15 March 2020
Everything you need to know about cookies
What are cookies and similar technologies?
Cookies are small text files that we place and read on your computer, tablet or mobile phone when you use ing.be (and our online applications (apps), such as ING Smart Banking). They contain unique codes that ensure that you as a user are recognised on your next visit to these pages. This enables us to improve our website and apps while still ensuring your privacy.
A list of the cookies used by ING can be found on https://www.ing.be/assets/documents/cookies-info-en.pdf.
How can you as a user manage ING cookies and similar technologies?
1) ING asks you which cookies and similar technologies you want and requests your consent.
You choose which cookies you want to receive. The only cookies that you cannot refuse are the basic cookies (see: What are the 3 different levels of cookies used by ING?). You can accept/refuse the other two levels of cookies (commercial and marketing) by ticking them or not ticking them in the pop-up window on your very first visit to ing.be. You save and confirm your choice regarding which cookies you want to receive/refuse by clicking on ‘Accept cookies’.
2) You can also delete cookies or accept/refuse other levels of cookies if you change your mind.
Do you want to change your cookie preferences? You can change your choice at any time by deleting cookies using your browser’s internet options and visiting ing.be again. We will then ask you again about your cookie preference.
How can you change the settings of the most common browsers? You can adapt your personal preferences regarding cookies via the settings of your browser (e.g. Internet Explorer, Firefox or Chrome) and of your device (e.g. tablet, computer or smartphone).
Deleting cookies in Internet Explorer: Go to Tools > Internet options > General tab. Under Browsing history, click “Delete”. You may not want to delete everything. In any case, make sure that “Cookies” is ticked when you click “Delete”.
Deleting cookies in Firefox: Go to Tools > Options > Privacy tab. Click on “Clear your recent history”. Under Details you can choose exactly what to clear. In any case, make sure you tick “Cookies”. You can also indicate how old the cookies must be. Here choose “Everything”.
Deleting cookies in Chrome: At the top right, go to More > Settings. Scroll down to the bottom and click on “Advanced”. Then go to Site settings in Privacy and security. Click Cookies > See all cookies and site data > Remove All. Confirm by clicking “Clear all”.
3) Can other websites still show me personalised ING advertisements even if I have not consented to ING’s marketing cookies?
Yes, that is still possible. If you have given your consent to other websites or social media platforms for their cookies or similar technologies, they may place ING advertisements which they believe may be relevant to you on the basis of their selection criteria. These cookies are managed entirely by these other websites or social media platforms and are a protected environment as far as ING is concerned. You should therefore manage your consent to cookies and settings on that website or platform. Details of how to do this can often be found on the website itself, or you can apply the method as described in You can also delete cookies or accept other cookies if you change your mind.
How long do cookies last?
Temporary cookies are stored in your browser for a limited period. These are erased automatically when you close your browser. In Home’Bank, for example, we use temporary cookies. These temporary cookies are called “session cookies”. Session cookies are stored on your computer temporarily. They are erased immediately when you log out or interrupt the connection.
Persistent cookies remain in your browser until their expiry date unless you remove them yourself using your browser’s internet options.
You can find details of how long each cookie is stored on your browser in the summary table below in the section Which cookies and similar technologies are used by ING?
What are the 3 different levels of cookies used by ING?
ING distinguishes between 3 types of cookies:
1. basic cookies
2. commercial cookies
3. marketing cookies
1. What are basic cookies?
Basic cookies cannot be adapted because they are vital for making the website function properly and for offering you the best possible user experience. They are essential for ensuring that the website works properly.
With these basic cookies:
- we make sure that your display and other technical settings are correct
- we remember your preferences, such as your language
- we avoid you having to make the same choices again every time you visit our website. For example, we can enter some of your login details for Home’Bank automatically
- your visit is tracked in a database, which allows us to measure and analyse the use of our pages and thus improve their content. For instance, basic cookies show us which pages on the website are visited the most, help us to record any problems with the website and let us see whether the content of our pages is effective or not. We use this information to analyse the traffic on the website, but we do not examine this information for the purpose of identifying an individual person. These cookies enable us to understand the general pattern of usage of the website.
Who installs and manages basic cookies?
ING installs the basic cookies on your computer and manages them as well. For this reason, cookies of this type are also called “first-party cookies”. In the case of first-party cookies, ING is the 'data controller'. The data controller (DC) is the company that determines for what purposes and how personal data is processed. Some basic cookies are generated in collaboration with a partner (such as companies that provide technology to analyse (web)pages); these are then called “third-party cookies”. The data are managed by the external party, but none of the data can be used by anyone but ING. These external parties are also referred to as 'data processors' of ING. At the request of ING (data controller or DC), they will process the personal data as data processors (DP).
2. What are commercial cookies?
‘Commercial cookies’ are intended to manage the content and advertisements on our own website. These commercial cookies take account of your personal browsing behaviour on our own pages and/or other customer data from our database. These cookies provide personalised content and advertisements on our website.
We use these commercial cookies in order to:
- improve the content and user experience of our website
- link you securely, as an identified ING customer (e.g. after logging into Home’Bank or ING Smart Banking), to your personal data in our database. To make our website relevant to you, we can also add a limited set of data from our database to your cookies (such as type of customer, age group, gender, products or services that you already have, etc.)
- make our website relevant to all visitors, both customers and non-customers, because we can display information and advertisements based on the browsing behaviour of our visitors. For example, we can check which pages you have browses before, what you click on, which online applications you begin and whether or not you complete them, etc. For instance, we will note that you have interrupted your online application for a credit card. On your next visit to ing.be we can ask you if you want to continue your application
- avoid showing you information or advertisements on our pages that are not relevant to you. For example, we will only show you information about motorcycle insurance if we know that you do not currently have this with ING.
- we measure the effectiveness of our online campaigns and the response to them from our target audience. For example, we examine the characteristics of those who have clicked on our campaign (e.g. average age), how many people have bought the advertised product, and so on.
What if you refuse these commercial cookies? Then you will still see advertisements from ING. But these advertisements will not take your browsing behaviour and/or other customer data into account.
Who installs and manages commercial cookies?
ING installs the commercial cookies on your computer and manages them as well. For this reason, cookies of this type are also called “first-party cookies”. In the case of first-party cookies, ING is the 'data controller'. The data controller (DC) is the company that determines for what purposes and how personal data is processed. Some commercial cookies are generated in collaboration with a partner (such as companies that provide technology to analyse websites). These are called “third-party cookies”. The data is then managed by the external party but can only be used by ING. These external parties are also referred to as 'data processors' of ING. At the request of ING (data controller or DC), they will process the personal data as data processors (DP).
3. What are ‘marketing cookies’ and similar technologies?
‘Marketing cookies’ and similar technologies, such as pixels and encrypted e-mail addresses (or ‘hashed e-mails’) are intended for placing advertisements on your social media and other third-party websites. These marketing cookies take account of your personal browsing behaviour on our own website, other customer data from our database and/or your personal browsing behaviour away from our website (such as your social media or other websites).
As previously described, the use of marketing cookies may be supplemented with similar technologies, such as pixels and encrypted e-mail addresses (see: What do we mean by similar technologies?).
We use these marketing cookies and similar technologies in order to:
- install pixels, for example, on our own website so that you can see advertisements on your social media that are tailored to your interests. Our aim is to provide you with an online offering and user experience that is better suited to you, even away from ing.be. This means that you can avoid the standard advertisements that everyone sees.
- ensure that our advertisements on your social media and/or other third-party websites are relevant and personal. For this purpose, we share your encrypted e-mail address with these platforms so that the companies with which we collaborate can display our campaigns when you visit their websites or social media platforms.
- place relevant advertisements on your personal social media pages. For example, if you look for travel insurance on ing.be but decide not to take out a policy yet, you may see an advertisement about the benefits of ING travel insurance on your social media.
- customise our website based on data about your browsing behaviour on third-party websites with which ING collaborates. For example, if we are informed by a real estate website that you are looking for a new home, this may mean that you are shown a campaign for an ING home loan.
- avoid showing you the same advertisements and promotions every time that are not relevant to you.
- measure the effectiveness of our marketing campaigns on other websites. For example, we examine what the characteristics are of the people who have clicked on our campaign (e.g. average age), how many people have bought the advertised product, and so on.
Of course, we only use these marketing cookies if you have given us your consent to do so. If you have consented to the use of marketing cookies and similar technologies, ING may use them to send certain data to an external party (such as an advertising agency) if ING wants to launch a campaign on a third-party website.
What if you refuse these marketing cookies? Then you will still see advertisements from ING. But these advertisements will not take account of your browsing behaviour and/or other customer data.
Who installs and manages marketing cookies and similar technologies?
Marketing cookies and similar technologies can also be installed by external parties with which we collaborate, such as advertising agencies or social media platforms. For these purposes, ING authorises these external parties to install a cookie on our website. These “third-party cookies” also collect information about the use of our website. They do this during your visit to our website and ensure that our website sends certain data to a platform belonging to this third party. This data is then used to display more relevant information to you on the third-party website. The data is managed by the external party but can only be used by ING. These external parties are also referred to as 'data processors' of ING. At the request of ING (data controller or DC), they will process the personal data as data processors (DP). An external party can also install cookies or similar technologies itself on its own platform or website. You can only accept/refuse these cookies via that platform. (See: Can other websites still show me personalised ING advertisements even if I have not consented to ING’s marketing cookies?)
What do we mean by similar technologies?
Similar technologies that we use at ING are pixels and encrypted e-mail addresses (also known as ‘hashed e-mails’).
What are pixels and how do we use them?
A pixel is the smallest part of an image. Just like cookies, we can use pixels to collect information about visitors and their online behaviour on a page belonging to ING or an external party with which we collaborate. This is done using a tracking code linked to the pixel.
A pixel will only be activated if a user browses a page where a pixel has been installed and, unlike a cookie, a pixel will not be stored anywhere. So, in order to identify a visitor to a website, a cookie is required alongside a pixel since the former may contain identification information relating to the user of the website.
If, as a visitor (i.e. both ING customers and non-customers), you respond to an online advertisement and/or visit a website, the tracking code of the pixel(s) in this advertisement or website is retrieved. This enables us to work out how many visitors show an interest in an online advertisement and/or website, so we can measure the interest and user reach of our online campaigns. For example, if you click on an ING advertisement on your social media or another website, this usually directs you to an ING page with more details about the product or service in question. The pixel tells us which website/platform you were browsing when you clicked on the ING advertisement.
Thanks to pixels, we can optimise both our website and other websites and social media using your user profile and make the respective content relevant to you. For example, because you have shown an interest in a specific product on an ING page, we can display more relevant advertising to you on your social media.
What do we mean by encrypted e-mail addresses (‘hashed emails’)? ‘Hashing’ is a form of encryption. In the case of a hashed e-mail address, the e-mail address is transformed into a unique code that cannot be converted back into the original code. An encryption algorithm converts e-mail addresses into a hexadecimal string of numbers and letters so that every e-mail becomes an unrecognisable jumble of numbers and letters. This code cannot be traced back to the e-mail address. To identify the user of the third-party website, the e-mail address obviously has to be verified. As ING has locked this information, you will not run the risk of your data being identifiable if the third party’s database is hacked. The address is hashed and therefore remains unrecognisable. Of course, ING can only do this if your e-mail address is known to us and you have consented to the use of marketing cookies and similar technologies.
What about your privacy?
We respect your privacy and only use commercial and marketing cookies if you have given us your explicit consent to do so, in accordance with European regulations (GDPR - General Data Protection Regulation). More information about the processing of your personal data by ING in Belgium can be found in ING’s Privacy Statement (PDF) .
Via ing.be, ING Home’Bank, Business’Bank or ING Smart Banking (app), mentioning that your request relates to “privacy”
• Contact your local ING branch, your account manager, your personal or private banker
• Call us on +32.2.464.60.04
• Send an e-mail with the subject “privacy” to firstname.lastname@example.org.
If you do not agree or if you have a complaint with regard to the processing of your personal data, you can send your request with the reference “privacy” by:
• Post: ING Belgium, Complaints management, Sint-Michielswarande 60, B-1040 Brussels
• E-mail: email@example.com / firstname.lastname@example.org
• Post: ING Privacy Office, Sint-Michielswarande 60, B-1040 Brussels
• E-mail: ing-be-PrivacyOffice@ing.com
If you contact us, we are obliged to identify you correctly. We may therefore ask you to visit an ING branch in order to be properly identified. We may also ask you to present a valid identity card or passport.
What if you are not satisfied with our response to your complaint? You can always contact the Belgian Data Protection Authority (DPA). You can contact the Belgian Data Protection Authority by e-mail: email@example.com or by post for the attention of the Data Protection Authority, rue de la Press 35, 1000 Brussels.