Privacy

This Privacy Statement sets out how we handle your personal data. You can be confident that we handle your personal data with due care.
Different privacy statements may apply in specific cases: our ABN AMRO UK Recruitment Privacy Statement will apply if you seek a role with us, while the Privacy Statement for ABN AMRO Bank N.V. will apply for activities undertaken in (or services offered from) the Netherlands and the EEA. For certain services or products, an extra privacy statement or disclosures may also be provided or accessible.
This Privacy Statement was last updated on: 17 July 2026
ABN AMRO and your Personal Data
This Privacy Statement may apply to you in a range of scenarios, including if:
your company is a client of ours
you or your business contacted us for information on our products and services, or has applied for one of our products
you are a partner, director, shareholder, person with significant control, or beneficial owner of one of our clients, or are a guarantor or security provider for one of our clients
you are a supplier or an intermediary, or work for one of our clients or a supplier, and/or
you’ve been invited to attend a seminar or event of ours.
This Privacy Statement is also intended for you if you are related or connected to the above persons whose personal data we may need to “process” or use, for example:
contact persons at businesses to which we provide services and with whom we are in correspondence
partners, directors, shareholders, persons with significant control, guarantor(s), security providers and beneficial owners of these businesses, and/or
directors of associated businesses, directors of any intermediaries.
Yes. Our activities are subject to oversight by the ABN AMRO Global Group Data Protection Officer (“Group DPO”).
In the UK, the Group DPO is supported by the UK Data Privacy Officer, who can be contacted at privacy@uk.abnamro.com. You may also contact the Group Privacy Office at privacy.office@nl.abnamro.com.
We will be the ‘data controller’ responsible for your personal data.
In this case, “we” refers to ABN AMRO Bank N.V., UK Branch. We can be found at 5 Aldermanbury Square | London EC2V 7HR.
Personal data is information that says something about you. The best known forms of personal data are your name, address, email address, age and date of birth. Personal data also includes your bank account number, your phone number, your IP address and your national insurance number.
There are also several “special categories” of personal data - data whose inappropriate use could have a serious impact on an individual's privacy. These include data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data used for identification, health data, and data concerning a person’s sexual orientation.
Data protection law imposes strict requirements on the use of special categories of personal data. We cannot process this personal data unless required or permitted to do so by law, or unless you have given your explicit consent. Additional requirements also apply to limit how we can handle criminal offence data.
We collect and use a range of personal data as part of running our business. Some examples are as follows:
Data category | For example |
|---|---|
Identity and contact details | Name, title, address, email, phone, date of birth, gender, language, tax identification number, passport or driving licence details, nationality, country of residence, signature, where relevant demographic details about you |
Business details | Business role, signatory information, business customers and advisors, information about your goals and objectives. |
Financial information | Information about your financial position, including financial statements, credit history and credit worthiness, source of wealth |
Screening information (e.g., for customer due diligence) | Passport or driving licence details, residence and nationality information, bank or utility statements, names and information about beneficial owners, officers, directors, shareholders, guarantors, and other associated persons (including family). Other details relevant to customer due diligence (e.g., further information on individuals’ sources of wealth or employment, criminal history, adverse media, or information as needed to determine potential PEP or sanctions exposure). |
Transaction details | Names of sender and recipient or beneficiary, amount, account information, date, payment country jurisdiction, other payment-related information, fraud report details. |
Information from our interactions with you | Written, audio and/or visual information collected during communications with you regarding our products or services, including calls and chats online or over the phone. Your interactions with us on social media (e.g., LinkedIn, Facebook or X). Health and safety related information if you visit us in person (e.g., if you have an accident). |
Events-related details | Dietary requirements and any food allergy information, additional accessibility or communication requirements, client entertainment details, access control, CCTV imagery. |
Information about how you use our products or services | Information collected or inferred from your use of our products and services, including from our online websites or applications. Your feedback about our products and/or services. Information in relation to enquiries, complaints, disputes and/or investigations concerning or involving you. |
Public information about you | Information found on public registers, or in public sources such as newspapers, the internet, and/or public sections of social media. |
We usually obtain personal data directly from you. For example, this can occur when you contact someone in our business, fill out details to apply for a product, or attend an event that we hold.
However, we may also collect personal data from other sources (i.e., not directly from you). For example, if a business you are involved with enquires about our products or services, they may also provide information about you. Data collected indirectly may concern you, your business, partners, directors, shareholders, persons with significant control, guarantor(s), security providers beneficial owners, directors of associated businesses, and/or directors of intermediaries or other suppliers.
