DAILY BANKING

PRIVACY NOTICE (applicable from January 25th 2022)

PRELIMINARY SECTION: MAIN AMENDMENTS

As a trusted companion, the protection of your personal data is important to the BNP Paribas Group. We have enhanced this 
Privacy Notice by being more transparent on the following information on:

  • processing activities relating to commercial prospection
  • processing activities relating to anti-money laundering and countering the financing of terrorism, and international 
    sanctions (freezing of assets)

INTRODUCTION

We take the protection of your personal data very seriously; accordingly, the BNP Paribas Group has adopted strong principles 
in its Personal Data Protection Charter available at BNP Paribas - Personal Data Privacy Charter (group.bnpparibas).
BNP Paribas Fortis SA ("We"), as controller, through our brands (BNP Paribas Fortis, Fintro and Hello Bank!) are responsible 
for collecting and processing your personal data in relation to its activities.

Our business is to help all our customers – individuals, entrepreneurs, small and medium-sized enterprises, large companies 
and institutional investors – in their day-to-day banking activities and in achieving their projects thanks to our financing, 
investment, savings and insurance solutions. 

As a member of an integrated banking-insurance Group in collaboration with the various entities of the Group, we provide our 
customers with a complete range of financial and insurance products and services.

The purpose of this Privacy Notice is to explain how we process your personal data and how you can control and manage them.
Further information may be provided where necessary at the time of collection of your personal data.

1. ARE YOU SUBJECT TO THIS PRIVACY NOTICE?

 This Privacy Notice applies to you if you are ("You"): 

  • one of our customers or in a contractual relationship with us (e.g., as a guarantor or co-borrower);
  • a member of our customer’s family and/or household. Indeed, our customers may occasionally share with us
  • information about their family when it is necessary to provide them with a product or service or to get to know them 
    better;
  • a person interested in our products or services when you provide us with your personal data (in an agency, on our 
    websites and applications, during events or sponsorship operations) so that we can contact you;
  • a (legal) representative of our client;
  • a beneficiary of a payment made by our client;
  • a beneficial owner of our client;
  • a debtor of our client (e.g. in case of bankruptcy of our client);
  • a shareholder of our client;
  • a member of our client's staff.

When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of 
their personal data and invite them to read this Privacy Notice.

2. HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?

You have rights which allow you to exercise real control over your personal data and how we process them. We draw your attention to the fact that these rights may be limited where regulations so provide. This is the case with the regulations relating to the fight against money laundering and the financing of terrorism, which prohibit us from allowing you to exercise your various rights with regard to your personal data processed for this purpose.

If you wish to exercise the rights listed below, please submit a request by post addressed to BNP Paribas Fortis SA – Data Privacy Office – 1GA2U, Montagne du Parc/Warandeberg 3, 1000 Brussels or via Easy Banking Web or app1, with a scan/copy of your identity card. You can also call the Easy Banking Centre or visit one of our branches.

If you have any questions relating to our use of your personal data under this Privacy Notice, please contact our Data Protection Officer at the following address BNP Paribas Fortis SA – Data Privacy Office – 1GA2U, Montagne du Parc/Warandeberg 3, 1000 Brussels or by sending us an e-mail to mailto:privacy@bnpparibasfortis.com

2.1. You can request access to your personal data

You can directly access some data through your client account on our Easy Banking Web website or via the Easy Banking App mobile application. 

If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing.

2.2. You can ask for the correction of your personal data

Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.

2.3. You can request the deletion of your personal data

If you wish, you may request the deletion of your personal data, to the extent permitted by law.

2.4. You can object to the processing of your personal data based on legitimate interests

If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so or it is necessary for the establishment, exercise or defence of legal claims.

2.5. You can object to the processing of your personal data for commercial prospecting purposes

You have the right to object at any time to the processing of your personal data for commercial prospecting purposes, including profiling, insofar as it is linked to such prospecting.

