Profiling and the use of advanced technologies

As a bank, we are constantly on the lookout for more effective, secure and reliable technologies. Sometimes, the use of new technology requires us to make use of profiling. Profiling is permitted as long as we adhere to the rules. Below we explain why we do this, and when. 

 

Definition of profiling

The GDPR defines profiling as: “Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”. 
 
The law allows profiling. The definition given is a general definition within the meaning of the GDPR. The bank will not use your personal data to evaluate your performance at work or your health.

Fraud prevention

We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. We may take measures to prevent fraud where possible, which may include the use of profiling. For security reasons, we are unable to provide details of the precise measures to be taken.

Unusual transactions

As a bank, we have to comply with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft). We therefore pay particular attention to unusual transactions and to transactions that - by their nature - result in a relatively high risk of money laundering. For example, we examine transactions that are not in line with your normal transaction and transactions that share the same characteristics as money laundering or terrorist financing.
 
If we suspect that a transaction meets the legal definition of an unusual transaction, we must report it to the authorities. This examination - and any reporting - are not fully automated and do not take place without human intervention, as specialised bank staff are closely involved. Once again, we cannot go into detail on how transactions are examined because criminals could misuse this information. 

Duty of care, client centricity, and risk management by the bank

We may use profiling to ensure clients do not overextend themselves and to enable us to intervene soon when clients are in danger of experiencing payment difficulties. In that case, we first make a list of the most common characteristics of clients who have found themselves in financial difficulties. These characteristics are combined to create the profile. 
 
We then check whether there are any clients who meet this profile. Finally, we determine what we can do to prevent these clients from experiencing payment difficulties and how we can help them. The supervisory authority with responsibilities relating to the duty of care and client centricity expects banks to monitor the financial situations of their clients actively to ensure that clients do not overextend themselves. We always check the use of your data against the criteria laid down in the data protection legislation. 

Client acceptance and product acceptance

How do we make use of profiling when you apply to purchase a product and during the term of that product? The following example explains how we do this. Imagine that you apply for a loan from us: 

  1. We perform a risk assessment so that we can properly judge the risks run by you and by us. We do this for new clients and also for existing clients who want to buy additional products. We know from experience that certain characteristics can indicate whether you are able to repay a loan easily. These characteristics include whether you have a job or any debts. We assess these characteristics as part of our risk assessment. 
  2. Clients who are normally able to pay back a loan share a number of characteristics, as do clients who are normally unable to repay loans. Your characteristics are used as a basis for creating a profile. 
  3. We compare your information with our existing profiles before we assess how likely it is that you will not be able to repay the loan.

Marketing

We also use profiling to inform you about products and services provided by the bank. For example, we can select specific clients based on a group of clients that have taken out mortgages. We inform this group of clients about matters such as making their homes more sustainable and possibilities for taking out a loan to fund renovations. 

When we send you tips and offers, we try to work out what your interests are, based on various characteristics. We then look at specific aspects, such as your age category and whether you already have any other products from us. We will always first check whether you have objected to the use of personal data for marketing purposes

Automated decision-making

We may use automated decision-making if we enter into a contract with you for, say, an online loan. 

We do not make any decisions that produce legal effects concerning you or significantly affect you without the intervention of one or more competent bank employees. This also applies to situations in which the process leading to the decision is automated or profiling is used. Examples include client acceptance or the reporting of unusual transactions to the authorities. There are situations in which we use automated decision-making without any human intervention. This is permitted by law. 

These situations may, among other things, concern decisions not to execute transactions, such as iDEAL transactions, because they might be fraudulent. These decisions may be taken on the basis of a fully automated process without any human intervention. 

If we want to use automated decision-making that produces legal effects concerning you or significantly affects you, we will make this clear to you beforehand. We will inform you of your rights, such as your right to obtain an explanation of the decision reached by automated means, your right to express your point of view, your right to challenge the decision and your right to obtain human intervention.