PNC Treasury Management - Data Protection Notice for Clients and Business Contacts

Effective May 25, 2018

1 INTRODUCTION
1.1 PNC Bank, National Association ("we", "our", "us") are committed to protecting and respecting your privacy.
1.2 This notice (‘Notice’) sets out how and why we collect, use and disclose personal data that we receive from you or otherwise obtain about you.
1.3 This Notice may be amended from time to time.


2 DATA CONTROLLER
2.1 PNC Bank, National Association is the data controller. We are registered in the United States, and our registered office address is The Tower at PNC Plaza, 300 Fifth Avenue, Pittsburgh, PA 15222.
2.2 Questions, comments and requests regarding this Notice may be emailed to globaltm@pnc.com or sent by post to the above mentioned address.


3 WHAT PERSONAL DATA WE COLLECT AND WHY
3.1 We collect various types of personal data about our clients and business contacts
3.2 As a financial institution, we have a legal obligation to carry out due diligence on our customers in compliance with various anti-money laundering, anti-terrorism, antibribery and anti-corruption, tax and other similar legislation prior to providing banking services to a customer. To do this, we may request personal data relating to our corporate customer’s officers, authorised signatories, direct/indirect shareholders, trustees, settlors, protectors and beneficial owners. We may also process the personal data of the directors of any parent or subsidiary that provides our clients with credit support. This may include copies of:
    (a) a passport;
    (b) a driver's license;
    (c) a national identity card;
    (d) any other form of ID, including copies of bank statements or utility bills; and
    (e) the results of searches run by third parties or against publically available information where such results may include the following categories of personal data: name, address, date of birth, directorships, convictions, disqualifications and notices of correction.
3.3 As our current or potential business contact we consider it to be in our legitimate business interest to process your name and contact details for the following purposes:
    (a) business development;
    (b) marketing to you; and
    (c) providing you with promotional material.


4 HOW WE SOURCE YOUR PERSONAL DATA
4.1 We may obtain your personal data directly from you or from a company with which you are associated as an officer or shareholder by filling in any of our forms, or any forms on our website PNC.com.
4.2 We may also obtain your personal data from publically available sources, third parties, or through your use of our website.


5 SHARING OF YOUR PERSONAL DATA
5.1 We may disclose your personal data to any member of the PNC Financial Services Group, Inc. family of companies to facilitate:
    (a) the account opening process;
    (b) carrying out global AML/KYC processes; or
    (c) storage of personal data.
5.2 We may also disclose personal data to trusted third parties to enable them to:
    (a) carry out personal searches on company officers and shareholders of corporate bodies;
    (b) conduct checks with a licensed credit reference agency and fraud prevention agency;
    (c) provide us with IT systems and services; and
    (d) send promotional and informational material on our behalf.
5.3 We may, as may the PNC Financial Services Group, Inc. family of companies (our parent company), disclose personal data to comply with any legal or regulatory obligation, including to enforce any contracts with us or any company within the PNC Financial Services Group, Inc. family of companies, to comply with a code of conduct or to protect the rights, property, or safety of the PNC Financial Services Group, and may include disclosing personal data required from us by governmental or law enforcement authorities or a trade association of which we are a member.
5.4 We may also use and disclose personal information as authorised by you when you provide that information to us.
5.5 In the event that we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets. If PNC Bank, National Association, or substantially all of its assets, are acquired by a third party, personal data held by us will be one of the transferred assets.


6 SHARING YOUR PERSONAL DATA OUTSIDE OF THE EEA.
6.1 We may share your personal information with PNC Financial Services Group companies and our third party service providers outside of the EU. We will do so only:
    (a) when instructed to do so by you;
    (b) to facilitate marketing to you;
    (c) to comply with our legal obligations; or
    (d) to allow us to work with our group companies and service providers.
6.2 When transferring your personal data outside the EEA, we will only do so using one of the following safeguards:
    (a) the transfer is to a non-EEA country which has an adequacy decision by the Commission;
    (b) the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to third countries and international organisations; you may have direct rights under such agreements and may request a copy by contacting us using the contact details in paragraph 2.1 or 2.2 above; (d) the transfer is to an organisation that is EU-US Privacy Shield certified.


7 HOW LONG DO WE KEEP YOUR PERSONAL DATA?
7.1 We retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations (for example, in relation to AML requirements) or in order to establish, exercise or defend potential legal claims.


8 YOUR RIGHTS
8.1 You have the following rights:
    (a) to obtain access to your personal data - you may request information on how your personal data is handled by us and request a copy of such personal data;
    (b) to request us to correct or update your personal data if it is inaccurate or out of date;
    (c) to object to the processing of your personal data for the purposes of our legitimate interests, unless we:
        (i) demonstrate compelling legitimate grounds which override your right to object, or
        (ii) the processing is necessary for the establishment, exercise or defence of legal claims;
    (d) to erase your personal data held by us:
        (i) which are no longer necessary in relation to the purposes for which they were collected,
        (ii) to the processing of which you object, or
        (iii) which may have been unlawfully processed by us;
    (e) to restrict processing by us, i.e. the processing will be limited to storage only:
        (i) where you oppose to deletion of your personal data and prefer restriction of processing instead, or
        (ii) where you object to the processing by us on the basis of its legitimate interests (see para 8.1(c) above); and
    (f) to transmit personal data you submitted to us back to you or to another organisation in certain circumstances.
8.2 The right to erasure, to restrict processing and to transmit personal data listed above may not apply in cases where the processing is necessary for compliance with our legal obligation or the establishment, exercise or defence of legal claims.
8.3 Where processing of your personal data is based on your consent you have the right to withdraw your consent at any time, this will not affect the lawfulness of processing based on your consent prior to withdrawal.
8.4 Please address any requests to exercise your rights to the physical or email address specified in paragraph 2.1 above.


9 COMPLAINTS
9.1 If you are unhappy with how we handle your personal data, please address your complaint(s) to the physical address or email address specified in paragraph 2 above.
9.2 In addition, you have the right to file a complaint with the Information Commissioner’s Office, the UK data protection supervisory authority.