Data Privacy Statement

General Introduction

Demir-Halk Bank (Nederland) N.V. (hereafter: DHB Bank) respects your privacy and commits to process in confidentiality your personal data in accordance with the Data Protection Act (DPA) - Wet Bescherming Persoonsgegevens (Wbp) and the Code of Conduct for the Processing of Personal Data by Financial Institutions - Gedragscode Verwerking Persoonsgegevens Financiële Instellingen. As of May 25, 2018 the Wet Bescherming Persoonsgegevens (Wbp) is replaced by the Algemene Verordening Gegevensbescherming (“AVG”) or the General Data Protection Regulation (“GDPR”). 

This Data Privacy Statement is applicable for the processing of the personal data which are provided by or obtained from its customers, employees and other third parties. Additionally, this statement is also applicable for the processing of personal and/or other data of anyone who visits and/or use the website of DHB Bank, including information provided by filling forms on the website. Above all, protecting the personal data is paramount for DHB Bank.

Scope of processing activities;
As DHB Bank we process personal data of persons with whom we have entered into, directly or indirectly, in a relationship, as prospect or had a previously relationship. The scope can be defined as
- Our customers and their representatives, guarantors etc.
- Potential customers who are interested in our services and activities
- Our employees
- Persons who are connected to e.g. a company or service provider with whom we entered into a relationship or interested in starting a relationship or had a relationship in the past.

Please be aware that in case your company or organization is sharing personal details of its employees with DHB Bank, you are obliged to inform them. This privacy statement can be used to document how we are processing their personal data.   

Why is DHB Bank processing Personal Data?
1. To enter into a relationship. In case you would like to open a bank account or use a different service, we need your personal data. We are required to establish if it is allowed to accept you as a client or that we can provide you a loan. We can use third parties’ information in this process, like the credit buro information. Your data can be used to assess suitability for certain products and/or services. We need to obtain a true copy of your ID Document as part of the onboarding process.
2. For executing your transactions and maintain our relationship. In case you request us to execute a transaction, we need your name and other required information which we can share with the beneficiary and the intermediating institution(s). We can, as part of monitoring our client contact processes or as part of evidencing, tape telephone conversations.
3. To protect your and our interests. In order to safeguard the financial industry we process personal data. As example; avoiding or investigating (potential) fraud cases. We can maintain or use certain incident registers, and use public sources. We can share personal details with third parties engaging in the prevention of (cyber)crime. We will only do so if we have agreed upfront that these parties will be bound to rules to safeguard the use of your personal data.
4. For marketing or promotion purposes. We can use your personal data for these purposes, to be better equipped to serve you. You will always have the option to opt out. We can use the data obtained via our website to provide you with more relevant information or commercials. We can use the data also for conducting analyses, including benchmark analyses. By doing so, we will be able to improve our services.
5. To facilitate interactions with suppliers and customers. In case you are an employee of DHB Bank, then we can share your personal details for instance as part of the DHB Bank Signature list to validate representation on behalf of the bank.
6. To meet legal obligations. Based on (international) rules and regulations we need to continuously update our client files. The laws on prevention of money laundering oblige us to assess for example certain (unusual) transaction patterns, when certain thresholds are met or to identify an Ultimate Beneficiary Owner of legal entities.
Based on legal obligations we must provide certain (analyzed) data to governmental institutions, tax authorities or supervisor. Based on our Duty of Care we could also be required to process your personal data. 
7. As part of our business management. As financial institution we need for instance to assess the risks and to use risk mitigation measures; for instance we can insure (part of) our credit risks with an external insurance company. Personal data might be shared as part of such an agreement.
8. To meet archiving requirements. We can use your personal data for legal cases, historical or statistical purposes while your personal data remains in our possession during this timeframe.

Does DHB Bank process sensitive personal data as “special” categories of personal data?
This is data revealing e.g. health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. Only in a specific cases we would process sensitive personal data , for example if you instruct us to pay a membership fee to a political party or in relation to an insurance connected personal loans offered in Belgium, certain health data can be included in the processing. Criminal records can be processed based on the use of incident registers. The purpose of these registers is to protect the interest of the customers or organization, e.g. for fraud identification.

Children´s (minors) data will only be collected in case a savings account in their name will be opened and we will only do so once we have received authorization from the person(s) holding parental responsibility.

For all other data processing of personal data included in this category, we will only process them based on a legal obligation, your consent or in case you request us to process them or you make them public yourself.

Is my personal data safe with DHB Bank?
DHB Bank treats data collected from customers with utmost care by taking necessary technical and administrative measures. Apart from general IT controls to ensure confidentiality, integrity and availability of information, the bank design the work processes with emphasis on ‘need to know’ basis. That is, only required part of customer information is available to designated DHB Bank employee to carry out the related job functions. The employees perform their roles in accordance with the bank’s strict code of conduct in this respect.  Moreover, with a layered approach, the bank maintains a sound control framework encompassing various preventive and detective technical systems like intrusion prevention system and data loss prevention system, with multiple check points in data processing. To further mitigate possible risks in an event of compromise, the bank also keeps the customers’ personally identifiable data secure by using a combination of pseudonymization, encryption and anonymization and by using end-to-end encryption while it is in motion.

