On what basis do we process your personal data?

Obviously, we may not request or use your personal data without good reason. By law, we are permitted to do this only if 'the processing has a basis'. 

This means that we may only use your personal data for one or more of the following reasons:

Contract

We need your personal data to conclude a contract, for example if you want to open an account with us or take out a mortgage. 

Are you the representative of your company and has your company concluded, or does it want to conclude, a contract with us? Or are you the contact person, shareholder, managing director or Ultimate Beneficial Owner (UBO) of this company or one of our corporate clients? If so, we use your personal data for other reasons than the performance of the contract. We also do this if you are merely the beneficiary of a payment made by one of our clients.

Legal obligation

The law lays down many rules that we have to comply with as a bank. These rules state that we have to record your personal data and occasionally provide it to others. The following are just some examples of the legal obligations we have to comply with: 
  • We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These include asking you to prove your identity so that we know who you are. This is why we keep a copy of your identity document.
  • We have legal obligations under the Code of economic law (Wetboek Economisch Recht) or the Act for the prevention of money laundering and the financing of terrorism and for the limitation of the use of cash (Wet tot voorkoming van het witwassen van geld en de financiering van terrorisme en tot beperking van het gebruik van contanten) and under other laws  and specific provisions that require us to request and/or keep your personal data.
Other organisations may occasionally ask banks to provide personal data. These organisations include the FPS Finance, the judicial authorities and intelligence agencies. In addition, banks are sometimes required to share personal data with supervisory authorities, such as the Financial Services and Markets Authority (FSMA), the National Bank of Belgium (NBB) and the European Central Bank (ECB), for instance when they carry out research into business processes or specific clients or groups of clients. 

We are obliged to communicate to the Central Point of Contact (hereinafter CPC) certain data concerning our clients. The CPC is maintained at the National Bank of Belgium, located at 1000 Brussels, Berlaimontlaan 14, www.nbb.be. The data communicated to the CPC are identification data of the clients and the IBAN-numbers of their Bank accounts on January 1st 2010 or later. We are also obliged to communicate to the CPC certain data concerning the following types of contracts of our clients: mortgage loans, consumer loans, leasing contracts, openings of a credit line and investment services agreements.

All these communicated data will be maintained by the CPC until 8 years after the closing date of the accounts or contracts and will be kept available for the tax authorities in the framework of a potential investigation of tax fraud (cfr. article 322 § 3, WIB 92 and its implementing decree(s)). Every Client has the right to inspect his/her data, maintained by the CPC, at the National Bank of Belgium. The Client also has the right to have possible errors corrected or removed by the National Bank of Belgium.

In application of the Foreign Account Tax Compliance Act (FATCA) regulations, we must comply with a number of obligations. One of those obligations is the identification of the Client to determine whether or not the Client is a “US Person” in the meaning of the aforementioned regulations, or if any “US indicia” apply to the Client. If the Client is identified as a “US Person” or if any “US indicia” apply to the Client, we are required to pass on data and financial information to the authorities that have been designated in the inter-governmental accord between Belgium and the United States of America.

Within the framework of the Common Reporting Standards of the OESO, we are required to compile certain information about the accounts of our Clients who are (also) tax residents of a country other than Belgium.

As of 2017, this information will automatically be transferred to the FPS Finance department who, in turn, will pass on the information to the authorized foreign tax authorities. This concerns the identification data of Clients, the foreign tax identification number, the country, the IBAN account numbers and the accounts of the Client and information concerning the amounts and investment income. We are only required to report this data when it concerns accounts of Clients who are tax residents of a country that belongs to the European Union or another country with which Belgium has agreed to automatically exchange information with.

If the law or a supervisory authority stipulates that we must record or use your personal data, we are required to do so. In such case, it does not matter whether you are a client of ours or not. For example, every bank must check whether clients, and the representatives of clients (including corporate clients), are genuinely who they say they are. In addition, banks must keep a photocopy of an identity document for each of their clients. This means that we are not required to establish your identity if we only use your personal data because you are the beneficiary of a payment made by one of our clients. Your personal data may, however, be used in fraud prevention activities such as transaction monitoring or if we record your personal data in incident logs.

Legitimate interest of the bank or others

We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. We therefore balance all the interests. We explain the situations in which this happens using a few examples:
  • We protect property and personal data belonging to you, to us and to others.
  • We protect our own financial position (so that we can assess whether you are able to repay your loan, for example), your interests and the interests of other clients (in the event of a bankruptcy, for example). 
  • We carry out fraud detection activities so that clients and ABN AMRO do not suffer losses as a result of fraud. In this context, we keep the financial transaction history of the instructing party and the beneficiary.
  • We keep you up-to-date on product changes and send you tips, offers and other relevant news by means of direct marketing.
  • We aim to keep efficient records. We centralise our banking systems, make use of other service providers, and conduct statistical and scientific research. 
Someone else may also have a legitimate interest. For example, someone may accidentally transfer money to your bank account. In that case, we may, under certain conditions, provide your personal data to the person who issued the payment instruction. That person can then ask you to return the money.

Even if you do not have a contract with us, we may still use your personal data on the basis of a legitimate interest. In such case, we will obviously check first whether this is permitted, for instance for security purposes. We assess whether we may use personal data for marketing purposes on a case-by-case basis, and separately for each type of personal data and for each group of data subjects. We ensure that we do this in accordance with the law and the subject matter of this Privacy Statement.

Consent

If you have given us prior consent to process (certain) personal data, we may gather and process this data. You have the right to adapt or withdraw your consent at any time, which will not affect past processing but may affect or annul our activities based on your consent. [link intrekken/wijzigen toestemming]