Financial enterprises
Financial enterprises and service providers, such as banks, credit card companies, insurers, pension funds, trust offices, financial and tax consultants, collect and use a lot of personal data.
On this page
Financial data
First of all, financial enterprises and service providers process financial data of their customers. Such as data about payments. Financial data are sensitive personal data. It is therefore particularly important that financial enterprises and service providers handle this personal data with due care.
Copy of identity document and citizen service number
Financial enterprises and service providers also process other personal data of their customers. For example:
- Financial enterprises and service providers are obliged by law to ascertain the identity of their customers. And to do this, keep a copy of each customer's identity document.
- Financial enterprises and service providers are allowed to use the citizen service number (Dutch: BSN) of their customers if this is stated in the law.
Quick answers
Is my bank allowed to make or ask for a copy ID?
Yes, this is allowed. When you become a customer, your bank has to check your identification document (ID) to verify whether you really are who you say you are (identification). And sometimes, this has to be done again if you are already a customer (re-identification). When doing so, your bank is allowed to make a copy ID or ask you to prove that your identity has been checked.
Read the detailed explanation: Identification at your bank
Is my bank allowed to ask for a photo or video of me?
Yes, this is allowed. Does the bank check your identity remotely? For example, because you become a customer with an online bank? Then, in addition to a copy ID, the bank is allowed to ask for a photo of your face ("selfie") or a video of yourself. The bank can use this to ascertain that your ID belongs to you.
Read more: Foto or video for identification purposes
Why do I have to provide my bank with proof of identity again if I am a customer already?
Your bank is allowed to ask you to provide proof of your identity again. Even if you have already done this on an earlier occasion. Financial enterprises such as banks must ensure that their customer administration is correct. If this is not the case, they are unable to meet their various statutory requirements.
In addition, the privacy law GDPR says that organisations must ensure that the personal data they process are correct and that they update the data if necessary.
Read more: Identification at financial enterprises
Is a company allowed to check my identity on behalf of my bank?
Yes, this is allowed. Your bank may choose to have (re-)identification performed by another company. For example, with an app through which you can send a copy ID and a photo or video. Or a company that visits you to make a copy of your ID.
In that case, that company is a processor. The bank has to make proper arrangements with this processor about how to handle the personal data of the customers. For example, about the security of these data.
Read more: Identification at financial enterprises
What do I have to do if my bank account number may have been leaked?
Did you receive a message from an organisation that they have become the victim of a data breach? And that bank account numbers have been leaked as a result? This is what you can do in such case:
- Be alert to phone calls or messages by email, text or WhatsApp in which people try to obtain information from you, such as your PIN code. Your bank will never ask you to provide a certain code or to send your bank card to a certain address, and certainly not in this way.
- Pay frequently attention to any debits from your bank accounts. Criminals may use your bank account for buying things.
- For more information see Veiligbankieren.nl (in Dutch).
Can I access my data at an organisation, or have them rectified or removed?
Yes, you can. If an organisation uses your personal data, you have a number of rights. This will ensure that you keep a grip on your personal data. These are the most important privacy rights:
- You have a right of access to your personal data.
- Does it turn out that data of you are incorrect? Or that certain data are missing? Then you can ask for rectification of your data (adjustment or addition).
- In some cases, you can also ask for removal of data.
Do you want to know what other rights you have? Check out Privacy rights under the GDPR.
What can I do if I have a question or complaint about the use of my personal data?
Always submit your questions or complaints to the organisation that uses your personal data first. Do you have a complaint and are you and the organisation unable to work it out together? Then you can lodge a complaint with the Dutch Data Protection Authority (DPA).