Privacy statement

The Triodos Bank privacy statement sets out your rights and the measures Triodos Bank will take to protect your personal data.

What is personal data?

The processing of personal data means any interaction with the information including viewing, collecting, sharing, storing, transferring or analysing it for instance.

Your personal data will be held by Triodos Bank N.V. in The Netherlands. You can find information on how to contact us as well as further information on what Triodos Bank does, on this website. Triodos Bank N.V. has appointed a Data Protection Officer (DPO) and any data privacy queries which cannot be resolved through the information provided on our website can be directed to dpo@triodos.com or using the contact details included in our website.

When you apply for a product with Triodos Bank you will need to provide certain personal data to enable us to process your application, and to then provide the product or service you want on an on-going basis. For example, your name, contact details such as your email address and phone number(s), addresses, or your national insurance number. Triodos Bank may also hold personal data about you as a result of our relationship with you, the transactions you make using your current account or how you use our website for instance.

How your data is used

The General Data Protection Regulation (GDPR) only allows the processing of personal data if one or more conditions are met; these are known as a lawful basis for processing. Triodos Bank will only process your personal data for the reasons it was provided for, and only where there is a lawful basis for processing allowing this.

If Triodos Bank asks you for your consent to collect and use your data, you are free to withdraw your consent whenever you want.

For more information on how Triodos Bank will obtain, process and share data, make automated decisions, use data for marketing purposes; or learn how long the data will be kept and what happens if you choose not to provide personal data, please visit the privacy statements published in our local websites:

Triodos Bank default position is that we will not disclose personal data to organisations outside of the European Economic Area (‘EEA’). However, where this is required we will inform you and confirm why we need to do this. When we do transfer personal data outside of the EEA, we make sure that the data it is protected at the same level as within the EEA by using one of these safeguards:

Transfer of data to organisations in non-EEA countries (or states or provinces of these countries) with privacy laws in place providing the same level of data protection as within the EEA;
Transfer of data to organisations that are part of “Privacy Shield” which is an international framework that sets privacy standards at a similar level as those of the EEA.
Putting a contract in place with the recipient ensuring that they will process the data with the same level of data protection as within the EEA.

For more information, please visit the privacy statements published in our local websites:

Processing of your personal data by third parties

When a third party processes your personal data on our behalf, we ensure that they follow our instructions to protect your personal data. Third parties are required to sign agreements in which they commit themselves to safeguard your personal data and agree to only use the data to provide services to us included in the agreement.

Captin

Triodos Bank is entitled to register the personal data of holders of depository receipts in Triodos Bank. We do this under a cooperation agreement we have entered into with the responsible party for registering the depositary receipts of the shares of Triodos Bank NV, Stichting Administratiekantoor Aandelen Triodos Bank (SAAT). We have entered into an agreement with the company Captin BV (Captin) to take over this registration. To enable Captin to fulfil its role as administrator of the register of certificate holders, Triodos Bank has shared the register with Captin.

In addition, Captin will also enable trading in the certificates through its trading platform. To enable certificate holders to access this platform, Captin will contact registered certificate holders on behalf of Triodos Bank. Captin and Triodos Bank have entered into a cooperation and services agreement. As an annex to this agreement, Triodos and Captin have also agreed a data processing agreement in accordance with relevant laws and regulations.

To learn more and to configure your privacy preferences for this website, please visit privacy preferences.

What are your rights?

GDPR entitles you to a number of rights in relation to your personal data:

It is important that any personal data we use is accurate, up to date, and relevant. To ensure that your data is correct you have the right to access, correct or update your personal data at any time. If you think your data is incorrect or incomplete and you wish to correct your data or privacy settings, please contact us. Before providing access to your personal data we will ask you to verify your identity to protect you from identity theft and financial crime. We may also need to ask you some questions to ensure we have understood your request correctly.

You have right to request that we delete your personal data if: your personal data is no longer needed in relation to the purposes for which was collected; you withdraw your consent and there are no other legal grounds to process your personal data; you object to us processing your personal data for direct marketing purposes; you object to us processing your personal data for the legitimate interests of Triodos; you feel that your personal data is not being processed lawfully; and your personal data needs to be deleted to comply with the legal requirements. Please take notice of our retention periods which we deem necessary to provide you with our financial services and to be compliant with legal requirements regarding data retention. When personal data is no longer needed for any purposes and we are not required by law to retain it, we will take measures to delete your personal data. You have the right to receive your personal data in a structured, commonly used and machine-readable format.

You have right to request that we delete your personal data if:

your personal data is no longer needed in relation to the purposes for which was collected;
you withdraw your consent and there are no other legal grounds to process your personal data;
you object to us processing your personal data for direct marketing purposes;
you object to us processing your personal data for the legitimate interests of Triodos;
you feel that your personal data is not being processed lawfully; and
your personal data needs to be deleted to comply with the legal requirements.

Please take notice of our retention periods which we deem necessary to provide you with our financial services and to be compliant with legal requirements regarding data retention. When personal data is no longer needed for any purposes and we are not required by law to retain it, we will take measures to delete your personal data.

You have the right to request the restriction of the processing of your personal data for a limited period of time and under certain circumstances. For example, this could apply if you feel that your personal data held by Triodos is inaccurate, has not been processed lawfully, or is no longer needed for the purposes it was originally collected for. Triodos has the right to store your personal data while your query is investigated.

Please let us know if you are unhappy or do not agree with how we process your personal data. You have the right to object.

Please contact our Data Protection Officer in the first instance, dpo@triodos.com, if you have any concerns with how we have used your personal data. You also have the right to lodge a complaint directly with the local data privacy regulators. For more information please visit the privacy statements published in our local websites:

Triodos Bank Belgium (FR)
Triodos Bank Belgium (NL)
Triodos Finance France
Triodos Bank Germany
Triodos Bank Netherlands
Triodos Bank UK
Triodos Bank Spain
Triodos Investment Management

You also have the right to lodge a complaint directly with the Dutch data privacy regulator, the Dutch Data Protection Supervisory Authority (Autoriteit Persoongegevens) please visit their website for further details on how to do this.

If you are an EU resident, you may also decide to lodge a complaint with your national Data Protection Supervisory Authority instead.

Privacy statement

What is personal data?

How your data is used

Processing of your personal data by third parties

What are your rights?

Main

Our impact

Banking

Investing and giving

Privacy statement

What is personal data?

How your data is used

Processing of your personal data by third parties

What are your rights?

Your personal cookie settings