ABN AMRO and your personal data
This Privacy Statement sets out how we handle your personal data. You can be confident that we handle your personal data with due care. In the case of some ABN AMRO portals or websites, the use of your personal data may differ from that described in this general Privacy Statement. In such cases, a different privacy statement is provided in the portal or website or additional information is given in the specific online service. We want you to be are aware of this so that you can avoid unwelcome surprises.
Who is this Privacy Statement intended for?
Is your company a client of ours or have you contacted us for information on our products and services? Have you or your business applied for one of our products? Are you a Partner, Director, Shareholder, Person with Significant Control, or Beneficial Owner of one of our clients? Are you a guarantor or security provider for one of our clients? Are you a supplier or an intermediary? Do you work for one of our clients or a supplier?
We will process your personal data or that of your related individuals for the purpose of carrying out business with you, for example when we record and use personal data relating to contact persons at companies to which we provide services and with whom we are in correspondence, partners, directors, shareholders, persons with significant control, guarantor(s), security providers beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries and contact persons at equipment suppliers.
If you are one of the people listed above, this Privacy Statement is intended for you too.
Our contact person for your questions about data protection
We have a designated Data Protection Officer. The designated Data Protection Office for all ABN AMRO businesses in the UK is The Head of Compliance, ABN AMRO UK, Sheencroft House, 10-12 Church Rd, Haywards Heath RH16 3SN.
Who controls your personal data? The controller of your personal data is: ABN AMRO Asset Based Finance N.V. incorporated and registered in The Netherlands (registered number 30099465) and acting through its branch office ABN AMRO Asset Based Finance N.V., UK Branch, registered in England and Wales with UK establishment number BR 016670, hereinafter referred to as ABN AMRO
What is personal data?
Personal data is information that says something about you. The best known forms of personal data are your name, address, email address, age and date of birth. Personal data also includes your bank account number, your phone number, your IP address and your national insurance number.
There are several special categories of personal data. These include data concerning your health. Another special category concerns biometric data, such as facial recognition or your fingerprints. We may only use this personal data if this is permitted by law or if consent for this is obtained. In all other situations, we are prohibited from using this personal data.
Personal data that we obtained from third parties
Businesses may contact us for information on products or services and may provide us with information which relates to you. In that case, we may use the data we ask for that concerns you, the business, partners, directors, shareholders, persons with significant control, guarantor(s), security providers beneficial owners, directors of associated businesses and directors of intermediaries and other suppliers. We may also decide to use personal data obtained from other sources, such as:
• public registers that contain personal data, such as Companies House
• public sources such as newspapers and, the internet
• data files from other parties that have collected personal data about you, such as intermediaries, external marketing firms or credit agencies.
On what basis do we process your personal data?
Obviously, we may not request or use your personal data without good reason. We are allowed to do this only if the processing is based on one of the “grounds” permitted by law. This means that we may only use your personal data for one or more of the following reasons:
We may need your personal data to conclude a contract for example with a business that you represent. Are you the representative of your business and has your business concluded, or does it want to conclude, a contract with us? Or are you the contact person, partner, director, shareholder, managing director or beneficial owner (BO) of this business? Are you a representative of [a supplier or] an intermediary? If so, we may use your personal data for other reasons than the performance of the contract.
The law lays down many rules that we have to comply with. These rules state that we have to record data relating to our clients and personal data in relation to related individuals, and occasionally provide it to others. The following are just some examples of the legal obligations we have to comply with:
• We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These include asking you and your related individuals to provide proof of identity so that we know who you are. This is why we keep a copy of identity documents.
• We have legal obligations under the Money Laundering Regulations 2017 and related legislation, and other laws that require us to keep personal data.
Other organisations may occasionally ask us to provide personal data. These organisations include law enforcement agencies, government entities, tax authorities or regulatory bodies around the world (including the Department of Business, Enterprise, Innovation and Skills in connection with an application under the Small Firms Loan Guarantee Scheme or the Enterprise Finance Guarantee Scheme or similar scheme).
If the law, regulation or other supervisory authority requirements stipulate that we must record or use your personal data, we are required to do so. In that case, it does not matter whether you are a client of ours or not. For example, we must check whether clients, and the representatives of clients, are genuinely who they say they are. In addition, we must keep a record of personal data items for all partners, directors and signatories. We are not required to establish your identity if we only use your personal data because you are the payee of a payment made by one of our clients.
Legitimate interest of ABN AMRO or others
We also have the right to use your personal data if we have a legitimate interest in doing so. In that case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. We must balance all interests. Here are a few examples of when this might happen:
• We protect property and personal data belonging to you, to us and to others.
• We protect our own financial position (for example, by undertaking financial risk assessments),
your interests and the interests of other clients (for example, in the event of an insolvency).
