This Privacy Statement was most recently amended on 24/05/2018.
ABN AMRO Commercial Finance and your personal data
This Privacy Statement sets out how we handle your personal data. You can be confident that we handle your personal data with due care. In the case of some of ABN AMRO Commercial Finance’s portals or websites, the use of your personal data may differ from that described in this general Privacy Statement. In such cases, a different privacy statement is provided in the portal or website or additional information is given in the specific online service. We want you to be aware of this so that you can avoid unwelcome surprises.
Who is this Privacy Statement intended for?
Is your company a client of ours or have you contacted us for information on our products and services? Have you or your business applied for one of our products? Are you a Partner, Director, Shareholder, Person with Significant Control, or Beneficial Owner of one of our clients? Are you a guarantor or security provider for one of our clients? Are you an intermediary? Do you work for one of our clients?
We will process your personal data or that of your related individuals for the purpose of carrying out business with you, for example when we record and use personal data relating to contact persons at companies to which we provide services and with whom we are in correspondence, partners, directors, shareholders, persons with significant control, guarantor(s), security providers beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries.
If you are one of the people listed above, this Privacy Statement is intended for you too.
Our contact person for your questions about data protection
We have a designated Data Protection Officer. The designated Data Protection Office for ABN AMRO Commercial Finance is The Chief Privacy Officer, ABN AMRO Bank N.V., Gustav Mahlerlaan 10, 1082 PP Amsterdam (the Netherlands).
Who controls your personal data?
The controller of your personal data is: ABN AMRO Asset Based Finance N.V., trading under the name of ABN AMRO Commercial Finance, established at Utrecht, registered in the Chamber of Commerce of the Netherlands under number 30099465, hereafter referred to as “ABN AMRO Commercial Finance”.
What is personal data?
Personal data is information that says something about you. The best known forms of personal data are your name, address, email address, age and date of birth. Personal data also includes your bank account number, your phone number, your IP address and your national identification number.
There are several special categories of personal data. These include data concerning your health. Another special category concerns biometric data, such as facial recognition or your fingerprints. We may only use this personal data if this is permitted by law or if consent for this is obtained. In all other situations, we are prohibited from using this personal data.
Personal data that we obtained from third parties
Businesses may contact us for information on products or services and may provide us with information which relates to you. In that case, we may use the data we ask for that concerns you, the business, partners, directors, shareholders, persons with significant control, guarantor(s), security providers, beneficial owners, directors of associated businesses and directors of intermediaries and other suppliers. We may also decide to use personal data obtained from other sources, such as:
• public registers that contain your personal data, such as the National Credit Register
• public sources such as newspapers and the
• data files from other parties that have collected personal data about you, such as intermediaries, external marketing firms or credit agencies.
On what basis do we process your personal data?
Obviously, we may not request or use your personal data without good reason. We are allowed to do this only if the processing is based on one of the “grounds” permitted by law. This means that we may only use your personal data for one or more of the following reasons:
We may need your personal data to conclude a contract for example with a sole proprietor company that you represent. Are you the representative of your sole proprietor company and has your sole proprietor company concluded, or does it want to conclude, a contract with us? Or are you the contact person, shareholder, managing director or ultimate beneficial owner (UBO) of this sole proprietor company or one of our corporate clients? If so, we may use your personal data for other reasons than the performance of the contract.
The law lays down many rules that we have to comply with. These rules state that we have to record data relating to our clients and personal data in relation to related individuals, and occasionally provide it to others. The following are just some examples of the legal obligations we have to comply with:
• Under the Dutch Financial Supervision Act (Wet op het financieel toezicht - Wft), we have certain obligations that we need to take into account.
• We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering . These include asking you and your related individuals to provide proof of identity so that we know who you are. This is why we keep a copy of identity documents.
• We have legal obligations under the Dutch Bankruptcy Act (Faillissementswet) and under other laws that require us to keep personal data, such as the Dutch Civil Code or specific provisions of the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft).
Other organisations may occasionally ask us to provide personal data. These organisations include the Dutch Tax and Customs Administration, the judicial authorities (financial fraud) and intelligence agencies (terrorism). In addition, we are sometimes required to share personal data with supervisory authorities, such as the Netherlands Authority for the Financial Markets (AFM), the Dutch Central Bank (DNB) and the European Central Bank (ECB), for instance when they carry out research into business processes or specific clients or groups of clients.
