Information on how we process personal data.
To ensure we earn your trust, we strive to be open about how we process your personal data.
Below, you can read about how the companies in the DNB Group process your personal data. You will also receive information about your rights and how you can exercise your rights in practice.
DNB is an international financial group consisting of the parent company DNB Bank ASA and a number of Norwegian and international subsidiaries. Together, this constitutes the DNB Group.
The data controller for the processing of your personal data will typically be the DNB companies with which you have a customer relationship. The data controller is responsible for determining what your personal data will be used for, how it will be processed and what aids and tools will be used. Sometimes, several DNB companies have a joint controllership.
This privacy notice applies to the following companies in the DNB Group:
See a more detailed illustration of the legal structure of the DNB Group here.
In addition to being the parent company in the DNB Group, DNB Bank ASA is in a cooperating group with Fremtind Forsikring AS and Fremtind Livsforsikring AS. Your insurance through DNB is provided by Fremtind Forsikring. Formally, Fremtind has the insurance contract with you. However, as a customer, when you buy or make changes to your insurance policy, or you need to get in touch with an insurance advisor, you will contact DNB. Both DNB Bank ASA and the Fremtind companies will act as independent data controllers. Although Fremtind is the result of a merger between SpareBank 1 and DNB, SpareBank 1 will not have access to your personal customer information in DNB.
Follow the link below to read the privacy notices from other DNB companies.
Information about your rights and our contact information on this page apply regardless of which DNB company you have a customer relationship with.
DNB Eiendom AS (Norwegian only)
Sbanken is a concept delivered by DNB Bank ASA. DNB Bank ASA is the controller for all of the processing of personal data within the Sbanken concept. You will find updated information about the processing of your personal data as part your customer relationship in the Sbanken concept on these pages.
When we collect and process information about you, you have rights under data protection rules and legislation. Below, we will provide you with an overview of your rights, what they entail, and how you can exercise the rights in practice.
We are obliged to respond to you as soon as possible and normally within 30 days at the latest. Sometimes we need some more time to respond to you. If so, we will provide you with an an explanation of why it is taking us longer to process your request and when you can expect a response from us.
You have the right to know whether we process your personal data. This means that you will be given a copy of/access to this data. You also have the right to receive more detailed information about what personal data we process and how we process it.
There are some exceptions to the right of access. This typically applies where we have a statutory duty of confidentiality, or where we are required to keep information secret in the interest of preventing, investigating or prosecuting criminal acts. If DNB cannot provide you with the information you request, you will be notified of the reason for this in writing.
How to exercise you right of access in DNB?
To request access you need to choose english language, log-in to your online bank and navigate to "Access to my personal data" under settings.
Request access to your personal data
If you have questions about the report or would like further information, you must request this manually. You can contact us via the ‘Write to us’ service in your mailbox in the online bank, or by post to DNB Bank ASA, Card and Bank Complaints PO Box 4750, 7469 Trondheim, Norway.
If you are an employee, former employee or have applied for a position in DNB and wish to request access to your personal data, please contact HR support at peoplesupport@dnb.no. Remember to provide a phone number where you would like to be contacted.
If your enquiry concerns DNB Næringseiendom AS or companies managed by DNB Næringseiendom AS, please contact us at servicesenter@dnb.no. Remember to provide a phone number where you would like to be contacted.
The right to object gives you, in certain cases, the opportunity to request that we stop using your personal data. We will always consider and respond to such an objection.
When processing personal data for direct marketing purposes, you always have the right to object (right to opt out).
The right to object applies in different contexts with slightly different conditions:
How to exercise your right to object in DNB
If you would like to object to a specific processing of your personal data, you can do so via our complaints department. For a more detailed overview of what types of processing you can object to, see the chapter entitled ‘Why we process personal data’.
You may always request that we stop using your personal data for marketing aimed directly at you, including profiling for such a purpose. If the marketing is based on your consent, you may withdraw your consent in the online bank under ‘Settings’.
If you are an employee, former employee or have applied for a position in DNB and wish to exercise your right to object, please contact HR support at peoplesupport@dnb.no. Remember to provide a phone number where you would like to be contacted.
If your enquiry concerns DNB Næringseiendom AS or companies managed by DNB Næringseiendom AS, please contact us at servicesenter@dnb.no. Remember to provide a phone number where you would like to be contacted.
If you believe that we are processing personal data about you that is inaccurate or misleading, you may require the data to be corrected or supplemented by additional information. You must be able to show that the data is inaccurate and inform us as to what is correct. After your enquiry, we will make sure to correct the incorrect personal data as soon as possible, and normally no later than within one month.
There may be cases where rectification is not practically possible, or where the information is correct but gives an incorrect impression. In these cases, we will ensure that your data is supplemented with additional information. That is, we will include your understanding of the situation, so that others will have a comprehensive overview of your situation.
If we have corrected your personal data, and we have previously provided that data to any third parties, we will attempt to notify those recipients of the changes if relevant. The obligation to notify of any changes does not apply if it proves to be virtually impossible for the recipient to implement corrections.
How to request rectification or supplementation with additional information
If you would like to request rectification or supplementation of your personal data, you can do so via our complaints department.
