Consumers
Professionals

Banker's oath

Welcome to the ‘Banker's oath’ page

Register to take the oath at the FSMA

Request certificate of absence of professional ban

File a complaint

Home

How does the FSMA process personal data collected in the context of a complaint relating to the banker’s oath?

The answer below concerns only the processing of personal data of the complainant or other persons mentioned in the complaint, with the exception of the banking service provider (information on the processing of personal data of the banking service provider is available in the FSMA Privacy Policy for banking service providers). 

If, as the complainant, you are lodging a complaint on behalf of another person (see below for further explanations), please provide him or her with the following information.

  • WHAT ARE THE PURPOSES OF AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA BY THE FSMA? – As data controller, the FSMA processes the personal data provided in the complaint form for the purpose of receiving, investigating and handling the complaint, including its use in any disciplinary proceedings that the FSMA may initiate against a banking service provider following the complaint.

    This processing of personal data is necessary for the exercise of the public interest tasks assigned to the FSMA by the banker’s oath legislation. More specifically, the FSMA has been entrusted with the task of setting up a complaints channel that allows anyone to lodge complaints regarding compliance by banking service providers (i) with the obligation to take the oath and (ii) with the individual rules of conduct.

  • Whose personal data does the FSMA process? – On the basis of the complaint form, the FSMA processes the personal data of various categories of stakeholders:
    • The complainant – The FSMA processes the personal data of the person (individual) who lodges a complaint using the complaint form and voluntarily provides his or her contact details.
      • Anonymous complaint – The complainant may, however, choose to submit the complaint anonymously. Needless to say, the FSMA will not process the complainant's personal data, but will unfortunately be unable to contact the complainant to ask questions or seek clarification on the complaint. The FSMA may therefore find itself unable to examine further the complaint lodged, due to a lack of information.
      • Complaint lodged by a legal person – It is also possible that the complaint to the FSMA is not lodged by a natural person but by a legal person. The data of the latter do not constitute personal data. In this case, the FSMA processes the personal data of the contact person within the legal entity if these data have been voluntarily provided in the complaint form.
    • The banking service provider – On the basis of the complaint form, the FSMA processes the personal data of the banking service provider that is the subject of the complaint. As mentioned above, the processing of these personal data is detailed in the FSMA Privacy Policy for banking service providers.
    • Other persons mentioned in the complaint – Finally, the FSMA processes the personal data of any other persons (individuals) mentioned in the description of the facts, in the additional relevant information provided or in the evidence attached to the complaint. These may be witnesses, for example, or people with useful information about the facts to which the complaint relates. This will also often be the case when the complainant lodges a complaint on behalf of another person.
      • Complaint on behalf of another person – A complainant generally lodges a complaint on his or her own behalf. However, it is also possible for a complainant to lodge a complaint on behalf of another person, whose identity is mentioned in the description of the facts, in the additional relevant information provided or in the evidence attached to the complaint. In this case, the FSMA assumes that the complainant has filed the complaint in consultation with this other person and has informed him/her of the content of these FAQs. 

  • What personal data does the FSMA process?
    • Personal data of the complainant (unless the complaint is lodged anonymously) – In principle, the FSMA processes the following personal data of the complainant (or its contact person if it is a legal person):
      • identification data (surname and first name);
      • contact details (telephone number(s) and/or email address) so that the FSMA can contact the complainant if it has any questions;
      • where applicable, other personal data of the complainant appearing in the description of the facts, in the additional relevant information provided or in the evidence attached to the complaint.
    • Personal data of other persons mentioned in the complaint – The FSMA processes the personal data concerning these persons (including, where applicable, the persons on behalf of whom the complaint is lodged) which appear in the description of the facts, in the additional relevant information provided or in the evidence attached to the complaint. 

      At the outset, the FSMA always receives the aforementioned personal data via the person lodging the complaint. However, if the FSMA launches a disciplinary investigation, it may also receive additional personal data via other persons, such as the banking service provider concerned, witnesses or the Entity in which the banking service provider is/was active.
  • With whom may the FSMA share personal data? – The FSMA shares with third parties the personal data it has collected only where necessary for the fulfilment of its legal mission. This is particularly the case in the following situations:
    • where a complaint leads to a disciplinary investigation, it may be necessary to share certain personal data with the banking service provider (so that he or she can exercise his/her rights of defence) or with other third parties, such as the Entity in which the banking service provider is/was active or witnesses heard for the purpose of the investigation;
    • where a complaint leads to a disciplinary investigation and the (Deputy) Investigations Officer concludes that a banking service provider who is subject to legal requirements in terms of expertise and professional integrity within a credit institution has failed in his or her duty to take the banker’s oath or has infringed certain individual rules of conduct, the FSMA is required to notify the NBB or, where applicable, the competent prudential supervisory authority of another Member State. The FSMA is then legally obliged to append a copy of the file documents to its notification, and may therefore share personal data with these supervisory authorities;
    • where a complaint leads the FSMA to take a disciplinary decision that gives rise to court proceedings (such as an appeal against the disciplinary decision lodged with the Council of State), personal data may be shared with the relevant judicial authorities.
      More general information about the cases where the FSMA shares personal data with third parties is available in the general Privacy Policy of the FSMA (under the question “With whom do we share your data?”).

  • How long does the FSMA store personal data? – In principle, complaints are kept in the complaint file for 5 years from the date they are lodged. However, a complaint may be kept in the disciplinary file for longer if the FSMA decides to initiate disciplinary proceedings in response to the complaint. The FSMA is also subject to legislation on archiving, which requires it to keep information even longer for archiving purposes (albeit with the appropriate guarantees).

  • How can stakeholders exercise their rights? – Stakeholders have a set of rights as regards their personal data. Further information on these rights and how to exercise them can be found in the general Privacy Policy of the FSMA (under the question “What are your privacy rights and how can you exercise them?”). It also contains information on how to contact the Data Protection Officer for any questions or complaints about the processing of personal data (under the question “How can you contact us?”). Anyone who considers that his or her rights have been infringed may at any time lodge a complaint with the Data Protection Authority, Rue de la Presse/Drukpersstraat 35, 1000 Brussels, email: contact@apd-gba.be (see also https://www.dataprotectionauthority.be). 

  • Other information? – Please see also the general Privacy Policy of the FSMA for any other information on the processing of personal data under the current complaints handling policy, and in particular on how the FSMA protects personal data and whether personal data are processed outside the European Economic Area.