Protection of privacy is a primary consideration for Keytrade Bank Luxembourg.
This Policy applies both to data which are initially collected when you contact the Bank and data which are later obtained by the Bank (for example, when you subscribe to an additional product or service, or when you update data that you have initially provided).
Your data are currently processed in compliance with the law applicable in Luxembourg, namely, before 25 May 2018, the amended Law of 2 August 2002 on the protection of individuals with regard to the processing of personal data. From 25 May 2018, this will done in compliance with Regulation (EU) No 2016/679 of 27 April 2016 on data protection, known as "the GDPR", any legislative act by the European Union amending the GDPR, and any piece of Luxembourg legislation passed for purposes of application of the GDPR (the legal mentioned above, together the “Data Protection Act”). For more detailed information about data protection from the National Data Protection Commission (https://cnpd.public.lu/fr.html) if you reside in the Grand Duchy of Luxembourg, or from any other competent national data protection authority if you reside in another Member State of the European Union (together, the "Data Protection Authorities").
This policy is regularly updated. Please check our Website regularly to find out which version currently applies.
- Who is your data controller?
- What do we mean by personal data?
- When do we collect these data?
- Where do we collect data about you?
- In what circumstances are you required to send these data to us?
- For what purpose and on what basis do we use your personal data?
- Storage period
- Data security
- Who receives your data? To whom may your data be transferred?
- What are your rights?
- How can you exercise your rights?
- Who should you contact if there is a dispute?
1. Who is your data controller?
Your data controller is KEYTRADE BANK LUXEMBOURG, located at Rue Charles Martel 62, 2134 in Luxembourg, registered under number RCS B69935 (the "Bank") +352.450439
We make every effort to comply with the Data Protection Act, as well as the implementing measures, overseen by the Data Protection Authorities.
For some services, we call upon specialist partners, who work as subcontractors. These partners must comply with our personal data protection policy and must also fulfil their relevant statutory obligations. We strive to ensure that your personal data are protected through appropriate provisions in our contracts with subcontractors, as well as other parties that may help us to process your personal data or that receive your data from us.
2. What do we mean by personal data?
By personal data, we mean not only data that identify you directly, but also data that identify you indirectly.
We generally need to collect the following different types of personal data:
We do not voluntarily process specific categories of personal data (so-called "sensitive" personal data), namely data relating to a person's health, racial or ethnic origin, political opinions, religion or beliefs, trade union membership or sex life. We would only be able to have indirect access to these sensitive personal data under specific circumstances. For example, when you make a transfer to join a political party or a trade union.
3. When do we collect these data?
4. Where do we collect data about you?
In most cases, you provide us the personal data that we process. However, we do also obtain these data via third parties. In particular, this happens when :
as part of our legal obligations, we consult some external files.
5. In what circumstances are you required to send these data to us?
If you want to open an account at the Bank or use our services, you will be required to provide us with some information about yourself. We are legally required to request information from you that we need in order to be able to initiate a relationship with us.
You do, of course, have the right to refuse to disclose this information to us, but, should you do this, you will be unable to enjoy our services.
6. For what purpose and on what basis do we use your personal data?
Generally, we use your personal data :
6.1 Statutory obligations
The Bank is bound by a number of legal and regulatory obligations that require us to process your data. These obligations mainly fall within the following legal and regulatory areas :
The list of legal and regulatory areas that govern how the Bank must process your data is non-exhaustive and may change.
As part of its statutory obligations relating to fighting against money laundering and the financing of terrorism, to performing a credit check during a credit application and to protecting investors, the Bank carries out automated checks, using external sources or data which are specifically requested from you at that time. These automated checks may possibly result in us refusing you a contract or requesting additional information from you, depending on the case.
For these checks, the Bank uses suitable mathematical or statistical models, using verified data in order to avoid any risk of error. When this occurs, the Bank does not process any sensitive data and strives to avoid any form of discrimination.
6.2 Contractual relations
Before entering into a contract, the Bank may and, in some cases, must obtain and process certain data, in particular, in order to :
In addition, the Bank is unable to process applications for specific products or services without obtaining certain data from you beforehand.
For example, if you want acquire a new product or service (for example, KEYPRIVATE, etc.), we will need certain personal data from you in order to assess whether we can provide these products or services to you.
