By law, every personal data processing activity must have a legal basis. This is a justifiable reason to process your personal data.
Prior to the processing of personal data, we will define the purpose(s) of the processing and will not process personal data in a manner which is not compatible with those purposes.
We process your personal data for the following purposes:
To enter into a Customer or Supplier relationship and contract with you.
Prior to entering into a Customer or Supplier relationship with you, we need to process your personal data. For example, we need to do the following examinations in order to assess whether we can accept you as a Customer or Supplier:
- Integrity check: When entering into a Customer relationship with you, as a financial institution, we consult available external and internal referral registers of Rabobank, incidents registers and warning systems and national and international sanctions lists.
- Verify identity: When entering into a Customer relationship with you, as a financial institution, we confirm your identity. We can do this by making a copy of your identity document, which we will only use for identification and verification purposes.
- Know Your Customer: As a Financial Institution we must have good knowledge of our Customers.
For checking your integrity and identity, we may also rely on checks performed by other financial institutions.
- Credit check: We evaluate whether we can offer our services to you before entering into a Customer relationship.
As part of the evaluation we assess your credentials from a risk perspective and validate whether you are able to fulfil the payment obligations under the contract. This method is called credit scoring, which is based on automated decision-making. More details, including the logic and legal basis for automated credit scoring, are described in Paragraph 8.
We process your data for these purposes because we are under a legal obligation to do so and/or because it is necessary to enter into a contract with you.
To fulfil your contract.
Once we have entered into a contract with you, we process your personal data to fulfil the contract as set out below:
- Account management and contract management: We process your personal data for the purpose of establishing and maintaining our business relationship with you. We also may contact you to seek solutions if arrears should emerge or to inform you about the remaining term or outstanding obligations.
- Services: To provide certain services that are part of the agreement involving third parties, for example, where we perform ‘bill and collect’ services for our Partners.
- Use of (mobile) applications: We allow you to use our online services. If you use our (mobile) applications and/or portals, we collect your personal data for identity and access management purposes.
- Complaint handling: We may process your personal data to enable us to handle any complaint or claim that you might have.
We process your personal data for these purposes because this is necessary in order to perform the contract with you.
To comply with legal obligations.
- Observing laws and regulations and providing data to governments, authorities and regulators: We are obliged, based on (international) laws and regulations, to collect, analyze and sometimes transfer your personal data to relevant governments or (supervisory) authorities. See also paragraph 10.
We must observe laws and regulations to be able to offer financial services to you.
In addition, we must observe laws and regulations to prevent fraud and criminality, such as the law for preventing money laundering and financing terrorism, which includes that we must determine the ultimate beneficial owner (‘UBO’) of the company with whom we enter into an agreement.
Where tax authorities, courts or other appropriately authorized governmental authorities request your personal data, we are legally obliged to cooperate with the investigation and for that purpose disclose your personal data.
- Risk models: Based on European regulations we are legally obliged to make risk models, which can include your personal data. This allows us to determine our risks as well as the extent of the financial buffer we must hold, when providing financial services to you. These risk models calculate the chances of you getting in arrears. These enable us, to prevent possible payment difficulties and/or handle these faster.
We process your data because we are under a legal obligation to do so, or because we would otherwise not be permitted by law to perform an agreement with you so that we can comply with a statutory or other legal obligation. In case a law or regulation does not specifically set out that we need to process personal data to meet a legal obligation, but we do require such processing in order to meet that legal obligation we have a legitimate interest to apply such processing.
To ensure the security and integrity of you, us, and the financial sector.
As a financial institution, we process your personal data securely and prevent fraud, money laundering and the financing of terrorism.
- Incident registers and warning systems: If you wish to become our Customer or are already our Customer, we will consult internal (Group) incident registers and warning systems. Also, public authorities provide us with names of individuals, with whom financial institutions must not do business, or to whom the financial sector must pay extra attention. We must enter these names into our warning systems. If we consult incident registers and/or warning systems, we may enter your personal data in these registers/systems.
- Continuous integrity check and Know Your Customer: When you are our Customer, as a financial institution, we continue to consult external and internal referral registers of Rabobank, incidents registers and warning systems and national and international sanctions lists. We also perform Know Your Customer on an ongoing basis.
