Recording of phone conversationsIncoming and outgoing calls may be recorded and stored for compliance with regulatory requirements and documentation.
Below, we have outlined how we process personal data in relation to phone conversations.
Purpose and legal basis for recording and storage of phone conversations
Telephone conversations are recorded and stored to document the content of our telephonic communications with you and are used for the purposes listed below:
We record and store phone conversations related to investment services in order to comply with our reporting obligations under the MiFID II regulation and the Market Abuse Regulation, c.f. Article 6(1)(c) of the GDPR.
In addition, we record and store phone conversations for the purpose of documenting what has been said, happened, and agreed during the conversation, c.f. Article 6(1)(f) of the GDPR.
Notification of recording
When you call a recorded employee, you will be informed if the conversation is recorded. In a number of cases, certain incoming and outgoing telephone conversations relating to investment services are recorded without you being informed of this prior to the conversation. In these cases, you have previously been informed of telephone recordings in connection with a contractual relationship with us.
The use of individual recordings in specific cases
Handling complaints and addressing security incidents
We may listen to recordings to investigate specific cases, such as complaints from you and security incidents, including cases of potential fraud or cases of threats to you, the Bank or our employees, c.f. Article 6(1)(f) of the GDPR, c.f. Article 6(4) of the GDPR, and section 5(2) of the Danish Data Protection Act.
Compliance and risk management
We may listen to samples of recordings for the purpose of checking and ensuring Danske Bank's compliance with internal and external rules in relation to compliance and risk management, c.f. Article 6(1)(f) of the GDPR, c.f. Article 6(4) of the GDPR, and section 5(2) of the Danish Data Protection Act.
Retention and deletion of your personal data
Under the MiFID II regulation, we are obligated to retain recorded phone conversations related to investment services for five years, c.f. Article 6(1)(c) of the GDPR. Subsequently, they will be automatically deleted, c.f. Article 5(1)(e) of the Data Protection Regulation.
We store phone conversations recorded for the other purposes for 20 months, c.f. Article 6(1)(f) of the GDPR.
If you or your Danske Bank conversational partner exercise their rights set out in the GDPR, for example by requesting access to a recorded phone conversation (before it is automatically deleted), we will review the recording and retain it to the extent necessary to ensure documentation of compliance with our obligations and/or to meet any related complaints, c.f. Article 6(1)(f) of the GDPR.
If you request that we restrict the processing of a recorded conversation (before deletion of the recording) according to GDPR Article 18, we are obliged to store the recording for the duration of the restriction, c.f. Article 6(1)(c) of the GDPR.
If a recording is involved in specific disputes or security incidents, the recording will not be deleted until the case(s) or incident(s) has been finally settled in accordance with the applicable statute of limitation, c.f. Article 6(1)(f) of the GDPR.
If the recording relates to several different purposes, it is retained according to the longest retention period.
Right to object
In certain circumstances, you have the right to object to the processing of your personal information in connection with recording and storage of phone conversations according to Article 21 of the GDPR. This is the case, for example, when the recording is based on our legitimate interests, c.f. Article 6(1)(f) of the GDPR.
Other information and your rights
In certain circumstances, you have the right to access, rectification or erasure of personal data and/or to restrict the processing. Read more about the data controllership, our sharing of personal data and your rights in our privacy notices for retail customers and private individuals and business customers.