How will DHB Bank handle my personal data?
Your personal data will not be archived/stored longer than legally required for the purpose for which they have been obtained. Access to your personal data is limited to those staff members who need to have access to them based on their function/role. All our employees are bound under a confidentiality agreement as per the bank’s code of conduct.

Data sharing with third parties. 
In certain cases DHB Bank uses third parties for tasks/activities where they will be processing personal data obtained by the bank. As example we use an external printing company for the printed client statements or mailings. We are allowed to use these third parties only if the use of your personal data fits in the purpose for which that data was provided. This third party must demonstrate that it has taken the necessary measures to safeguard sufficient security and signed a confidentiality agreement.
We will also share your personal details with parties we need for the execution of our services. As example the execution of your transaction request, like SWIFT payments, where your personal data can be shared with a country which has a different level of data protection. Your personal data can also be part of a formal investigation by local authorities.
DHB Bank will not sell or otherwise make your personal data available to third parties.     

Can I see which personal data is being processed by DHB Bank? 
Yes, you can obtain an overview of your personal data processed by DHB Bank, by sending a written and signed request, together with a copy of your ID to our head office in Rotterdam;

DHB Bank, Compliance and Legal Department
Antwoordnummer 3150
3000 WB Rotterdam

If outside the Netherlands;
DHB Bank, Compliance and Legal Department
P.O. Box 23294,
3001 KG  Rotterdam
The Netherlands

Can I request a rectification or deletion of my personal data with DHB Bank?
In case you are of the opinion that your data is incorrect in our system, are being processed incorrectly or request a deletion, please provide us with a written and signed request, together with a copy of your ID, indicating the details of your request to our head office in Rotterdam;

DHB Bank, Compliance and Legal Department
Antwoordnummer 3150
3000 WB  Rotterdam

If outside the Netherlands;
DHB Bank, Compliance and Legal Department
P.O. Box 23294,
3001 KG  Rotterdam
The Netherlands

If I have a complaint, remark or suggestion, what can I do?
Please contact us either via a letter or by using the Complaint/Suggestion form which can be found on our websites under Contact form, Klantenservice for our Dutch/Belgium customers, Procédure de plaints for our Belgium Customers, Kundenbeschwerden, for our German customers or by communicating with your contact person at DHB Bank.

DHB Bank, Complaints Committee
Antwoordnummer 3150
3000 WB Rotterdam
E-mail: klachten@dhbbank.com
Complaint Form (in Dutch)

If outside the Netherlands;
DHB Bank, Compliance and Legal Department
P.O. Box 23294,
3001 KG  Rotterdam
The Netherlands

If you have any complaint on the handling of a complaint or your personal data related requests by DHB Bank, you may also contact: 

Stichting Klachteninstituut Financiële Dienstverlening (KiFiD) (Financial Ombuds organisation)
Postbus 93257
2509 AG Den Haag
Tel: 0900-3552248
E-mail: info@kifid.nl

Autoriteit Persoonsgegevens (Data Protection Authority)
Postbus 93374
2509 AJ DEN HAAG
https://autoriteitpersoonsgegevens.nl/nl

Alterations and updating the Privacy Statement
This Data Privacy Statement may be updated or (partially) changed to reflect any adaptations in our practices and or applicable law and regulation. Please read this Data Privacy Statement periodically in order to be aware of any modifications or updates.

DHB Bank reserves the right to update this data privacy statement. Changes will be published on this page.

Date: May 2018, Version 0.1.
This is a translation, in case of a discrepancy the Dutch text will be leading. 

Cookies
The website www.dhbbank.com places cookies. Cookies are small text files that are placed automatically on your computer and other electronic devices, e.g. tablet, smart phones, when you visit our website.

The cookie file is generated by our website when you access it and is accepted and processed by your computer's browser software. The cookie file is stored in your browser's folder or subfolder.

There are two type of cookies used by DHB Bank:
1. Functional Cookies; these are mandatory to ensure that the site can work. The specific cookie types are specified in the table below.

2. Google Analytics Cookies; we use this to tailor the content of our website as precisely as possible to your interests and to improve our website for you. We identify usage preferences and particularly popular areas of the websites, we use the analysis tool; Google Analytics. This information captures the usage of the website, e.g. the frequency of visits, IP addresses, the average length of visits, which pages are viewed during a visit, authentication information and periods of inactivity.

Cookies enable DHB Bank to assemble statistical information regarding the usage of the websites, e.g. the frequency of visits, IP addresses, the average length of visits, which pages are viewed during a visit, authentication information, acceptance or rejection of website terms, periods of inactivity, time zones, language preferences and other information.

