Privacy

Is your company  a client of ours or have you contacted us for information on our products and services? Have you or your business applied for one of our products?  Are you a Partner, Director, Shareholder, Person with Significant Control, or Beneficial Owner of one of our clients?  Are you a guarantor or security provider for one of our clients?  Are you a supplier or an intermediary?  Do you work for one of our clients or a supplier?  

We will process your personal data or that of your related individuals for the purpose of carrying out business with you, for example when we record and use personal data relating to contact persons at companies to which we provide services and with whom we are in correspondence, partners, directors, shareholders, persons with significant control, guarantor(s), security providers  beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries.

If you are one of the people listed above, this Privacy Statement is intended for you too.

We have a designated Data Protection Officer. The designated Data Protection Office for all ABN AMRO businesses in the UK is The Head of Compliance, ABN AMRO UK, 5 Aldermanbury Square, London EC2V 7HR.

The controller of your personal data is: ABN AMRO Bank N.V., UK Branch, a company incorporated in the Netherlands with its registered office at Gustav Mahlerlaan 10, 1082 PP Amsterdam and Chamber of Commerce number 34334259 acting through its UK branch at 5 Aldermanbury Square, London EC2V 7HR and registered at Companies House with branch registration BR014612, hereinafter referred to as ABN AMRO.

Personal data is information that says something about you. The best known forms of personal data are your name, address, email address, age and date of birth. Personal data also includes your bank account number, your phone number, your IP address and your national insurance number.

There are several special categories of personal data. These include data concerning your health. Another special category concerns biometric data, such as facial recognition or your fingerprints. We may only use this personal data if this is permitted by law or if consent for this is obtained. In all other situations, we are prohibited from using this personal data.

Businesses may contact us for information on products or services and may provide us with information which relates to you. In that case, we may use the data we ask for  that concerns you, the business, partners, directors, shareholders, persons with significant control, guarantor(s), security providers beneficial owners, directors of associated businesses and directors of intermediaries and other suppliers. We may also decide to use personal data obtained from other sources, such as:

• Public registers that contain personal data, such as Companies House (read more about what ABN AMRO has to do to comply with the law);

• Public sources such as newspapers and, the internet and public sections of social media accounts (read more about what ABN AMRO does to prevent fraud and terrorist financing and what we do in the way of marketing activities);

• Data files from other parties that have collected personal data about you, such as intermediaries, external marketing firms or credit agencies.

Obviously, we may not request or use your personal data without good reason. We are allowed to do this only if the processing is based on one of the “grounds” permitted by law. This means that we may only use your personal data for one or more of the following reasons:

Contract We may need your personal data to conclude a contract  for example with a business that you represent.  Are you the representative of your business and has your business concluded, or does it want to conclude, a contract with us? Or are you the contact person, partner, director, shareholder, managing director or beneficial owner (BO) of this business? Are you a representative of a supplier or an intermediary? If so, we may use your personal data for other reasons than the performance of the contract.

Legal obligation The law lays down many rules that we have to comply with. These rules state that we have to record data relating to our clients and personal data in relation to related individuals, and occasionally provide it to others. The following are just some examples of the legal obligations we have to comply with:

• We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These include asking you and your related individuals to provide proof of identity so that we know who you are. This is why we keep a copy of identity documents.

• We have legal obligations under the Money Laundering Regulations 2017 and related legislation,  and other laws that require us to keep personal data.

Other organisations may occasionally ask us to provide personal data. These organisations include law enforcement agencies, government entities, tax authorities or regulatory bodies around the world (including the Department of Business, Enterprise, Innovation and Skills in connection with an application under the Small Firms Loan Guarantee Scheme or the Enterprise Finance Guarantee Scheme or similar scheme).

