The BNP Paribas Group places particular emphasis on delivering the best possible service to you and we wish to safeguard the trust that you place in us.
With this in mind, we have adopted strong principles to ensure that your data are protected.
This is why we want to provide you with transparent information about how we place, use and store cookies on your device when you visit our hellobank.be websites (hereinafter the “Website”) and present you with the options to manage and delete them.
1. What is a cookie?
Cookies are small text, image or software files that may be placed and/or read on your device when you go on our Website. The word “device”, when used in this Cookies Policy, refers to computers, smartphones, tablets and any other devices used to access the internet.
Cookies can be (i) session cookies, meaning that they are deleted from your device once the session and browser are closed; or (ii) persistent cookies, meaning that they will be stored on your device until they are deleted.
Cookies can have many functions and can be used to:
- authenticate and identify you on our Website in order to provide you with the services that you have requested;
- improve the security of the Website, including the prevention of log-in details being used fraudulently and the protection of user data from access by unauthorised third parties;
- send you personalised adverts based on your browsing history and online preferences;
- monitor how you use our Website in order to improve it;
- improve your user experience by tailoring the content on our Website to your areas of interest and by offering you more relevant Hello Bank! adverts and content on our Website or third-party websites;
- remember the information that you have provided to us (for example, in order to automatically fill in forms with the information that you have previously provided to us in order to log in more quickly);
- save your preferences and settings for using our Website (such as language or time zone).
2. What kind of information can be stored in a cookie?
The information stored by the cookies placed on your device may relate to the following areas, within the limit of their retention period:
- the webpages you have visited on that device;
- the advertisements you have clicked on;
- the type of browser you use;
- your IP address;
- and any other information that you have provided on our Website.
Cookies may contain personal data covered by our Privacy Notice.
3. What kind of cookies do we use and for what purpose?
The cookies that we use on our Websites are grouped into different categories.
We use certain tools (Adobe Target and Adobe Analytics) for a number of purposes. These purposes, such as audience measurement or advertising purposes, require your consent. If you have not consented to audience measurement cookies, we will not use these tools to process your data for audience measurement purposes or for other purposes.
1. Strictly necessary cookies (mandatory)
These cookies are essential for the Website to function properly. They may include, for example, cookies that collect session identifiers and identification data, or cookies that allow the interface of a Website to be customised (such as, for the choice of language or presentation of a service). This category also includes cookies that enable us to comply with our legal obligations, including ensuring a secure online environment (for example, detecting repeated failed log-ins in order to prevent unauthorised individuals from accessing your account).
Tool | Description | cookie | Purpose | Validity |
|---|---|---|---|---|
BNP SiteFactory | BNP SiteFactory is the platform that delivers content and services to the customers | (*-)JSESSIONID | This is a technical session cookie. It is used to divert the website visits to different machines in the back-end. Not all visitors go on the same server. If a server crashes, the visit can be reverted another server. This cookie identifies which user lands on which server. It ensures equal distribution of the visitors to the servers and ensures the stability of the performance. | Session |
*XSRF-TOKEN | Security cookie used to detect Cross-Site Scripting attacks. | Session | ||
AK-Ref-Id | DDoS Protection | Session | ||
AmountFormat | This cookie enables the user to set his preference for the decimal separator in CSV file exports containing transactions (point or comma) | Persistent | ||
AMWEBJCT!%2F!myaxes | This cookie is used to differentiate the private banking and Wealth Management customers and to display the private banking content to unauthenticated Wealth Management customers. At this moment the site does not differentiate by default between private banking and Wealth Management. Once the user logs in, and is a Wealth Management customer, he will see the Wealth Management content. This is for privacy purposes of Wealth Management clients: if someone uses the computer of a Wealth Management client, then he will not see it is a Wealth Management client unless he is logged in. This cookie is placed in context of privacy by design: even if authenticated, the cookie is needed, because front-end won’t take the data from back-end. | 1 year | ||
AMWEBJCT* | WebSEAL creates unique cookie names to prevent possible naming conflicts with cookies returned across other -j junctions. | Session | ||
ARR_d-net383.prod.be.echonet_Affinity | The ARR servers distribute the incoming requests towards the IIS backend servers and the cookie will make sure any subsequent requests from the client will be sent to the same server. | Session | ||
ASP.NET_SessionId | Microsoft session cookie generated by .net framework | Session | ||
axes | This cookie stores the basic settings of the user: language, brand, edition (last category visited; e.g. private/retail banking) | 7 years | ||
cookieDisclaimer | Cookie used to track if the cookie disclaimer message is shown to user or not. If the visitor is a first-time visitor, this cookie makes sure the banner is shown. In the new tool, the lifetime will be 6 months, so after 6 months he will see the info/banner again. | 6 months | ||
