Privacy Policy

Our Commitment to You

BMO Financial Group appreciates the opportunity to help you meet your financial needs. From the day Bank of Montreal was founded in 1817, earning and keeping your trust has been at the very core of our business. We are committed to respecting and protecting your Personal Data. It is important for you to understand what Personal Data we will collect, how we will use it and who may see it.

Scope

This Privacy Code applies to the BMO Financial Group operations that take place in Europe. Data protection contact details of these companies can be found in the Contact Us section. Defined terms are listed in Annex A.

This Privacy Code outlines our commitment to you and incorporates the following key privacy principles:

We have strict policies and procedures governing how we deal with your Personal Data. Every employee is responsible for respecting and protecting the Personal Data that they have access to.

Our Data Protection Officer oversees how we deal with your Personal Data. Please see below for information on how to reach our Data Protection Officer.

When we collect your Personal Data, we may use or disclose it for the following purposes. Below each purpose, we note the lawful basis that allows that use of your Personal Data. There is often more than one lawful basis for each purpose. Annex B provides further detail on the scope of the lawful bases.

  • To provide and manage products and services you have requested ►to deliver our services and products to you, or to notify you about changes to them.
    Lawful bases: contract performance; consent; legitimate interests (to enable us to perform our obligations owed to you)
  • To verify your identity, protect against fraud and manage risk ►we and other organisations may access and use certain Personal Data to prevent fraud, money laundering and terrorism, or other criminal offences, as may be required by applicable law and regulation and best practice at any given time. This could include checking against sanctions, politically exposed persons and other fraud or crime screening databases. If false or inaccurate information is provided and fraud is identified or suspected, we may pass your details to fraud prevention agencies and we or these agencies may store these details for record keeping purposes.
    Lawful bases: legal obligation; contract performance; legitimate interests (to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud); public interest
  • To comply with legal or regulatory requirements, or as otherwise permitted by law ►we may process your Personal Data to comply with our legal or regulatory requirements, communicate with our regulators, defend or prosecute claims as applicable, or conduct regulatory reporting as applicable. This could include passing your Personal Data to third parties, court services and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by them anywhere in the world.
    Lawful bases: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory authorities); public interest
  • To communicate with you regarding products and services that may interest you ► to send you updates and offers (if you have chosen to receive these). We may also use your Personal Data for marketing our products and services to you by post, email, phone, SMS, online or through social media adverts. Where required by law, we will ask for your consent at the time we collect your Personal Data to conduct any marketing. We will provide an option to unsubscribe or opt out from any further electronic marketing communications. You can opt out by contacting the BMO Financial Group company that you do business with or using the unsubscribe link provided in any of our electronic marketing communications.
    Lawful bases: legitimate interests (to provide you with opportunities that may be of interest); consent
  • To understand our customers and develop and tailor our products and services ► we may analyse the Personal Data we hold in order to better understand our clients’ service and marketing requirements, to better understand our business and to develop our products and services. To ensure that content from our websites is presented in the most effective manner for you and for your device, we may pass your Personal Data to business partners, suppliers and/or service providers.
    Lawful basis: legitimate interests (to ensure the quality and legality of our services, to allow us to improve our services and to enable us to offer content and services via a wider range of channels)
  • To re-organise or make changes to our business ►If we negotiate and/or sell part or all of our business to a third party, or undergo a significant corporate re-organisation, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process and use it for the same purposes as set out in this policy, or for the purpose of analysing any proposed sale or re-organisation.
    Lawful basis: legitimate interests (in order to allow us to change our business)
  • To respond to any questions you may have ► we may be required to process your Personal Data to conduct, and keep a record of, our correspondence with you.

We may monitor calls and transactions to ensure service quality, to comply with law and regulation and our internal procedures and to combat fraud and other criminal activity.

If a new purpose for using your Personal Data develops, we will update this policy to identify that purpose.

Some of our processing is permitted by legal bases other than consent (see Identifying Purposes above). In relation to Direct Marketing, where we must do so, we will obtain your consent before using your Personal Data for this purpose. If you do not want to receive our Direct Marketing communications and/or do not want your Personal Data shared among relevant members of BMO Financial Group in Europe for the purpose of marketing, you can have your name deleted from our Direct Marketing and/or shared information lists. If you want to change your privacy preferences, please contact the BMO Financial Group company that you do business with or using the unsubscribe link provided in any of our electronic marketing communications.

In relation to the processing of criminal convictions data and politically exposed persons data and to the extent another ground cannot be applied, we rely on your consent. Such consent is necessary for us to provide our services and should you withdraw such consent we may have to stop providing certain services to you.

We only collect the Personal Data that we determine we need for one (or more) of the purposes set out in Principle 2.

For example, we may collect:

  • Contact information ► information including your address, telephone number and email address.
  • Information you provide about others ► we may require information about third parties such as your immediate family members. You must have their permission to give us their information and you need to let them know how we use their information before providing it to us.
  • Anti-crime and fraud information ► information you or third parties provide us that establishes your identity (such as driving licences, passports and utility bills) and other related information (such as addresses, phone numbers, email addresses, signatures and work histories) that enables us to verify that you are neither suspected nor a victim of fraud, other criminal offences or suspicious transactions, and that your details do not appear on politically exposed persons and sanctions lists.
  • Financial Information ► information to ensure that any products and services we provide you with are appropriate and suitable for you.
  • Your transactions and holdings ► details of transactions or investments that you have made or initiated with us.
  • Our correspondence ► details of any correspondence between us and you (verbal or in writing).
  • Device information ► information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk.
  • Website use information ► details of your activity on our websites, including browsing behaviour on BMO sites and links, the locations you click, form data and downloads, as well as other data gathered from the use of web tools (for example, cookies, web beacons, tagging) to better understand your interests and needs so that we can serve you better. For more information, please see our Cookie Policy below.
  • Marketing preference information ► details of your marketing preferences (e.g. communication preferences) and information to help us choose appropriate products and services to offer you.
  • Email tracking information ► our emails may contain a single, campaign-unique “web beacon pixel” to tell us whether our emails are opened and, combined with other technology, verify any clicks through to links within the email. We may use this information to determine which of our emails are more interesting to you and to query whether users who do not open our emails wish to continue receiving them. This information may include Personal Data. The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, please select to receive emails from us in plain text rather than HTML, or choose not to click links that we send you or unsubscribe from the receipt of our emails.
  • Call recordings and CCTV ► we may monitor or record our telephone calls with you for service quality or training purposes and to establish a record of our communications for regulatory recordkeeping purposes, including for the prevention and detection of fraud. If you do not wish to have your call recorded, you have other options to conduct business with us, such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud.

We will only use or disclose your Personal Data for the purpose(s) it was collected for and as otherwise identified in this Privacy Code.

Sharing outside the BMO Financial Group: Personal Data may be provided to third parties, including regulatory or law enforcement authorities, court services, and anti-fraud organisations:

  • in cases of suspected criminal activity or contravention of law
  • to detect and prevent fraud
  • when required to satisfy the legal or regulatory requirements such as a court order.

Unless prohibited by law, we can give you details of any such third party disclosures upon request.

Sharing within the BMO Financial Group: we may share your Personal Data within the BMO Financial Group, including locations outside of the European Economic Area (EEA) for marketing purposes, for legal and regulatory purposes, to manage business risks, to perform analytics, to ensure we have correct or up-to-date information about you (such as your current address or date of birth) and to better manage your relationship with us.

Business sale or re-organisation: over time, we may buy new business or sell some of our business. Personal data associated with any accounts, products or services of the business being sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Data as part of a corporate re-organisation or other change in corporate control.

Sub-contractors and agents: we may use affiliates or other companies to provide services on our behalf or to enable us to offer and provide our products and services to you, such as data processing, account administration, fraud prevention and detection, analytics and marketing. We will only give these companies the Personal Data needed to perform those services. We do not authorise them to use or disclose your Personal Data for their own marketing or other purposes. We have contracts that hold these companies to the same standards of confidentiality and information security that govern us.

Transfers outside the EEA: your Personal Data may be accessed by staff or suppliers in, transferred to, and/or stored in a country outside the EEA, in which data protection laws may be of a lower standard than within the EEA. Regardless of location, we will impose the same data protection safeguards that we use inside the EEA.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws (see the full list here) and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not been approved, we will establish a legal basis to justify transferring Personal Information, such as contractual terms approved by the European Commission that impose equivalent data protection obligations directly on the recipient.

Please Contact Us if you would like to see a copy of the specific safeguards applied to the export of your Personal Data.

Our retention periods for personal data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (we may further retain and use the anonymised information) or securely destroy the data.

We are committed to keeping your Personal Data accurate, complete and up-to-date. If you discover inaccuracies in our records, or your Personal Data changes, please notify the BMO Financial Group company that you do business with immediately so that we can make the necessary changes. Failure to notify us of changes to your Personal Data may negatively impact the way we communicate or provide services to you. Where appropriate, we will advise others of any material amendments to your Personal Data that we may have released to them. If we do not agree to make your requested amendments, you may challenge our decision as described in the Contact Us table below.

We use an extensive range of safeguards to protect your Personal Data.

 

We have agreements and controls in place with third party service providers requiring them to safeguard any Personal Data we provide to them and use the Personal Data only for the purpose of providing the service we have requested them to perform.

 

We may link to other sites that will have their own privacy policies and customer information practices. If you click through to a third party site, please ensure you read their privacy policy as we cannot be held responsible for the content or practices of other sites.

