Maritime and Merchant Bank ASA strives to always behave responsibly and ethically, and the behaviour we expect from our clients is mirrored by the standards we hold to ourselves. Corporate social responsibility is about combining profitability with responsible actions. The Bank focuses on responsible lending, to be a secure bank for our deposit customers, safeguarding customer privacy and preventing financial crime while caring for our employees.

The goal of the Bank is to support sustainable clients and partners over the long term, and we believe these results can be achieved through continued development of our own business while encouraging the positive development of customers and other partners. Being a sustainable bank will change with the requirements we face, and this will be a gradual and on-going process.

Environment

Shipping is a very important component of international trade, and currently represents the most efficient way of transporting large volumes of commodities and goods. Shipping transports the world’s needs for energy, food and goods between different markets. The total CO2 emissions for shipping accounts for about 3% of global CO2 emissions.

Making the shipping industry more sustainable is a collective challenge, requiring engagement from all actors across the value chain when it comes to decarbonisation, responsible ship recycling and safeguarding labour and human rights for seafarers and other shipping workers. As a financial institution we have the ability to provide guidance and support by sharing our knowledge, and we choose our partners and customers to bring about positive change.

In June 2021, the IMO adopted extensive new CO2 emission regulations applicable to existing ships. The regulations are divided into three different components: the Energy Efficiency Ship Index (EEXI) addressing the technical efficiency of ships; the Carbon Intensity Indicator (CII) rating scheme focusing the operational efficiency; and the Ship Energy Efficiency Management Plan (SEEMP) which concentrates on the management system. The regulations will be effective from January 2023.

The EU, through the European Commission, presented to the European Parliament and European Council in July 2021 an extensive package of proposals intended to reduce the EU’s total Green House Gas (GHG) emissions by 55% by 2030 in conjunction with EU’s overall goal for full decarbonization by 2050. The package contains comprehensive regulations of both operational and fiscal character for the maritime industry which will gradually be imposed from start of 2023. The International Maritime Organization (IMO)’s and EU’s proposed regulations are important steps towards radically reduced total emissions from the shipping industry. Maritime & Merchant Bank ASA will follow the thorough work for implementation of the respective regulations closely during the forthcoming years and will, to the best of our ability, support our clients in the work to adapt to the new rules.

Social

The Bank continuously works to ensure that women and men have equal opportunities, and that no individual shall experience any form of discrimination based on gender, colour, religion, age, sexual orientation, marital status, ethnicity, disabilities, political opinion or any other personal preference. The Bank promotes equality, which is reflected in our business processes for recruitment and staff/management development. We want to be an equal opportunities workplace, and 47% of the employees are female, and of the management group 25% are female.

Governance

The Bank has and shall continue to build a strong compliance culture. This ensures that the bank adheres to applicable laws, rules and regulations in the market and countries we operate in. As regulatory requirements continue to evolve, we will also continue to invest in developing our risk management framework and capabilities to ensure that any new requirements remain firmly embedded in our daily activities.

Our main focus in relation to corporate governance are matters related to ownership of clients, Anti Money Laundering, KYC (Know Your Customer) information and CFT (Combating the Financing of Terrorism). The Bank has developed an extensive template/questionnaire, which is sent to each potential corporate customer prior to opening of a business relationship.

Regulation of the Bank’s Processing of Personal Data

The bank is subject to the Personal Data Act and the General Data Protection Regulation (GDPR) 2016/679 in its processing of personal data. The bank has also joined the Finance Norway industry norm for the processing of personal data in banking and credit institutions.

Primarily, the bank will collect personal data directly from you as a customer. If information is collected from third parties (for example, from other banks/financial institutions and credit information companies), you will be notified, unless the collection is mandated by law, notification is impossible or disproportionately difficult, or it is clear that you are already aware of the information the notification would contain.

If the bank wishes to collect information from you that is not necessary for the fulfilment of the contractual relationship, the bank will first inform you that providing this information is voluntary and explain how the information will be used. In such cases, we will obtain your consent for the processing of personal data.

Categories of Personal Data Processed by the Bank

• Identification information such as name, personal identification number, and a copy of identification documents.
• Contact information such as phone number, address, and email address.
• Financial information such as customer and product agreements, transaction data, and credit history.
• Information to fulfil legal obligations such as anti-money laundering and reporting to public authorities.
• Special categories of personal data such as trade union membership for certain loan products.

Sources of Personal Data

We will process personal data you provide directly to us, or through an authorized agent you have empowered. We may also collect personal data about you from public registers.

Why We Process Your Personal Data

The bank will, at the inception and during the ongoing contractual relationship, register information about you and others associated with the contract, such as account operators. The bank will also register information about individuals whom the bank has declined to enter into an agreement with, in order to notify the person of the rejection and, if necessary, to document the relationship later, including that a rejection of deposits and payment orders was justified.

