Privacy policy
Midfinance Bank (hereinafter referred to as “CEB” or “us” or “we”) respects your privacy and processes personal data as a data controller in accordance with the European General Data Protection Regulation (GDPR) and the Code of Conduct for the Processing of Personal Data by Financial Institutions.
In this Privacy Policy we explain:
- what personal data we collect and how;
- for what purposes and on what grounds we process your personal data;
- with whom we share your personal data;
- how long we keep your personal data;
- the rights you have as data subject;
- how your personal data is protected;
- our use of cookies;
- changes to this policy; and
- how you can contact us.
This Privacy Policy applies to all persons of whom CEB processes personal data, such as (prospect) customers or their representatives or Ultimate Beneficial Owners, persons who have subscribed to newsletters or events, and persons who have applied for a job at CEB.
Personal data
Personal data is any information relating to an identified or identifiable natural person. Personal data that we process may include:
- ‘Data on who you are’ such as (i) basic information like your first and last name, prefix, title, (ii) contact details such as your e-mail address, postal address and phone number, (iii) data contained on your identity document, and (iv) your role (e.g. authorized representative, legal representative, director or guarantor);
- ‘Your transactions and payments’: name and account number of the person instructing a payment, account number of the person receiving a payment, time and location at which payments were made, amounts transferred or deposited and the balance in your account and investments orders;
- ‘Your contact history’: the subject of the contact you had with us, when did the contact occur and with which department, how (via post, email etc.) and the recording of a telephone conversation or report from a discussion;
- ‘Data needed for security and fraud prevention’: internal reference register (i.e. a list of people and institutions with whom we no longer wish to have a relationship), external reference register (a list kept by banks in the Netherlands containing people and institutions who have committed fraud or otherwise pose a risk to the financial sector), national, European and international sanctions lists, camera footages in our offices and payment patterns;
- ‘Your financial situation and CEB products’: your personal and business CEB products and services, the balance in your accounts and on your loans, your registration with the credit registration office, your investment profile and data on payment arrears;
- ‘Sensitive personal data’: citizen service number (BSN) and criminal data;
- ‘Your use of our websites’: your IP address, data on your visit to our website, the device you used to visit our websites, cookies and your cookie-settings;
- ‘Data on you from external parties’: data on companies, their representatives and Ultimate Beneficial Owners (UBO’s) provided by the companies itself or from the Land Register and the Commercial Register of the Chamber of Commerce, data from the Credit Registration Office (BKR), data from public sources such as status inquiry agencies (companies specialized in credit profiles), the insolvency register, newspapers, the internet or social media;
- ‘Job Applications’: data you may provide us for the purpose of a job application, such as your full name, date of birth, address, phone number, nationality, marital status and any other personal data set out in your application;
- Personal data that you provide us with for the purpose of attending events or meetings, such as access and dietary requirements; and
- Any other personal data relating to you which you may provide us with or that we may obtain in relation to the purposes and based on grounds set out below.
We collect this personal data because you provided this data to us. For example, you may provide data when entering into an agreement with us, by entering your data on our website, by giving us your business card or by applying for a job. We may also collect your personal data from other sources, such as from a local counsel, counterparties, the Trade Register, the Land Registry or by using publically available sources.
Purposes and legal basis for the processing of personal data
CEB saves and uses personal information for carefully selected purposes as included in the Code of Conduct for the Processing of Personal Data by Financial Institutions. A summary of these purposes is outlined below:
- To verify whether or not CEB can accept someone as a customer;
- To enter into and execute contracts with you and (other) customers;
- To ensure money can be paid and received (payments);
- To analyse personal information for investigations and statistic and scientific objectives;
- To provide information about CEB products and services (marketing);
- For prevention of fraud and unusual transactions and in general for the protection of security and integrity of your transactions and of the financial market;
- To comply with legislation or court orders to which CEB is subject[i];
- To maintain contact with you,(other) customers and/or business relations; and/or
- To handle your job application or subscription to any of our recruitment services and events.
We will process your personal data using one or more of the following legal grounds:
- Performance of a contract;
- Compliance with a legal obligation;
- Legitimate interest;
- Your consent.
Sharing with others
CEB may share your personal data with any company belonging to the CEB group for the purposes described in this Privacy Policy.
In some cases we may also share your personal data with third parties. This may include, but is not limited to:
- Other financial institutions;
- The government (such as Tax Authority, Finance Intelligence Unit Nederland, Tax and Customs Administration, Police, Justice officials, Intelligence services and Supervisory Authorities); and/or
- Service providers who work for CEB and companies CEB works with.
We will only share your personal data with these third parties for the purposes and on the legal grounds stated in this Privacy Policy.
To the extent that a third party processes your personal data as a data processor of CEB, CEB will conclude a processing agreement with such party that meets the requirements set out in the GDPR.
To be able to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside of the European Economic Area. In that case, CEB will ensure that the data transfer is compliant with GDPR and the applicable law.
Retention period
CEB will not store your personal data any longer than is necessary to achieve the purposes stated in this Privacy Policy or to comply with the relevant laws and regulations. We maintain a list of minimum record keeping requirements that are specified by different legislations, such as tax law and retire your personal data from our systems to the extent it is technologically possible. We may keep some of your personal data longer for specific purposes like risk management, security and legal purposes. In such situations, we limit access to your personal data to absolute minimum.
Your rights
You, as a data subject, have a number of legal rights:
- Right of access. This means you can make a request to obtain access to the personal data concerning yourself;
- The right to rectification or correction of your personal data if it is inaccurate or incomplete;
- The right to erasure of the personal data that relates to you. Please note that there may be circumstances in which we are required to retain your data in order to meet our legal and regulatory obligations;
- The right to object to or to request restriction of the processing. Again, there may be circumstances in which we are legally entitled to refuse your request;
- The right to data portability. This means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- The right to object to profiling;
- The right to lodge a complaint with a supervisory authority; and
- The right to withdraw your consent. Again, there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations.
Security
CEB has taken technical and organizational measures to ensure an appropriate level of security to protect your personal data from unauthorized or unlawful processing and from loss, destruction, damage, alteration or disclosure. If you have any questions regarding the security of your personal data, or if there are indications of misuse, please contact our Data Protection Officer at [email protected]
Cookies
CEB uses cookies on its websites and internet banking applications. CEB does not place any cookies on your browser without your consent, except for the cookies that are functionally required.
Please visit the Cookie Declaration page for more information on cookies, the details of cookies we use, and to see or modify your current cookie consent status.
Changes
CEB may amend this privacy policy from time to time. On this website, you can always view the latest version of our privacy policy. We would advise you to check the policy regularly and, in any event, whenever you provide us with personal data.
Contact
If you need further information or have any questions or comments about our privacy policy or the processing of your personal data, please contact us in writing via: [email protected]
or