Credit Europe Bank (Dubai) (hereinafter referred to as “CEB” or “us” or “we”) respects your privacy and processes personal data as a data controller in accordance with the European General Data Protection Regulation (GDPR) and the Code of Conduct for the Processing of Personal Data by Financial Institutions.
what personal data we collect and how;
• for what purposes and on what grounds we process your personal data;
• with whom we share your personal data;
• how long we keep your personal data;
• the rights you have as data subject;
• how your personal data is protected;
• changes to this policy; and
• how you can contact us.
Personal data is any information relating to an identified or identifiable natural person. Personal data that we process may include:
• ‘Data on who you are’ such as (i) basic information like your first and last name, prefix, title, (ii) contact details such as your e-mail address, postal address and phone number, (iii) data contained on your identity document, and (iv) your role (e.g. authorized representative, legal representative, director or guarantor);
• ‘Your transactions and payments’: name and account number of the person instructing a payment, account number of the person receiving a payment, time and location at which payments were made, amounts transferred or deposited and the balance in your account and investments orders;
• ‘Your contact history’: the subject of the contact you had with us, when did the contact occur and with which department, how (via post, email etc.) and the recording of a telephone conversation or report from a discussion;
• ‘Data needed for security and fraud prevention’: internal reference register (i.e. a list of people and institutions with whom we no longer wish to have a relationship), external reference register (a list kept by banks in the Netherlands containing people and institutions who have committed fraud or otherwise pose a risk to the financial sector), national, European and international sanctions lists, camera footages in our offices and payment patterns;
• ‘Your financial situation and CEB products’: your personal and business CEB products and services, the balance in your accounts and on your loans, your registration with the credit registration office, your investment profile and data on payment arrears;
• ‘Sensitive personal data’: citizen service number (BSN) and criminal data;
• ‘Your use of our websites’: your IP address, data on your visit to our website, the device you used to visit our websites, cookies and your cookie-settings;
• ‘Data on you from external parties’: data on companies, their representatives and Ultimate Beneficial Owners (UBO’s) provided by the companies itself or from the Land Register and the Commercial Register of the Chamber of Commerce, data from the Credit Registration Office (BKR), data from public sources such as status inquiry agencies (companies specialized in credit profiles), the insolvency register, newspapers, the internet or social media;
• ‘Job Applications’: data you may provide us for the purpose of a job application, such as your full name, date of birth, address, phone number, nationality, marital status and any other personal data set out in your application;
• Personal data that you provide us with for the purpose of attending events or meetings, such as access and dietary requirements; and
• Any other personal data relating to you which you may provide us with or that we may obtain in relation to the purposes and based on grounds set out below.
We collect this personal data because you provided this data to us. For example, you may provide data when entering into an agreement with us, by entering your data on our website, by giving us your business card or by applying for a job. We may also collect your personal data from other sources, such as from a local counsel, counterparties, the Trade Register, the Land Registry or by using publically available sources.
Purposes and legal basis for the processing of personal data
CEB saves and uses personal information for carefully selected purposes as included in the Code of Conduct for the Processing of Personal Data by Financial Institutions. A summary of these purposes is outlined below:
• To verify whether or not CEB can accept someone as a customer;
• To enter into and execute contracts with you and (other) customers;
• To ensure money can be paid and received (payments);
• To analyse personal information for investigations and statistic and scientific objectives;
• To provide information about CEB products and services (marketing);
• For prevention of fraud and unusual transactions and in general for the protection of security and integrity of your transactions and of the financial market;
• To comply with legislation or court orders to which CEB is subject[i];
• To maintain contact with you,(other) customers and/or business relations; and/or
• To handle your job application or subscription to any of our recruitment services and events.
We will process your personal data using one or more of the following legal grounds:
• Performance of a contract;
• Compliance with a legal obligation;
• Legitimate interest;
• Your consent.
Sharing with others
In some cases we may also share your personal data with third parties. This may include, but is not limited to:
• Other financial institutions;
• The government (such as Tax Authority, Finance Intelligence Unit Nederland, Tax and Customs Administration, Police, Justice officials, Intelligence services and Supervisory Authorities); and/or
• Service providers who work for CEB and companies CEB works with.
To the extent that a third party processes your personal data as a data processor of CEB, CEB will conclude a processing agreement with such party that meets the requirements set out in the GDPR.
To be able to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside of the European Economic Area. In that case, CEB will ensure that the data transfer is compliant with GDPR and the applicable law.
You, as a data subject, have a number of legal rights:
• Right of access. This means you can make a request to obtain access to the personal data concerning yourself;
• The right to rectification or correction of your personal data if it is inaccurate or incomplete;
• The right to erasure of the personal data that relates to you. Please note that there may be circumstances in which we are required to retain your data in order to meet our legal and regulatory obligations;
• The right to object to or to request restriction of the processing. Again, there may be circumstances in which we are legally entitled to refuse your request;
• The right to data portability. This means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
• The right to object to profiling;
• The right to lodge a complaint with a supervisory authority; and
• The right to withdraw your consent. Again, there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations.
CEB has taken technical and organizational measures to ensure an appropriate level of security to protect your personal data from unauthorized or unlawful processing and from loss, destruction, damage, alteration or disclosure. If you have any questions regarding the security of your personal data, or if there are indications of misuse, please contact our Data Protection Officer at email@example.com
Please visit the Cookie Declaration page for more information on cookies, the details of cookies we use, and to see or modify your current cookie consent status.
Credit Europe Bank NV
Attn. Data Protection Officer
1101 CJ Amsterdam
If you wish to obtain an overview of the personal information we have on file about you please send a written request to the abovementioned address together with a copy of a valid proof of ID (passport, driving license, etc.).
Het privacybeleid van Credit Europe Bank NV vindt u hier.
Credit Europe Bank Dubai
Amsterdam, February 2021
[i] For example, CEB is obligated to process personal data for the purposes of the prevention of money laundering and terrorist financing. The Wwft (the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act) includes several obligations for financial institutions to process personal data. Such data, collected to comply with the Wwft, can only be used for the purposes of prevention of money laundering and terrorist financing and is subject to strict maximum retention period.