Danmarks Nationalbank, together with the Danish Business Authority, collects historical information on microtransaction and payment data, including identity information, e.g. civil registration (CPR) number (data basis). The data basis may contain sensitive personal data.
Danmarks Nationalbank and the Danish Business Authority are joint data controllers in respect of the collection of the personal data. Both parties are responsible for complying with the provisions of the General Data Protection Regulation, including the implementation of appropriate security measures. Danmarks Nationalbank is responsible for observing the rights of the data subjects and for handling any security breaches.
The purpose of the processing is to examine the possibility of identifying patterns in the data basis in order to assess whether it will be possible in the future to establish a solution which supports the basis for payment statistics and underpins the efforts to combat financial crime.
The processing is necessary for the exercise our official authority and performance of a task carried out in the public interest (Article 6(1)(e) and Article 9(2)(j) of the GDPR and section 10 of the Danish Data Protection Act).
The data are processed for a period of 22 weeks, after which time all the data are erased.
The data are used exclusively for statistical and analytical purposes, and the personal data are pseudonymised. This means that employees analysing patterns in data will not be able to recognise your payment transactions. The data are not disclosed to others in a personally identifiable form.
We collect the data from the Danish Business Authority, the State Prosecutor for Serious Economic and International Crime and a financial company.