Last updated: Oslo, 14.09.21
The content of this document is in accordance with the privacy statement in BB’s internal routines, which is binding for all of our employees.
BB offers a wide range of financial services for businesses (B2B), mainly; cost reduction services of our clients’ current banking arrangements and setup. Consequently, BB receives financial information about our customers and our customers’ customers, i.e. 3rd parties, through our ordinary course of business. These third parties may be private individuals, and the information pertaining to these third parties may in some cases be personal information, in the form of behavioural patterns. For example, the information may contain personal information on what, where and how much the third-parties trade with our customers, as well as other information that BB’s customers use for commercial purposes.
BB does not utilise the information about its customers’ customers (third parties). However, information may be made available to BB as part of the service performed on behalf of our customers. Although the information is not required for the services rendered by BB, BB is responsible for handling and storing the information received.
3. DATA CONTROLLER, SUPERVISORY AUTHORITY AND DATA PROCESSOR AGREEMENTS
BB operates in several European countries.
Head of Shared Services in BBs Group Executive team is responsible for the company’s handling and storage of personal data in all markets in which BB operates and has a special duty of confidentiality for all personal data stored and/or handled by BB.
Head of Shared Services is based in BB’s head office in Oslo, and as such, BB’s supervisory authority for all markets in EU/EEA is The Norwegian Data Protection Authority (Datatilsynet).
A separate data processor agreement between BB and SuperOffice Norge AS for our CRM-System regulates what information the provider has access to and how it should be processed.
A copy of the Privacy Notice accompanies our agreements, which are duly signed by our customers in advance of the commencement of our services. Upon acceptance of the contract, the customer provides explicit consent for BB’s potential receipt of personal data, and that these data will be handled in accordance with this Privacy Notice, with any additional restrictions imposed by the source of the data.
5. PURPOSE/ PROPORTIONALITY /SECURITY
The personal information BB comes into possession of shall be stored and collected for specified, legitimate purposes, and will under no circumstances be disclosed to others.
The registration of privacy data is proportional, in the sence that it must be balance between the one that has been registered and the Registrar (BB).
When it is evident that the received and collected data is no longer required for the fulfilment of the contractual obligations, the data will be deleted or anonymized.
A) RECEIPT OF DATA
Bank Brokers Shared Services team is responsible for handling the data we receive from our customers, and/or the data collected on behalf of our customers. The data is added to our filing system, as well as our well developed and highly secure CRM-system.
The responsible analyst from the Shared Services team that receives the information is responsible for assessing the received information and determining whether the information contains personal data. If the data received contains personal information, or if there is any uncertainty regarding the content of the received information, the Head of Shared Services shall be informed and will thereafter be responsible for the appropriate handling of the received information.
If the data received contains personal data it shall be assessed whether the information is required by BB to be able to meet the contractual obligations to our customers or if the data can be deleted.
If the personal data is required by BB to meet the contractual obligations to our customers, the storage of personal data will be highlighted in the project information in our CRM-system.
The CRM-system and filing system clearly states who has the permission to access information relevant to any ongoing or historic project.
When a Bank Brokers employee has the ability to access data containing personal information, the person shall be made aware of the fact that the file may contain personal information and that accessing the information is therefore subject to a special duty of confidentiality.
C) STORAGE AND DELETION
Upon completion of the contractual obligations, the data that contains personal information is deleted, unless storage is considered necessary for further customer involvement or if it is likely that BB will perform additional services for the client within the next 12-months.
In the event of a possible deviation from this Privacy Notice, BB’s employees shall immediately notify the Head of Shared Services. This also applies if the event or circumstance is not covered by this Privacy Note, and if the occurrence can be described as unforeseen.
We further encourage our customers to notify us if they believe BB are deviating from the Privacy Notice.
BB shall in the event of any deviation immediately take the necessary actions to ensure that the personal information is processed anonymously and in accordance with the Privacy Notice.
If there is/has been a security breach and/or there has been unauthorised access to personal information BB are responsible for, BB shall, within 72 hours, notify The Norwegian Data Protection Authority (Datatilsynet). This also applies if BB does not have a complete overview of the security breach.