data in connection with direct marketing purposes, including profiling related to such purpose.

4. Right to have your data corrected or deleted

If the data that the Bank has registered about you is incorrect, incomplete or irrelevant, you are entitled to have the data corrected or deleted subject to the restrictions ensuing from legislation or other legal basis. If we have disclosed incorrect data about you we will make sure that it is corrected.

5. Limitations to data processing

In certain cases you are entitled to have the processing of your personal data limited. If you are entitled to limited processing, in future we may only process the data – except for storage – subject to your consent. We may also process your data with a view to making it possible to establish, enforce or defend a legal claim or to protect a person or important public interests.

6. You may withdraw your consent

You may revoke your consent at any time by contacting the Bank. Please note however that we may not be able to offer you our products or services. Even if you have revoked your consent you should be aware that in certain cases we may still process your data, for instance where it is necessary to carry out an agreement concluded with you or where we are required to do so according to legislation.

7. Right to receive your data (data portability)

If the Bank processes information on the basis of your consent or due to an agreement you may be entitled to receive the information you provided in an electronic format.

8. Data protection officer and complaints

If you have any questions, you may contact the Bank’s Data Protection Officer (DPO) at [email protected].

If you are not satisfied with our processing of your personal data, you may file a complaint with the Bank. In addition, you can file a complaint with the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Denmark, or via its website datatilsynet.dk.

Contact information – Jyske Bank

Jyske Bank A/S
Vestergade 8-16
8600 Silkeborg
CVR-nr. 17 61 66 17
jyskebank.com
Tel. +45 89 89 89 89

See also

IT Security Policy [PDF]