2.6. You can suspend the use of your personal data 

If you question the accuracy of the personal data we use or object to the processing of your personal data, we will verify or review your request. You may request that we suspend the use of your personal data while we review your request.

 2.7. You have rights against an automated decision

As a matter of principle, you have the right not to be subject to a decision based solely on automated processing based on profiling or otherwise that has a legal effect or significantly affects you. However, we may automate such a decision if it is necessary for the entering into or performance of a contract with us, authorised by regulation or if you have given your consent. In any event, you have the right to challenge the decision, express your views and request the intervention of a competent person to review the decision.

2.8. You can withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.

2.9. You can request the portability of part of your personal data

You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine readable format. Where technically feasible, you may request that we transmit this copy to a third party.

2.10. How to file a complaint with the Data Protection Authority?

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, which is usually the one in your place of residence. In Belgium, this is the Data Protection Authority.

* via the settings of your Easy Banking Web or App (for your right of access, right to rectification, right of consent and right to data portability)

3. WHY AND ON WHICH LEGAL BASIS DO WE USE YOUR PERSONAL DATA?

In this section we explain why we process your personal data and the legal basis for doing so.

3.1. Your personal data are processed to comply with our various regulatory obligations

Your personal data are processed where necessary to enable us to comply with the regulations to which we are subject, 
including banking and financial regulations. 

3.1.1. We use your personal data to:

  • monitor operations and transactions to identify those which deviate from the normal routine/patterns (e.g., when you withdraw a large sum of money in a country other than your place of residence);
  • monitor your transactions to manage, prevent and detect fraud;
  • manage and report risks (financial, credit, legal, compliance or reputational risks etc.) that the BNP Paribas Group could incur in the context of its activities;
  • record, in compliance with the Markets in Financial Instruments Directive (MiFID 2), communications in any form relating to, at the very least, transactions performed within proprietary trading and the provision of services relating to clients’ orders, in particular their receipt, transmission and execution;
  • assess the appropriateness and suitability of the investment services provided to each client in compliance with the Markets in Financial Instruments regulations (MiFID 2);
  • assist the fight against tax fraud and fulfil tax control and notification obligations;
  • assess your level of credit risk and your ability to repay when you borrow;
  • record transactions for accounting purposes;
  • prevent, detect and report risks related to Corporate Social Responsibility and sustainable development;
  • detect and prevent bribery;
  • comply with the provisions applicable to trust service providers issuing electronic signature certificates;
  • exchange and report different operations, transactions or orders or reply to an official request from a duly authorized local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, law enforcement, state agencies or public bodies.

3.1.2. We also process your personal data for anti-money laundering and countering of the financing of terrorism purposes

As part of a banking Group, we must have a robust system of anti-money laundering and countering of terrorism financing (AML/TF) in each of our entities managed centrally, as well as a system for applying local, European and international sanctions.
 
In this context, we are joint controllers with BNP Paribas SA, the parent company of the BNP Paribas Group (the term "We" in this section also includes BNP Paribas SA). 

The processing activities performed to meet these legal obligations are detailed in appendix 1. 

3.2. Your personal data are processed to perform a contract to which you are a party or pre-contractual measures taken at your request

Your personal data are processed when it is necessary to enter into or perform a contract to:

  • define your credit risk score and your reimbursement capacity;
  •  evaluate (e.g., on the basis of your credit risk score) if we can offer you a product or service and under which 
    conditions (e.g., price);
  • provide you with the products and services subscribed to under the applicable contract;
  • manage existing debts (identification of customers with unpaid debts);
  • respond to your requests and assist you;
  • assist you in the management of your budget by the automatic categorization of your transaction data;
  • ensure the settlement of your succession

3.3. Your personal data are processed to fulfil our legitimate interest or that of a third party 

Where we base a processing activity on legitimate interest, we balance that interest against your interests or fundamental rights 
and freedoms to ensure that there is a fair balance between them. If you would like more information about the legitimate 
interest pursued by a processing activity, please contact us using the contact details provided under section 2 "HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?” above. 

