Privacy

We process personal data if we have, want to have, or have had a business relationship with you, or if we have had contact with you.

The people whose personal data we process includes:

If your business or organisation transfers any personal data concerning employees or ultimate beneficial owners (UBOs) to us, we also expect your employees, executive directors or UBOs to be informed about this. You can give this privacy notice to them so that they can learn how we deal with their personal data.

This privacy notice considers the processing of personal data by Coöperatieve Rabobank U.A., Branch Frankfurt and Rabo Trading Germany GmbH.

Data may be shared within Rabobank Group to the extent that this is permitted by law. When sharing data within Rabobank Group, we comply with the rules that we have agreed within Rabobank Group, the Rabobank Privacy Codes. These rules describe how the divisions of Rabobank Group deal with personal data.

We receive your personal data because you provide it to us yourself. Examples include entering into a contract with us or data you send to us in order that we can contact you, and data arising from the services we provide in areas such as payments.

We may also receive your data from business units within Rabobank Group or from other financial institutions in the context of combating fraud, money laundering or terrorism.

We may also receive data from others, such as public sources like newspapers, public registers and websites. Or because you have given another party consent to share data with us.

The types of personal data processed by Rabobank are described above. The purposes for which we process personal data are described below. In addition, we indicate the basis on which this processing is done. By law, every personal data processing operation must have a legal basis.

a. To enter into a business relationship and agreement with you

We need to have your personal data if you want to become a client, or if you want to use a new product or service or contact us.

For example, we have to perform an assessment to determine whether we can accept you as a client. When you become a client, we have to establish your identity for all our products and comply with our legal obligations. As part of this, we will make a photocopy of your proof of identity.

If you wish to become a client, or are already a client of ours, we are required by law and Rabobank Policy to screen your name against relevant international sanctions lists and Rabobank internal warning lists.

Legal basis

For the most part, we process your personal data because we are under a legal obligation to do so. If, however, this legal obligation does not apply directly to Rabobank, we also have legitimate interest in processing your personal data for these purposes. We may also process such data where this is necessary to conclude the agreement.

b. To perform agreements and carry out instructions

As a client of ours, we want to be of service to you. We execute the instructions we receive from you and perform the agreements we have concluded. This is what we have agreed with you. We process personal data for this purpose.

If you make a payment through us, we might need to transfer your data to another bank e.g. a settlement bank, or agency. The payee can also see and record your payment data, such as the address details relating to your account. Both the person who issues the payment instruction and the beneficiary (payee) may enquire about specific data relating to the account.

If you are a member of our cooperative, we process your personal data for this purpose. In addition, we sometimes record your preferences concerning matters such as meetings. We may store e-mail messages. The purposes for this is to ensure a high standard of service and includes proving that you issued a particular instruction. We may also do this if we are legally required to do so, or to provide proof and monitor quality, to investigate fraud and other matters, and for training, coaching and assessment purposes.

Legal basis

We process personal data because this is necessary in order to perform a contract. We could also be under a legal obligation to do so, for example in the context of payments. If you do not provide certain information to us, we will not be able to perform the agreement / contract. In a number of cases, we have or a legitimate interest in processing your personal data, for example when storing e-mail messages.

c. To ensure your security and integrity as well as the security and integrity of the bank and the financial sector

We process your personal data to ensure your security and ours, and also security of the financial sector. We also do this for the purpose of preventing fraud, money laundering and the financing of terrorism, and facilitation of tax evasion.

Customer Due Diligence

Not only when we enter into a business relation with you but also during our business relation, we might check whether we can still accept you as our client. For example your transaction data on your account might be a reason for an additional check. Or the people you do business with.

Incident registers and warning systems

If you wish to become a client, or are already a client of ours, we are required by law and Rabobank Policy to screen your name against relevant international sanctions lists and Rabobank internal warning lists.

Publicly accessible sources

We consult publicly accessible sources, such as public registers, newspapers and the internet, in an effort to combat fraud and protect the bank.

