How can we help?
Popular searches
Loading…

Privacy Policy

ING Bank N.V. is a European financial institution and is subject to the data protection obligations set out in the EU General Data Protection Regulation 2016/679 (GDPR). To comply with GDPR, ING Bank N.V. has implemented data protection principles on a global scale, through its Global Data Protection Policy (GDPP). The GDPP is binding on all ING entities, subsidiaries, branches, representative offices, and affiliates worldwide and approved by the EU Data Protection Authorities. Therefore, in addition to local privacy laws and regulations, ING Bank N.V. has resolved that all its entities, subsidiaries, branches, representative offices, and affiliates worldwide comply with GDPP regardless of geographical location, market typology or target customer.

ING Bank (Australia) Limited (IBAL) is bound by the protections in Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2014 (Version 2).

This is the Privacy Statement of ING Bank N.V., all its entities, subsidiaries, branches, representative offices, affiliates and other ING group companies (including ING Bank (Australia) Limited ("IBAL")) ("ING", "we", "us" and "our"), and it applies to us as long as we process Personal Data that belongs to individuals ("you").

1. Purpose and scope of this Privacy Statement

At ING, we understand that your personal data is important for you. This Privacy Statement explains in a simple and transparent way what personal data we collect, record, store, use and process and how. Our approach can be summarised as: the right people use the right data for the right purpose.

This Privacy Statement applies to

All past, present and prospective ING customers who are individuals ("you"). This includes one-person businesses, legal representatives or contact persons acting on behalf of our corporate customers.

Non-ING customers. These could include anyone who makes a payment to or receives a payment from an ING account; anyone that visits an ING website, branch or office; professional advisors; shareholders; anyone who is a guarantor; ultimate beneficial owner, director or representatives of a company that uses our services; debtors or tenants of our customers; anyone involved in other transactions with us or our customers.

We obtain your personal data in the following ways:

You share it with us when you become a customer, register for our online services, complete an online form, sign a contract with ING, use our products and services, contact us through one of our channels or visit our websites.

From your organisation, when it becomes a prospective customer or if it is an existing customer and your personal data is provided to help us contact your organisation.

From other available sources such as debtor registers, land registers, commercial registers, registers of association, the online or traditional media, publicly available sources or other companies within ING or third parties such as payment or transaction processors, credit agencies, other financial institutions, commercial companies, or public authorities.

Our Social Media User Terms apply to your use of ING's social media sites or facilities. If you engage with us on any of our social media channels, you agree to be bound by these terms.

2. The types of personal data we process

Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:

For individuals who are customers

Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;

Transaction data, such as your bank account number, any deposits, withdrawals and transfers made to or from your account, and when and where these took place;

Financial data, such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with ING, whether you are registered with a credit register, payment arrears and information on your income;

Socio-demographic data, such as whether you are married and have children. Where local law considers this sensitive data, we respect the local law;

Online behaviour and preferences data, IP address of your mobile device or computer you use and the pages you visit on ING websites and apps;

Data about your interests and needs that you share with us, for example when you contact our call centre or fill in an online survey;

Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;

Audio-visual data; where applicable and legally permissible, we process surveillance videos at ING branches, or recordings of phone or video calls or chats with our offices. We can use these recordings, to verify telephone orders, for example, or for fraud prevention or staff training purposes;

Your interactions with ING on social media, such as Facebook, Twitter, Instagram, Google+ and YouTube. We follow public messages, posts, likes and responses to and about ING on the internet.

For individuals connected to a customer who is not an individual (wholesale banking customers):

Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;

Financial data: when you undertake a guarantee with us for the benefit of a customer, we may verify credit history, credit capacity, and other information relating to your creditworthiness and credit conditions;

Online behaviour and preferences data: IP address of your mobile device or computer and the pages visited on ING websites and apps;

Data about customer's interests and needs shared with us when you contact our officers or participate in an ING survey;

Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;

Audio-visual data: where applicable and legally permissible, we process surveillance videos at ING branches, or recordings of phone or video calls or chats with our offices.

Sensitive data

Sensitive data is data relating to your health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal data (information on fraud is criminal data and we record it). We may process your sensitive data if:

For individuals who are customers:

We have your explicit consent;

We are required or allowed to do so by applicable local law. For example, we may be obliged to keep a copy of your passport or identity card when you become an ING customer;

You instruct us to make a payment, for example, to a political party or religious institution.

If allowed under local law, and you choose to use it, we may use face, fingerprint or voice as recognition for authentication to access mobile apps and perform certain operations therein.

