Recipients of personal data, your rights, and contact details

Recipients of personal data

As a rule, we do not disclose your personal data to third parties. Dutch law provides for several exceptions to this rule. For instance, your personal data may be used for intelligence purposes if you use our website to commit a criminal offence or make false statements that are liable to punishment. For the purpose of supervising and protecting the integrity of the financial sector, we also collaborate with other supervisory authorities including the AFM and with the relevant departments of the Financial Expertise Centre (FEC).

Our collaborations with the AFM and as part of the FEC are laid down in agreements (available in Dutch only). See Dutch Government Gazette,10 July 2007, No 130 (AFM) and Dutch Government Gazette, 7 February 2014, No 2351 (FEC).

Your rights

Right of access

The right of access is your right of access to the personal data we have collected concerning you. This right is laid down in Article 15 of the GDPR.

Right to rectification

The right to rectification is your right to amend or supplement your personal data. You have this right whenever your personal data, bearing in mind the purposes for which they are processed, are inaccurate or incomplete. The right to rectification is laid down in Article 16 of the GDPR.

Right to erasure

The right to erasure is your "right to be forgotten". You have the right to ask us to erase your personal data in any of the following situations:

    • in your opinion, the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
    • you withdraw consent on which the processing of your personal data is based
    • you have legitimately objected to the processing of your personal data
    • we have unlawfully processed your personal data, for instance because there is no legal basis for the processing
    • we have retained your personal data for longer than necessary
    • you are below the age of 16 and we have collected your personal data using an app or website (an "information society service")
The right to erasure is laid down in Article 17 of the GDPR. Article 17 also sets out exceptions to the right to erasure. For instance, the right to have your personal data erased does not apply if we process them for compliance with a legal obligation or for the performance of a task carried out in the public interest.

Right to restriction

The right to restriction of processing is the right to restrict the use of your personal data. You have the right to ask us to restrict the processing of your personal data in any of the following situations:

  • you have notified us that, in your opinion, we process inaccurate personal data, in which case you can ask us to refrain from using these personal data while we verify their accuracy
  • we have unlawfully processed your personal data but you do not want us to erase them (for instance because you wish to be able to retrieve them at a later stage)
  • we no longer need your personal data for the purposes for which they were collected but you require them for a legal action (for instance legal proceedings to which you are a party)
  • you have objected to the processing of your personal data, in which case you can ask us to restrict the processing of these personal data pending our assessment of your objection
The right to restriction of processing is laid down in Article 18 of the GDPR.

Right to data portability

The right to data portability is your right to receive the personal data we have collected concerning you and transmit them to another controller. You have the right to ask us to transmit your personal data to you, for instance to enable you to transfer them to another organisation without hindrance. You also have the right to ask us to transmit your personal data directly to another organisation. This right applies where we process your personal data by automated means on the basis of your consent or a contract. The right to data portability is laid down in Article 20 of the GDPR.

Right to object

The right to object is your right to object to the processing of your personal data. You have the right to object to our processing of your personal data for the performance of our tasks carried out in the public interest or for a legitimate interest. We will assess whether your interests, rights and freedoms override our interest in processing the personal data involved. We may reject the objection if processing of your personal data is necessary for a legal claim. If the objection is well-founded, we will cease processing your personal data.

The right to object is laid down in Article 21 of the GDPR.

You have the right to withdraw your consent at any time.

Lodging a complaint with the Dutch DPA 

You have the right to lodge a complaint with the Dutch DPA if you are of the opinion that our processing of your personal data infringes the GDPR. The right to lodge a complaint is laid down in Article 77 of the GDPR.

Limitation of your rights

We are not required to meet requests for access, rectification, erasure, restriction or data portability, or objections, at all times. Your rights may be limited if such limitation is necessary to safeguard other interests, for instance if exercising your rights could jeopardise the effectiveness of our supervision of financial institutions or present risks to the monetary system. Article 41 of the GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming) lists the interests that could prevent you from exercising your rights.

Note: We use personal data solely for the purposes for which they are intended and for compatible purposes. We will never offer you any unsolicited information or services.

Contact details

  If you have any questions concerning our processing of your personal data or wish to exercise your right of access, to rectification, to erasure, to restriction, to data portability or to object, please contact our Privacy Office. You can also use one of our standard forms to make your request:

DNB needs to verify the identity of the person that makes a request in relation to personal data. Therefore you are requested to provide information that allows DNB to verify your identity. You may refer to information DNB already possesses to check your identity or you may send a copy of a valid ID. You can make use of the KopieID App to hide your citizen service number (BSN). DNB may not be able to deal with your request when your identity can’t be verified.

You can contact us by email at privacy@dnb.nl or by post:

De Nederlandsche Bank
Attn Privacy Office
Postbus 98
1000 AB Amsterdam

Please also use this email: privacy@dnb.nl or postal address if you wish to contact our Data Protection Officer or withdraw your consent.

Information on how to use secure e-mail can be found here.