Privacy Statement for Customers
You share all kinds of personal data with RaboFinance Chile SpA without noticing it. This Statement provides information on how these companies approach processing your personal data in Chile. As Rabobank affiliates, we may also process your personal data in the Netherlands.
What does processing of personal data mean?
Personal data
Any information that says something directly or indirectly about you is referred to as personal data. Examples include your name and address, and also information such as your income. Information relating to an individual trader, or commercial or professional partnerships is also considered personal data. Information relating to a legal entity is not personal data, but information relating to a legal entity’s contact person or representative does count as personal data.
Processing
Processing means anything that can be done with personal data. This includes the collection, storage, use, transfer and removal of data.
We process personal data if we have, want to have, or have had a business relationship with you, or if we have had contact with you and/or your representatives.
The people whose personal data we process include:
If your business or organization transfers any personal data concerning employees, legal representatives, directors or ultimate beneficial owners (UBOs) to us, we expect your business or organization to inform them of this. We also collect personal data of employees, legal representatives, directors or UBOs not being provided by your company or organization, but rather obtained from other public sources.
You can give this Privacy Statement to them so that they can learn how we deal with their personal data.
This Privacy Statement describes how we handle personal data processing at RaboFinance Chile SpA and Coöperatieve Rabobank U.A, all members of the Rabobank Group. Personal data may be shared within the Rabobank Group to the extent that this is permitted by law. When sharing data within said Group, we comply with the agreed upon rules and Rabobank’s Privacy Codes.
Types of data | What kinds of data might be involved? | Examples of how RaboFinance Chile SpA uses the data |
| Information that allows an individual to be identified directly or indirectly | Name, address, telephone number, e-mail address, information provided in your identity document. | For identification purposes, to draw up an agreement or to contact you |
| Information relating to or used for agreements | Information about your financial situation, and information used for obtaining finance. | To assess whether a product is suitable for you. |
| Payment and transaction data | When a payment is made, information about the person you paid or who paid you, when the payment took place | • To execute a payment for you. • To be able to check whether the bank account number entered matches the name that is specified in a payment instruction. • For your security and ours. • To ensure that funds are processed in due time and form. • To prevent money laundering, terrorism financing and sanction infringements. |
| Special categories of personal data, and national identification number. | Information concerning your national identification number | In the context of combating terrorism, we are required to record information about your country of birth. We are also required to do this in connection with tax obligations. |
| Recorded calls, conversations with RaboFinance Chile SpA employees, recordings of video chat and online chat sessions, video surveillance, records of e-mails and social media | • Conversations we have with you, and you have with us, by telephone, online chat and video sessions. • Conversations we have with you in person that we register. • E-mails you send to us and which we receive from you. • Camera images that we take in banking premises. • Comments, video, photographs, likes, public posts that you post on our social media pages. | • We may use the recorded calls, e-mails and online chat and video conversations to combat fraud, to fulfil legal obligations, to monitor quality, to provide proof, and improve our services • Camera surveillance is used to combat and investigate fraud, and to generate proof • We use comments, video, photographs, likes, public posts that you post on our social media pages to answer questions and share information. |
| Data that say something about the use of our website and the app. | • Cookies • IP address • Data relating to the device on which you use our online services or our website. | • To track your behaviour on our website • To combat fraud. • To improve our website. |
| Data we receive from other parties | Data obtained from Sinacofi and other businesses to which you have given consent to share your data | • We use this information to check whether you can be granted credit, or to check the value of a residential property. • If we receive information because you have given consent for this, we may use it for commercial purposes. |
| Data we share with other parties | • Financial information. • Information concerning advice. • Collateral information. • Data we provide to other parties that we engage to help us provide services. • Data you have asked us to share with another party. • Data we have to share with our regulators. | • We are required to provide specific data to the Financial Analysis Unit (Unidad de Análisis Financiero) and any other authority that may legitimately require such data. • Other parties that process data on our behalf because they are involved in the provision of our services. • You may also ask us to share specific data with a third party. • In the context of joint transaction monitoring, we can share data with other banks to combat fraud, money laundering and terrorism financing. |
| Data we require to combat fraud, to ensure your security and ours, and to prevent money laundering and the financing of terrorism | The data we keep in our internal and external referral registers, sanction lists, location information, transaction data, identity information, camera images, cookies and IP address. | • In order to comply with legal obligations and prevent you, the financial sector, RaboFinance Chile SpA or our employees from becoming the victims of fraud, we check whether you appear in our external or internal referral registers and we have to check whether your name appears in sanction lists. • We use location information and transaction data in order to monitor payments to prevent fraud, money laundering and terrorism financing. |
We receive your personal data because you provide it to us yourself. Examples include data when you enter into an agreement with us, data you enter on our website so we can contact you, and data arising from the services we provide in areas such as payments.
We may also receive your data from:
A. Business units of RaboFinance Chile SpA or other Rabobank Group entities, such as:
B. Suppliers or other parties we work with.
C. Public sources like newspapers, public registers, websites and open sources of social media.
D. Another party in case you have given your consent to share data with us.
We can only provide you our best service when we know you well. For that we need tom process your personal data. We also do this because we are obliged by law to do so. Below is a list of the main purposes and justifications.
A. To enter into a business relationship and agreement with you
Purposes
We need to have your personal data if the company that you represent wants to become a client, or if you want to use a new product or service, or contact us.
For example, we perform research to assess whether we can accept your company as a client. When you become a client, we establish your identity for almost all our products to comply with our legal obligations. As part of this, we may make a photocopy of your proof of identity.
If you wish to become a client, or are already a client of ours, regulations and our internal Policies require us to research your name in national and international sanctions lists and in the Rabobank Group’s internal warning lists.
We evaluate if the requested product or service is right for you. For example, we assess whether we can offer you a loan.
Legal basis
For the most part, we process your personal data because we are under a legal obligation to do so. If, however, this legal obligation does not apply directly to RaboFinance Chile SpA, we have a legitimate interest in processing your personal data for the abovementioned purposes. We may also process such data where this is necessary to conclude the agreement.
B. To perform agreements and carry out instructions
Purposes
As a representative of our client, we want to be of service to you. We execute the instructions we receive from you and perform the agreements we have concluded. This is what we have agreed with you. We process personal data for this purpose.
If you make a payment through us, we may have to transfer your data to another bank. Both the person who issues the payment instruction and the beneficiary (payee) may enquire about specific data relating to the other party’s account.
We make recordings of telephone conversations, e-mail messages, camera images, online chat sessions and video chat sessions, for example, and may document these recordings. The purposes for which this is done include proving that you issued a particular instruction. We may also do this if we are legally required to do so, or to provide proof and monitor quality, to investigate fraud and other matters, and for training, coaching and assessment purposes.
We also provide you with information about your credit or financing, or, if you are at risk of falling behind on your payments, we will contact you to look for a solution.
You may also ask us to disclose your personal data to a third party, in which case we will transfer your personal data to that party.
Legal basis
We process personal data when necessary for the performance of our agreements/contracts, and also because we are legally bound to do so. If you do not provide us with certain information, we will not be able to fulfill said agreements/contracts. In some cases, we have a legitimate interest in processing your personal data, for example, when making recordings of telephone calls.
c. To ensure your security and integrity, as well as the security and integrity of RaboFinance Chile SpA and the financial sector
Purposes
We process your personal data to ensure your and our security, as well as the security of the financial sector. We also do so for the purpose of preventing fraud, money laundering and terrorist financing.
Customer due diligence
We must assess whether we can accept you as our customer when we enter into a business relationship with your company, and also during the term of our business relationship. For example, transaction data may warrant additional verification, or the people you do business with.
Incident logs and warning systems
If your company wishes to become a customer, or is already a customer, we are required by law and internal policy to check your name against national and international sanctions lists and internal Rabobank Group warning lists.
In addition, public authorities may send us lists of persons with whom financial institutions cannot do business, or to whom the financial sector must pay special attention.
We may consult incident logs and warning systems. If we record information about you in these records, we will notify you unless we are not authorized to do so. If you do not agree to the recording of your personal data, you may object or request that your information be corrected or deleted.
Nonetheless, it is an offence for a person in the regulated sector to tip off (i.e. report) a person suspected of money laundering, unless an exemption applies, so we will neither confirm nor deny if a Suspicious Activity Report has been made or if the police ask us not to notify you to protect the course of their investigation.