• We carry out fraud detection activities so that clients and ABN AMRO do not suffer losses as a result of fraud.
• We keep you up-to-date on product changes and send you information, offers and other relevant news for your business by means of direct marketing.
• We aim at organising ABN AMRO efficiently. We may centralise our customer and business management systems, make use of other service providers, and conduct statistical and scientific research.
Even if you do not have a contract with us, we may still use your personal data on the basis of a legitimate interest. In that case, we will obviously first check whether this is permitted, for instance for fraud prevention purposes. We assess whether we may use personal data for marketing purposes on a case-by-case basis, and separately for each type of personal data and for each group of data subjects. We ensure that we do this in accordance with the law and the subject matter of this Privacy Statement.
What does ABN AMRO use your personal data for?
We use your personal data to help make our operations and our services as effective, reliable and efficient as possible. This is done for the following purposes:
1. Contract. We enter into contracts with the business you represent or are related to and perform these contracts. We use this information for assessing and accepting clients, carrying out financial (including credit) risk assessments, risk reporting and risk management, as well as carrying out payment transfers. If we do not have the relevant personal data to verify the structure of the company, we cannot offer your company our products. We may also use personal data to trace debtors and recover debt.
2. Research. Within ABN AMRO, we study possible trends, problems, root causes of errors and risks, for instance to check whether new rules are properly observed. This helps us prevent complaints and losses. We also perform analyses with respect to personal data for statistical and scientific research.
3. Better or new products and services. Do our products still meet your wishes and expectations? We carry out research in this area and may use your personal data to do this. We study trends and use personal data with the aim of analysing and continuing to develop our products and services.
4. Marketing. You receive offers from us and other members of the ABN AMRO Group, and news that is appropriate for your business. In this context, we use personal data that we received from you or your business, for instance because you requested information in the past or because your business is already a client of ours. We may also make use of personal data that we obtained from other parties
5. Security and the integrity of ABN AMRO and our sector and compliance with legal obligations. We are required to guarantee the security and integrity of the financial sector, ABN AMRO, our employees, our clients and related individuals.. We may therefore use your personal data to prevent or combat attempted or actual criminal acts, such as fraud or terrorism.
6. Social responsibility and legal obligations. Given the nature of our business, we play a key role in society. We help to prevent terrorist financing, money laundering and fraud, for instance by reporting unusual transactions or by identifying and stopping potentially fraudulent transactions and verifying transactions with you if necessary. We are also required to know our customers and carry out checks on their identity and structure. For businesses, this includes obtaining personal information on Partners, Directors, Beneficial Owners, Persons with Significant Control, Guarantors, Directors of Associated Businesses and Directors of any Intermediaries. This helps us to understand your business better, and to protect the financial sector, ABN AMRO, our employees, our clients and related individuals from attempted or actual criminal acts. Public authorities also ask us to provide personal data when they investigate problems or suspected criminal offences. In this context, we check whether it is a legitimate request. The banking and financial sector is a highly regulated industry. This means we have to comply with many rules. Besides European and UK rules, these rules also include the laws of other countries. ABN AMRO must therefore also record and keep personal data for this purpose, and sometimes also provide personal data to the competent authorities. We always check first whether this is permitted.
Additional rules apply to special categories of personal data. Where we require any such information we will confirm to you the purpose for which this is required and will request your consent where consent is required.
We may use your personal data for other purposes than the purpose for which you or your business supplied the personal data to us. In that case, the new purpose must be in line with the purpose for which you or your business initially provided your personal data to us. The law refers to this principle as ‘compatible use of personal data’. The law does not specify exactly when a use is compatible, although it does provide guidance.
• Is there a clear correlation with the purpose for which you initially provided the personal data? Is the new purpose appropriate to the initial purpose?
• How did we originally receive the personal data? Did we obtain the personal data directly from you or in another way?
• What kind of personal data are we talking about exactly? Is the personal data in question considered sensitive to a greater or lesser degree?
• How would you be affected? Would you benefit, suffer or neither?
• What can we do to ensure the highest possible level of protection for your personal data? Examples include anonymisation and encryption.
ABN AMRO Group and your personal data
We may share your personal data within our group in the UK and abroad for internal back-office purposes or with a view to improving our services to you, or providing you with information on other relevant products and services provided by other members of our group, or because the law requires that we do this. For instance, it may be important for us to know when you apply for a product offered by one part of the ABN AMRO group on behalf of your business, that your business has already accepted a product from another one of our subsidiaries. Other members of the ABN AMRO group may also contact you with information on other relevant products and services.