Fraud

We may perform analyses aimed at preventing fraud and protecting you and the bank.

We may make use of information that you did not supply to us in the context of combating fraud, such as information about the transactions in your account or any financial crime. Local National and EU law also requires that we do this.

We store e-mail messages, and camera images. We do this in the context of investigating fraud. We may also do this if we are legally required to do so, or to provide proof and monitor quality, and for training, coaching and assessment purposes.

Legal Basis

We process your data because this is necessary in order to comply with a legal obligation. If we are not under a direct legal obligation to process your data, we process the data on the basis of the performance of a contact or in the legitimate interest of Rabobank, the financial sector or our clients and employees.

d. To help develop and improve products and services

In order that we can be of service to you and can innovate, we develop and improve products and services on an ongoing basis. We do this for ourselves, our corporate clients or other parties.

In addition, we sometimes combine data sources, such as information on the products you receive from us.

We also process data when analysing your visit to our website. We do this with the aim of improving our website. We use cookies and comparable technology for this.

Analysing personal data allows us to see how you use our products and services. We also use the results of our analyses to categorise clients into groups. This enables us to create client profiles and interest profiles. When producing these analyses, we sometimes also use information obtained from other parties and publicly accessible sources.

We also carry out research in order to improve our products and services. For example, we may ask you to give your reaction to a product or to review a product. You are not required to cooperate in such studies.

We sometimes use other parties to process your personal data for this purpose, for example in order to measure or ask you how we can improve our services. In that case, these other parties act on the instructions of Rabobank.

Legal basis

We process your data because we have a legitimate interest in this. We may also ask you for your consent to process your data for the purpose of developing and improving our products and services. If you do not give your consent for the purpose of developing and improving our products and services, this will not affect the services we provide to you. You can withdraw your consent at any time by contacting your relationship manager.

e. For account management, promotional and marketing purposes

We may process your personal data for account management, promotional and marketing purposes. In doing so, we use data we have obtained from you, such as payment or transaction, as well information not obtained directly from you, including public registers (such as the Chamber of Commerce), publicly available sources (such as the internet) and other parties.

We may use your data to inform you about a product that might be of interest to you.

We also use the services of advertisers in order to display advertisements to a specific target group. We indicate which target group or type of profile our advertisement is intended for. The advertiser then displays the advertisement to the people who are in the target group or fulfil the profile. We never share data relating to individual clients with such advertisers.

We may also use analyses to provide our clients with information for benchmarking purposes. If we use your data for these analyses or produce profiles, we will ensure that your data are pseudonymised to the greatest possible extent and that they are made only available to a few employees at the bank.

If you do not want us to use your data for the purpose of direct marketing or contact you by post, e-mail or telephone, you can contact your Relationship Manager.

Legal basis

We process your data because we have a legitimate interest in this. We may also request your consent to process your data for promotional and marketing purposes. If you do not give your consent, this will not affect the services we provide to you. You can withdraw your consent by contacting your relationship manager.

f. To enter into and perform agreements with suppliers and other parties we work with

If you have contact with Rabobank for work-related reasons, we may process your personal data, for example so that we can establish whether you are permitted to represent your business, or so that we can give you access to our offices. Where necessary, we may consult our internal warning list and all relevant international sanctions lists before we enter into an agreement and also while the agreement is in effect in the context of screening.

Legal basis

We process your data so that we can perform the agreement we have concluded, because we are required to do so by law or because we have a legitimate interest in this.

g. To comply with legal obligations

Legislation

Under various national and international legislation and regulations, we have to collect and analyse a large amount of data relating to you and sometimes transfer such information to European and other government authorities. We must comply with legislation, in order to be able to offer you financial products and services. We also process personal data in order to fulfil our duty of care.

