PNC – International Privacy Notice
for Clients & Business Contacts
Effective Date: July 26, 2022
1. Introduction
1.1 PNC Bank, National Association ("we", "our", "us") are committed to protecting and respecting your privacy.
1.2 This notice (‘Notice’) sets out how and why we collect, use and disclose personal data that we receive from you or
otherwise obtain about you.
1.3 This Notice may be amended from time to time.
2. Data Controller
2.1 PNC Bank, National Association is the data controller. We are registered in the United States, and our registered office address is PNC Bank, The Tower at PNC Plaza, 300 Fifth Avenue, PT- PTWR-12-3, Pittsburgh, PA 15222.
2.2 Questions, comments and requests regarding this Notice may be emailed to PNC_AMG_CIB_International_Privacy_Requests@pnc.com or sent by post to the above mentioned address.
3. What Personal Data We Collect & Why?
3.1 We collect various types of personal data about our individual clients and business contacts.
3.2 As a financial institution, we have a legal obligation to carry out due diligence on our individual clients and business contacts in compliance with various anti-money laundering, anti-terrorism, anti-bribery and anti-corruption, tax and other similar legislation prior to providing banking services to a customer. To do this, we may request personal data relating to our individual clients and to our corporate clients' officers, authorized signatories, direct/indirect shareholders, trustees, settlors, protectors and beneficial owners. We may also process the personal data of the directors of any parent or subsidiary that provides our clients with credit support. This may include copies of:
- a passport;
- a driver's license;
- a national identity card;
- any other form of ID, including copies of bank statements or utility bills; and
- the results of searches run by third parties or against publicly available information where such results may include the following categories of personal data: name, address, date of birth, directorships, convictions, disqualifications and notices of correction.
3.3 We consider all of the processing of your personal data described in paragraph 3.2, and other processing reasonably necessary to the management of our relationship with you or (if you are a business contact) the corporate client with which you are associated, or to the operation of our business, to be necessary in our legitimate business interests.
3.4 As our current or potential client or business contact we also consider it to be in our legitimate business interests to process your name and contact details, and the other personal data that we hold about you, for the following purposes:
- business development;
- marketing to you; and
- providing you with promotional material. However, we will abide by applicable laws which may, for example, require us to obtain your consent before sending you promotional material or marketing to you in some circumstances.
4. How We Source Your Personal Data
4.1 We may obtain your personal data directly from you or from a company with which you are associated as an officer or shareholder by filling in any of our forms, or any forms on our website PNC.com.
4.2 We may also obtain your personal data from publicly available sources, third parties, or through your use of our website.
5. Sharing of Your Personal Data
5.1 We may disclose your personal data to any member of the PNC Financial Services Group, Inc. family of companies to facilitate:
- the account opening process;
- carrying out global AML/KYC processes; or
- storage of personal data.
5.2 We may also disclose personal data to trusted third parties to enable them to:
- carry out personal searches on company officers and shareholders of corporate bodies;
- conduct checks with a licensed credit reference agency and fraud prevention agency;
- provide us with IT systems and services; and
- send promotional and informational material on our behalf.
5.3 We may, as may the PNC Financial Services Group, Inc. family of companies (our parent company), disclose personal data to comply with any legal or regulatory obligation, including to enforce any contracts with us or any company within the PNC Financial Services Group, Inc. family of companies, to comply with a code of conduct or to protect the rights, property, or safety of the PNC Financial Services Group, and this may include disclosing personal data required from us by governmental or law enforcement authorities or a trade association of which we are a member.
5.4 We may also use and disclose personal data as authorized by you when you provide that information to us.
5.5 In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If PNC Bank, National Association, or substantially all of its assets, are acquired by a third party, personal data held by us will be one of the transferred assets.
6. International Storing & Sharing of Your Personal Data
6.1 We are established and located in the United States of America, and we may share your personal data with PNC Financial Services Group companies, our third party service providers and other persons (as discussed in paragraph 5 above) in the USA and other countries. Some of these countries, including the USA, may not have data protection laws as stringent as those in your country.
6.2 Client and business contacts in the European Economic Area or United Kingdom should note that, when making transfers of your personal data that are subject to EEA or UK data protection law to PNC Financial Services Group companies or our third party service providers outside the EEA and UK, we will only do so using one of the following safeguards:
- the transfer is to a non-EEA/ UK country which is treated as ensuring adequate protection for personal data
for the purposes of EEA/ UK data protection law; or - the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to third countries and international organizations; you may have direct rights under such agreements and may request a copy by contacting us using the contact details in section 2.1 or 2.2 above
7. How Long Do We Keep Your Personal Data?
7.1 We retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations (for example, in relation to AML requirements) or in order to establish, exercise or defend potential legal claims.
8. Your Rights
8.1 You have the following rights:
- to obtain access to your personal data - you may request information on how your personal data is handled by us and request a copy of such personal data;
- to request us to correct or update your personal data if it is inaccurate or out of date;
- to object to the processing of your personal data for the purposes of our legitimate interests, unless we:
- demonstrate compelling legitimate grounds which override your right to object, or
- the processing is necessary for the establishment, exercise or defense of legal claims, (but we will always honor any objection to processing for direct marketing purposes);
- to erase your personal data held by us:
- which are no longer necessary in relation to the purposes for which they were collected,
- to the processing of which you object, or
- which may have been unlawfully processed by us;
- to restrict processing by us, i.e. the processing will be limited to storage only:
- where you oppose to deletion of your personal data and prefer restriction of processing instead, or
- where you object to the processing by us on the basis of its legitimate interests (see section 8.1(c) above); and
- to transmit personal data you submitted to us back to you or to another organisation in certain circumstances.
- to transmit personal data you submitted to us back to you or to another organisation in certain circumstances.
8.2 The right to erasure, to restrict processing and to transmit personal data listed above may not apply in cases where the processing is necessary for compliance with our legal obligation or the establishment, exercise or defense of legal claims.
8.3 Where processing of your personal data is based on your consent you have the right to withdraw your consent at any time, this will not affect the lawfulness of processing based on your consent prior to withdrawal.
8.4 Please address any requests to exercise your rights to the physical or email address specified in paragraph 2 above.
9. Complaints
9.1 In addition, you may have the right under applicable law to file a complaint with a data protection supervisory authority in your country – please contact us (again, at the physical or email address in section 2) if you need contact details for your supervisory authority.