Privacy Notice

Eurobank Private Bank Luxembourg S.A. (“the Bank”) wishes to inform you why and how the Bank collects and processes your personal data as well as of your rights under local data protection law and the EU General Data Protection Regulation (“GDPR”).

The personal data the Bank collects depend on the services or products requested and agreed between you and the Bank from time to time as well as on the relationship you have with the Bank, for example, if you are:

a)the Bank’s client (existing or prospective);

b) a representative of a client of the Bank;

c) an officer, signatory, representative or related party or beneficial owner of a company which is the Bank’s client;

d) a guarantor or security provider to the credit facility granted to a Bank’s client;

e) a legal guardian of a minor.

For the purposes of this Privacy Notice, the terms “personal data”, “data” and “personal information” are used to refer to any information relating to you that identifies or may identify you, such as your name or contact details. The term “processing” is used to collectively refer to actions such as the collection, retention, use, disclosure, transfer, deletion or destruction of personal data.

1. WHO IS RESPONSIBLE FOR DATA PROCESSING?

The Bank is a licensed credit institution, incorporated and established in accordance with the laws and regulations of Luxembourg, with company registration no. B24724 and with registered address at 534, rue de Neudorf, L-2220 Luxembourg.

If you have any questions or require further information, about how we use your personal information, you can contact our Data Protection Officer (“DPO”) by email at info@eurobankpb.lu or using the contact details under provided under section ‘Contact Us’ our website (https://www.eurobankpb.lu/Contact ).

Eurobank Private Bank Luxembourg S.A. is part of Eurobank S.A. Group. Each entity of the Eurobank S.A. Group has its own separate privacy notice. Such entities maintain their own websites that may be linked to our website. If you are interested in learning about how such entities process your personal data, please refer to their corresponding privacy notices, which may be found on their websites.

2. HOW AND FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

(a) Information You or Your Representative Provide: The Bank collects information about you via the Bank’s account opening forms and/or other relevant forms and/or agreements for the establishment and carrying out a contractual relationship (including AML/KYC information). The same applies if you are a guarantor or have provided any type of security to the Bank to secure the obligations of a Bank’s client.

(b) Information obtained from Eurobank S.A. Group entities: in the context of entering a contractual relationship with the Bank and the Eurobank S.A. Group and/or as allowed by the applicable law and/or to be in compliance with Eurobank’s S.A. Group policies and procedures.

(c) Information obtained from third parties: e.g. public and/or regulatory and/or supervisory authorities (such as the CSSF, the Luxembourg Tax Authorities;); credit reference bureaus such; other non-affiliated entities with which we have a contractual relationship for the purposes of the provision of our services and products; other payment services institutions such as banks and other third parties you transact with (e.g. merchants); natural or legal persons acting as introducers; entities providing services and products for Know-Your-Client (KYC) and due diligence purposes etc.

(d) Information obtained from publicly available sources: e.g. registries maintained by public and/or regulatory and/or supervisory authorities (such as the Companies Registry, the Bankruptcies and Liquidations Registries and the Intellectual and Industrial Property Registries; Land Registry Offices); lists and databases maintained by other entities including international organisations (such as sanctions lists and politically exposed persons (PEPs) lists); the media, the press and the internet.

(e) Information collected from your device: Each time you visit the Bank’s Digital Banking Service and website, the Bank automatically collects technical information, including the public internet protocol (IP) address used to connect your device to the Internet, your login information, browser type, operating system, biometric data and device information.

(f) Information collected and/or obtained from electronic communication: When you communicate with our Bank via telephone calls or video calls, the Bank automatically collects your telephone number and voice. When you communicate with our Bank via emails, the Bank automatically collects your email address and your public internet protocol (IP) address. When you communicate with our Bank via fax machines, the Bank automatically collects your fax number.

3. WHY THE BANK PROCESSES YOUR PERSONAL DATA?

(a)For the performance of contractual obligations:

The Bank collects and processes your personal data for:

a) identification purposes during the pre-contractual and contractual relationship;

b) carrying out the provision of banking services and other obligations to you;

c) the provision of investment or ancillary services;

d) granting a loan or credit facility;

e) carrying out credit risk assessment.

