KBC Bank privacy

KBC Bank privacy

Your privacy is important to us.

Preliminary: the salient changes in this version of the Data Protection Statement

KBC Brussels would draw your attention to the most important changes in this Data Protection Statement of KBC Bank.

  • Addition with regard to how you can exercise your privacy rights at KBC Brussels (see 2.1, 2.5)
  • Clarification with regard to Kate (see 3.2)
  • Supplement to External valuations of real estate (see 3.3)
  • Addition with regard to personalised advertising and, in particular, with regard to Kate Coins and our partners (see 3.5.1)
  • Supplement to processors (see 5.2)

1. Part 1: To safeguard your privacy, we must work together

Your privacy is very important to us. Our aim is to process personal data in a manner that is lawful, fair and transparent. In this Data Protection Statement, we explain which of your personal data we collect from you as natural person and then process.

We define several categories of individuals whose personal data we collect and process:

 KBC Brussels customers Have entered into a contract with KBC Brussels for banking and/or insurance products such as a bank account or an insurance policy.
Platform users Have no customer relationship with KBC Brussels, but use the Additional services in the KBC Brussels Mobile app.
Prospects Are not KBC Brussels customers and may also not be platform users but may be linked to KBC Brussels , for example, as a stakeholder or beneficiary.
Owners of one or more immovable properties in Belgium They do not necessarily have a customer relationship with KBC Brussels, but own one or more properties in Belgium.

1.1. Data Protection Statement applicable to the processing of personal data collected by KBC Bank NV through an agent, a branch, KBC Brussels Live or the KBC Brussels apps or from other sources

We recommend that you read this information carefully, so that you know the purposes for which KBC Brussels may use your data. This data protection statement also contains more information about your data protection rights and how you can exercise them.

KBC Bank NV may make changes to this data protection statement. The most recent version is always available at www.kbcbrussels.be/privacy. KBC Bank NV will notify you of every all-important change to the content via its websites, Bolero Online, the KBC Brussels Mobile app, KBC Brussels Touch, the Bolero App or other communication channels.

We also recommend that you read the KBC Brussels cookie policy when you use one of KBC Brussels’s digital solutions, such as the KBC Brussels website or a KBC Brussels application. It explains what cookies are, which ones KBC Brussels uses, how you change your cookie preferences and how KBC Brussels protects your privacy. The cookie policy can always be found in the digital solution itself. For example, you can consult the cookie policy for the KBC Brussels website at www.kbcbrussels.be, at the bottom of the web page.

1.2. KBC Bank NV and the other members of the KBC Group take care in how they handle your personal data

KBC Bank NV is a bank with operations in Belgium and a number of other countries worldwide. KBC Bank NV’s head office is at Havenlaan 2, 1080 Brussels. KBC Bank NV is part of the KBC Group (also ‘KBC Brussels’ in the following), which is an ‘integrated bank-insurance group’, i.e. KBC Brussels is a group of companies that, through close cooperation, create and distribute banking, investment and insurance products, and provide financial services.

The KBC Group principally focuses on retail customers, SMEs and high net worth customers, and mainly operates in Belgium, the Czech Republic, Slovakia, Hungary, Bulgaria and Ireland. In addition, the KBC Group operates via companies and entities in a selection of EEA and non-EEA countries. KBC Bank has legal branches in various places including Germany, the Netherlands, France, Ireland and Italy. For example, outside the European Union, this concerns countries or cities such as the United Kingdom, the United States, China, Singapore and Hong Kong. These may have their own data protection statement, which differs from this data protection statement. KBC Brussels also works with parties outside the European Economic Area. You can read more about this in 5.7.

More information on the activities of KBC Bank NV and the KBC Group is available at www.kbcbrussels.be.

KBC Bank NV is the controller of personal data in the context contemplated in this data protection statement.

Aside from that, KBC Bank NV also processes personal data on behalf of other KBC Group entities, such as where KBC Bank NV acts as an intermediary for KBC Insurance or KBC Asset Management. In cases such as those, KBC Bank NV processes the data of customers, insured persons and beneficiaries under insurance policies and under employee profit-sharing bonus programmes of those other KBC Group entities. In so doing, it follows instructions issued by that other KBC Group entity, which acts as data controller.

KBC Bank NV also processes personal data together with other KBC Group entities as joint controllers. You can read more about this in 3.5

If there are good reasons for doing so, such as are explained in this part 3, KBC Brussels may also make data available to other KBC Brussels entities, whether in Belgium or elsewhere. Or it can process this data if it has been collected lawfully from another KBC Brussels entity (in Belgium or elsewhere), Naturally, this is only possible provided there is no legal impediment, such as a confidentiality obligation or a provision of the data protection legislation.

2. Part 2: Your right to privacy

2.1. You can access your data

If you would like to access the data that KBC Brussels processes about you, let us know. If you are a customer and you use KBC Brussels Mobile or KBC Brussels Touch, please use this form. If you prefer to contact us directly, you can use the contact details provided at 2.9. You can view some of the data directly yourself, for example using KBC Brussels Mobile, KBC Brussels Touch, Bolero Online or the Bolero App.

 If you exercise your right of access, KBC Brussels will give you as complete a list as possible of your data. It is possible that some personal data from the usual back-up files, logs and stored records are not included in that list, Such data is not within scope of the data processed on an ongoing basis and is therefore not immediately available. However, you can request this data (e.g. cookie data).

In certain cases, anti-money laundering legislation prohibits KBC Brussels from giving you access to the personal data about you that it processes. For example, KBC Brussels cannot give you access to an anti-money laundering investigation. In that case, please contact dataprotection@kbc.be.

2.2. You can have your data corrected

It is possible that certain data held on you by KBC Brussels is not or no longer correct. You can ask for the data to be rectified or completed at any time via your branch or KBC Brussels Live.

Customers of Bolero services can change certain details themselves by navigating to the settings menu in  Bolero Online and the Bolero app, as well as manage their communication preferences.

2.3. You can have your data erased

You can ask KBC Brussels to erase your personal data. If  KBC Brussels no longer has an overriding ground for processing your personal data (e.g. a legal requirement), KBC Brussels will erase it.

2.4. You can object to your data being used for certain purposes

KBC Bank can process data on the basis of legitimate interest. If you do not agree with this, you can object to it. If there are no overriding grounds (e.g. data processing in the context of fraud prevention) not to do so, we will comply with this request.

Below, you will find the main types of personal data processing operations based on the legitimate interest to which you can object, and to whom they apply:

Developing models for commercial purposes Customers, platform users
Range of products (see 3.3) Customers, owners 
Testing for application development Customers, prospects, platform users
Direct marketing (see 2.5) Customers, platform users
Direct marketing for representatives of legal entities Customers, prospects
Commercial profiling  Customers

You are, of course, free to object to any specific processing of personal data at any time (see 2.9). If you do not specify the reasons for your objection, KBC Brussels will interpret your query broadly.

2.5. You don’t want KBC Brussels to process your personal data to send you direct marketing

It is possible that you don’t want KBC Brussels to process your personal data at all in order to send you direct marketing. KBC Brussels respects that. Send an e-mail to mypersonaldata@kbc.be, visit your KBC Brussels branch or your KBC Brussels agency or contact our staff at KBC Brussels Live. If you are a platform user, KBC Brussels will also ask you for the mobile phone number you used to register with KBC Brussels. If you are a customer and you use KBC Brussels Mobile or KBC Brussels Touch, please use this form. If you prefer to contact us directly, you can use the contact details provided at 2.9.

But even if you exercise your right to object to direct marketing, you might still see an advertising message on a digital channel by KBC Brussels or through another channel. This might be a general advertising message, for example, which KBC Brussels does not process customers’ personal data, or to send pop-up notifications regarding the Private Banking newsletter (for which you can withdraw your consent at any time), or a personalised advertising message for which we only process your cookie data. If you don’t want the latter, you can withdraw your consent to the collection of this cookie data and it being used for sending personalised commercial messages. You can find out how to do this in our cookie policy.

2.6. You can contest a decision taken by automated means

Some data processing operations and processes are fully automated, without any human intervention. Some automated decisions will have a greater impact you than others, for instance in the case of a credit decision or insurance underwriting. In most cases, KBC Brussels calculates these profiles only for customers requesting or using a certain service that requires the use of these profiles (see 3.3 for more information about customer profiles). In other cases, KBC Brussels calculates these profiles in advance.

KBC Brussels will then inform you on the screens or in the terms of use of its own applications that it concerns an automatically generated decision before asking for your personal data. KBC Bank discloses the logic of this automatically generated decision and its consequences at the moment of processing itself via a link to the ‘Annex to the KBC Brussels Data Protection Statement – automated decision-making’, which you will also find at www.kbcbrussels.be/privacy.

If you are dissatisfied with the result of such a fully automated decision, you can contact KBC Bank NV via KBC Brussels Live or any KBC Brussels branch. You can, for example, ask a KBC Brussels staff member to intervene or tell them why you disagree with the decision and request to view the decision taken.
Automated decision-making is often based on an underlying customer profile.

2.7. You can ask for your data to be transferred to a third party

You are entitled to ask KBC Brussels for personal data that you yourself have provided to KBC Brussels with your consent or in the process of performing a contract to be transferred back to you or to a third party.
Legislation lays down a number of limitations to this right, as a result of which it does not apply to all data.

2.8. You can ask to restrict the processing of your data

In some cases, you may ask KBC Brussels to restrict processing of your personal data. Exercise of this right is conditional. You may exercise your right to restricted processing:

  • during the period needed by KBC Brussels to verify the accuracy of your personal data if you challenge the accuracy of personal data concerning you that KBC Brussels processes;
  • where processing is unlawful but you do not want the personal data erased;
  • when KBC Brussels no longer has a purpose for processing the personal data but still needs it in connection with a legal claim;
  • pending KBC Brussels’s reply to whether KBC Brussels’s legitimate interest weighs more importantly than yours when you have exercised your right to object to processing for which KBC Brussels invokes its legitimate interest as legal cause.

2.9. How you can exercise your rights

Depending on the type of customer you are (see Part 1), you can exercise your rights in various ways.

2.9.1 KBC Brussels customers

Always be as specific as possible when you wish to exercise your rights. KBC Brussels can only properly answer queries for which sufficient detail is provided. KBC Brussels will need to be able to verify your identity in case someone else tries to exercise your rights.

If you have a question or a comment, you can go to your KBC Brussels branch, your KBC Insurance agent or e-mail them to mypersonaldata@kbc.be. This is your first resort for all enquiries regarding data protection.

You can consult, amend or terminate the use of certain data yourself via KBC Brussels Touch, the KBC Brussels Mobile app, Bolero Online, the KBC Brussels Business Dashboard, KBC Brussels 4 Business or a branch ATM.

If you would like more information or if you do not agree with KBC Brussels’s point of view,, be sure to visit the website of the Belgian Data Protection Authority, www.dataprotectionauthority.be. You can also lodge complaints there.

In some cases, you can also exercise your rights directly against third parties. That applies, for instance, to the databases that the National Bank of Belgium (www.nbb.be) maintains, such as its Central Individual Credit Register, its Central Corporate Credit Register and the NBB Central Point of Contact.

2.9.2 Platform users, prospects, property owners

You can also exercise your rights if you are a platform user, prospect or property owner. To do so, please send an e-mail to mypersonaldata@kbc.be, stating your name, the telephone number you used to register in the application and, if applicable, the e-mail address.

2.10. You can lodge a complaint

If you have a complaint concerning exercise of your rights, KBC Brussels Complaints Management will be happy to look into it. You can contact KBC Brussels Complaints Management in any of the following ways:

  • KBC Brussels Complaints Management, Brusselsesteenweg 100, 3000 Leuven, or via e-mail (complaints@kbc.be).
  • Alternatively, use one of KBC Brussels’s electronic channels (including the KBC Brussels website, KBC Brussels Touch, Bolero Online and the Bolero app).