If you are a former employee or have applied for a position in DNB and wish to request rectification of your personal data, please contact HR support at peoplesupport@dnb.no.
If your request concerns rectification of your personal data in DNB Næringseiendom AS or companies managed by DNB Næringseiendom, please contact us at servicesenter@dnb.no. Remember to provide a phone number we can use to contact you.
If you are unsatisfied after having talked to us, you can submit a complaint by logging into our complaints portal, or you can contact us by post at: DNB Bank ASA, Card and Bank Complaints PO Box 4750, 7469 Trondheim, Norway.
In our complaints portal, you will find several categories to choose from. You can write ‘Data protection’ as the heading in the free text field. When you submit a complaint, we will process your complaint as soon as possible and normally within 30 days. You can follow the status of your complaint at the top of the complaint page after you have submitted your complaint. You will be notified in the online bank when your case has been processed, or if we need you to provide more information.
If you do not get the help you want through our complaints procedure, DNB has a Data Protection Officer who will answer your questions concerning the processing of your personal data. You can contact the Data Protection Officer at personvernombudet@dnb.no or by post: DNB, c/o Data Protection Officer, Dronning Eufemias gate 30, 0191 Oslo, Norway.
This applies for the following companies: DNB Bank ASA, DNB Livsforsikring AS, DNB Eiendom AS, DNB Boligkreditt AS and DNB Asset Management AS. If your enquiry concerns only one of the companies, please state that in your enquiry.
If you do not agree with us and wish to complain further, you can send your complaint directly to the Norwegian Data Protection Authority.
You have the right to obtain an overview of the electronic searches (consultation operations) DNB har carried out relating to your customer relationship. This overview is called a report on consultation operations.
The report includes:
If you suspect that DNB employees have carried our searches/consultation operations relating to your customer relationship without a valid reason, you should order a report on consultation operations. If, on the basis of the report on consultation operations, you believe that the searches are not consistent with your contract with the bank, you can order a further investigation.
DNB employees also have the right to data protection, so you will not be given the names of the employees who have carried out searches/consultation operations relating to your customer relationship.
How do you order a report on consultation operations from DNB?
You can order a report on consultation operations by downloading an order form here:
Order form (PDF)Open the file in a new tab
Fill in the form, attach a copy of your proof of identity, and send both by post in sealed envelope to:
DNB Bank ASA
Card and Bank Complaints
Reply 9414
0098 Oslo
You can also order a report on consultations by contacting the customer service centre via chat or by phone. They will send you the same order form for you to fill in and return togheter with a copy of you proof of identity in a sealed envelope.
If you have any questions about the report or would like more information, please contact us using the details in the letter you receive.
You have the right to receive certain personal data that we process about you so that it can be reused across different systems and services. The information you request is sent directly to you in a machine-readable format and may make it easier for you to transfer your information to a new service provider. This right is called ‘data portability’ and applies only to the personal data that:
Exceptions: You are not entitled to receive the following personal data, even if the above conditions are met:
How to request to have your personal data in DNB transferred to others
You can click on the link below to exercise your right to data portability. After you have logged in and we have verified your identity, you will receive a confirmation that we have received your request.
If you are an employee, former employee or have applied for a position in DNB and wish to request data portability, please contact HR support at peoplesupport@dnb.no. Remember to provide a phone number where you would like to be contacted.
If your enquiry concerns DNB Næringseiendom AS or companies managed by DNB Næringseiendom AS, please contact us at servicesenter@dnb.no. Remember to provide a phone number where you would like to be contacted.
If we process personal data about you, you have, in some cases, the right to demand that your data be deleted.
You may request the erasure of personal data if one of the following grounds is met:
In many cases, we are required to retain information about you, even if you request erasure. This applies both during your customer relationship, and for a certain time after agreements and your customer relationship have ended. In practice, this means that you cannot demand that your personal data be deleted when we have a legal obligation to retain your personal data or we must safeguard our legitimate interests. This also applies if we need to establish, exercise or defend a legal claim.
How to exercise your right to erasure in DNB
You can request deletion using our digital solution. In the form you can use the free-text field to specify which data you want deleted. You can choose which DNB company you want data deleted from.
If you don't use the free text-field, we will assume you want to delete all personal data that can be safely removed and that you are entitled to have deleted. If you have spesific data you want deleted, we recommend describing it in the free-text field when submitting your request.
Do not use this if you wish to terminate a product or agreement. Instead, please contact customer service by chat or phone on (+47) 915 04800.
If you are a former employee or have applied for a position in DNB and wish to request the erasure of the personal data we collected about you in that context, please contact HR support at peoplesupport@dnb.no.
If your request concerns the erasure of your personal data in DNB Næringseiendom AS or companies managed by DNB Næringseiendom, please contact us at servicesenter@dnb.no. Remember to provide a phone number we can use to contact you.
You may request that we restrict the way we process your personal data. This means that we cannot use your personal data actively. This is often in combination with other rights, for example to restrict the processing of your personal data while we consider a request for erasure or rectification.