From time to time, we may make changes to this Privacy Code. Where we have your email address, we may email you if the changes are material. Otherwise, we will not. We therefore recommend that you check the Code from time to time.

This Privacy Code at https://www.bmogam.com or https://www.bmorep.com (as applicable) is always the most recent version.

Please see Contact Us to answer any questions you may have about our Privacy Code.

The BMO Financial Group company that you correspond with will usually determine the purpose of processing your Personal Data and the way in which it is processed. Sometimes the company will do it jointly with others, depending on the products and services you use. Data protection contact details of these companies can be found in the Contact Us section.

Personal Data must be processed in line with your rights as a Data Protection Officer. In the EU, Data Subjects generally have the rights listed below. However, these are subject to certain exceptions and variations in different EU member states. If in doubt, please contact the Data Protection Officer Officer.

Data Subjects can:

Subject access: be provided access to a copy of any Personal Data held about them.

Rectification: require inaccurate Personal Information be amended.

Erasure: require erasure of Personal Data in certain circumstances. Where the data has been disclosed to third parties for processing, Data Subjects can require us to take reasonable steps to inform them that they have requested its erasure of any links to copies of or replication of it.

Withdrawal of consent: withdraw any consent to processing that they have given us and prevent further processing if there is no other ground under which we can process their Personal Data.

Restriction: require certain Personal Data to be marked as restricted while complaints are resolved, and also restrict processing in certain other circumstances.

Portability: have their Personal Data transmitted in a commonly used machine-readable format to them or another company that determines the purposes and means for which Personal Data is processed.

Prevent processing: require us to stop any Personal Data processing based on the legitimate interests ground, unless our reasons for undertaking that processing outweigh any prejudice to their data protection rights.

Marketing: require us to prevent processing (including profiling) of Personal Data for direct marketing purposes.

Your exercise of these rights is subject to certain exemptions under EU or local law, such as exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and will aim to respond within a month.

If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you can complain to the relevant Data Protection Regulator.

If your complaint remains unresolved after speaking to a representative of the BMO Financial Group entity that you deal with, please contact the Data Protection Officer at:

 

BMO Financial Group

Office of the Data Protection Officer

95 Queen Victoria Street

London, EC4V 4HG.

United Kingdom

 

Privacy.UK-EU@bmo.com

 

If, after contacting us, you do not feel that we have adequately addressed your concerns, please contact the Data Protection Regulator in the country where the BMO Financial Group entity that you deal with is established, as set out in the chart above.

We use cookies on our website to provide customised information for users and to improve their online experience.

What are cookies?

Cookies are small text files that are stored on your device when you visit certain web pages. They provide us with valuable information and feedback, such as how and when pages on the website are visited, and what our users’ technology preferences are.

The cookies that we use on our website can be categorised into the following groups:

  1. Strictly necessary cookies: these are essential in order to enable you to move around a website and use its features, such as accessing secure areas of the website. Without these cookies, certain services you may have asked for cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the Internet.
  2. Performance cookies: these collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. In particular, this website uses Google Analytics. These cookies do not collect information that identifies a visitor. All information these cookies collect is anonymous and is only used to improve how a website works. For further information on how Google uses data when you use our website go to www.google.com/policies/privacy/partners/, or any other URL that Google may provide from time to time.
  3. Functionality cookies: these allow a website to remember choices you make (such as your username, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customise. They may also be used to provide services you have requested, such as watching a video. The information these cookies collect may not always be anonymous, but these cookies are not able to track your browsing activity on other websites.

By using our website, you agree that we can place these types of cookies from us and third parties (such as Google Analytics, Hotjar and Flashtalking) on your device.

Amending cookie preferences

If you wish to remove or block cookies set by our website from your browser, you can delete them. The instructions for removing cookies from your computer or mobile device will depend on the operating system and web browser you use. Please note, however, that withdrawing your agreement to the use of cookies on our website could impair its functionality.

Click here for further information about cookies in general and instructions for managing cookies on many commonly used browsers. Alternatively, you can consult your browser provider for such instructions.

Our emails may contain a single, campaign-unique “web beacon pixel” to tell us whether our emails are opened and, combined with other technology, verify any clicks through to links within the email. We may use this information for determining which of our emails are more interesting to you and to query whether users who do not open our emails wish to continue receiving them. The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, please select to receive emails from us in plain text rather than HTML, choose not to click links that we send you, or unsubscribe from the receipt of our emails. This information may be connected to your personal identity.

Contact Us

If you have any questions or concerns about our privacy practices, the privacy of your Personal Data or you want to change your privacy preferences, please let us know.