COOKIES_SETTINGS | Cookie used to track if the cookie disclaimer message is shown to user or not. If the visitor is a first-time visitor, this cookie makes sure the banner is shown. The cookie life time is six months: after six months of inactivity or after an update of the cookie policy, the visitor will see the information/banner again. | 180 days | ||
CSRF | Cookie to prevent Cross Site Reference Forgery and to prevent calls made from other origin. | Session | ||
distributorid | The first 2 caracters of the distributorId are the distributionChannelId (49 for Mobile, 52 for Web). The next two characters represent the brand ('FB' for Fortis Bank, 'KN' for Fintro) and the last three characters the application (001 for EasyBanking, 002 for Hello Bank! application). This cookie is the ID of the website and is used to differentiate between the websites of the different brands. | Session | ||
europolicy | This cookie is added by sitefactory and used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work. | 1 year | ||
FileDownload | Technical cookie used for the download of PDF and CSV files. The cookie is read by the JavaScript code to know whether or not the file was downloaded correctly. | Session | ||
gsn | This cookie creates a global session number, so it is a cookie for session management (session ID, random number to session). If someone accesses, this session has a number. This cookie is placed for communication reasons between client - website - server. This is not for logging in. | Session | ||
gtcPolicy | Cookie used to track if the cookie disclaimer message is shown to user or not. | 1 year | ||
language | Stores the preferred language of the user | 1 year | ||
LoadBalancer | This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location. | Session | ||
PD-S-SESSION-ID | Cookie used for session management | Session | ||
PD_STATEFUL_* | Session state cookies used by the SAML service to maintain state during multi-step handshakes | Session | ||
per* | This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location. | Session | ||
PHPSESSID | PHP cookie session , The PHPSESSID cookie is native to PHP and enables websites to store serialised state data | Session | ||
plogid | Technical cookie used during the Login process. When a user started logging in, the logid maintains the log-in session, so the site knows that the user has logged in already. As soon as the user logged in, logid will be removed. This cookie is maintained during the phases of the log-in procedure. | Session | ||
routeFrom | This cookie is used to handle the Back button behaviour | Session | ||
secure | This cookie is added by sitefactory and used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work. | 30 days | ||
security | This cookie is used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work. | Session | ||
seg | Cookie to remember the customer preference of segment. | 1 year | ||
tempCookie | Technical cookie | Session | ||
TS* | This is a security cookie set by the Firewall as a unique identifier. | Session | ||
userInformation | Technical cookie that contains a fixed value and is required by the framework. This cookie stores no user information, it makes the framework of the site work. | Session | ||
w1n0_er | This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location. | Session | ||
Messagent | A solution to create, execute and analyse effective personalized campaigns over all channels | CR | Cookie for Session Management. | Session |
Sitefinity | Sitefinity is the platform that delivers content and services to the customers | .AspNet.Cookies | The relying party cookie (claims authentication mode) that is used to cache authentication information. | Session |
__RequestVerificationToken | This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. | Session | ||
addevent_track_cookie | This cookie identifies the user and allows them to add events to a user’s calendar. | 1 year | ||
amb.cc | Cookie used to track if the cookie disclaimer message is shown to user or not. | 1 year | ||
bnppflanguageselector | Front end cookie to keep the language selection | 600 days | ||
catIds | Cookie used to prefill the search categories. | 1 day | ||
citrix_ns_id | Citrix Web App Firewall cookie. This is a web application firewall (WAF) that protects web applications and websites against known and unknown attacks. | Session | ||
citrix_ns_id_***_wat | The Application Firewall generates one wat cookie to track all application session cookies. | Session | ||
citrix_ns_id_***_wlf | The Application Firewall generates one wlf cookie to track all persistent application cookies. | Persistent | ||
csrf-token | Cookie to prevent Cross Site Reference Forgery and to prevent calls made from other origin. | Session | ||
DefinedUserType | This cookie keep the value of the customer segment (Priority Banking / Private Banking / Wealth Management). | 1 year | ||
locale | The cookie determines the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language. | 5 years | ||
searchText | Cookie used to prefill the search field. | 1 day | ||
SelectedLanguage | Front end cookie to keep the language selection | 1 year | ||
selectLanguage | Front end cookie to keep the language selection | 10 days | ||
ServerID | Generated for Load balancer reasons | Session | ||
sf-payload-ident | This is a functional cookie strictly necessary for the legitimate purpose of enabling the use of the customer onboarding flow explicitly requested by the user. | 3 days | ||
sf-prs-lu | Saves the landing URL. | Session | ||
sf-prs-ss | Holds the time of first page visit. | Session | ||
sf_site | In multisite environment, remembers the ID of the current site. | 2 years | ||
sf_timezoneoffset | Stores the value of the UTC time zone offset for the particular user, that is, the timezone difference between UTC and the user's local time, in minutes. This cookie is stored only for logged in users. | Session | ||
SF_TokenID | Handles the claims token (claims authentication mode). | 2 Hours | ||
sf_trckngckie | Logs the page visit. | 180 days |
2. Audience measurement cookies (subject to your consent)
These cookies enable us to understand how users arrive at our Website, to measure the number of visitors to our Website, and to analyse how visitors browse the Website or to recreate their journey. This helps us improve how our Websites function by ensuring, for example, that users can easily find what they are looking for.