 

(b) For compliance with our legal obligations:

The Bank is subject to various legal obligations such as:

(a) the prevention and suppression of money laundering and financing of terrorism (“AML”);

(b) being in compliance with the obligations imposed by the applicable law, regulatory and supervisory as well as the decisions of any authorities (public, supervisory) or courts or other judicial and/or regulatory and/or supervising bodies.

 

(c) For safeguarding our legitimate interests:

Personal data are also processed for reasons pertaining to business and/or commercial interests such as:

a) consulting and exchanging data with credit reference agencies and other registries (e.g. the Companies Registry) to determine credit or default risks;

b) verifying your identity to protect you against fraud and to confirm your eligibility to use our products and services;

c) pursuing and/or defending claims in judicial and/or regulatory proceedings;

d) transferring, assigning and/or sale of any or all of our rights, titles or interests under any agreement between you and us;

e) monitoring and assessing compliance with Eurobank’s S.A. Group policies and procedures;

f) ensuring the smooth operation of our network and IT operations and security;

g) protecting our Intellectual Property rights;

h) preventing, detecting or investigating crimes and fraud (e.g. video surveillance (CCTVs); telephone conversations, video calls, admittance controls; anti-trespassing measures);

i) safeguarding our records and legal documents (e.g. record management and mail distribution services);

j) to protect the Bank’s clients, its employees as well as the premises and the Bank's property, in general.

(d) On the basis of your consent:

The Bank may require your explicit and specific consent to provide you with information about other goods and services it may be of interest to you and for sending you relevant newsletters or invitations for Bank’s events.

You have the right to revoke your consent at any time. However, any such revocation does not affect the lawfulness of data processed prior to the revocation.

4. WHAT TYPES OF PERSONAL DATA THE BANK COLLECTS AND PROCESSES?

Identification and Authentication data (e.g. name; gender; passport/identity card number; date and place of birth, signature): to identify you as an individual prior to the provision of the requested products and services as well as in the course of our business/contractual relationship.

Personal information (e.g. marital and family status; education level; residency and domicile information, employment status and position): to review your application for the Bank’s products and services and to comply with legal obligations.

Contact details (e.g. home address; correspondence address; phone number; mobile phone; e-mail address): for communication purposes, to respond to your inquiries and other requests.

Tax information (e.g. country of tax residence; tax identity number): to comply with legal obligations (e.g. US Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS) details).

Information about politically exposed persons: to review your application for the Bank’s products and services and to comply with legal obligations.

Special Categories of data: The Bank may collect health data in the context of the assignment of insurance products as collateral for credit granted by the Bank. The Bank may, also, collect data relating to criminal convictions and offences of its clients and persons related to its clients as part of the Bank’s initial and periodic review of its relationship with its clients, as required by law.

If you request banking facilities, such personal data may include: income, expenses, occupation, business activity information, tax status, employer, nature and term of employment, marital status, number of dependent children, personal investments.

If you request Payment Transactions, such personal data may include: accounts’ numbers, IBAN numbers, payment orders data, data resulting from the performance of our contractual obligations.

In the context of savings and deposits, such personal data may include: tax information, information on any third party beneficiaries, direct debit data, nature and source of transaction.

If you request financing, such personal data may include: purpose of financing, property valuations reports, land register extracts, sale agreements.

If you request investment, depositary products and services, such personal data may include: investment strategy, financial situation, assets and liabilities, information on subscribers and counterparties.

If you are a guarantor or a security provider to a credit facility granted to a client of our Bank: name, gender, marital and family status, residency, financial and economic background and circumstances, as provided directly from you or from other sources

Information obtained through electronic and other means of communication: caller’s telephone number, voice, IP address.

5. WHY AND WITH WHOM THE BANK SHARES YOUR PERSONAL DATA?

Your personal data are only processed by the Bank’s units and/or persons that are authorised to process them, given that it is necessary to do so for the fulfilment of our contractual and legal obligations, or where you have given us your consent to process them, or where we believe that it is necessary for our legitimate interests to do so.

Your data may also be shared with service providers and suppliers with whom the Bank has contractual agreements, pursuant to which they are bound to act only as per the written directions of the Bank, or where you have given us your explicit consent.

