Privacy Policy

This privacy policy outlines how Finanstilsynet (the Danish Financial Supervisory Authority) collects and processes personal data in relation to the execution of its responsibilities.

This privacy policy explains how the Danish Financial Supervisory Authority (FSA) collects and processes personal data in connection with its responsibilities, including when you contact us or visit our websites.

We process the data you provide or that we collect in compliance with applicable regulations. We are committed to ensuring that your data is handled with respect for your confidentiality and privacy.

What is personal data?

Personal data refers to any information about an identified or identifiable natural person. This includes all forms of data that can directly or indirectly be linked to an individual. Examples include first and last names, home addresses, email addresses, bank account details or CPR numbers.

The Danish FSA as data controller

The Danish FSA acts as the data controller for any personal data we receive from or about you in relation to a case or enquiry. We also serve as the data controller when you sign up for our newsletter or consent to the use of cookies on our website.

We process the personal data you provide directly to us, as well as any data we receive from other authorities, companies or individuals. Additionally, we may collect data about you from these sources when necessary to carry out our duties.

The purpose and basis for the Danish FSA’s processing of your personal data

The Danish FSA’s official duties

The primary role of the Danish FSA is to oversee companies within the financial sector. This includes ensuring that companies maintain sufficient capital in proportion to the risks they undertake and that they comply with financial legislation, such as rules on consumer protection, the Danish Capital Markets Act and anti-money laundering regulations.

The majority of the Danish FSA’s personal data processing occurs as part of the exercise of its public authority. We also process various personal data when you contact us via email or through a contact form on www.finanstilsynet.dk, www.dfsa.dkvirksomhedsregister.finanstilsynet.dk or OAM.finanstilsynet.dkWhen you write to us, your enquiry and personal data are recorded in our electronic case and document management system.

In connection with its official duties the Danish FSA primarily processes non-sensitive personal data, including confidential information, such as:

  • Names
  • Contact details
  • Work-related information
  • Financial details
  • CPR number.

The basis for processing non-sensitive personal data is primarily Article 6, Paragraph 1, Letters c and/or e of the General Data Protection Regulation. For CPR numbers, the basis for processing is Article 11, Paragraph 1 of the Danish Data Protection Act.

We may process data related to criminal offenses when necessary for the performance of our official duties. This may include collecting criminal records when this may be required in order to carry out our responsibilities. The basis for this processing is Article 8, Paragraph 1 of the Danish Data Protection Act.

In certain cases, we may process sensitive personal data when necessary for the performance of our official duties, or if you provide such data when contacting us. Sensitive personal data includes health information and details about trade union membership.

The basis for processing sensitive personal data is primarily Article 9, Paragraph 2, Letter f of the General Data Protection Regulation.

Newsletter

The Danish FSA publishes a newsletter that can be subscribed to via our website. To distribute the newsletter, we process non-sensitive personal data, including:

  • Email addresses
  • Information about the newsletters you have subscribed to
  • Your consent

Our newsletters are sent based on your consent, and we process the data outlined above in accordance with Article 6, Paragraph 1, Letter a of the General Data Protection Regulation.

 

Cookies

The Danish FSA uses cookies on the websites www.finanstilsynet.dkwww.dfsa.dkhttp://www.virksomhedsregister.finanstilsynet.dk and OAM.finanstilsynet.dk

Finanstilsynet.dk and dfsa.dk

On www.finanstilsynet.dk and www.dfsa.dk, the Danish FSA uses a technically necessary cookie, which has been assessed as not requiring consent. For necessary cookies, the basis for processing personal data is Article 6, Paragraph 1, Letter e of the General Data Protection Regulation.

If you accept cookies that are not strictly necessary, please be aware that we may process your non-sensitive personal data for the purpose of website statistics.

For these types of non-necessary cookies, the basis for processing personal data is your consent, pursuant to Article 6, Paragraph 1, Letter a of the General Data Protection Regulation.