Tool | Description | cookie | Purpose | Validity | Opt-out |
|---|---|---|---|---|---|
Adobe Analytics | Adobe analytics is used to provide aggregated statistics on navigation. This allows the bank to monitor performance of the website and improve it accordingly. | _sdsat_enrolment_ID | Cookie used to remember the value of a unique identifier of the transaction taking place when doing an enrolment. | 1 year | |
_sdsat_language | This cookie is used to remember the language in which the content is displayed. | 1 year | |||
_sdsat_MGM_sponsor_ID | This cookie is used to remember the unique identifier of a "godfather" user in the Hello bank "Member get member" process. | 1 year | |||
_sdsat_MGM_user_ID | This cookie is used to remember the unique identifier of a "godson" user in the Hello bank "Member get member" process. | 1 year | |||
_sdsat_zid | Custom Adobe Dynamic Tag Manager Cookie. | 1 year | |||
AMCV_F46824205476152E0A4C98A2%40AdobeOrg | The AMCV cookie contains the Experience Cloud visitor ID or MID. The MID is stored in a key-value pair that follows this syntax, mid|Experience Cloud ID. To know more about about the privacy policy of the Adobe Experience Cloud or to opt-out please visit https://www.adobe.com/be_en/privacy/opt-out.html | 2 years | |||
AMCVS_F46824205476152E0A4C98A2%40AdobeOrg | The AMCVS cookie serves as a flag indicating that the session has been initialized. Its value is always `1` and discontinues when the session has ended. | Session | |||
demdex | The Adobe Experience Cloud Identity Service uses the demdex cookie (with the BNPPF organization id and AMCV cookie) to create and store a unique, persistent identifier for our site visitors. These cookies let the Adobe ID service track visitors across the different domains of BNP Paribas Fortis and enable data sharing among different Experience Cloud solutions that BNP Paribas Fortis is using. | 180 days | |||
dpm | DPM (Data Provider Match) informs internal, Adobe systems that a call from the Adobe Experience Cloud ID Service is requesting a visitor ID. This only happens when the AMCV cookie (that contains an Experience Cloud id) isn’t set. | 180 days | |||
s_cc | This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True"). This cookie is a session cookie and expires when the browser is closed. If we do not have this cookie, we cannot do performance analysis on the website (what was visited and what not). | Session | |||
s_ecid | The ECID cookie contains the Experience Cloud ID (ECID) or MID. The MID is stored in a key-value pair that follows this syntax, s_ecid=MID|Experience Cloud ID. This cookie is set by the customer's domain after the AMCV cookie is set by the client. The purpose of this cookie is to allow persistent ID tracking in the 1st-party state and is used as a reference ID if the AMCV cookie has expired. Check AMCV cookie for more details. To know more about the privacy policy of the Adobe Experience Cloud or to opt-out please visit http://www.adobe.com/en/privacy/opt-out.html. | 2 years | |||
s_fid | This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. | 2 years | |||
s_flow_request_id | This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens. | 30 minutes | |||
s_flowtype | This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens. | 30 minutes | |||
s_pc | Cookie used for gathering statistics (where did a person click, where did he scroll to,…) of the website usage. These statistics are kept anonymous. | 1 year | |||
s_ppn | Record the portion of a page (0-100%) that the user views and passes the value into a variable on the next page view. | Session | |||
s_pprt | Cookie used for gathering statistics of the website usage. These statistics are kept anonymous | Session | |||
s_ppv | This cookie is set by the Adobe Analytics plugin “getPercentPageViewed” and is used to measure a visitor’s scroll activity to see how much of a page they view before moving to another page. | Session | |||
s_products | This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens. | 30 minutes | |||
s_ptc | This provides a native method to get accurate and detailed timing statistics for loading events e.g. when page or functionality is loaded. | Session | |||
s_sales_flowname | This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens. | 30 minutes | |||
s_selfservice_flowname | This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens. | 30 minutes | |||
s_sq | This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked by the user. It is used for reporting on website visits (how many times was website visited) , to create a "track" of the path. We do not know who visited (anonymous cookie), but we do know the path of the visit. | Session | |||
s_vi_* | This cookie is used to identify a unique visitor, the cookie has the format of s_vi_* depending on the report site used. | 2 years | |||
TEST_AMCV_COOKIE_WRITE | This is used to check if the browser supports cookies. | Session | |||
visited_domains | This cookie is used to remember which of the Hello bank platforms the user has already visited. | 400 days |
3. Preference cookies (subject to your consent)
These cookies enable us to personalise and offer the content and features of the Website (including displaying our products and services). They are used to improve our Website and your user experience.