Talk to the BMO Financial Group company that you do business with

The company that you correspond with or do business with will usually be the data controller in respect of your Personal Data and can answer any questions you may have about our Privacy Code or our use of your Personal Data. If your concerns are not resolved, please contact:

Country Business Unit Contact Data Protection Regulator Contact
UK Client Services +44(0)20 7011 4444 Information Commissioner’s Office 0303 123 1113
Austria Rogier Van Harten +31 20 582 3795 Austrian Data Protection Authority E-Mail: dsb@dsb.gv.at
Belgium Rogier Van Harten +31 20 582 3795 Commission for the Protection of Privacy +32 (0)2 274 48 00
Finland Robert Elfström +46 (0) 856646501 Data Protection Ombudsman +358 29 56 66700
France Jean Michel Bongiorno +44 207 011 5233 Commission Nationale de l'Informatique et des Libertés +33 (0)1.53.73.22.22
Germany Elmar Rathmayr +49 69 22228 3613 The Hessian Data Protection Officer PO Box 3163 65021 Wiesbaden +49 611 1408 – 0 https://datenschutz.hessen.de/uber-uns/kontakt
Ireland State Street Fund Services (Ireland) Limited +353 1 242 5529 Office of the Data Protection Commissioner +353 (0761) 104 800
Italy Giampaolo Giannelli +39 020068 1619 Italian data protection authority +39-06-6967 71
Luxembourg State Street Bank Luxembourg S.A +352 46 40 10 7460 National Commission for Data Protection (+352) 26 10 60 - 1
Norway Robert Elfström +46 (0) 856646501 Data Protection Authority
Spain Luis Martin-Hoyos +34 91 419 89 01 Spanish Data Protection Agency (AEPD) Spanish Agency for Data Protection C / Jorge Juan, 6 28001-Madrid
Sweden Robert Elfström +46 (0) 856646501 Data Inspection Board (DIB) +46 8 657 61 00
Switzerland Rochus Appert +41 44 488 1951 Federal Data Protection and Information Commissioner (FDPIC) +41 (0) 58 462 43 95
Portugal Joao Santos +351 21 003 3220 Comissão Nacional de Protecção de Dados (CNPD) (+ 351) 21 392 84 00
Netherlands Marco Mante de Vreede +31 20 582 3074 The Dutch Data Protection Authority 0900 200 12 01
Pyrford International
Country Business Unit Contact Data Protection Regulator Contact
UK Business Unit Compliance Officer information@pyrford.co.uk +44 (0) 20 7495 4641 Information Commissioner’s Office 0303 123 1113
BMO Real Estate Partners
Country Business Unit Contact Data Protection Regulator Contact
UK Angus Henderson +44 207 499 2244 Information Commissioner’s Office 0303 123 1113
Germany Robert Gauggel +49 (0) 89 614 651 - 11 The Bavarian State Commissioner for Data Protection (BayLfD) 0981 / 53-1300
France Ian Kelley/Adrien Brion +33 01 70395992/+33 01 70395993 Commission Nationale de l'Informatique et des Libertés +33 (0)1.53.73.22.22
Ireland BMO Real Estate Partners enquiries@bmorep.com Office of the Data Protection Commissioner +353 (0761) 104 800
Gibraltar BMO Real Estate Partners enquiries@bmorep.com Gibraltar Regulatory Authority (+350) 20074636

ANNEX A: Definitions

BMO Financial Group means Bank of Montreal and all of its subsidiaries

 

Data Subject the person to whom the Personal Data relates. A BMO Financial Group entity established in the EEA determines the purposes and means for which this person’s Personal Data is processed.

 

Direct Marketing is our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.

 

EEA means the European Economic Union

 

Personal Data is any information relating to an identified or identifiable Data Subject, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. For the purposes of this Privacy Code, Personal Data is that which a BMO Financial Group entity established in the EEA processes.

ANNEX B: Table of Legal Bases

Please find below a description of the various legal bases that we rely upon to justify our processing of your Personal Data, with a description of each basis.

For processing Personal Information
Legal basis Details
Consent You have given your consent to the processing of your Personal Data for one or more specified purposes. You are free to withdraw your consent by notifying the BMO Financial Group company that you do business with. Where you do so, we may be unable to provide a service that requires the use of such Personal Data.
Performance of our contract with you Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
Compliance with a legal obligation Processing is necessary for compliance with a legal obligation to which we are subject.
For our legitimate business interests Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data. These legitimate interests are set out next to each purpose.
For processing Special Categories of Personal Information
Legal basis Details
Your explicit consent You have given your explicit consent to the processing of those Personal Information for one or more specified purposes. You are free to withdraw your consent, by visiting Contact Us. Where you do so, we may be unable to provide a service that requires the use of such Personal Information.
For legal claims Processing is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity.
In the substantial public interest Processing is necessary for reasons of substantial public interest on the basis of EU or UK law.