The Danish FSA also has a cookie policy that outlines how we manage cookies on our websites:

Cookie policy - www.finanstilsynet.dk

Cookiepolitik - www.dfsa.dk

OAM.finanstilsynet.dk

On www.OAM.finanstilsynet.dk, the Danish FSA uses a technically necessary cookie, which has been assessed as not requiring consent. This is in accordance with Article 4 of the Danish Cookies Law.

Virksomhedsregister.finanstilsynet.dk

On www.virksomhedsregister.finanstilsynet.dk, the Danish FSA uses a technically necessary cookie, which has been assessed as not requiring consent. For necessary cookies, our basis for processing personal data is Article 6, Paragraph 1, Letter e of the General Data Protection Regulation

If you accept cookies that are not strictly necessary, please be aware that we may process your non-sensitive personal data for the purpose of website statistics.

For these types of non-necessary cookies, the basis for processing personal data is your consent, pursuant to Article 6, Paragraph 1, Letter a of the General Data Protection Regulation.

The FSA also has a cookie policy that explains how we manage cookies, available at www.virksomhedsregister.finanstilsynet.dk

Visitors to the FSA premises

The FSA welcomes visitors in various contexts, such as job candidates or representatives from financial companies. 

For security purposes, video surveillance is conducted at all entrances to the Danish FSA, in accordance with Section 2(d) of the TV Surveillance Act. As a result, when you visit the Danish FSA, we will process non-sensitive information about you in the form of video footage.

Regarding video surveillance at the entrances to the Danish FSA, the basis for processing personal data is Article 6(1)(e) of the General Data Protection Regulation.

Who has access to your data?

Employees at the Danish FSA have access to your personal data only to the extent necessary for handling your case or enquiry, or in the course of fulfilling our duties as a public authority. Your personal data is stored securely and treated confidentially.

How long do we store your data?

The Danish FSA’s official duties

We retain and process your personal data only for as long as necessary to fulfill our obligations as a public authority and to comply with applicable legislation, including the Danish Archives Act.

Information about you in the Danish FSA's electronic case and document management system is transferred to the Danish National Archives for storage after the journal period, in which the case is closed, has ended.

Once a journal period has ended, the FSA will retain access to search the information in a historical version of the journal for a certain period. The historical version of the journal will be deleted no later than 15 years after the end of the journal period in which the case was closed.

Newsletter

We may retain your personal data for up to 30 days after you revoke your consent. After this period, we will delete the data, unless we are legally required to store it for a longer period.

 

Cookies

In our cookie policy, you can find more information about the individual lifespan of the cookies.

You can find the cookies policy here.

Visitors to the FSA premises

Video surveillance footage is stored for 30 days. After this period, the material will be deleted unless there is a legitimate reason to retain it for a longer period.

When do we pass on your personal data?

The Danish FSA’s official duties

We only pass on data when necessary for our regular duties. Data may also be shared if it is required for other authorities to carry out their tasks, in accordance with the rules on access to documents under the Danish Public Information Act and the Danish Public Administration Act.

In continuation of this, we note that data accessed by employees of the Danish Financial Supervisory Authority, persons performing service duties related to the authority’s operations, and experts acting on behalf of the authority through supervisory and liquidation activities, as well as confidential information they become aware of from Finansiel Stabilitet (the Financial Stability Board), will only be passed on in accordance with our duty of confidentiality under Article 354 of the Danish Act on Financial Businesses or similar provisions in the primary laws of the Danish Financial Supervisory Authority.

This may, for example, involve sharing information with the Financial Stability Board when the data is necessary for them to carry out their duties, or with the Danish Data Protection Agency in order to fulfill its responsibilities as an independent supervisory authority for ensuring compliance with data protection regulations.

The Danish FSA also publishes the results of our decisions or supervisory activities in certain cases. We do this when, as a supervisory authority, we are required to do so, or when there is otherwise a valid basis for such publication.

The Danish FSA cooperates with the Centre for Cyber Security’s sensor network. This means that data regarding traffic from the open internet will be shared with the Centre for Cyber Security to assess whether the traffic poses a risk to the Danish FSA. For example, this may include data about email addresses and the subject fields of incoming emails.