If the law, regulation or other supervisory authority requirements stipulate that we must record or use your personal data, we are required to do so. In that case, it does not matter whether you are a client of ours or not. For example, we must check whether clients, and the representatives of clients, are genuinely who they say they are. In addition, we must keep a record of personal data items for all partners, directors and signatories. We are not required to establish your identity if we only use your personal data because you are the payee of a payment made by one of our clients.

Legitimate interest of ABN AMRO or othersWe also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. We must balance all interests. Here are a few examples of when this might happen:

• We protect property and personal data belonging to you, to us and to others.

• We protect our own financial position (for example, by undertaking financial risk assessments), your interests and the interests of other clients (for example, in the event of an insolvency).

• We carry out fraud detection activities so that clients and ABN AMRO do not suffer losses as a result of fraud.

• We aim at organising ABN AMRO efficiently. We may centralise our customer and business management systems, make use of other service providers, and conduct statistical and scientific research.

Even if you do not have a contract with us, we may still use your personal data on the basis of a legitimate interest. In that case, we will obviously first check whether this is permitted, for instance for fraud prevention purposes. We assess whether we may use personal data for marketing purposes on a case-by-case basis, and separately for each type of personal data and for each group of data subjects. We ensure that we do this in accordance with the law and the subject matter of this Privacy Statement.

We use your personal data to help make our operations and our services as effective, reliable and efficient as possible. This is done for the following purposes:

1. Contract

   . We enter into contracts with the business you represent or are related to and perform these contracts. We use this information for assessing and accepting clients, carrying out financial (including credit) risk assessments, risk reporting and risk management, as well as carrying out payment transfers.  If we do not have the relevant personal data to verify the structure of the company, we cannot offer your company our products.  We may also use personal data to trace debtors and recover debt.

2. Research

   . Within ABN AMRO, we study possible trends, problems, root causes of errors and risks, for instance to check whether new rules are properly observed. This helps us prevent complaints and losses.  We also perform analyses with respect to personal data for statistical and scientific research.

3. Better or new products and services

   . Do our products still meet your wishes and expectations? We carry out research in this area and may use your personal data to do this. We study trends and use personal data with the aim of analysing and continuing to develop our products and services.

4. Marketing

   . You receive offers from us and other members of the ABN AMRO Group, and news that is appropriate for your business. In this context, we use personal data that we received from you or your business, for instance because you requested information in the past or because your business is already a client of ours. We may also make use of personal data that we obtained from other parties.

5. Security and the integrity of ABN AMRO and our sector and compliance with legal obligations

   . We are required to guarantee the security and integrity of the financial sector, ABN AMRO, our employees, our clients and related individuals. We may therefore use your personal data to prevent or combat attempted or actual criminal acts, such as fraud or terrorism.

6. Social responsibility and legal obligations.

    

   Given the nature of our business, we play a key role in society. We help to prevent terrorist financing, money laundering and fraud, for instance by reporting unusual transactions or by identifying and stopping potentially fraudulent transactions and verifying transactions with you if necessary. We are also required to know our customers and carry out checks on their identity and structure.  For businesses, this includes obtaining personal information on Partners, Directors,  Beneficial Owners, Persons with Significant Control, Guarantors, Directors of Associated Businesses and Directors of any Intermediaries.  This helps us to understand your business better, and to protect the financial sector, ABN AMRO, our employees, our clients and related individuals from attempted or actual criminal acts.  Public authorities also ask us to provide personal data when they investigate problems or suspected criminal offences. In this context, we check whether it is a legitimate request. The banking and financial sector is a highly regulated industry. This means we have to comply with many rules. Besides European and UK rules, these rules also include the laws of other countries (read more about the rules on transferring personal data). ABN AMRO must therefore also record and keep personal data for this purpose, and sometimes also provide personal data to the competent authorities. We always check first whether this is permitted.

Additional rules apply to special categories of personal data (read more about special categories of personal data. Where we require any such information we will confirm to you the purpose for which  this is required and will request your consent where consent is required.