Information held in cookies set by DHB Bank are kept to a minimum and can only be read by DHB Bank. You could also control the use of cookies via your web browser. To learn more about cookies and how you can manage and delete them, you can visit various sites like http://www.allaboutcookies.org/.  

The website will issue cookies to the users of this website, unless you have modified your browser settings to reject cookies. But remember, some or all areas of this website may not function properly or not at all. You give an explicit consent by clicking to accept cookies.

Functional Cookies
Name Description For how long?

ASP.NET_SessionId

This cookie is used to track and identify each user so that it can be
mapped to user specific data on the server.

Active session

CMSCsrfCookie

Store's a security token that the system uses to validate all form data
submitted via POST requests.Helps protect against Cross site
request forgery.

Active session

CMSPreferredCulture  

Stores the visitor's preferred content culture.

1 year

CMSPreferredUICulture

Stores the preferred UI culture of the user.

1 year

CMSCookieLevel

Specifies which cookies are allowed by the visitor.

1 year

UserCookieLevel

Specifies which cookies are allowed by the visitor.

1 year

 

Google Analytics Cookies;
Google Analytics is a web analyse-service being offered by Google Inc. Via these cookies we obtain information on the visitors of our website. As example, how many visitors, popular pages and topics. We use this data to improve our communication for our website visitors. We will not be able to see which PC visits our website, Google can. We only see an IP address. Google has access to the collected data for their own analyses. Google Fonts are also used. For detailed information on Google Analytics and Privacy we refer you to the Google site: www.google.com/intl/nl/policies/privacy/,  or www.google.com/intl/nl/policies/privacy/partners/
 
This description is not exhaustive as daily new software is released and new cookies (functionalities) are being designed. In case you visit our site via a search engine or a review site, their cookies might also use data of your current visit.

Name Description For how long?
__utma Captures; first visit (unique visit), last visit (returning visit). 2 years, but information is shared at every session
__utmt Setting the maximum portion of total network capacity that a service is allowed to use. An administrator can deliberately limit a servers Internet workload by not allowing it to receive requests, or to limit, at full capacity, thus saving resources for other programs, such as e-mail. 10 minutes
__utmb Works in tandem with utmc, to calculate visit length. It demarks the exact arrival time. Because it counts entrance visits, it is a session cookie, and expires. when the user leaves the page 30 minutes from set and update, information is shared at every session.
__utmc Works in tandem with utmb, to calculate visit length. It registers the exit time of the visitor, if it cannot be established then it registers if after 30 minutes no page view is recorded. End of each session or 30 minutes if no page view is recorded.
__utmz Monitors the HTTP Referrer and notes where a visitor arrived from, with the referrer siloed into type (Search engine (organic or cpc), direct, social and unaccounted). From the HTTP Referrer it also registers, what keyword generated the visit plus geolocation data. In tracking terms it will tell about the traffic and help with conversion information such as what source / medium / keyword to attribute for a Goal Conversion 6 months
__utmv It is used for segmentation, data experimentation and the utmv works hand in hand with the utmz cookie to improve cookie targeting capabilities. 2 years, updates after each session
__ga Used to distinguish users. 2 years
__gat Used to throttle request rate. 1 minute
__gid Used to distinguish users. 24 hours
CMSVotedPolls Tracks which polls (rating of our website) which already have been taken to avoid repeated invitations for the same poll. 1 year


Cookie Settings

DHB Net Banking

Required/Standard cookies on DHB Net Banking

 Name  Description  For how long?                   
 ASP.NET_SessionId   This cookie is used to track and identify each user so that it can be mapped to user specific data on the server.  Active session
 .ASPXAUTH  The ASPXAUTH cookie is used to determine if a user is authenticated.  Active session
 cookiePreference  This cookie is used to register the cookie preference of the user.  1 year
 menu  This cookie tracks which menu group is selected by the user.  Active session
 
Functional cookies on DHB Net Banking
 Name  Description  For how long?
 LastHost  This cookie tracks which country the user has logged in last time.  1 month
 LangCookie  This cookie tracks language preference of the user.  Active session
  • These cookies are necessary for the proper functioning of the website. 
  • These cookies are necessary for the communication between you and our systems via the electronic network. Please read our Data Privacy Statement for more information.
  • In addition to the functional (necessary) cookies, we also use analytical cookies to enhance our website to serve you better. 
  • You can change your preferred cookies settings any time. You can also use the browser settings to control the cookies. For further information, Please read our Data Privacy Statement for more information about the cookies we use.
  • We use Google Analytics to collect visitor statistics to further improve our site. A data processing agreement with Google has been signed.
  • Your IP address is anonymized before being used in Google Analytics.
  • If you prefer to block the Analytics script completely, you can download an opt-out plug-in for Google Analytics here. With this plugin your visit to any website using Google Analyitcs will no longer counts in the statistics.