For individuals connected to a customer who is not an individual (wholesale banking customers):

We have your explicit consent;

We are required or allowed to do so by applicable local law; or

You provide sensitive data as part of a contractual agreement or in connection with a requested product or service.

For example, we process sensitive data in connection with

Know your customer (KYC) data obligations: we may keep a copy of your passport or ID card, as applicable based on local law;

Money laundering or terrorism financing monitoring: we monitor your activity and may report it to the competent regulatory authorities; and

If allowed under local law, and you choose to use it, we may use your face, fingerprint or voice as recognition for authentication into mobile apps and certain operations.

Children's data (only applies to individuals who are customers)

We only collect data about children if they have an ING product or if you provide us with information about your own children in relation to a product you buy. We will seek parental consent when local law requires it.

3. What we do with your personal data

Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with applicable laws. We only use your personal data for business purposes such as:

For individuals who are customers:

Performing agreements to which you are a party or taking steps prior to entering into agreements. We use information about you, such as your name and contact details, when you enter into an agreement with us, or we have to contact you. We analyse information about you to assess whether you are eligible for certain products and services. For example, we may look at your payment behaviour and credit history when you apply for a loan or a mortgage. And we use your account details when you ask us to make a payment or carry out an investment order.

Relationship management and marketing. We may ask you for feedback about our products and services, or record your conversations with us online, by telephone or in our branches. We may share this with certain members of our staff to improve our offering or to customise products and services for you. We may send you newsletters informing you about these products and services. Of course, if you don’t want to receive these offers you have the right to object or to withdraw your consent.

  • Providing you with the best-suited products, services and marketing. We may use your data for commercial activities, including processing which is necessary for developing and improving our products and/or services, customer service, segmentation of customers and profiling and the performance of (targeted) marketing activities. We do this to establish a relationship with you and/or to maintain and extend a relationship with you and for performing statistical and scientific purposes. You have the right to withdraw your consent or object to personalised direct marketing or commercial activities, including related profiling activities. Moreover, you can always unsubscribe from receiving personalised offers.

  • To improve and develop our products and services. Analysing how you use and interact with our products and services helps us understand more about you and shows us where and how we can improve. For instance:
  • When you open an account, we measure how long it takes until you are able to use your account.
  • We analyse the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
  • Sometimes we analyse your personal data using automated processes, such as algorithms, to speed up credit decisions for loans and mortgages.

  • For credit risk and behaviour analysis. We use and analyse data about your credit history and payment behaviour to assess your ability to repay a loan, for example.

  • Business process execution, internal management and management reporting. We process your data for our banking operations and to help our management make better decisions about our operations and services.

    Safety and security. We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ING and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.

  • To protect your assets from fraudulent activities online, for example, if you are hacked and your username and password are compromised.
  • We may use certain information about you (e.g. name, account number, age, nationality, IP address, etc.) for profiling purposes to detect fraudulent activities and the perpetrators.
  • We may use your personal data to alert you if we detect suspicious activity on your account, for example, when your debit or credit card is used in a non-typical location.

  • Protecting your vital interests. We process your data when necessary to protect your interests that are essential for your life or that of another natural person. For example for urgent medical reasons. We will only process your data necessary for the vital interests of another natural person if we cannot base it on one of the other purposes mentioned.

    Compliance with legal obligations to which we are subject. We process your data to comply with a range of legal obligations and statutory requirements. For example, in Australia, we're required to identify you in accordance with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), determine and report in respect of your foreign tax residency status and where you apply for consumer credit - to ascertain and verify your financial situation in accordance with our responsible lending obligations under the National Consumer Credit Protection Act 2009 (Cth),

    For individuals connected to a customer who is not an individual (wholesale banking customers):

    Performing agreements to which you are a party or taking steps prior to entering into agreements. If you are a representative of a corporate customer, we may use your personal data to enter into an agreement with the customer, and to contact the customer when needed. If you are an individual providing guarantee for the customer, or a beneficiary of payment instruments we may use your personal data to enter into an agreement or executing a payment order in connection to our arrangements with the customer. We may verify your capacity and powers using trade registers or incumbency certificates;

    Relationship management and marketing. We may ask you as the representative of the customer to give us feedback on the products and services offered to the business client. We may send newsletters regarding new and existing products and services offered by ING. You may opt out of any communication at any time;