We also have to comply with legislation designed to combat fraud, crime and terrorism, such as the Anti-Money Laundering, Counter Terrorism Financing and Fraud prevention laws and/or regulations. For example, we are required to perform customer due diligence and to conduct further inquiries if you hold specific assets or if an unusual transaction takes place in your account. If we spot an unusual transaction, we must notify the competent law enforcement agency. Under this law, we have to establish who the ultimate beneficial owner (UBO) is of a business or organisation with which we have a business relationship.

We may receive requests for data from the, tax authorities, the police and the other law enforcement agencies as well as organisations such as the intelligence services. If they do this, we are required by law to cooperate with the investigation and transfer data relating to you.

Providing data to the government

Legislation and regulations may require that we transfer data (analysed or otherwise) relating to you to a government institution, a tax authority or a regulator within or outside the Netherlands, such as the European Central Bank (ECB).

As we have to comply with legal obligations and treaties, we sometimes have to provide data relating to you to the national tax authorities or a foreign tax authority.

Risk models

European rules require that we produce risk models if you apply for a loan or credit or if you have received a loan or credit from us. This is so that we are able to determine which risks Rabobank is exposed to and the size of the buffer we need to maintain. We process your personal data for this purpose.

Making and documenting recordings

We store e-mail messages. We do this to comply with legal obligations, for example in the context of services. We may also do this to provide proof, to monitor quality, to combat and investigate fraud, and to train, coach and assess employees.

Legal basis

We process your data because this is required by law, or because we would otherwise not be permitted to perform an agreement with you, or if we have a legitimate interest in processing your data so that we can comply with a statutory or other legal obligation.

h. To carry out business processes and for the purpose of management reports and internal management

Know your customer

As a service provider, we believe it is important and necessary that we have a good picture of our clients. This includes knowing who we work with.

Determining credit risk associated with loans and credit facilities

Lending involves credit risk. We have to determine what that risk is, so that we can calculate the buffer we need to maintain. In connection with this, we process data relating to your loans and credit facilities.

Transfer of receivables

It can happen that we transfer to another party loans that we have made to you, such as your mortgage loan. If such a transfer takes place, your personal data will be processed. Once the loans have been transferred, the other party will also process your personal data. We agree with the other party that it must comply with legislation and regulations on personal data protection. We also do this when a contract is taken over. In the event of a merger or demerger, the legislation on protecting personal data will of course be followed.

Internal audits and studies

We may also use your data in order to perform internal audits and investigations, for example in order to examine how well new rules and processes have been implemented or to identify risks.

Improving our own business processes

We also use data to analyse and improve our business processes so that we can help you more effectively or make our processes more efficient. Where possible, we will anonymise (data that cannot be traced back to an individual in any way) or pseudonymise (data that can be linked to an individual if additional information is included) your data first.

Legal basis

We process your data because this is required by law or because we have a legitimate interest. Processing your personal data may also be necessary for the performance of our agreement with you.

i. For archiving purposes, scientific or historic research purposes or statistical purposes

We may also process your personal data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Where possible, we will seek to anonymise or pseudonymise your data first.

Legal basis

When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the date on the basis of the legitimate interest of Rabobank, the financial sector or our clients and employees.

We do not keep your data for any longer than necessary to fulfil the purposes for which we collected the data or the purposes for which data are reused. We have adopted a data retention policy. This policy specifies how long we keep data. In general we will keep your data for ten years following the termination of the relevant agreement or the ending of your business relationship with Rabobank, unless there is a legal obligation to preserve the data longer e.g. if the regulator asks us to keep specific data for longer in the context of risk models. In some cases, we use shorter retention periods.

In specific situations, we may also keep data for longer than we are required by the retention period fixed by us. We will do this if, for example, the judicial authorities request camera images, in which case we will keep the images for longer than we usually do, or if you have submitted a complaint, in which case the underlying data must be kept for longer.

Once we no longer require the data for the purposes described in sections 6 a to 6 i, we may still keep the data for archiving purposes, in the event of legal proceedings, or for historic or scientific research purposes or statistical purposes.