Using personal data with or without your consent
In most cases, ABN AMRO uses your personal data without obtaining your consent for this. This is permitted by law. We do this because:
- this is necessary because of the contract we have with you or that we intend to conclude with you or your business, for example if you are the sole proprietor of such business;
- the law requires us to obtain, use or hold your personal data;
- ABN AMRO or a third party has a legitimate interest
Sometimes, however, we are required to ask you for your consent. Before you give consent, we recommend that you carefully read the information we provide concerning the use of your personal data. If you have given consent and you want to withdraw this consent, you can do that very simply.
Good to know:
When we use your personal data on the basis of the law or a legitimate interest, we do not require your consent to use your personal data. In such cases, however, you may raise an objection.
Required personal data
If we need personal data from you in order to conclude a contract with your business and you or the business refuses to provide this data even though this is required by law, we cannot enter into a contract with your business. If a contract already exists, we must terminate our contract with your business.
Do you want us to remove your personal data from our systems? Unfortunately, we cannot remove required personal data. We need this data, for instance for the performance of the contract you have with us, or because we are required to keep this data by law or owing to a legitimate interest of ABN AMRO.
Camera images, telephone calls, chat messages and video chat sessions
If you visit us, we may capture images of you on camera. We do this for security purposes. We may also record your telephone calls with us. We do this for the purpose of improving our services or because of a legal obligation and for the prevention and detection of crime. We handle video and audio recordings with due care. They are subject to the same rules as other personal data. You may exercise your rights, such as your right of access. Information about all your rights can be found here.
Other parties using your personal data
There are situations in which we need to provide your personal data to other people and entities involved in the provision of our services. These are described below.
Our service providers
We work with other companies that help us provide services to us and our clients. This is referred to as outsourcing. We are not permitted to pass your personal data on to them without good reason. This is governed by legal rules. We therefore carefully select these companies and clearly agree with them on how they are to handle your personal data. We remain responsible for your personal data held by us or on our behalf.
We also work with intermediaries who introduce clients and business to us. Such intermediaries process your personal data and are responsible for how they use your personal data. Please visit the relevant intermediary's website to find out how it handles personal data.
Competent public authorities
Our supervisory authorities, law enforcement agencies, government entities, tax authorities or regulatory bodies around the world may ask us to provide data relating to you. The law specifies when we are required to provide this data.
In the event that we propose to transfer your contract to a third party Financial Services Provider, we may share personal information with the proposed transferee of your contract, to allow decisions to be made relating to that transfer and for the purposes of that transfer. This is within the legitimate interests of ABN AMRO, and to allow any such transferee to meet their legal requirements.
Use of your personal data for direct marketing purposes
If your business has previously purchased a product or service from us, or has provided a service or introduced a client, we are keen to keep you informed about similar products and services we offer that are relevant to your business’ or clients’ needs. This also applies if you are a visitor to our website. In order to do this properly, we use various sources. These are described below.
1. The personal data that we received from your business or a third party in the context of the contract, service, introduction, or request for information on our products and services.
2. Other sources of information, including public sources. We will always check first whether a public or other source of information can be used reliably.
3. Third party referrals by suppliers, intermediaries, existing and former client and contacts.
We use social media channels to publicise our organisation, products and/or services with clients, users of portals and visitors to the website. We do this so that we can offer useful, relevant information and/or answer questions we receive through social media. We use the internet and social media channels, such as LinkedIn and Twitter, for this purpose. If you have any questions or comments, please email us: firstname.lastname@example.org
As a financial services provider, we make use of profiling. Below we explain why we do this, and when.
We have a great deal of knowledge and experience in the area of fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud.. To the extent possible, we may take measures in order to prevent fraud, which may include profiling. Due to security reasons, we are not able to provide further details on such measures.
As a financial services provider, we have to comply with the Money Laundering Regulations 2017 and related legislation. We therefore pay particular attention to unusual transactions and to transactions that - by their nature - result in a relatively high risk of money laundering. To do this, we need to create and maintain a risk profile of the business and of those individuals who operate on behalf of the business or may provide guarantees or other securities in support of the business. If we suspect that a transaction is connected with money laundering or terrorist financing, we will report this to the authorities.
Client and product acceptance
How do we make use of profiling when someone wants to purchase a product? The following example explains how we do this. Imagine that you contact us on behalf of your business to use our products and services.
1. We carry out a risk assessment. We do this for new clients and also for existing clients who want to take additional products. We know from experience that the (financial) behaviour of individuals who represent a particular business can be of importance in order to assess whether a given product can be offered or not.
2. Individuals who represent business who normally able meet financial obligations may share a number of characteristics,. These characteristics are used as a basis for creating a profile.
3. We review your profile and assess how likely it is that your business or your guarantor(s) will be able to meet their obligations.
If you do not have a contract with us, we determine whether direct marketing is permitted in specific situations on a case-by-case basis, and separately for each type of personal data and for each group.