  • Providing the best-suited products and services. When you as the representative of a customer visit our website, call our customer service centre, talk to an ING employee or visit a branch, we may gather information about the customer;
  • Improving and developing products and services. Analysing how products and services are used helps us understand more about our performance and shows us where and how we can improve our products and services;

  • Business process execution, internal management and management reporting. We process personal data for our financial services operations and to help our management make better decisions about our operations and services;

    Safety and security.We have a duty to protect all personal data and to prevent, detect and contain a data breach or fraud involving personal data collected to comply with regulations against money laundering, terrorism financing and tax fraud. To safeguard and ensure the security and integrity of ING, the financial sector, clients and employees, we may

  • Process your personal data to protect your organisation´s assets from fraudulent activities, for instance in case your identity (e.g. username and password) is compromised.
  • Use certain personal data (e.g. name, account number, age, nationality, IP address, etc.) for profiling to detect fraudulent activities and the actors behind it.
  • Use your personal data to alert you in case we detect suspicious activities involving your business´s assets, for example a transaction is taking place from a non-typical location.

  • Compliance with legal obligations to which we are subject. We process personal data to comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation etc.). For example, know your customer (KYC) rules and regulations require ING to verify the identity before accepting you as a customer. Upon request by authorities, ING may report the transactions carried out by customers.

    When processing is not compatible with one of the above purposes, we ask for your explicit consent, which you may withhold or withdraw at any time.

    Applicable laws require us to retain personal data for a period of time. This retention period may vary from a few months to a several years, depending on the applicable local law. When your personal data is no longer necessary for a process or activity for which it was originally collected, we delete it, or bundle data at a certain abstraction level (aggregate), render it anonymous and dispose of it in accordance with the applicable laws and regulations.

    4. Who we share your data with and why

    To offer you the best possible services and remain competitive in our business, we share certain data internally i.e., with other ING businesses and externally (i.e., outside of ING) with third parties.

    Whenever we share your personal data externally (i.e., outside of ING) with third parties in countries outside of the European Economic Area (EEA) we ensure the necessary safeguards are in place to protect it. For this purpose, we rely upon, amongst others:

    Requirements based on applicable local laws and regulations.

    EU Model clauses, when applicable, we use standardised contractual clauses in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with GDPR.

    International treaties such as the EU US Privacy Shield framework that protects personal data transferred to certain service providers in the United States.

    For all customers:

    ING entities

    We transfer data across ING businesses and branches for various purposes (see section ‘What we do with your personal data’ for the full list). We may also transfer data to centralised storage systems or to process it at a central point within ING for efficiency purposes. For all internal data transfers we rely on our binding corporate rules as defined in EC Regulation (EU) 2016/679, which is our Global Data Protection Policy (GDPP), and on the applicable local laws and regulations.

    Government, Supervisory and Judicial authorities

    To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities such as:

    Public authorities, regulators and supervisory bodies such as the central banks and other financial sector supervisors in the countries where we operate.

    Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other information about your organisation. For this purpose, we may process your identification data like social security number, tax identification number or any other national identifier in accordance with applicable local law.

    Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request.

    Financial institutions

    To process certain payment and withdrawal services, we may have to share information about the customer or its representative with another bank or a specialised financial company. We also share information with financial sector specialists who assist us with financial services like

    exchanging secure financial transaction messages

    payments and credit transactions worldwide

    processing electronic transactions worldwide

    settling domestic and cross-border security transactions and payment transactions.

    Other financial services organisations, including banks, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers.

    Service providers and other third parties

    When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like

    Designing, developing and maintaining internet-based tools and applications;

    IT service providers who may provide application or infrastructure (such as cloud) services;

    Marketing activities or events and managing customer communications;

    Preparing reports and statistics, printing materials and designing products;

    Placing advertisements on apps, websites and social media;

    Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;

    Identifying, investigating or preventing fraud or other misconduct by specialised companies;

    Performing specialised services like postal mail by our agents, archiving of physical records, contractors and external service providers; or

    Carrying out securitisation arrangements (such as trustees, investors and the advisers).

    Account information and payment initiation services within the EU

    The revised EU Payment Service Directive (PSD2) allows you to instruct a third-party payment service provider (TPP) to retrieve account information or initiate payments on your behalf with respect to your accounts with ING. The TPP may do so only if you have given your explicit consent to those services.

    When we receive a request from a TPP on your behalf, we are obliged to carry out the request for payment or account information, as requested.

    Additionally you can also use the PSD2 services to manage your accounts with other banks through your ING channels or apps. You may use the ING app or channel to

    View account information of your current payment accounts with other banks;

    Make online payments from your current payment account with other banks.