We may also decide to use personal data obtained from other sources, such as:
(public) registers containing your personal data, like Companies House
public sources such as newspapers, the internet, and/or public sections of social media accounts (we do this, for example, because we need to able to investigate fraud or other criminal acts)
public information regarding individuals or entities subject to sanctions, or
files of other parties who have collected personal data about you, such as intermediaries, external marketing firms or credit agencies.
If we want to process your personal data, we must have a “lawful basis” under data protection laws. This means that we may only use your personal data for one or more of the following reasons.
Contract
We may process your personal data where necessary to perform or take steps to conclude a contract involving you. For example, we may need to use your personal data where you are a contact person, partner, director, shareholder, managing director or beneficial owner of a business that has or wants to contract with us. We may also need to use your personal data if you are a representative of a supplier or an intermediary involved with a contract.
Legal obligation
We may process personal data where this is necessary for us to comply with laws or regulations applying to us. For example, we have legal obligations to record personal data relating to our clients and sometimes provide it to others. In particular:
We have to take steps to prevent and combat fraud, tax evasion, terrorist financing and money laundering. These steps may include asking you and your related individuals to provide proof of identity so that we know who you are.
We have legal obligations under the Money Laundering Regulations 2017 and related legislation, and other laws that require us to keep personal data.
Law or regulation may also require us to provide personal data to certain organisations. Examples may include law enforcement agencies, government entities, tax authorities or regulatory bodies around the world.
If we are under a legal obligation to record or use your personal data, we are required to do so (whether or not you are a client of ours). For example, we must check whether the individuals involved with clients and/or their representatives are genuinely who they say they are. In addition, we must keep a record of personal data items for all partners, directors and signatories.
Legitimate interest of ABN AMRO or others
We may process your personal data if we have a legitimate interest in doing so. In such case, we must be able to demonstrate that our interest in using your personal data outweighs your right to data protection. Read more about how this balancing process works here .
A few examples where we may rely on legitimate interest include:
protecting the property and personal data of you, us or others, and ensuring the security and safety of our business, staff and systems
protecting our financial position (for example, by undertaking financial risk assessments), your interests and/or the interests of other clients (for example, in the event of an insolvency)
detecting and protecting against fraud so that we and our clients do not suffer losses
organising and running our business efficiently (for example, by centralising our customer and business systems, making use of service providers, and conducting research)
improving our business, services and/or products, or
marketing our business, services and products to clients and others.
Please note that we may use personal data on the basis of our legitimate interest even if you (or your business) do not have a contract or direct relationship with us – for example if the processing may help us to prevent against fraud.
Where we rely on legitimate interest, you are entitled to object to that processing (see the below section “What rights do you have over your personal data?”). Please note that objecting doesn’t necessarily mean we are required to stop the processing – this will depend on all the circumstances, including the nature of processing and the interests involved.
“Recognised” legitimate Interest
In addition, we have the right to use your personal data if we have a “recognised” legitimate interest which permits us to process data for pre-approved purposes without a balancing test. These purposes include (among other things) crime detection and prevention, making disclosures requested by a person performing a task in the public interest laid down in law, and safeguarding vulnerable individuals.
You have the same rights to object to the processing as for “normal” legitimate interest processing.
Performance of a task carried out in the public interest
In some cases, we may process your personal data if it is necessary for the performance of a task carried out by us in the public interest (or under an authority vested in us). For example, this “public interest” lawful basis applies to customer due diligence activities we carry out in accordance with anti-money laundering regulations that are necessary to prevent money laundering, terrorist financing or proliferation financing.
As for legitimate interest, you can raise an objection to processing carried out on this basis.
Consent
We may rely on your consent to use your personal data. We do not usually rely on this ground but may do so in rare cases.
Before you give consent, we recommend that you carefully read the information we provide about the use of your personal data. If you have given consent and you want to withdraw this consent, you can do that very simply - although this may impact certain services or processes used by you (e.g. apps) if these rely on your consent.
Please note we do not need to ask for your consent if we rely on another lawful basis (as described above).
However, one area where we will ask for your consent includes “cookies” use in our websites and applications. To learn more, please visit our Cookie Policy.
Vital interests
In very rare cases, we may use personal data where necessary to protect the “vital interests” of an individual. This will normally involve acting to protect the health and safety of an individual in an emergency situation (for example, if someone suffers a medical event while at our offices).
