Protection of privacy is a primary consideration for Keytrade Bank.
This Policy applies both to data which are initially collected when you contact the Bank and data which are later obtained by the Bank (for example, when you subscribe to an additional product or service, or when you update data that you have initially provided).
Your data are currently processed in compliance with Regulation (EU) No 2016/679 of 27 April 2016, the General Data Protection Regulation, known as "the GDPR", or any piece of legislation amending it. For more detailed information about data protection, please visit the Privacy Commission website (https://www.dataprotectionauthority.be).
This policy is updated regularly. Please check our Website regularly to find out which version currently applies.
- Who is your data controller?
- What do we mean by personal data?
- When do we collect these data?
- Where do we collect data about you?
- In what circumstances are you required to send these data to us?
- For what purpose and on what basis do we use your personal data?
- Automated decisions based on your personal data
- Storage period
- Data security
- Who receives your data? To whom may your data be transferred?
- What are your rights?
- How can you exercise your rights?
- How can you let us know that you no longer wish to receive marketing offers?
- Who should you contact if there is a dispute?
1. Who is your data controller?
KEYTRADE BANK, Belgian branch of ARKEA DIRECT BANK SA (France), which is situated at Boulevard du Souverain 100, 1170 Brussels, and is registered under the number BE 0879.257.191 (the "Bank").
You can contact our data protection officer ("DPO") :
Boulevard du Souverain, 100
We do everything that we can to comply with the current data protection regulations, as well as measures implemented, overseen by the Privacy Commission.
For some services, we call upon specialist partners, who work as data processors. These partners must comply with our personal data protection policy and must also fulfil their relevant statutory obligations. We strive to ensure that your personal data are protected through appropriate provisions in our contracts with data processors, as well as other parties that may help us to process your personal data or that receive your data from us.
2. What do we mean by personal data?
By personal data, we mean not only data that identify you directly, but also data that identify you indirectly.
We generally need to collect the following different types of personal data:
We do not process sensitive data, namely data relating to a person's health, racial or ethnic origin, political opinions, religion or beliefs, trade union membership or sex life. We would only be able to have indirect access to these sensitive personal data under specific circumstances. For example, when you make a payment to join a political party or a trade union.
3. When do we collect these data?
4. Where do we collect data about you?
In most cases, you provide us the personal data that we process. However, we do also obtain these data via third parties. In particular, this happens when:
5. In what circumstances are you required to send these data to us?
You can visit our public site without sharing your identity with us. However, you will be using cookies that are intended to make it easier to use our Website, among other things. For more information, please read our Cookies Policy.
If you want to open an account at the Bank or use our services, you will be required to provide us with some information about yourself. We are legally required to request information from you that we need in order to be able to initiate a relationship with us.
You do, of course, have the right to refuse to disclose this information to us, but, should you do this, you will be unable to enjoy our services.
6. For what purpose and on what basis do we use your personal data?
Generally, we use your personal data:
6.1 Statutory obligations
The Bank is bound by a number of legal and regulatory obligations that require us to process your data. These obligations mainly fall within the following legal and regulatory areas:
The list of legal and regulatory areas that govern how the Bank must process your data is non-exhaustive and may change.
As part of its statutory obligations relating to fighting against money laundering and the financing of terrorism, to performing a credit check during a credit application and to protecting investors, the Bank carries out automated checks, using external sources or data which are specifically requested at that time. These automated checks may possibly result in us refusing you a contract or requesting additional information from you, depending on the case.
For these checks, the Bank uses suitable mathematical or statistical models, using verified data in order to avoid any risk of error. When this occurs, the Bank does not process any sensitive data and strives to avoid any form of discrimination.
6.2 Contractual relations
Before entering into a contract, the Bank may and, in some cases, must obtain and process certain data, in particular, in order to:
In addition, the Bank is unable to process applications for specific products or services without obtaining certain data from you beforehand.
For example, if you want acquire a new product or service (for example, KEYPRIVATE, KEYHOME, etc.), we will need certain personal data from you in order to assess whether we can provide these products or services to you.
More specifically, in the context of executing contracts, the Bank processes your data as follows:
- the sale of financial and investment products;
- management and granting of credits, by assessing the overall credit risk;
6.3 Legitimate interests
The Bank also processes your data in order to pursue its legitimate interests. For this purpose, the Bank strives to maintain a fair balance between its data processing needs and respect for your rights and freedoms, particularly privacy protection.
Personal data are therefore processed in order to:
- We use transaction data in order to get a better understanding of how our services are used, in order to improve them. For example, when you open an account, we measure the time between when your account was opened and the first transaction.
- We also analyze the results of our marketing activities, so that we can measure how effective our campaigns have been, in order to provide you, the customer, with more appropriate solutions.
- We analyze the results of surveys conducted on the Bank's customers, statistics, tests and comments left by customers on the Bank's different social media pages (Twitter, Facebook, etc.).
In some cases, the Bank will only process your personal data if it has specifically obtained your consent to do so.
Please note: your consent is only required for market communications that are sent electronically. In all other cases (such as part of your contract, or if required by law if we alter our general terms and conditions), we reserve the right to contact you by any means of communication, including via e-mail.
6.5 Direct marketing
The Bank offers you a wide range of financial products and services and, as a company, it has a legitimate interest in being able to tell you about the products or services that it provides or is promoting. With this in mind, it may need to use your personal data and, in particular, your contact details, in order to send marketing communications to you.
In practice, this means that you may be contacted in the following cases, for example:
As part of its direct marketing activities, the Bank may contact you using traditional methods, such as the telephone and ordinary mail. The Bank will only use these traditional methods of communication if you have not exercised your right of objection to your commercial data being used for direct marketing purposes (see 12.5).
The Bank may also contact you electronically (via e-mail, fax or SMS). However, it will only do this when you have provided your consent for it to do so.
Under no circumstances will the Bank disclose your data to third parties so that they can send you marketing communications for their own products and services. Furthermore, the Bank will never process sensitive data for direct marketing purposes.
Generally speaking, cookies are small data files stored on your computer. They may have different functions, but they are generally used to keep a record of websites that you have visited, which can use them to remember you and your preferences when you visit in the future.
We also use data recorded by cookies to compile statistics for our Website and to ensure that its performance and content are improved.
Most web browsers are automatically configured to accept cookies. However, you can configure your web browser to notify you each time a cookie has been sent or to stop it from saving cookies on your hard disk. If you do not accept our cookies, you may notice that our Website will slow down or you may no longer be able to access all of its services.
For more detailed information about using our cookies, please read the Bank's Cookies Policy.
We recommend that you read their personal data protection policies carefully.
8. Automated decisions based on your personal data
In order to provide our products and services to you quickly and efficiently, your personal data may occasionally be processed completely automatically, in order to make a decision that legally applies to you or which could significantly affect you.
In the case of mortgages, the decision about whether or not to grant a loan to you is made based on an algorithm alone. This algorithm uses the data that you have sent to us as part of your credit application, as well external data (from the Central Office for Credits to Private Individuals). This algorithm assesses your ability to repay the loan that you have applied for and aims to enable us to make a quick and non-discriminatory decision. However, you always have the right to be provided with an explanation on the decision made following this type of assessment, to contest this decision and to request one of our employees to become involved, when it relates to any automated decision.
The same applies to the budget management support service, which supplies information such as charts and tables, categorisations and monthly reports produced by the Bank as support for customers managing their personal finances. This information is available from Keytrade Bank and from third-party banks acting as account managers selected by the Customer.
9. Storage period
We try to not store your personal data for any longer than we need for the processing activity that requires us to collect them. When assessing how long we need to store your personal data, we must also take into account the applicable regulatory requirements (requirements stemming from legislation against money laundering, for example).
More specifically, your personal data as a prospective customer will be stored for a maximum period of a year.
If you are a customer of the Bank, the data that we will have collected as part of our contractual relationship will, in principle, be stored for the duration of this relationship and for a period of 10 years after you close your account. This period may be longer in some cases, for example, when it involves a mortgage (30 years) or a dispute (until there is an outcome to the dispute).
Other data, such as data collected using surveillance cameras, are stored for a shorter period (a period of a month for images recorded by surveillance cameras).
10. Data security
We take suitable technical and organizational measures in order to guarantee that your personal data are adequately protected against being lost or accidentally divulged to unauthorized individuals.
We have put in place security technology that complies with international rules and current standards in order to protect your personal data.
You can also help to keep your personal data secure by following these tips:
- belongs to Keytrade Bank (Arkea Direct Bank SA)
- is issued (verified) by Globalsign nv-sa
If you contact our customer service department about an issue relating to executing your orders, they will ask you for your bank account details. When using the "Telephone orders" service, they will ask you some personal questions in order to identify you.
11. Who receives your data? To whom may your data be transferred?
- to market and regulatory authorities (particularly in Belgium and France), similar foreign authorities, the Central Point of Contact ("CPC") and Belgian and foreign tax authorities, when the Bank is required to disclose customers' personal data;
- to the Belgian National Bank or the Bank of France (in cases mentioned by European regulation no. 2016/867 of 18 May 2016 (the ANACREDIT Regulation)), relating to credits that are granted to you;
- to public or judicial authorities, such as the police, prosecutors, law courts, etc.. This can only be done at their explicit request;
- to lawyers (for example, in relation to the dissolution of a marriage or a bankruptcy), notaries (for example, when it involves a mortgage or inheritance), guardians or provisional administrators, etc.;
- to third-party banks in accordance with the Law of 18 September 2017 relating to the prevention of money laundering and the financing of terrorism and to limitations on the use of cash.
- Specialist providers from the financial sector, who must also fulfil their legal obligations as data processors in relation to personal data;
(For example: Card Stop, VISA, correspondent banking institutions in foreign countries, etc.);
- Service providers who help us to:
- Create and maintain our tools;
- Market our activities, organize events and manage communications with customers;
- Develop and/or manage our products and services.
In such cases, we ensure that these third parties only have access to the personal data that they need to complete their specific tasks. We also ensure that our data processors commit to treating data securely and confidentially, and to using them as outlined in our instructions.
When we work with data processors outside of the European Economic Area (EEA), we take appropriate measures to guarantee that your personal data will be properly protected in the recipient country. In such cases, we take action (for example, through contractual measures) to guarantee that your personal data are processed with the same level of security as required under European legislation.
Under no circumstances will we sell your personal data to third parties.
12. What are your rights?
12.1 Right of access and correction
You have a right of access to your personal data. In particular, the Bank can provide you with:
If you discover that your data are inaccurate or incomplete, you can ask us to correct them.
We take all necessary measures to ensure that your personal data are correct, up-to-date, complete and relevant, which is why we ask you to keep us informed of any changes (new addresses, new identity cards, acquisition of a new nationality, etc.).
You can amend some of your personal data yourself by logging onto the Transaction Site and then going to Preferences.
If we correct your data and we have previously shared them with third parties, we will also notify them of these corrections.
12.2 Right to be forgotten
In some specific cases, legislation enables you to have your personal data deleted.
This is particularly the case if the data are no longer needed for the purposes for which we have collected them (for example, because you have disclosed your contact details to us in order to take part in an event which has finished), if we have only processed your data because you provided your consent for us to do so and you decide to withdraw it, or if you object to your data being processed and we have no legitimate reasons which take precedence over yours.
However, the Bank may store your personal data when they are needed for establishing, exercising or defending its rights in court, or for the Bank to comply with its statutory obligations. The Bank will therefore be required to comply with storage periods stipulated by different laws, particularly when the data are for transactions which you have carried out or have been collected as part of our obligations relating to fighting against money laundering and the financing of terrorism (see point 7).
12.3 Right to restrict processing
This particular right of objection enables you to ask the Bank to block your data temporarily in specific cases set out by regulations: the Bank will then no longer be able to process your affected data for a specified time.
You can ask for your data to be blocked:
If you exercise this right, we will be able store your data, but we will no longer be able to carry out any further processing on them, except when you provide your consent for us to do so, or in order to establish, exercise or defend our rights (or the rights of another person).
12.4 Right to data portability
Thanks to this right, you can ask the Bank to send your personal data to you or to send them directly to another data controller, when this is technically possible for the Bank. This right only applies to data which you yourself have supplied to the Bank and which are automatically processed, on the basis of the contract or when you have provided your consent.
You can make a request via the following form
12.5 Right to withdraw your consent
When your data are only being processed because you have provided your consent, you have the right to withdraw this consent at any time. However, withdrawing your consent does not provides the grounds for you to call into question the legality of the processing activity carried out during the period before you withdrew your consent.
12.6 Right of objection
You always have the right to object to your data being used for direct marketing purposes, without any justification and at no expense (see 14). If this occurs, your data will no longer be used for this purpose.
Furthermore, you also have the right to object, for reasons relating to your particular circumstances, to any processing of your personal data which has been carried out to further our legitimate interests. However, we will be unable to grant your request if our legitimate interests prevail over yours or if we are required to process your data in order to establish, exercise or defend our rights in court.
13. How can you exercise your rights?
In order to exercise your rights, you can send your dated and signed request to us, together with a readable copy of the front and back of your identity card, with as many specific details as possible:
Boulevard du Souverain, 100
Upon receiving your complete request, we will respond to it within 30 calendar days.
If you request any additional copies when exercising your right to access your personal data, we may charge you a reasonable amount for administrative costs.
14. How can you let us know that you no longer wish to receive marketing offers?
If you are a customer of the Bank and you no longer wish to receive commercial offers from us or wish to receive fewer of them, you can let us know by logging into the Transaction Site, then going to "Preferences" and then going to "Communication". For example, you can choose to receive only some of our newsletters or let us know your communication preferences.
If you are not yet a customer of the Bank, you can let us know about these preferences by sending us an e-mail to firstname.lastname@example.org.
In addition, if you wish to not receive marketing communications by telephone or no longer wish to receive them, you can place your name on the "Do not call me" list (http://www.ne-m-appelez-plus.be/fr).
If you wish to receive promotional informational from us or be contacted by telephone for marketing communications (again), you can inform us by e-mail at email@example.com or by amending your Preferences on the Transaction Site.
15. Who should you contact if there is a dispute?
If there is a dispute relating to processing your personal data, you can submit a mediation request to the Commission for the Protection of Privacy at the following address:
Rue de la Presse 35
Tél : +32 2 274 48 00
Mail : firstname.lastname@example.org