    In this case, we will be the TPP and we may only offer these services if we receive your explicit consent. If you decide that you no longer want to use these PSD2 services, you can simply turn off the feature in the ING online environment.

    For individuals who are customers only:

    Independent agents, brokers and business partners

    We may share your personal data with independent agents, brokers or business partners who act on our behalf, or which jointly offer products and services with us, such as insurance. They are registered in line with local legislation and operate with due permission of regulatory bodies.

    Researchers

    We are always looking for new insights to help you get ahead in life and in business. For this reason, we exchange personal data (when it’s legally allowed) with partners like universities and other independent research institutions, who use it in their research and innovation. The researchers we engage must satisfy the same strict requirements as ING employees. The personal data is shared at an aggregated level and the results of the research are anonymous.

    Credit reporting bodies

    For customers who apply for a credit facility with us in Australia, you agree that we may exchange your personal data with a credit reporting body ("CRB"), including by sharing information about:

    your identity

    your credit worthiness

  • your credit history, including about the type of credit you have (like credit cards, personal loans and home loans), how much you have borrowed and if you've made your repayments (including repayments you're required to make under your ING credit facility with us)
  • whether you have committed fraud or another serious credit infringement, and
  • obtaining commercial credit information about you in order to assess an application by you for consumer credit.
  • The CRBs we use include Equifax Australia Information Services & Solutions Pty Limited ("Equifax") (equifax.com.au) and illion Australia Pty Ltd ("illion") (illion.com.au). The privacy policy of each of Equifax and illion explains how it manages your personal information and can be found on its website.
  • CRBs may include information that we provide in reports to other credit providers to assist those credit providers to assess your credit worthiness. We may ask a CRB to give us your overall credit score, and we may use credit information from CRBs together with other information to arrive at our own credit score of your ability to manage your credit obligations.

    Pre-screening assessments
    Credit providers (like us) can ask CRBs to use your credit information to pre-screen you for direct marketing purposes, but you can tell CRBs not to do this. However, by applying for a credit facility with us, you may still receive direct marketing from us (unless you ask us not to) that has not been 'pre screened'.

    Fraud - 'ban period'

    If you believe, on reasonable grounds, that you have been, or could be, a victim of fraud (for example, someone else may be using your name to apply for credit), you can ask CRBs not to use or give anyone your credit information during a 'ban period'.
    The 'ban period' is a period of 21 days starting on the day you make the request. That period can be extended on your request where the CRB believes on reasonable grounds that you have been, or are likely to be, the victim of fraud. By applying for a credit facility with us, you agree to us accessing your personal information held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or in order to collect overdue payments.

    Credit providers

    For customers who apply for a credit facility with us in Australia, you agree that we may disclose information about you (including about your credit worthiness, credit history and repayment history information) to other credit providers to assess an application by you for credit, to notify them of a default by you and to inform other credit providers who allege you are in default with them. You also agree that we may disclose your information to any person reasonably necessary for the purposes of that person taking an assignment of any contract the lender has with you.

    Transfer of personal information overseas

    Sometimes we may send your information overseas - for example, where we send information to ING Group members overseas or outsource functions overseas. If we do this, we make sure there are arrangements in place to protect your information. For customers in Australia, the countries to which your information may be sent include the Netherlands, Philippines, Poland, Singapore, Slovakia and the United Kingdom.

    5. Your rights and how we respect them

    If your personal data is processed, you have privacy rights. Based on applicable laws, your privacy rights may vary from jurisdiction to jurisdiction. If you have questions about which rights apply to you, please get in touch with us through the email address mentioned in item 9.

    We grant the following rights:

    Right to access information

    You may request access to limited amounts of personal information that we hold about you.

    For access to information that we hold about you, you will need to write to the ING Privacy Officer at GPO Box 4094, Sydney NSW 2001. We may request that you specify the information you wish to access, to help us quickly identify and retrieve that information for you. Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction.

    An access charge may apply, but not to your request for access itself. In particular, we may impose a reasonable charge for providing access to this information to recover any expenses incurred in retrieving and collating the requested information. Where an access charge applies, unless you authorise us to debit your account with us, access won't be provided until we receive payment. We will respond to your access request as soon as possible and tell you how long it will take to provide the information. This may be up to 28 days in some circumstances.

    We may exercise our right to deny access to particular information in certain situations, for example, where access may reveal our commercially sensitive decision processes (e.g. criteria for loan approvals), where the information relates to existing or anticipated legal proceedings, or where it will threaten the privacy of other individuals.