We may use your personal data for other purposes than the purpose for which you or your business supplied the personal data to us. In that case, the new purpose must be in line with the purpose for which you or your business initially provided your personal data to us. The law refers to this principle as compatible use of personal data’. The law does not specify exactly when a use is compatible, although it does provide guidance.

• Is there a clear correlation with the purpose for which you initially provided the personal data? Is the new purpose appropriate to the initial purpose?

• How did we originally receive the personal data? Did we obtain the personal data directly from you or in another way?

• What kind of personal data are we talking about exactly? Is the personal data in question considered sensitive to a greater or lesser degree?

• How would you be affected? Would you benefit, suffer or neither?

• What can we do to ensure the highest possible level of protection for your personal data? Examples include anonymisation and encryption.

We may share your personal data within our group in the UK and abroad for internal back-office purposes or with a view to improving our services to you, or providing you with information on other relevant products and services provided by other members of our group, or because the law requires that we do this. For instance, it may be important for us to know when you apply for a product offered by one part of the ABN AMRO group on behalf of your business, that your business has already accepted a product from another one of our subsidiaries.   Other members of the ABN AMRO group may also contact you with information on other relevant products and services.

In most cases, ABN AMRO uses your personal data without obtaining your consent for this. This is permitted by law. We do this because:

• This is necessary because of the contract we have with you or that we intend to conclude with you or your business, for example if you are the sole proprietor of such business.

• The law requires us to obtain, use or hold your personal data.

• ABN AMRO or a third party has a legitimate interest.

Sometimes, however, we are required to ask you for your consent. Before you give consent, we recommend that you carefully read the information we provide concerning the use of your personal data. If you have given consent and you want to withdraw this consent, you can do that very simply.

We make use of cookies and similar technology on our websites and/or in client portals. For more details, see our Cookie Statement.  Personal information is captured to allow us to improve our online services to you.

Good to know: 

When we use your personal data on the basis of the law or a legitimate interest, we do not require your consent to use your personal data. In such cases, however, you may raise an objection.

If we need personal data from you in order to conclude a contract with your business and you or the business refuses to provide this data even though this is required by law, we cannot enter into a contract with your business.  If a contract already exists, we must terminate our contract with your business. 

Do you want us to remove your personal data from our systems? Unfortunately, we cannot remove required personal data. We need this data, for instance for the performance of the contract you have with us, or because we are required to keep this data by law or owing to a legitimate interest of ABN AMRO.  

If you visit us, we may capture images of you on camera. We do this for security purposes. We may also record your telephone calls with us. We do this for the purpose of improving our services or because of a legal obligation and for the prevention and detection of crime. We handle video and audio recordings with due care. They are subject to the same rules as other personal data. You may exercise your rights, such as your right of access. Information about all your rights can be found here.

There are situations in which we need to provide your personal data to other people and entities involved in the provision of our services. These are described below.

Our service providersWe work with other companies that help us provide services to our clients. This is referred to as outsourcing. We are not permitted to pass your personal data on to them without good reason. This is governed by legal rules. We therefore carefully select these companies and clearly agree with them on how they are to handle your personal data. We remain responsible for your personal data held by us or on our behalf.

IntermediariesWe also work with intermediaries who introduce clients and business to us. Such intermediaries process your personal data and are responsible for how they use your personal data. Please visit the relevant intermediary's website to find out how it handles personal data.

Competent public authoritiesOur supervisory authorities, law enforcement agencies, government entities, tax authorities or regulatory bodies around the world may ask us to provide data relating to you. The law specifies when we are required to provide this data.    PurchasersIn the event that we propose to transfer your contract to a third party Financial Services Provider, we may share personal information with the proposed transferee of your contract, to allow decisions to be made relating to that transfer and for the purposes of that transfer.  This is within the legitimate interests of ABN AMRO, and to allow any such transferee to meet their legal requirements.      