Special categories of personal data, information about criminal convictions and for the Netherlands citizen service numbers (BSNs) are sensitive data. We process special categories of personal data where this is permitted by law, because this information was made public by you, or with your permission, for example if you ask us to establish that you have a visual impairment so that you can receive Braille Documentation. We ask for your consent to record this information. If you give us consent to record special categories of personal data relating to you, or you have made this information public yourself, we will only process the information if this is necessary so that we can provide our services. If you have given us consent to record special categories of personal data, you may withdraw that consent at any time. To do this, please contact your Relationship Manager.

We will only make a decision based solely on automated processing including profiling which produces legal effects concerning you or significantly affects you, in case it is allowed by law and we have notified you. We do not envisage that any decisions will be taken about you that produces legal effects or significantly affects you.

Within Rabobank, your personal data can be accessed only by individuals who need to have access owing to their role and for official business purposes. All of these people are bound by a duty of confidentiality.

If we want to use information for any purpose other than the purpose for which it was obtained, we may do this as long as the two purposes are closely related.

If there is not a sufficiently strong connection between the purpose for which we obtained the data and the new purpose, we will ask you to give your consent. If you have given us consent you may withdraw that consent at any time. To do this, please contact your Relationship Manager.

a. Within Rabobank Group

Your personal data may be shared by divisions of Rabobank Group, for example because you ask us to do this, or because you also purchase a product from a different division of Rabobank. Information that has been used to establish your identity may also be used by another division of Rabobank with which you want to do business, for example.

These divisions of Rabobank may also be located in countries outside the European Union that apply less stringent data protection rules. We share your data with divisions of Rabobank Group, in which Rabobank holds a majority interest, only if the divisions comply with Rabobank’s rules, as set out in the Rabobank Privacy Code. The Rabobank Privacy Code describes the rules that all these divisions of Rabobank Group have to comply with. The Rabobank Privacy Code guarantees adequate protection of personal data.

b. Outside Rabobank Group

Your data is also transferred to other parties outside Rabobank if we are required to do this by law, because we have to perform an agreement with you or because we engage with another service provider.

We transfer your personal data to third parties if we are required to do so. Examples of such third parties include national and European regulators, such as your Central Bank and the European Central Bank (ECB), and your national and U.S. Tax Authorities.

We also transfer data if this is necessary in order to perform our agreements with you. For example, we use third parties such as SWIFT to enable you to make payments. These third parties are subject to supervision by their local regulators. This may mean that your payment and transaction data are transferred to other parties in countries that do not enjoy the same level of personal data protection as the European Union.

If your personal data are processed in a country with a different level of data protection, this may mean that your personal data are the subject of investigations by competent national authorities in the countries where the relevant information is held.

We also provide your data to other parties that we need to involve in the context of providing our services, such as lawyers.

We sometimes engage other parties / business partners that process personal data on our instructions. Examples include printers that handle client mailshots for us and print your name and address on envelopes, parties that perform market research on Rabobank’s behalf, and parties that store data for us. Before such parties are engaged, we must first ensure they are sufficiently reliable. We may only engage parties if this is in keeping with the purpose for which we processed your personal data, for example for promotional and marketing purposes. Moreover, this other party can be engaged by us only if it reaches specific agreements with us, has demonstrably implemented appropriate security measures and guarantees that your personal data will remain confidential. Your personal data may also be shared with other parties that we engage in the course of our business or for the provision of our services.

