Privacy Notice July 2018
"We", "our" or "us" means KAS BANK N.V. and its Branches. Under the General Data Protection Regulation we are a data controller and a data processor in respect of the personal data you provide to us. We collect and use your personal data as described below. We are responsible for ensuring that we use your personal data in compliance with the data protection law.
If you have any questions about this notice, about how we process personal data or about your rights over your personal data, you can contact us via email to firstname.lastname@example.org..
Personal data that we collect about you
Information collected by us
In the course of you or your organisation:
- interacting with our website;
- offering to provide or providing services to us;
- working towards or agreeing to receive (and actually receiving) services from us;
- attending a KAS BANK event or visiting a KAS BANK stand at an independent industry event;
- choosing to sign up to receive our newsletters and/or blogs.
we may collect personal data about you, including:
- contact information, such as first name and last name, company name, business telephone number and business email address;
- where requested for “know your customer” purposes, personal identification documentation and related information including date of birth, place of birth, personal identification numbers, nationality, residential address, employment history, address history and proof of address;
- information necessarily processed in a project or (pre)contractual arrangements or contractual relationship with KAS BANK or voluntarily provided by you;
- personal identification details of your visits to our premises.
Information collected from other sources
We may obtain personal information from other sources including from your organisation, other organisations with whom you have dealings, an information or service provider or from privately available records, including industry databases.
How we use your personal data
Your personal data may be processed by us for the following purposes:
- carrying out the service to you as a client, including the administration of your account(s);
- to communicate with you in relation to the services we provide to you;
- to communicate with you in relation to marketing information and newsletters;
- to provide access to our systems and maintain security;
- to deliver goods and services to you (we only share information with third parties in the context of the service you have agreed for us to supply);
- to comply with our legal obligations;
- to monitor and improve our websites and services.
Legal basis for processing your personal data
We process your personal data pursuant to the following legal bases:
- where necessary for performance of a contract with you or your organisation;
- where necessary to comply with legal obligations;
- where necessary for the purposes of our legitimate business interest, provided that such interests are not overridden by your interests or fundamental rights and freedoms;
- where you have specifically given consent for us to use your personal data to send you specific email updates and communications (by opting-in to such email updates/ communications).
Sharing your personal data
We will not share or disclose your personal information except to the extent required by applicable law or regulation, with your permission, or to such parties and for such purposes as identified below:
- to facilitate the provision of services to you;
- to facilitate the administration and maintenance of user access to our services and/or website;
- to conduct and/or improve our business development activities;
- to ensure the safety and security of our data;
- to regulators, courts, law enforcement authorities or other parties for the purposes of compliance with applicable law, regulation, legal process or governmental requests or the establishment, exercise and/or defence of a claim.
We will take steps to ensure that the personal data is accessed only by personnel that have a need to do so for the purposes described in this notice.
Keeping your personal information safe
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If any of the personal data you have provided to us changes or you become aware we have inaccurate personal information about you, please let us know by sending an email to email@example.com. General Data Protection Regulation also gives you a right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk.
How long your personal information will be kept
We will only hold your personal information for as long as is necessary or until you withdraw your consent (where applicable) and are not otherwise legally required or permitted to continue maintaining such data.
Transfer of personal data outside the European Economic Area
The information you provide to us will be transferred to and stored on our secure servers in the European Economic Area (“EEA”). However, from time to time, your personal data may be transferred to, stored in, or accessed from a destination outside the EEA. It may also be processed by staff operating outside of the EEA who work for us or an affiliate or for one of our suppliers. Any such transfer of your personal information will be subject to appropriate safeguards to protect your personal information, including appropriate contractual protections.
You have a number of rights in relation to the personal data that we hold. These rights include:
- the right to object to our processing of your personal data where we process your personal data pursuant to our legitimate business interests. Please note that there may be circumstances where you object to our processing of your personal data but we are legally entitled to refuse that request;
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit such data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to request that we restrict our processing of your personal data in certain circumstances. Please note that there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request;
- the right to object to the processing of your personal data for direct marketing purposes; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contact us” section below. You can find out more information about your rights by contacting the, the Information Commissioner, www.ico.org.uk
Changes to this Privacy Notice
We keep this notice under regular review. Any changes we make to this notice in the future will be posted at www.kasbank.com and, where appropriate, notified to you by e-mail.
Please contact us if you have any questions about this notice or personal data that we may hold about you by writing to:
The Data Protection Officer
KAS BANK N.V.
PO BOX 24001
1000 DB Amsterdam
By email: firstname.lastname@example.org marked for the attention of the Data Protection Officer