Data Privacy Statement

General Introduction

Demir-Halk Bank (Nederland) N.V. (hereafter: DHB Bank) respects your privacy and commits to process your personal data in accordance with the Algemene Verordening Gegevensbescherming (“AVG”) or the General Data Protection Regulation (“GDPR”). In this Data Privacy Statement we explain how we process your personal data and why. We also inform you about your rights and how you can communicate with us about this.

This Data Privacy Statement is applicable for the processing of the personal data which are provided by or obtained from our customers, employees and other third parties. This statement is also applicable for the processing of personal and/or other data of anyone who visits and/or uses the website(s) of DHB Bank, including information provided by filling forms on the website.

Scope of Processing Activities
DHB Bank processes personal data of:

  • Our current and previous customers, and their representatives, guarantors etc.,
  • Potential customers who are interested in our services and activities,
  • Our employees,
  • Persons who are connected to e.g. a company or service provider with whom we entered into a relationship or are interested in starting a relationship or we had a relationship with in the past,
  • Visitors of our website(s) and users of our app(s).

Why does DHB Bank process your personal data?
1. To enter into a relationship with us.
In case you would like to open a savings account or want to use another service from us, than we need your personal data. We are required to establish if it is allowed to accept you as a client or that we can provide you a loan. We can use third parties’ information in this process, like the credit buro information. We need to obtain a true copy of your ID Document as part of the onboarding process.

2. For executing your transactions and to maintain our relationship.
In case you request us to execute a transaction, than we need your name and other required information which we can share with the beneficiary and the intermediating institution(s). We can, as part of monitoring our client contact processes or for evidencing, tape telephone conversations.

3. To protect your and our interests.
In order to safeguard the financial industry, we process personal data. To avoid or investigate (potential) fraud cases for example. We can maintain or use certain incident registers, and use public sources. We can share personal data with third parties engaging in the prevention of (cyber)crime. We will only do so if we have agreed upfront that these parties will be bound to rules to safeguard the use of your personal data.

4. For marketing or promotion purposes.
We can use your personal data for these purposes to be better equipped to serve you. You will always have the option to opt out from this. We can use the data obtained via our website to provide you with more relevant information or commercials. We can use the data also for conducting analyses, including benchmark analyses. By doing so, we will be able to improve our services.

5. To facilitate interactions with suppliers and customers.
For employees of DHB Bank their personal data is shared for instance as part of the DHB Bank Signature list in order to validate representation on behalf of the bank.

6. To meet our legal obligations.
Based on (international) rules and regulations we need to continuously update our client files. The laws on prevention of money laundering oblige us to assess for example certain (unusual) transaction patterns, to perform analyses when certain thresholds are met, or to identify an Ultimate Beneficiary Owner of legal entities. Based on legal obligations we must provide certain (analyzed) data to governmental institutions, tax authorities or supervisors. Based on our Duty of Care we could also be required to process your personal data.

7. As part of our business management.
As financial institution we need for instance to assess the risks attached thereto and to put risk mitigation measures in place. We can for instance insure (part of) our credit risks with an external insurance company. Personal data might be shared as part of such an agreement.

8. To meet (legal) archiving requirements.
We can use your personal data for legal cases, historical or statistical purposes, while your personal data remains in our possession during this timeframe.

It is always up to you to decide which personal data you share with us. In case you decide not to share certain information with us (anymore), than we might not be able anymore to serve you with our products and services.

Does DHB Bank process sensitive personal data as “special” categories of personal data? 
Special categories of personal data contain data that is revealing e.g. health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. Only in a specific cases we would process sensitive personal data. For example if you instruct us to pay a membership fee to a political party or trade union. For specific insurances, offered in Belgium and connected to a personal loan, certain health data can be included in the processing. Criminal records can be processed based on the use of incident registers. The purpose of these registers is to protect the interest of the customers and/or organizations, e.g. for fraud identification. Children´s (minors) data will only be collected in case a savings account in their name will be opened. We will only do so once we have received authorization from the person(s) holding parental responsibility of the child.

All other personal data included in this category will only be processed after we have received your specific consent or instruction thereto, in case of a legal obligation thereto on our side, or if you have made the specific data already public yourself.

Is my personal data safe with DHB Bank?
The safety of your personal data is paramount to us. We treat data collected from customers with utmost care by taking all the necessary technical and administrative measures. Apart from general IT controls to ensure confidentiality, integrity and availability of information, the bank has designed its work processes with emphasis on ‘need to know’ basis. That means that only the required part of customer information is available to a designated bank employee to carry out its job. The employees perform their roles in accordance with the bank’s strict Code of conduct. Moreover DHB Bank maintains, with a layered approach, a sound control framework encompassing various preventive and detective technical systems like intrusion prevention system and data loss prevention system, with multiple check points in data processing. To further mitigate possible risks in an event of compromise, the bank also keeps the customers’ personally identifiable data secure by using a combination of pseudonymization, encryption and anonymization and by using end-to-end encryption while it is in motion.