If your business has previously purchased a product or service from us, or has provided a service or introduced a client, we are keen to keep you informed about similar products and services we offer that are relevant to your business’  or clients’ needs. This also applies if you are a visitor to our website. In order to do this properly, we use various sources. These are described below.

1. The personal data that we received from your business or a third party in the context of the contract, service, introduction, or request for information on our products and services.

2. Other sources of information, including public sources. We will always check first whether a public or other source of information can be used reliably.

3. Third party referrals by suppliers, intermediaries, existing and former client and contacts.  

We use social media channels to publicise our organisation, products and/or services with clients, users of portals and visitors to the website. We do this so that we can offer useful, relevant information and/or answer questions we receive through social media. We use the internet and social media channels, such as LinkedIn and Twitter, for this purpose.  If you have any questions or comments, please write to us at The Head of Compliance, ABN AMRO UK, 5 Aldermanbury Square, London EC2V 7HR.

As a financial services provider, we make use of profiling. Below we explain why we do this, and when:

Fraud prevention We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. To the extent possible, we may take measures in order to prevent  fraud, which may include profiling. Due to security reasons, we are not able to provide further details on such measures.

Unusual transactionsAs a financial services provider, we have to comply with the Money Laundering Regulations 2017 and related legislation. We therefore pay particular attention to unusual transactions and to transactions that - by their nature - result in a relatively high risk of money laundering. To do this, we need to create and maintain a risk profile of the business and of those individuals who operate on behalf of the business or may provide guarantees or other securities in support of the business. If we suspect that a transaction is connected with money laundering or terrorist financing, we will report this to the authorities.

Client and product acceptanceHow do we make use of profiling when someone wants to purchase a product? The following example explains how we do this. Imagine that you contact us on behalf of your business to use our products and services.

1. We carry out a risk assessment. We do this for new clients and also for existing clients who want to take additional products. We know from experience that the (financial) behaviour of individuals who represent a particular business can be of importance in order to assess whether a given product can be offered  or not.

2. Individuals who represent business who  normally able meet financial obligations may share a number of characteristics. These characteristics are used as a basis for creating a profile.

3. We review your profile and assess how likely it is that your business or your guarantor(s) will  be able to meet their obligations.

Direct MarketingWe also use analytics and profiling (including the use of cookies on our website(s) [see our cookies policy below] to direct our marketing strategies.  We may use personal information and profiling to identify clients’ and prospective clients’ preferred methods of communication for marketing information about our products and services. If you do not have a contract with us, we determine whether direct marketing is permitted in specific situations on a case-by-case basis, and separately for each type of personal data and for each group.

We go to great lengths to ensure the highest possible level of protection for your information:

• We invest in our systems, procedures and people.

• We make sure that our working methods are in keeping with the sensitive nature of your information.

• We train our people how to keep your information safe and secure.

For security reasons, we are unable to provide details of the precise measures we take. But you may have come across some of the following procedures we use to protect your personal data:

• Security of our online services

• We follow a rigorous process to establish your identity (authentication)

• Requirements for sending confidential documents

Security is our shared priority. If, for example, you encounter breaches in our security, you can report them to us confidentially through our website.

Personal data is processed outside Europe too. Additional rules apply in that case, the reason being that not all countries have the same strict data protection legislation as we do in Europe.

Sharing personal data within the ABN AMRO GroupWe may share personal data outside Europe with other group companies. Our sharing of personal data is governed by our global internal policy, the Binding Corporate Rules (BCRs). These have been approved by the Dutch Data Protection Authority (Dutch DPA).    Sharing personal data with other service providersWe may occasionally share personal data with other companies or organisations outside Europe, for instance in the context of an outsourcing agreement. In that case, we ensure that either the country has adequate equivalent protections, or that we have concluded separate agreements with those parties, and that these agreements comply with the European standard.

International payment transactions and cross-border investing There are situations in which our clients make use of our international financial services, for instance to transfer money abroad or holding investments abroad through us. In such situations, foreign parties, such as local supervisory authorities, banks, government bodies and investigative authorities, may ask us for personal data, for instance so that they can carry out an investigation. Additional rules governing the use of personal data apply if your business purchases investment products from us.  

