This privacy policy governs how the Danish Financial Supervisory Authority (FSA) collects and processes personal data in relation to the Danish FSA’s responsibilities when you contact us or visit our websites.
We process the data you provide us or that we collect in accordance with applicable rules. We understand that your data should be processed with respect for your confidentiality and your privacy.
What is personal data?
Personal data is any kind of data about an identified or identifiable natural person. That is to say, all form of data that can be directly or indirectly linked to a person. This may, for example, be first and last names, a home address, an email address, a bank account or CPR number.
The Danish FSA as data controller
The Danish FSA is the data controller for the personal data we receive from or about you in relation with a case or inquiry. We are also the data controller when you sign up to our newsletter or if you accept the use of cookies on our website.
We process the personal data which you provide to us yourself, or which we receive from other authorities, companies or citizens. We can collect data about you from other authorities, companies or citizens when necessary for the performance of our duties.
The purpose and basis for the Danish FSA’s processing of your personal data
The Danish FSA’s official duties
The Danish FSA’s primary task is to supervise companies in the financial sector. We ensure, among other things, that companies have sufficient capital in relation to the risks they have taken on, and that the companies comply with financial legislation, including rules on consumer protection, the Danish Capital Markets Act and money laundering legislation.
The majority of the Danish FSA’s personal data processing occurs as a part of our exercising of public authority. We will also process a range of personal data about you when you contact us by email or through a contact form at www.finanstilsynet.dk, www.dfsa.dk, www.raadtilpenge.dk, virksomhedsregister.finanstilsynet.dk and OAM.finanstilsynet.dk. When you write to us, your inquiry and your personal data will be registered in our electronic case and document management system.
The Danish FSA primarily processes non-sensitive personal data, including confidential personal data, in relation with our official duties, such as:
- Names
- Contact details
- Work-related information
- Financial details
- CPR number.
Our basis for processing non-sensitive personal data is primarily article 6, paragraph 1, letters c and/or e of the General Data Protection Regulation. With regard to CPR numbers, our basis for processing is article 11, paragraph 1 of the Danish Data Protection Act.
We process data about criminal offenses when necessary in relation to our official duties. This may be when it is necessary for us to collect criminal records for the performance of our official duties. Our authority for this processing stems from article 8, paragraph 1 of the Danish Data Protection Act.
In some cases, we will process sensitive personal data when necessary in relation to our official duties or if you provide sensitive personal data when contacting us. Sensitive personal data includes healthcare data and information about trade union affiliation.
Our basis for processing sensitive personal data is primarily article 9, paragraph 2, letter f of the General Data Protection Regulation.
Newsletter
The Danish FSA publishes a newsletter that people can sign up to through out website. For the purpose of distributing the newsletter, we process non-sensitive personal data in the form of:
- Email addresses
- Information about which newsletters you have subscribed to.
- Your consent
Our newsletters are sent on the basis of consent, and we process data based on the above information about you pursuant to article 6, paragraph 1, letter a of the General Data Protection Regulation.
Account on Rådtilpenge.dk
The Danish FSA operates the website www.raadtilpenge.dk. If you choose to create an account on rådtilpenge.dk, the Danish FSA will process the following non-sensitive personal data about you:
- Email address
- Name
- Your consent
The account will be created on the basis of your consent, and we process data based on the above information about you in accordance with article 6, paragraph 1, letter a, of the General Data Protection Regulation.
Cookies
The Danish FSA uses cookies on its websites www.finanstilsynet.dk, www.dfsa.dk, www.raadtilpenge.dk and http://www.virksomhedsregister.finanstilsynet.dk. At OAM.finanstilsynet.dk, the Danish FSA uses a technically necessary cookie that the Danish FSA has assessed that no consent is needed for. This follows from article 4 of the Danish Cookies Law. We always process non-sensitive personal data in the form of:
- IP addresses
- Language choice
With regard to necessary cookies, our basis for processing personal data is article 6, paragraph 1, letter e of the General Data Protection Regulation. With regard to other cookies, our basis for processing personal data is your consent, cf. article 6, paragraph 1, letter a of the General Data Protection Regulation.
The Danish FSA also has a cookies policy which explains how we process cookies on our websites. If you accept other cookies that are not necessary cookies, you should be aware that we process other types of non-sensitive personal data than those mentioned above, depending on the circumstances. You can read more about our cookies policy here.
Visitors to the office
We meet visitors at our office, including job applicants and representatives from companies in the financial sector.
Closed-circuit television (CCTV) operates outside at all entries for security purposes. Therefore, we process your data in the form of CCTV-material, when you visit the office of the Danish FSA.
With regard to CCTV-material, our authority for processing personal data stems from article 6, paragraph 1, letter e.
Who has access to your data?
Employees at the Danish FSA have access to your personal data to the extent necessary for the handling of your case or inquiry or our duties as a public authority. Your personal data is stored safely and confidentially.
How long do we store your data for?
The Danish FSA’s official duties
We only store and process your personal data as long as is necessary for the purpose of us using the data in order to fulfil our obligations as a public authority and to comply with applicable legislation, including the Danish Archives Act.
The information in our electronic case and handling system will be deleted no later than 15 years after expiry of the filing period in which the case was finished.
Once the purpose of the processing has ended, and we have fulfilled our obligations as a public authority, your personal data will be deleted, anonymised or transferred to an archive in accordance with the rules of the Danish Archives Act.
Newsletter
We may store your personal data for up to 30 days from the date on which you revoke your consent.
We will then delete the data unless we are legally obliged to store it for a longer period.