You can also always contact the ‘Data Protection Officer’ at KBC Brussels by writing a letter to KBC Bank NV, Group Data Protection Unit (Group Compliance), Havenlaan 2, 1080 Brussels, sending an e-mail to dataprotection@kbc.be.

If you would like more information or if you do not agree with KBC Brussels’s point of view, be sure to visit the website of the Belgian Data Protection Authority at www.dataprotectionauthority.be. You can also lodge complaints there.

3. Part 3: KBC Brussels has many reasons for processing your personal data

KBC Brussels processes your data for a variety of purposes. These purposes have been grouped together below according to the applicable legal basis.

3.1. KBC Brussels must comply with laws, legal requirements and public order

Mandatory reporting to the National Bank of Belgium

  • Financial institutions are required by law to share certain information with the Central Point of Contact of the National Bank of Belgium (www.nbb.be). Consequently, KBC Brussels is required to share certain information regarding its customers’ and proxy holders’ identities and their financial contracts, including information relating to:
    • The opening and closing of accounts, including powers of attorney, date and account number;
    • Cash transactions;
    • The conclusion and termination of financial contracts and the applicable dates, such as: contracts for safe-deposit box rental, specific investment services, loans, including mortgage loans, repayment loans and open-ended credit facilities;
    • The account balances and financial contracts.
  • If any information registered with the Central Point of Contact by KBC Brussels is incorrect, you can ask KBC Brussels to have it corrected or removed.
  • The Central Point of Contact records the data and retains it for ten years.
  • The National Bank of Belgium keeps a list of all requests to access information held by the Central Point of Contact for a period of two calendar years.

Anti-Money Laundering Act and preventing the financing of terrorist activities

  • Banks must deploy all possible means to prevent, discover and/or report instances of money laundering and financing of terrorism to the authorities. This is a matter of considerable public interest.
  • Specifically, KBC Brussels has to:
    • Identify you as a customer, representative or ultimate beneficial owner;
    • Verify your identity;
    • Determine your profile (in relation to the risk of money laundering), which involves collating various personal and business data, such as whether you’re a politically exposed person;
    • Check your actions and transactions, and prevent certain transactions and report them to the Belgian Financial Intelligence Processing Unit.
  • To do so, KBC Brussels uses data that comes from you, but also relies on other sources, for example Thomson Reuters' World-Check, Graydon, Dun & Bradstreet, Swift, the Ministry of Finance's UBO register, internet search engines, social media, the internet, etc.
  • For example, KBC Brussels has to be in possession of a recent copy of your identity card. KBC Brussels will therefore scan in your digital ID card (e-ID) as a matter of course, for example if you register at a KBC Brussels or Batopin self-service terminal with your e-ID or if you use your e-ID to confirm changes to your address or contact details as held by KBC Brussels.
  • KBC Brussels may also process your personal data within the scope of the decision to terminate a customer relationship for anti-money laundering reasons.

Sanctions rules

  • In the context of the part they play in fighting terrorism and their obligations under sanctions rules, banks are required to screen customer details against sanctions lists. Transactions are also monitored. This can mean that underlying documents are requested and payments may be held back in accordance with the sanctions legislation, and specifically EU Regulations 2580/2001 and 881/2002). KBC Brussels also obtains information through external sources such as Thomson Reuters' World-Check.

Prevention of market abuse and conflicts of interest

  • Banks are required to prevent, discover and/or report abuse of inside information or market manipulation and to report suspicious transactions to the authorities1.
  • KBC Brussels may, directly or indirectly, provide loans, credit facilities or secondary guarantees and insurance contracts to the members of the Board of Directors and persons associated with them, to the members of the Executive Committee and the persons associated with them, and to associated companies. This must be carried out in line with market conditions. To ensure compliance with these legal obligations, KBC Brussels records the identification data of the latter parties in its people file, so that these data subjects would be identifiable in the systems.

Mandatory use of personal data in banking services

  • KBC Brussels is responsible the accounting treatment of transactions in accordance with accounting legislation2.
  • In the case of payment transactions, KBC Brussels must transfer the details of the payer or payee to the receiving or transferring institution, regardless of where it is located3.
  • KBC Brussels must consult certain databases for given types of credit (including current account overdrafts) or to enter information in those databases about the terms and conditions of the relevant agreements and the extent to which they’re complied with. This means that KBC Brussels can:
    • Determine your borrowing options and repayment capacity, or make it possible for other institutions to do so;
    • Perform risk management;
    • Allow the National Bank of Belgium to perform scientific and statistical research and to do the work devolved upon it by law.
  • In principle, KBC Brussels consults the Central Individual Credit Register (CICR) for all loans to consumers. The CICR retains the data for consultation for one year following the month to which the data relates4.

MiFID II (the Second European Markets in Financial Instruments Directive) requires KBC Brussels to allocate its customers to certain categories. Natural persons are automatically classified as non-business customers (or retail customers), though in certain circumstances they may be regarded as falling into the business category. If banks give investment advice, depending on the customer type they must gather information about the customer’s knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the products offered.5

  • KBC Brussels also has a responsibility for identifying account holders and the beneficial owners of accounts, safe-deposit boxes or insurance products in the context of reviving dormant accounts, safe-deposit boxes and insurance products.6
  • Pursuant to the Payment Services Directive PSD2, KBC Brussels is obliged to provide access to the balance and transaction information of its customers’ payment accounts, insofar as the customer has installed an online app. This access is only granted to third parties that are authorised to operate in Belgium (including other banks) and based on the consent granted to these third parties by the customer. KBC Brussels does not have the right to verify the validity of the consent granted to such third parties.
  • The National Bank of Belgium requires banks to request a certified Energy Performance Certificate for home loans. This certificate is also compulsory if a home qualifies for an interest subsidy. KBC Brussels also processes the information in order to monitor the value of the loan portfolio.
  • As a lender, KBC Brussels must annually inform the Flemish Energy and Climate Agency (VEKA) about the interest paid by borrowers for a renovation loan. VEKA uses this data to pay the interest subsidy to the borrower.
  • At the request of listed companies, KBC Brussels provides identification data to identify their shareholders. (namely the identity, place of residence, e-mail address, registration number of a legal entity, etc.). KBC Brussels does so in accordance with the Shareholders' Rights Directive.

Carrying out the Compliance function

  • KBC Brussels can use personal data for the purposes of checks, investigations and opinions in areas subject to compliance considerations (such as prevention of money laundering and fraud, investor and consumer protection and data protection).

Other risk monitoring

  • KBC Brussels is responsible for appropriately controlling risks (including at group level). It is required to detect, prevent, mitigate and address risks. Examples include credit, insurance, counterparty and market risk, risks concerning information management and statutory compliance, the risk of staff, customer and/or supplier fraud, the risk of unethical behaviour by staff or breaches by them of their duties of care. This risk management has to be ensured at both central level (gathering data on customers and groups of customers) and local level (e.g. by disseminating risk alerts). All manner of other types of risk profile are also determined in this context.7
  • Mandatory disclosure and reporting to the authorities
  • Banks must submit reports to and be able to answer questions from the authorities and regulators of financial institutions, such as the Financial Services and Markets Authority (FSMA) (www.fsma.be), the National Bank of Belgium (www.nbb.be) and the European Central Bank (ECB).
  • Banks are obliged to provide a summary of deceased customers’ assets to the authorities in relation to tax legislation.
  • Banks have to answer questions posed by the tax authorities or exchange information spontaneously as required by tax legislation.
  • KBC Brussels may also process your personal data within the scope of the decision to terminate a customer relationship if information documents needed to comply with tax obligations are not provided on time.
  • KBC Brussels is also required to answer questions from the judicial authorities (police, public prosecutors and the bench, investigating judges and courts). These include questions relating to police law and (criminal) procedure.
  • In order to comply with the European Directive on the protection of whistle-blowers, KBC Brussels processes reports in the EQS Integrity Line (www.eqs.com). The application guarantees whistle-blowers’ confidentiality and anonymity (as an option) during and after the investigation, and reports the result internally and to the relevant authorities.

Sustainability reporting

  • KBC Brussels is obliged to provide information about ESG risks to the European Banking Authority (EBA).
  • KBC Brussels must also comply with EU taxonomy regulations for sustainable activities.

Basic banking service

  • In order to comply with its legal obligation to provide a basic banking service in accordance with the Code of Economic Law, KBC Brussels receives personal data from the Federal Public Service (FOD) Economy, Chamber of Basic Banking Services.

1 In accordance inter alia with Articles 16 and 17 of the Market Abuse Regulation of 16 April 2014
2 Royal Decrees of 23 September 1992
3 Belgian Code of Economic Law, Book VII, Title 3 and implementing orders
4 Under the lending statutes including the consumer credit and mortgage security acts and the Central Individual Credit Register (Chapters 1, 2 and 3) of Part VII Section 4 of the Code of Economic Law), the Central Individual Credit Register decree (Royal Decree of 7 July 2002), the Act on the Central Corporate Credit Register of 4 March 2012 and the Central Corporate Credit Register decree (Royal Decree of 15 June 2012).
5 MiFID II legislation (Law of 2 August 2002 and Royal Decree of 3 June 2007).
6 Law of 24 July 2008 - see e.g. www.slapendetegoeden.be
7 Legislation governing financial institutions, inter alia the Credit and Stockbroking Institutions (Status and Regulation) Act of 25 April 2014 and the Insurers and Reinsurers (Status and Regulation) Act of 13 March 2016).

3.2. KBC Brussels must be able to assess whether a contract or service may be entered into

Financial services

Before KBC Brussels concludes a contract for a financial or banking product, it may be necessary for certain information to be processed and/or to be analysed for profiling in order to deal with the application and assess properly whether the agreement can be concluded and, if so, under what terms and conditions. Examples include information collated and processed when a loan application is received (whether this involves an estimate of the property on which a mortgage or other security instrument is established makes no difference here), or when we are requested to issue a bank guarantee and process the contact details of the beneficiary or their contact.

As a customer of KBC Brussels, you use a number of services, and your doing so renders administrative and accounting processes incumbent on KBC Brussels. Examples of processing for the performance of contracts include the administration of accounts, payments, deposits, lending, credit monitoring, monitoring security arrangements, safe-deposit boxes (physical or digital), custody, financial instrument transactions, investment advice or wealth management paying due regard to your investor risk profile, selling insurance and brokering financial leases, etc.

When you perform a payment transaction, KBC Brussels passes the payee information on the transaction's progress (e.g. general information on why the payment is not passing via a direct debit).

KBC Brussels processes the personal data of representatives of legal entities in order to authenticate and communicate with the legal entities and to exercise the company powers for KBC Brussels services and products.

Security Deposit Savings Accounts can be set up on the KBC Brussels website by the tenant or the landlord: the facility is open to both, but the tenant, who becomes the holder of the Security Deposit Savings Account, is the bank’s customer. And the tenant’s personal data, like every other customer’s, is processed by KBC Brussels. The landlord need not necessarily be a customer of the bank’s. But because we have to be able to identify them and the subjects of let in respect of which the escrow is bailed, we also process certain necessary personal data of the landlord.

To be able to give investment advice that’s more personal to you, KBC Brussels combines the information in your investor profile with certain other details (such as your age and your investment horizon) to gauge your attitude to losses you might incur. KBC Brussels also carries out behavioural forecasting for MiFID customer profiles based on available personal data such as transaction data, combined with personal characteristics.