We share your personal data with our data processors. We have entered into data processing agreements with these processors and ensure that they comply with the terms of the agreements in accordance with applicable regulations.

Newsletter

We do not share your personal data, but transfer it to our data processors. We have entered into data processing agreements with these processors and ensure that they comply with the terms of the agreements in accordance with applicable regulations.

Cookies

If you consent to the use of cookies, please be aware that, in some cases, we share data about your use of our websites with our analytical partners. Our partners may combine this data with other information you have provided to them or that they have collected from your use of their services.

We also share your personal data with our data processors. We have entered into data processing agreements with these processors and ensure that they comply with the terms of the agreements in accordance with applicable regulations.

Visitors to the FSA premises

We do not disclose information about you in the form of video surveillance footage, except in exceptional cases where we are required to provide the footage to the police for use in criminal investigations.

Transfer to recipients in third countries, including international organisations

The Danish FSA’s official duties

In certain cases, the Danish FSA may transfer your personal data to recipients outside the EU and EEA. We will only transfer your data to recipients in third countries when we have the legal authority to do so under our specific legislation and when we have a valid basis for the transfer in accordance with the rules set out in Chapter V of the General Data Protection Regulation.

What are your rights?

The General Data Protection Regulation grants you several rights regarding the Danish FSA's processing of your personal data. For example, you have the right to be informed about how we process your personal data (disclosure obligation). These rights are explicitly stated in Articles 13-18 and Article 21. We are required to provide you with certain information if we process data about you. This applies both when we receive information from you directly and when we receive information from sources other than yourself.

Right to view the data (right of access)

You have the right to request access to the personal data the Danish FSA processes about you. This means you are entitled to see the personal data we hold on you and to receive information on how and why we process your data.

Right to rectification (correction)

You have the right to request the correction of inaccurate information about yourself. Additionally, you have the right to have your data updated or supplemented with additional information if it will make your personal data more complete or up to date.

Right to deletion

In certain circumstances, you have the right to request the erasure of your personal data before our usual deletion date.

Right to restriction of processing

In certain circumstances, you have the right to request a restriction on the processing of your personal data. If you have the right to restrict the processing, we may only process the data in the future – apart from storage – with your consent, or for the establishment, exercise, or defence of legal claims, or to protect an individual or significant public interests.

Right to object

In certain situations, you have the right to object to our processing of your personal data. For more information about your rights, you can refer to the Danish Data Protection Agency's guide on data subject rights at www.datatilsynet.dk.

Should you wish to exercise your rights, please contact the Danish FSA.

Complaints

If you believe that the Danish FSA’s processing of your data is in violation of the General Data Protection Regulation, you have the right to file a complaint with the Danish Data Protection Agency.

Data Protection Advisor

The Ministry of Industry, Business and Financial Affairs has a data protection advisor who also serves as the data protection advisor for the Danish FSA. The data protection advisor can provide you with further information on data protection regulations. The data protection advisor can also offer guidance on your rights regarding the processing of your personal data by the Danish FSA.

The data protection advisor can be contacted via email at dpo@em.dk, or by phone on 33 92 33 50, or by letter to: Erhvervsministeriet, att. Databeskyttelsesrådgiver, Slotsholmsgade 10-12, 1216 Copenhagen K.

If you wish to send a secure digital letter, it should be addressed to the Ministry of Industry, Business and Financial Affairs' primary inbox at em@em.dk, which will then be forwarded to dpo@em.dk.

Social media services

Our websites may include social media features, such as those from LinkedIn. By clicking on these, you will be directed to the relevant social media platform.

These platforms have their own privacy policies. We encourage you to carefully review their terms, conditions and privacy policies before clicking on the links and providing any personal data.

Our contact details regarding this privacy policy

Finanstilsynet

Strandgade 29
1401 Copenhagen K
Phone: +45 33 55 82 82
Email: finanstilsynet@ftnet.dk
CVR number: 10598184

The Danish Financial Supervisory Authority’s privacy policy was last updated 13th December 2024.

Last updated 03-03-2025