When do we use your personal data?
Of course, we are not allowed to request or use your personal data just like that. The law states that this is only allowed if there is ‘a basis for processing’. This means that we may only use your personal data if there are one or more of the following reasons for doing so:
Agreement
We need your personal data to enter into and also perform an agreement, for example if you want to open an account with us or take out a mortgage. This also applies when we provide innovative services to you, for example in the context of payment services for contactless payments.
Are you the representative of your company and does or does your company want to enter into an agreement with us? Or are you the contact person, shareholder, director or UBO of this company or one of our business customers? If so, we will use your personal data for reasons other than concluding or executing the agreement. We do this even if you are only a beneficiary of a payment from one of our customers.
Legal obligation
There are many rules laid down by law to which we, as a bank, must adhere. These rules state that we must record your personal data and sometimes give it to others. We give below some examples of legal obligations we have to comply with:
- Under the Financial Supervision Act (Wft), for example, we have a duty to take measures to prevent overcrediting. This means that we must use your personal data to have a clear picture of your financial situation when you take out a personal loan or mortgage with us. We also use your personal data to inform you about changes in interest rates and conditions.
- When granting a loan and during the term of the agreement with you, we must also comply with European laws and regulations. We are required to understand both our customers’ financial risks and the bank’s financial risks when granting loans, and to assess whether customers continue to meet their payment obligations during the term of a personal loan or mortgage you have taken out with us. To do this, we need information about your financial situation. We may also request this from you or from third parties (e.g. BKR).
- We must take measures to prevent and combat fraud, tax evasion, terrorist financing and money laundering. What do you notice? For example, we ask you to identify yourself so that we know who you are. This is why we keep a copy of your identity document with a watermark. In this case, you may not hide the BSN and your passport photograph. Sometimes the bank asks for a copy of your passport, for example to be more certain that contracts have been signed by the right person or when applying for a new product. In that case, you may hide the BSN and photo and we will not keep the copy.
- We may also ask you questions about certain transactions, what your source of income is or ask for an explanation about the origin of your assets is. You can find more information on the website of De Nederlandse Bank (DNB).
- There are laws that require us to retain your personal data, for example, the Civil Code (BW), the Financial Supervision Act (Wft), the Money Laundering and Terrorist Financing Act (Wwft) or the Bankruptcy Act.
Other organisations may sometimes request data from banks and in some cases we are obliged to provide this data to this third party. Examples include the Tax Authorities (for information reporting purposes, a reporting obligation with the aim of preventing tax evasion, CESOP or DAC 6) and investigation services that request data for the purpose of criminal investigations such as financial fraud and in the case of money laundering or terrorist financing. Furthermore, banks, and therefore we too, sometimes have to share personal data with regulators, such as the Financial Markets Authority (AFM), De Nederlandsche Bank (DNB) and the European Central Bank (ECB). For instance, if they are investigating business processes or certain (groups of) customers. In the context of the Banking Disciplinary Act, we sometimes have to provide personal data to the Banking Disciplinary Foundation.
If the law or the regulator indicates that we must record or use your data, we are obliged to do so. In such cases, it does not matter whether you are a customer with us or not. For example, every bank must check whether customers or representatives of (business) customers are really who they say they are. Identification is again not necessary for example if we only use your personal data because you are a beneficiary of a payment from one of our customers and you are not a customer of ours.
Legitimate interest of the bank or others
We may use your personal data if we ourselves have a 'legitimate interest' in doing so. We must then be able to demonstrate that our interest in using your personal data outweighs your right to privacy. We therefore weigh up all interests. But when is this?
- We protect property and personal data belonging to you, to us and to others.
- We protect our own financial position (e.g. to assess whether you can repay your loan or if we sell your loan or other obligations), your interest and the interest of others (e.g. in case of bankruptcy).
- We engage in fraud detection to help prevent harm to you and to us as a result of fraud.
- You will receive relevant tips and offers on the bank’s products and services. Regardless of whether you bank with us privately or professionally. And if you have taken out a mortgage with us, for example, we can also offer you a current account or an investment account.
- We want to run our administration efficiently and improve our data quality. We do this to provide you with the best possible service. We also need to organise our banking systems optimally and efficiently to meet our legal obligations.
- We research how we can improve our current core processes, (further) develop products and services and how we can better comply with legal obligations. To this end, we may use new technologies such as artificial intelligence. For each situation, we will consider which data we can use to develop, train and test new technologies.
- We are constantly looking for appropriate ways to secure your and our data as well as possible.
- The Economic Bureau of ABN AMRO conducts independent statistical research on the basis of aggregated data into, among other things, macro-economic trends such as growth of Dutch industry, consumer behaviour or economic impact on climate change. ABN AMRO’s Economics Department sometimes collaborates with universities to conduct academic research.
- Given our social role in society, we can conduct research on socially relevant topics such as improving fraud prevention including online bank fraud.
Someone else may also have a legitimate interest. Suppose someone has accidentally or under false pretences transferred money to your bank account. Then, under certain conditions, we may give your personal data to the originator of the payment. He can then ask you to refund the amount. You can find more information on the website of the Payments Association.