- Publicly accessible sources: We consult publicly accessible sources, such as public registers, newspapers and the internet, in an effort to combat fraud, anti-money laundering and prevention of terrorist financing.
- Security of our offices: we will process your personal data to secure and manage physical access to our premises. We will for instance enter your personal information in our visitor registration systems when you visit our premises.
We process your data because this is necessary in order to comply with a legal obligation. If we are not under a direct legal obligation to process your data, we process the data on the basis of the performance of a contact or in the legitimate interest of DLL, the financial sector or our Customers and employees. Such legitimate interest being the protection of the integrity and security of each of the aforementioned parties.
To help develop and improve products and services.
We develop and improve products and services on an ongoing basis. We, our Customers or other parties benefit from such activities.
- Improving our website: We may process your personal data when analyzing your visit to our website with the aim of improving our website, portals or (mobile) apps. We use functional cookies and comparable technology for this. Where needed, we will obtain your consent (e.g. for marketing and analytical cookies). See our Cookie Statement for more information.
- Improving quality of our services: We make and may store recordings of telephone conversations, e-mail messages and online (video) chat sessions. We do this to improve the quality of our services, for example by assessing, coaching and training our employees.
- Research to improve our products and services: We may carry out research to improve our products and services, by asking you for example to voluntarily give your reaction or to review a product or service. Such research is either managed internally or we engage a third-party who will solely process your personal data on our instructions and for this purpose only.
- Creating Customer profiles and interest profiles: Analyzing personal data allows us to see how you use our products and services and to categorize you into Customer groups. This enables us to create Customer profiles and interest profiles. When producing these analyses, we also use information obtained from other parties and publicly accessible sources.
We process your data because we have a legitimate interest in acquiring information to improve the products and services that we offer as such enabling us to become a preferred and better qualified supplier for you and other Customers. Where needed we may also ask you for your consent to process your personal data for the purpose of developing and improving our products and services. If you do not give your consent, this will not affect the services we provide to you. You can withdraw your consent at any time.
For promotional and marketing purposes.
We process your personal data for promotional and marketing purposes. In doing so, we may use personal data we have obtained from you and from other parties (such as Partners). We optimize our business relation with you by informing you about similar products and services, within the boundaries suitable for you. This enables you to make use of our solutions to their maximum potential.
We may use the services of advertisers to advertise to specific target groups, which is done based on established profiles. We never share your personal data with such advertisers.
We process your data because we have a legitimate interest in optimizing our business relation and informing you about possibilities to extend such business relation. Where needed we may also ask you for your consent to process your data for promotional and marketing purposes. If you do not give your consent, this will not affect the services we provide to you. You can withdraw your consent at any time.
To carry out business processes, management reporting and internal management.
To carry out business processes, management reporting and internal management we process your personal data:
- Credit risk: Financial products involve credit risk. We have to determine the level of that risk, so that we can calculate the financial buffer we need to maintain. In connection with this, we process personal data related to your financial obligations towards us.
- Transfer of receivables/securitization: In the event that we transfer our agreement with you to another financial institution, our agreement is taken over, or if a merger or demerger occurs, your personal data may be processed by a third party acquiring your contract with us, however, it will be a condition of any such transfer that such third party agrees to comply with applicable privacy and data protection laws and regulations.
- Internal audits and studies: Where needed, we may use your personal data to perform internal audits and investigations, for example in order to examine how well new rules have been introduced or to identify risks.
- Carry out our business processes: We use your personal data to carry out, analyze and improve our business processes so that we can help you more effectively. Where possible, we will anonymize or pseudonymize your personal data first.
We have a legitimate interest to categorize and establish risks that are inherent to our business, and accordingly take measures to minimize or transfer (part of) these risks and improve our business processes for the benefit of you and us.
For archiving purposes, scientific or historic research purposes or statistical purposes.
We may process your personal data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Where possible, we will anonymize or pseudonymize your personal data first.
When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the data on the basis of the legitimate interest of DLL, the financial sector or our clients and employees.
Where we indicated we have a legitimate interest for processing in this paragraph, we take into regard that our legitimate interest does not override your fundamental rights and freedoms.