Personal Data Processing

On this page, we will briefly describe how we may process your personal data.

Read our full information about how we process your personal data here>

You can also access a comprehensive version of our cookie handling policy here>

Read our full information about how we process your personal data for candidates here>

We will protect your personal data and your integrity by making sure we take all the relevant actions in accordance with the applicable laws, for example GDPR. We register and process your personal data so that we can offer you our services and at the same time fulfill all our statutory duties. A limited area around Carnegie’s premises is camera-monitored. The purpose is to prevent and investigate possible crimes to ensure the safety of employees and visitors and to protect the company’s assets. The legal basis is that the processing is necessary for Carnegie’s legitimate interest to fulfill this purpose. Recorded material is automatically deleted after one month. A longer storage period may occur for specific material in a specially handled case where deemed to be necessary and proportionate for the specified purpose. In these cases, the material is deleted when the purpose is fulfilled. Manual review of the recorded material takes place only on specially requested occasions. The recorded material may be disclosed to the Police or any other authority within the framework of preliminary crime investigations or if Carnegie has a legal obligation to disclose the material. In addition, the recorded material may be processed by security and surveillance companies that Carnegie hires. In banking matters, such as the purchase and sale of securities, which are conducted by telephone, personal data is also processed through the recording of telephone conversations.

Carnegie reserves the right to monitor the use its IT infrastructure including all network activity and Internet traffic to ensure information security. By using Carnegie’s wireless guest network you are aware of these conditions.

We may also process your personal data when you visit our website in the form of cookies, user information or other information that you register on the website. If you become a customer of Carnegie we will need to collect your personal data to fulfill the agreements we enter into with you and so that we can fulfill our duties and obligations as a financial institution.

We will not save your personal data for a longer period than what is necessary to fulfill the purpose for which your personal data was collected. How long that period may be depends on why the personal data was collected but if you become a customer of Carnegie we will need to save your personal data for as long as you havve a business relationship with us and eleven years thereafter, in order for us to fulfill legal obligations and our legitimate interest to be able to establish, exercise or defend Carnegis’s or your legal claims .

Under certain circumstances we may need to transfer your personal data to other entities of Carnegie group or third party suppliers that work for us. When this happens we will demand that your personal data is processed as safe and secure as if it was processed by us. When required by law we may also share your personal data with different authorities. In some cases your personal data may be transferred to countries outside the EU/EEA but only if we have made sure that sufficient data protection measures are in place.

More specific information about how your personal data is processed is disclosed when we collect such data, for example in connection with you becoming a customer of Carnegie or when you sign up for an event or a newsletter subscription with us.

You can always request information concerning what personal data is processed by us, request to block direct marketing, deletion of personal data, limitations on the processing of personal data, data portability or the rectification of personal data by contacting Carnegie’s Data Protection Officer. You can also contact the Data Protection Officer to obtain further information about how the Bank processes personal data. The Data Protection Officer can be contacted through email: