Go directly tomain navigation, search input field or thecontent

Triodos Bank Privacy Statement

The Triodos Bank Privacy Statement sets out your rights and the measures Triodos Bank will take to protect your personal data. This includes how we will use your information, what rights you have, and how the law protects you as an individual.

Triodos Bank will review and amend this privacy statement from time to time. You can always find the most up to date version on our website: www.triodos.com.

What is personal data?

Personal data means any information relating to an individual who can be directly or indirectly identified by reference to the information. A wide range of information constitutes personal data, including names, contact information, identification numbers such as social security numbers, and location data or online identifiers often referred to as ‘cookies’ for example. This applies to both automated information and to information included in manual filing systems.

What does processing mean?

The processing of personal data means any interaction with the information including viewing, collecting, sharing, storing, transferring or analysing it for instance.

Who holds your personal data?

Your personal data will be held by Triodos Bank N.V in The Netherlands. You can find information on how to contact us as well as further information on what Triodos Bank does, on the website above. Triodos Bank N.V  has appointed a Data Protection Officer (DPO) and any data privacy queries which cannot be resolved through the information provided on our website can be directed to them using the contact details included in our website.

Why is your personal data required?

When you apply for a product with Triodos Bank you will need to provide certain personal data to enable us to process your application, and to then provide the product or service you want on an on-going basis. For example, your name, contact details such as your email address and phone number(s), addresses, or your National Insurance number. Triodos Bank may also hold personal data about you as a result of our relationship with you, the transactions you make using your current account or how you use our website for instance.

How will Triodos Bank use your personal data?

The General Data Protection Regulation (GDPR) only allows the processing of personal data if one or more conditions are met; these are known as a lawful basis for processing. Triodos Bank will only process your personal data for the reasons it was provided for, and only where there is a lawful basis for processing allowing this.

If Triodos Bank asks you for your consent to collect and use your data, you are free to withdraw your consent whenever you want.

For more information on how Triodos Bank will obtain, process and share data, make automated decisions, use data for marketing purposes; or learn how long the data will be kept and what happens if you choose not to provide personal data, please visit the privacy statements published in our local websites:

Does Triodos Bank share your data outside of the European Economic Area?

Triodos Bank default position is that we will not disclose personal data to organisations outside of the European Economic Area (‘EEA’). However, where this is required we will inform you and confirm why we need to do this. When we do transfer personal data outside of the EEA, we make sure that the data it is protected at the same level as within the EEA by using one of these safeguards:

  • Transfer of data to organisations in non-EEA countries (or states or provinces of these countries) with privacy laws in place providing the same level of data protection as within the EEA;
  • Transfer of data to organisations that are part of “Privacy Shield” which is an international framework that sets privacy standards at a similar level as those of the EEA.
  • Putting a contract in place with the recipient ensuring that they will process the data with the same level of data protection as within the EEA.

For more information, please visit the privacy statements published in our local websites:

The use of your personal data by third party data processors

When a third party processes your personal data on our behalf, we ensure that they follow our instructions to protect your personal data. Third parties are required to sign agreements in which they commit themselves to safeguard your personal data and agree to only use the data to provide services to us included in the agreement.

To learn more, please check our cookie statement.

What are your rights?

GDPR entitles you to a number of rights in relation to your personal data:

The right to access your data and correct mistakes and inaccuracies

It is important that any personal data we use is accurate, up to date, and relevant. To ensure that your data is correct you have the right to access, correct or update your personal data at any time. If you think your data is incorrect or incomplete and you wish to correct your data or privacy settings, please contact us.

Before providing access to your personal data we will ask you to verify your identity to protect you from identity theft and financial crime. We may also need to ask you some questions to ensure we have understood your request correctly.

The right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format. We are looking at the best way to achieve this for our customers and will provide more information when available.

The right to the deletion of your personal data

You have right to request that we delete your personal data if:

  1. your personal data is no longer needed in relation to the purposes for which was collected;
  2. you withdraw your consent and there are no other legal grounds to process your personal data;
  3. you object to us processing your personal data for direct marketing purposes;
  4. you object to us processing your personal data for the legitimate interests of Triodos;
  5. you feel that your personal data is not being processed lawfully; and
  6. your personal data needs to be deleted to comply with the legal requirements.

Please take notice of our retention periods which we deem necessary to provide you with our financial services and to be compliant with legal requirements regarding data retention. When personal data is no longer needed for any purposes and we are not required by law to retain it, we will take measures to delete your personal data.

The right to restrict processing

You have the right to request the restriction of the processing of your personal data for a limited period of time and under certain circumstances. For example, this could apply if you feel that your personal data held by Triodos is inaccurate, has not been processed lawfully, or is no longer needed for the purposes it was originally collected for. Triodos has the right to store your personal data while your query is investigated.

The right to object to processing

Please let us know if you are unhappy or do not agree with how we process your personal data. You have the right to object.

The right to complain

Please contact our Data Protection Officer in the first instance, dpo@triodos.com, if you have any concerns with how we have used your personal data. You also have the right to lodge a complaint directly with the local data privacy regulators. For more information please visit the privacy statements published in our local websites:

 You also have the right to lodge a complaint directly with the Dutch data privacy regulator, the Dutch Data Protection Supervisory Authority (Autoriteit Persoongegevens) please visit their website for further details on how to do this.
If you are an EU resident, you may also decide to lodge a complaint with your national Data Protection Supervisory Authority instead.