When do we use your personal data?

We need your personal data for concluding and performing a contract, for example if you want to open an account with us or take out a mortgage. This also applies when we provide innovative services to you, for example in the context of contactless payment services. 

Are you the representative of your company and has your company concluded, or does it want to conclude, a contract with us? Or are you the contact person, shareholder, managing director or ultimate beneficial owner (UBO) of that company or one of our corporate clients? If so, we use your personal data for reasons other than the conclusion or performance of the contract. We also do this if you are merely the payee of a payment made by one of our clients.

The law lays down many rules that we have to comply with as a bank. These rules state that we have to record your personal data and occasionally provide it to others. The following are just some examples of the legal obligations we have to comply with:  

• Under the Dutch Financial Supervision Act (Wet op het financieel toezicht - Wft), we must, for example, take measures to ensure borrowers do not overextend themselves. This means that we have to use your personal data to obtain a good picture of your financial situation. For example, we use your transaction data for this purpose when we first enter into our contractual relationship with you. As part of our statutory duty of care, we send you product messages to keep you informed about changes affecting products, such as changes in interest rates. In addition, we contact you if we notice that certain risks associated with your product have changed since you took out the product. 
• We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These include asking you to prove your identity so that we know who you are. This is why we keep a photocopy of your identity document. We may also ask you questions about certain transactions or the source of your income, or ask for an explanation of the source of your assets. More information about this can be found on the website of the Dutch Central Bank (DNB). 
• There are a number of laws that require us to keep your personal data. These laws include the Dutch Civil Code, the Dutch Financial Supervision Act (Wet op het financieel toezicht - Wft), the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft) and the Dutch Bankruptcy Act (Faillissementswet). 

Other organisations may occasionally ask banks to provide personal data, or we may be required to provide data to them. Examples include the Dutch Tax and Customs Administration (such as under a reporting obligation aimed at preventing tax evasion, or DAC 6), as well as investigative services that request data as part of investigations into crimes such as financial fraud, money laundering or terrorist financing. In addition, banks - and therefore we - are sometimes required to share personal data with supervisory authorities, such as the Netherlands Authority for the Financial Markets (AFM), the Dutch Central Bank (DNB) and the European Central Bank (ECB), for instance when they carry out research into business processes or specific clients or groups of clients. In the context of disciplinary law for banks in the Netherlands, we are sometimes required to provide personal data to Stichting Tuchtrecht Banken. 

If the law or a supervisory authority stipulates that we must record or use your personal data, we are required to do this. In that case, it does not matter whether you are a client of ours or not. For example, every bank must check whether clients, and the representatives of clients (including corporate clients), are genuinely who they say they are. In addition, banks must keep a photocopy of an identity document for each of their clients. This means that we are not required establish your identity if, for example, we only use your personal data because you are the payee of a payment made by one of our clients. 

We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. We therefore balance all the interests. We explain the situations in which this happens using a few examples:

• We protect property and personal data belonging to you, to us and to others.
• We protect our own financial position (for example, so that we can assess whether you are able to repay your loan, or in the event that we sell your loan or other commitments), your interests and the interests of other clients (in the event of a bankruptcy, for instance). 
• We carry out fraud detection activities to help you and us avoid suffering losses as a result of fraud. 
• You will be sent relevant tips and offers relating to the bank's products and services.  
• We aim to keep efficient records and improve our data quality in order to provide you with the best possible service. We also need to ensure our banking systems are organised optimally and efficiently in order to meet our legal obligations.  
• We conduct research to find out how we can improve our existing processes, develop products and services, and fulfil our legal obligations more effectively. We may use new technologies for this. We will consider which data we can use for developing, training and testing new technologies on a case-by-case basis. 
• We constantly search for appropriate ways to ensure the highest possible level of protection for your data and for ours.
• We carry out academic research and statistical research. ABN AMRO Group Economics carries out statistical research into macro-economic trends such as industrial growth in the Netherlands or consumer behaviour, among other things.