If we transfer your data to other parties outside the European Union, we take additional measures to protect your data. In some countries outside the European Union, the rules for protecting your data are different from those that apply within Europe. If we make use of a third party located outside the European Union, and if the European Commission believes that the country in which this third party is located does not offer adequate protection in the area of personal data processing, we will only transfer your data if other, suitable guarantees are in place, such as the contractual arrangement approved by the European Commission, or on the basis of the Privacy Shield (United States). These guarantees can be requested from Rabobank under datenschutz@rabobank.com.

a. right of information

This privacy notice describes what Rabobank does with your data. In certain cases, we provide additional or different information. For example, if Rabobank records your personal data in its incident registers, it will inform you about this separately (provided it is permitted to do so). We will also do this if there are other reasons for providing you with information in addition to the privacy notice. We may do that by means of a letter, by leaving a message in your inbox or in another way to be determined by us.

b. right of access to and rectification of personal data

You may ask your Relationship Manager whether we process data relating to you, and if so, which data this concerns. In that case, we can provide you with access to the data processed by us that relates to you. If you believe your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data (rectification).

c. right to erasure (‘right to be forgotten’)

You may request that we erase data concerning yourself that we have recorded, for example if you object to the processing of your personal data. Your interest must also be greater than Rabobank’s interest in processing the data.

d. right to restriction of processing

You may request that we restrict the personal data relating to you that we process. This means that we will process less personal data relating to you.

e. right to data portability (only applicable if the GDPR applies to the processing of your personal data)

You have the right to request that we supply you with data that you previously provided to Rabobank in the context of a contract with us or with your consent, in a structured, machine-readable format, or that we transfer such data to another party. If you ask us to transfer data directly to another party, we can do this only if this is technically feasible. In some cases, you do not need to submit a request to obtain the data you provided to us.

f. right to object to processing based on a legitimate interest

If we process your data because we have a legitimate interest in doing so, for example when we store e-mail messages but this is not required by law, you may object to this. In that case, we will reassess whether it is indeed the case that your data can no longer be used for that purpose. We will stop processing your data if your interest outweighs our interest. We will inform you of our decision, stating the reason.

g. right to object to direct marketing

You have the right to request that we stop using your data for direct marketing purposes. It may be the case that your objection relates to being approached through a specific channel, for example if you no longer wish to be contacted by telephone but still want to receive our newsletters. We will then take steps to ensure you are no longer contacted through the relevant channel.

If you make a request as described above, we will respond no later than one month after we receive your request. You may send your request to your Relationship Manager.

We may ask you to explain your request for access in more detail. For example, if you request access to emails, we may ask you to provide search keys, such as the email address from which it was sent and possibly the day and time the mails were sent. In very specific cases, we may extend this period in which we must respond to a maximum of three months. In that case, we will keep you informed about the progress made with your request.

If you make a request, we may ask you to provide proof of your identity. For example, if you submit a request to exercise your right of access or right to data portability, we will want to be certain that we provide your personal data to the right person. In that case, we will ask you to come to the bank so that you can make your identity known and we can verify your identity. In some cases, there may be doubts as to whether we can send you the data securely. If so, we may ask you to come to the bank to collect your data.

In certain cases, we may not be able to comply with your request, for example because this would violate the rights of others, would be against the law or is not permitted by the police, the Public Prosecution Service or another public authority, or because we have weighed up the relevant interests and determined that the interests of Rabobank or others in processing the data take precedence. In that case, we will inform you.

If we adjust your data or erase your data at your request, we will notify you of this and also inform the recipients of your data wherever possible.

Protecting your privacy when using our website is important to us. Therefore we would like to inform you how we at Rabobank handle your data. On this website Rabobank records various data and information about you:

Collection, processing, use and transfer

Other than within the scope of our Web statistics, we will only collect data about you if the data is disclosed by you in order to use one of the services offered by us (such as the sending information requests). This data is then only processed and/or used to render the services offered. We will not transfer your personal data to third parties.

Usage data, web server logs

You can generally visit our websites without telling us who you are. As is usual with almost all websites, the server on which our websites are located (hereinafter referred to as "web server") automatically collects information from you in web server logs when you visit our website. The web server automatically recognises certain data, some of which is personal, such as your IP address, the date and time you are on our site, the pages you visit on our website, the browser you use (e.g. Microsoft Edge), the operating system you use (e.g. Windows) and the domain name and address of your internet provider (e.g. Telekom). Since our website uses cookies (as explained below), the web server also stores this information. We regularly evaluate these server logs so that we can determine which pages of our website are visited. This gives us a more accurate idea of how our website is being used. This is commonly referred to as web statistics; it allows us to optimise our service. In addition, in the event of system abuse, we may use this information in cooperation with your internet provider and/or local authorities to identify the perpetrator of this abuse. The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO. Upon request, we will gladly provide you with the information underlying the balancing of interests.