Our contact person for your questions about data protection
For any question concerning your personal data and your rights thereunder, you can contact our Data Protection Officer (DPO) at the following address: DataProtectionOfficer@dhbbank.com.

How will DHB Bank handle my personal data?
We will keep your personal data not longer than legally required for the purpose for which the data has been obtained by us. Access to your personal data is limited to those staff members only who need to have access to them based on their function/role.

Data sharing with third parties
In certain cases DHB Bank uses third parties for tasks/activities where they will be processing your personal data. DHB Bank uses for example an external printing company for the printed client statements or mailings. We are allowed to use these third parties only if the use of your personal data fits the purpose for which that data was provided. This third party must demonstrate to us upfront and during our relationship with them, that it has taken the necessary measures to safeguard sufficient security. Also a data processing agreement has to be signed between DHB Bank and the third party.

We will also share your personal data with parties we need for the execution of our services. As an example the execution of your transaction request, like SWIFT payments, where your personal data can be shared with a country which has a different level of data protection. Your personal data can also be part of a formal investigation by local authorities. DHB Bank will not sell or otherwise make your personal data available to third parties.   

Can I see which personal data DHB Bank is processing from me?
Yes, you can ask us to provide you with an overview of your personal data that is processed by us. You can send us a request hereto via post or by sending us an email.

DHB Bank, Compliance and Legal Department
Antwoordnummer 3150
3000 WB Rotterdam
Email: Compliance-LegalAffairs@dhbbank.com 

Can I request a rectification or deletion of my personal data with DHB Bank?
Yes, in case you are of the opinion that the data that we process from you is incorrectly administrated in our system(s), is being processed incorrectly, or if you want us to delete the data that we process from you, you can ask us for rectification or deletion.
You can send us a request hereto via post or by sending us an email.

DHB Bank, Compliance and Legal Department
Antwoordnummer 3150
3000 WB  Rotterdam
The Netherlands
Email: Compliance-LegalAffairs@dhbbank.com 

If I have a complaint, remark or suggestion, what can I do?
Please contact us either via a letter or by sending us an email:

DHB Bank, Complaints Committee
Antwoordnummer 3150
3000 WB Rotterdam
E-mail: complaintcommittee@dhbbank.com

You can also use the Complaint/Suggestion form which can be found on our websites (under Contact form (Klantenservice for our Dutch/Belgium customers, Procédure de plaints for our Belgium Customers, and Kundenbeschwerden, for our German customers).
Of course you can also contact your contact person at DHB Bank.

If you have any complaint on the handling of a complaint or your personal data related requests by DHB Bank, you may also contact: 

Stichting Klachteninstituut Financiële Dienstverlening (KiFiD)
(Financial Ombuds organisation)
Postbus 93257
2509 AG Den Haag
Tel: 070-333 8 999
E-mail: consumenten@kifid.nl

Autoriteit Persoonsgegevens (Data Protection Authority)
Postbus 93374
2509 AJ DEN HAAG
https://autoriteitpersoonsgegevens.nl/nl

Alterations and updating the Privacy Statement
This Data Privacy Statement may be updated or (partially) changed to reflect any adaptations in our practices and or applicable law and regulation. Please read this Data Privacy Statement periodically in order to be aware of any modifications or updates.
DHB Bank reserves the right to update this data privacy statement. Changes will be published on this page.

Date: March 2022, Version 2.0
This is a translation of the original Dutch version. In case of a discrepancy the Dutch text will be leading.

Cookies
The website www.dhbbank.com uses cookies. Cookies are small text files that we place automatically on your computer and other electronic devices (e.g. tablets and smart phones), when you visit our website. The cookie file is generated by our website when you access it and is accepted and processed by your computer's browser software. The cookie file is stored in your browser's folder or subfolder.

You must always give us your explicit consent for placing cookies on your computer. You decide which type of cookies you give us your consent for.
Information held in cookies set by us are kept to a minimum and can only be read by us. You could also control the use of cookies via your web browser (to learn more about cookies and how you can manage and delete them, you can visit various sites like https://allaboutcookies.org/).

The website will issue cookies to the users of the website, unless you have modified your browser settings to reject cookies. But remember, some or all areas of this website may not function properly or not at all, when you reject cookies.

We use three types of cookies:
1. Basic Cookies: These cookies are mandatory to ensure that the site can work. The specific cookie types used herein are specified in the table below.