3.3.1. In the course of our business as a bank-insurer, we use your personal data to:

  • Manage the risks to which we are exposed:
    • we keep proof of operations or transactions, including in electronic evidence;
    • we carry out the collection of debts;
    • we handle legal claims and defences in the event of litigation;
    • we develop individual statistical models in order to help define your creditworthiness and risk profile: 
  •  Enhance cyber security, manage our platforms and websites, and ensure business continuity
  •  Use video surveillance to prevent personal injury and damage to people and property;
  • Enhance the automation and efficiency of our operational processes and customer services (e.g., automatic filling of complaints, tracking of your requests and improvement of your satisfaction based on personal data collected during our interactions with you such as phone recordings, e-mails or chats, using these interactions to train our staff);
  • Carry out financial operations such as debt portfolio sales, securitizations, financing or refinancing of the BNP Paribas Group;
  • Conduct statistical studies and develop predictive and descriptive models for:
    • commercial purposes: to identify the products and services that could best meet your needs, to create new 
      offers or identify new trends among our customers, similarities in behaviour, to develop our commercial policy 
      taking into account our customers’ preferences, to derive observations (e.g. aggregated consumption 
      patterns) that we can offer in the market;
    •  scientific and related purposes : to contribute to academic projects as well as to private and public projects 
      including micro- or macro-economic analysis for the benefit of the Society in particular;
    • safety purpose: to prevent potential incidents and enhance safety management;
    • de conformité, telle que la lutte contre le blanchiment de capitaux et le financement du terrorisme, et de gestion des risques de Lutte contre la fraude
    • compliance purpose (e.g., anti-money laundering and countering the financing of terrorism) and risk 
      management;
    • anti-fraud purposes;
  • Organize contests, lotteries, promotional operations, conduct opinion and customer satisfaction surveys;
  • Know your family environment on the basis of products you have in common with members of your family and/or 
    household, your own statements or those of a member of your family and/or household;
  • Follow up our agreements with external partners when you approach them directly and they subsequently inform us.

3.3.2. We use your personal data to send you commercial offers by electronic means, post and phone

As part of the BNP Paribas Group, we want to be able to offer you access to the full range of products and services that best 
meet your needs.

Once you are a customer and unless you object, we may send you these offers electronically for our products and services and those of the Group if they are similar to those you have already subscribed to. 

We will ensure that these commercial offers relate to products or services that are relevant to your needs and complementary to those you already have to ensure that our respective interests are balanced.

We may also send you, by phone and post, unless you object, offers concerning our products and services as well as those of the Group and our trusted partners.

3.3.3. We analyse your personal data to perform standard profiling to personalize our products and offers

To enhance your experience and satisfaction, we need to determine to which customer group you belong. For this purpose, we build a standard profile from relevant data that we select from the following information:

    • what you have directly communicated to us during our interactions with you or when you subscribe to a product or service
    • resulting from your use of our products or services such as those related to your accounts including the balance of the accounts, regular or atypical movements, the use of your card abroad as well as the automatic categorization of your transaction data (e.g., the distribution of your expenses and your receipts by category as is visible in your customer area)
    • from your use of our various channels: our websites, applications and social networks (e.g., if you are digitally savvy, if you prefer a customer journey to subscribe to a product, or service with more autonomy (selfcare))

Unless you object, we will perform this customization based on standard profiling. We may go further to better meet your needs, if you consent, by performing a tailor-made customization as described below.

3.3.4. We record electronic communications data

In addition to recordings of electronic communications permitted or required by law or to which you have consented, we may record electronic communications to which you are a party, including traffic data, in the course of lawful business transactions in order to:

  • train and monitor our employees and improve the quality of our services
  • provide evidence of business transactions or dealings that have taken place in the course of those electronic 
    communications, including the content of those communications (including any advice we give)

We retain records of electronic communications for as long as required or permitted by law, including for the period in which a dispute relating to those communications may arise.

