Protecting personal information and the privacy of every customer is a natural part of all customer relationships. Resurs’s customer privacy procedures are based on proper compliance with laws and internal rules that stipulate how customer data is to be protected and how it may be used. Customers receive information about their rights and how these can be used, for example, the right to receive information about which personal data is processed (register extract) or to object to processing, for example, that which is related to direct marketing.

Resurs processes personal data for various purposes, the main purpose of which is to administrate and perform contracts. We must also comply with obligations under law, other regulations or regulatory decision. This could be legal obligations that, for example, regulate accounting and anti-money laundering, market and customer analyses, systems development and marketing to, for example, improve Resurs’s products and services for the customers. When the legal basis for processing is consent, the purpose must be provided and the customer must submit explicit consent.

Sensitive data

An example of when consent for processing personal data is required is when the personal data that is submitted to Resurs contains sensitive data. Sensitive data refers to information that reveals, for example, ethnicity, political views, religious or philosophical beliefs, trade union membership, genetic or biometric information that identifies a physical person, health status as well as other information about a physical person’s sex life or sexual orientation. The customer has the right to withdraw consent at any time. Resurs does not subsequently have the right to process the data on the basis of consent, and as such the information can no longer be used as the basis of an application or contract.

Consumer protection and privacy

Resurs continually safeguards consumer protection and privacy. The business has been brought into full compliance with the GDPR and the PSD2 directive, legislation that has come into force in recent years. In so doing, consumer protection has been strengthened as important customer value has been added through increased transparency and self-control over how personal data may be shared between financial organisations.

Management and control are critical tools in the risk management process. Resurs engages in proactive risk and incident management in order to ensure a satisfactory level of protection of information and personal data throughout the operation. Resurs also employs comprehensive control systems that flag abnormal transactions and cash flows, along with internal authorisation levels for managing information and performing services.

It should always be straightforward for employees to act properly, and therefore providing easy access to the latest versions of policies and guidelines is a priority, along with ongoing training to ensure that employees are familiar with regulations and generally raising awareness of risk. According to the training plan, all active employees must complete online training in GDPR at least every other year.


At year-end, at least 90% of all employees to have completed an online course on GDPR

Result 2019
91% of employees completed the course