Public sources
We consult publicly available sources, such as public records, newspapers and the Internet, and public profiles of social media, in an effort to combat and protect ourselves from fraud.
Fraud and money laundering
We can run analyses to prevent fraud and money laundering, protecting you and us against them.
We may use information that you have not provided to us in the context of combating fraud. We may also use transaction data to combat money laundering and terrorist financing. We are also required to do so by the regulator.
We make recordings of telephone conversations, e-mail messages, camera images and online chat sessions, for example, and we can document these recordings. We do this in the context of fraud investigation. We may also do this if we are legally required to do so, to provide evidence or for quality control, and for training, coaching and evaluation purposes.
Legal basis
We process your data because it is necessary to comply with a legal obligation. If we are not under a direct legal obligation to process your data, we process it on the basis of the legitimate interests of RaboFinance Chile Spa, the financial sector, or our customers and employees.
D. To develop and improve our products and services
Purposes
In order to serve you and innovate, we are constantly developing and improving our products and services. We do this for ourselves, our customers and third parties.
We sometimes combine data from different sources, including information about the products you receive from us. We conduct benchmarking for our customers, which provides them with additional information about their performance compared to other companies. The results of this research relate to a group of customers, and never to an individual customer (this is known as aggregate data).
We also conduct research to improve our products and services. For example, we may ask you for your option of a product or to rate one of our products. You are not required to participate in such research.
We also use third parties to process your personal data for this purpose, for example, in order to measure or consult you on how we can improve our services. In this case, these third parties act under the instructions of RaboFinance Chile SpA.
Legal basis
We process your data because we have a legitimate interest in doing so. We may also ask for your consent to process your data in order to develop and improve our products and services. If you do not give us your consent, this will not affect the services we provide to you. You will have the right to withdraw your consent at any time.
E. For promotional and marketing purposes
Purposes
We process your personal data for marketing and promotional purposes. During such processing, we use data that we have obtained directly from you or information that has not been obtained directly from you, such as public records and publicly available sources (such as the Internet).
If you do not want your data to be used by us for the purpose of direct marketing, or marketing by mail, e-mail or telephone, you can let us know.
Legal basis
We process your data because we have a legitimate interest in doing so. We may also ask for your consent to process your data for marketing and promotional purposes. If you do not give us your consent, this will not affect the services we provide to you. You will always have the right to withdraw your consent.
F. To execute and deliver contracts with suppliers and other parties with whom we work
Purposes
If you have contacted us for employment-related reasons, we may process your personal data.
For example, you may process your data so that we can determine whether you have the power to represent your company, or so that we can grant you access to our offices. Where necessary, we may consult incident logs and warning systems before concluding the respective contract, and also while the contract is already in force, in the context of checks or verifications.
Legal basis
We process your data to be able to perform the contracts we have entered into, because we are required to do so by law, or because we have a legitimate interest in doing so.
g. To comply with legal obligations
Purposes
Legislation
Under various domestic and foreign laws and regulations, we must collect and analyze a large amount of data about you, and sometimes we must transfer such information to local and foreign authorities. We must comply with certain laws in order to provide you with financial products and services. We also process personal data in order to comply with our duty of care.
In addition, we must comply with laws against fraud, crime, and terrorism. For example, we must perform a Customer Due Diligence and conduct additional investigations if an unusual transaction is detected. If we detect an unusual transaction, it is our duty to notify the relevant authorities. Under the regulation, we must establish who is the ultimate beneficial owner (UBO) of the business or organization with which we have a business relationship.
We may receive data requests from a Competent Authority, as well as from a regulator. If we receive such a request, we are required by law to cooperate with the investigation and to transfer the data relating to you.
Risk model
European regulations require us to develop risk models, the ultimate function of which is to quantify the risk of each transaction and the levels of protection that we must assign to maintain a sustainable operation over time.
Not only is your personal information used to feed these models, but it also allows us to determine the best credit conditions that we could offer you, as well as to advise you in a responsible way to prevent situations in which you cannot pay on time or in full for the products offered. While some models provide us with a greater degree of customization, we also rely on other techniques such as profiling for decision-making that may be partially or fully automated.
Another benefit of using your personal information in these models is that they allow us to estimate the likelihood of arrears payments. This gives us the advantage of being able to act together in advance and arrive at alternative solutions in due time. It shou
Provision of data to the government
Laws and regulations may require us to transfer data (analyzed or not) relating to you to a governmental institution, a tax authority, or a regulator, which may be inside or outside Chile.
Recordings and documentation of recordings
We record telephone conversations, e-mail messages, and online chat sessions, and we may document such recordings. We do this to comply with our legal obligations. In addition, we may do this to preserve evidence, to monitor quality, to combat and investigate fraud, and to coach, train and evaluate our employees.
Legal basis
We process your data because we are required to do so by law, or because otherwise we would not be able to enter into a contract with you, or because we have a legitimate interest in processing your data in order to comply with a legal or regulatory obligation.
H. To conduct business processes and prepare management reports for internal management purposes
Purposes
Know your Customer
As a service provider, we believe it is important and necessary that we have a clear picture of our customers, which includes knowing who we are working with.
Determination of credit risk associated with loans
Lending money involves credit risk. It is our duty to determine what that risk is, so that we can calculate what kind of provisions we must make. In this regard, we process your data related to your loans.
Transfer of receivables
It may happen that we transfer the receivables from you to a third party. If such a transfer occurs, your personal data will be processed. We may need to disclose your personal data during the course of a transaction with a potential buyer or acquirer of said receivables to facilitate both the potential and actual transfer. Once the receivables have been transferred, the other party will also process your personal data. We will agree with the other party that the latter must comply with the laws and regulations on personal data protection. We also do this when a contract is assigned, or in the event of a merger or a spin-off.
Audits and Investigations
We use your data to conduct our audits and investigations - both internal and external - or else we disclose it to a third party contracted by us, for example, to examine how well new standards and processes have been implemented, or to identify risks.
Improvement of our own business processes
We use data to analyze and improve our business processes so that we can help you more effectively, or to make our processes more efficient, and to prepare management reports. We also need to validate the models we use. Where possible, we will first anonymize your data (thus making it anonymous, i.e. data that cannot be linked to an individual in any way).
Legal Basis
We process your data because this is required by law or because we have a legitimate interest. Processing your personal data may also be necessary for the performance of our agreement with you.
I. For archiving purposes, scientific or historic research purposes or statistical purposes
We may also process your personal data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Sometimes we do this together with research institutes or universities. Where possible, we will anonymize or pseudonymize your data first.
Legal basis
When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the date on the basis of the legitimate interest of RaboFinance Chile SpA, the financial sector, or our clients and employees.
We will keep your data for the time required or permitted under Chilean regulations. In specific situations, we may also keep data for a longer period of time than the required under law.
Once we no longer require the data for the purposes described in sections 6a to 6i, we may still keep the data for archiving purposes, to use in the event of legal proceedings, or for historic or scientific research purposes or statistical purposes. In any event, if the owner of the archived data requests us to eliminate his/her data, and there is no legal prohibition or another legitimate consideration to do so, we will eliminate said data upon such a request.
Special categories of personal data and information about criminal convictions are sensitive data. Special categories of personal data include data concerning health, biometric data and data which reveal racial or ethnic origin.
We may use biometric data, such as your fingerprint or a face scan, for identification and authentication purposes.
We participate in incident registers and warning systems for the financial sector and we may process information about criminal convictions in this context. The purpose of these incident registers and warning systems is to protect our interests and that of financial institutions and their clients, for example by detecting and recording cases of fraud.
In addition, we process special categories of personal data where this is permitted by law, because this information was made public by you, or with your authorization, for example if you ask us to establish that you have a visual impairment. We ask for your consent to record this information.
If you give us consent to record special categories of personal data relating to you, or you have made this information public yourself, we will only process the information if this is necessary so that we can provide our services. If you have given us consent to record special categories of personal data, you may withdraw that consent at any time.
Automated individual decisions are decisions that are taken regarding you by computers and not by human beings. If such a decision produces legal effects concerning you, or if such a decision similarly affects you, then we are not allowed to use automated decision-making, unless this is necessary to enter into or perform a contract, if otherwise authorized by law, or if you have given us your explicit consent. In that case you have the right to request and obtain human intervention and to express your point of view and contest the decision.