More specifically, in the context of executing contracts, the Bank processes your data as follows :
- the sale of financial and investment products;
- management and granting of credits, by assessing the overall credit risk ;
6.3 Legitimate interests
The Bank also processes your data in order to pursue its legitimate interests. For this purpose, the Bank strives to maintain a fair balance between its data processing needs and respect for your rights and freedoms, particularly privacy protection.
Personal data are therefore processed in order to :
- We use transaction data in order to get a better understanding of how our services are used, in order to improve them. For example, when you open an account, we measure the time between when your account was opened and the first transaction.
- We also analyze the results of our marketing activities, so that we can measure how effective our campaigns have been, in order to provide you, the customer, with more appropriate solutions.
- We analyze the results of surveys conducted on the Bank's customers, statistics, tests and comments left by customers on the Bank's different social media pages (Twitter, Facebook, etc.).
In some cases, the Bank will only process your personal data if it has specifically obtained your consent to do so.
For example :
6.5 Direct marketing
The Bank offers you a wide range of financial products and services and, as a company, it has a legitimate interest in being able to tell you about the products or services that it provides or is promoting. With this in mind, it may need to use your personal data and, in particular, your contact details, in order to send marketing communications to you.
In practice, this means that you may be contacted in the following cases, for example :
As part of its direct marketing activities, the Bank may contact you using traditional methods, such as the telephone and ordinary mail. The Bank will only use these traditional methods of communication if you have not exercised your right of objection to your commercial data being used for direct marketing purposes (see 11.5).
The Bank may also contact you electronically (via e-mail, fax or SMS). However, it will only do this when you have provided your consent for it to do so.
Under no circumstances will the Bank disclose your data to third parties so that they can send you marketing communications for their own products and services. Furthermore, the Bank will never process sensitive data for direct marketing purposes.
Generally speaking, cookies are small data files stored on your computer. They may have different functions, but they are generally used to keep a record of websites that you have visited, which can use them to remember you and your preferences when you visit in the future.
We also use data recorded by cookies to compile statistics for our Website and to ensure that its performance and content are improved.
Most web browsers are automatically configured to accept cookies. However, you can configure your web browser to notify you each time a cookie has been sent or to stop it from saving cookies on your hard disk. If you do not accept our cookies, you may notice that our Website will slow down or you may no longer be able to access all of its services.
For more detailed information about using our cookies, please read the Bank's Cookies Policy.
We recommend that you read their personal data protection policies carefully, and we will not take any responsibility for the use of your personal data that such third party sites may make.
8. Storage period
We try to not store your personal data for any longer than we need for the processing activity that requires us to collect them. When assessing how long we need to store your personal data, we must also take into account the applicable regulatory requirements (requirements stemming from legislation against money laundering, for example).
More specifically, your personal data as a prospective customer will be stored for a maximum period of two years from the last communication by you to our services or from the last participation in one of our events.
If you are a customer of the Bank, the data that we will have collected as part of our contractual relationship will, in principle, be stored for the duration of this relationship and for a period of 10 years after you close your account. This period may be longer in some cases, for example, when it involves a dispute (until there is an outcome to the dispute).
In case of a new customer relationship established by videoconference:
Other data, such as data collected using surveillance cameras, are stored for a shorter period (a period of a month for images recorded by surveillance cameras).
9. Data security
We take suitable technical and organizational measures in order to guarantee that your personal data are adequately protected against being lost or accidentally divulged to unauthorized individuals.
We have put in place security technology that complies with international rules and current standards in order to protect your personal data.
You can also help to keep your personal data secure by following these tips:
- belongs to Keytrade Bank Luxembourg is issued (verified) by Globalsign nv-sa
If you contact our customer service department about an issue relating to executing your orders, they will ask you for your bank account details. When using the "Telephone orders" service, they will ask you some personal questions in order to identify you.
10. Who receives your data? To whom may your data be transferred?
- to market and regulatory authorities;
- to the Central Bank of Luxembourg (in cases mentioned by European Regulation no. 2016/867 of 18 May 2016 (the ANACREDIT Regulation))relating to credits that are granted to you ;
- to public or judicial authorities, such as the police, prosecutors, law courts, etc., within the limits imposed by law ;
- to lawyers (for example, in relation to the dissolution of a marriage or a bankruptcy), notaries (for example, when it involves a mortgage or inheritance), guardians or provisional administrators, etc ;
- Specialist providers from the financial sector, who must also fulfil their legal obligations as data processors in relation to personal data;
(For example: Correspondent banking institutions in foreign countries, etc.);
- Service providers who help us to:
- Create and maintain our tools;
- Market our activities, organize events and manage communications with customers;
- Develop and/or manage our products and services.
