• 0

    • Waar ben je naar op zoek?

    Privacy Statement for ABN AMRO Employees - Belgium

    Date of most recent version, June 11th 2018. For earlier versions of the Privacy Statement, click here.This Privacy Statement applies to all employees of ABN AMRO. For the purpose of this Privacy Statement, the term ‘employees’ includes external staff who the bank hires through External Staffing, such as agency staff and staff on secondment. For the sake of convenience, the terms ‘the bank’ and ‘employees’ are used in the rest of this Privacy Statement.

    Who is responsible for your personal data?

    As your employer, the bank is responsible for your personal data. The bank's full details are as follows:

    ABN AMRO Bank N.V., a public limited company incorporated to Dutch law, seated at Gustav Mahlerlaan 10, in (1082 PP) Amsterdam, the Netherlands, registered in the Amsterdam Trade Registry under number 34334259, having a Belgian branch at 2600 Antwerpen, Roderveldlaan 5 bus 4, registered with the Crossroads Bank for Enterprises under number (VAT BE) 0819.210.332.

    Data Protection Officer
    The bank has a Data Protection Officer (DPO), Mr. Frank Mulder, who is responsible within the ABN AMRO organisation to ensure that the General Data Protection Regulation (GDPR) is applied and complied with. The DPO can be contacted through the Privacy Office (privacy.office@nl.abnamro.com) and is represented in Belgium by Mr. Jorg De Houwer (be.compliance@be.abnamro.com).

    What is personal data?

    This Privacy Statement explains how the bank uses your personal data. But what exactly is personal data? The best known forms of personal data are your name, address, age and date of birth. Personal data also includes work e-mail addresses, telephone numbers, bank account numbers and your national identification number. There are several special categories of personal data. These include data concerning your health, sexual orientation or cultural background and are particularly sensitive. Another special category concerns biometric data which, through a compilation of techniques that allow individual characteristics, such as fingerprints, to be measured and recognized, can be used to provide access to secure spaces for example. Data protection legislation imposes strict requirements on the use of special categories of personal data. The bank cannot process this type of personal data unless it is required or permitted to do so by law or if you have given your explicit consent for this.

    LDoes the bank also use personal data relating to you that it did not obtain from you directly?

    Yes, the bank also uses personal data relating to you that was not obtained from you directly. Personal data may be collected from sources such as:

    • An employment or recruitment agency
    • Public registers that contain your personal data, such as the national Register
    • An external agency that is engaged in the context of reintegration
    • In the context of pre-employment or in-employment screening (see Ensuring integrity and security. The bank uses personal data to protect itself, its property, its data and its employees from all kinds of breaches, damage and losses insofar as possible. Examples include the following:), the bank may make use of public sources such as search engines and public sections of social media accounts.

    On what basis does the bank process your personal data?

    The bank must have a reason for asking for or using your personal data. This is referred to in the law as ‘a basis for processing’ your personal data. As your employer, the bank uses your personal data for one or more of the following reasons.
    Employment agreement or other contract
    The bank uses your personal data so that it can comply with the employment agreement concluded with you, for example so that it can pay your salary. The bank has to make use of your personal data in order to do this. If you have a lease car, you have concluded the ‘ABN AMRO België Company Car policy’ with the bank, which has to use your personal data in the performance of that user agreement.
    Legal obligation
    In addition, the bank processes your personal data because it is required to do so under various laws and regulations.
    Legitimate interest
    The bank also has the right to use your personal data if this is in its interest. This is referred to as a ‘legitimate interest’. For this to apply, the bank's interest in using your personal data must outweigh your right to privacy. In situations such as these, the bank balances all the interests.The following are examples of situations in which the bank has a legitimate interest in using your personal data:

    • Protecting the bank's property and data
    • Ensuring the security and safety of the bank and its employees
    • Improving services
    • Appraising employees
    • Studying the impact of HR strategy and policy on employees and corporate objectives
    • Enabling the bank to prove its case in legal proceedings


    Vital interest
    There may be cases in which the bank uses your personal data because this is necessary to protect your life or that of another person, for instance if the bank has to share personal data relating to you with a hospital.

    Using personal data with your consent

    The bank will not ask you to consent to the use of your personal data except for in exceptional situations. If you have given consent you can withdraw it at any time. Withdrawing your consent may have consequences, however. If, for example, you have consented in an app to the use of information concerning your location, withdrawing your consent may mean that the app works differently.

