Data Subject Rights
The Data Protection Acts 1988 - 2018 (the “Data Protection Acts”) lay down strict rules about the way in which personal data (including special categories of personal data) are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect. Further information regarding these rights can be found in the Data Protection Notice.
Inquiries about Data Subject Rights Requests should be made to Rights Management Requests, KBC Dublin Branch, Sandwith Street, Dublin 2.
(i) Making a Data Access Request (Article 15 General Data Protection Regulation (GDPR))
Under the Data Protection Acts, you may receive a copy of your personal data held by KBC Bank Ireland DAC or KBC Dublin Branch on request.
In order to respond to your request we require you to:
- Download the Customer Request Form here (pdf, 46 KB)
- Complete, sign and date the Access Request Form*. Please be as specific as possible about the information you wish to access;
- Post the Customer Request Form to Rights Management Requests, KBC Dublin Branch, Sandwith Street, Dublin 2 or email a copy of the completed signed form to email@example.com
*If you cannot download the Customer Request Form from the internet please contact us on 01-961 9800 and we can arrange to post this form to you or write a letter to Rights Management Requests, KBC Dublin Branch, Sandwith Street, Dublin 2 requesting your personal data.
(ii) Responding to your Access Request
Once we have received your fully completed Customer Request Form or letter we shall respond to you within the statutory period of thirty (30) days.
If you are not satisfied with the outcome of your access request you are entitled to make a complaint to the Data Protection Commissioner who may investigate the matter for you. The Data Protection Commission website contains useful information on access requests and other data protection issues at www.dataprotection.ie.
How do I get a copy of the Data Protection Notice?
How do I request a copy of my Personal Data held by KBC Bank Ireland or KBC Dublin Branch?
You may receive a copy of your personal data held by KBC Bank Ireland DAC or KBC Dublin Branch on request.
In order to respond to your request we require you to:
Send a written request by either downloading the Customer Request Form from the Data Protection section of our website or write a letter to Rights Management Requests, KBC Dublin Branch, Sandwith Street, Dublin 2 or email firstname.lastname@example.org requesting your personal data. If you cannot download the Customer Request Form we will arrange to post this form to you.
Complete, sign and date the Customer Request Form/letter. Please be as specific as possible about the information you wish to access;
Post the written instruction to Rights Management Requests, KBC Dublin Branch, Sandwith Street, Dublin 2 or email email@example.com.
How long does KBC hold my personal information for and how do I request deletion of my personal information?
How long certain personal information is stored depends on the nature of the information we hold and the purposes for which they are processed, including to provide our services and for other purposes such as:
- complying with legal obligations (for example, we are required to retain some customer information for a minimum of 6 years after the end of the customer relationship in accordance with the Central Bank of Ireland’s Consumer Protection Code or under anti-money laundering legislation);
- complying with retention obligations under legal or regulatory orders;
- to protect, enforce or defend our rights and property;
- to support operational retention needs (including to support the phased migration of data from KBC Bank Ireland DAC to KBC Bank NV (acting through its branch in Ireland) [or other third party acquirer notified to you] and the operational wind-down of KBC Bank Ireland DAC systems);
- to the extent necessary to protect the integrity of our IT systems and the data stored on those systems where a phased data erasure process is not feasible from a technical or operational perspective in which case all data stored on the relevant KBC system will be deleted once the last retention period for any data stored on that system has expired.
If the purpose for which the information was obtained has ceased and the personal information is no longer required, the personal information will be deleted or anonymised which means that your personal information is stripped of identifying characteristics or where it is required to be obtained for an additional period for operational reasons, security measures will be applied to prevent any further use of your personal information by the KBC Group other than its storage in a secure manner following which it will be deleted as explained above.
I made an application for a KBC Bank Ireland Account and/or financial product but did not fully open it. How do I ensure my data has been erased?
We are restricted in deleting certain applications as there are other statutory obligations imposed on us by law that we must also adhere to. Please rest assured that KBC Bank Ireland has strict retention periods assigned to all personal data entrusted to us and this data will be retained in a safe and secure environment and will not be used for any other purpose before being permanently deleted.
What does GDPR mean to me?
The General Data Protection Regulation (GDPR) was implemented on the 25 May 2018. The law provides individuals with greater control over their personal data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations such as KBC. The GDPR also imposes greatly increased obligations on organisations that collect this data. Under the GDPR individuals have the significantly strengthened rights to:
- access personal information held about them by an organisation; have incorrect or incomplete data corrected;
- have their data erased, where, for example, the organisation has no legitimate reason for retaining the data;
- obtain their data from an organisation and to have that data transmitted electronically to another organisation in certain circumstances (known as Data Portability);
- object to the processing of their data by an organisation for certain purposes;
- not be subject to (with some exceptions) automated decision making, including profiling.
The Irish Data Protection Commission website (www.dataprotection.ie) has further information for individuals on the GDPR.
Who do you send my personal data to? How does this differ and who have you sent my personal data to already?
As a member of the KBC Group, KBC sometimes shares personal information relating to its customers with other members of the KBC Group in order to carry out a number of key functions, for example, compliance and internal audit purposes, for internal reporting and ICT management
KBC also sometimes shares your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we use third parties to help us detect, prevent, or otherwise address fraud, security or technical issues. We go into more detail about the reasons we share personal information with third parties in the Data Protection Notice.
KBC Bank Ireland Regulatory Status
KBC Bank Ireland DAC is regulated by the Central Bank of Ireland Registered in the Republic of Ireland. Number 40537 Registered Office: Sandwith Street, Dublin 2, Ireland
KBC Bank NV Dublin Branch Regulatory Status
KBC Bank NV Dublin Branch with registered office at Sandwith Street, Dublin 2 with registration number 904213. KBC Bank NV Dublin Branch is licenced by the National Bank of Belgium in Belgium and is regulated by the Central Bank of Ireland for conduct of business rules.