Data Protection Guideline

Guideline on processing of personal data within the Saxo Bank Group

Table of content

  1. Introduction

    1. In order to service our clients the Saxo Bank Group (hereinafter “the Saxo Bank Group” “we” or “us”) needs to collect personal data from our clients and/or potential clients, contact persons at suppliers and/or other business partners. The Saxo Bank Group also processes personal data about employees for the purpose of personnel administration. In light of the above, the Saxo Bank Group wants to ensure a high level of data protection as privacy is a cornerstone in gaining and maintaining the trust of our clients and/or potential clients, contact persons at suppliers and/or other business partners and thus, ensuring the Saxo Bank Group’s future business. The same applies to the processing of personal data about the employees.Protection of personal data requires among other things that appropriate technical and organisational measures are implemented to demonstrate a high level of data protection. the Saxo Bank Group has adopted a number of internal and external data protection policies, which must be followed by employees of the Saxo Bank Group. Additionally, the Saxo Bank Group will monitor, audit and document internal compliance with the data protection policies and applicable statutory data protection requirements, including the General Data Protection Regulation (“GDPR”)The Saxo Bank Group will also take the necessary steps in order to enhance data protection compliance within the organisation. These steps include the assignment of responsibilities, raising awareness and training within data protection of staff involved in processing operations. Please note that this data protection guideline will be reviewed from time to time to take into account any new obligations. Retention of personal data will be governed by our most recent retention policy. This data protection guideline, along with guidelines for processing of personal data, constitute the overall framework for processing of personal data within the Saxo Bank Group.
    2. “Personal data” is any information which may be related to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, phone number, age, gender, etc. Such personal data can for instance concern an employee, a job applicant, client/potential client, supplier and other business partners.
    3. Personal data can be categorized as ordinary non-sensitive personal data or special categories of personal data (sensitive personal data). Special categories of personal data are exhaustively outlined in the GDPR and include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, bio-metric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Ordinary non-sensitive personal data include all information that is not categorized as special categories of personal data (sensitive personal data). Such information can be name, address, telephone number, employee id, information about education, etc. Certain ordinary non-sensitive personal data may be considered confidential. This may, for instance, include information on income and wealth, and information on internal family relationships/matters. Confidential, ordinary non-sensitive data are normally subject to further security measures. The category of personal data will have an impact on which legal basis the processing of such personal data can be based on. Special rules apply to the processing of data about criminal offences and CPR-numbers. The various legal bases are described below in clause 2.
    4. Although information regarding companies/businesses is not as such personal data, please note that information relating to contact persons within such companies/businesses, e.g. name, title, work email, work phone number, etc. is considered personal data. However, personal data relating to a personally owned and run business are considered as personal data even if the personal data concern the business. Such personal data are considered as relating to an identified or identifiable natural person.
    5. The Saxo Bank Group collects and uses personal data for a variety of legitimate business purposes, including establishment and management of customer and supplier relationships, completion of purchase agreements, recruitment and management of all aspects of terms and conditions of employment, communication, fulfillment of legal obligations or requirements, performance of contracts, providing services to clients, etc. When carrying out such processing activities, the first step is to ensure that the general principles relating to the processing of personal data are complied with.

  2. Legal basis for the processing of personal data

    1. Besides complying with the general principles relating to the processing of personal data, the processing of the personal data must also be based on a legal basis. The legal basis will depend on, which category of personal data is being processed.In certain cases, if none of the above legal bases can be applied, the Saxo Bank Group will obtain the data subjects’ consent to the processing.
      The most predominant legal bases for processing special categories of personal data (if any) within the Saxo Bank Group are:Below, follows a more detailed description of the legal bases.

    2. Performance of a contract

      1. It will be legitimate to collect and process personal data relevant to the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This applies to all contractual obligations and agreements signed with the Saxo Bank Group, including the pre-contractual phase irrespective of the success of the contract negotiation.

    3. Compliance with a legal obligation

      1. The Saxo Bank Group must comply with various legal obligations and requirements, which are based on Union or Member State law. Such legal obligations, to which the Saxo Bank Group is subject, may be sufficient as a legitimate basis for the processing of personal data.2.3.2 Such legal obligations include obligations to collect, register and/or make available certain types of information relating to employees, clients, etc. Such legal requirements will then form the legal basis for us to process the personal data, however, it is important to note whether the provisions allowing or requiring the Saxo Bank Group to process certain personal data also set out requirements in relation to storage, disclosure and deletion.

    4. Legitimate interests

      1. Personal data will only be processed where it is necessary for the purposes of the legitimate interests pursued by the Saxo Bank Group, and these interests or fundamental rights are not overridden by the interests of the data subject. the Saxo Bank Group will, when deciding to process personal data, ensure that the legitimate interests do not override the rights and freedoms of the individual and that the processing will not cause unwarranted harm. An example of a legitimate interest of the Saxo Bank Group is to process personal data on potential clients in order to expand the business and develop new business relations. The data subject must be given information on the specific legitimate interests pursued by the Saxo Bank Group if a processing is based on this legal basis, cf. clause 4.1 below.

  3. Processing and transfer of
    personal data

    1. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum

  4. Rights of the data subjects

    1. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum

  5. Data Protection by Design and Data Protection by Default

    1. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum

Have questions?
Cultivate Financial Success with Personalized Support
Try Myriad Capital now
Image
Join Over 8000+ Active Users

Experience advanced trading tech, low commissions, expert support, personalized strategies, diverse products, educational resources, weighted loans, transparency, real-time insights. Empower your financial future with Myriad Capital.