Privacy notice - personal customers

Here you can read about how we handle your personal data as a private customer, effective from May 16, 2024, for both existing and new private customers.

At kompasbank, we protect and respect your data and your privacy. When you wish to become a customer of kompasbank a/s, we process your personal data as the data controller.

This Privacy Notice applies to you as a private individual with a customer or potential customer relationship with kompasbank, as well as any family relations or close partners who are listed on the Danish Financial Supervisory Authority's (Finanstilsynet) PEP list.

In this Privacy Notice, we describe a range of matters related to how we handle your personal data when you open a savings account.

1. What are personal data?

Personal data is any kind of information that can be linked to you. When you open a savings account, you provide your information and answer security questions, which individually or collectively can be connected to you.

2. How do we process your personal data?

At kompasbank, we process your personal data confidentially and of course comply with the Data Protection Act, the EU’s General Data Protection Regulation (GDPR), guidelines from the Danish Data Protection Agency (Datatilsynet), and other relevant legislation.

We obtain your personal data when you apply to open a savings account. Additionally, we gather information from sources such as the Danish Financial Supervisory Authority's (Finanstilsynet) PEP list, the Central Person Register (Det Centrale Personregister), and other publicly available sources and registers.

We collect and process both regular (non-sensitive) and sensitive personal data:

  • Name, address, phone number, and email are regular personal data we process, just as we process your responses to security questions about your possible status as a Politically Exposed Person (PEP), whether you are of legal age, your tax obligations, income and employment status, where the money for your savings account originates, and the purpose of the savings account.

  • We may also collect sensitive information, such as if you are listed as a PEP due to political affiliation. As part of our mandatory customer due diligence, we may also register and process publicly available information online, such as news articles related to criminal cases where you may have been mentioned.

  • Finally, we process your CPR number for identification purposes, according to the Danish Anti-Money Laundering Act, and for reporting to the Danish tax authorities in compliance with the Tax Control Act (skattekontrolloven).

3. Purpose and legal basis for processing your personal data

We process your personal data for the following purposes:

  • Opening a customer account at kompasbank

  • Ongoing management of your customer relationship

  • Marketing

  • Termination of customer relationship

  • Compliance with applicable laws

We only request information that is necessary and relevant to fulfilling these purposes

To process your personal data, we need a legal basis (it must be legally allowed for us to process specific data). The relevant legal bases are listed below:

  • To comply with contracts and agreements with you (GDPR Article 6, 1, b), we must process personal data such as contact details. Without this, we cannot provide our products and services to you.

  • In some cases, the law requires us to collect and store your data (GDPR Article 6, 1, c). This applies, for example, to your identification information and the source of your funds, according to the Anti-Money Laundering Act, and your CPR number as required by the Anti-Money Laundering Act and the Tax Control Act, as well as your engagement and transactions under the Tax Control Act, Anti-Money Laundering Act, and Bookkeeping Act.

  • Some personal data we process because we have a legitimate interest (GDPR Article 6, 1, f) in balancing this against your privacy rights. This applies to security questions about your age and tax obligations in Denmark, as it helps simplify your onboarding process.

  • In some cases, processing your personal data requires your consent (GDPR Article 6, 1, a). Therefore, we obtain your consent for specific purposes such as marketing. Consent can be withdrawn at any time and will not affect your current services at kompasbank, though you may not be informed about new savings products.

4. Storage of your personal data

If you become a customer, we will store your personal data for as long as you are a customer. If you terminate your relationship with kompasbank, we will retain your personal data for five years, plus the current year, from the termination date.

Certain data will be retained longer in compliance with legal obligations, such as for statistical purposes. However, this data will be anonymized.

If you do not become a customer (i.e., you cancel the process before signing), we will retain your personal data for six months, after which it will be anonymized. If you have given marketing consent, we will keep your contact information for two years, or until you withdraw your consent.

5. Automated decisions

In certain situations, we will make decisions based on the automated processing of your personal data. This primarily occurs in relation to customer and account creation and during ongoing customer due diligence procedures.

6. Protection of your personal data

We have implemented several technical and organizational measures to ensure that your personal data is not accidentally or illegally deleted, disclosed, or misused.

7. Access to data and other rights

You have the right to access the information we have collected about you, and you have the right to have incorrect information deleted or corrected. You can also request restrictions on how we process your data, and in certain cases, you have the right to object to our processing based on our legitimate interest. If you object, we will reassess our right to process your data or determine whether we can meet your objection. You also have the right to transfer your data to yourself or another person or company (data portability). You can read more about your rights in the Danish Data Protection Agency's guide at www.datatilsynet.dk.

We retain documentation showing that we have complied with (or refused) your request to exercise any of your rights for two years.

You can exercise your rights by contacting our Data Protection Officer. See contact details below.

8. Data sharing (including third-country transfers)

We share your personal data with the following recipients:

  • Public authorities, such as the Danish Tax Agency for reporting your savings and interest, and other authorities if required to comply with legal obligations, including anti-money laundering reports, statistics, subpoenas, court orders, or search warrants.

We also use third-party data processors for the storage and processing of data, such as handling and storing your personal data in our IT systems. They process data solely on our behalf and may not use it for their own purposes.

We only use data processors and/or sub-processors within the EU/EEA or in countries that provide satisfactory protection of your data.

9. Right to withdraw consent

You can withdraw your consent to marketing at any time. You can do this through your online banking or by writing to us directly.

If you withdraw your consent, the processing we have already carried out based on your previous consent will not be affected. Your withdrawal will take effect once we receive your request.

10. Confidentiality

All our employees are bound by confidentiality. This means that information about you, including your personal data, will not be disclosed to third parties without proper authorization.

11. Data controller

kompasbank a/s, CVR no. 38803611, Frydenlundsvej 30, 2950 Vedbæk, is responsible for the data we collect.

12. Data Protection Officer

At kompasbank, we have appointed a Data Protection Officer to ensure we comply with data protection regulations. You can always contact our Data Protection Officer regarding our processing of personal data:

13. Danish Data Protection Agency

If you are dissatisfied with how we process your personal data, you can file a complaint with the Danish Data Protection Agency. You can find their contact details at www.datatilsynet.dk.

14. Changes

As a customer of kompasbank, you will be notified if we make any changes to how we collect and process personal data that affect you. The date from which this policy is effective is stated at the beginning of this document.

Last approved: 30. June 2025.