If the law, regulation or other supervisory authority requirements stipulate that we must record or use your personal data, we are required to do this. In that case, it does not matter whether you are a client of ours or not. For example, we must check whether clients, and the representatives of clients (including corporate clients), are genuinely who they say they are. In addition, we must keep a record of personal data items for all partners, directors and signatories... Your personal data may also, be used in fraud prevention activities such as transaction monitoring, or if we record your personal data in incident logs [see 'Warning system used by banks'].
Legitimate interest of ABN AMRO Commercial Finance or others
We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. We must balance all interests. Here are a few examples of when this might happen:
• We protect property and personal data belonging to you, to us and to others.
• We protect our own financial position (for example, by undertaking financial risk assessments), your interests and the interests of other clients (for example, in the event of an insolvency).
• We carry out fraud detection activities so that clients and ABN AMRO Commercial Finance do not suffer losses as a result of fraud.
• We keep you up-to-date on product changes and send you information, offers and other relevant news for your business by means of direct marketing .
• We aim at organising ABN AMRO Commercial Finance efficiently. We may centralise our customer and business management systems, make use of other service providers, and conduct statistical and scientific research.
Even if you do not have a contract with us, we may still use your personal data on the basis of a legitimate interest. In that case, we will obviously first check whether this is permitted, for instance for fraud prevention purposes. We assess whether we may use personal data for marketing purposes on a case-by-case basis, and separately for each type of personal data and for each group of data subjects. We ensure that we do this in accordance with the law and the subject matter of this Privacy Statement.
What does ABN AMRO Commercial Finance use your personal data for?
We use your personal data to help make our operations and our services as effective, reliable and efficient as possible. This is done for the following six purposes:
1. Contract. We enter into contracts with the business you represent or are related to and perform these contracts. We use this information for assessing and accepting clients, carrying out financial (including credit) risk assessments, risk reporting and risk management, as well as carrying out payment transfers. If we do not have the relevant personal data to verify the structure of the company, we cannot offer your company our products. We may also use personal data to trace debtors and recover debt.
2. Research. Within ABN AMRO Commercial Finance, we study possible trends, problems, root causes of errors and risks, for instance to check whether new rules are properly observed. This helps us prevent complaints and losses. We also perform analyses with respect to personal data for statistical and scientific research.
3. Better or new products and services. Do our products still meet your wishes and expectations? We may use your personal data to do this.
4. Marketing. You receive offers from us and other members of the ABN AMRO Commercial Finance Group, and news that is appropriate for your business In this context, we use personal data that we received from you or your business, for instance because you requested information in the past or because your business is already a client of ours.
5. Security and the integrity of ABN AMRO Commercial Finance and our sector. We are required to guarantee the security and integrity of the financial sector, ABN AMRO Commercial Finance, our employees, our clients and related individuals. We may therefore use your personal data to prevent or combat attempted or actual criminal acts, such as fraud or terrorism. We do this so that we can guarantee the security and integrity of the financial sector, ABN AMRO Commercial Finance, our employees and you, as the our clients. We may also use your personal data for warning systems.
6. Social responsibility and legal obligations. Given the nature of our business, we play a key role in society. We help to prevent terrorist financing, money laundering and fraud, for instance by reporting unusual transactions or by identifying and stopping potentially fraudulent transactions and verifying transactions with you if necessary. We are also required to know our customers and carry out checks on their identity and structure. For businesses, this includes obtaining personal information on Partners, Directors, Beneficial Owners, Persons with Significant Control, Guarantors, Directors of Associated Businesses and Directors of any Intermediaries. This helps us to understand your business better, and to protect the financial sector, ABN AMRO Commercial Finance, our employees, our clients and related individuals from attempted or actual criminal acts. Public authorities also ask us to provide personal data when they investigate problems or suspected criminal offences. In this context, we check whether it is a legitimate request. The financial sector is also one of the most regulated industries around. This means we have to comply with many rules. Besides European and Dutch rules, these rules also include the laws of other ABN AMRO Commercial Finance must therefore also record and keep personal data for this purpose, and sometimes also provide personal data to the competent authorities. We always check first whether this is permitted.
