KBC needs to use data to function as a company 

Use of personal data in banking services may be mandatory in accordance with specific legislation. For instance, KBC Bank is required by law (PSD2) to give authorised third-party service providers access to balance and transaction information on your KBC accounts when you request them to retrieve it. In addition, KBC offers the possibility to retrieve (transactions and balance) information from accounts held at other banks when you request it and to show this information in KBC Mobile, the KBC Business Dashboard or KBC Touch. With your consent, KBC may also process data on the accounts you hold at other banks for other purposes.​

KBC also shares personal data of individuals associated with a legal entity (Ultimate beneficial owner​ and legal representative) with, and receives such data from, other financial institutions in Belgium over the Kube platform. The purpose of this data sharing is to accelerate the legally required Know Your Customer data collection during the onboarding process for new corporate clients at a Belgian financial institution. It also encompasses the sharing of this personal data should this data be updated during the recurring KYC update processes. Information is shared only with financial institutions that need this data and is limited to what is required under anti-money laundering legislation.    

KBC may be legally required to notify the authorities, for example in the case of personal data breaches, and in this context communicate your personal data. KBC can also receive requests about information from authorities or public bodies (more information).  

KBC must comply with various national and international laws and regulations. Therefore, we report operations, transactions, orders or other requested personal data to competent local and foreign authorities regularly or when requested, depending on the circumstances. These authorities include financial, tax, administrative, criminal or legal bodies.     

For example, KBC is required by law to share certain information with the Central Point of Contact of the National Bank of Belgium.    

KBC uses personal data to prepare internal reports, for example in the context of complaints management to prevent the recurrence of complaints, or to measure the effective use of certain functionalities in KBC Mobile. KBC does this based on a legitimate interest.  

KBC processes personal data based on legitimate interest. This is done to comply with internal and regulatory reporting and internal control and communicate as a company. This includes:   

• Organising the administration, (risk) management and oversight, such as the legal department, the risk management department and inspections  
• Determining, exercising, defending and preserving the rights of KBC or persons KBC might represent (e.g., in disputes). KBC will also process personal data related to a dispute, even if KBC is not a direct party to the dispute. KBC will retain this personal data for as long as necessary for the dispute.​
• Increasing efficiency or producing other benefits for its organisation and processes     
• Contacting and evaluating future retailers  

KBC processes personal data based on legitimate interest. This is done to support ICT systems and software, improve processes, coach staff and improve services. This includes: 

• Developing and testing infrastructure, software and process development, artificial intelligence (AI), models, etc.  
• Investigating, monitoring and restoring incidents and infrastructure   
• Using modern technologies, including artificial intelligence (for example, to consult certain customer data) or using Optical Character Recognition to read and extract information from documents