    What does the bank use your personal data for?

    As your employer, the bank uses your personal data for the following purposes.
    1. Employment agreement or other contract. The bank needs your personal data for the conclusion and performance of its employment agreement with you. In this context, examples of the purposes for which the bank processes your personal data include:

    • paying your salary;
    • processing the Employee Benefits you use;
    • recording absences;
    • training and appraising employees;
    • for the pension scheme.

    2. Ensuring integrity and security. The bank uses personal data to protect itself, its property, its data and its employees from all kinds of breaches, damage and losses insofar as possible. Examples include the following:

  • Your access pass, which the bank uses to keep track of your presence in the building.
  • Security cameras within the bank's buildings and in their surroundings.
  • If you were involved in an incident, the bank will perform an investigation and may use your personal data in this context.
  • The bank performs pre-employment screening as well as in-employment screening. This means that you undergo screening when you start as an employee and also if you switch to a role for which a different or more stringent form of screening is required. Personal data obtained from public sources may also be used for this purpose.
  • In the context of security, the bank may monitor activity on your computer, including your emails
  • If your role involves chat sessions with Bloomberg and Reuters, the bank may monitor your chat sessions. In this context, you are advised to read the 'Reglement e-mail en chat monitoring' ['Rules on Monitoring Emails and Chat Sessions'

    • 3. Efficient use of spaces and buildings. The bank uses personal data to ensure employees are spread across spaces and buildings in the most efficient way possible, for instance when meeting rooms or parking spaces are reserved. Another example is the bank's SPOT app, which you can use to find a free workspace. This app uses Wi-Fi signals to monitor which workspaces are occupied.

    4. HR management. The bank uses personal data so that it can pursue a responsible, effective and efficient HR policy.

  • Examples include for staff planning and the policy on sick leave and reintegration
  • Another example is for studies in the area of people analytics. Such statistical analyses look at the impact of HR strategy and policy on employees and corporate objectives. Examples of areas of research include the forms of training that have an impact on client satisfaction, and the key drivers for employee commitment within the organisation. The results of such studies and the related recommendations can never be traced back to individual employees.
  • Another example concerns the bank's diversity policy. The bank seeks to ensure that greater diversity within society is reflected throughout the bank. It therefore wants to monitor diversity in all levels of the organisation, so that it can develop intervention procedures if necessary. The bank uses aggregate data about the gender, age and country of origin of employees for this purpose. Aggregate data cannot be traced back to an individual employee. With respect to the country of origin, the bank only uses personal data relating to employees who have volunteered this information for this purpose. 

    • 5. Improvements to services. If you use the bank's telephone for contact with clients for business purposes, the bank may record your telephone calls, chat messages or video chat sessions with clients in order to improve the quality of these calls.

    6. Obligations under legislation and regulations. Finally, the bank uses personal data relating to employees in order to comply with applicable legislation and regulations, such as:

    • MiFID II. The bank is required to record telephone calls between advisers and clients that concern investing. 
    • Tax laws. By law, the bank must share specific information relating to its employees with the FPS Finance.
    • Judicial Code: if someone garnishes your wages, the bank, as your employer, is under a legal obligation to cooperate in this and provide information about you to the bailiff. 
    • Labour and social security legislation: On occasion, the bank has to share specific information regarding its employees to the FPS Employment, Labour and Social Dialogue and the FPS Social Security.
    • Financial supervision regulations: in some situations the bank has to provide personal data relating to employees to a supervisory authority in the context of an examination under supervisory law or in the context of a licence application.
    • Criminal Code: the bank may be required to provide personal data relating to employees to investigation services in the context of a criminal investigation.

    Logging and monitoring

    As you will have gathered from the information provided above, the bank uses various logging and monitoring techniques. What do logging and monitoring entail?
    Monitoring
    Monitoring is not the same as logging. When the bank performs monitoring activities, it actively keeps a record of what happens in a specific place or specific channel and intervenes if something goes wrong. One monitoring technique involves the use of personnel tracking systems. The bank monitors its employees for various purposes.

    • Security: examples include monitoring emails and chat messages.
    • Complying with legal obligations: for instance, the bank's monitoring of securities transactions by employees depends on the relevant employee's compliance status.
    • Efficient use of spaces and buildings: Wi-Fi tracking.