Additional rules apply to special categories of personal data (read more about special categories of personal data. Where we require any such information we will confirm to you the purpose for which this is required and will request your consent where consent is required.
We may use your personal data for other purposes than the purpose for which you or your business supplied the personal data to us. In that case, the new purpose must be in line with the purpose for which you or your business initially provided your personal data to us. The law refers to this principle as ‘compatible use of personal data’. The law does not specify exactly when a use is compatible, although it does provide guidance.
• Is there a clear correlation with the purpose for which you initially provided the personal data? Is the new purpose appropriate to the initial purpose?
• How did we originally receive the personal data? Did we obtain the personal data directly from you or in another way?
• What kind of personal data are we talking about exactly? Is the personal data in question considered sensitive to a greater or lesser degree?
• How would you be affected? Would you benefit, suffer or neither?
• What can we do to ensure the highest possible level of protection for your personal data? Examples include anonymisation and encryption.
ABN AMRO Commercial Finance Group and your personal data
We may share your personal data within our group for internal back-office purposes or with a view to improving our services to you, or providing you with information on other relevant products and services provided by other members of our group, or because the law requires that we do this. For instance, it may be important for us to know when you apply for a product offered by one part of the ABN AMRO Commercial Finance group on behalf of your business that your business has already accepted a product from another one of our subsidiaries. Other members of the ABN AMRO Commercial Finance group may also contact you with information on other relevant products and services.
Using personal data with or without your consent
In most cases, ABN AMRO Commercial Finance uses your personal data without obtaining your consent for this. This is permitted by law. We do this because:
- this is necessary because of the contract we have with your business or that we intend to conclude with your business, for example if you are the sole proprietor of your company;
- the law requires us to obtain, use or hold your personal data;
- ABN AMRO Commercial Finance or a third party has a legitimate interest
Sometimes, however, we are required to ask you for your consent. Before you give consent, we recommend that you carefully read the information we provide concerning the use of your personal data. If you have given consent and you want to withdraw this consent, you can do that very simply.
Good to know:
When we use your personal data on the basis of the law or a legitimate interest, we do not require your consent to use your personal data. In such cases, however, you may raise an objection .
Required personal data
If we need personal data from you in order to conclude a contract with your business and you or the business refuses to provide this data even though this is required by law, we cannot enter into a contract with your business. If a contract already exists, we must terminate our contract with your business. The required personal data is specified in the online forms and other forms we occasionally need you to complete.
Do you want us to remove your personal data from our systems? Unfortunately, we cannot remove required personal data. We need this data, for instance for the performance of the contract you have with us as the sole proprietor of your company, or because we are required to keep this data by law or owing to a legitimate interest of ABN AMRO Commercial Finance.
Camera images, telephone calls, chat messages and video chat sessions
If you visit us, we may capture images of you on camera. We do this for security purposes. We may also record your telephone calls with us. We do this for the purpose of improving our services or because of a legal obligation, and for the prevention and detection of crime. We handle video and audio recordings with due care. They are subject to the same rules as other personal data. You may exercise your rights, such as your right of access.
Other parties using your personal data
There are situations in which we need to provide your personal data to other people and entities involved in the provision of our services. These are described below.
Our service providers
We work with other companies that help us provide services to our clients. This is referred to as outsourcing. We are not permitted to pass your personal data on to them without good reason. This is governed by legal rules. We therefore carefully select these companies and clearly agree with them on how they are to handle your personal data. We remain responsible for your personal data held by us or on our behalf.
We also work with intermediaries who introduce clients and business to us. It is therefore possible that you are insured with us, but you took out your insurance through an agent. Such intermediaries process your personal data and are responsible for how they use your personal data. Please visit the relevant intermediary's website to find out how it handles personal data.
Competent (public) authorities
Our supervisory authorities, the Dutch Tax and Customs Administration, the Netherlands Public Prosecution Service, law enforcement agencies, government entities, tax authorities or regulatory bodies around the world may ask us to provide data relating to you. The law specifies when we are required to provide this data.
Financial services providers
Do you want us to give your personal data to providers of financial services? This is possible if you give your consent first. We will then be required to provide your personal data to these third parties. If you share your personal data with other parties yourself, we are not responsible for how they use your personal data. In that case, the privacy statements of those third parties apply.