Tool | Description | cookie | Purpose | Validity | Opt-out |
|---|---|---|---|---|---|
Adobe Target | Adobe Target is a tool used to personalise content seen on the website. | at_check | Used by Adobe Target to check if cookies are enabled/supported on the browser | Session | |
mbox | Adobe Target uses cookies to give website operators the ability to test which online content and offers are more relevant to visitors. | 400 days | |||
Medallia | Medallia is a tool for conducting online surveys and collecting user feedback. This feedback enables us to improve the solutions offered by the bank. | backendDataInSessionFlag | Flag that indicate if we retrieve user based targeting data in the current session | 1 year | |
cd_user_id | Cooladata user ID (Generated by Medallia Digital script) | 1 year | |||
DECLINED_DATE | Timestamp indicating when an intercept was last declined / survey was last closed | 1 year | |||
kampyle_userid | UUID for identifying a user (Generated by Medallia Digital script) | 1 year | |||
kampyleInvitePresented | Flag indicating whether an intercept was presented in the session | 1 year | |||
kampylePageLoadedTimestamp | Timestamp indicating when the page was loaded. Used for time on page targeting | 1 year | |||
kampyleSessionPageCounter | Tracks the number of pages the user has been in the session | 1 year | |||
kampyleUserPercentile | Number between 0-1 used for percentage of users targeting | 1 year | |||
kampyleUserSession | Timestamp indicating when the user has started his session | 1 year | |||
kampyleUserSessionsCount | Tracks number of sessions user has been in the browser | 1 year | |||
LAST_INVITATION_VIEW | Timestamp for when the last intercept was presented | 1 year | |||
md_isSurveySubmittedInSession | True if any survey was submitted in session, otherwise false | 1 year (But cleared on every session start) | |||
mdigital_alternative_uuid | Alternative feedback UUID identifier | 1 year | |||
mdLogger | When this exists, it instructs the Medallia code to add debug logs to the browser’s console. | 1 year | |||
SUBMITTED_DATE | Timestamp indicating when a survey was last submitted | 1 year |
4. Advertising cookies (subject to your consent)
These cookies are used to provide you with personalised or non-personalised adverts, where applicable depending on your location. They record your visit to our Website, the pages that you have viewed and the links that you have followed. We and our partners use this information to personalise our Website and the adverts on them. They may also be used to display personalised or non-personalised adverts for our products on other websites, to measure the effectiveness of an advertising campaign, to limit distribution frequency, and for affiliate marketing.
Tool | Description | Cookie/Third party partner | Details | Validity |
|---|---|---|---|---|
Google Campaign Manager | Google may contact you with their advertising material. Their advertising content will be tailored to your interests on the basis of your browsing behaviour and the pages you have consulted. The cookies are also used to measure the impact of the bank’s advertising campaigns on this site. The bank doesn’t collect any financial or personal data by means of these cookies. Our third party partner (Havas Media Belgium) may show you ads if you have visited our website. Those ads will be tailored to your interests, based on what you do online and the sites you visit. To improve our marketing content, this cookie may therefore send data to our third party parner. You can find more information about our third party partners' advertising policy and how to block the collection of your data on their respective pages. | _gcl_au | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services | 3 months |
Amazon Ad Server (e.g. Sizmek) | 90 days | |||
Facebook & Instagram (Meta) | 180 days | |||
Google (Alphabet) | 180 days | |||
Jellyfish | 180 days | |||
LinkedIn (Microsoft) | 30 days | |||
Microsoft Advertising |
| 13 months | ||
Outbrain | 180 days | |||
1 year | ||||
2 years | ||||
Snapchat | 1 year | |||
Teads | 4 months | |||
TikTok (ByteDance) | 24 months | |||
Twitch (Amazon) | 5 years | |||
Xandr (Microsoft) |
| 180 days | ||
X (Twitter) | 180 days | |||
Zemanta (Outbrain) | 1 year |
5. Content-sharing cookies (subject to your consent)
These cookies enable us to share information with the social media platforms used on our Websites or enable content hosted on an external website to be viewed on our Website. Displaying or viewing this type of content on our Websites shares information about your browsing on our Websites with the social media platforms used or the hosting websites in question.