    Logging
    When it comes to logging, the bank does not play an active role. When the bank logs information, it records the personal data so that it can view it at a later date, for example if the supervisory authority carries out an investigation. The following are examples of logging:

    • Recording who has had access to a specific space, and when.
    • Recording the telephone calls of employees working at the Contact Centre, in order to improve the quality of these calls.
    • Under European rules, the bank is also required to record telephone calls between advisers and clients that concern investing.

    For more information about voice logging, see the 'Voice Logging Reglement' ['Voice Logging Rules'].For more information on this topic, please read the following documents:

    • 'Rules of conduct governing use of email, intranet and internet for business purposes'
    • The Information Security Awareness and Secure Behaviour Policy.

    Does the bank use your personal data for other purposes than the purpose for which it was initially obtained

    The bank may also use your personal data for a purpose other than the purpose for which you initially provided it. This is, however, subject to the condition that the new purpose must be in line with the purpose for which you initially provided your personal data to us. To determine whether this is the case, the bank looks at the following aspects as a minimum:

    • Is this purpose clearly related to the purpose for which you initially provided the personal data? Is the new purpose appropriate to the initial purpose?
    • How was the personal data originally obtained from you? Was the personal data obtained directly from you or in another way?
    • What kind of personal data is concerned exactly? Does it concern sensitive data, or data that is not so sensitive?
    • What would be the implications for you if the bank were to use the personal data in another way? Would you benefit, suffer or neither?
    • What can the bank bank do to ensure the highest possible level of data protection when reusing your personal data? Examples include anonymisation and encryption.

    Does the bank share your personal data with others?

    Yes, in some situations the bank has to share your personal data with others.
    Pension fund and insurers
    For example, the bank shares personal data with AG Insurance in order to make arrangements for your pension, and with insurers, for instance when taking out insurance for a supplement to occupational disability benefit.
    Public authorities
    There are some situations in which the bank is required to disclose your personal data to public authorities such as the FPS Finance or the FPS Employment, Labour and Social Dialogue. The bank's supervisory authorities, e.g. the FSMA or the NBB, may also ask for data. The bank must share data with them if it is required to do so by law, even if this data includes your personal data. The police may ask for camera images in which you appear in connection with an incident. The bank will provide these images to the police if it is required to do so.
    Other companies
    The bank works with other companies. These companies may also require your personal data in order to perform their work for the bank effectively. For example, Proximus may require your personal data for the settlement of employee phone plans. If you follow a training programme at an external company, the bank shares personal data relating to you with this company. The bank takes due care when selecting the companies with which it works. The bank reaches clear contractual agreements with these companies on how they are to handle your personal data. The bank continues to be responsible for your personal data when it engages another company to carry out work on its behalf.

    Profiling

    The bank makes use of profiling. This is understood to mean putting people into groups (profiles). Profiling allows the bank to evaluate and analyse personal aspects and make predictions. The situations in which the bank uses profiling and the reasons for this are explained below.
    Preventing unauthorised transactions
    The bank monitors securities transactions by employees depending on their compliance status. The purpose of this monitoring is to prevent unauthorised transactions, such as insider trading. The bank uses profiles for this purpose. A profile consists of characteristics which the bank uses to identify unauthorised transactions. If potentially unauthorised transactions are detected, the bank will carry out an investigation. If it is established that you have executed an unauthorised transaction, you may be dismissed with immediate effect.
    People analytics
    The bank may perform analyses, for instance on the basis of the Employee Engagement Survey, in which aggregate HR data is used to optimise staff planning in a specific department, for example (see also HR management. The bank uses personal data so that it can pursue a responsible, effective and efficient HR policy.). You have the right to object to the use of your personal data for profiling purposes. You can submit your objection through hrm@be.abnamro.com. The bank is not obliged to honour your request in all cases.

    Personal data protection

    The bank does its utmost best to ensure the highest possible level of protection for its employees' personal data. In connection with this, the bank invests heavily in its people, systems and procedures. The way of working is constantly geared to the sensitivity of the relevant data. Employees are trained how to keep data safe and secure.
    For security reasons, details of the precise data protection measures taken by the bank cannot be provided. Examples of the measures taken by the bank to protect the personal data of employees can be found in Ensuring integrity and security. The bank uses personal data to protect itself, its property, its data and its employees from all kinds of breaches, damage and losses insofar as possible. Examples include the following:. Other security measures you may have come across include:

    • access to bank systems using login codes or even two-step verification;
    • restricted access to personal data: personal data can only be accessed by authorised individuals;
    • requirements for sending confidential documents.

