16 April 2018
Mobile privacy statement
General and specific provisions related to ING Smart Banking
ING Belgium SA/NV respects the privacy of all private individuals, including that of the user and of any customer on whose behalf the Smart Banking agreement is concluded and who is the holder and/or joint holder of the account(s) accessible and managed via the Smart Banking services, as well as that of any other individuals concerned, in accordance with prevailing legislation.
The data processor for personal data relating to the individuals concerned is ING Belgium SA/NV, avenue Marnix/Marnixlaan 24, B-1000 Brussels (e-mail: firstname.lastname@example.org).
The personal data relating to individuals notified to ING in the context of entering into or implementing the Smart Banking agreement, particularly in the context of using the Smart Banking services, are processed by ING for the purposes of centralised customer management, managing accounts and payments, marketing (including research and statistics) of banking, financial (including leasing) and insurance services (unless the individual concerned objects), obtaining a profile of the customer, monitoring the legality of transactions and preventing irregularities and, if appropriate, credit facilities, asset management (investments) and brokerage services (including with regard to insurance and/or leasing).
Data relating to individuals managed by intermediaries (independent agents or brokers) of ING, including those relating to their financial transactions, is also processed by ING to ensure compliance by these intermediaries with their legal, regulatory (including resulting from a FSMA circular) or contractual obligations, including any duty of exclusivity towards ING.
Data provided at the initiative of individuals to other ING Group companies based in an EU Member State is processed by these companies in accordance with the information on the protection of privacy provided by them.
This data is not intended to be divulged to third parties other than the persons designated by the individual concerned, companies whose intervention is useful or necessary (including, for Payment Transactions, SWIFT SCRL and MasterCard Europe SPRL and, for Transactions involving financial instruments, ProCapital SA) in fulfilment of one of the purposes referred to above or the ING Group companies based in an EU Member State in fulfilment of one of the purposes referred to below.
It may also be transferred to non-EU countries, that may or may not provide an adequate level of personal data protection (for example, SWIFT SCRL archive US payment data, which is subject to US legislation). ING shall, however, only transfer data to non-EU countries that do not provide an adequate level of protection in the cases laid down in the Data Protection Act of 8 December 1992, for instance where data protection is assured by appropriate contractual provisions.
The individuals concerned consent to the exchange of data concerning them among companies – existing and to be created – of the ING banking and insurance group based in an EU Member State.
The ING Group in the EU is a group of companies with activities in banking, insurance, leasing, asset management and/or an activity following on from those activities. This data exchange is intended to enable participating companies to carry out centralised customer management, to have a profile of the customer, to carry out studies, to compile statistics and/or to undertake marketing campaigns (except e-mail advertisements and unless opposed by the individual concerned), to offer and/or to provide the aforementioned services, and to monitor the legality of transactions (including the prevention of irregularities). Any individual may ask ING for an updated list of ING Group companies based in Belgium or in an EU Member State participating in this exchange of data. These companies guarantee a high level of protection for the personal data exchanged and are obliged to exercise discretion as regards this data.
The legal or administrative authorities or the supervisory bodies, in Belgium or abroad – in the US, for example – may in certain cases provided for by local legislation or regulations (in particular to prevent terrorism) require ING or any company to which the data ING has transferred the data in accordance with the foregoing, to disclose all or some of this personal data on individuals, such as data on Payment Transactions.
Any individual may access the data concerning him, processed by ING or another ING Group company based in an EU Member State and, if necessary, request that incorrect data be corrected or illegally processed data be deleted.
The individual concerned may object, at any time, on request and free of charge, to his personal data being processed for direct marketing purposes and/or withdraw his consent to his personal data being exchanged among ING Group companies based in an EU Member State for direct marketing purposes; this will be taken into account as soon as possible.
Racial or ethnic data or political, philosophical or religious data, or data concerning union affiliation or sexuality is not processed, unless it appears during payment transactions (for example, a payment order for fees to a political party).
Consequently, the individual concerned authorises this data to be processed in the context of carrying out payment transactions, in accordance with Article 6 of the Data Protection Act of 8 December 1992.
The groups of people with access to this data are ING staff members and, where applicable, staff members of other ING Group companies based in an EU Member State, who are responsible for processing payment transactions. If racial or ethnic data is evident from the data identifying the individual concerned (in particular surname, forename, address and nationality), the individual concerned also authorises the processing of this racial or ethnic data, in accordance with Article 6 of the Belgian Data Protection Act of 8 December 1992. The groups of people with access to this data are ING staff members and, where applicable, staff members of the other ING Group companies based in an EU Member State, responsible for fulfilling one or more of the purposes mentioned in points 1.2 and 1.3.
There is no legal provision making it compulsory to answer the questions asked by ING or another ING Group company based in an EU Member State, but not answering them may, depending on the circumstances, result in ING or another ING Group company based in an EU Member State being unable or refusing to enter into a (pre-) contractual relationship, to continue such a relationship or to carry out a Transaction requested by the individual concerned.
Personal data relating to the individual concerned is processed by ING and the other ING Group companies based in an EU Member State with the strictest confidentiality. However, as electronic communications networks, particularly the Internet, do not offer complete security, respecting privacy can only be guaranteed if the personal data is sent via communication channels expressly indicated by ING as being secure.
ING Smart Banking
When the User uses the Smart Banking services, the following personal data, called "environment variables", is sent to ING and recorded by ING via the User’s Apple IT system:
his/her TCP/IP address (identification number of the User’s IT system on the Internet network)
the makes and versions of the Apple IT system used (iPad, iPhone, iPod Touch, etc.) and operating system
the serial number of the Apple IT system used (UDID)
the type of Home’Bank services used by the User (Home’Bank or Home’Bank Plus)
the language used by the User.
This data is processed by ING so as to be able to take into account the aspects of the specific configuration of the User’s IT System so that he can be sent the web pages requested in the correct format. It is also processed to compile statistics for Smart Banking services and to ensure that the contents of these services are improved.