Under the aforementioned conditions, recipients of your personal data may include:

a) public and/or regulatory and/or supervisory authorities and other public institutions, to the extent that we are under a legal, statutory or regulatory obligation to do so, such as the CSSF, the European Central Bank, the Luxembourg Securities Exchange Commission, Athens Exchange Group, Central Security Depository, tax authorities, third party custodians for custody services for foreign markets, law enforcement authorities (e.g. police) courts and tribunals;

b) USA for Tax Withholding and Reporting purposes and Common Reporting Standard (CRS);

c) other public authorities, where we are authorised by you to do so;

d) other banking and financial institutions or similar institutions to which we transfer your data in order to perform our contractual obligations (e.g. payment providers, financial institutions or intermediaries with which we may have dealings including correspondent banks; custodian banks; brokers; stock exchanges; share and stock investment and management companies);

e) credit reference agencies for the purpose of credit assessment;

f) valuators, insolvency practitioners and surveyors;

g) insurance and forensic investigation companies;

h) external legal consultants, auditors and accountants; certifying officers; financial, business, tax advisors;

i) rating agencies such as Moody’s or Fitch;

j) file storage, data hosting, archiving and records management and cloud storage companies;

k) prospective and actual purchasers, assignees, transferees and charges of our rights, titles, titles or interests under any agreement between you and us;

l) third parties carrying out authentication services (i.e. push notification for Digital Banking) on the behalf of the Bank;

m) third parties carrying out Digital Banking services on the behalf of the Bank;

n) telecommunication companies for delivering account-based information and alerts to you;

o) document printing companies for the purpose of creating statements, correspondence and other mass mail and delivering this to you at your requested address;

p) the Eurobank S.A. Group with which the Bank works and shares information in order to receive services like infrastructure, technology, security and systems that assist us with the provision of our services.

q) entities providing services and products for Know-Your-Client (KYC) and due diligence purposes etc

r) entities providing identity verification as part of the digital services of the Bank.

6. CHILDRENS DATA

The Bank understands and respects the importance of protecting the privacy of children, namely of individuals under the age of 18. The Bank may process the personal data of children only with the prior authorization and/or consent of their parents or legal guardians or as otherwise required or permitted by law.

7. AUTOMATED DECISION MAKING (AND PROFILING)

The Bank does not make any decisions based solely on automated decision-making (including profiling). We, in general, do not use any automated decision-making (including profiling), except from AML Risk monitoring and scoring purposes in the context of combating money laundering and fraud, pursuant to the relevant and applicable legal obligations and the oversight of human beings.

In some cases, profiling is used in order to provide you with targeted marketing information on Bank’s events. You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting the Bank at any time.

8. DATA TRANSFERS TO THIRD COUNTRIES

Your data will only be transferred to third countries, where it is necessary to do so in order to carry out your orders (e.g. for credit transfers to correspondent banks), where we are legally obliged to do so (e.g. we are obliged to disclose information to the Luxembourg Tax Authorities, which may in turn disclose it to the US authorities pursuant to the legal framework implementing the US Foreign Account Tax Compliance Act (FATCA) and OECD Common Reporting Standards (CRS Law)) or where you have given us your consent to do so. Service providers and other entities that process your personal data on our behalf are under the obligation to comply with the same personal data protection standards and safeguards as we do, on the basis of either an adequacy decision issued by the European Commission pursuant to Article 45 of the GDPR, or contractual clauses between us and them or other appropriate safeguards pursuant to Article 46 of the GDPR.

9. HOW LONG THE BANK RETAINS YOUR PERSONAL DATA

The Bank will retain your personal data for as long as we have a business relationship with you as an individual or in your capacity as an authorised representative/agent of a client (whether an individual or a legal entity) or if you are a beneficial owner of a legal entity, or a current security provider and/or a person connected with a current client. We will hold your personal data for up to 10 (ten) years once our business relationship has ended.

The Bank will retain the personal data of the prospective clients for 6 months from the date of notification of the rejection of the application for banking services or from the withdrawal of the application, in accordance with the relevant directives of the GDPR

10. WHAT ARE YOUR RIGHTS FOR THE PROTECTION OF YOUR DATA

You have the following rights concerning the data the Bank controls and processes:

(a) to be informed about how we use your personal information and your rights. This is why we are providing you with the information in this Privacy Notice Statement (right to be informed).

(b) to be aware of the categories of your personal data that the Bank maintains and processes, their origin, processing purposes, recipients, retention period of your personal data and to receive a copy of your personal data processed by the Bank. (right of access).