    Is your personal data processed outside Europe too?

    The bank and its group companies may decide to share personal data with each other, even when the group companies are located outside Europe. For example, if you were to work for the Sydney office as an expat, the bank would share personal data relating to you with that office so that you can be included in its systems. In doing so, the bank must comply with the local rules.
    The sharing of personal data with group companies outside Europe is governed by the bank's global internal policy, the Binding Corporate Rules (BCRs). This policy has been approved by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The bank may also make use of IT suppliers that are based outside Europe or that also offer services from countries outside Europe. In that case, the bank will ensure that personal data is transferred in accordance with the data protection legislation. 

    How does the bank determine the period for which your personal data is stored?

    How does the bank determine the period for which your personal data is stored? The bank stores personal data relating to you, such as your HR file (including your employment agreement and official appraisals), emails, chat session history and documents produced by you (including documents which do not relate to contact with clients). It does this for various reasons (see Employment agreement or other contract. The bank needs your personal data for the conclusion and performance of its employment agreement with you. In this context, examples of the purposes for which the bank processes your personal data include:).When determining the storage periods for such personal data, the guiding principle followed by the bank is that it must keep the personal data for at least as long as is necessary in order to fulfil the purpose for which that personal data was obtained. The following information is also relevant in this context.

    • The data protection legislation does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, the bank must observe these periods. Examples of such legislation include the social security laws or the tax laws.
    • IIf the bank becomes involved in a lawsuit or other legal proceedings in Belgium or in another country, The bank may use data that includes personal data relating to you (such as emails from you relating to the dispute) in order to prove its case. It may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against it.

    What rights do you have?

    Right of inspection and right to rectification
    You have the right to inspect the personal data relating to you that the bank processes. You can also ask the bankto correct any inaccuracies in your personal data. You can view and change much of your personal data yourself in MyHR, Connections, People Finder and Talent2Grow. If you have an additional request, you can submit this through hrm@be.abnamro.com.
    Right to be forgotten
    In some cases, you can also ask the bank to delete your personal data. The bank is not obliged to grant your request for the deletion of your personal data in all cases. For example, it is not under an obligation to do so if the law requires it to keep your personal data for a longer period of time.
    Right to restriction of processing
    You can also ask the bank to restrict the use of your personal data on a temporary basis. This is possible in the following situations:

    • You think that your personal data are incorrect;
    • The bank uses your personal data wrongfully;
    • The bank wants to destroy your personal data (for instance after the storage period has ended) but you still need it.

    Requests for the deletion of your personal data or the restriction of its processing can also be submitted through hrm@be.abnamro.com. Always clearly indicate the reason for your request.

    Right to data portability

    The bank can arrange for you to obtain your personal data that you provided to it and which is stored by automated means. The bank will not do this unless it processes your personal data on the basis of your consent or the employment agreement or contract it has concluded with you. This is referred to as data portability. You can also ask the bank to transfer your personal data directly to another party, such as a subsequent employer.

    Requests to receive your personal data or provide it to another party can be submitted through hrm@be.abnamro.com.

    Please keep your personal data secure.
    Check whether any party you want to provide your personal data to can be trusted and keeps your personal data as safe as the bank does. If you want to receive your personal data, please make sure that your own equipment is adequately secure and has not been, or cannot be, hacked.

    Is anything unclear or do you have a complaint?

    If so, please get in touch with HR through hrm@be.abnamro.com.If you are not happy with the conclusion, you can contact the Belgian representative at

    ABN AMRO Bank N.V.  
    T.a.v. Jorg De Houwer 
    Roderveldlaan 5 bus 4 
    2600 Antwerpen
    be.compliance@be.abnamro.com

    You can also lodge a complaint with the Belgian Data Protection Authority or the Dutch Data Protection Authority.

    Changes to the Privacy Statement

    The way your personal data is used may change over time due to changes in laws and regulations or in internal procedures or systems that will directly affect the bank's use of your personal data. If this happens, the Privacy Statement will be changed and the bank will notify you of these changes. In that case, the changes will be announced on the intranet.

    Name of employee: 

    Date: