By accepting our use of cookies, you allow us to improve your experience on our website, so that it is faster, more personalised and more secure. You can change the cookie settings in your browser at any time. Find out more about cookies.

Privacy Policy

Update 13/09/2019

Protection of privacy is a primary consideration for Keytrade Bank.

This Privacy Policy applies to physicals persons and aims to explain clearly and simply to you - as a customer, a potential customer, a person connected to a customer or to a potential customer (for example, as a representative of a customer or a beneficial owner of a customer who is a legal entity or of an operation), a visitor on our public site or Secure Site (together referred as the "Website") or a user of our app - how we collect, use and store your personal data.

This Policy applies both to data which are initially collected when you contact the Bank and data which are later obtained by the Bank (for example, when you subscribe to an additional product or service, or when you update data that you have initially provided).

Your data are currently processed in compliance with Regulation (EU) No 2016/679 of 27 April 2016, the General Data Protection Regulation, known as "the GDPR", or any piece of legislation amending it. For more detailed information about data protection, please visit the Privacy Commission website (

This policy is updated regularly. Please check our Website regularly to find out which version currently applies.

  1. Who is your data controller?
  2. What do we mean by personal data?
  3. When do we collect these data?
  4. Where do we collect data about you?
  5. In what circumstances are you required to send these data to us?
  6. For what purpose and on what basis do we use your personal data?
    1. Statutory obligations
    2. Contractual relations
    3. Legitimate interests
    4. Consent
    5. Direct marketing
  7. Cookies
  8. Automated decisions based on your personal data
  9. Storage period
  10. Data security
  11. Who receives your data? To whom may your data be transferred?
  12. What are your rights?
    1. Right of access and correction
    2. Right to be forgotten
    3. Right to restrict processing
    4. Right to data portability
    5. Right to withdraw your consent
    6. Right of objection
  13. How can you exercise your rights?
  14. How can you let us know that you no longer wish to receive marketing offers?
  15. Who should you contact if there is a dispute?

1. Who is your data controller?

KEYTRADE BANK, Belgian branch of ARKEA DIRECT BANK SA (France), which is situated at Boulevard du Souverain 100, 1170 Brussels, and is registered under the number BE 0879.257.191 (the "Bank").

You can contact our data protection officer ("DPO") :

by mail to :
Boulevard du Souverain, 100
1170 Bruxelles

We do everything that we can to comply with the current data protection regulations, as well as measures implemented, overseen by the Privacy Commission.

For some services, we call upon specialist partners, who work as data processors. These partners must comply with our personal data protection policy and must also fulfil their relevant statutory obligations. We strive to ensure that your personal data are protected through appropriate provisions in our contracts with data processors, as well as other parties that may help us to process your personal data or that receive your data from us.

2. What do we mean by personal data?

By personal data, we mean not only data that identify you directly, but also data that identify you indirectly.

We generally need to collect the following different types of personal data:

Identification data: your last name, first names, addresses, identity card numbers, e-mail addresses, telephone numbers, login, IP addresses, etc.;
Transaction data: these are any data relating to your bank and stock market transactions: your account numbers, card numbers, bank communications, withdrawals, transfers relating to your accounts, any defaults on loan repayments to the Bank, etc.;
Financial data: your bills, payslips, income, the value of your personal property or real estate, Repayment capacity , the origin of your funds or assets, etc.;
Personal data: your age, gender, date of birth, place of birth, civil status and nationality;
Household composition data: your family situation, details about other members of your household, etc.;
Data relating to your investor profile: your knowledge of financial instruments and your experience with them, as well as your financial situation, including your ability to bear losses, your investment objectives and your risk tolerance;
Data relating to your activity and your interests when you browse our Website or when you use our mobile apps;
Data relating to our satisfaction surveys or from your interactions on our dedicated social media pages;
Audio-visual and electronic data: video surveillance recordings from our branch, telephone recordings from our customer service department or records of e-mail communications;
Data obtained via third parties: from the national register and from the Central Individual Credit Register of the National Bank of Belgium, as well as data supplied by public bodies, etc.
Data obtained via cookies: For more information, please read our Cookies Policy

We do not process sensitive data, namely data relating to a person's health, racial or ethnic origin, political opinions, religion or beliefs, trade union membership or sex life. We would only be able to have indirect access to these sensitive personal data under specific circumstances. For example, when you make a payment to join a political party or a trade union.

3. When do we collect these data?

When you become a customer or when a customer discloses your data to us;
When you contact us via one of the channels available to you;
When you visit one of our branches;
When you sign up for a new product or service;
When you take part in a survey, a tutorial, an information session or any other event organized by Keytrade Bank;
When you use one of our products or services;
When you log on to our mobile apps or our Website;
When you fill in one of our forms or sign a contract with the Bank.

4. Where do we collect data about you?

In most cases, you provide us the personal data that we process. However, we do also obtain these data via third parties. In particular, this happens when:

your data are disclosed to us by a customer (for example, because you are a beneficial owner or the representative of a legal entity, you are acting as an interim administrator or you have been named as a beneficiary of a KEYPLAN for Kids);
we view data with an authorised third party (for example: publications in the Belgian Official Gazette or the Crossroads Bank for Enterprises ("BCE"));
as part of our legal obligations, we consult some external files, such as the Central Individual Credit Register and the file of non-regulated registrations held by the National Bank of Belgium.

5. In what circumstances are you required to send these data to us?

You can visit our public site without sharing your identity with us. However, you will be using cookies that are intended to make it easier to use our Website, among other things. For more information, please read our Cookies Policy.

If you want to open an account at the Bank or use our services, you will be required to provide us with some information about yourself. We are legally required to request information from you that we need in order to be able to initiate a relationship with us.

You do, of course, have the right to refuse to disclose this information to us, but, should you do this, you will be unable to enjoy our services.

6. For what purpose and on what basis do we use your personal data?

Generally, we use your personal data:

in order to comply with any legal and regulatory dispositions to which the Bank is subject;
as part of the process of executing an onboarding banking services contract or any other contract with the Bank, or when taking pre-contractual measures;
in order to pursue the Bank's legitimate interests, maintaining a balance between these legitimate interests and respect for your privacy, or;
when we have obtained your consent.

6.1 Statutory obligations

The Bank is bound by a number of legal and regulatory obligations that require us to process your data. These obligations mainly fall within the following legal and regulatory areas:

The obligation to respond to any legitimate request from a public, judicial, prudential supervisory or tax authority, either in Belgium or from abroad;
Administrative and risk management obligations. We calculate risk scores for granting credit and we assess your ability to repay. By using statistical risk modelling which uses your personal data, we can assess the risk of you not being able to repay your credit.
The obligation to help to prevent money laundering and the financing of terrorism, by identifying customers, representatives and beneficial owners, establishing profiles, and monitoring operations and transactions;
The obligation to comply with legislation on embargoes determined by the competent authorities in Belgium or abroad, against individuals, organizations or citizens of some states, for example, by identifying the people and assets involved;
The obligation to help to fight against tax fraud and evasion, by identifying customers, their accounts and contracts, and by working with the competent authorities;
The obligation to help to fight against market abuse, by identifying particular information and reporting it to the competent authorities;
The obligation to protect users of financial products and services, by identifying, for some services, the profile and investor category, and their investment capabilities and objectives;
The obligation to disclose information about accounts, transactions and their respective beneficiaries or issuers to other financial product or service providers, or payment service providers (for example, payment service initiators and account aggregators).
The obligation to comply with requirements relating to financial or tax reporting, or relating to reporting fraud or incidents;
The obligation to save and store certain data.

The list of legal and regulatory areas that govern how the Bank must process your data is non-exhaustive and may change.

As part of its statutory obligations relating to fighting against money laundering and the financing of terrorism, to performing a credit check during a credit application and to protecting investors, the Bank carries out automated checks, using external sources or data which are specifically requested at that time. These automated checks may possibly result in us refusing you a contract or requesting additional information from you, depending on the case.

For these checks, the Bank uses suitable mathematical or statistical models, using verified data in order to avoid any risk of error. When this occurs, the Bank does not process any sensitive data and strives to avoid any form of discrimination.

6.2 Contractual relations

Before entering into a contract, the Bank may and, in some cases, must obtain and process certain data, in particular, in order to:

respond to your application;
make you aware when the online registration process has not been completed;
take an application further, assess suitability and evaluate the risks linked to any contract;
assess your creditworthiness or possibly the creditworthiness of people connected to you during a credit application.

In addition, the Bank is unable to process applications for specific products or services without obtaining certain data from you beforehand.

For example, if you want acquire a new product or service (for example, KEYPRIVATE, KEYHOME, etc.), we will need certain personal data from you in order to assess whether we can provide these products or services to you.

More specifically, in the context of executing contracts, the Bank processes your data as follows:

central management of your different types of accounts;
management and checking of transactions;
central management and a 360-degree view of customers;
management and provision of products and services, including:
  • the sale of financial and investment products;
  • management and granting of credits, by assessing the overall credit risk;
consolidation and monitoring of reporting on financial and accounting data;
protecting you and your assets against any fraudulent activity, as a result of identity theft, data leaks or data hacking, for example;
the management of your data as part of the accounts information service (aggregation) and the payment initiation service.

6.3 Legitimate interests

The Bank also processes your data in order to pursue its legitimate interests. For this purpose, the Bank strives to maintain a fair balance between its data processing needs and respect for your rights and freedoms, particularly privacy protection.

Personal data are therefore processed in order to:

prepare studies, (risk, marketing and other) models and statistics, by using anonymization and/or pseudonymization techniques for the individuals involved;
promote products and services provided or promoted by the Bank (see 6.5);
complete in advance data that we already know for existing customers when they apply for additional products or services;
Improving the performance of our services:
  • We use transaction data in order to get a better understanding of how our services are used, in order to improve them. For example, when you open an account, we measure the time between when your account was opened and the first transaction.
  • We also analyze the results of our marketing activities, so that we can measure how effective our campaigns have been, in order to provide you, the customer, with more appropriate solutions.
  • We analyze the results of surveys conducted on the Bank's customers, statistics, tests and comments left by customers on the Bank's different social media pages (Twitter, Facebook, etc.).
storing evidence;
Training our staff, using telephone recordings from our customer service department;
tracking the Bank's activities, in particular, measuring sales, the number of calls and the number of visits to the Bank's Website, as well as ascertaining the most frequently asked questions by customers, etc.
cookie use: you can find more information about how cookies work and how you can restrict or delete cookies in our Cookies Policy. For more information, please read our Cookies Policy;
protecting assets and people, and combating fraud or attempted hackings, malpractice or other offences: this means that images recorded by our surveillance cameras are only recorded to protect assets and people, and to prevent malpractice, fraud or other offences that could be committed against our customers or the Bank;
establishing, exercising, defending and safeguarding the rights of the Bank and the people that it may represent during recovery or dispute procedures, for example.

6.4 Consent

In some cases, the Bank will only process your personal data if it has specifically obtained your consent to do so.

For example:

The Bank will only send you marketing communications by e-mail or by SMS and will only process your electronic-communications data for this purpose if you have provided specific consent for it to do so (see 6.5).

Please note: your consent is only required for market communications that are sent electronically. In all other cases (such as part of your contract, or if required by law if we alter our general terms and conditions), we reserve the right to contact you by any means of communication, including via e-mail.

The Bank will only disclose data needed for some payment service providers, such as payment service initiators and account aggregators, to take action, if you have provided your consent for the Bank to do so.

6.5 Direct marketing

The Bank offers you a wide range of financial products and services and, as a company, it has a legitimate interest in being able to tell you about the products or services that it provides or is promoting. With this in mind, it may need to use your personal data and, in particular, your contact details, in order to send marketing communications to you.

In practice, this means that you may be contacted in the following cases, for example:

about products in which you showed an interest (for example, by registering for an information session or by running a simulation on the product);
when the Bank launches new products or services;
when you have started a subscription process for a product or service and have not completed it.

As part of its direct marketing activities, the Bank may contact you using traditional methods, such as the telephone and ordinary mail. The Bank will only use these traditional methods of communication if you have not exercised your right of objection to your commercial data being used for direct marketing purposes (see 12.5).

The Bank may also contact you electronically (via e-mail, fax or SMS). However, it will only do this when you have provided your consent for it to do so.

Under no circumstances will the Bank disclose your data to third parties so that they can send you marketing communications for their own products and services. Furthermore, the Bank will never process sensitive data for direct marketing purposes.

7. Cookies

Generally speaking, cookies are small data files stored on your computer. They may have different functions, but they are generally used to keep a record of websites that you have visited, which can use them to remember you and your preferences when you visit in the future.

We use cookies on our Website in order to enhance its performance, to enable it to remember your preferences and to bring you information that we think will be interesting or useful to you.

We also use data recorded by cookies to compile statistics for our Website and to ensure that its performance and content are improved.

Most web browsers are automatically configured to accept cookies. However, you can configure your web browser to notify you each time a cookie has been sent or to stop it from saving cookies on your hard disk. If you do not accept our cookies, you may notice that our Website will slow down or you may no longer be able to access all of its services.

For more detailed information about using our cookies, please read the Bank's Cookies Policy.

Our Website may contain links to third-party sites, which have terms of use that do not fall within the scope of our Privacy Policy.
We recommend that you read their personal data protection policies carefully.

8. Automated decisions based on your personal data

In order to provide our products and services to you quickly and efficiently, your personal data may occasionally be processed completely automatically, in order to make a decision that legally applies to you or which could significantly affect you.

In the case of mortgages, the decision about whether or not to grant a loan to you is made based on an algorithm alone. This algorithm uses the data that you have sent to us as part of your credit application, as well external data (from the Central Office for Credits to Private Individuals). This algorithm assesses your ability to repay the loan that you have applied for and aims to enable us to make a quick and non-discriminatory decision. However, you always have the right to be provided with an explanation on the decision made following this type of assessment, to contest this decision and to request one of our employees to become involved, when it relates to any automated decision.

The same applies to the budget management support service, which supplies information such as charts and tables, categorisations and monthly reports produced by the Bank as support for customers managing their personal finances. This information is available from Keytrade Bank and from third-party banks acting as account managers selected by the Customer.

9. Storage period

We try to not store your personal data for any longer than we need for the processing activity that requires us to collect them. When assessing how long we need to store your personal data, we must also take into account the applicable regulatory requirements (requirements stemming from legislation against money laundering, for example).

More specifically, your personal data as a prospective customer will be stored for a maximum period of a year.

If you are a customer of the Bank, the data that we will have collected as part of our contractual relationship will, in principle, be stored for the duration of this relationship and for a period of 10 years after you close your account. This period may be longer in some cases, for example, when it involves a mortgage (30 years) or a dispute (until there is an outcome to the dispute).

Other data, such as data collected using surveillance cameras, are stored for a shorter period (a period of a month for images recorded by surveillance cameras).

10. Data security

We take suitable technical and organizational measures in order to guarantee that your personal data are adequately protected against being lost or accidentally divulged to unauthorized individuals.

We have put in place security technology that complies with international rules and current standards in order to protect your personal data.

You can also help to keep your personal data secure by following these tips:

Use the most recent operating system on your computer and install all of the security updates;
Use the most recent version of your web browser and then install all of the security updates;
Install antivirus software, anti-spyware software and a firewall, and adjust your preferences so that these safeguards are updated regularly;
Do not leave your Device and your log-in details unattended;
Log off the Transaction Site or the app if you are no longer using it;
Keep your codes confidential. Make sure that you are on the real Keytrade Bank site, using the site address and the certificate: in order to do this, click on the green padlock and check that the certificate:
  • belongs to Keytrade Bank (Arkea Direct Bank SA)
  • is issued (verified) by Globalsign nv-sa
Only log in from devices that you trust and do not use shared computers/devices for sensitive transactions.
If you don't feel comfortable with a site, do not use it and do not enter any codes/passwords!
Do not open attachments to e-mails that you were not expecting.
E-mails may contain viruses or other unwanted software, even if you know the sender. Make sure that your anti-virus software also scans the attachments to your incoming e-mails. Perhaps activate the e-mail filter on your web browser.
The Bank will never ask you for your account numbers, debit or credit card numbers, passwords or codes via e-mail.

If you contact our customer service department about an issue relating to executing your orders, they will ask you for your bank account details. When using the "Telephone orders" service, they will ask you some personal questions in order to identify you.

11. Who receives your data? To whom may your data be transferred?

Within the Bank, your personal data can only be accessed by people who need to access them for working purposes.
Some of your personal data may be disclosed to Arkéa Direct Bank SA, to Crédit Mutuel Arkéa or to other entities of the group (Keytrade Bank is a Belgian branch of Arkéa Direct Bank SA (France), which itself is a subsidiary company of Crédit Mutuel Arkéa).
In some cases, we are required by law to disclose your personal data to third parties:
  • to market and regulatory authorities (particularly in Belgium and France), similar foreign authorities, the Central Point of Contact ("CPC") and Belgian and foreign tax authorities, when the Bank is required to disclose customers' personal data;
  • to the Belgian National Bank or the Bank of France (in cases mentioned by European regulation no. 2016/867 of 18 May 2016 (the ANACREDIT Regulation)), relating to credits that are granted to you;
  • to public or judicial authorities, such as the police, prosecutors, law courts, etc.. This can only be done at their explicit request;
  • to lawyers (for example, in relation to the dissolution of a marriage or a bankruptcy), notaries (for example, when it involves a mortgage or inheritance), guardians or provisional administrators, etc.;
  • to third-party banks in accordance with the Law of 18 September 2017 relating to the prevention of money laundering and the financing of terrorism and to limitations on the use of cash.
In some cases, the Bank calls upon third parties to provide you with services to which you have subscribed or in order to process your personal data. For example, this can involve:
  • Specialist providers from the financial sector, who must also fulfil their legal obligations as data processors in relation to personal data;
    (For example: Card Stop, VISA, correspondent banking institutions in foreign countries, etc.);
  • Service providers who help us to:
    • Create and maintain our tools;
    • Market our activities, organize events and manage communications with customers;
    • Develop and/or manage our products and services.

In such cases, we ensure that these third parties only have access to the personal data that they need to complete their specific tasks. We also ensure that our data processors commit to treating data securely and confidentially, and to using them as outlined in our instructions.

When we work with data processors outside of the European Economic Area (EEA), we take appropriate measures to guarantee that your personal data will be properly protected in the recipient country. In such cases, we take action (for example, through contractual measures) to guarantee that your personal data are processed with the same level of security as required under European legislation.

Your data may also be disclosed, to some payment service providers, such as payment initiation service providers and account information service providers within the context of PSD2: those (pseudoanonymised) data will only be saved on the Cloud if you use the payment initiation and the account information services.

Under no circumstances will we sell your personal data to third parties.

12. What are your rights?

12.1 Right of access and correction

You have a right of access to your personal data. In particular, the Bank can provide you with:

The categories of personal data which have been processed;
The purposes for which we have collected your data;
The categories of recipients who have received your data from us;
The storage period for your data;
The rationale for using any automated processing on your personal data;
The source of any processed personal data, if it was not collected from you.

If you discover that your data are inaccurate or incomplete, you can ask us to correct them.

We take all necessary measures to ensure that your personal data are correct, up-to-date, complete and relevant, which is why we ask you to keep us informed of any changes (new addresses, new identity cards, acquisition of a new nationality, etc.).

You can amend some of your personal data yourself by logging onto the Transaction Site and then going to Preferences.

If we correct your data and we have previously shared them with third parties, we will also notify them of these corrections.

12.2 Right to be forgotten

In some specific cases, legislation enables you to have your personal data deleted.

This is particularly the case if the data are no longer needed for the purposes for which we have collected them (for example, because you have disclosed your contact details to us in order to take part in an event which has finished), if we have only processed your data because you provided your consent for us to do so and you decide to withdraw it, or if you object to your data being processed and we have no legitimate reasons which take precedence over yours.

However, the Bank may store your personal data when they are needed for establishing, exercising or defending its rights in court, or for the Bank to comply with its statutory obligations. The Bank will therefore be required to comply with storage periods stipulated by different laws, particularly when the data are for transactions which you have carried out or have been collected as part of our obligations relating to fighting against money laundering and the financing of terrorism (see point 7).

12.3 Right to restrict processing

This particular right of objection enables you to ask the Bank to block your data temporarily in specific cases set out by regulations: the Bank will then no longer be able to process your affected data for a specified time.

You can ask for your data to be blocked:

When the data in question are inaccurate, incomplete, ambiguous or out-of-date, for the amount of time needed to enable us to ensure that your data are accurate;
When collecting, using, disclosing or storing them is prohibited;
When the data are no longer needed for processing purposes;
For the period of time needed by the Bank to assess the merits of an objection request.

If you exercise this right, we will be able store your data, but we will no longer be able to carry out any further processing on them, except when you provide your consent for us to do so, or in order to establish, exercise or defend our rights (or the rights of another person).

12.4 Right to data portability

Thanks to this right, you can ask the Bank to send your personal data to you or to send them directly to another data controller, when this is technically possible for the Bank. This right only applies to data which you yourself have supplied to the Bank and which are automatically processed, on the basis of the contract or when you have provided your consent.

You can make a request via the following form

12.5 Right to withdraw your consent

When your data are only being processed because you have provided your consent, you have the right to withdraw this consent at any time. However, withdrawing your consent does not provides the grounds for you to call into question the legality of the processing activity carried out during the period before you withdrew your consent.

12.6 Right of objection

You always have the right to object to your data being used for direct marketing purposes, without any justification and at no expense (see 14). If this occurs, your data will no longer be used for this purpose.

Furthermore, you also have the right to object, for reasons relating to your particular circumstances, to any processing of your personal data which has been carried out to further our legitimate interests. However, we will be unable to grant your request if our legitimate interests prevail over yours or if we are required to process your data in order to establish, exercise or defend our rights in court.

13. How can you exercise your rights?

In order to exercise your rights, you can send your dated and signed request to us, together with a readable copy of the front and back of your identity card, with as many specific details as possible:

by mail to :
KEYTRADE BANK - Legal Department
Boulevard du Souverain, 100
1170 Bruxelles

Upon receiving your complete request, we will respond to it within 30 calendar days.

If you request any additional copies when exercising your right to access your personal data, we may charge you a reasonable amount for administrative costs.

14. How can you let us know that you no longer wish to receive marketing offers?

If you are a customer of the Bank and you no longer wish to receive commercial offers from us or wish to receive fewer of them, you can let us know by logging into the Transaction Site, then going to "Preferences" and then going to "Communication". For example, you can choose to receive only some of our newsletters or let us know your communication preferences.

If you are not yet a customer of the Bank, you can let us know about these preferences by sending us an e-mail to

In addition, if you wish to not receive marketing communications by telephone or no longer wish to receive them, you can place your name on the "Do not call me" list (

If you wish to receive promotional informational from us or be contacted by telephone for marketing communications (again), you can inform us by e-mail at or by amending your Preferences on the Transaction Site.

15. Who should you contact if there is a dispute?

If there is a dispute relating to processing your personal data, you can submit a mediation request to the Commission for the Protection of Privacy at the following address:

Privacy Commission
Rue de la Presse 35
1000 Bruxelles
Tél : +32 2 274 48 00
Mail :