We keep personal data in any event for as long as is necessary to achieve the purpose.

The General Data Protection Regulation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, we are under the obligation to observe these periods. Such legislation includes tax laws or laws governing financial undertakings specifically.

If we become involved in a lawsuit or other legal proceedings, we keep personal data so that we can make a case for our position. We may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against us.  

If you no longer want to receive offers for our products and services, you can unsubscribe at any time. All marketing messages include this possibility, and you can follow the link at the bottom of the marketing messages to exercise this right easily.

It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object  to the processing of data. In such situations, we will of course comply with the law.

• You have the right to demand an overview of all data relating to you that we.

• If your personal data is incorrect, you can ask us to change your personal data.

• You can ask us to erase your personal data at any time. We are not always able to do this, however, and we do not always have to agree to this, for example if we are required by law to keep your personal data for a longer period of time.

You can also ask us to temporarily restrict our use of personal data. You can do that if:

• You think the personal data is incorrect;

• We are not supposed to use your personal data;

• We want to destroy your personal data but you still need it (for instance after the storage period has ended).

To exercise any of these rights please contact The Data Protection Officer, ABN AMRO UK, 5 Aldermanbury Square, London, EC2V 7HR

According to the General Data Protection Regulation, individuals have a new right. The right to data portability. This right applies when personal data of the individual is used to carry out a contract  where the individual himself and not the business it represents is party to that contract, or when the individual has been asked for his or her consent for the processing of the data. ABN AMRO concludes an agreement with the business you represent or are related to and not with you individually. For this reason (except in limited circumstances where you may be a sole trader or sole director of a company) this right does not apply to you as a contact person at companies to which we provide services and with whom we are in correspondence, partner, director, shareholder, person with significant control, guarantor, security provider or  beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries.

Do you have a complaint or want to ask a question?Please contact us if you have any questions about the Privacy Statement. We will be happy to help you. The Data Protection Officer, ABN AMRO Bank N.V., UK Branch, 5 Aldermanbury Square, London, EC2V 7HR. If you do not agree with the way in which you handle your personal data, you can lodge a complaint with the Complaints Department, ABN AMRO Bank N.V., UK Branch, 5 Aldermanbury Square, London, EC2V 7HR. Please see Complaint Handling Process for more details. 

You also have the right to take your complaint to the Information Commissioner’s Office (ICO). If you are still unhappy with the response, or your complaint has not been resolved within a reasonable period, you may raise a concern with the Information Commissioner’s Office (ICO). You should raise your concerns with the ICO within 3 months of your last meaningful contact with us. The ICO can be contacted electronically on their website at https://ico.org.up/concerns/Or by telephone on 0303 123 1113  

You can save our Privacy Statement on your smartphone, tablet or computer.

Changes to the law or our services and products may affect the way in which we use your personal data. If this happens, we will make changes to our Privacy Statement and notify you of these changes. We will post any changes on our website or in the app.

A cookie is a small text file that ABN AMRO places on your computer via your internet browser – e.g. Internet Explorer, Safari, Google Chrome or Mozilla. The cookie allows recognising your surfing behaviour on our various website pages. Cookies also enable your use of Internet Banking and help you to surf our website quickly and efficiently.

ABN AMRO UK may monitor surfing behaviour for a variety of reasons, e.g.:

• to provide you with personalised information about our services and products;

• to analyse data for research purposes;

• to help improve our website;

• for security purposes;

• to help manage customer relationships.

You can always switch off all cookies on your computer by changing your browser settings to refuse all cookies. Please note that this may prevent some services from working properly. 

You can also elect to turn off all cookies, with the exception of those needed for Internet Banking. Our Advice and Service Centre will be happy to help you on this. You can call them on +31 900-0024.