Account on Rådtilpenge.dk
We may store your personal data for up to 24 hours after you have deleted your account on the webpage. We will then delete the data unless we are legally obliged to store it for a longer period.
Cookies
In our cookies policy, you can read more about the individual life span of the cookies. You can find the cookies policy here.
Visitors to the office
We store CCTV-material for 30 days. We will then delete the material, unless there is an objective reason to store it for a longer period.
When do we pass on your personal data?
The Danish FSA’s official duties
We only pass on data when it is necessary for our regular duties. Data may also be passed on if it is necessary for other authorities to carry out their duties and in accordance with the rules on access to documents in the Danish Public Information Act and the Danish Public Administration Act.
In continuation of this, we note that the data employees at the Danish FSA, people performing service duties relating to the Danish FSA’s operations, and experts acting on behalf of the Danish FSA, gain access to through supervisory and liquidation activities, and confidential information they become aware of from Finansiel Stabilitet will only be passed on in cases and in accordance with our duty of confidentiality in article 354 of the Danish Act on Financial Businesses or similar provisions in the primary laws of the Danish FSA.
This may, for example, be to Finansiel Stabilitet when the information is necessary for Finansiel Stabilitet to perform its duties or for the Danish Data Protection Agency’s performance of its duties as an independent supervisory authority for compliance with data protection regulations.
The Danish FSA also publishes the results of our decisions or supervisory duties in certain cases. We do this when we as a supervisory authority are obliged to do so and when there otherwise is a basis for such publication.
The Danish FSA cooperates with the Centre for Cyber Security’s sensor network. This means that data about traffic coming from the open internet will be passed on to the Centre for Cyber Security so the Centre can assess whether the traffic constitutes a risk to the Danish FSA. This mean, for example, that data about email addresses and subject fields of incoming emails will be passed on.
We pass on your personal data to our data processors. We have entered into data processing agreements with data processors and ensure that the data processors comply with the data processing agreements in accordance with applicable rules.
Newsletter
We do not pass on your personal data, but transfer it to our data processors. We have entered into data processing agreements with data processors and ensure that the data processors comply with the data processing agreements in accordance with applicable rules.
Cookies
If you consent to the use of cookies, you should be aware that in some cases, we pass on data about your use of our websites to our analytical partners. Our partners can combine this data with other information you have given them or that they have collected from your use of their services.
We also pass on your personal data to our data processors. We have entered into data processing agreements with data processors and ensure that the data processors comply with the data processing agreements in accordance with applicable rules.
Visitors to the office
We do not pass on your personal data in form of CCTV-material, unless circumstances require, that we pass on the material to the police for use in police investigations.
Transfer to recipients in third countries, including international organisations
The Danish FSA’s official duties
In certain cases, the Danish FSA may transfer your personal data to recipients outside of the EU and EEA. We only transfer your data to recipients in third countries when we have the authority to do so in bour special legislation and when we have a valid basis to transfer it in accordance with the rules of chapter V of the General Data Protection Regulation.
What are your rights?
The General Data Protection Regulation grants you a number of rights relating to the Danish FSA’s processing of data about you. For example, you have the right to receive information about our processing of your personal data (disclosure obligation). The rights are stated explicitly in articles 13-18 and article 21. We must provide you with a range of information if we process data about you. This applies both to when we receive information from you and if we receive information from entities other than yourself.
Right to view the data (right of access)
You can request access to the data the Danish FSA processes about you. This means that you have a right to see the personal data we have on you and that you have the right to receive information on how and why we process data about you.
Right to rectification (correction)
You have the right have incorrect information about yourself corrected. You also have the right to have your data supplemented with additional information if this will make your personal data more complete or up to date.
Right to deletion
In certain cases, you have the right to have data about you deleted before our regular deletion date.
Right to restriction of processing
In certain situations, you have the right to have the processing of your personal data restricted. If you have the right to restricted processing, we may in the future only process data with your consent, with the exception of storage, or for the purpose of raising or defending legal claims, or to protect a person or important public interests.
Right to object
In certain situations, you have the right to object to our processing of your personal data.
You can read more about your rights in the Danish Data Protection Agency’s guidelines on the rights of the data subject, which you can find at www.datatilsynet.dk
If you want to exercise your rights, you should contact the Danish FSA.
Complaints
You can raise a complaint with the Danish Data Protection Agency about the Danish FSA’s processing of your data if you believe that the processing is in breach of the General Data Processing Regulation.
Data Protection Advisor
The Ministry of Industry, Business and Financial Affairs has a data protection advisor who is also the data protection advisor for the Danish FSA. The data protection advisor can provide you with more information about the rules regarding data protection. The data protection advisor can also advise you about your rights in relation to the processing of your personal data by the Danish FSA.
The data protection advisor can be contacted at this email address dpo@em.dk, or by phone at 33 92 33 50, or by letter to: Erhvervsministeriet, att. Databeskyttelsesrådgiver, Slotsholmsgade 10-12, 1216 Copenhagen K.
If you want to send a secure digital letter, it should be sent to the Ministry of Industry, Business and Financial Affairs’ primary inbox em@em.dk, which will be forwarded to dpo@em.dk.
Social media services
Our websites may contain social media functions from, for example, LinkedIn. If you click these, you will be taken to that social media platform.
These platforms have their own privacy policies. We encourage you to read their terms, conditions and privacy policies carefully before you click on the links and thus hand over your personal data.
Our contact details regarding this privacy policy
Finanstilsynet
Strandgade 29
1401 Copenhagen K
Phone: +45 33 55 82 82
Email: finanstilsynet@ftnet.dk
CVR number: 10598184
The Danish Financial Supervisory Authority’s privacy policy was last updated 28th March 2023.