You Are Here: ICBC (Europe) S.A. Amsterdam Branch >Customer Service >Announcement
GDPR  Information Letter

Subject: General Data Protection Regulation – Information Letter

Dear Clients,
The upcoming General Data Protection Regulation (« GDPR »), which governs the storage and processing of personal data, places new obligations on companies and organizations offering services in the European Union.

In view of these changes, we have updated our personal data protection rules to address specific GDPR obligations.

At ICBC (Europe) SA Amsterdam Branch (hereafter collectively referred as “the Bank”), we take your privacy seriously and believe that collecting and processing of personal data is a significant responsibility. Please find hereafter the information on the main GDPR principles.

Our role as Data Controller
The Bank will act as a Data Controller and will collect, store and process Client’s personal data necessary for performing the agreements with Clients and delivering the requested financial services. The Client keeps, at his discretion, the right to refuse to provide this personal data. Nevertheless, this may impede the establishment or continuation of a business relationship with the Bank.
Apart from personal data provided directly by the Client, to the extent allowed by law, the Bank may collect only such data which is necessary for the performance of its business and only within the framework of the services provided to its clients.

The Purposes of Processing
The Client’s personal data may be processed where such processing is necessary:
(i)for the performance of contractual obligations towards the Client,
(ii)for compliance with legal obligations and
(iii)for the purposes of the legitimate interests pursued by the Bank or by a third party, for instance, for fraud prevention purposes, in order to manage litigation, to establish statistics, for accounting as well as for direct marketing purposes relating to products and services of the Bank and aimed at the Client.
Unless it is objected by the Client, the latter authorizes the Bank to process personal data on the grounds mentioned above throughout the Bank’s group. In such a case, the transfer of the personal data shall follow the conditions as laid down in the “data transfers” section.

The Bank shall not disclose the collected personal data to third parties except on the express instructions of the Client or if legally required or permitted to do so. The Client thus acknowledges that, in certain cases, the Bank may disclose personal data to any third parties that process personal data in order to ensure compliance with legal obligations.

Data transfers
Data transfers to entities belonging to the same group as the Bank and located in third countries are protected by appropriate safeguards and the Client can obtain a copy thereof by contacting the Bank.
Data transfers to subcontractors, services providers and other companies, the involvement of which is necessary to provide the services that are located in third countries may, depending on the nature of the transfer:
- be covered by appropriate safeguards in which case the Client may obtain a copy thereof by contacting the Bank; or
- be otherwise authorized under applicable data protection law, as the case may be, as such transfer is necessary for the performance or execution of a contract concluded in the interest of the Client or for the establishment, exercise or defense of legal claims or for the performance of a contract between the Client and the Bank. 

The duration of processing of personal data will be as long as it is necessary to achieve the described purposes and in accordance with applicable laws.

Rights for Individuals
Finally, any individual having its personal data collected and processed has:
-The right to receive, free of charge, a copy of his personal data held by the Bank;
-The right to request that any of your personal data be corrected if it is found to be inaccurate or out of date;
-The right to request for your personal data be erased when it is no longer necessary for such data to be retained;
-The right to withdraw, at any time, your consent to the processing;
-The right to request from the Bank to be provided with your personal data and/or to transmit them directly to another data controller (data portability);
-The right to request for a restriction on the processing of your personal data;
-The right to object to the processing of your personal data; and
-The right to lodge a complaint with the Dutch Data Protection Authority (“Dutch DPA”).

Data Protection Contact
The Bank has appointed a Data Protection Officer (“DPO”) who can be contacted for any question or concern regarding the personal data protection, at the following address: 32, Boulevard Royal L.2449 Luxembourg, or by email at the following address: The Bank’s local contact point for any questions and concern:


ICBC (Europe) S.A.  Amsterdam Branch