Privacy Statement

ABN AMRO Clearing and your personal data

Date: August 30th, 2018

This privacy statement sets out how ABN AMRO Clearing Bank N.V. (hereafter: AACB) processes your personal data. It also informs you on the rights that you have as a data subject. ABN AMRO Clearing Bank N.V. is the “Data Controller” and can be contacted at: 

ABN AMRO Clearing Bank N.V. 
Gustav Mahlerlaan 10
1082PP Amsterdam
The Netherlands
Email: aacb-privacy@nl.abnamro.com

Data Protection Officer:
ABN AMRO Bank N.V.
Privacy Office
Gustav Mahlerlaan 10
1082PP Amsterdam
The Netherlands
Email: privacy.office@nl.abnamro.com

1. Personal data we collect

AACB collects and processes personal data in order to carry out the business we have with you. We only collect your personal data on the grounds permitted by regulations and laws. Examples of the personal data we may collect include: 

  • personal details (names, nationality, place and date of birth, gender, photograph, IP address)
  • identification details (passport, ID card, photo ID, national identification number, social security number)
  • tax information (tax ID and tax status)
  • banking account details (bank account number, bank transfer information, credit history)
  • contact information (phone number, email address, postal address)
  • information about your employment (name of your employer)
  • data which relates to your use of our products and services (transaction and financial data)
  • other information from contact you have with AACB via social media such as LinkedIn and Twitter. We use social media channels to publicise our organisation, products and/or services
  • records of contact you have with us via phone calls, video calls, video conference calls and email
  • information in order to comply with our regulatory obligations (Know Your Client information, due diligence checks, anti-money laundering checks, transaction information, criminal record data)
  • video surveillance for the security of our buildings and systems, for example, if you visit us, we may capture images of you on camera and video
  • we make use of cookies and similar technologies on our websites and/or in client portals. For more details, see our Cookie Statement

2. How do we collect your personal data?

The personal data we collect and process is directly provided by you or obtained from other third party sources. We may use personal data collected from third party sources, such as: 

  • regulatory authorities that contain your personal data 
  • public sources such as newspapers and the internet 
  • data files from other parties that have collected personal data about you, such as intermediaries and Trade Registers and businesses who contact us regarding products or services who may provide us with information that relates to you

3. Why do we process your personal data and on what legal basis?

AACB only processes your personal data where permitted by law. We process your personal data: 

3.1 In order to perform a contract

We need certain personal data to enter into contracts and to provide our services. The type of personal data we need will depend on the type of service we offer and our relationship to you. For example, you may be a new or existing client or a contact person, shareholder, authorised signatory or beneficial owner of a client. We process personal data for assessing and accepting clients, carrying out risk assessments, risk management, reporting, carrying out our financial services and for execution, clearing and settlement on global markets. If you are unable to provide us with the personal data that is needed, we may not be able to enter into these contracts or provide our services.

3.2 In order to comply with our legal and regulatory obligations

The financial sector is one of the most regulated industries around. This means we have to comply with many rules. If the law, regulation or supervisory authority requirements stipulate that we must record or use your personal data, we are required to do this. Besides European rules, these rules also include the laws of countries outside the European Economic Area and the rules of self-regulatory organizations such as exchanges. Many of those laws require us to process personal data. For example, we are required to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These steps include asking you to provide proof of identity so that we know who you are - this is why we keep a copy of identity documents.

3.3 For the purpose of the legitimate interests of AACB or others

We may also process your personal data where necessary for our legitimate interests or those of a third party. We only do this where our interest in using your personal data outweighs your rights to data protection. We must balance all interests. Here are a few examples of when this might happen:
 
  • to undertake financial risk assessments in order to protect your and our financial position 
  • to protect property and personal data belonging to you, to us and to others
  • for reasons of security and integrity of the financial sector, clients and their employees and AACB. For example, we carry out detection activities to prevent or combat attempted or actual criminal acts such as fraud or terrorism
  • to collect proof of transactions
  • for your interests and the interests of other clients (for example, in the event of an insolvency) 
  • to record telephone calls for the purpose of improving our services or because of a legal obligation and for the prevention and detection of crime
  • to send you information on new products, service changes, market developments, technical issues and other relevant news for your business by means of direct marketing
  • for improvement of the products and services we offer you
  • for reasons of efficiency. For example, we may centralise our customer and business management systems, make use of other service providers, conduct statistical and scientific research, study possible trends, problems, root causes of errors and risks

3.4 Where you have given consent

We may also process your personal data based on consent you have given. Before you give consent, we recommend that you carefully read the information we provide concerning the use of your personal data. If you have given consent and you want to withdraw this consent, you can do that very simply and at any time by contacting aacb-privacy@nl.abnamro.com.

3.5 Other purposes

We may use your personal data for other purposes than for which you or your business supplied the personal data to us. In that case, the new purpose must be in accordance with the law and in line with the purpose for which you or your business initially provided your personal data to us.