Additional services offered in KBC Brussels Mobile

Own products and services
In KBC Brussels Mobile, KBC Brussels also offers its customers its own products and services outside the general fields of banking and insurance, e.g. Goal Alert, Digital Safe, Digital My Real Estate Dashboard and Joyn loyalty cards. Some of these can also be accessed by non-Platform users. KBC Brussels processes personal data to provide these services and, if the service functionality so requires, personal profiles are also calculated for that purpose.

KBC Brussels also offers additional services in the general field of banking. To offer these services, KBC Brussels processes the personal data included in the document(s) you have uploaded.

Partners’ products and services

In KBC Brussels Mobile and KBC Brussels Touch, KBC Brussels offers its customers services of partners outside the general fields of banking and insurance. If data needs to be exchanged to ensure efficient use of the partner’s service, KBC Brussels will inform the customer accordingly in the process.
To enable such apps to function properly, KBC Brussels exchanges personal data with the partner company, whereby KBC Brussels is usually the data controller in its environment (for payments or, for example, to pre-populate a form with your data) and responsible for the transfer of customer data to the third party. The partner company is the data controller in the context of the service to be provided (such as issuing your ticket).

Through KBC Brussels Mobile, KBC Brussels also wants to give you access to your personal government documents that can be consulted electronically in My e-Box. The condition is that you link your My e-Box account to KBC Brussels Mobile. Only you get to see the documents. KBC Brussels cannot see or process the content of the documents.
In the KBC Brussels Business Dashboard, an online application for businesses, KBC Brussels also makes services of third parties available. With your account, you can log in to companies that provide specialised services for businesses, such as BrightAnalytics BV, Cashforce NV and Soluz.io NV. In order for you to log in securely, KBC Brussels exchanges identification data (surname, first name and your identification number with KBC Brussels or a specific identification code) with these companies, subject to your consent.

You must contact those third parties for more information on the protection of your personal data and to exercise your privacy rights.
Payment services remain the core of the KBC Brussels Mobile app. KBC Brussels integrates the Payconiq by Bancontact app in KBC Brussels Mobile so that you can easily buy something or transfer money to an acquaintance without a bank card or cash. For the latter, it suffices to select your contacts from the contact list on your phone. KBC Brussels asks your consent to allow it to view that contact list and shares your selected contacts’ mobile phone numbers with Payconiq, under the responsibility of Payconiq, in order to make the payment possible.

‘Split group expenses’ is a KBC Brussels service integrated in KBC Brussels Mobile that allows you to share expenses with your acquaintances. This service also uses your phone’s contact list. When you use the service, KBC Brussels sends a text message with a request to the acquaintance(s) you have selected.

Partners’ products and services for platform users

If you are a platform user, you too may use some of the above-mentioned services in KBC Brussels Mobile. In order to be able to offer you the services, KBC Brussels needs some information from you (e.g. mobile phone number, e-mail address, date of birth). KBC Brussels keeps your personal data in order to be able to provide the service and to simplify the purchase of such services in the future. In order to avoid your having to fill in this data over and over again, KBC Brussels will keep your data for a limited period of time. If you do not use the services for a certain period of time, KBC Brussels will delete your data. You may always remove your data yourself by deleting your profile in KBC Brussels Mobile.

Ask Kate for help

The KBC Brussels Mobile Regulations or the General Terms and Conditions of the relevant digital service where Kate is available specify what you can expect from Kate and how the assistant works. If Kate is unable to assist you further, she can refer you to KBC Brussels Live.

‘Extra convenience’ in KBC Brussels Mobile

If you accept the KBC Brussels Mobile Regulations, you opt for ‘Extra convenience’ (you can deactivate this feature at any time in KBC Brussels Mobile), in which case KBC Brussels will provide you with the following services:
Kate can send you messages about products, services and applications offered by KBC Brussels. To make this possible and thus be able to predict your behaviour, wishes, risks and needs, Kate analyses historical and new data available to KBC Brussels from you personally, your family, or from your capacity as a legal representative. This may include your transaction data, your use of products, services and applications offered by KBC Brussels, and also insights gained from market analysis, customer behaviour and general analysis on the use of KBC Brussels products and services. Kate will apply these analyses to your specific individual or family situation (profiling) in order then to be able to offer a personalised service.
If you use ‘Additional services’ in KBC Brussels Mobile, KBC Brussels may use the data processed in that context to provide you with ‘extra convenience’ relating to those services as well. KBC Brussels can for example proactively consult the data it shows you when you go to the Pluxee service, so that Kate can let you know when you’re about to run out of Pluxee service vouchers. An up-to-date list of eligible Additional services can be found here.

  • You receive additional information in KBC Brussels Mobile or KBC Brussels Touch, such as the location where you performed a transaction, the retailer’s brand name and logo, etc. to help you understand the context of the transaction more quickly as a holder of a KBC Brussels Basic Account or KBC Brussels Plus Account. We also provide information on your environmental footprint. This information is based on a number of parameters, such as your transactions and other relevant data available to KBC Brussels.
  • You are presented with useful insights which may draw your attention to things that we assume you should take a look at, such as unexpected behaviour on your current account or in your expenses, or an expectation that your account is insufficiently funded.
  • Kate Coins in ‘Extra convenience’: when you purchase certain KBC Brussels products or services, or carry out certain actions in KBC Brussels Mobile, you can earn Kate Coins in ‘Extra convenience’ until June 2024. To correctly grant those Kate Coins, KBC Brussels must process your specific behaviour, or the purchase of certain products or services that allow you to earn Kate Coins in this context.

We also need to register and display Kate Coin transactions and the balance on KBC Brussels Mobile. We keep this information until the expiry date of the Kate Coin concerned. To let you use the Kate Coins, we register the exchange of the Kate Coins for a specific benefit, e.g. a webinar, or for a cashback on the purchase of a certain product.

You can deactivate ‘Extra convenience’ at any time without affecting the functioning of KBC Brussels Mobile. You will still be able to ask Kate any questions you have.

KBC Brussels can also communicate with you separately from the Kate terms and conditions. In that case, personal data will only be processed if KBC Brussels has another valid legal basis for doing so.

Ask Kate your question in KBC Brussels Mobile or Business Dashboard

You can still ask Kate any questions, even if you’ve deactivated ‘Extra convenience’ in KBC Brussels Mobile. This also applies to Business Dashboard users, where Kate will take into account the authorisations and access rights the company has given you. You decide how to use the service. You can ask Kate simple questions by speaking or typing them in the chat function about banking and insurance matters and about other products, services and applications offered by KBC Brussels. To answer your questions, Kate uses the necessary, limited personal data. If you don’t ask Kate anything, no personal data will be processed for the digital assistant. Answering some questions might require a more comprehensive analysis of personal data. This will only occur if you opt for ‘Extra convenience’ (KBC Brussels Mobile only).

Expense management for business owners

KBC Brussels Mobile and KBC Brussels Touch provide holders of a KBC Brussels Company Account with the ‘send expenses’ service (when activated), which gives you an overview of anticipated expenses on the account based on your transaction data.

Support and advice for businesses

For the more complex needs and requirements of SMEs and Corporate Banking customers, KBC Brussels offers specific support and advisory services such as, for example, on growth strategy or the optimal approach to working capital. To this end, KBC Brussels processes your personal data related to your business, such as product ownership, product usage and transactions.

3.3. KBC Brussels processes personal data on the basis of legitimate interest

In addition to compliance with statutory duties, the performance of a contract and consent, KBC Brussels and the KBC Group as commercial undertakings have certain ulterior legitimate interests on the basis of which they process personal data. These are inspired by the need to function as a business and to enable new initiatives to be developed and offered to customers. In that regard, KBC Brussels ensures that the impact on your privacy is kept to a minimum and that, in all events, KBC Brussels’s legitimate interests remain proportionate to the impact that upholding them has on your privacy. Nonetheless, if you harbour an objection to this use being made of your data, you may exercise your right to object. KBC Brussels will respect your objections, unless KBC Brussels has compelling reasons for not doing so.

There are various situations in which KBC Brussels processes personal data.

Risk management, security and combatting fraud
Identification and prevention of major risks, such as the risk of fraud, cyber and credit risks, based on in-depth data analysis

  • KBC Brussels uses your personal data, including transaction data, to conduct studies, create models and generate statistics for various purposes: regulatory reporting, more effective internal control, fraud analysis and combating fraud, risk analysis, security and other non-commercial purposes.
  • KBC Brussels develops risk signals. Your behaviour influences the risk signals. If KBC Brussels detects from internal or external sources that you are in arrears with the repayment of a credit, that you are misusing your payment or credit card, that you are part of a collective debt repayment scheme, that you gamble heavily, that you are involved in a fraud case or a money laundering case, that you are providing your cooperation to terrorism, weapons or human trafficking, etc., this will be identified as a risk signal, which may have considerable consequences. A result may be that KBC Brussels won’t give you credit or that a local branch cannot decide on a credit, that a staff member must consult the Compliance department before dealing with you, that KBC Brussels doesn’t want to do business with you or decides to terminate the relationship.
  • KBC Brussels can use your personal data to prevent, detect and investigate fiscal fraud in conjunction with (Belgian) payment systems and providers of other payment services.
  • Data processing may be carried out in order to guarantee the safety, security and monitoring of persons and goods.
  • Personal data, including biometric data, can be used for various purposes, including to detect and put a stop to fraud and cyber risks. For example, every time you add a KBC Brussels debit card in the Payconiq by Bancontact app, Bancontact Payconiq Company sends data such as the card number and IP address to KBC Brussels through a secure channel, which KBC Brussels can then analyse further.
  • KBC Brussels shares the personal data (including subsequent updates) of the legal representatives and ultimate beneficial owners of any company that is a KBC Brussels customer with other banks where that company is a customer or wants to become a customer. Subject to the same conditions, KBC Brussels can also receive personal data about the legal representatives and ultimate beneficial owners from other banks. The purpose of this exchange is for every bank to have the most up-to-date KYC data of its customers. This is how KBC Brussels contributes to the fight against fraud and money laundering. Moreover, it may simplify and accelerate the customer onboarding process for both the company and the bank. KBC Brussels cooperates with Isabel and IBOS and the associated banks in this regard.
  • KBC Brussels may also process your personal data within the scope of the decision to terminate a customer relationship if there is a serious breach of trust, for example, in the case of identified actions that are inconsistent with fraud-related regulations or ethical principles.

Use of personal data for the KBC Brussels organisation
Use of personal data for internal and regulatory reporting and internal control, and to defend rights and communicate as a company

  • KBC Brussels may utilise personal data for the administration, (risk) management and oversight of the KBC Group’s organisation, such as the legal department (including dispute management and legal risks), risk management (such as general credit risk and insurance risk calculations vis-à-vis customers and groups of customers worldwide), risk functions (e.g. Compliance, for all duties not strictly required by law but that are in fact necessary or useful) and inspections, complaints management and internal and external audit. We retain data for possible future evidential use.

KBC Brussels may utilise personal data to support and simplify the processes of customers beginning to use, using and ceasing to use products and services, including avoiding resubmitting information you’ve already submitted. Or to avoid your having to go through an entire ID verification process if you want to become a customer elsewhere in the KBC Group. For instance, KBC Brussels can pass on your identity data to other KBC Group companies in order to speed up their identification processes.