(c) to request correction of your personal data that the Bank holds about you in order for such data to be complete and accurate (right of rectification), by producing any necessary document based on which the need for correction or completion arises from.

(d) to ask for restriction of the processing of your data (right to restrict processing). This right can be exercised where (i) you contest the accuracy of such data; (ii) the processing is unlawful but you request that we do not delete your personal data; (iii) we no longer need to process such data but you request that we retain them for reasons connected with legal claims; (iv) you have objected to us using your personal data but you are awaiting our confirmation as to whether we have legitimate grounds to continue processing such data.

(e) to object to any further processing of your personal data the Bank keeps and processes on the basis of our legitimate interests (right to object). Should you exercise this right, we will no longer process such data unless we are able to demonstrate legitimate grounds for the processing.

(f) to ask for the deletion of your personal data from the Bank’s systems and files (right to be forgotten). This right can be exercised where (i) we no longer need such data; (ii) you withdraw consent, provided that no other legal ground for processing applies; (iii) you object to us using your personal data in order to pursue our legitimate interests, provided that we do not have legitimate grounds for its use; (iv) your personal data have been improperly processed; (v) we have to delete your personal data because of a legal obligation.

(g) to request the receipt of the personal data you have provided the Bank with, or the transfer of your data from the Bank to any other controller of your data (right to data portability). This right can be exercised provided that (i) we process such personal information on the basis of your consent or because of our pre-contractual and/or contractual relationship and (ii) the relevant processing activities are carried out by automated means.

(h) not to be subject to a decision based solely on automated processing (including profiling) (right in relation to automated decision making and profiling)

(i) to withdraw your consent to collection and processing of your personal data (right to withdraw consent). In such case, the withdrawal of the consent does not affect the legality of the data processed prior to the revocation.

Please note that your rights may not be met, in whole or partly, if they concern data necessary for the establishment, exercise or defence of legal claims, or as otherwise permitted by law, irrespective of the source of their collection. 

If you consider that protection of your personal data has been prejudiced in any way, you also have the right to make a complaint at any time by contacting the Luxembourgish National Commission for Data Protection (the “CNPD”)by using this online complaint form. Please find hereunder the contact details of the CNPD

 

Commission Nationale pour la Protection des Données

15, boulevard du Jazz

L-4370 Belvaux

Luxembourg

Tel.: (+352) 26 10 60 - 1

https://cnpd.public.lu 

11. IF YOU FAIL TO PROVIDE PERSONAL DATA

When the Bank needs to collect personal data by law or under the terms of a contract it has with you and you fail to provide such data when requested, the Bank may not be able to enter into a contract with you or continue the business/contractual relationship with you or execute an order.

 

12. HOW DOES THE BANK PROTECT YOUR PERSONAL DATA?

The Bank is committed in safeguarding the privacy of the personal data and/or information you share with the Bank and/or with its employees and/or agents and/or associates. The Bank applies procedures and measures to safeguard and to provide reasonable protection of your personal data against loss, misuse, unauthorised access, disclosure and alteration. The data processing is conducted solely by persons who are under the control of the Bank, and only at its guidance.

13. COOKIES USED IN DIGITAL BANKING AND WEBSITE

The Digital banking service and the website of our Bank use small files known as cookies in order to optimise the online user’s experience. To find out more about how we use cookies please refer to the Bank’s website privacy notice.

14. CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice sets out information as to how we process your personal information for the purposes of articles 13 and 14 of the GDPR and it replaces any existing document in association with the information provided in this Privacy Notice. The Bank may modify this Privacy Notice from time to time in order to reflect its current practices and/or in accordance with any changes in the applicable legal framework. In any case, you are invited to periodically visit the Bank’s website (www.eurobankpb.lu) for information on the updated version of the Privacy Notice

 

Become a client

Looking for advice or information? One of our consultants will be happy to help.
GET IN TOUCH

Privacy notice:

because we do care about your privacy considerations, your web browsing journey to this website is maintained free and anonymous. We process generic technical browsing information for a limited period of time for the protection of this internet-facing website. For further information, please read our Terms of Use and Privacy Notice

Accept

Dear Client

We are happy to inform you that the Bank has launched a new Digital Platform aiming to improve client experience and enhance product offering.

 

For further information you may visit the "Digital Platform how-to videos & FAQs" or proceed to FAQ section

Continue to How-to Videos