Tool | Description | cookie | Purpose | Validity | Opt-out |
|---|---|---|---|---|---|
Brightcove | Videos on our websites are embedded video’s from Brigthcove. | __cf_bm | Cloudflare’s bot products identify and mitigate automated traffic to protect your site from bad bots. | 30 minutes |
|
_cfuvid | This cookie is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address. | Session | |||
EMBEDDED | embedded Iframe set cookies on own domain. Shows the embedded video player of youtube. | Session | |||
VISITOR_INFO1_LIVE | Tries to estimate the users' bandwidth on pages with integrated YouTube videos. | 180 days | |||
VISITOR_PRIVACY_METADATA | Stores the user's permission to use cookies on the current domain | 180 days | |||
vuid | Stores the user's video player preferences | 2 years | |||
YSC | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. | Session | |||
yt-remote-cast-installed | Stores the user's video player preferences using embedded YouTube video | Session | |||
yt-remote-connected-devices | Stores the user's video player preferences using embedded YouTube video | Persistent | |||
yt-remote-device-id | Stores the user's video player preferences using embedded YouTube video | Persistent | |||
yt-remote-fast-check-period | Stores the user's video player preferences using embedded YouTube video | Session | |||
yt-remote-session-app | Stores the user's video player preferences using embedded YouTube video | Session | |||
yt-remote-session-name | Stores the user's video player preferences using embedded YouTube video | Session |
4. Who places cookies on your device?
When you select the types of cookies that you allow on your device, these cookies can be placed on them directly by us or by one of our partners.
From a practical point of view, this means that when you authorise the installation of some so-called “third-party” cookies on your device, our partners will also be able to access the information that they contain (such as, for example, your browsing statistics when you authorise third-party analytics cookies) in accordance with our Privacy Notice and the Privacy Notices of our partners.
Partner | link |
|---|---|
Amazon Ad Server (e.g. Sizmek) | |
Facebook & Instagram (Meta) | |
Google (Alphabet) | |
Jellyfish | |
LinkedIn (Microsoft) | |
Microsoft Advertising | https://about.ads.microsoft.com/en-us/policies/legal-privacy-and-security |
Outbrain | |
Snapchat | |
Teads | |
TikTok (ByteDance) | |
Twitch (Amazon) | |
X (Twitter) | |
Xandr (Microsoft) | https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy |
Zemanta (Outbrain) |
5. Responsible for the cookies
The owner of the Website and the data controller for your personal data stored in the cookies is:
BNP Paribas Fortis SA-NV
Montagne du Parc 3
B-1000 Brussels
privacy@bnpparibasfortis.com
6. How do you manage cookies?
In order to view the different categories of cookies that we use on the Website and to configure your choices, you can take a look at the cookie management tool that can be accessed at the bottom of the page. You can change your preferences at any time (withdraw or give your consent again).
You can also manage the use of cookies by:
- Configuring your browser's privacy settings (for more information on controlling cookies, please refer to your browser's Help function).
- Visiting third-party websites: this will allow you to check how to manage cookie settings on websites and applications outside Hello Bank! – please refer to section 4 for more details on third parties.
Please note that the use of strictly necessary cookies for the proper functioning of the Website does not require your consent. This is why the “Strictly necessary cookies” is indicated as required in our cookie management tool and is not optional.
By refusing certain types of cookies (preference cookies, for example), we will not be able to optimise your user experience on our Website.
By default, we store your cookie choices for a given device for a maximum of 6 months. If you change your mind about the preferences that you have expressed about cookies, you can update your choices at any time, by following this link. We will ask you again to make a choice every 6 months.
7. Your rights as a visitor to our Website
For more information on BNP Paribas Fortis SA/NV as the personal data controller and your rights as a data subject, please take a look at our Privacy Notice, which can be accessed via the footer of the Website.
Additionally, as a visitor and subject of the data saved by these cookies, you are entitled to file a complaint with the Belgian Data Protection Authority:
https://www.dataprotectionauthority.be/
Version 5.2 (last updated on 01/10/2024)