IP addresses

This website uses Internet Protocol (IP) addresses. An IP address is a number assigned to your computer by your Internet provider so that you can access the Internet. Generally, an IP address changes every time you access the Internet, so it is a "dynamic" address. Please note that if you use a broadband connection, among other things, your IP address stored by us may contain information that identifies you as a person, i.e. personal data is processed by us. This is because, with some broadband connections, your IP address does not change (and is therefore "static") and can be associated with your PC. IP addresses are used as part of the web server log data mentioned above.

Cookies & Local Storage

Our website uses cookies and, where applicable, local storage elements. In accordance with legal requirements, we require your consent for this, unless the techniques used are absolutely necessary for our offer. Where your consent is required, we obtain it when you first visit our website as part of our welcome dialogue and information about our cookies and similar techniques.

Cookies

Cookies are small text files that are collected by your browser and temporarily stored on your computer (more precisely, in your browser directory). They can neither access the data on your hard drive nor cause any damage there. A cookie is primarily used to store information about a user during or after their visit within a website. This information is used, for example, to provide us as the operator of the website with statistical information about the use of the website, or to ensure the security of the website by, for example, recognising requests from bots.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Local Storage

In addition to cookies, there are also so-called local storage elements (also called "local data" and "local memory"). In this case, data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser window or exit the programme - as long as you do not delete the cache. Third parties cannot access the data stored in the local storage. They are not passed on to third parties and are not used for advertising purposes. Insofar as the use of local storage elements is not absolutely necessary to enable the functionality of our offer, we only use them with your consent (Art. 6 para. 1 lit. a DSGVO).

Details on the cookies and local storage used and their purposes can be found under "Cookies ".

Usage of additional registration services

Contact form

In order to be able to optimally serve you and provide you with an adequate response to your queries, we need to register your name, surname, email address and your telephone number. This data will be handled very confidentially and only for the purpose of responding to your queries. The legal base for the processing of data for the purpose of distributing “Food & Agri Reports” is your consent (art. 6 par. 1 lit. a DSGVO). Upon request we can provide you with the results of the “balancing of interests” analysis, which form the base for our handling of personal data.

Other registration services

As far as personal data is concerned, which is collected, processed and used within the context of other (non-proprietary) registration services, you will find additional information in the corresponding and respective privacy notices.

Security

All personal data will be transmitted encrypted to prevent abuse.

International data transfers

The processing of your personal data takes place exclusively within the EU or the European Economic Area. Concerning Google Analytics see above.

Minors

Children and adolescents under 16 years of age may not provide personal data through the Internet without the consent of their parents or guardians. You should be aware that our website is not intended for those under 18 years of age. We do not collect any personal information of individuals whom we know to be under 18 years of age.

Links to other websites

This website also contains links to other websites. However, the privacy policy described here does not apply to those websites. Please read the privacy policies of these websites to in order to obtain information about the privacy, security, data collection and the requirements for disclosure of data. Rabobank cannot be held liable for the actions of those websites or their contents.

If you have any questions concerning the processing of personal data by us, please contact:

If you have a complaint concerning the processing of your personal data by Rabobank, please contact:

Please note that any changes related to Rabobank’s Data Protection Office will be made public through this website.

Yes, our privacy notice may change from time to time. We will adjust the privacy notice when new data processing operations are introduced. If these changes are also relevant for you, we will draw your attention to these changes or clearly communicate them to you. The most recent version of the Rabobank: Branches privacy notice is always made available online at www.rabobank.de .