Additional conditions for processing special category data
Occasionally we need to process special categories of personal data. In these cases, in addition to a “lawful basis” above, we are required to meet separate, extra conditions set out in data protection laws. For example, these extra “special category” conditions can include processing that:
you have given your explicit consent to
is necessary for reasons of substantial public interest set out in law (for example, in certain cases to prevent, detect or investigate unlawful acts), or
is necessary for establishing, exercising or defending legal claims.
We use your personal data to help make our operations and our services as effective, reliable and efficient as possible, to comply with law and regulations, and to take other actions we think necessary or in our interests. We may also use your personal data for other purposes compatible with these purposes (below we discuss how we determine this).
The following table sets out some of the most common purposes for which we process personal data and the lawful basis that we may rely on.
Purpose | For example | Lawful basis |
|---|---|---|
Entering into and managing our relationship with you | To assess and understand your business, its financial risks, opportunities and needs, and undertake client acceptance activities. To identify and conduct customer due diligence (or “know your client”) activities on your business and associated individuals (e.g., beneficial owners, officers, directors, shareholders, persons with significant control, guarantors). To form an agreement with you, and to perform our obligations or exercise our rights under this agreement. To liaise with intermediaries, representatives or agents in relation to our agreement with you, or our relationship. To carry out financial and credit risk assessments and management, monitor exposures, and manage debt recovery and insolvency situations. To manage our ongoing relationship with you, and handle requests, enquiries and complaints. | Contract; Legal obligation; Legitimate interests; Task carried out in the public interest |
Providing banking products and services | To provide corporate banking, lending, and other banking products and services, and respond to your requests. To process payments (including by sharing required payment information with other banks and payment providers) and to investigate failed, delayed or misdirected payments. To advise, communicate with you and act on your instructions regarding our products and services. | Contract; Legal obligation |
Detecting and preventing financial crime, security and integrity risks | To detect, investigate and prevent fraud, money laundering, terrorist financing, sanctions violation and other financial crime risks. To exchange financial crime related information with other banks and firms (e.g., those also subject to anti-money laundering obligations) for financial crime prevention purposes. To report unusual or suspicious transactions. To help ensure the security and integrity of the bank, you and the financial sector. | Legal obligation; Legitimate interests; Recognised legitimate interest; Task carried out in the public interest |
Complying with legal and regulatory obligations | To provide information and take steps for compliance with banking, financial, tax and other applicable laws and regulatory requirements. To record telephone calls and communications between clients and advisers (as required by MiFID II). To respond to requests and investigations from regulators, tax authorities and law‑enforcement bodies. To take steps to support compliance with policies and requirements applicable to the wider ABN AMRO group. | Legal obligation; Legitimate interests; Recognised legitimate interest |
Improving and protecting our business, products and services | To research and analyse our business, the market, and economic and wider trends, including how products and services are used. To test, develop and improve our products and services, and our internal operations. To carry out issue identification, internal audits and fixes, in respect of our business, products and services. To facilitate investment in or sale/transfer of parts of our business. To test and use artificial intelligence to improve the efficacy of our internal systems and business processes. | Legal obligation; Legitimate interests |
Providing marketing and holding events and/or meetings | To inform you about products, services, events or insights that may be relevant to you. To manage your marketing preferences and opt‑outs. To collect, use and share personal data in order to host speakers, events or meetings. To keep individuals in our care safe, including by responding in case of an emergency. To maintain records of visitors, office guests/family events. | Legitimate interests; Consent (where required); Vital interests (where relevant) |
Protecting our premises, systems, staff and data | To protect the property and personal data of you, us or others, and to ensure the security and safety of our business, staff, and systems. To manage access to, and the security and safe use of, our systems and premises. To use CCTV in and around our premises to ensure safety and security. | Legal obligation; Legitimate interests |
To host and provide online services | To monitor use and manage access to our websites, applications and other online tools. To facilitate the use of cookies and similar technologies to provide, analyse, ensure the security of, and optimise the use of our websites, applications and online tools. | Contract; Legitimate interests; Consent (for optional cookies) |
To organise and run our business efficiently | To share personal data within our group companies and branches (e.g., to centralise our customer and business systems, to improve services, to provide products or services, as required by law, or to ensure the integrity of our business). To share personal data with suppliers and intermediaries to support our internal operations and/or delivery of products and services. | Contract; Legal obligation; Legitimate interests |
Handling complaints, claims and disputes | To allow us to respond to and investigate complaints or disputes, and to manage, establish, exercise or defend legal claims. | Legal obligation; Legitimate interests |
We describe some of the above activities in more detail:
Camera images, telephone calls, chat messages, video sessions
If you visit us, we may capture images of you on camera. We do this for security purposes. We may also record your telephone calls with us. We do this for the purpose of improving our services or because of a legal obligation and for the prevention and detection of crime. We handle video and audio recordings with due care. They are subject to the same rules as other personal data. You may exercise your rights, such as your right of access, in relation to these activities – see the section “What rights do you have over your personal data?” below.