The primary purpose of the bank’s processing of personal data is customer management, financial advising, billing, and execution of banking and financing services in accordance with the agreements we have entered into with you. The bank will process personal data to the extent legislation imposes or permits such processing, or the customer has consented to such processing.

Customer Authentication for the Use of Electronic Services

When you use the bank’s electronic services, the bank may register user behaviour and environment as well as deviations from these, identify the computer or mobile device the customer uses for the bank service, and the status of the device, etc. This information will be used by the bank to ensure that the correct customer is using the service. The bank may also use this information in a risk assessment to tailor the authentication method the customer should use for the service.

Prevention and Detection of Criminal Acts and Financing of Terrorism

The bank will process personal data with the aim of preventing, detecting, investigating, and managing fraud and other criminal acts directed against you, other customers, or the bank. Information collected for this purpose may also be obtained from and disclosed to other banks and financial institutions, the police, and other public authorities. The information recorded can be stored for ten years after registration.

The bank will process personal data to prevent and detect transactions related to the proceeds of crime or related to financing of terrorism. The bank is obligated to conduct investigation and report suspicious transactions according to the Anti-Money Laundering Act. The bank is also required to report suspicious information and transactions to the Economic Crime Authority (Økokrim). Such information will be stored by the bank for five years after the end of the customer relationship.

Cookies

The bank’s website contains cookies. A cookie is a small text file stored on your machine. The file contains information that enables identifying a user across individual page loads. This can be used for statistical purposes through Google Analytics so that we can see how the website is used. You can adjust your browser settings if you wish to reject the use of cookies. By rejecting cookies from this site, you may not be able to fully utilize the website’s functionality.

Security

We use appropriate technical, organizational, and administrative security measures to protect information against loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Analysis and Development of New Services

The bank may collect information used to analyse how you as a customer use our services in connection with the improvement of existing products or the development of new services.

The bank may have a legitimate interest in analysing usage patterns to identify demand for potential new products and services, improve functionality in already existing products and services, and conduct tests in connection with development.

 

 

Transfer of Personal Data Outside the EU/EEA

To transfer personal data outside the EU/EEA, there must be a valid basis. Valid bases may include:

• The European Commission has decided there is an adequate level of protection in the respective country.
• Other appropriate safeguards are in place, such as the use of standard contractual clauses (EU’s standard clauses) approved by the European Commission.
• The data processor has valid binding corporate rules (BCR).
• There are exceptions in special cases, for example, to perform a contract with you or if you give your consent to the specific transfer.

Use of Data Processors

The bank uses data processors to collect, store, or otherwise process personal data on behalf of the bank. In such cases, the bank will enter into agreements with the data processor to ensure that the processing of the data is in accordance with privacy regulations and the bank’s requirements for the processing of personal data. The use of data processors is not considered a disclosure of personal data.

Retention Period

The bank will delete or anonymize personal data about you when the purpose of the individual processing is fulfilled unless the information shall or can be stored beyond this as a result of legislation. This means that personal data we process based on your consent will be deleted if you withdraw your consent. Personal data we process to fulfil a contract with you will be deleted when the contract is fulfilled and all obligations arising from the contract relationship are met.

Right of Access

You have the right to request access, correction, or deletion of the personal data we process about you. You also have the right to request limited processing, object to the processing, and the right to data portability.

You can request access to registered personal data, a description of the types of information processed, and more detailed information about the bank’s processing of the information by contacting the bank.

The right of access also includes the number of electronic inquiries as well as the time of the inquiry that employees of the bank or the bank’s data processor have made in accounts or other customer engagements. The right of access to electronic inquiries is limited to a period of up to three months after the inquiry. In case of special needs of individual customers, the bank can limit the number of employees in the bank who shall have access to, and insight into, the customer’s personal data.

 

To exercise your rights, contact the bank by sending a secure message via your online banking, sending a written request by mail along with a verified copy of your passport, or by personal appearance and presentation of approved ID.

We will respond to your inquiry as quickly as possible, and no later than 30 days. To respond to your inquiry, we ask you to verify your identity or to provide further information before we can respond to your inquiry. We do this to ensure that we only give access to your personal data to you and not to someone pretending to be you.

Changes in Regulations

Should there be changes in our services or changes in the regulations on the processing of personal data, this may lead to changes in the information you are given here. Updated information will always be readily available on our website.

Questions About Our Privacy Policy

If you have questions about our processing of personal data or wish to complain about this, you can contact us by sending a secure message via your online banking. See also contact information at the bottom of the page.

Any complaints about the bank’s processing of personal data about you can be directed to the Data Protection Authority.