In the following situations we might use automated decision making that might affect you:
Within RaboFinance Chile SpA and other entities of the Rabobank Group, your personal data can be accessed only by individuals who need to have access owing to their position. All of these people are bound by a duty of confidentiality.
If we want to use information for any purpose other than the purpose for which it was obtained, we may do so as long as the two purposes are closely related.
If there is not a sufficiently strong connection between the purpose for which we obtained the data and the new purpose, we will ask you to give your consent if we still want to use this data. You can always withdraw your consent, and you can contact us in order to do so.
A. Right to information
This Privacy Statement describes what RaboFinance Chile SpA does with your data. In certain cases, we provide additional or different information. For example, if we record your personal data in the incident registers, we will inform you about this separately (provided we are permitted to do so). We will also do this if there are other reasons for supplying you with information in addition to the Privacy Statement. We may do that by means of a letter, by sending you a secure message via e-mail, or in another way to be determined by us.
B. Right of access to and to rectification of personal data
You may ask us whether we process data relating to you, and if so, which data this processing refers to. In that case, we can provide you with access to the data processed by us that relates to you. If you believe your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data (rectification).
C. Right to erasure (‘right to be forgotten’)
You may request that we erase data concerning yourself that we have recorded; for example, if you object to the processing of your personal data. We are not always obliged to grant your request. Moreover, sometimes we are not allowed to do this either. This will occur, for example, if we are bound to store your data due to legal obligations.
D. Right to restriction of processing
You may request that we temporarily restrict the personal data relating to you that we process. This means that we will temporarily process fewer personal data relating to you.
E. Right to data portability
You have the right to request that we supply you with data that you have previously provided to RaboFinance Chile SpA, in the context of a contract with us or with your consent, in a structured, machine-readable format, or that we transfer such data to another party. If you ask us to transfer data directly to another party, we can do this only if this is technically feasible.
F. Right to object to processing
If we process your data because we have a legitimate interest in doing so - for example if we make recordings of telephone calls, but this is not required by law - you may object to this. In that case, we will reassess whether it is indeed the case that your data can no longer be used for that purpose. We will stop processing your data if you should request us to do so and the law does not allow us to continue processing said data. We will inform you of our decision, stating the reason.
G. Right to object to direct marketing
You have the right to request that we stop using your data for direct marketing purposes. It may be the case that your objection only relates to being approached through a specific channel; for example, if you no longer wish to be contacted by telephone, but still want to receive our newsletters. In that case, we will then take the appropriate measures in order to ensure you are no longer contacted through the relevant channel.
If you make a request as described above, we will respond no later than two business days after we receive your request.
We may ask you to explain your request for access in more detail. For example, if you request access to recorded calls, we may ask you to provide search keys, such as the time the call was made and the number from which it was made. If due to the complexity of the requests and to the number of filed requests we are unable to respond within the aforementioned timeframe, we will opportunely notify you of a new term for a reply. In that case, we will keep you informed about the progress made with your request.
If you make a request, we may ask you to provide proof of your identity. For example, if you submit a request to exercise your right of access or right to data portability, we would like to be certain that we are providing your personal data to the right person. In that case, we will ask you to come to our office so that you can make your identity known and we can verify your identity. In some cases, there may be doubts as to whether we can send you the data securely. If so, we may ask you to come to the bank to collect your data.
In certain cases, we may not be able to comply with your request, for example because this would violate the rights of others, would be against the law or is not permitted by the police, the Public Prosecutor’s Office or another public authority of competent jurisdiction, or because we have weighed up the relevant interests and determined that the interests of RaboFinance Chile SpA or others in processing the data should take precedence. In that case, we will duly inform you of this decision.
If we adjust your data or erase your data at your request, we will notify you of this and also inform the recipients of your data wherever possible.
Have you filed a request before us? Then we will answer your request within two business days following our reception of your request.
If you have a general question about the processing of personal data, or any complaint regarding this matter, please contact us at the following e-mail address:
If you are dissatisfied with the way in which your question or complaint has been handled by us, you may contact the Data Protection Officer, who can be reached at the following e-mail address. You can also ask questions or submit a complaint to the Data Protection Authority.
Yes, our Privacy Statement may change from time to time. This may occur if there are new data processes and these changes are of material important to you. We will of course keep you informed. You can always find the most current and updated version of the Privacy Statement on our website.