    If we deny you access to your personal information, we will write to you to:

    explain the reason your access request has been denied unless it would be unreasonable for us to do so in the circumstances; and

    the avenues available to you to complain about our refusal.

    If we refuse to give you access, if appropriate, we will attempt to find alternative means to enable you to access the information, for example, through a mutually agreed intermediary.

    Right to rectification

    We take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading. For instance, we may ask you to confirm some of your details when you speak to our Contact Centre staff. However, please contact us if you learn that any your personal information that we hold is incorrect, has changed or requires updating. You can update some of your personal information using online banking.

    It may take 28 days or more to consider your correction request in unusual circumstances (e.g., where we are required to consult with other credit reporting bodies and/or credit providers in relation to the information).

    We will promptly update your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we correct the personal information the subject of your correction request and we have previously disclosed that information to a third party, we will notify that third party of the corrected information (if we're required to by law).

    If we disagree with your request to correct your personal information, we will write to you to: explain the reason your correction request has been denied unless it would be unreasonable for us to do so; and the avenues available to you to complain about our refusal.

    If we disagree with your request to correct your personal information, you also have the right to ask us to attach a statement that in your opinion the information is in your opinion inaccurate, out-of-date, incomplete, irrelevant or misleading. However, please note that this right does not apply to our refusal to correct your credit information.

    Right to object to processing

    You can object to ING using your personal data for its own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data.

    You may not object to us processing your personal data if

    We are legally required to do so; or

    It is necessary to fulfil a contract with you.

    For individuals who are customers only:

    You can also object to receiving personalised commercial messages from us. When you become an ING customer, we may ask you whether you want to receive personalised offers. Should you later change your mind, you can choose to opt out of receiving these messages. For example, you can use the 'unsubscribe' link at the bottom of commercial emails or manage your preferences on our website or mobile banking app.

    In addition, even if you opt out of receiving personalised offers, we will alert you to unusual activity on your account, such as:

    When your credit or debit card is blocked;

    When a transaction is requested from an unusual location.

    Right to object to automated decisions

    We sometimes use systems to make automated decisions based on your personal information if this is necessary to fulfil a contract with you, or if you gave us consent to do so. In certain circumstances, you may have the right to object to such automated decisions (for example the price we charge for a product or service) and ask for an actual person to make the decision instead.

    Right to restrict processing

    You have the right to ask us to restrict using your personal data if

    You believe the personal data is inaccurate;

    We are processing the data unlawfully;

    We no longer need the data, but you want us to keep it for use in a legal claim;

    You have objected to us processing your data for our own legitimate interests.

    Right to data portability

    You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, and based on applicable local law, we will transfer your personal data.

    Right to erasure

    ING is legally obliged to keep your personal data. You may ask us to erase your online personal data if

    We no longer need it for its original purpose;

    You withdraw your consent for processing it;

    You object to us processing your data for our own legitimate interests or for personalised commercial messages;

    ING unlawfully processes your personal data; or

    A local law requires ING to erase your personal data.

    Right to complain

    Should you as a customer or its representative be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to the ING Bank data protection officer. We are committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently.

    If you have a complaint or a concern about privacy at ING, including if you consider that we have breached the Privacy Act, the Credit Reporting Privacy Code or other applicable Privacy Code that applies to us, please contact the Privacy Officer by one of the means set out above. If you are not satisfied with how your complaint or concern about privacy is resolved, you can refer your complaint to Australian Financial Complaints Authority (AFCA). AFCA can be contacted on the following details:

    Visit www.afca.org.au
    Email info@afca.org.au
    Call 1800 931 678
    Write to Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

    If you are not satisfied with how your complaint or concern is resolved by the relevant external dispute resolution body, you can then refer your complaint to the Privacy Commissioner. The Privacy Commissioner can be contacted on the following details:

    Visit www.oaic.gov.au
    Email enquiries@oaic.gov.au
    Call the Privacy Hotline: 1300 363 992
    write to: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001

    Please go to the "Complaints and Disputes" section of our website for information on how we deal with your complaints that are not privacy related.

    Handling your complaints

    We aim to:

    acknowledge receipt of your complaint with 7 days; and

    resolve your complaint within 28 days. In certain circumstances that may not be possible. If we form the view that we can't resolve your complaint within 28 days, we will notify you of the reason for the delay and the expected timeframe to resolve your complaint.