2. Personal Cookies: Personal cookies are additional cookies on top of basic cookies. Personal cookies are used to tailor the content of our website as precisely as possible to your interests and to improve our website for you. We identify usage preferences and particularly popular areas of the websites. For this we use the analysis tool Google Analytics. This tool captures the usage of the website, e.g. the frequency of visits, IP addresses, the average length of visits, which pages are viewed during a visit, authentication information and periods of inactivity.

We will not be able to see which PC visits our website, Google can. We only see an IP address. Google has access to the collected data for their own analyses. Google Fonts are also used. For detailed information on Google Analytics and Privacy we refer you to the Google site: www.google.com/intl/nl/policies/privacy/, or www.google.com/intl/nl/policies/privacy/partners/.
The specific cookie types used herein are specified in the table below.

3. Full Cookies: Full cookies are additional cookies on top of basic and personal cookies. We use full cookies mainly to measure marketing related activities of our website(s). Cookies and identifiers in this category shares marketing related information to other parties within and outside Europe (such as Google).

Your data on our websites will be remembered and you hereby give explicit permission to analyze your visit on a personal level and to use these analyzes for personal messages on our websites and apps, and from other parties within and outside Europe. You also give us permission to share your IP address with these parties.
Currently there are no additional cookies used by us that fall hereunder.

Cookie Table
Basic Cookies:
Name Description For how long?

ASP.NET_SessionId

This cookie is used to track and identify each user so that it can be
mapped to user specific data on the server.

Active session

JSESSIONID This cookie is used to track and identify each user so that it can be mapped to user specific data on the server. Active session

CMSCsrfCookie

Stores a security token that the system uses to validate all form data
submitted via POST requests.Helps protect against Cross site
request forgery.

Active session

CMSPreferredCulture  

Stores the visitor's preferred content culture.

1 year

CMSPreferredUICulture

Stores the preferred UI culture of the user.

1 year

CMSCookieLevel

Specifies which cookies are allowed by the visitor.

1 year

UserCookieLevel

Specifies which cookies are allowed by the visitor.

1 year


Additional Basic cookies on DHB Bank Net Banking:

Name  Description  For how long?                   
 ASP.NET_SessionId   This cookie is used to track and identify each user so that it can be mapped to user specific data on the server.  Active session
 .ASPXAUTH  The ASPXAUTH cookie is used to determine if a user is authenticated.  Active session
 cookiePreference  This cookie is used to register the cookie preference of the user.  1 year
 menu  This cookie tracks which menu group is selected by the user.  Active session
 LastHost  This cookie tracks which country the user has logged in last time.  1 month
 LangCookie  This cookie tracks language preference of the user.  Active session


Personal Cookies:
This description is not exhaustive as daily new software is released and new cookies (functionalities) are being designed. In case you visit our site via a search engine or a review site, their cookies might also use data of your current visit.

Name Description For how long?
__utma Captures; first visit (unique visit), last visit (returning visit). 2 years, but information is shared at every session
__utmt Setting the maximum portion of total network capacity that a service is allowed to use. An administrator can deliberately limit a servers Internet workload by not allowing it to receive requests, or to limit, at full capacity, thus saving resources for other programs, such as e-mail. 10 minutes
__utmb Works in tandem with utmc, to calculate visit length. It demarks the exact arrival time. Because it counts entrance visits, it is a session cookie, and expires. when the user leaves the page 30 minutes from set and update, information is shared at every session.
__utmc Works in tandem with utmb, to calculate visit length. It registers the exit time of the visitor, if it cannot be established then it registers if after 30 minutes no page view is recorded. End of each session or 30 minutes if no page view is recorded.
__utmz Monitors the HTTP Referrer and notes where a visitor arrived from, with the referrer siloed into type (Search engine (organic or cpc), direct, social and unaccounted). From the HTTP Referrer it also registers, what keyword generated the visit plus geolocation data. In tracking terms it will tell about the traffic and help with conversion information such as what source / medium / keyword to attribute for a Goal Conversion 6 months
__utmv It is used for segmentation, data experimentation and the utmv works hand in hand with the utmz cookie to improve cookie targeting capabilities. 2 years, updates after each session
__ga Used to distinguish users. 2 years
__gat Used to throttle request rate. 1 minute
__gid Used to distinguish users. 24 hours
__gcl_au Used by Google DoubleClick segment users into audience types and attribute campaign performance to your actions on this website, including conversions.            1 month
originstore_values Stores the traffic source to DHB website 1 month
traffic_src Stores the traffic source to DHB website 1 year
CMSVotedPolls Tracks which polls (rating of our website) which already have been taken to avoid repeated invitations for the same poll. 1 year