Login

Privacy statement

In this privacy statement, we describe how we handle your personal data. We also state which personal data we collect and for what purpose.  

You will also find information about your privacy rights, such as the right to access and rectify your data, and how you can exercise these rights. When processing your personal data, we comply with the applicable laws and regulations, including the General Data Protection Regulation (GDPR).  

This privacy statement applies to the processing of personal data by BNG Bank N.V. and BNG Gebiedsontwikkeling B.V. (hereinafter: BNG). BNG is therefore the ‘Controller’ as referred to in the GDPR.  

Legislation and regulations

When processing your personal data, we comply with the following laws and regulations:

  • General Data Protection Regulation (GDPR) and the GDPR Implementation Act
  • Financial Institutions Incident Warning System Protocol
  • Telecommunications Act (insofar as applicable to BNG)

Whose personal data do we process?

We collect and process personal data from natural persons who:

  • are contact persons, directors, representatives and ultimate beneficial owners of organisations with which BNG has, has had or wishes to establish a business relationship;
  • are otherwise involved in our services or in a transaction involving our customers. Such as persons who make a payment to or receive a payment from a BNG bank account
  • are users of our websites and other digital channels

Anyone from whom we collect and process personal data can expect us to treat it with care and confidentiality.

What personal data do we process?

Personal data provides characteristic information that can be linked to a person. We collect the following data:

  • Identity data: such as name, address, place of residence, date and place of birth, (certain) details from your ID or passport.  
  • Contact and relationship data: such as telephone number, email address, contact moments (what, when, how), interests and the recording of digital communications for the purpose of verifying orders, appointments and transactions or in the context of a legal obligation, fraud prevention or integrity monitoring.  
  • Data resulting from customer due diligence: this concerns the screening of persons within the framework of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft) and the Sanctions Act (Sw), including checks against PEP lists, sanctions lists, adverse media and the recording of the results of the screening in the relationship file.  
  • Contract and transactional data: data linked to BNG's products and services, such as account numbers (IBAN), role (authorisations and powers), transactions and payments, balance data and data on payment arrears.  

  • Usage data from our websites and other digital channels: such as pages visited, devices used (desktop, mobile), login sessions, search queries, cookies and references to and from social media. IP addresses are stored anonymously. 

Usage data from our websites and other digital channels: such as pages visited, devices used (desktop, mobile), login sessions, search queries, cookies and references to and from social media. IP addresses are stored anonymously.

Legal grounds

The processing of personal data is only permitted if it is based on one of the legal grounds set out in the GDPR. We only process your personal data if:

  • it is necessary for the conclusion and performance of a contract
  • it is necessary to comply with a legal obligation

  • it is necessary to pursue a legitimate interest that we have in the processing 

  • you have given your consent for this

Purposes of data processing

We use the data for the following purposes:

  • entering into or executing contractual agreements with a customer or other business relation, including the settlement of payments
  • guaranteeing the security and integrity of the financial sector  
  • complying with legal obligations
  • maintaining contacts with business relations
  • performing analyses, compiling reports and web statistics
  • improving the technical and functional operation of our systems, websites and other digital channels
  • carrying out (targeted) marketing activities

Retention periods

We do not retain personal data longer than necessary for the purposes for which we have collected and processed it. We have drawn up a policy document that specifies how long we retain personal data. In doing so, we take into account the statutory retention periods.  

At the end of the retention period, personal data is destroyed or anonymised. In some cases and under certain conditions, we may retain personal data for longer, for example if you have submitted a complaint for which the data is necessary or if we use the data in legal proceedings or for historical or scientific research or statistical purposes.  

Protection of personal data

We take appropriate technical and organisational measures to protect the availability, integrity and confidentiality of personal data. To this end, BNG has an information security policy that is regularly reviewed in light of new regulations and market developments.

In addition, personal data is only processed by persons who are bound by a duty of confidentiality. All our employees have taken the Bankers' Oath.

Provision of data to third parties

If necessary for our services, we may provide personal data to third parties involved in the provision of our services or when necessary to comply with legal obligations.  

Provision of services

We use third parties to provide our services. For example, we use Swift for international transactions and we work with service providers for:

  • technical infrastructure and payment transactions
  • daily statements and other financial reports
  • screening in the context of customer due diligence
  • customer satisfaction surveys, printing, marketing and website management

We only work with carefully selected parties. In addition, we enter into clear agreements with these organisations about how they process and secure your personal data.

Transfer of personal data outside the EEA

We only share your personal data with parties in countries outside the European Economic Area (EEA) if that country has an adequate level of data protection or if we have ensured that adequate additional security measures have been taken.

Legal obligations

When we are obliged to do so, we provide personal data to:

  • (European) supervisory authorities, such as the AP, AFM, DNB or the ECB
  • the Tax and Customs Administration
  • investigative authorities
  • other relevant government authorities

Automated decision-making

BNG does not engage in exclusively automated individual decision-making.  

Your privacy rights

When we process your personal data, you have various privacy rights. These rights are explained below:  

  • the right to access the personal data that BNG processes about you and to certain additional information about it  
  • the right to rectification if your data is incorrect or incomplete  
  • the right to have your data deleted (“the right to be forgotten”). There are exceptions to this right, such as when your data is still needed in connection with the purposes for which we process it or in connection with a statutory retention period
  • the right to (temporary) restriction of data processing, for example if you believe your data is incorrect  
  • the right to object to data processing if the processing of your data is based on a legitimate interest, for example in direct marketing  
  • the right to withdraw your consent if the processing is based on your consent. Withdrawal does not affect the validity of personal data processing that took place before the withdrawal  
  • the right to transfer your personal data if the processing is based on a contract or on your consent (data portability)
  • the right not to be subject to automated decision-making without human intervention, if this has legal consequences for you or other negative consequences

If you wish to exercise your rights, please be as specific as possible. You can submit your request by email or in writing:

BNG
Attn: Privacy Office
PO Box 30305
2500 GH The Hague
privacy-office@bngbank.nl

We will endeavour to respond to your request as soon as possible and in any case within four weeks. We may sometimes ask you for additional information to clarify your request. We may also ask you to visit our office to verify your identity or if we are unable to send your data to you securely. If we need more time to respond to your request, we will let you know and explain the reason for the delay.

We may not be able to comply with your request. For example, because it is not permitted by law or because it would infringe on the rights of others. We will inform you if this is the case. There are no costs associated with processing a request to exercise your rights, unless the response would require a disproportionate amount of effort. We will inform you in advance if we charge any costs.

Do you have a complaint about how BNG handled your request? Please contact BNG's Data Protection Officer at FG@bngbank.nl. Please note that you also have the right to lodge a complaint with the Dutch Data Protection Authority.

Contact and enquiries

If you have any questions about this privacy statement or about how we process your personal data, please send an email to our Data Protection Officer at BNG via FG@bngbank.nl.  

About this Privacy Statement

This is the Privacy Statement of BNG Bank N.V. and BNG Gebiedsontwikkeling B.V. We may amend this privacy statement, for example in connection with changes in legislation and regulations or changes in the way we process personal data. The most recent version can be found on our website.

This version is dated 17 December 2024. 

BNG | Bank of added value - Privacy statement