In the event that we propose to transfer your contract to a third party Financial Services Provider, we may share personal information with the proposed transferee of your contract, to allow decisions to be made relating to that transfer and for the purposes of that transfer. This is within the legitimate interests of ABN AMRO Commercial Finance, and to allow any such transferee to meet their legal requirements
Use of your personal data for direct marketing purposes
If your business has previously purchased a product or service from us, or has introduced a client, we are keen to keep you informed about similar products and services we offer that are relevant to your business’ or clients’ needs. This also applies if you are a visitor to our website. In order to do this properly, we use various sources. These are described below.
1. The personal data that we received from your business or a third party in the context of the contract, introduction, or request for information on our products and services.
2. Other sources of information, including public sources. We will always check first whether a public or other source of information can be used reliably.
3. Third party referrals by intermediaries, existing and former clients and contacts.
We use social media channels to publicise our organisation, products and/or services with clients, users of portals and visitors to the website. We do this so that we can offer useful, relevant information and/or answer questions we receive through social media. We use the internet and social media channels, such as LinkedIn and Twitter, for this purpose If you have any questions or comments, please email us : GDPR.ACF.NL@abnamrocomfin.com
As a financial services provider (financiele instelling), we make use of profiling . Below we explain why we do this, and when.
We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. To the extent possible, we may take measures in order to prevent fraud, which may include profiling. Due to security reasons, we are not able to provide further details on such measures.
As a financial services provider (financiele instelling), we have to comply with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft). We therefore pay particular attention to unusual transactions and to transactions that - by their nature - result in a relatively high risk of money laundering. To do this, we need to create and maintain a risk profile of the client and of those individual who operate on behalf of the business or may provide guarantees or may provide guarantees or other securities in support of the business. If we suspect that a transaction is connected with money laundering or terrorist financing, we will report this to the authorities.
Client and product acceptance
How do we make use of profiling when someone wants to purchase a product? The following example explains how we do this. Imagine that you contact us on behalf of your business to use our products and services:
1. We carry out a risk assessment. We do this for new clients and also for existing clients who want to take additional products. We know from experience that the (financial) behaviour of individuals who represent a particular business can be of importance in order to assess whether a given product can be offered or not.
2. Individuals who represent business who are normally able to meet financial obligations may share a number of characteristics.These characteristics are used as a basis for creating a profile.
3. We review your profile and assess how likely it is that your business or your guarantor(s) will t be able to meet their obligations.
We may also use profiling to send offers that meet the business’ needs. If you do not have a contract with us, we determine whether direct marketing is permitted in specific situations on a case-by-case basis.
We may use automated decision-making if we enter into a contract with your business, for instance if you take one of our products.
If ABN AMRO Commercial Finance makes a decision that has legal consequences for you as an individual or affects you to a significant degree, this will be done with the intervention of one or more competent ABN AMRO Commercial Finance employees. This also applies if the process that led to the decision is automated or if profiling was used. Examples include client acceptance or the reporting of unusual transactions to the authorities.
There are situations in which we use automated decision-making without any human intervention. This is allowed by law. Such decisions may be made on the basis of an entirely automated process, without any human intervention. These are referred to as personal characteristics.
If, at any time in the future, we want to use automated decision-making that has legal consequences for you or affects you to a significant degree, we will make this clear to you beforehand. We will inform you of your rights, such as your right to be given an explanation of the decision reached by automated means, your right to express your point of view, your right to challenge the decision and your right to human intervention.
We go to great lengths to ensure the highest possible level of protection for your information:
- We invest in our systems, procedures and people.
- We make sure that our working methods are in keeping with the sensitive nature of your information.
- We train our people how to keep your information safe and secure.
For security reasons, we are unable to provide details of the precise measures we take. But you may have come across some of the following procedures we use to protect your personal data:
• Security of our online services
• We follow a rigorous process to establish your identity (authentication)
• Requirements for sending confidential documents
Security is our shared priority. If, for example, you encounter breaches in our security, you can report them to us confidentially by emailing us at : SecurityOffice@abnamrocomfin.com
Warning system used by banks and other financial institutions
The Dutch financial sector has developed a warning system to protect the safety and security of banks and other financial institutions in the Netherlands. This system allows the banks and other financial institutions to check whether a person: ▶ has ever committed fraud ▶ has tried to commit fraud ▶ somehow forms a threat to the safety and security of the banking sector. For more information about this warning system and its workings, go to the website of the Dutch Banking Association: http://www.nvb.nl .
Personal data outside Europe
Personal data is processed outside Europe too. Additional rules apply in that case, the reason being that not all countries have the same strict data protection legislation as we do in Europe. [View the list of safe countries ]
Sharing personal data within the ABN AMRO Commercial Finance Group
We may share personal data outside Europe with other group companies. Our sharing of personal data is governed by our global internal policy, the Binding Corporate Rules (BCRs) [link to Binding Corporate Rules]. These have been approved by the Dutch Data Protection Authority (Dutch DPA).
Sharing personal data with other service providers
We may occasionally share personal data with other companies or organisations outside Europe, for instance in the context of an outsourcing agreement. In that case, we ensure that either the country has adequate equivalent protections, or that we have concluded separate agreements with those parties, and that these agreements comply with the European standard, such as the EU's model clauses.
There are situations in which we enter into international contracts, for example when we take over a contract that your business has concluded with a foreign supplier, which is governed by foreign law.. In such situations, foreign parties, such as local supervisory authorities, banks, government bodies and investigative authorities, may ask us for your personal data, for instance so that they can carry out an investigation.
How do we determine the period for which your personal data is stored?
We keep personal data in any event for as long as is necessary to achieve the purpose.
The General Data Protection Regulation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, we are under the obligation to observe these periods. Such legislation includes tax laws or the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme - Wwft).
If we become involved in a lawsuit or other legal proceedings in the Netherlands or in another country, we keep personal data so that we can make a case for our position. We may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against us.
What rights do you have?
Right to object to processing for direct marketing purposes
If you no longer want to receive offers for our products and services, you can unsubscribe at any time. All marketing messages include this possibility, and you can exercise this right easily.
Right to object to profiling
It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of data. In such situations, we will of course comply with the law.
Right of access, right to rectification, right to be forgotten, right to restriction of processing
- You have the right to demand an overview of all data relating to you that we use, by sending an e-mail to GDPR.ACF.NL@abnamrocomfin.com .
- If your personal data is incorrect, you can ask us to change your personal data, by sending an e-mail to GDPR.ACF.NL@abnamrocomfin.com
- You can ask us to erase your personal data at any time by sending an e-mail to GDPR.ACF.NL@abnamrocomfin.com We are not always able to do this, however, and we do not always have to agree to this, for example if we are required by law to keep your personal data for a longer period of time.
- You can also ask us to temporarily restrict our use of your personal data, by sending an e-mail to GDPR.ACF.NL@abnamrocomfin.com . You can do that if:
• You think your personal data is incorrect;
• We are not supposed to use your personal data;
• We want to destroy your personal data but you still need it (for instance after the storage period has ended).
If you send us an e-mail in the cases described above, we ask you to specify the right that you want to exercise. (See attached document - How To Exercise Clients Rights )
Right to data portability
According to the General Data Protection Regulation, individuals have a new right. The right to data portability. This right applies when the personal data of the individual is used to carry out a contract where the individual himself and not the business it represents is party to that contract, or when the individual has been asked for his or her consent for the processing of the data. ABN AMRO Commercial Finance concludes an agreement with the business you represent or are related to and not with you individually. For this reason (except in limited circumstances where you may be a sole proprietor company) this right does not apply to you as a contact person at companies to which we provide services and with whom we are in correspondence, partner, director, shareholder, person with significant control, guarantor, security provider or beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries.
Do you have a complaint or want to ask a question?
Please contact us if you have any questions about the Privacy Statement. We will be happy to help you. Please contact us via email at : GDPR.ACF.NL@abnamrocomfin.com . If you do not agree with the way in which you handle your personal data, you can lodge a complaint with the Complaints Management department, ABN AMRO Asset Based Finance N.V., trading under the name of ABN AMRO Commercial Finance, postbox 3171, 3502 GD Utrecht. You also have the right to take your complaint to the Dutch Data Protection Authority.
Do you want to read this Privacy Statement at another time?
You can save our Privacy Statement on your smartphone, tablet or computer.
Changes to the Privacy Statement
Changes to the law or our services and products may affect the way in which we use your personal data. If this happens, we will make changes to our Privacy Statement and notify you of these changes. We will post any changes on our website.