Social media
We use social media channels to publicise our organisation, products and/or services with clients, users of portals and visitors to the website. We do this so that we can offer useful, relevant information and/or answer questions we receive through social media. We use the internet and social media channels, such as LinkedIn and X, for this purpose.
Monitoring browsing on our sites (including via cookies)
We may monitor surfing behaviour for a variety of reasons, e.g.:
to provide you with personalised information about our services and products
to analyse data for research purposes
to help improve our website
for security purposes, or
to help manage customer relationships.
Please see our Cookie Policy to learn more about how we use cookies with our online services, and your right to withdraw consent to their use for certain purposes. To change your use of cookies you can access the “Cookie settings” tab in the footer of our website pages.
We may use your personal data for a different purpose than that for which it was initially collected. However, the new purpose must be in line with the original purpose. This is called ‘compatible use of data’ in the law. The law does not say exactly when a use is compatible, although it does provide pointers:
Is there a clear connection with the purpose for which the personal data was initially collected? Is the new purpose appropriately related to the initial purpose?
How was the personal data initially obtained? Was the personal data obtained directly from you or in another way?
Exactly what kind of personal data are we talking about? Is the personal data sensitive or less sensitive?
How would you be affected? Would you benefit, suffer or neither?
What can we do to best protect your personal data? Examples include anonymisation, masking or encryption.
Yes. We may share your personal data within our group in the UK and abroad for certain purposes. For example, these may include internal back-office purposes, to improve our services to you, to provide you with information on other relevant products and services within our group, because the law requires this, or to take steps to protect the security and integrity of our business (for example fraud prevention activities).
For instance, if your business applies for a product offered by one part of the ABN AMRO group, we may need to know if it already receives products from another member of our group. Other members of the ABN AMRO group may also contact you with information on other relevant products and services.
Depending on the use, you may be able to object to our use or ask that your personal data is deleted – see the below section “What rights do you have over your personal data?”
However, if we need the personal data to conclude or perform a contract, we won’t be able to enter the contract if you refuse to provide that personal data. If the contract already exists, we may have to terminate the contract meaning your business will stop being able to receive relevant services from us.
Likewise, we are entitled to keep certain personal data, even if you would like us to delete it. For example, we may keep such data because it is needed for the performance of a contract or because we are required to keep this data by law. We may also have a legitimate interest to keep this data.
There are situations in which we need to provide your personal data to other people and entities involved in the provision of our services. These may include the following:
Our service providers
We work with other businesses that help us with our services, such as companies that develop IT tools and applications. Typically these companies only process personal data on behalf of us. In these cases, we reach clear contractual agreements on how they will use your personal data and we continue to be responsible for their processing.
However, sometimes service providers also process personal data for their own purposes. When doing so, they are required to also comply with data protection law and will be responsible to you for their activities. For example, a service provider may have a direct relationship with you for some purposes, even though they are also involved with services or products we provide.
Likewise, we may engage parties who provide specialised professional services, such as lawyers or accountants. These parties will be responsible themselves for the use of personal data.
Intermediaries
We also work with intermediaries who introduce clients and business to us. Such intermediaries process your personal data and are responsible for how they use your personal data. Please visit the relevant intermediary's website to find out how it handles personal data.
Competent public authorities
Our supervisory authorities, law enforcement agencies, government entities, tax authorities or regulatory bodies around the world may ask us to provide data relating to you. The law specifies when we are required to provide this data.
Purchasers
If we propose to transfer a contract (between you and us) to a potential buyer or investor, we may share personal data to facilitate decision-making about and entry into any agreement for the proposed transfer. We may do this, for example, if we want to sell your loan – enabling the other parties to make decisions about and for the transfer. Or if we are selling a business unit of ABN AMRO and sharing data allows other parties to make decisions about the acquisition. This is within our legitimate interests and allows any such transferee to meet their legal requirements.
Please note that when your contract is transferred as a result of a sale or acquisition, the transferee will normally be the new data controller in relation to personal data it processes about you.