4. Who do we share personal data with?

There are situations in which we are required to provide your personal data to other parties. Privacy law specifies how and when we are are able to transfer your personal data. We may share your personal data with:
 
Service providers and network parties
As part of our business we may disclose your personal data to various service providers and network parties that help us in our day-to-day operations and that help us to provide services to our clients. This includes: companies that provide outsourced services to us; network parties such as brokers, central counterparties, exchanges, central depositories and custodians; and professional advisors such as lawyers, accountants and auditors. 
 
Competent public authorities
In certain cases, we are required to provide your personal data to competent public authorities. For example, these include law enforcement agencies, government entities, tax authorities and regulatory bodies globally. 

4.1 Personal data transfers to AACB's entities outside of the European Economic Area

Your personal data may be transferred to and processed by AACB’s branches, subsidiaries and operations outside the European Economic Area (EEA) for the purposes outlined in this document. Personal data transfers to Non-EEA countries are governed by ABN AMRO Bank’s Binding Corporate Rules, as safeguard to ensure data transfers are carried out accordingly. The Binding Corporate Rules are approved by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
 
Personal data transfers are also carried out in compliance with applicable local laws. For the privacy statements of our Non-EEA entities, please click on the following link: 
 

4.2 Personal data transfers to other parties outside the European Economic Area

We may share personal data with other companies or organisations outside Europe, for instance, with network parties for tax reclaim purposes or in the context of an outsourcing agreement. Where the level of data protection in those countries has not been deemed as adequate by the European Commission, we ensure that we have separate European standard agreements with those parties in place.

5. Profiling

We make use of profiling. Below we explain why we do this and when. 
 
Fraud prevention 
We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. To the extent possible, we may take measures in order to prevent fraud, which may include profiling. 
 
Unusual transactions
We have to comply with anti-money laundering and counter terrorist financing laws. We therefore pay particular attention to unusual transactions and to transactions that, by their nature, result in a relatively high risk of money laundering. To do this, we need to create and maintain a risk profile of clients and of individuals who operate on behalf of the client or may provide guarantees or other securities in support of the client.
 

6. Warning system used by banks

Financial institutions in the Netherlands have developed a warning system to protect the safety and security of AACB and the financial sector. This system allows the banks to check whether a person:
  • has ever committed fraud 
  • has tried to commit fraud
  • or somehow forms a threat to the safety and security of the banking sector. 
For more information about this warning system and its workings, please visit the website of the Dutch Banking Association.

7. How do we determine the period for which your personal data is stored

The General Data Protection Regulation  does not stipulate specific storage periods for personal data. Other applicable laws and regulations may specify minimum storage periods. We are under the obligation to comply with such storage periods.
 
If we become involved in a lawsuit or other legal proceedings in the Netherlands or in another country, we keep personal data so that we can make a case for our position. We may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against us.

8. What rights do you have and how can you exercise them?

In the event that ABN AMRO Clearing Bank N.V. as an entity within the EEA controls your data or one of our entities outside the EEA where the General Data Protection Regulation applies, you have a number of rights. If you want to exercise the rights as listed below, please submit a request to us by contacting AACB via aacb-privacy@nl.abnamro.com.

 

Right to rectification

If the personal data we hold of you is incorrect, you have the right to request rectification. You also have the right to have incomplete personal data that we hold of you completed.

Right to erasure

You have the right to obtain from AACB the erasure of your personal data. However, we may not be able to do so in certain situations, such as if the company you work(ed) for is still client of AACB or if we are required by law to keep your personal data.

Right to object to processing for direct marketing purposes

If you no longer want to receive marketing from AACB, you can unsubscribe at any time. All marketing messages include this possibility and you can exercise this right easily.

Right to object to profiling

It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of your data. In such situations, we will of course comply with the law.

Right to data portability

Individuals with a contract with AACB have the right to receive their personal data in structured, commonly used and machine-readable format and to have that transmitted to another controller. However, this right only applies when your personal data is used to carry out a contract where you and not the business you represent is party to that contract, or when processing is based on your consent.

Right to restriction

You have the right to request that AACB restricts the processing of your personal data if the following applies:

• You have claimed that the personal data we hold of you is incorrect

• The processing of your personal data is unlawful. Instead of the erasure of your personal data, you can request AACB to restrict the use of it

• AACB no longer needs to process your personal data but still requires it for defence or legal purposes

• In case you object to the processing of your data by AACB based on legitimate grounds

Right to complain

Please contact us in case you consider that the processing of your personal data by AACB infringes data protection laws as set out in this privacy statement. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Updates to the Privacy Statement

Changes to the law or our services and products may affect the way in which we use your personal data. For this reason, we may need to amend this privacy statement. AACB shall notify you of any changes made to this privacy statement. The latest version of the privacy statement can also be found on AACB’s website. To download and save this privacy statement please click here.

10. Our contact person for your questions about data protection

If you have questions, the AACB Privacy Officers can be contacted at aacb-privacy@nl.abnamro.com