In such cases, we ensure that these third parties only have access to the personal data that they need to complete their specific tasks. We also ensure that our data processors commit to treating data securely and confidentially, and to using them as outlined in our instructions.
The recipients of your personal data mentioned above may process your data, under our instructions, for the execution of your contractual relationship with the Bank, or in order to comply with the legal obligations that apply to the Bank. However, it is also possible that such data will be processed by these recipients for their own purposes and/or for compliance with their own obligations. In such case, these recipients are responsible for the processing of your data and the Bank accepts no liability for any damage that may result from such processing.
Under no circumstances will we sell your personal data to third parties.
11. What are your rights?
11.1 Right of access and correction
You have a right of access to your personal data. In particular, the Bank can provide you with:
If you discover that your data are inaccurate or incomplete, you can ask us to correct them.
We take all necessary measures to ensure that your personal data are correct, up-to-date, complete and relevant, which is why we ask you to keep us informed of any changes (new addresses, new identity cards, acquisition of a new nationality, etc.).
If we correct your data and we have previously shared them with third parties, we will also notify them of these corrections.
11.2 Right to be forgotten
In some specific cases, legislation enables you to have your personal data deleted.
This is particularly the case if the data are no longer needed for the purposes for which we have collected them (for example, because you have disclosed your contact details to us in order to take part in an event which has finished), if we have only processed your data because you provided your consent for us to do so and you decide to withdraw it, or if you object to your data being processed and we have no legitimate reasons which take precedence over yours.
However, the Bank may store your personal data when they are needed for establishing, exercising or defending its rights in court, or for the Bank to comply with its statutory obligations. The Bank will therefore be required to comply with storage periods stipulated by different laws, particularly when the data are for transactions which you have carried out or have been collected as part of our obligations relating to fighting against money laundering and the financing of terrorism (see point 7).
11.3 Right to restrict processing
This particular right of objection enables you to ask the Bank to block your data temporarily in specific cases set out by regulations: the Bank will then no longer be able to process your affected data for a specified time.
You can ask for your data to be blocked:
If you exercise this right, we will be able store your data, but we will no longer be able to carry out any further processing on them, except when you provide your consent for us to do so, or in order to establish, exercise or defend our rights (or the rights of another person).
11.4 Right to data portability
Thanks to this right, you can ask the Bank to send your personal data to you or to send them directly to another data controller, when this is technically possible for the Bank. This right only applies to data which you yourself have supplied to the Bank and which are automatically processed, on the basis of the contract or when you have provided your consent.
11.5 Right to withdraw your consent
When your data are only being processed because you have provided your consent, you have the right to withdraw this consent at any time. However, withdrawing your consent does not provides the grounds for you to call into question the legality of the processing activity carried out during the period before you withdrew your consent.
11.6 Right of objection
You always have the right to object to your data being used for direct marketing purposes, without any justification and at no expense via email : firstname.lastname@example.org. If this occurs, your data will no longer be used for this purpose.
Furthermore, you also have the right to object, for reasons relating to your particular circumstances, to any processing of your personal data which has been carried out to further our legitimate interests. However, we will be unable to grant your request if our legitimate interests prevail over yours or if we are required to process your data in order to establish, exercise or defend our rights in court.
12. How can you exercise your rights?
In order to exercise your rights, you can send your dated and signed request to us, together with a readable copy of the front and back of your identity card, with as many specific details as possible:
62 Rue Charles Martel
Upon receiving your complete request, we will respond to it within 30 calendar days.
If you request any additional copies when exercising your right to access your personal data, we may charge you a reasonable amount for administrative costs.
13. Who should you contact if there is a dispute?
If there is a dispute relating to processing your personal data, you can submit a mediation request to the National Commission for the Protection of Privacy at the following address: 15, Boulevard du Jazz, L-4370 Belvaux, Grand Duchy of Luxembourg, or with any other competent data protection authority in the Member State of the European Union in which you reside.