Other banks or entities involved in payment transactions
We only provide necessary personal data to other banks or parties in the payment chain involved in payment processing. These parties are themselves responsible for the use of your personal data.
In certain cases, we may use profiling. Under data protection laws, the term “profiling” refers to automated processing of personal data to evaluate certain things about individuals and can apply to a broad range of legitimate activities.
For example, sometimes it is necessary before we can enter into a contract with you, because we have to comply with the law or because we want to represent your interests or the interests of someone else. Below you will see examples of profiling.
Fraud prevention
We have extensive knowledge and experience in fraud prevention. Unfortunately, we face increasingly sophisticated forms of fraud. We can take measures to prevent fraud as best we can, including the use of profiling. For security reasons, we cannot go into detail about the measures to be taken.
Unusual transactions
As a financial services provider, we have to comply with anti-money laundering laws and related laws designed to prevent financial crime. We therefore pay special attention to unusual transactions and those that by their “nature” carry a higher risk of money laundering. To do this, we need to create and maintain a risk profile of the client’s business and of those individuals who operate on behalf of the business or may provide guarantees or other securities in support of the business. If we suspect that a transaction is connected with money laundering or terrorist financing, we will report this to the authorities.
Client and product acceptance
How do we use profiling when someone wants to purchase a product and during the term of the product? For example, suppose you contact us on behalf of your business to use our products and services:
We carry out a risk assessment. We do this for new clients and also for existing clients who want additional products. We know from experience that certain behaviour or characteristics of individuals representing a business can be important in order to assess whether a given product can be offered or not.
Individuals representing a business which normally meets its financial obligations may share some characteristics. These characteristics are used as a basis for creating a profile.
We review your profile and assess how likely it is that your business or your guarantor(s) will be able to meet their obligations.
Direct Marketing
We also use analytics and profiling (including the use of cookies on our website(s)) to direct our marketing strategies. We may use profiling on potential and existing clients to identify how they like to be contacted for marketing information on our products and services. Where we don’t have a contract with you, we check whether our marketing and use of your personal data is allowed in the circumstances.
We do not normally use automated decision-making in relation to our UK activities.
Automated decision-making is the process of making a decision about an individual by automated means without any meaningful human involvement. The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has more information about this on its website: Automated decision-making and profiling | ICO.
If we do apply automated decision-making that has legal consequences for you or affects you significantly, we will clearly indicate this in advance. We will let you know what rights you have, for example the right of receiving an explanation of the automated decision, the right to let us know your point of view, the right to challenge this decision and the right to human intervention. You may find this more detailed information about the use of your personal information on our websites or other documents when you apply for a particular product or service.
We are constantly looking for more efficient, safe and reliable technologies that support us to offer our products and services to you or to better comply with the law, or with what our regulators expect from us.
As such, we may use artificial intelligence (AI) in certain areas, for example to personalise our products and services or to optimise and automate our internal processes. When we want to use new technology such as artificial intelligence, we always first test whether the use is necessary to work better and more efficiently and whether the use complies with the law, is ethically and socially responsible and reliable.
We do our utmost to protect your personal data as much as possible:
We invest in our systems, procedures and people on an ongoing basis.
We make sure that our working methods are appropriate to the sensitivity of your personal data.
We train our people to handle your personal data securely.
Precisely because of your security, we cannot go into detail about the exact measures we take. But you may have come across some of procedures we use to protect your personal data, such as:
the security of our online services
establishing who you are in two steps (authentication)
control questions when you call us, and
requirements for sending confidential documents.
Security is our shared priority. If, for example, you encounter breaches in our security, you can report them to us confidentially through our website.
Most of our clients operate in the UK or the European Economic Area (EEA), which both share highly protective data protection laws.
However, personal data is sometimes processed outside the UK or the EEA. Unless it occurs in countries recognised by authorities as having similarly strict or “adequate” data protection rules, additional rules will apply to that processing.
Sharing personal data within the ABN AMRO group
We may share personal data outside the UK and EEA, within our corporate group. We do this based on our internal policies, the Binding Corporate Rules (BCRs). These are published on our website and are periodically amended as required by laws and regulations. These have been approved by the Dutch Data Protection Authority.
Sharing personal data with other service providers
We may occasionally share personal data with other companies or organisations outside the UK or EEA, for instance in the context of an outsourcing agreement. In that case, we will ensure that personal data is transferred in accordance with relevant data protection laws, usually by putting in place appropriate contractual protections (e.g., standard data protection clauses approved by the ICO) and/or additional requirements providing protection to an equivalent standard as in the UK or EEA (unless “adequate” data protection rules already apply). Where relevant, you can request a copy of those contractual protections or other safeguards by emailing our UK Data Privacy Officer.
International payment transactions and cross-border investing
Sometimes our clients make use of our international financial services, for instance to transfer money abroad or to hold investments abroad through us. In such situations, foreign parties, such as local supervisory authorities, banks, government bodies and/or investigative authorities may ask us for personal data – for instance so that they can carry out an investigation.
We keep personal data for as long as is necessary to achieve the purpose for which we have the data or as otherwise required by law.
UK data protection laws (such as the UK GDPR and Data Protection Act 2018) do not stipulate specific storage periods for personal data. Other laws, however, may specify minimum storage periods. If this is the case, we must observe these periods. Such laws apply, for example, in the areas of tax and financial undertakings, as well as complaints. We likewise have obligations to keep client onboarding and transaction information for specified periods.
If we become involved in a lawsuit or other legal proceedings, we may keep personal data so that we can make a case for our position. We may store this personal data in an archive until any claims have expired and legal proceedings can no longer be brought against us.
We use internal data retention frameworks to help prevent us keeping personal data for longer than is needed.
Below we explain key rights you may have under UK data protection laws. You can find out more about these rights on the ICO’s website: https://ico.org.uk/.
To exercise any of these rights you can contact the UK Data Privacy Officer at privacy@uk.abnamro.com
Right of objection (e.g., to profiling or direct marketing)
If we use your personal data on the basis of a “legitimate interest” (or of carrying out a task in the public interest), you have the right to object. You may not want us to use your personal data for profiling. Yet sometimes we may do so even if you object. For example, to fight fraud, manage risks or investigate unusual transactions. Of course, we comply with the law in doing so.
However, you can always object to the creation of a personalised customer profile for direct marketing purposes.
Likewise, if you no longer wish to receive offers for our products and services then you can unsubscribe at any time. You can also do this with every marketing message.
Rights to access, rectification, erasure, and restriction
You have the right to request an overview of all the personal data we use about you.
Are your personal data incorrect? If so, you can ask us to change your personal data.
You can always ask us to delete your personal data. However, we cannot always do this and we do not always have to. For example, if the law requires us to keep your personal data for longer.
You can also ask us to temporarily restrict the processing of your personal data. You can do this in the following cases:
You think your personal data is incorrect.
We are using your personal data incorrectly.
We no longer need your personal data, but you still need it (e.g. after the retention period) for the establishment, exercise or substantiation of a legal claim.
When you object (under the right to object described above).
Right to data portability (right to transferability of personal data)
Would you like to have the personal data you have given to us that we automatically store? You can, but only if we process your personal data on the basis of your consent or on the basis of the agreement we have concluded with you directly as an individual (as opposed to a business you act for). This is called ‘data portability’.
The right to complain
If you are unhappy with how we process your personal data, you have the right to complain to the ICO – see the section immediately below.
Please contact us if you have any questions about the Privacy Statement. You can do this by contacting the UK Data Privacy Officer at privacy@uk.abnamro.com. We will be happy to help you.
You can also contact the UK Data Privacy Officer if you have a complaint about how we have handled your personal data or wish to exercise any of the rights described above.
Additionally, you can take your complaint to the UK’s data protection regulator, the ICO, if you are unhappy with our response or you don’t believe your complaint has been resolved within a reasonable period. You should raise your concerns with the ICO within 3 months of your last meaningful contact with us. The ICO can be contacted via their website or by telephone on 0303 123 1113.
We may update this Privacy Statement from time to time, including in order to respond to changes in the law - or to make changes to our services or products - where this may affect the way we use your personal data. In these cases, we will inform you accordingly (which may include by notice on our website(s)).
In this Privacy Statement, unless the context requires otherwise, references to:
“EEA” mean the European Economic Area
“Group DPO” mean the ABN AMRO Global Group Data Protection Officer
“ICO” mean the Information Commissioner’s Office, the data protection regulator for the United Kingdom
“UK GDPR” mean the General Data Protection Regulation ((EU) 2016/679) insofar as it forms part of the laws of England and Wales, Scotland, and Northern Ireland, including as amended from time to time
“we”, “our”, and “us” are to ABN AMRO Bank N.V., UK Branch, and
“you” are to the individual reading this Privacy Statement or to whom this this Privacy Statement is intended to apply.