European Privacy Policy Statement

Respecting strict privacy management protocols is paramount and we remain committed to proactively managing and protecting information on behalf of our clients, employees and shareholders. We are sharing our Privacy Notice which complies with the requirements set out by the European Union’s General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.

We provide services to clients through a number of entities. Depending on the location from where the services are provided, certain entities may be the Data Controller in relation to your personal data. Please visit the Our Locations page for further information regarding the Group entities (as defined below) through which we operate.

If you have any questions about this Privacy Notice, please contact dpo@rbc.com.

Privacy Notice

    1. Collecting and using your information

      We process personal data of employees, directors, officers, legal representatives, beneficial owners, trustees, settlors, signatories, shareholders of its clients and its service providers, including vendors and sub-custodians. If you are in one of the situations above, and if the organization that you are associated with in that role is our client or service provider, your data may be transferred to us in the context of its relationship with us. We will obtain your information from the organization you are associated with in the course of its relationship with us.

      As the sole Data Controller, we provide data subjects with the following:

    2. Categories of data and purposes of processing

      2.1

      Depending on the relationship we have with the organization(s) you are associated with, and the services we provide or receive, we will process your personal data for regulatory, administrative, technology and accounting purposes:

      1. to ensure and facilitate compliance with applicable laws and/or regulations;
      2. to determine eligibility for products and services;
      3. to perform anti-money laundering and counter-terrorist finance checks;
      4. to make enquiries with licensed credit reporting or fraud prevention agencies;
      5. to enable us to provide to the clients existing, new or enhanced services in connection with or arising out of, the client’s agreement(s) with us, or on the client’s instructions;
      6. to assess financial and credit risks, and generally in connection with the prudent risk management of our group’s subsidiaries and/or affiliates (Group or Group entities);
      7. to administer and process the client’s account(s);
      8. to manage information technology and associated databases and processes in an efficient manner that minimizes service interruptions and delivers quality client services;
      9. to receive services from other entities of the Group in connection with any of the above purposes;
      10. to enable other entities in the Group to market or offer services to the client;
      11. to protect and enforce any property or other rights of the Group and or recover a debt; and
      12. to handle disputes, litigation or investigations;
      13. to confirm the identity and carry out background checks in relation to or in connection with the client;
      14. to fulfil obligations under any reporting agreement entered into with any applicable tax authority or revenue service(s) from time to time; and
      15. in connection with the reorganization, acquisition, merger or sale of any business or entity in the Group.
      2.2

      Depending on the relationship we have with the organization(s) you are associated with, and the services we provide or receive, or for the purposes listed above, we process any information relating to you particularly names, address, date of birth, sex, contact details, email addresses, title, nationality, tax domicile, tax identification number (TIN), Politically Exposed Person (PEP) status, as detailed on your identification documents.
      2.3

      We do not process special categories of data referred to in Article 9 of the GDPR, unless it is required through a legal obligation. The data we use may be directly provided by you or obtained from publicly available third parties. We do not use automated decision-making processes.
      2.4

      We will use your information:

      1. for our legitimate business interests, namely to help us operate and improve our business and minimise any disruption to the services we may offer to our clients;
      2. to comply with legal and regulatory obligations; and
      3. to prevent and detect crime, or for reasons of public interest, or for the establishment, exercise or defence of legal claims or proceedings.
    3. Recipients of personal data and cross-border transfers

      We will not disclose your personal data to anyone outside the Group except:

      3.1

      (i) to companies, entities or persons (including, without limitation, any service providers) located in any jurisdictions, that undertake any service or activity directly or indirectly for us or for any of our service providers which directly or indirectly assists or enables us to provide services to the client or for any other purpose listed in para 2.1(a)—(o), (ii) to any government or regulatory authorities, stock exchanges and clearing houses, or as otherwise required in accordance with applicable laws and regulations, (iii) to the other party of a joint account in connection with any of the client’s agreement(s) with us, or (iv) to any person the client nominates or appoints in writing as having authority to give authorised instructions under any of the client’s agreement(s) with us.
      3.2

      As part of our relationship with the clients and service providers and in the context of the provision or receipt of services, it may be necessary for us to send information to Group entities.
      3.3

      In case of cross-border transfers, we will implement appropriate measures to ensure that your personal information remains protected and secure, in accordance with applicable data protection and privacy laws.

      The measures include:

      1. in the case of transfers of personal information to outside the European Economic Area, entering into Standard Contractual Clauses. For further information, please contact dpo@rbc.com and
      2. ensuring that the jurisdictions into which personal information is transferred have equivalent data protection legislation and requirements to those of the EU based on the European Commission’s adequacy decisions (such as Switzerland, United Kingdom, etc).
      3.4

      We will retain your information after the client’s/provider’s relationship is terminated, for as long as permitted for legal, regulatory, and fraud purposes.
    4. Your rights

      You have the right to:

      1. access your personal data,
      2. correct or delete your personal data,
      3. restrict processing concerning your data,
      4. object to the processing of your data,
      5. data portability, and
      6. file a complaint with your local supervisory authority

TO exercise your rights, please contact dpo@rbc.com

  1. Updates to the Privacy Notice

    The information in this Privacy Notice may change and be updated periodically.