Your personal data is also processed outside Europe. This is subject to additional rules. This is because not all countries have the same strict privacy rules as Europe.
We may share your personal data outside Europe within our group. We do this on the basis of our global internal policy, the Binding Corporate Rules (BCRs). These are published on our website and are periodically amended if required by laws and regulations. The Dutch Data Protection Authority must approve an updated version before it is published on our website.
Sometimes we give your personal data to other companies or bodies outside Europe. For example, as part of an outsourcing agreement. We then ensure that we have concluded a separate agreement with those parties that complies with European standards, such as the EU Standard Contractual Clauses, and additional requirements. In addition, we assess on a case-by-case basis whether it is necessary to implement organisational and technical (such as encryption) security measures so that your personal data is adequately protected.
You may have to deal with our international financial services. For example, when you transfer money abroad or when you have investments abroad through us. In that case, foreign parties may request your personal data from us, such as local regulators, banks, governments and investigative authorities. They do this, for example, to conduct investigations. Incidentally, additional rules apply to the use of personal data if you purchase investment products from us. Read the provisions in article 11.3 of the Investment Conditions for this.
