Our social policies

Personal Data Protection Policy

ING Bank Śląski wants to ensure that the rights to privacy and the protection of personal data, as defined in the Charter of Fundamental Rights of the EU, the European Convention on Human Rights, the General Data Protection Regulation (GDPR) and jurisprudence of the European Court of Justice, are taken into account when personal data are processed by the Bank or by a third party on behalf of the Bank.

The Personal Data Protection Policy reflects requirements which are based on external laws and regulations, recommendations/regulatory guidelines as well as the Bank’s risk appetite. The GDPR is the main source of those requirements.

The Policy outlines the control objectives to effectively mitigate the bank-wide critical- and high risks, as per the Bank’s risk appetite, which are related to the protection of personal data. The Policy contributes to the bank-wide compliance with the Binding Corporate Rules (BCR). 

All processing activities performed by the Bank (or on the Bank’s behalf) have to comply with the obligations described in the Policy.

• Comply with the principles relating to processing of personal data.
• Comply with the transparency and information requirements to individuals about processing and their rights. 
• Facilitate the exercising of rights by individuals. 
• Meet the obligations with regard to direct marketing, automated decision-making, including profiling. 
• Maintain records of personal data processing activities. 
• Detect and register personal data breaches and timely report them to the relevant Data Protection Authority if the breach results in a high risk for the rights and freedoms of the individual(s). 
• Prior to the processing, carry out a Data Protection Impact Assessment on the impact on the rights and freedoms of the individual, in case that processing is considered as a high risk to the rights and freedoms of the individual. 
• Ensure that all requirements are met for the processing of personal data of individuals residing within EU in regard to the Bank subsidiaries or to a third party.
• Clearly assign roles, responsibilities and required actions to be taken in relation to the processing of personal data. 
• Make sure that employees are aware of the Policy requirements related to personal data processing and protection.

Binding Corporate Rules

ING Group's Binding Corporate Rules (BCR) provide a clear statement on the protection of the clients-, suppliers-, business partners- and employees’ data, and aim to provide an adequate level of protection for this type of personal data processed by the bank or a third party acting on the bank’s behalf. 

The BCR consist of: 

• the Global Data Protection Policy concerning the data of the  clients, suppliers and business partners
• the Global Data Protection Policy concerning the data of the employees.

Within the data protection environment, the BCR function as a transfer mechanism to transfer personal data across ING Group companies, particularly those based in the European Union (EU), to countries outside the EU. The BCR are subject to the approval of the competent data protection authority – for ING Group this is the Dutch Data Protection Authority. The BCR are registered with the European Data Protection Board and published on the website of ING Bank NV. The BCR are legally binding both internally as well as externally.

Donations Policy

The Donation Policy sets out, among other things, the areas of the Bank’s involvement in charitable activities. The Bank’s chosen areas for social investment projects are as follows:

• activities for children and young people, including holidays for children and young people, as well as support for their social and living needs
• science, schooling, education and upbringing – especially in the area of financial- and climate education
• health protection and disease prevention
• environmental protection, combating climate changes
• financial support in case of special events in which an employee or a member(s) of his/her family is affected.

We also clarify in the Policy what donations the Bank does not make:

• for political purposes
• which may be regarded as an attempt to influence decisions made by government officials, including in particular donations to organisations that are directly or indirectly linked to government officials
• if they have a business purpose and serve to establish- or maintain a business relationship with a client or business partner of the Bank
• if there are circumstances indicating that the beneficiary has engaged in corruption, bribery or other unethical- or illegal activities
• if the donation could be considered an attempt at corruption or bribery
• to natural persons, with the exception of donations in the case of special events affecting an employee or his/her family member(s)
• to organisations that discriminate against people on the basis of age, race, colour, religious beliefs, gender, disability, sexual orientation or country of origin
• to organisations that are suspected of acting contrary to the values we hold in accordance with the ING Orange Code
• to organisations that do not operate under the Public Benefit Institutions Activity and Voluntary Work Act of 24 April 2003
• to projects aimed at supporting religious worship, faith-based organisations
• to student organisations if the purpose is to finance student trips and/or student events
• to cover the running costs of social organisations, e.g. office operation, service charges, salaries.

The Donations Policy sets out the roles of the Donations Committee, the Bank Management Board Bureau and the Management Board in the process, the due diligence requirements and the decision-making process. Whenever a charitable donation is made, the Centre of Expertise – Compliance and the Donations Committee (made up of 5 representatives of the Bank) are involved, as well as, depending on the amount, two members of the Bank’s Management Board or the entire Bank Management Board.

Sponsorship Policy

Sponsorship activity, as understood by ING Bank Śląski, is to support  targeted activities (events, ventures, projects) or our own initiatives that implement our strategy and are aimed at promoting the ING brand. The greater and stronger the connection between what we sponsor and how we do it, the greater the value of our brand.

It is very important for us that our values are clear, transparent and consistent with the values of our bidders and suppliers. This builds ING’s reputation as a socially responsible brand.

In order to streamline the process of implementing sponsorship activities, we have established the "Policy of Sponsorship of ING Bank Śląski". This set of rules and guidelines shows us how to properly carry out the process of implementing sponsorship activities in our bank, both based on our strategy and ethical principles, as well as on applicable regulations and laws.