    Exercising your rights

    How you exercise your rights depends on your ING product and the availability of services in your country. If you want to exercise your rights or submit a complaint, please contact us.

    When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity. In some cases, we may deny your request and, if permitted by law, we will notify you of the reason for denial. If permitted by law, we may charge a reasonable fee for processing your request.

    We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time (than what is normally permitted by law) to complete your request, we will notify you immediately and provide reasons for the delay.

    6. Your duty to provide data

    In some cases, we are legally required to collect personal data or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays in the availability of certain products and services.

    7. How we protect your personal data

    We take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across all our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments.

    In addition, ING employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact ING if you suspect that your personal data may have been compromised.

    8. Changes to this Privacy Statement

    We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 8 January 2020.

    9. Contact and questions

    To learn more about ING’s data privacy policies and how we use your personal data, you can send us an email, call us or visit your local branch or office.

    Country

    Contact details ING

    Data Protection Authority

    Australia

    privacyaccessrequests@ing.com.au
    call: 133 464
    write to:
    ING Privacy Officer
    GPO Box 4094
    Sydney NSW 2001

    OAIC- Office of the Australian Information Commissioner
    https://oaic.gov.au/

    Belgium

    ing-be-privacyoffice@ing.com

    Belgian Privacy Commission
    http://www.privacycommission.be

    Bulgaria

    Emil.Varbanov@ing.com

    Commission for Personal Data Protection
    https://www.cpdp.bg/

    China

    dpochina@asia.ing.com

    Czech Republic

    Dpo-cz@ing.com

    Úřad pro ochranu osobních údajů
    https://www.uoou.cz

    France

    Dpo.privacy.france@ing.com

    Commission Nationale Informatique et Libertés
    https://www.cnil.fr/fr

    Germany

    datenschutz@ing.de

    Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
    https://datenschutz.hessen.de/

    Hong Kong

    dpohongkong@asia.ing.com

    PCPD- Privacy Commissioner for Personal Data, Hong Kong
    https://www.pcpd.org.hk/

    Hungary

    communications.hu@ingbank.com

    Hungarian National Authority for Data Protection and Freedom of Information
    http://www.naih.hu/

    Italy

    privacy@ingdirect.it

    Garante per la protezione dei dati personali
    www.gpdp.it
    www.garanteprivacy.it
    www.dataprotection.org

    Japan

    dpotokyo@asia.ing.com

    PPC – Personal Information protection Commission Japan
    https://www.ppc.go.jp/en/

    Luxembourg

    dpo@ing.lu

    CNPD - Commission Nationale pour la Protection des Données
    https://cnpd.public.lu

    Malaysia

    dpomalaysia@asia.ing.com

    PDP - Jabatan Perlindungan Data Peribadi
    http://www.pdp.gov.my/index.php/en/

    Netherlands

    privacyloket@ing.nl

    Autoriteit Persoonsgegevens
    https://autoriteitpersoonsgegevens.nl/

    Philippines

    DPOManila@asia.ing.com

    National Privacy Commission
    https://privacy.gov.ph/

    Poland

    abi@ingbank.pl

    Generalny Inspektor Ochrony Danych Osobowych
    http://www.giodo.gov.pl/

    Portugal

    dpo@ing.es

    CNPD- Comissão Nacional de Protecção de Dados
    https://www.cnpd.pt

    Romania

    protectiadatelor@ing.ro

    National Supervisory Authority for Personal Data Processing (ANSPDCP)
    http://www.dataprotection.ro/

    Russia

    protectiadatelor@ing.ro

    The Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor)
    https://rkn.gov.ru/

    Singapore

    dposingapore@asia.ing.com

    PDPC- Personal Data Protection Commission Singapore
    https://www.pdpc.gov.sg/

    Slovakia

    dpo@ing.sk

    Úrad na ochranu osobných údajov Slovenskej republiky
    https://dataprotection.gov.sk/uoou/

    South Korea

    dposouthkorea@asia.ing.com

    Spain

    dpo@ing.es

    Agencia Española de Protección de Datos
    https://www.agpd.es

    Taiwan

    70th floor, Taipei 101 Tower
    7 XinYi Road, Sec. 5
    11049 Taipei
    Taiwan

    Ukraine

    dpe.offfice@ing.com

    Personal Data Protection department of Ombudsman
    http://www.ombudsman.gov.ua

    United Kingdom

    ukdpo@ing.com

    Information Commissioner’s Office (ICO)
    https://ico.org.uk