  • KBC Brussels may also utilise personal data for determining, exercising, defending and preserving the rights of KBC Brussels or persons whom it might represent (e.g. in disputes).
  • KBC Brussels can use your personal data to create synergy, increase efficiency and produce other benefits for its organisation and processes. For instance, KBC Brussels can combine aggregate data from customers with publicly available data to optimise the integration of KBC Bank branches and independent KBC Brussels insurance agencies.
  • KBC Brussels requests additional information for reporting purposes within the application processes for private loans to actively promote sustainability and address environmental, social and governance (ESG) risks in its loan portfolio.
  • KBC Brussels may also collate personal data that KBC Brussels entities have at their disposal for creating segments (such as private individuals, businesses and private banking).
  • To provide you with good service , it is important for us to share information within the organisation and to group that information together in the hands of (central) relationship managers, for instance in a CRM application, to maintain your customer overview.
  • KBC Brussels cooperates with preferred third-party service providers for its range of banking and insurance products (see 3.2). To be able to screen and later contact possible future retailers, KBC Brussels collects identification and contact details of these potential trading partners. The data may have been communicated to KBC Brussels in response to a business event or published on social media or be publicly available.
  • KBC Brussels keeps the contact details of journalists obtained directly or indirectly, so that KBC Brussels can contact them at the appropriate time.
  • KBC Brussels is an international organisation that works and communicates in Belgium’s national languages, English and various other languages. Translations are essential in that regard. Many of the source texts and translated texts contain personal data. KBC Brussels Language Service deletes this data at the latest 90 days after the translation.
  • KBC Brussels wants to offer its customers a personalised customer experience, irrespective of the channel the customer has selected (branch, KBC Brussels Touch, KBC Brussels Mobile, Kate).. Information you share with a staff member may be stored in the customer relationship management system for retrieval at a later date or in another channel.

Linked to the provision of certain services
KBC Brussels may process your personal data to support ICT systems and software, improve processes, coach staff and improve services.

During application development, testing with personal data is required; where necessary this may be done in collaboration with third parties appointed by KBC Brussels.

  • If KBC Brussels investigates issues in applications, it may process personal data for that purpose.
  • Your personal data may also be used in evaluating, simplifying, testing or improving its processes, digital apps and models, and to optimise promotional campaigns, simulation exercises and online sales, such as by using information from cookies (e.g. preference settings and click and browsing behaviour on our website) to follow up on a simulation left uncompleted, statistics or a satisfaction survey.

KBC Brussels uses services provided by third parties that monitor, investigate and, where necessary, restore the performance of KBC Brussels infrastructure and software. During these processes, personal data may temporarily be visualised as a technical object. KBC Brussels concludes contracts by way of security and provides for technical security both internally and externally to minimise the processing of personal data and maximise security.

  • KBC Brussels records telephone conversations for purposes related to training and coaching its staff and improving the quality, security and oversight of processes, for brief periods of one month.
  • The dealings of KBC’s Corporate Mergers & Acquisitions team (M&A) extend overall and any types of KBC Brussels products and services. It is possible that, in the process of acquiring or disposing of some part of its business or another, KBC Brussels might exchange personal data with companies in the KBC Group and third parties.
  • Even though there might be no legal obligation to verify the Central Individual Credit Register, KBC Brussels always does so when lending to consumers.
  • KBC Brussels processes personal data, including transaction data, in order to gauge your knowledge and experience in relation to investments with a view to protecting investors (MiFID).
  • To ensure each property estimate is as accurate as possible, KBC Brussels performs a number of calculations (such as the construction area, roof surface and volume) based on the address (obtained from the Land Registry or purchased) for every property having an address in Belgium. These calculations can be enhanced using data collected through specialised third parties (such as Vansteenlandt). These property estimates are used for the ‘My Real Estate Dashboard’ service or for third-party services, or in the context of potential mortgage lending.

Developing models for customer comfort and for marketing purposes
Support of commercial activities based on in-depth data analysis

  • Insight gained from analytical models allows KBC Brussels to build customer profiles. KBC Brussels then ad\pts the model both to you as an individual or at the level of your family and may also, exceptionally, apply it to another person for the following purposes:
    • Gathering data from different companies of the KBC Group in these analytical models makes it possible to obtain data-driven insights that support the KBC Group in making strategic choices; and
    • Developing commercial policies, taking into account customers’ behaviour and wishes

Profiling for marketing purposes
KBC Brussels processes your personal data for personalised commercial messages about KBC Brussels products and services. This includes

  • Creation of profiles to personalise and steer direct marketing. KBC Brussels uses them to offer customers, prospects or platform users KBC Brussels’s and KBC Brussels partners’ products and services (see 3.5.3). This also enables KBC Brussels to tailor commercial policy for a particular individual.

Ensuring the best possible customer experience
KBC Brussels processes your data to provide you with the best possible customer experience. We understand 'optimum customer experience' to mean the following:

Customisation of product and service offers by both itself and third parties.

  • KBC Brussels may send you messages or contact you in connection with services you’ve requested from KBC Brussels or from a third party through KBC Brussels Mobile, for instance to remind you to repay your outstanding credit card balance before the due date. You can disable these messages in KBC Brussels Mobile (under Profile/Notifications).
  • If you fill in a form provided by KBC Brussels, it naturally processes the data for the administrative management of the process for which you filled in the form. This means that data you enter during a simulation may be stored in the meantime, saving you having to enter it again if you interrupt the process or want to start.again later.
  • If you started a simulation or sales process but stopped before completing it, we may contact you to see what went wrong and whether we can help, i.e. technical and administrative support for that specific process.
  • KBC Brussels may text you to confirm an appointment or remind you that you’ve missed an insurance premium or a loan repayment or that your account is insufficiently funded for a payment order to be executed. You can switch these notifications off in the menu for managing your text message settings.
  • Communication via KBC Brussels Mobile’s start screen
  • In the case of customised service in digital assistant Kate, profiling occurs based on the contract that the customer has signed with KBC Brussels to this end (see 3.2).
  • Digitisation of KBC Brussels services and products to improve their accessibility and user-friendliness with additional personalised information.
  • KBC Brussels processes customer profiles to be able to send relevant messages and information.
  • Information regarding your investment profile may be exchanged between KBC Group entities, as well as insurance agents, for the provision of investment or insurance advice, so as to avoid you having to provide the same information again in the context of an advisory meeting, depending on the delivery channel chosen, and to ensure uniformity and consistency of the profile.
  • Where additional services are used, we may process the personal data of third parties that have no relationship with KBC Brussels, such as data from third parties that is obtained from invoices uploaded to the additional service ‘invoice management’.

Product and service offering
Data processing needed to offer (digital) solutions and determine the relevant KBC Brussels strategy:

  • KBC Brussels can use your personal data to make you a better offer than at present or to give you a commercial discount. KBC Brussels calculates the commercial discount for all customers, irrespective of any specific request. To this end, KBC Brussels analyses the behaviour and a few relevant characteristics of the customer based on customer profiles.
  • To be able to give accurate responses to other customers or prospects (e.g. during simulations or proposals) and where KBC Brussels offers its spontaneous proposals in bespoke form, KBC Brussels may look at all or any of your own customer profiles for comparison purposes as part of carefully partitioned-off underlying processes. There is naturally no question of your personal data being divulged to anyone in this context.
  • Creation of profiles to tailor KBC Brussels’s commercial and product strategies to customers’ behaviour and wishes.
  • Preparation of internal reports on the use of processes and products by customers and platform users to evaluate and determine KBC Brussels’s commercial and product strategies. In this case, personal data is aggregated to the extent possible.
  • To help KBC Brussels staff perform their duties to the best of their ability, KBC Brussels may use modern technologies including, but not limited to, artificial intelligence modules to consult certain customer data.
  • In the context of this processing, KBC Brussels obtains information from an external partner about the degree in which every building in Belgium is susceptible to flooding and about the flooding zones laid down by law where this is relevant when underwriting home insurance.

Offer of aggregated insights

  • KBC Brussels may aggregate personal data to assess rapidly changing consumer behaviour and thus predict economic trends, to produce reports for internal use.
    KBC Brussels anonymises your data so that they can be publicised, for instance if, on the occasion of Batibouw it wants to publish statistics on the numbers of home loans applied for or granted. KBC Brussels may at the same time carefully draw anonymised insights from personal data and subsequently offer those insights to the market. KBC Brussels may provide these aggregated reports as a service or make them available free of charge to organisations in its social role and to partners in order to provide insight into the purchase of their services through KBC Brussels channels. This enables these third parties to further refine their offer or strategy.

Mobilisation of appropriations

  • If a credit claim is mobilised from a credit agreement, we may disclose the obligations and, based on legitimate interest, the necessary details of the borrower and guarantor concerned to the transferee for the management of the claim. Mobilisation of credit claims is effected among things in the form of securitisation, assignment of receivables and in the context of covered bonds. The recipient guarantees the confidentiality of the data.
  • KBC Brussels may disclose information about the credit agreements and the way in which they are executed to:
    • All stakeholder third parties with a legitimate interest (such as the National Bank of Belgium or third parties to whom the credit agreement may be transferred or assigned);
    • Parties that can assign a rating to relevant securitisation transactions;
  • To improve the operation of market forces when credit agreements are converted into securities, the European Central Bank and the EU authorities impose reporting requirements. These reports are not by named individual but by contract detail (such as number of borrowers, term and due date of the credit, outstanding credit amount, payment arrears, characteristics of the mortgaged pledge). This information must be made available to investors in these financial instruments (often designated as asset-backed securities or residential mortgage-backed securities). You will find more on this on the website of the European Central Bank: www.ecb.int keyword: loan-level).

External real estate appraisals

  • KBC Brussels uses external appraisers to revalue any real estate we hold as collateral for loans at certain times during the life of the loan, in accordance with the European Capital Requirements Regulation (CRR). These revaluations do not affect the underwriting process of the credit in question, but merely serve to comply with the CRR. To make these external appraisals practical, KBC Brussels provides the external appraisers with certain information about you and the property concerned, such as your name and contact details, the address and type of property, etc.

Corporate customers

  • KBC Brussels sends messages to its corporate customers, which may be for informational purposes. These messages may include a call to action. In order to reach these customers, KBC Brussels sends the message to the representatives designated by the company. For the calculation of the corporate customer’s profile, KBC Brussels only uses the company’s data and not the representatives’ personal data.
  • KBC Brussels may also send advertising messages addressed to the company which also involve the processing of the representatives’ data. Representatives may object to this use.

3.4. KBC Brussels will request your consent to process your personal data in certain cases

You can read more about consent for direct marketing at 3.5.2. KBC Brussels will request your consent:

  • To process transaction data that you have personally added in KBC Brussels applications such as KBC Brussels Mobile for commercial models and profiles;
  • For geolocation (unless expressly stated otherwise);
  • To process data entered by you in a simulation or competition entry form in order to send you advertising messages;
  • To enter underlying data in a form that needs to be completed with certain information for KBC Brussels to be able to process the form, in which case KBC Brussels will generally ask you to check the data’s accuracy;
  • To process your contact details as representative of your company when we transfer them to, for example, Cashforce;
  • To process biometric data to identify you;
  • To answer questions asked by third parties, unless there is another legal basis for doing so, such as a statutory duty;
  • To process health data, for which we need your explicit consent;
  • To send notifications from the browser regarding the Private Banking newsletter.

Each notification includes information on how to withdraw your consent. If you are no longer able to make your own wishes and needs known, a carefully drafted lasting power of attorney can guarantee that your personal wishes and needs are translated correctly from a lawful point of view, including in banking matters. KBC Brussels will respect that expression of your will and your appointed proxy holder. KBC Brussels may request your consent through all possible channels, such as KBC Brussels Mobile’s start screen, Kate or e-mail.

3.5. KBC Brussels uses your personal data for direct marketing

As a commercial enterprise, KBC Brussels is keen to be able to suggest a wide range of financial and non-financial products and services to you. It may do so in response to explicit requests from you or, where KBC Brussels has an idea that you might be interested in or could benefit from a given product or service.

You can receive this information through various channels: through KBC Brussels bank branches and insurance agencies, over the Internet and in apps, in the KBC Brussels Mobile app’s start screen, by sending push messages from KBC Brussels Mobile or your browser, by e-mail, post or telephone, via Kate, and at events. In addition, the constant flow of new technologies gives KBC Brussels new ways it can embrace to serve you better. KBC Brussels is at pains to ensure that information is provided in a way that’s clear and will choose the most appropriate channel for you.

If KBC Brussels knows the age, it does not make commercial offers of its own to young persons aged under 16 unless a legal representative of theirs has consented.

Only one of the various options listed at 3.5.1 and 3.5.2 applies to you as a customer. From the moment you receive a proposal to opt for the Direct Marketing contract as set out at 3.5.1, only that situation will apply to you, and your choice for personalised information (3.5.2) will cease to apply. If you do not opt for the personalised agreement, you may still receive direct marketing based on a legitimate interest (see 3.5.3). If you don’t want to receive any direct marketing at all, see 2.5, which describes how to object to direct marketing.
If you are unsure as to which situation applies to you as a customer, feel free to e-mail mypersonaldata@kbc.be for help.

3.5.1 Direct Marketing contract for personalised advertising

If you choose to enter into a personalised agreement, you will receive personalised communications from KBC Brussels. The processing of personal data is therefore essential to the performance of the personalised agreement. The personalised agreement contains information about the services offered by KBC Brussels when you opt for the personalised agreement and on how this agreement works. Who is offering the personalised agreement?

KBC Bank, CBC Banque, KBC Asset Management and KBC Insurance (hereinafter: ‘KBC Brussels’) have joined forces in order to make you proposals and contact you for advertising purposes in as personalised a manner as possible. These entities can share your personal data with each other for this purpose, to the extent that this is necessary and relevant in order to send you personalised commercial messages. This exchange is also possible if you are not, or no longer, a customer of one of these entities. This enables KBC Brussels to approach you based on the overall profile it has compiled of you. This is important in order to ensure that KBC Brussels makes you relevant commercial proposals based on your specific situation.
For this purpose, these entities act as joint data controllers. In order to exercise your rights, as described in the general data protection statement, you can contact KBC Bank, CBC Banque, KBC Asset Management or KBC Insurance. What are KBC Brussels’s legal grounds for using your personal data?

KBC Brussels will only use your personal data for personalised services if you have chosen to enter into this agreement.
KBC Brussels invokes contract performance as a basis for delivering Kate Deals and personalised services, as described in the personalised agreement. This concerns:

  • analysis and use of personal data in order to create a profile of you and subsequently be able to send you personalised commercial offers and messages. You can find more information about this under point 3.2;
  • analysis and use of personal data in order to display Kate Deals to you on a personalised basis and to customise this data at the participating merchant’s request. You can find more information about this under point 3.2.
  • contacting you through the most appropriate channel. You may receive commercial messages through a variety of channels (via the KBC Brussels bank branches and insurance agencies, the Internet, KBC Brussels applications, by post, e-mail, telephone, etc.).

KBC Brussels invokes permission to:

  • use electronic communication channels to send commercial messages. The personalised agreement always contains a provision for the receipt of electronic communications via push notifications from KBC Brussels Mobile, or by e-mail, text, or WhatsApp message. You may choose to change your communication preferences at any time and are therefore completely free to decide how KBC Brussels sends you commercial proposals. For example, you may decide at any time to have these communications restricted to the channels of your choice, or not to receive any commercial messages electronically at all. You can make these changes in KBC Brussels Mobile (Privacy > Commercial Settings), KBC Brussels Touch (Profile > Privacy > Commercial Settings), KBC Brussels Live, or at any KBC Brussels branch. Even you choose not to receive any electronic communications at all, you can still benefit from the personalised services.
  • sending you personalised offers based on your click and browsing behaviour on KBC Brussels websites and in KBC Brussels applications. KBC Brussels respects your privacy preferences and will only store this data if you have given the required cookie consent. What type of data processing is needed in order to provide the requested services?

In order to be able to deliver the services described in the personalised agreement, KBC Brussels must be able to predict your behaviour, needs and requirements.

KBC Brussels uses all personal data (including transaction data, data obtained from third parties, data obtained from public sources such as the Belgian Official Journal, data and information gathered during conversations with you at the branch or other contact moments, etc.) it possesses on you and any insights it obtains based on general market analysis. KBC Brussels combines this data with other data and information relating to your family, business, etc.

KBC Brussels may make highly personalised commercial proposals to you, tailored to your needs and interests, by applying this analysis to your individual or family situation (i.e. profiling).

Data processing in the context of personalised commercial messages

KBC Brussels conducts in-depth profiling as part of the personalised agreement in order to be able to tailor the advertising messages to your needs. This is because KBC Brussels’s intention is to send you commercial messages tailored to your situation as much as possible.

These commercial messages might focus on:

  • KBC Brussels’s products and services and those of carefully selected partners with whom KBC Brussels works in order to provide their services through KBC Brussels (e.g., Payconiq, partners for additional services such as 4411, De Lijn, Kinepolis, etc.). You can find an up-to-date list of KBC Brussels’s partners at this link. This list is regularly updated by KBC Brussels;
  • both financial products (including loans, credit cards, insurance products, etc.) and non-financial products (including Kate Deals, purchasing train tickets, ordering service cheques, etc.).
    KBC Brussels generally sends these commercial messages to you directly, rather than through its partners. This ensures that KBC Brussels can minimise data processing by its partners. KBC Brussels has also made contractual arrangements with its partners, in which they confirm that they will comply with the privacy rules.

Data processing in the context of Kate Deals

Calculation and execution of cashbacks

KBC Brussels uses the transaction data to calculate and execute the cashbacks you are entitled to. For instance, based on your purchases, KBC Brussels can see which Kate Deals you actually redeemed.

KBC Brussels works with a number of participating merchants.

  • Personalisation of Kate Deals at the request of the participating merchant

These participating merchant can determine whether or not they want to limit their deal to certain customers, based on a set of predefined parameters. This enables participating merchant to more accurately determine the target audience for their Deal. For example, they might decide to limit their deal to customers who have made purchases from them over the past three, six or nine months (or those who just fall short of this mark) or solely to customers who live or shop in a particular province. In order to be able to deliver these parameters, KBC Brussels checks your personal details. The transaction details are also reviewed for some of these parameters.

Personal data that may be processed in this context includes transaction data, place of residence, gender, age, household composition, as well as profiles derived by KBC Brussels (from customer data), for example, hobbies and what customers do in their spare time. This data is processed either separately or combined. KBC Brussels does not pass on this personal data directly to the participating merchant, but instead uses it to determine the group of customers that get to see the deal.

In the context of personalisation requested by the participating merchant, KBC Brussels and the participating merchant concerned are jointly responsible for processing the relevant data. Feel free to contact KBC Brussels if you have any questions about exercising your rights (as described in the general data protection statement). The data protection statement is available at www.kbcbrussels.be/privacy. You can also obtain a copy at your bank branch or from your intermediary.

Since KBC Brussels automatically selects for which Kate Deal you are eligible based on the parameter(s) communicated by the participating merchant, some of these decisions may be made automatically. You can read more about how automated decisions are made in the Annex to the KBC Brussels Data Protection Statement – automated decision-making.

  • Anonymised statistics

KBC Brussels sends anonymised data to the participating merchants regarding their Deal, as it was published on the Kate Deals Platform.

Personalisation to show Kate Deals in the most relevant order

The Kate Deals displayed on the Kate Deals Platform have been personalised. Personalisation is a feature of the Kate Deals Platform intended to ensure that the Kate Deals published on the Kate Deals Platform are as closely aligned as possible to your needs and preferences.

KBC Brussels creates a profile of you to help personalise the Kate Deals and determine how and in which order they are presented to you. This allows KBC Brussels to present you with the Kate Deals that are most relevant to you.

KBC Brussels bases this profile on your transaction data, which shows the sectors (e.g., fashion, leisure, etc.) and locations that may be of interest to you. KBC Brussels also looks at other personal data, such as your name and address. If you have given permission for KBC Brussels Mobile to use your location, KBC Brussels will use it to show Kate Deals located near you. If you have consented to the use of cookies, KBC Brussels also keeps track of your click and browsing behaviour (e.g., what Kate Deals you have viewed) on the Kate Deals Platform in order to improve the Kate Deals’ relevance.

KBC Brussels and the TradeTracker partner platform join forces

To know if you are entitled to a Deal via an external partner, and for the calculation and execution of the cashback, KBC Brussels and the partner platform (TradeTracker) need to be able to see if you made a purchase using the unique link on the Kate Deals Platform and for what amount. KBC Brussels and the partner platform must also detect any fraud in connection with the Kate Deals via external partners in time.
KBC Brussels and TradeTracker are joint controllers for these purposes. Feel free to contact KBC Brussels if you have any questions about exercising your rights (as described in the general data protection statement). The data protection statement is available at www.kbcbrussels.be/privacy. You can also obtain a copy at your branch or from your intermediary.
The types of personal data processed by the partner platform in this context are traffic data (including IP addresses), where appropriate linked to your purchase (amount and time).

3.5.2 Personalised commercial messages, with your consent

If you have previously consented to receiving personalised commercial messages, this consent will remain valid until you have made a choice regarding the Direct Marketing contract.

If you give explicit consent to receive personalised commercial messages, KBC Brussels can make proposals tailored perfectly to your individual situation. You will no longer receive scores of adverts that are of no interest to you. Your consent applies specifically to personalised commercial messages and is unrelated to the processing of personal data in the context of Kate Deals. In this regard, KBC Brussels uses your entire personal data (including transaction details and information obtained from third-party sources (such as financial institutions), public sources like the official gazette, the results of discussions at your branch and other contacts). This data is collated along with details of your family and business, and so on, so that KBC Brussels is really in a position to provide you with commercial messages tailored to you. You can withdraw your consent at any time, just as easily as you gave it.

Your consent to receiving personalised commercial messages is valid for each of KBC Insurance, KBC Bank, KBC Asset Management, CBC Banque, KBC Securities and KBC Autolease. As regards KBC Autolease, your consent only applies to services that it provides directly to private individuals. These KBC Brussels entities are then able to share your data with one another. Such exchanges are also possible if you’re not or you are no longer a customer of any KBC Brussels company. This enables KBC Brussels companies to look into your situation and proactively suggest alternatives aimed at your specific situation.

You receive the messages directly from KBC Brussels and not from the partners KBC Brussels works with. These partners are listed in and This ensures that data processing by these partners is limited and they only receive data about you if you personally express interest in the information. KBC Brussels has made contractual arrangements with the partners, in which the partners confirm that they will comply with the privacy rules.
Subject to your explicit consent, KBC Brussels may send you commercial messages about financial products and services and about non-financial products and services. KBC Brussels offers a separate choice for both.
Platform users and prospects cannot opt for personalised commercial messages. Commercial messages about financial products and services (occasionally referred to as ‘personalised information’)

Your separate consent applies to messages about financial products and services from KBC Brussels and from carefully selected partners that offer products or services in the general fields of banking and insurance. Those partners must at all times meet the following criteria:

  • They must be a provider of financial services or an insurance company. Financial service providers include banks, credit institutions, wealth managers, funds, stockbrokers and lease companies in as far as their offering to private individuals is concerned.
  • If legally required, the partner has to be licensed for the financial service or insurance that KBC Brussels is offering.
  • The messages contain information on products and services from the general fields of banking and insurance such as savings products, investment funds, lending and insurance (both property cover and life insurance).

A list of our current financial partners can be found at www.kbcbrussels.be/partners. This list is regularly updated by KBC Brussels. Commercial messages about non-financial products and services

Your separate consent applies to messages about non-financial products and services from KBC Brussels and from carefully selected partners with whom KBC Brussels cooperates in order to offer you their services through KBC Brussels. The messages may relate, for example but not exclusively, to the Additional Services that KBC Brussels offers in the KBC Brussels Mobile app, such as selling tickets or offering new deals in Kate Deals.

The messages concern non-financial products and services outside the general fields of banking and insurance.

More information about partner services offered by KBC Brussels is available at www.kbcbrussels.be/partners. This information is updated by KBC Brussels on a regular basis.

3.5.3 Limited personalised commercial messages, based on a legitimate interest

If you do not want to receive a highly personalised offer, you should not opt for the Direct Marketing contract or consent to receiving personalised commercial messages.

Nevertheless, you may occasionally still receive offers and advertising from KBC Bank NV (e.g., in the KBC Brussels Mobile app’s start screen or by e-mail, push notification or text message): based on its legitimate interest, KBC Brussels sends offers on the basis of a limited number of data (such as who you are and where you live, your date of birth, your marital status, your contact details, family relationships, the apps and products you use, or any lack of interest on your part in certain products).

These limited personalised commercial messages may concern:

  • financial products and services from KBC Bank NV or KBC Insurance and KBC Asset Management; niet-financiële producten en diensten van KBC Brussels en van zorgvuldig geselecteerde partners in bijvoorbeeld de Extra diensten in KBC Brussels Mobile, zoals de verkoop van tickets. Meer informatie over de partners vind je op www.kbcbrussels.be/partners .

Subject to your separate consent for the electronic channels (e-mail, push messages and SMS/WhatsApp), KBC Brussels may send you advertising on all products through these channels. In the absence of your consent, we will limit ourselves to advertising on products similar to those you already own. You can manage your consents in the KBC Brussels Mobile app, via KBC Brussels Live or at your branch.

You can object to direct marketing as set out in 2.5, in which case you will no longer receive personalised advertising.

In order to be able to send you the appropriate message through the correct channel, KBC Brussels may also call on other service providers. For this purpose, KBC Brussels may cooperate with communication and marketing agencies, and similar companies such as social media players (e.g., Google, Facebook, Instagram, WhatsApp). Sometimes KBC Brussels only uses information it has about you or your personal profile information held by them. In other cases, KBC Brussels combines those data. Depending on the type of cooperation, they may be processors or controllers (see points 5.2 and 5.3).

3.5.4 Marketing for platform users

KBC Brussels uses platform users’ personal data to conduct direct marketing campaigns (e.g. in KBC Brussels Mobile’s start screen or by e-mail, push notification or text message) based on a legitimate interest. This may include services offered through KBC Brussels Mobile, including Kate Deals, and KBC Brussels payment solutions. For this purpose, KBC Brussels processes the limited set of personal data that the user registered when they activated the use of the KBC Brussels platform (surname and first name, address, date of birth, mobile phone number and e-mail address). If the user agrees to the use of cookies, KBC Brussels can also send offers based on click and browsing behaviour. Platform users can exercise their right to object to direct marketing, in which case they may still see an advertising message but it will be a general advertising message, for which KBC Brussels does not process customers’ personal data.

3.5.5 Marketing based on your click and browsing behaviour

KBC Brussels may send you offers based on your usage patterns on its websites and apps, provided that you consent to the collection of this cookie data and it being used for sending personalised commercial messages. The cookie consent determines which offer KBC Brussels can send you. Your cookie data may be combined with other personal data according to the conditions set out under 3.5.1, 3.5.2 and 3.5.3.

3.5.6 Marketing for prospects

KBC Brussels uses prospects’ contact details to conduct direct marketing activities. Commercial messages by e-mail are sent only with the recipient’s prior consent. Telephone marketing is always based on a legitimate interest, and KBC Brussels respects anyone who is listed on the Do-Not-Call Registry.

3.5.7 What if you do not wish to receive personalised advertising (or less of such advertising)?

Our app lets you manage certain notifications and whether you receive them or not. You can manage your notifications under ‘Settings’.

Start > Your photo or the Settings icon in the top left corner > Security and privacy > Privacy > Commercial settings > How do you want to receive commercial messages?

Depending on what kind of commercial offers you wish to receive, you can choose ‘Personalised’ or ‘Standard’.

You can always choose not to activate the Personalised Agreement if you no longer wish to receive personalised messages or only wish to receive general advertising messages. If you no longer want to receive any advertising at all, you can object to direct marketing.

3.6. KBC Brussels will not sell your personal data

KBC Brussels does not sell or hire out your personal data to third parties for their own use, unless you opt for this yourself by giving your consent or approval or in the context of a service. This enables KBC Brussels to share your data with third parties in the context of the partners listed here (see

4. Part 4: KBC Brussels processes different types of data

The sorts of data that KBC Brussels processes are explained below.

4.1. Identification data linked to a service and personal particulars

Your electronic ID card details that can be accessed without a PIN, such as your name, sex, date of birth, nationality, national registration number, but also your customer number, vehicle registration number, driving licence, click data, how you utilise your device, information identifying the devices you use (Mac address, IPs, information uniquely identifying your device).
Telephone number, e-mail address, language, postal address, username in social media apps.
Your products Account numbers, your financial products (payments, loans, insurance, savings & investments)
Your product usage Your transactions, salary and other income and expenses, growth of your wealth, changes in your wealth situation, investments, loans, insurance policies, movements on your accounts and their balances, the use of KBC Brussels apps, and so on.
Your preferences and interests Your potential interest in KBC Brussels products. Your financial information, how it has changed over time and the advice we’ve previously given you.
Derivative information Based on movements such as payment transactions (transactions on your accounts, in your investment portfolio, done using your card, etc.), KBC Bank is able to observe your behaviour and detect your needs. We can use the resulting profile for instance to send you personalised offers, to more effectively analyse which payment solution works best for you, determine your preferences in terms of communication or which insurance products you need or whether you are eligible for a commercial discount.
Your family  situation Your marital status, the make-up of your household and relationships.
Your overall financial situation KBC Bank can give you sounder advice if it is apprised of your overall financial situation (your total assets, real estate you own, etc.).
Your activity
Your education, occupation and work experience.
'Key moments' in your life The important phases in your life (past, present and future). Like getting married, living together, building a family, plans for the home or the death of a child, parent or your spouse.
Your lifestyle Things like leisure activities and interests, club memberships, your home environment and property owned by you.
Your feedback Comments and suggestions, past complaints. These can definitely help KBC Bank to provide you with a better service in the future.
Your risk profile KBC Brussels processes your investor profile in order to assess, for example, whether a given investment is appropriate for you. Supplemented by other data such as age and investment horizon, KBC Brussels can also process your risk profile to determine how you deal with losses in investments, in order to provide even more targeted investment advice. Other possible uses include your fraud profile, credit risk profile, insurance risk profile, etc.
Your health data KBC Brussels processes health details, for example when providing tax and legal opinions or financial planning advice or for taking out life insurance. If it intends to do such data processing, KBC Brussels procures your separate consent. Naturally, strict procedures apply to how this health data is processed.
Your biometric data KBC Brussels processes your biometric data for more efficient and accurate identification, for example as part of the customer onboarding process, for instance by taking a photograph or short video clip. If it intends to do such data processing, KBC Brussels procures your separate consent. KBC Brussels only retains biometric data for a limited period of time after use.

4.2. Data from third parties

KBC Brussels sometimes processes public data.

  • This may be information that is subject to a reporting duty (like public notice of your appointment s a company director)
  • Data you personally place in the public domain such as information on your website, in your blog or via your publicly accessible social media profile, information publicly available on the Internet, or information about you that KBC Brussels has obtained from third parties (e.g. household members).
  • Data that is in the public domain, say, because it is common knowledge in your area or because it has appeared in the press. Information from sources such as the companies register and Graydon also fall into this category.

KBC Brussels can also receive personal data via third parties, for example, but not exclusively, by buying it or obtaining it from the Belgian Land Registry (Kadaster) or from companies like Blacktiger, IHS Markit Group Limited, GIM, Graydon and business organisations that are responsible for making sure that they gather the relevant information lawfully and pass it on to KBC Brussels.

In addition, KBC Brussels receives personal data from third parties on the instructions of its customers (e.g. account information from an account held at another bank in connection with the provision of account information services).

KBC Brussels uses that publicly available data and information from third parties for all processing for all purposes set out in this Data Protection Statement.

4.3. Your current location can be important

If KBC Brussels wants to identify your location (i.e., geolocate you), KBC Brussels will always inform you accordingly and will ask for your consent where appropriate, for instance when you visit certain pages on its websites or if you use a KBC Brussels app or technology such as beacons.

KBC Brussels may send you a message for which your location is important. Or, if you’re at a KBC Brussels event, the background in KBC Brussels Mobile might be modified accordingly, for example. It’s also possible that when you enter a shop, KBC Brussels Mobile will draw your attention to the fact that in this shop you can pay using MobilePay.
In order to offer you this service, KBC Brussels may use a geolocation service provider, such as Google. Google has a privacy policy of its own. You can read it in detail at www.google.com/policies/privacy. We recommend that you take the time to read it. KBC Brussels can also use the details of your location to construct global models and analyses.

Moreover, we are aware of what your location is on the basis of things like your IP address and your telephone’s technical readings. This information can also be important in relation to things like detecting credit card fraud and improved data protection.

4.4. KBC Brussels can process information you share with its staff

When you contact KBC Brussels staff at a branch or by telephone, chat or via Kate, this may be registered:

  • To create an overview of the contact history;
  • To create a (short) record of the contact;
  • To enable staff to prepare ‘to do’ lists of tasks identified during the conversation;
  • To provide you with better service in the future.

Even if you are not a customer, KBC Brussels will store such information as you disclose. That information can be used if you subsequently become a customer.

By adopting this approach, KBC Brussels seeks to avoid your having to constantly provide information or answer questions a second time. It also allows KBC Brussels to improve continuity in the services provided to you.

4.5. Monitoring KBC Brussels correspondence in written form

If you contact KBC Brussels by e-mail or have digital communication channels that are used by KBC Brussels (e.g. KBC Brussels Touch or KBC Brussels Mobile), it can use these channels to send you mandatory and official notices, in which case KBC Brussels will notify you by push notification.

KBC Brussels works on the assumption that correspondence sent to staff in their capacity as KBC Brussels staff members (at a branch or on its fax or to a job-linked or personal KBC Brussels e-mail address, etc.) is business-related and that KBC Brussels is entitled to read it in the context of:

  • Their duties;
  • The production of evidence;
  • Workplace checks;
  • Security;
  • Combatting fraud.
  • Service optimisation and/or continuity, including the use of automated text analysis and editing to help KBC Brussels staff correspond with you quickly and efficiently.

4.6. Recording telephone, video and chat conversations

As a customer, you have a variety of ways to contact KBC Brussels. For instance, you can contact our commercial staff in the branch network or at KBC Brussels Live, contact centres and helpdesks, Kate, Private Banking branches, our inheritance experts, the Bolero Call Centre and the dealing room.

Various applications can be used for this purpose. For example, you can call a KBC Brussels staff member, in certain cases you can start a chat or you may receive an invitation to an online meeting (e.g. in Microsoft Teams). When attending an online meeting, you always have the option to share your screen or enable your camera at your own discretion.

KBC Brussels may listen in to or record conversations. You will be informed of this at the start of the conversation (e.g. verbally or in a pop-up message on your screen). By taking part in a telephone or video call, you expressly agree to it possibly being recorded.

KBC Brussels listens in to or records conversations for various purposes:

  • For training and coaching of staff or to improve the quality or security and monitoring of processes. These recordings are kept for a period of one month. Due to technical reasons, they may be stored in our back-up files for slightly longer.
  • Production of evidence:
    • In the context of legal duties intended for the protection of investors (MiFID II), KBC Brussels is required to record and retain telephone conversations and electronic communications that could result in transactions in investment products. KBC Brussels therefore records the conversations and electronic communications of staff whose work duties are investment-related. If you talk to these experts or relationship managers or communicate with them electronically, we record it. For evidential purposes and in order to comply with the legal obligations under MiFID II, KBC Brussels keeps these recordings for ten years. If a dispute arises, KBC Brussels will keep them for as long as it needs to defend itself. You can request a copy of this recording.
  • KBC Brussels attaches a great deal of importance to secure online banking. To that end, KBC Brussels set up the Cybersecurity Service Secure4u, which is available 24/7. You can contact Secure4u to report (alleged) abuse, after which KBC Brussels will investigate the report and, where appropriate, contact you by telephone. KBC Brussels may then ask you, for example, to lodge a complaint with the police. KBC Brussels also records this telephone call for any subsequent juncture.
  • Service provision:
    • KBC Brussels may also use automated analyses of conversations to speed up and improve its services. Telephone, video and chat conversations, for instance with Kate, together with other communications and the emotions expressed in them, can then be used in the development and training of artificial intelligence. Artificial intelligence could ultimately allow written or spoken customer communication to be fully automated. Artificial intelligence can support KBC Brussels staff and increase KBC Brussels’s ease of access. The link to personal data is severed as quickly as possible when developing and training artificial intelligence. To check and improve the quality of verbal chat conversations with Kate, KBC Brussels converts the conversation into text. KBC Brussels only keeps the original conversation for one month and the anonymised transcription for one year.

4.7. Temporary storage of security camera images

KBC Brussels may use CCTV in and around the offices and premises where it operates. In the case of security cameras, KBC Brussels observes the special rules that apply. If a security camera is present, KBC Brussels informs you by means a clearly visible sticker, for instance. In addition, KBC Bank NV in all events adheres to the ‘BeSafe’ guidelines (www.besafe.be) issued by the Security & Prevention General Directorate of the Federal Public Service for the Interior.
KBC Brussels generally keeps images recorded by security cameras in and around KBC Brussels premises (identified with a sticker) for no more than one month.

They may be kept for longer:

  • if the recorded images serve as evidence of certain dealings or may depict a criminal offence or unruly behaviour;
  • as evidence of damage or in order to identify an offender, trouble-maker, witness or victim;
  • Where someone has exercised their right of access, for as long as necessary to respond to the request. At locations that present a heightened security risk, the period is three months.

If you have questions about CCTV images, you can contact the CCTV Contact Centre at Egide Walschaertsstraat 3, 2800 Mechelen, or at CCTV@kbc.be.

4.8. Transaction details

4.8.1 Specific services KBC Brussels provides to you based on your transaction data

KBC Brussels offers you account information services and payment initiation services, giving KBC Brussels access to the balance and transaction information of the accounts you hold with another bank. This is subject to the condition that such payment accounts are accessible online. The account information, which only becomes accessible after you have activated the service, is used by KBC Brussels to carry out the requested service. If there are difficulties in connecting KBC Brussels to the account-holding bank, limited account information may be exchanged to resolve those problems.

KBC Brussels may also use the transaction data obtained to carry out its anti-money laundering and embargo inspections, to monitor and prevent payment fraud and to draw up the required reports. Such activities are mandatory, in accordance with applicable legislation.

If you consent to the use of transaction details from other banks, KBC Brussels may also ultimately use this data from other financial institutions to benefit its commercial and service models and its profiling, such as for providing the proactive version of Kate (if you opted to use this).

Based on that data, the bank can offer you an even more accurate and personalised service. You can always revoke this permission in KBC Brussels Mobile via Start > Your photo or the Settings icon at the top left > Security and privacy > Privacy > Data from other banks.

4.9. More than just your own personal data may be involved

If you have a company or children, for example, you agree that KBC Brussels may also keep a record of those relationships and process the data of any associated persons. We may also process personal data of parties we have no direct relations with but who are involved in a relationship with us, such as being the beneficiary under a life insurance policy or as usual driver under a car insurance policy or as witness to an accident. If you provide information about your family members or related persons, we ask you to inform them of that fact (e.g. of a change of address that you’ve forwarded to us). If needed in order to properly provide services to your family, we may also report limited details on you to your family members, so as to avoid over-insurance for your family.

Implications for legal entities

  • Please note that legal entities may only provide us with personal data of natural persons associated with them if those persons are sufficiently informed of this and, where necessary, have given their consent.
  • The legal entity accordingly indemnifies KBC Brussels in respect of all liability in this regard (vis-à-vis those concerned). For example, the company is responsible for complying with the data protection legislation when it submits lists of users for online applications or of beneficiaries of employee profit-sharing bonus programmes.

5. Part 5: Cooperation, confidentiality and security

5.1. Not everyone at KBC Brussels can look at your data

Only persons with appropriate authorisation can access personal data, and then only if that data is relevant to the performance of their duties.
In principle, within KBC Brussels and the KBC Group, your personal data will only be processed and viewed by certain departments that:

  • You now have, previously have had or would in future like to have a contractual relationship or contact with;
  • Require to be involved in the provision or aftercare of services;
  • Fulfil legal requirements (at group level) or requirements imposed by regulators, or stemming from corporate governance principles;
  • Are tasked with preventing fraud, including money laundering, by staff and customers. Some examples:
    • When we are notified of the death of a of KBC Brussels who is also a customer of other KBC Brussels entities in Belgium, we also inform those other entities.
    • For direct debit mandates, you may take certain steps to block them (e.g. blocking the instruction or imposing a maximum limit). If you take such a step in respect of a direct debit in favour of a KBC Brussels company, KBC Brussels may inform that company of the fact. The KBC Brussels company concerned can then more effectively assess the status of your direct debit instruction.
      The individuals who are authorised to consult your data are moreover bound by a strict professional duty of confidentiality and must abide by all technical requirements to ensure the confidentiality of your personal data and the security of the systems in which the data is held.

5.2. Data processed by KBC Brussels data processors

KBC Brussels uses the services of several processors to process personal data. These are companies that process data on the instructions of KBC Brussels.

5.2.1 Processors within the KBC Group

For the processing of personal data, KBC Bank NV makes use of processors within the KBC Group based in the European Union, namely KBC Group NV and KBC Global Services NV. Processing is carried out in Brno, Sofia or Varna, for instance, by the Shared Services Centre, branches of KBC Global Services NV in the Czech Republic or Bulgaria.

Some of the data processing performed by KBC Group NV and KBC Global Services NV on behalf of KBC Bank NV relates to oversight and support functions (at group level) such as financial reporting, the compliance function, the internal audit function, the inspection and risk function, anti-money laundering checks, complaints management, marketing support, support for invoicing, money transfers, credit processing and ICT management for the KBC Group.

For ICT management, KBC Brussels uses KBC Global Services NV, sometimes in conjunction with other processors within and outside the KBC Group.
KBC Brussels also uses the services of 24+ NV (www.24plus.be):

  • As a contact centre through which you can get in touch with us;
  • As a contact centre to get in touch with you on behalf of KBC Brussels for the purpose of making an appointment or conducting a satisfaction survey, to inform you about ‘personalised information’ and to invite you to make a choice;
  • To log data into KBC Brussels apps;
  • For administrative processing on the instructions of KBC Brussels;
  • To provide information to the tax authorities and the police;
  • To conduct an advisory meeting following a death, and to register next of kin, heirs, legal representatives and beneficiaries in the persons database.
    Examples include making appointments for branches, answering telephone enquiries, handling e-mails, and processing and executing online applications.

KBC Brussels works together with Everyone Invested, a subsidiary of KBC Asset Management NV, to analyse the conformity of individual investment portfolios with the KBC Investment Strategy. KBC Brussels exchanges anonymised data regarding the investment portfolios with Everyone Invested for this purpose.

5.2.2 Processors and third-party joint controllers characteristic of the financial sector

KBC Brussels uses specialist third parties in Belgium and abroad to perform some processing operations, e.g. payments.

These are:

  • SWIFT (www.swift.com)with headquarters in Belgium and establishments in many countries, for the global message exchange;
  • Equens Worldline SE (www.equensworldline-nv.com), Mastercard (www.mastercard.com), Idemia (www.idemia.com) ) and, in certain cases, Bancontact Payconiq Company NV (www.bancontact.com) for payments and (credit) card transactions worldwide;
  • Custodians and sub-custodians of financial instruments worldwide that are subject to local financial regulations;
  • Institutions for the settlement and clearing of payments and securities transactions, such as the CEC (www.cecbelgium.be) (payment systems) and Euroclear;
  • Transport companies (for cash and other valuables) and security firms;
  • Consumer credit intermediaries (i.e. instalment loans);
  • Entities that support KBC Brussels in complying with its anti-money laundering obligations, for example by developing and using money laundering detection models;
  • Batopin NV (www.batopin.be), a network of bank-neutral ATMs, also for updating your electronic ID card details;
  • Appbot Pty Ltd (www.appbot.co), for monitoring and analysing feedback from users of KBC Brussels apps;
  • Renta Solutions NV for typical leasing platforms in automating vehicle ordering, vehicle registration and delivery (Order Register Deliver), maintenance, electronic invoicing (REI rS Electronic Invoice).

5.2.3 Other processors

KBC Brussels may also directly or indirectly (e.g. through KBC Group NV) engage the services of other processors, such as

  • Consultants;
  • Third-party business introducers to fulfil its general duty of vigilance as laid down by law:
    • The obligation to identify and verify identities;
    • The obligation to identify the customer characteristics and the purpose and nature of the business relationship;
    • The obligation to update information;
  • Market research agencies such as Ipsos (www.ipsos.com), Profacts (www.profacts.be), GFK (www.gfk.com) Check market (www.checkmarket.com.), iVOX (www.ivox.be) and Intrinsiq (www.intrinsiq.be), DataSynergy (www.data-synergy.be) for issuing invitations as well as carrying out surveys;
  • ICT and ICT security service providers and artificial intelligence companies such as Microsoft, Cognizant, IBM, Amazon and HP, and specialist fintech companies such as Onfido for facial recognition during the customer onboarding process;
  • Marketing and communication agencies and similar companies, whereby KBC Brussels uses personal profile information on you that is held by them, along with the data it holds on you, to be able to make targeted offers to you via their channels (e.g. Google, Facebook, etc.);
  • Companies that support KBC Brussels in identifying and analysing your user behaviour in our apps and on our websites (e.g. Adobe, Dynatrace). In preparation for the analysis of Adobe Data Analytics, KBC Brussels will rely on the services of Amazon Web Services – Cloud Computing Services. The transfer and processing of personal data from, to and in Amazon Web Services is encrypted;
  • Companies specialising in information archiving and access, such as Doccle (Doccle stores information on all our customers, including those that haven’t opted for digital record-keeping). Doccle uses Amazon Web Services – Cloud Computing Services);
  • Companies specialised in scanning digital documents in order to digitise files with associated info;
  • Companies specialising in solvency investigations;
  • Companies specialising in specific services that KBC Brussels uses when offering services to its customers, such as Meeco for offering the Digital Safe in KBC Brussels Mobile;
  • Printers for printing and the addressing of news magazines, cheques and transfer forms, badges, among other items;
  • Translators and translation agencies;
  • Social media management tools (CX Social);
  • Sworn real estate experts;
  • Communications agency Motisha BV (www.motisha.com);
  • Companies providing Platform as a Service (PaaS) and Software as a Service (SaaS) in the cloud, such as:
    • The Microsoft Dynamics CRM app used by KBC Brussels to maintain customer overviews;
    • VEE24’s video chat app for enabling digital communication with KBC Brussels;
    • The storage services of Microsoft Azure or Amazon, on which KBC Brussels can place its own platforms or software that process and store your personal data;
    • Security services that screen Internet or e-mail traffic with KBC Brussels for cyberattacks or phishing scams;
    • TreasurUp, with whom KBC Brussels exchanges the contact details of company representatives to enable forex transaction analysis;
    • Nomios Belgium NV to set up a secure network connection between KBC Brussels entities worldwide based on SD WAN technology;
    • Applications that facilitate and automate call recording, where appropriate, for instance as offered by Luware;
    • - Etc.

5.3 Processing by other data controllers

5.3.1. Other data controllers

As a data controller, KBC Brussels may – in addition to using other processors – also use other service providers or third parties, such as lawyers, notaries public or doctors, who themselves are data controllers.

This is, for instance, the case for KBC Securities Services, which is a part of the KBC Group. KBC Securities is the controller of your personal data when providing services in its capacity as a broker or custodian of securities. To this end, KBC Securities Services works with other third parties such as wealth managers and private bankers. They in turn offer their own services, such as investment advice, and therefore also act as a controller of your personal data. When that is the case, another – usually shorter – data protection statement may apply since the service is also more limited. If you purchase a service from KBC Brussels that is covered by a shortened or non-standard data protection statement, you will be duly advised of this. The most recent version of the statement applying to services provided by KBC Securities Services can be viewed at www.kbcsecurities.com.
KBC Brussels can outsource the collection of arrears on, say, a loan, to specialised companies that themselves are data controllers.

KBC Brussels also distributes its own products and services in conjunction with third parties that refer their customers to KBC Brussels, for example for a loan. They do not act as intermediaries in that regard and only pass on to KBC Brussels the personal data needed to prepare tenders or simulations. The third parties are responsible for passing on the personal data. The third parties have access to a dashboard to track purchases of products.

As a bank-insurer, KBC Bank NV cooperates with KBC Insurance, with both companies acting as data controllers with respect to personal data. Specific information regarding the controllers for the direct marketing domain is provided under 3.5.

KBC Brussels can itself act as a third-party business introducer for, for example, Payconiq and Belgian Mobile ID (itsme). KBC Brussels then processes personal data as data controller. KBC Brussels transfers this personal data to the third party. Likewise, a third party may act as a third-party business introducer for KBC Brussels.

When a mortgage expires and mortgage renewal is needed, KBC Brussels will call upon the services of a notary public. KBC Brussels provides the notary public with the national registration number(s) of the borrower(s), a copy of the original registration model, the first authenticated copy of the deed or other useful information that allows the notary public to renew the mortgage registration.
When, as a retailer, you want to install an electronic payment terminal and you ask KBC Brussels to act as an intermediary in that regard, KBC Brussels will pass on your contact details to Equens Worldline SE.

If you order goods and/or services online, as a customer you will find that several online retailers offer the KBC Brussels Payment Button. This button allows you as a customer to pay for online purchases while authenticating yourself using your familiar and trusted KBC Brussels e-banking channels (e.g. Touch, Mobile, O4B).
In certain specific cases, processors whose services KBC Brussels engages (see 5.2.3) may nevertheless act as controllers for the processing of KBC Brussels data. One such case is Microsoft, which also processes personal data for activities beyond the limited scope of a processor., such as billing, internal remuneration, internal reporting and internal organisation, combatting fraud and security of their services, service improvement, financial reporting, and compliance with legal obligations applicable to them. KBC Brussels has entered into the necessary contractual arrangements with Microsoft to ensure compliance with the relevant data protection safeguards.

KBC Brussels can also cooperate with third parties such as Xerius Ondernemingsloket vzw. Xerius helps you to start up a business. During that process, Xerius may put you in touch with KBC Brussels to get your business account opened. Xerius then sends identification details to KBC Brussels. Xerius does this with your consent.

5.3.2 Voice Assistants

As a customer, you can ask for your balance and transactions via so-called virtual ‘Voice Assistants’ (Alexa, Google Assistant, etc.). In order to do this, you must first give KBC Brussels your consent to transfer the necessary account information to that service. The further processing, such as the electronic pronouncement of your balance by the service, is carried out entirely by the third party that provides the service to you. KBC Brussels is not responsible for that.

5.4. KBC Brussels processes your data on behalf of third parties

KBC Brussels acts as a processor of your personal data on behalf of third parties further to the execution of orders at a number of stock exchanges or when acting as a broker. This is, for instance, the case for KBC Securities Services. KBC Brussels acts as a processor for certain third parties with respect to the Additional services as set out under 3.2. KBC Bank NV acts as a processor for KBC Insurance NV for the distribution of their products.

5.5. KBC Brussels takes specific measures to protect your data

KBC Bank NV ensures that strict rules are followed and that the processors concerned:

  • only have the data they need in order to perform their tasks;
  • have given KBC Bank NV a commitment that they will process this data securely and confidentially and only use it for carrying out the instructions given to them.

KBC Bank NV will not be liable if these processors (according to law) disclose customers’ personal data to local authorities or if incidents occur at those processors despite the measures they have taken. KBC Brussels ensures that the European data protection standards for personal data are applied worldwide within companies belonging to the KBC Group and their branches. KBC Brussels also ensures that companies and corporate branches of the KBC Group take appropriate measures to protect the data of legal persons. KBC Bank NV takes internal technical and organisational measures to prevent personal data finding its way into the hands of, or being processed by, unauthorised parties or being accidentally altered or deleted.

Strict security measures are in place to protect premises, servers, the network, data transfers and the data itself, and extra checks are also carried out by a specialist department in this regard.

To make online banking and investment services as secure possible, security experts at KBC Brussels continuously analyse cyber-criminal activity so that they can hone the relevant security measures accordingly. Find out more at www.kbcbrussels.be/secure4u.

Together with you, we need to be aware that information shared by e-mail can sometimes be intercepted and, where possible, we must aim to use a different means of communication or to limit the amount of information sent.
KBC Brussels websites and apps may contain links to websites or information of third parties. KBC Bank NV does not check such websites or information. Parties offering these websites or this information may have their own privacy policies in place, which we advise you to read. KBC Brussels is not responsible for the content of those websites, their use or their privacy policy.

KBC Bank NV sometimes facilitates the publication of information (including personal data) via social media such as Twitter and Facebook. Bear in mind that these channels have their own terms of use, with which you must comply. Publishing data on social media may have (undesirable) consequences, including for your privacy or that of persons about whom you share data. You may not be able to delete such published information quickly. You should therefore assess the consequences yourself as the decision to disclose data on such media ultimately lies with you. KBC Brussels does not accept any responsibility in that regard.

5.6. KBC Brussels does not keep your data for ever

KBC Brussels uses your personal data where KBC Brussels has a clear aim in mind. Once that aim no longer exists, we delete the data.

The period for which your personal data has to be retained is defined by law (usually until ten years after the end of a contract or execution of a transaction. For commercial claims it is thirty years after the end of a contract or execution of a transaction). The period can be longer where needed for the exercise of our rights. If no retention period is stipulated by law, it may be shorter.

For some applications, a more extended time horizon may be necessary, such as for carrying out surveys and risk and marketing models. Some insights only get clearer once they are viewed over a longer time span. This can result in the retention period being extended by ten years on top of the standard periods. As has been stated, KBC Brussels will in all cases sever connections to individuals as quickly as possible and work only with aggregated or anonymised data.
Information that you personally registered in the KBC Brussels Touch application ‘Profile yourself’ or that was registered at the branch, with the agent or in KBC Brussels Live, for example, is retained by KBC Brussels for five years.

Personal data on prospects is used by KBC Brussels for a maximum of five years unless, in the meantime, there has been contact with the prospect. In that case, a new maximum five-year period starts. Prospects can always ask for their personal data to be removed.

5.7. Data transfer outside the EEA

Legislation in some countries outside the EEA (like the United States of America or India) doesn’t always afford the same level of data protection as in EEA member states. Where a non-EEA country is viewed by the European Commission as not offering an adequate level of protection, KBC Bank can cover the deficiency by, say, agreeing the required contractual guarantees with those third parties (such as a model approved by the European Commission), providing control mechanisms and implementing technical and organisational measures.

The transfer of personal data to countries outside the European Economic Area or to international organisations was screened by KBC Brussels. This transfer either takes account of the European Commission’s list of safe countries or is based on reasonable and sufficient security measures or falls under a specific derogation from the GDPR.

The most important aspects of international data transfer are explained in more detail below. Feel free to e-mail mypersonaldata@kbc.be if you have any questions.

5.7.1 Personal data transfer within KBC Brussels

KBC Brussels may export some personal data relating to Corporates (e.g. contact details of representatives) to its foreign branches in Hong Kong, China, Singapore and the US, provided the corporate customer also operates in the country in question.

5.7.2 Processors outside the EEA

KBC Brussels always opts for the processing of personal data to take place within the European Union. Given the nature of certain processes (for example, when round-the-clock support is required), in some cases personal data may be transferred to processors outside the EEA.

Even if the data centre is located within the EEA, access from outside the EEA may still be possible in some cases (e.g. in case of technical problems, or when round-the-clock support is required). This is also considered data transfer outside the EEA.

For some processes, the processors’ data centres may be located outside the EEA or accessed from outside the EEA, as is the case for the United States of America.
Even if the transfer is subject to an adequacy mechanism (such as the EU-US data protection framework in the United States of America), KBC Brussels will still ascertain that third parties provide an adequate level of protection.

Some examples:

Microsoft Basic identification and contact details, data relating to product ownership and product usage, etc.
AWS Basic identification and contact details, data relating to product ownership and product usage, financial data, etc.
Adobe Basic identification and contact details, data relating to product ownership and product usage, financial data, etc.

5.7.3 Data transfer to controllers outside the EEA

Similarly, when data is transferred to another controller in a country outside the EEA, these transfers are screened by KBC Brussels and the necessary measures are applied.

Some examples of controllers outside the EEA that may receive personal data from KBC Brussels (valid on 6 May 2024):

Google (see 5.3.2) Basic identification and contact details, data relating to product ownership and product usage, etc.  United States of America

5.8. KBC Brussels thinks before it answers queries from outside parties

If you as third party have queries about customers, for example because you work for the police or are a notary public or lawyer, you can contact KBC Brussels’s Third-Party Enquiries department, Brusselsesteenweg 100, 3000 Leuven. This specialist department will answer your query subject to bank secrecy obligations and the privacy laws. KBC Brussels bank branches and other departments will therefore refer you to that department.

5.8.1 Compliance with confidentiality obligations

As KBC Brussels has to comply with its confidentiality obligations and with the data protection legislation, it may only answer queries from third parties if they arise pursuant to a legal requirement or a legitimate interest, doing so is a prerequisite for performing the contract or the data subject has given their consent.

In the last case, KBC Brussels actually advises requesting the information directly from the data subject.

KBC Brussels declines liability if, as a result of foreign legal obligations, the lawful recipients of personal data are required to pass personal data about customers on to local authorities. Or if they process personal data without an adequate level of security.

5.8.2 Requirement for financial ombudsman to address KBC Brussels Complaints Management

KBC Brussels Complaints Management provides answers to the questions posed by Ombudsfin, the ombudsman for banks. Third parties must contact the ‘Third-Party Enquiries’ department.

5.9. You can also help in protecting your data

There are certain aspects of (technical) data processing over which KBC Bank has no, or at best insufficient, influence and for which it cannot guarantee total security. Examples include the Internet or mobile communications (such as smartphones).

If hackers are active, KBC Bank NV does not always succeed in defeating their cyber-attacks in time. It sometimes does not even know that it is happening, for example if a hacker manages to obtain your identification details by installing illegal software on your computer (spyware) or by creating a fake website (phishing). You will find more information on secure online banking at www.febelfin.be (safe online banking).

KBC Bank NV therefore suggests that you regularly take a look at the KBC Brussels website for information on safe online banking:
www.kbcbrussels.be/secure4u. This site always contains the most up-to-date tips and recommendations to keep you secure online.