Foundation for Banking Ethics Enforcement treats personal data with the utmost care. These data are processed and secured in strict compliance with privacy legislation. This page informs you how we collect data, what data we collect, when the data is collected, and how we deal with the data.
DSI Foundation supports the Foundation for Banking Ethics Enforcement in its activities, and a processing agreement has been signed to that effect. Both the DSI Foundation and the Foundation for Banking Ethics Enforcement respect the privacy of all Relevant Persons, and make every effort to ensure that any personal information provided to us are handled with care Our internal and external employees are obliged to maintain strict confidentiality.
Why do we process personal data?
The Foundation for Banking Ethics Enforcement implements ethics law for bank employees. This is a legal obligation. In order to perform this task, we must process privacy-sensitive information. We only process this data to the extent necessary for the performance of our duties.
Contact the Foundation for Banking Ethics Enforcement
The telephone conversations via telephone number 020 760 8090 are not recorded. It is possible that the telephone calls may be answered by an external front office with whom the Foundation has signed a processing agreement. If an incoming call pertains to a report, investigation, or complaint, then it may be noted in the relevant file. Our internal and external employees are required to respect the confidentiality of your data.
If you contact the Foundation for Banking Ethics Enforcement via one of our e-mail addresses (firstname.lastname@example.org, email@example.com or firstname.lastname@example.org), we will not store your data for longer than absolutely necessary. If your message pertains to a report, investigation, or complaint procedure, then your e-mail may be included in the relevant file. Our employees are required to respect the confidentiality of your data.
Submitting a report
Reports can be submitted via this website or sent to the e-mail address email@example.com. Reports should contain the following necessary data:
– reporter’s first- and/or last name and initials
– reporter’s gender
– reporter’s telephone number and e-mail address
– the bank where the employee is/was employed
– bank employee’s position, department, and office location
– a description of the bank employee’s behaviour, and when it occurred
– which norm is alleged to have been violated
In some cases, the report may include other data, such as IBAN, the bank services utilised, or other personal details. This information serves as argumentation for the report.
In exceptional circumstances, special personal data and/or criminal records pertaining to the reporter may also be included in the report data. These data will only be processed if it is necessary for the enforcement of ethics law. The Foundation has received permission from the Personal Data Authority to process criminal records pertaining to the disciplinary procedure.
Investigation and disciplinary procedure
If the Foundation for Banking Ethics Enforcement initiates an investigation and a disciplinary procedure as a result of a report, then the following data will be processed by the Enforcement Committee and the Appeals Committee for the purposes of the investigation, evidence, and procedure:
– Bank employee’s first- and last name
– Bank employee’s date of birth
– Bank employee’s contact details, including post address, e-mail address and telephone number
– Bank employee’s employer details
– Information from persons involved in the incident
In some cases, additional personal data may be processed if necessary for the investigation and the disciplinary procedure. These data will be provided to the Foundation for Banking Ethics Enforcement by the reporter, the relevant bank or the bank employee.
Usually, the bank employee’s criminal records will also be processed. In exceptional circumstances, these data may also contain special personal data about the bank employee, such as his/her health, etc. The Foundation has received permission from the Personal Data Authority to process criminal records pertaining to the disciplinary procedure. To the extent that the Foundation processes special personal data, these data will only be processed if it is necessary for the enforcement of ethics law.
Provision to third parties
If the Foundation for Banking Ethics Enforcement initiates an investigation as a result of a report, then the data from the report will only be shared with the relevant bank or bank employee. We will never share data with third parties unless we are legally obliged to do so.
Security and storage
We take suitable security measures to protect your personal data from misuse or authorised access. We also conduct regular data protection impact assessments, to identify any privacy risks and take any necessary measures to mitigate these risks.
We will not store data for longer than absolutely necessary. We store data pertaining to the report and the subsequent investigation and complaint for a period of seven (7) years after the completion of the disciplinary procedure.
Review, amendment, or deletion of your data
We offer you the opportunity to view, change, or delete your personal data at your request. You can submit a request for the above by sending an e-mail with reference to your name and e-mail address to the address details below. If there are just grounds upon which we cannot comply with your request, we will inform you within a period of four weeks. If we cannot comply with your request, you will also receive a notification explaining the reasons.
Objection and transfer of personal data
You may object to the processing of your personal data if you have serious grounds for such an objection. In some cases, you may also have the right to transfer of your personal data at your request. This right is only applicable if your data are processed based on your permission or the implementation of an agreement. We generally process your data based on a legal obligation, so the right of transfer of your personal data usually does not apply.
We would be happy to help you if you have complaints about the processing of your personal data. Please refer to our complaint regulations for more information. If we cannot come to a mutual agreement with regard to your complaint, you may also submit a complaint to the Personal Data Authority (AP).
Foundation for Banking Ethics Enforcement
Attn.: Data Protection Assistant
Post box 3861 1001 AR Amsterdam