This applies to both telephone conversations and electronic communications (such as e-mails, SMS, instant messaging or other similar technology) that you have with our call centre, (independent) branches, private banking and business centres, dealing rooms or one of our representatives.

3.4. Your personal data are processed if you have given your consent

For some processing of personal data, we will give you specific information and ask for your consent. Of course, you can 
withdraw your consent at any time.

In particular, we ask for your consent for:

  • tailor-made customization of our offers and products or services based on more sophisticated profiling (inferred from your current behaviours, skills and preferences) to anticipate your needs and behaviours
  • any electronic offer for products and services not similar to those you have subscribed to or for products and services from our trusted partners
  • use of your navigation data (cookies) for commercial purposes or to enhance the knowledge of your profile

You may be asked for further consent to process your personal data where necessary.

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

We collect and use your personal data, meaning any information that identifies or allows one to identify you. Depending among others on the types of product or service we provide to you and the interactions we have with you, we collect various types of personal data about you, including:

  • Identification information: e.g., full name, gender, place and date of birth, nationality, identity card number, national register number (in compliance with the relevant regulations), passport number, driving licence number,vehicle registration number, photograph, signature)
  • Contact information: (private or professional) postal address, e-mail address, phone number
  • Information relating to your financial and family situation: e.g., marital status, matrimonial regime, number of 
    children and age, study or employment of children or yourself, composition of the household, property you own: 
    apartment or house
  • Milestones of your life: e.g., you recently got married, divorced, partnered, or gave birth
  • Lifestyle: hobbies and interests, travel, your environment (nomadic, sedentary)
  • Economic, financial and tax information: e.g., tax ID, tax status, country of residence, salary and other income, 
    value of your assets
  • Education and employment information: e.g., level of education, employment, employer's name and remuneration
  • Banking and financial information related to the products and services you hold: e.g., bank account details, 
    products and services owned and used (credit, insurance, savings and investments, leasing, home protection), credit 
    card number, money transfers, assets, profile of declared investor, credit history, payment incidents
  • Transaction data: account movements and balances, transactions including beneficiary's data such as full names, addresses and contact details as well as details of bank transactions, amount, date, time and type of transaction (bank card, transfer, cheque, direct debit);
  • Data relating to your habits and preferences in relation to the use of our products and services;
  • Data collected from our interactions with you: your comments, suggestions, needs collected during our exchanges with you in person in our Agencies (reports) and online during phone communications (conversation), discussion by email, chat, chatbot, exchanges on our social media pages and your latest complaints. Your connection and tracking data such as cookies and tracers for non-advertising or analytical purposes on our websites, online services, applications, social media pages
  • Data collected from the video protection system (including CCTV) and geolocation: e.g., showing locations of 
    withdrawals or payments for security reasons, or to identify the location of the nearest branch or service suppliers for 
    you
  • Data about your devices (mobile phone, computer, tablet, etc.): IP address, technical specifications and uniquely 
    identifying data
  • Personalized login credentials or security features used to connect you to the BNP Paribas website and apps.

We may collect sensitive data such as health data, biometric data, or data relating to criminal offences, subject to compliance with the strict conditions set out in data protection regulations.

5. WHO DO WE COLLECT PERSONAL DATA FROM?

We collect personal data directly from you; however, we may also collect personal data from other sources.

We sometimes collect data from public sources:

  • publications/databases made available by official authorities or third parties (e.g., the Belgian State Gazette, the 
    Crossroads Bank for Enterprises, databases managed by the supervisory authorities of the financial sector)
  • websites/social media pages of legal entities or business clients containing information that you have disclosed 
    (e.g., your own website or social media page)
  • public information such as that published in the press

 We also collect personal data coming from third parties:

  • from other BNP Paribas Group entities
  • from our customers (companies or individuals)
  • from our business partners
  • from service providers of payment initiation and account aggregators (service providers of account information)
  • from third parties such as credit reference agencies and fraud prevention agencies
  • from data brokers who are responsible for ensuring that they collect relevant information in a lawful manner

6. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

6.1. With BNP Paribas Group's entities 

As a member of the BNP Paribas Group, we work closely with the Group's other companies worldwide. Your personal data may therefore be shared between BNP Paribas Group entities, where necessary, to:

  • comply with our various legal and regulatory obligations described above;
  • fulfil our legitimate interests and those of the entities of the BNP Paribas Group, which are: 
    • managing, preventing, detecting fraud;
    • conducting statistical studies and develop predictive and descriptive models for business, security, 
      compliance, risk management and anti-fraud purposes
    • enhancing the reliability of certain data about you held by other Group entities
    • offering you access to all the Group's products and services that best meet your needs and wishes
    • customizing the content and prices of products and services
    • optimising the management of common customers and the customer experience
    • assisting each other in fulfilling our legal, regulatory and contractual obligations in the course of our business.

6.2. With recipients outside the BNP Paribas Group and processors

In order to fulfil some of the purposes described in this Privacy Notice, we may, where necessary or provided for in our services, share your personal data with:

  • processors which perform services on our behalf e.g., IT services, logistics, printing services, telecommunication, debt collection, advisory and distribution and marketing;
  •  banking and commercial partners, independent agents, intermediaries or brokers, financial institutions, counterparties, public services, trade repositories with which we have a relationship if such transmission is required to allow us to provide you with the services and products or execute our contractual obligations or transaction (e.g., banks, correspondent banks, depositaries, custodians, issuers of securities, paying agents, exchange platforms, insurance companies, payment system operators, issuers or payment card intermediaries, mutual guarantee companies or financial guarantee institutions)
  • ocal or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, public authorities or institutions (such as the National Bank of Belgium, FSMA, Caisse des dépôts et des Consignations), to which we, or any member of the BNP Paribas Group, are required to disclose pursuant to:
    • their request
    • our defence, action or proceeding
    • complying with a regulation or a recommendation issued from a competent authority applying to us or any 
      member of the BNP Paribas Group
  • service providers of third-party payment (information on your bank accounts), for the purposes of providing a payment initiation or account information service that you have taken out with them; 
  • certain regulated professions such as lawyers, notaries, or auditors when needed under specific circumstances 
    (litigation, audit, etc.) as well as to our insurers or to an actual or proposed purchaser of the companies or businesses 
    of the BNP Paribas Group
  • universities and public and/or private scientific institutions.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis.

For transfers to non-EEA countries where the level of protection has not been recognized as adequate by the European 
Commission, we will either rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you, such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:

  • standard contractual clauses approved by the European Commission;
  • binding corporate rules. 

To obtain a copy of these safeguards or details on where they are available, you can send us a request using the contact details provided under section 2 “HOW CAN YOU CONTROL THE PROCESSING ACTIVITIES WE DO ON YOUR PERSONAL DATA?”.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

 For more information on retention periods, see annex 3. 

9. HOW TO FOLLOW THE EVOLUTION OF THIS PRIVACY NOTICE?

In a world where technologies are constantly evolving, we regularly review this Privacy Notice and update it as required.

We invite you to review the latest version of this document online, and we will inform you of any significant amendments through our website or through our standard communication channels.

APPENDIX 1: Processing of personal data for anti-money laundering and countering of the financing of terrorism

We are part of a banking Group that must have a robust anti-money laundering and countering the financing of terrorism 
(AML/CFT) program at entity level, managed at a central level, an anti-corruption system, as well as a mechanism to ensure 
compliance with international Sanctions (this concerns all economic or trade sanctions, including all  laws, regulations, restrictive measures, embargoes, and asset freezing measures that are enacted, governed, imposed, or enforced by the French Republic, the European Union, the U.S. Department of the Treasury’s Office of Foreign Assets Control, and any competent authority in the territories where we are established). 

