Personal Data Processing
On 25 May 2018 the General Data Protection Regulation (GDPR) will come into effect. This means increased rights and protection for you as an individual in relation to how your personal data can be processed. On this page we describe how we may process your personal data.
We will protect your personal data and your integrity by making sure we take all the relevant actions in accordance with the applicable laws, for example GDPR. We register and process your personal data so that we can offer you our services and at the same time fulfill all our statutory duties. A limited area around Carnegie's premises is camera-monitored. The purpose is to prevent and investigate possible crimes in order to ensure the safety of employees and visitors and to protect the company's assets. The legal basis is that the processing is necessary for Carnegie's legitimate interest to fulfill this purpose. Recorded material is automatically deleted after one month. A longer storage period may occur for specific material that in a specially handled case where deemed to be needed for the specified purpose. In these cases, the material is deleted when the purpose is fulfilled. Manual review of the recorded material takes place only on specially requested occasions. The recorded material may be disclosed to the Police or any other authority within the framework of preliminary crime investigations or if Carnegie has a legal obligation to disclose the material. In addition, the recorded material may be processed by security and surveillance companies that Carnegie hires. In banking matters, such as the purchase and sale of securities, which are conducted by telephone, personal data is also processed through the recording of telephone conversations.
Carnegie reserves the right to monitor the use its IT infrastructure including all network activity and Internet traffic to ensure information security.By using the Carnegie wireless guest network I’m aware of these conditions.
We may also process your personal data when you visit our website in the form of cookies, user information or other information that you register on the website. If you become a customer of Carnegie we will need to collect your personal data to fulfill the agreements we enter into with you and so that we can fulfill our duties as a financial institution.
We will not save your personal data for a longer period than what is necessary to fulfill the purpose for which your personal data was collected. How long that period may be depends on why the personal data was collected but if you become a customer of Carnegie we will need to save your personal data for as long as you stay a customer and a number of years thereafter, in order for us to fulfill legal requirements.
Under certain circumstances we may need to transfer your personal data to other Carnegie companies or other suppliers that work for us. When this happens we will demand that your personal data is treated as safe and secure as if it was processed by us. When required by law we may also share your personal data with different authorities. In some cases your personal data may be transferred to countries outside EU/EEA but only if we have made sure that sufficient protection measures are in place.
You can always request information concerning what personal data is processed by us, request to block direct marketing, deletion of personal data, limitations on the processing of personal data, data portability or the rectification of personal data by contacting Carnegie’s Data Protection Officer. You can also contact the Data Protection Officer to obtain further information about how the Bank processes personal data. The Data Protection Officer can be contacted through email: firstname.lastname@example.org.