On the 25th May 2018 the EU introduced a new regulation – the General Data Protection Regulation (GDPR) - to strengthen data protection for all within the European Union.
GDPR is good news for customers. It makes it easier for you to access your personal information and control how it is used.
Why did I receive this email and what do I need to do next?
This email was sent to you to ensure that you are aware of the upcoming changes to data protection law which comes with the implementation of the General Data Protection Regulation on the 25th of May. This communication is intended to give a general overview of the GDPR and further information can be found in our Data Protection Notice (pdf, 137 KB)
. We recommend that you take the time to review this document in full.
How do I get a copy of the Data Protection Notice?
How do I request a copy of all the information KBC hold on me (i.e a Data Access Request)?
You may receive a copy of your personal data held by KBC Bank Ireland plc on request.
In order to respond to your request we require you to:
- Send a written request by either downloading the Access Request Form from the Data Protection section of our website or write a letter to Rights Management Requests, KBC Bank, Sandwith Street, Dublin 2 or email firstname.lastname@example.org requesting your personal data. If you cannot download the Access Request Form we will arrange to post this form to you.
- Complete, sign and date the Access Request Form/letter. Please be as specific as possible about the information you wish to access;
- Post the written instruction to Rights Management Requests, KBC Bank, Sandwith Street, Dublin 2 or email email@example.com
Further information detailing how you may execute your right of access under the existing Data Protection legislation can be found in the Data Protection section on www.kbc.ie.
How long does KBC hold my personal information for an how do I request deletion of my personal information?
KBC will retain your data in line with our retention periods and the length of time in which we hold your personal information depends on the nature of the information we hold and the purposes for which it was first obtained. We determine appropriate retention periods having regard to any statutory obligations imposed on us by law. For example, we are required to retain some customer information for 6 years after the end of the customer relationship in accordance with the Consumer Protection Code. We will delete your personal information in line with these obligations and further information with regards to the deletion of personal data is outlined in section 2.2 of our Data Protection Notice.
Rest assured that this data will be retained in a safe and secure environment and will not be used for any other purpose before being permanently deleted. Further information on our retention process is available in section 9 of the Data Protection Notice.
I sent in an application for a KBC Account but did not fully open it. How do I ensure my data has been erased?
We are restricted in deleting certain applications as there are other statutory obligations imposed on us by law that we must also adhere to. Further information on our obligations with regards to the deletion of personal data is outlined in section 2.2 of our Data Protection Notice.
Rest assured that KBC has strict retention periods assigned to all personal data entrusted to us and this data will be retained in a safe and secure environment and will not be used for any other purpose before being permanently deleted. Further information on our retention process is available in section 9 of the Data Protection Notice.
I want to update my Marketing Consent preferences, how do I do this (e.g change consent to SMS only or email only)?
You can review and make changes to your marketing preferences (including changing the channels through which you receive marketing) at any time in one of the following ways:
- Open your KBC Mobile Banking App and go to the ‘My details’ section. Simply click on the ‘Stay Connected’ box on the bottom of your screen to access the ‘My details’ section
- Log in to KBC Online Banking and go to the ‘Personal Details’ section to edit your details
- Drop into or calling your nearest KBC Hub
- Contact one of our Customer Service Representatives by phone on 1800 93 92 44 or by email at firstname.lastname@example.org
What does GDPR mean to me? How has the law changed?
The GDPR is replacing current data protection laws in Ireland and the European Union from 25 May 2018. The new law will give individuals greater control over their personal data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations such as KBC. The GDPR also imposes greatly increased obligations on organisations that collect this data. Under the GDPR individuals have the significantly strengthened rights to:
- access personal information held about them by an organisation; have incorrect or incomplete data corrected;
- have their data erased, where, for example, the organisation has no legitimate reason for retaining the data;
- obtain their data from an organisation and to have that data transmitted electronically to another organisation in certain circumstances (known as Data Portability);
- object to the processing of their data by an organisation for certain purposes;
- not be subject to (with some exceptions) automated decision making, including profiling.
The Irish Data Protection Commissioner’s website (www.dataprotection.ie
) has further information for individuals on the GDPR and the manner in which existing data protection law has changed.
Who do you send my personal data to? How does this differ and who have you sent my personal data to already?
As a member of the KBC Group, KBC sometimes shares personal information relating to its customers with other members of the KBC Group in order to carry out a number of key functions, for instance we use the services of the KBC Shared Services Centre, a Czech branch of the KBC Group, for financial reporting and information technology support services and we use the services of KBC Securities NV, a KBC Group entity located in Belgium, to administer trades for our investment products.
KBC also sometimes shares your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we use third party service providers to send out marketing material on a product or service you may be interested in. We also use third parties to help us detect, prevent, or otherwise address fraud, security or technical issues. We go into more detail about the reasons we share personal information with third parties in Section 8.1 of the Bank’s data protection notice.
Will you be sending further information to me on GDPR and my consents?
The Bank’s Data Protection Notice explains how we collect personal information about you, how we use it and how you can interact with us about it. We will make changes to this notice from time to time, particularly when we change how we use your information, and/ or when we make changes to our technology and products.
We will publish the most up-to-date version of this document on our website or it is available upon request from any of our Hubs or customer contact channels.