Profiling

The GDPR defines profiling as: "Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements". Profiling is therefore permitted by law. This is a general definition that also applies to other controllers within the meaning of the GDPR. The bank will not use your personal data to evaluate your performance at work or your health.

We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. To the extent possible, we may take measures to prevent fraud, which may include the use of profiling. For security reasons, we are unable to provide details of the precise measures to be taken.

As a bank, we have to comply with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft). We therefore pay particular attention to unusual transactions and to transactions that - by their nature - result in a relatively high risk of money laundering. To do this, we need to create and maintain a risk profile of the client, in other words you. If we suspect that a transaction is connected with money laundering or terrorist financing, we will report this to the authorities.

The supervisory authorities expect us to do everything possible to avoid excessive lending, and to take faster action when clients are likely to get into financial difficulties. We may make use of profiling for this purpose too. In that case, we first make a list of the most common characteristics of clients who have found themselves in financial difficulties. These characteristics are combined to create the profile. We then check whether there are any clients who meet this profile. Finally, we determine what we can do to help these clients.

How do we make use of profiling when you want to purchase a product? The following example explains how we do this. Imagine that you apply online for a loan from us.

1. We notify you in advance of the procedure we follow to create a profile and what you can expect.
2. We carry out a risk assessment. We do this for new clients and also for existing clients who want to buy additional products. We know from experience that certain characteristics can indicate whether you are able to repay a loan easily. These characteristics include whether you have a job or any debts. We assess these characteristics.
3. Clients who are normally able to pay back a loan share a number of characteristics, as do clients who are normally unable to repay loans. Your characteristics are used as a basis for creating a profile.
4. We compare your profile with our existing profiles. Finally, we assess how likely it is that you will not be able to repay the loan.

We also use profiling to send you offers that are appropriate for you. For example, if you have a mortgage you will not receive any offers for mortgages from us. We attempt to identify your areas of interest, based on a number of characteristics. We then look at specific aspects, such as your age category and whether you already have any other products from us. You will only be selected for a relevant marketing campaign if you meet a specific profile. Obviously, we check the data protection rules to determine whether personal data may be used for that purpose. You may object to the creation of a personal client profile for direct marketing purposes at any time. If you do not have a contract with us, we determine whether direct marketing is permitted in specific situations.

We may use automated decision-making if we enter into a contract with you, for instance for an online loan.  

If we make a decision that has legal consequences for you or affects you to a significant degree, this will be done with the intervention of one or more competent bank employees. This also applies if the process that led to the decision is automated or if profiling was used. Examples include client acceptance or the reporting of unusual transactions to the authorities. 

There are situations in which we use automated decision-making without any human intervention. This is permitted by law. These situations may, among other things, concern decisions not to execute transactions, such as iDEAL transactions, because they might be fraudulent. These decisions may be taken on the basis of a fully automated process without any human intervention. 

If, at any time in the future, we want to use automated decision-making that has legal consequences for you or affects you to a significant degree, we will make this clear to you beforehand. We will inform you of your rights, such as your right to obtain an explanation of the decision reached by automated means, your right to express your point of view, your right to challenge the decision and your right to obtain human intervention.