
Privacy and your personal data
You share all kinds of personal data with us, for example, when you visit our website, apply for a job, or conduct transactions with us. We process this data with care and would like to inform you about this clearly and straightforwardly.
Frequently asked questions about our Privacy Statement
Personal data is data that directly or indirectly identifies you. If you are a customer (or customer representative), was a customer of Rabobank or you make contact with us, we collect and process your personal data. For example, we may process your data if you leave your name and e-mail address on our website.
We may process the personal data of the following persons:
Processing means anything that we can do with data, such as collection, recording, storage, alteration, organization, use, disclosure, transfer, or deletion.
Sometimes, businesses or organizations provide us with personal data. Examples of this include data of employees, directors, Ultimate Beneficial Owners (UBOs) or stakeholders. We also collect personal data ourselves, e.g. through the Trade Register. We expect you to inform your employees, directors and other stakeholders of this. You can provide them with this Privacy Statement or a link to it, so they can read how we handle their personal data.
This privacy statement is about the processing of personal data by Rabobank Wholesale Banking in the Netherlands. It also contains information on Rabobank’s processing of personal data outside the Netherlands. In the privacy statement on Privacy and your personal data - Rabobank you can find information on the data processing by Rabobank retail banking. Other subsidiaries and associates of Rabobank Group have separate Privacy Statements. Rabobank employees and applicants in the Netherlands also have their own Privacy Statement, as do the members of Rabobank’s local supervisory boards (Privacy Statements by Region - Rabobank). Data can be exchanged within Rabobank Group. Below in this Privacy statement is explained how data exchange work within Rabobank Group.
We receive your data because you share it with us yourself, or because you use our services. For example, when you enter into an agreement with us. Or if you leave your details on our website. Sometimes we don't get your data directly from you. For example, we may receive your data from:
If you apply for a credit or loan, or have a credit or loan, we will receive data from – for example – the Dun & Bradstreet. We also receive data from the Land Registry, and the Chamber of Commerce, among others. In addition, we receive data from parties that offer data sharing applications, which provide data about you. These are often referred to as “source data”.
Because you have agreed to that party sharing data with us. For example, because you have given permission to another bank or payment service provider to transfer transaction data to us.
This is data that we do not obtain directly from you. For example: (i) if your (legal) representative, such as a fiduciary administrator or a third party you have engaged, discloses information to us. Examples of third parties include a broker appraiser, independent intermediary or tax advisor; (ii) if a customer has pledged claims to Rabobank and there is personal data on so-called “debtor lists”.
We use and process your personal data to conduct your banking business. Rabobank also offers other services for which personal data is processed. We also do this in collaboration with other companies and organizations. In addition, we process data because this is required by law, because we have a legitimate interest in doing so, or because you have given us your permission to do so.
We may only process your personal data if there is a good reason for doing so. This is referred to as the “basis”. The law on the protection of personal data (the General Data Protection Regulation) specifies the possible bases.
These are the main bases we use:Processing personal data is necessary to enter into and perform an agreement with you and/or others.
Balance of interests
In this context, it is explained that “legitimate interest” is one of the bases for the processing of personal data. If we use “legitimate interest” as the legal basis for processing your data, we will balance Rabobank’s interests or those of a third party against your right to privacy. Examples of our interests include the following:
Sometimes the law isn’t clear on exactly what obligations we have when processing your data. Doing so is not an obligation under any law, the law does not apply directly to us, or the law does not apply yet, but we are already taking measures to comply with it. In some of these cases, a regulator requires that we process certain data. In that case, we may also use your data based on legitimate interest. We weigh our interests or the interests of other people, companies and organizations against your interests and your right to privacy. e.g. by trying to see if there are other ways to achieve the same goal, and whether we really need all that data.
We process your data for various purposes. In the Privacy Statement for your region or location, you can read exactly the purposes and legal basis for which we process your personal data. For example, we process personal data to meet our legal obligations (such as Anti Money Laundering, Know Your Customer, or fraud prevention activities) or we process your data because you apply for a position at Rabobank. We can use your personal data for a purpose other than that for which we received it only when new purpose is compatible with the original one.
We always have a purpose when processing personal data:
We only share your data with others if there is a lawful reason for us to do so, such as a legal obligation or legitimate interest. For example, we might share your personal with other divisions within the Rabobank Group (e.g. if you do business with the bank in multiple locations or you make use of multiple products offered by the bank). Additionally, we might share your data with parties outside of Rabobank Group, such as the Government/Regulatory bodies or third parties who assist us in the provision of services and where we are legally obliged to do so. We do not sell your personal data.
a. Right to information
With this Privacy Statement, we inform you about what we do with your data. Sometimes we need to provide more information. For example, when we record your data in our incident logs. Then – if permitted – we will inform you separately by letter, by email or by another means of our choosing.
b. Right of access and rectification
You may ask us whether we process personal data relating to you and if so, which data this concerns. In that case, we can give you access to the personal data that relates to you that we process or have processed. or – for example – give you the opportunity to listen back to a conversation. If you feel that your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data (rectification).
c. Right to erasure of personal data
You may request that we erase data concerning yourself that we have recorded. We are not always obliged to do this, however. And sometimes we are not even allowed to do it. For example, if we still need to retain your data because of legal obligations.
d. Right to restriction
You may request that we temporarily restrict the personal data relating to you that we process. This means that we will temporarily process less personal data relating to you.
e. Right to data portability (transferability of data)
You have the right to request that we provide you with data that you previously provided to us in the context of an agreement with us or with your consent, in a structured, machine-readable format or that we transfer such data to another party. If you ask us to transfer data directly to another party, we will only be able to do this if it is technically feasible.
f. Right to object to the processing of your data
If we process your data because we have a legitimate interest in doing so you can object to this, with statement of the reason why you object. In that case, we will reassess whether it is indeed the case that your data can no longer be used for that purpose. We will stop processing your data if your interest outweighs our interest. We will inform you of our decision and the arguments on which we based this decision.
g. Right to object to direct marketing
You have the right to ask us to stop using your data for direct marketing purposes. You have this right even if you only object to being approached through a certain channel. For example, if you want to continue to receive offers via email, but no longer want to be contacted by phone. We will then ensure that you are no longer contacted through that channel.
At Rabobank, we have implemented Binding Corporate Rules. This means that all entities, in which Rabobank Group has a controlling interest, must meet minimum standards in relation to the collection and processing of personal data of its clients and employees. As an organization, we are committed to taking the necessary organizational and technical measures to protect your personal data when we process it and share that data with third parties.
In addition, all Rabobank employees are subject to confidentiality obligations, meaning that you can trust that your data will not be shared improperly or unlawfully.
Rabobank has committed to protecting your data, however, we also recommend several actions you can take to protect your data:
If you have a question or complaint about the processing of personal data in your region or location, please contact Rabobank in your region or location. You can also contact Rabobank Group Data Protection Officer at dpo@rabobank.nl or by post, writing a letter to the Global Privacy Office, for the attention of the Data Protection Officer, Postbus 17100, 3500 HG Utrecht. Of course, you can also submit your question or complaint about the processing of personal data by Rabobank to the Data Protection Authority.
Yes, this Privacy Statement may change and this happens from time to time. We provide a Privacy Statement at least at a regional level and, where required, may also provide country-specific versions to reflect local legal requirements.
We encourage you to check the Privacy Statement applicable to your region to ensure you are informed of the most up-to-date version.
Last updated on June 2026.
