Transfer of personal data outside Europe

Your personal data are also processed outside Europe. Additional rules apply to this. This is because not all countries have the same strict privacy rules as in Europe.

We may share your personal data outside Europe within our group. We do this on the basis of our global internal policies, the Binding Corporate Rules (BCRs). These are published on our website and are periodically amended if required by laws and regulations. The Dutch Data Protection Authority must approve an updated version before it is published on our website. 

Sometimes we give your personal data to other companies or entities outside Europe. For example, as part of an outsourcing agreement. We then ensure that we have concluded a separate agreement with those parties that complies with European standard, such as the EU Standard Contractual Clauses, and additional requirements. In addition, we assess on a case-by-case basis whether it is necessary to implement organisational and technical (such as encryption) security measures so that your personal data are adequately protected.

You may be affected by our international financial services. For example, when you transfer money abroad or when you have investments abroad through us. In that case, foreign parties may request your personal data from us, such as local regulators, banks, governments and investigation authorities. They do this, for example, to conduct investigations. Incidentally, additional rules apply to the use of personal data if you purchase investment products from us. Read the provisions in article 11.3 of the Investment Conditions for this