We go to great lengths to ensure the highest possible level of protection for your information:
- We invest in our systems, procedures and people.
- We make sure that our working methods are in keeping with the sensitive nature of your information.
- We train our people how to keep your information safe and secure.
For security reasons, we are unable to provide details of the precise measures we take. But you may have come across some of the following procedures we use to protect your personal data:
• Security of our online services
• We follow a rigorous process to establish your identity (authentication)
• Requirements for sending confidential documents
Security is our shared priority. If, for example, you encounter breaches in our security, you can report them to us confidentially via email : email@example.com
Personal data outside Europe
Personal data is processed outside Europe too. Additional rules apply in that case, the reason being that not all countries have the same strict data protection legislation as we do in Europe. Click here to view the list of safe countries.
Sharing personal data within the ABN AMRO Group
We may share personal data outside Europe with other group companies. Our sharing of personal data is governed by our global internal policy, the Binding Corporate Rules (BCRs) Click here to view the Binding Corporate Rules. These have been approved by the Dutch Data Protection Authority (Dutch DPA).
Sharing personal data with other service providers
We may occasionally share personal data with other companies or organisations outside Europe, for instance in the context of an outsourcing agreement. In that case, we ensure that either the country has adequate equivalent protections, or that we have concluded separate agreements with those parties, and that these agreements comply with the European standard
How do we determine the period for which your personal data is stored?
We keep personal data in any event for as long as is necessary to achieve the purpose.
The General Data Protection Regulation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, we are under the obligation to observe these periods. Such legislation includes tax laws or laws governing financial undertakings specifically.
If we become involved in a lawsuit or other legal proceedings, we keep personal data so that we can make a case for our position. We may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against us.
What rights do you have?
Right to object to processing for direct marketing purposes
If you no longer want to receive offers for our products and services, you can unsubscribe at any time. All marketing messages include this possibility, and you can follow the link at the bottom of the marketing messages to exercise this right easily.
Right to object to profiling
It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of data. In such situations, we will of course comply with the law.
Right of access, right to rectification, right to be forgotten, right to restriction of processing
- You have the right to demand an overview of all data relating to you that we hold
- If your personal data is incorrect, you can ask us to change your personal data.
- You can ask us to erase your personal data at any time. We are not always able to do this, however, and we do not always have to agree to this, for example if we are required by law to keep your personal data for a longer period of time.
- You can also ask us to temporarily restrict our use of personal data. You can do that if:
• You think the personal data is incorrect;
• We are not supposed to use your personal data;
• We want to destroy your personal data but you still need it (for instance after the storage period has ended).
To exercise any of these rights please contact The Data Protection Officer, ABN AMRO Asset Based Finance N.V., UK Branch, Sheencroft House, 10-12 Church Rd, Haywards Heath RH16 3SN.
Right to data portability
According to the General Data Protection Regulation, individuals have a new right. The right to data portability. This right applies when personal data of the individual is used to carry out a contract where the individual himself and not the business it represents is party to that contract, or when the individual has been asked for his or her consent for the processing of the data. ABF concludes an agreement with the business you represent or are related to and not with you individually. For this reason (except in limited circumstances where you may be a sole trader or sole director of a company) this right does not apply to you as a contact person at companies to which we provide services and with whom we are in correspondence, partner, director, shareholder, person with significant control, guarantor, security provider or beneficial owners (BOs) of these companies, and also directors of associated businesses, directors of any intermediaries
Do you have a complaint or want to ask a question?
Please contact us if you have any questions about the Privacy Statement. We will be happy to help you. The Data Protection Officer, ABN AMRO NV, UK Branch, Sheencroft House, 10-12 Church Rd, Haywards Heath RH16 3SN. If you do not agree with the way in which you handle your personal data, you can lodge a complaint with the Complaints Management department, ABN AMRO Asset Based Finance N.V., UK Branch, Sheencroft House, 10-12 Church Rd, Haywards Heath RH16 3SN
You also have the right to take your complaint to the Information Commissioner’s Office (ICO).If you are still unhappy with the response, or your complaint has not been resolved within a reasonable period, you may raise a concern with the Information Commissioner’s Office (ICO). You should raise your concerns with the ICO within 3 months of your last meaningful contact with us.
The ICO can be contacted electronically on their website at https://ico.org.uk/concerns
Or by telephone on 0303 123 1113
Do you want to read this Privacy Statement at another time?
You can save our Privacy Statement on your smartphone, tablet or computer.
Changes to the Privacy Statement
Changes to the law or our services and products may affect the way in which we use your personal data. If this happens, we will make changes to our Privacy Statement and notify you of these changes. We will post any changes on our website or in the app.