One of these measures is CCTV surveillance in and around our premises. We use a vehicle registration recognition system to grant access to our car park. We register visitors and require that they pass through a security scanner. We may also record telephone conversations (voice logging) in relation to incidents and disputes.
As a visitor to or passer-by of our buildings, you may be captured on video by one or more of our surveillance cameras. This implies that we process your image. This personal data processing is necessary for the performance of one of our tasks carried out in the public interest – i.e. protecting valuables – under Article 6(1)(e) of the GDPR. In its capacity as security service for DNB, the Royal Netherlands Marechaussee has access to the images.
Footage may be shared with the police or the Public Prosecution Service on demand in the event of incidents or road accidents.
We keep the images generated by the cameras positioned on the corners of our head office at Westeinde 1 for 28 days and retain the images of all other cameras for 10 days. In the event of incidents, relevant footage is retained for a maximum of 90 days.
Vehicle registration recognition
The right to park a car in DNB's car park is restricted to a small number of staff. On presentation of a staff ID card, a camera reads the vehicle registration and verifies it against a database of vehicles authorised for DNB's car park.
Visitor registration and security scans
We check the identity and monitor the movements of all our visitors, on the basis of their identity document and visitor pass. We record their names and email addresses, the numbers of their identity documents, the reasons for their visits and the names of their contacts at DNB, as well as the times of their visits and their movements in our building.
The identity document is scanned to verify its authenticity. Scanning might produce an alert (for example, if the identity document is stolen). The results of these scans are not retained. If the system produces an alert we will contact the Royal Netherlands Marechaussee and/or the police. Other personal data will be deleted six months after your visit.
Data processing is necessary because the tasks we carry out in the public interest – i.e. protecting confidential information and valuables – requires a high level of security pursuant to Article 6(1)(e) of the GDPR. Here you can find our detailed privacy statement.
Recording telephone conversations (voice logging)
We record calls received on DNB's general telephone numbers and on the Security Department's telephone number. The recording is stopped once callers have been put through, unless they are put through to the Communications Department or the Security Department. These recordings allow us to analyse telephone conversations in the event of incidents, e.g. bomb or other threats. We may also use recordings to improve our communications.
The telephone conversations of DNB staff in our dealing rooms are also recorded. In these calls, staff members negotiate with counterparties and customers about transaction-related disputes and their settlement. Recording these calls involves the processing of names, telephone numbers and conversation content. We record them with a view to providing clarity in disputes in order to settle them properly as soon as practicable.
Recording telephone conversations is necessary for the performance of our tasks carried out in the public interest under Article 6(1)(e) of the GDPR. These tasks involve protecting confidential information and valuables as well as conducting negotiations about transaction-related disputes. We retain recordings for a maximum of three months and two weeks and play them back only if prompted by an incident. Conversations qualifying for further analysis following an incident are retained longer, i.e. until the dispute has been resolved or the incident has been handled.