Protecting and securing buildings and data 

CCTV surveillance 
As a visitor to or passer-by of our buildings, you may be captured on video by our surveillance cameras. 

Personal data categories 
Camera images showing you  

Legal basis  
We process this personal datum because it is necessary to carry out our task in the public interest task of protecting objects of value (Article 6(1)(e) of the GDPR) and/or our legitimate interest to protect DNB itself, its assets and the safety of our staff (Article 6(1) opening words and (f) of the GDPR).  

Your personal data and third parties  
Footage may be shared with the police or the Public Prosecution Service on demand in the event of incidents or road accidents. In its capacity as security service for DNB, the Royal Netherlands Marechaussee has access to the images. 

Licence plate recognition 
The right to use our car park is restricted to a small number of staff. On presentation of a staff ID card, a camera reads the vehicle’s licence plate, which is then verified against a database of vehicles authorised for DNB’s car park. 

Personal data categories 

• Licence plate 
• Personal data linked to the staff ID card   

Legal basis  
We process this personal datum because we have a legitimate interest in protecting persons and property (Article 6(1)(f) of the GDPR).    

Your personal data and third parties  
Footage may be shared with the police or the Public Prosecution Service on demand or when filing a police report in the event of incidents, including e.g. road accidents. 

Access to secured areas 
This processing is designed to determine which persons are granted access to DNB’s secured areas. Depending on the access level, persons are identified by means of a staff ID card only, or in combination with biometric data.  

Personal data categories 
Name, DNB number, card number, department, passport photo, company name (in case of insourced personnel), biometric data, access level and movements of staff ID card holders  

Legal basis 
We process this personal datum because it is necessary to carry out our task in the public interest task of protecting objects of value (Article 6(1)(e) of the GDPR) and/or our legitimate interest to protect DNB itself, its assets and the safety of our staff (Article 6(1) opening words and (f) of the GDPR).

Your personal data and third parties  
Footage may be shared with the police or the Public Prosecution Service on demand or when filing a police report in the event of incidents, including e.g. a street robbery or other incident in the street. 

Visitor registration and verification
We have implemented an access policy in order to protect our staff and property, and we register visitors in order to respond adequately in the event of an emergency. We verify the identity and presence of all our visitors by means of an identity document and a visitor pass. The identity document is scanned to verify its authenticity. 

Personal data categories  
Visitor name, visitor ID, visitor email address, reason for visit, times of presence at DNB, movements inside the building  

Legal basis 
Data processing is necessary because the tasks we carry out in the public interest – i.e. protecting confidential data and valuables – requires a high level of security (Article 6(1)(e) of the GDPR). 

Your personal data and third parties 
Scanning an identity document might produce an alert (for example, if the identity document is stolen). The results of these scans are not retained. If the system produces an alert we will contact the Royal Netherlands Marechaussee and/or the police. 

Recording telephone conversations (voice logging) 
We record calls received on our general telephone numbers and on the Security Department’s telephone number. The recording is stopped once callers have been put through, unless they are put through to the Communications Department or the Security Department. These recordings allow us to analyse the telephone conversations in the event of incidents − e.g. threats or bomb threats − so that we can take appropriate corrective and preventive measures. 

We may also use recordings to improve our communications. 

The telephone conversations of DNB staff in our dealing rooms are also recorded. In these calls, staff members negotiate with counterparties and customers about transactions and the settlement thereof. We record them with a view to providing clarity in disputes in order to settle them properly. 

Personal data categories 

• Names  
• Telephone numbers
• Conversation content  

Legal basis  
Recording telephone conversations is necessary for the performance of our tasks carried out in the public interest (Article 6(1)(e) of the GDPR). These tasks include the conducting of negotiations about transaction-related disputes and require the protection of confidential data and valuables. 

Your personal data and third parties 
We do not provide your personal data to third parties, but recordings may be used in legal proceedings.  

Monitoring use and security of digital operational assets 
With an eye to ensuring the reliability, integrity and confidentiality of our data, we monitor the use of digital assets made available to our employees, including email, collaborative tools, internet access, and applications for the digital exchange of data.  

Personal data categories
This is done by means of security monitoring, archiving security log files and the drawing up of reports on the basis of content filtering.  

Legal basis 
In order to perform our statutory task, we process personal data, which places high demands on security (Article 6(1)(e) of the GDPR).  

Your personal data and third parties 
Your personal data will not be shared with third parties, with the exception of any reports to the police and claims in connection with a criminal investigation.