Privacy Statement
We collect and process personal data of individuals who:
- Act as representative or contact for one of our clients.
- Are a beneficiary of or are involved in our services and other activities.
- Are users of our websites and other digital channels.
Each individual whose personal data we collect and process may expect from us that we handle this data carefully and confidentially.
Types of data
Personal data gives characteristic information that can be associated with a specific person. We collect the following data:
Personal data
Such as name, address, telephone number, email address, date and place of birth and ID or passport data.
Contact and relationship data
Such as moments of contact (what, when, how), interests and the recording of telephone conversations to verify instructions, agreements and transactions or for the purpose of fraud prevention and integrity control.
Contract and transactional data
Data linked to BNG Bank products and services, such as account numbers (IBAN), role (mandates and authorisations), transactions and payments, balance sheet data and data on payment arrears.
User data from our websites and other digital channels
Such as visited pages, used devices (desktop, mobile), login sessions, searches, cookies and references to and from social media. IP addresses are stored in anonymised format.
Purposes of data processing
We use data for the following purposes:
- concluding and performing contractual agreements with the data subject or the company represented by the data subject;
- composing internal reports and web statistics;
- improving the technical and functional operation of our systems, websites and other digital channels;
- compliance with legal obligations and requirements for banking security and integrity;
- collecting, developing and publishing information that is relevant to our clients;
- maintaining contacts with clients;
- distributing information about our services.
Retention periods
Personal data is not stored longer than necessary. We apply the relevant legal retention periods. You can request further information about retention periods by sending an email to compliance-officer@bngbank.nl.
Protection of personal data
The security of our systems and personal data is always our priority. We keep a record of processing activities which states, among other things, what kind of data is processed, who is responsible and what the retention periods are. Personal data is processed only for the purpose for which it has been collected.
Law and supervision
The following legislation applies to the processing of personal data:
- General Data Protection Regulation (GDPR)
- Code of Conduct for the Processing of Personal Data by Financial Institutions of the Dutch Banking Association and the Dutch Association of Insurers
- The Financial Institutions Incident Warning System Protocol and the Telecommunications Act.
Sharing data with third parties
We will only share data with third parties if this is necessary for the performance of our services and in order to comply with legal obligations. These third parties can also be established in other countries.
Performance of services
We engage third parties for the performance of our services. The most important organisations are:
- Centric FSS for the technological infrastructure and payment transactions
- Swift for international transactions
- Data B for bank statements and other financial reports
We also occasionally engage suppliers / business partners who process personal data on our behalf. This is done for the purpose of, for example, customer satisfaction surveys, printed matter, marketing activities and for designing, optimising and maintaining our web and other digital channels. We have concluded agreements with these companies and organisations in which they guarantee the security and confidentiality of the data.
Legal obligations
Where we are obliged to do so, we will provide personal data to:
- Dutch and European supervisory authorities, such as the Dutch Authority for the Financial Markets (AFM), the Dutch Bank (DNB) and the European Central Bank (ECB)
- tax authorities
- investigative authorities
- other relevant public authorities
Rights of data subjects
Every person whose personal data we process has the right to access, rectify or erase their personal data.
Your rights can be classified as follows:
- right of access, including listening to a recorded telephone conversation
- right to rectification, if your data is incorrect or incomplete
- right to be informed about how data is processed and for which purposes
- right to erasure of the data and 'the right to be forgotten'
- right to restrict data processing
- right to object to data processing
- right to data portability
- right not to be subjected to automated decision-making.
If you wish to exercise your rights, please submit a request by regular mail or email, accompanied by a copy of your identity document, to:
BNG Bank
Attn Compliance Department
PO Box 30305
2500 GH The Hague
compliance-officer@bngbank.nl
We will assess within four weeks whether your request is justified. We may ask you to visit our office to identify yourself or to collect the data if we cannot securely send it to you. It may be the case that we are unable to meet your request, for example because it would be unlawful for us to do so or because this would harm the rights of other individuals. We will inform you about this. Handling such a request will not incur any costs, unless the response would require a disproportionate effort. We will inform you in advance if we charge any costs.
About this Privacy Statement
This is the Privacy Statement of BNG Bank N.V. and BNG Gebiedsontwikkeling B.V.
We may decide to amend this Privacy Statement.
This version is dated 25 May 2018.