In this context, we act as joint controllers together with BNP Paribas SA, the parent company of the BNP Paribas Group (the 
term “we” used in this section therefore also includes BNP Paribas SA).  

For  AML/CFT purposes and to comply with international Sanctions, we carry out the processing operations listed hereinafter to comply with our legal obligations: 

  • A Know Your Customer (KYC) program reasonably designed to identify, update and confirm the identity of our 
    customers, including where applicable, their beneficial owners and proxy holders; 
  • Enhanced identification and verification measures for high-risk clients, Politically Exposed Persons or “PEPs” (PEPs are persons designated by the regulations who, by virtue of their functions or positions (political, jurisdictional or administrative), are more exposed to these risks), and for high risk situations ; 
  • Written policies, procedures and controls reasonably designed to ensure that the Bank does not establish - or maintain - relationships with shell banks
  • A policy, based on an assessment of the risks and the economic situation, to generally not process or otherwise 
    engage, regardless of the currency, in any business activity or relationship:
    • for, on behalf of, or for the benefit of any individual, entity or organisation subject to Sanctions by the French 
      Republic, the European Union, the United States, the United Nations, or, in certain cases, other local 
      sanctions in territories in which the Group operates;
    • involving, directly or indirectly, territories under sanctions, including Crimea/Sebastopol, Cuba, Iran, North 
      Korea, or Syria; 
    • involving financial institutions or territories which could be linked to or controlled by terrorist organisations, 
      recognised as such by the relevant authorities in France, the European Union, the United States or the 
      United Nations; 
  • Screening of our customer database screening and transactions, reasonably designed to ensure compliance with 
    applicable laws; 
  • Systems and processes to detect and report suspicious transactions and to report suspicious transactions to the 
    relevant authorities; 
  • A compliance program reasonably designed to prevent and detect bribery, corruption and unlawful influence pursuant to the “Sapin II” Act, the U.S FCPA, and the UK Bribery Act.

In this context, we make use of: 

  • services provided by external providers such as Dow Jones Factiva (provided by Dow Jones & Company, Inc.) and the World-Check service (provided by REFINITIV, REFINITIV US LLC and London Bank of Exchanges) which maintain lists of PEPs; 
  • public information available in the press on facts related to money laundering, the financing of terrorism or corruption; 
  • knowledge of a risky behaviour or situation (existence of a suspicious transaction report or equivalent) that can be 
    identified at BNP Paribas Group level. 

We may need to process special categories of data or criminal data as the purpose is combatting money laundering and terrorist financing.

We carry out these checks when you enter into a relationship with us, but also throughout the relationship we have with you, 
both on yourself and on the transactions you carry out. At the end of the relationship and if you have been the subject of an 
alert, this information will be stored in order to identify you and to adapt our controls if you enter into a new relationship with a BNP Paribas Group entity, or in the context of a transaction to which you are a party.  

In order to comply with our legal obligations, we exchange information collected for AML/CFT, anti-corruption or international 
Sanctions purposes between BNP Paribas Group entities. When your data are exchanged with countries outside the European Economic Area that do not provide an adequate level of protection, the transfers are governed by the European Commission’s standard contractual clauses. When additional data are collected and exchanged in order to comply with the regulations of non EU countries, such processing is necessary to enable the BNP Paribas Group and its entities to comply with both their legal obligations and to avoid local sanctions, which is our legitimate interest.

APPENDIX 2: Automated decisions including profiling

Some of our personal data processing is fully automated and leads to a decision about you without human intervention. Where this is the case, we will always inform you before you start a fully automated process on our digital channels and we will explain the underlying logic behind the automated decision and its consequences.

In this annex, you will find an explanation of the processing operations that involve an automated decision about you. We will 
supplement it if additional automated decisions are made in our processing.

  • Automatic decision to grant loans and automatic determination of the loan conditions – loans to professionals and 
    companies (tax and social instalment loans, instalment loans for the purchase of vehicles and professional equipment), Bonifisc (tax prepayment loan, financial leasing).