For example, if you have asked us to correct your personal data, you can in the meantime request that we restrict the processing of this data until the error has been rectified.
We are obliged to restrict processing in some specific cases:
How to restrict the processing of personal data in DNB
If you would like to restrict the way we process your personal data, you can do so via our complaints department.
If you are a former employee or have applied for a position in DNB and wish to restrict the processing of your personal data, please contact HR support at peoplesupport@dnb.no.
If your request concerns the restriction of the processing of your personal data in DNB Næringseiendom AS or companies managed by DNB Næringseiendom, please contact us at servicesenter@dnb.no. Remember to provide a phone number we can use to contact you.
Automated decision-making is the process of making decisions solely based on personal data we are processing about you, without any human involvment.
You can always get an explanation of what is behind the automated decision and express your opinion. You can also contest the decision and demand that the decision made via the algorithm be reviewed by a person.
In DNB, we use automated decisions on the following processes
Do you have any questions about your rights or other questions concerning data protection?
Call us – perhaps we can resolve the issue over the phone. You can contact our customer centre on (+47) 915 04800 or chat with us in the online bank at dnb.no.
If you are unsatisfied after having talked to us, you can submit a complaint by logging into our complaints portal, or you can contact us by post at: DNB Bank ASA, Card and Bank Complaints PO Box 4750, 7469 Trondheim, Norway.
You can also contact our Data Protection Officer at personvernombudet@dnb.no.
Depending on your relationship with DNB companies and the products and services you use, we process the following types of personal data:
In order to provide you with services, comply with statutory requirements and quality assure the information you have provided to us, we collect personal data about you from third parties such as:
Most of the personal data that we collect and process will come directly from you, for instance when we process an application for a loan and other products and services we offer.
If you are affiliated with a company or other business that is a customer of DNB, we will collect and use your personal data if you are the owner, signatory or user of the company’s account.
Other examples where we collect personal data directly from you are:
Processing of personal data in DNB Bank
Processing of personal data in Asset Management
Processing of personal data in DNB Boligkreditt
Processing of personal data in DNB Carnegie Investment Bank AB
Processing of personal data in DNB Livsforsikring
Cookies are small text files that are stored and read on your device, for example on your computer or mobile phone, when you visit a website. Among other things, cookies make it possible to distinguish visitors to a website from each other and to collect data about how they use the website.
You can manage how you want us to use your cookies here. (Norwegian only)
We use cookies on our website (dnb.no) for the following purposes:
The data we process by means of cookies will in many cases constitute personal data. You can read more about how we process personal data under the chapter ‘Why we process personal data’. There, you can also read more about how we process information about your behaviour on our web pages in order to customise our marketing.
There are several situations where we share personal data with third parties. Such third parties include e.g. the authorities, payment service providers and business partners. We also share personal data with the companies in the Group, and with Fremtind Forsikring AS and Fremtind Livsforsikring AS.
Data protection rules and legislation regulate how and when such sharing with third parties may take place. In addition, there are provisions on confidentiality in several other acts that apply to the financial and securities sectors.
In order to provide our services and products, there are several situations where we need to disclose your personal data. For example, if you have instructed us to transfer money or securities, we will need to disclose certain information to relevant third parties in the transaction in order to perform the transfer.
DNB is a group consisting of a number of different companies, and multiple companies that are data controllers. There may be one or more companies within the Group that are the data controller for your personal data, depending on your relationship with one or more companies.
Sometimes we need to share personal data about you within the Group. For instance, this may be to fulfil customer agreements, to meet obligations under company law because requirements to our information security make it necessary, or due to anti-money laundering obligations. It may also be because we have a legitimate interest for various purposes mentioned in the privacy notice.
There are strict rules on confidentiality for financial services and investment firms, including for companies in the DNB Group. Before sharing personal data, we will always ensure that we also comply with our duty of confidentiality.
DNB has a shared customer register. The purpose of the Group customer register is to manage your customer relationship and coordinate offers of services and advice from the various companies in the DNB Group. The Group customer register contains information about you, such as name, date of birth, address and other contact details, which Group company you are a customer of, and the services and products for which you have entered into an agreement.
We use data processors in several situations. A data processor is a third party who processes personal data on our behalf. There are also data processing relationships within the DNB Group, such as when DNB Bank ASA is the data processor for other companies in the Group. The data processor does not have its own purposes for processing of personal data.
We have a data processor agreement with all our data processors, which regulates how and what personal data should be processed. This is how we ensure that personal data is processed in accordance with data protection rules and legislation and meets our own requirements for the processing of personal data.
We have data processors in Norway and in other countries both inside and outside the EEA, such as:
In some cases, we transfer personal data to organisations in countries outside the EEA, e.g. providers of IT services or other data processors. We can only make such transfers if the party to whom we transfer personal data has provided the necessary guarantees that the level of protection of the personal data is approximately the same as in the EEA.
It is also a requirement that the personal data concerned is ensured enforceable and effective rights related to the protection of this personal data in the third country.
In order for us to transfer your personal data outside the EEA, the GDPR requires us to have a valid legal basis for the transfer.
One of the following conditions must also be met:
This text was last updated 04.12. 2025