In order to make this decision in an automated way, we base ourselves :

  • on the data that you will enter during the loan application (purpose of the loan, amount, duration, etc.);
  • on the data available to us in the context of our existing banking relationship and in particular, the data relating to the management of your accounts and loan agreements as well as the guarantees granted; 
  • on publicly available information (ONSS, VAT,...) as well as information that credit institutions are required to consult, such as those of the Central Corporate Credit Register of the National Bank of Belgium.

We make sure that the data we use is as up to date as possible and we re-evaluate your creditworthiness profile at least once a month, taking into account your then current loans.

The system will automatically determine whether the loan corresponds to your needs and whether you have sufficient 
repayment capacity to meet your commitments.

The decision models on which the decision is based, are based on the combination of your creditworthiness and your ability to repay, as well as your risk profile as determined by us (e.g. based on statistical models that take into account any past defaults). 

The models are adapted to the customer's profile and the purpose of the loan and are review regularly.

The automated decision system will generate one of the below responses:

  •  Either your application is processed automatically and immediately. You will then receive a binding loan offer from us which you can accept by signing the loan contract.
  • Or your application cannot be processed automatically (for example, if it exceeds the limits of what is allowed for an online application or if your creditworthiness is not considered sufficient on the basis of the automated process). You 
    are then invited to contact your advisor as described below. Please note that this will not influence the final decision 
    that will be taken by your contact person.

You can stop the process at any time and contact your usual advisor or through one of the "contacts" link that are made 
available through our digital channels. Our staff will be able to provide you with further information and advice.

Appendix 3: Retention periods

 Macro purpose Retention period
Management of our buildings and agencies The data stored in our visitor register is kept for 6 months from the date of collection.
 
Video recordings are kept for 1 month from the moment they are made. 

Security incident reports are kept for 10 years from the time they are closed. 
Business development and analytical models for 
commercial purposes

Personal data related to prospects is kept for a maximum of 3 to 12 months from the time of collection. 

Data collected for our analytical models is kept for 10 years from the date of collection. 

Photos taken on the basis of a contract specifically provided for this purpose are kept for a maximum of 4 years, photos taken in the context of an event are not kept.
Customer relationship management for commercial purposes and fraud prevention

The data collected in the context of commercial management (for example the minutes of exchanges and emails) are kept for a maximum of 17 years from the end of the relationship.

Where a copy of your signature is collected, it is kept for a maximum of 11 years from the end of the relationship. 

The results of models for commercial and fraud purposes are kept for 2 years. 

Investigations for fraud prevention purposes are kept for 11 years from the end of the relationship.
Provision of services and/or products Data related to a product: transactions, securities, cheques and invoices are kept for 20 years from their issue. 

Contracts are kept for 20 years from the end of the contract.
 
Information relating to safe deposit box access and cards information as well as cheque receipts, are kept for a maximum of 11 years.
Management of credit granting The credit profile drawn up at the time of a loan application shall be kept for 20 years from the closure of the loan.

The documents with contractual value linked to a loan/security are kept for 20 years from the end of the loan/security.
Management of our investment products

As part of our MIFID II obligations, investment profiles and related telephone and electronic exchanges are kept for 11 years. 

MIFID II transactions are kept for 20 years as well as the contracts from the time of their closure.

How to keep control of your data?
Log out

Are you sure you want to log out?

Log outCancel
Session Time Out

Your session will be timed out in 02:00 seconds

Logout nowStay logged in
Warning

Your session will be timed out in 02:00 seconds

Ok
Help
Close
Warning

Do you really want to cancel?

NoYes
Warning

Are you sure you want to delete this (these) message(s)?

NoYes
Share your Easy Banking Web screen
If you are currently in phone or chat contact with an Easy Banking advisor, you can start sharing your Easy Banking Web screen.
Share the session number
In order to activate the sharing of your Easy Banking Web screen, please communicate the session number below to the Easy Banking advisor with whom you are in contact.

Session number: