Cookie Policy

The BNP Paribas Group places particular emphasis on delivering the best possible service to you and we wish to safeguard the trust that you place in us.

With this in mind, we have adopted strong principles to ensure that your data are protected.

This is why we want to provide you with transparent information about how we place, use and store cookies on your device when you visit our bnpparibasfortis.com websites (hereinafter the “Website”) and present you with the options to manage and delete them.

1. What is a cookie?

Cookies are small text, image or software files that may be placed and/or read on your device when you go on our Website. The word “device”, when used in this Cookies Policy, refers to computers, smartphones, tablets and any other devices used to access the internet.

Cookies can be (i) session cookies, meaning that they are deleted from your device once the session and browser are closed; or (ii) persistent cookies, meaning that they will be stored on your device until they are deleted.

Cookies can have many functions and can be used to:

  • authenticate and identify you on our Website in order to provide you with the services that you have requested;
  • improve the security of the Website, including the prevention of log-in details being used fraudulently and the protection of user data from access by unauthorised third parties;
  • send you personalised adverts based on your browsing history and online preferences;
  • monitor how you use our Website in order to improve it;
  • improve your user experience by tailoring the content on our Website to your areas of interest and by offering you more relevant BNP Paribas Fortis adverts and content on our Website or third-party websites;
  • remember the information that you have provided to us (for example, in order to automatically fill in forms with the information that you have previously provided to us in order to log in more quickly);
  • save your preferences and settings for using our Website (such as language or time zone).

2. What kind of information can be stored in a cookie?

The information stored by the cookies placed on your device may relate to the following areas, within the limit of their retention period:

  • the webpages you have visited on that device;
  • the advertisements you have clicked on;
  • the type of browser you use;
  • your IP address;
  • and any other information that you have provided on our Website.

Cookies may contain personal data covered by our Privacy Notice.

3. What kind of cookies do we use and for what purpose?

The cookies that we use on our Websites are grouped into different categories.

We use certain tools (Adobe Target and Adobe Analytics) for a number of purposes. These purposes, such as audience measurement or advertising purposes, require your consent. If you have not consented to audience measurement cookies, we will not use these tools to process your data for audience measurement purposes or for other purposes.

1. Strictly necessary cookies (mandatory)

These cookies are essential for the Website to function properly. They may include, for example, cookies that collect session identifiers and identification data, or cookies that allow the interface of a Website to be customised (such as, for the choice of language or presentation of a service). This category also includes cookies that enable us to comply with our legal obligations, including ensuring a secure online environment (for example, detecting repeated failed log-ins in order to prevent unauthorised individuals from accessing your account).

Tool

Description

cookie

Purpose

Validity

BNP SiteFactory

BNP SiteFactory is the platform that delivers content and services to the customers

(*-)JSESSIONID

This is a technical session cookie. It is used to divert the website visits to different machines in the back-end. Not all visitors go on the same server. If a server crashes, the visit can be reverted another server. This cookie identifies which user lands on which server. It ensures equal distribution of the visitors to the servers and ensures the stability of the performance.

Session

*XSRF-TOKEN

Security cookie used to detect Cross-Site Scripting attacks.

Session

AK-Ref-Id

DDoS Protection 

Session

AmountFormat

This cookie enables the user to set his preference for the decimal separator in CSV file exports containing transactions (point or comma)

Persistent

AMWEBJCT!%2F!myaxes

This cookie is used to differentiate the private banking and Wealth Management customers and to display the private banking content to unauthenticated Wealth Management customers. At this moment the site does not differentiate by default between private banking and Wealth Management. Once the user logs in, and is a Wealth Management customer, he will see the Wealth Management content. This is for privacy purposes of Wealth Management clients: if someone uses the computer of a Wealth Management client, then he will not see it is a Wealth Management client unless he is logged in. This cookie is placed in context of privacy by design: even if authenticated, the cookie is needed, because front-end won’t take the data from back-end.

1 year

AMWEBJCT*

WebSEAL creates unique cookie names to prevent possible naming conflicts with cookies returned across other -j junctions.

Session

ARR_d-net383.prod.be.echonet_Affinity

The ARR servers distribute the incoming requests towards the IIS backend servers and the cookie will make sure any subsequent requests from the client will be sent to the same server.

Session

ASP.NET_SessionId

Microsoft session cookie generated by .net framework

Session

axes

This cookie stores the basic settings of the user: language, brand, edition (last category visited; e.g. private/retail banking)

7 years

cookieDisclaimer

Cookie used to track if the cookie disclaimer message is shown to user or not. If the visitor is a first-time visitor, this cookie makes sure the banner is shown. In the new tool, the lifetime will be 6 months, so after 6 months he will see the info/banner again.

6 months

COOKIES_SETTINGS

Cookie used to track if the cookie disclaimer message is shown to user or not. If the visitor is a first-time visitor, this cookie makes sure the banner is shown. The cookie life time is six months: after six months of inactivity or after an update of the cookie policy, the visitor will see the information/banner again.

180 days

CSRF

Cookie to prevent Cross Site Reference Forgery and to prevent calls made from other origin.

Session

distributorid

The first 2 caracters of the distributorId are the distributionChannelId (49 for Mobile, 52 for Web). The next two characters represent the brand ('FB' for Fortis Bank, 'KN' for Fintro) and the last three characters the application (001 for EasyBanking, 002 for Hello Bank! application). This cookie is the ID of the website and is used to differentiate between the websites of the different brands.

Session

europolicy

This cookie is added by sitefactory and used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work.

1 year

FileDownload

Technical cookie used for the download of PDF and CSV files. The cookie is read by the JavaScript code to know whether or not the file was downloaded correctly.

Session

gsn

This cookie creates a global session number, so it is a cookie for session management (session ID, random number to session). If someone accesses, this session has a number. This cookie is placed for communication reasons between client - website - server. This is not for logging in.

Session

gtcPolicy

Cookie used to track if the cookie disclaimer message is shown to user or not.

1 year

language

Stores the preferred language of the user

1 year

LoadBalancer

This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location.

Session

PD-S-SESSION-ID

Cookie used for session management

Session

PD_STATEFUL_*

Session state cookies used by the SAML service to maintain state during multi-step handshakes

Session

per*

This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location.

Session

PHPSESSID

PHP cookie session , The PHPSESSID cookie is native to PHP and enables websites to store serialised state data

Session

plogid

Technical cookie used during the Login process. When a user started logging in, the logid maintains the log-in session, so the site knows that the user has logged in already. As soon as the user logged in, logid will be removed. This cookie is maintained during the phases of the log-in procedure.

Session

routeFrom

This cookie is used to handle the Back button behaviour

Session

secure

This cookie is added by sitefactory and used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work.

30 days

security

This cookie is used for accessing the website, without this cookie website will not work. This cookie stores no user information. The cookie makes the framework of the site work.

Session

seg

Cookie to remember the customer preference of segment.

1 year

tempCookie

Technical cookie

Session

TS*

This is a security cookie set by the Firewall as a unique identifier.

Session

userInformation

Technical cookie that contains a fixed value and is required by the framework. This cookie stores no user information, it makes the framework of the site work.

Session

w1n0_er

This is a load balancing cookie. BNP Paribas Fortis has multiple server parcs to guarantee availability of the site, as you can only be logged in one of them at the time we keep a cookie to send the user to the best suited location.

Session

Event Tools

Event tools is used to create some business event.

*XSRF-TOKEN

Security cookie used to detect Cross-Site Scripting attacks.

Session

ai_session

Tracking cookie that stores a random identifier to track session data anonymously.

30 minutes

ai_user

A cookie that stores a random identifier to anonymously track user data.

1 year

ARRAffinity

This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.

Session

ARRAffinitySameSite

This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.

Session

Sitefinity

Sitefinity is the platform that delivers content and services to the customers

.AspNet.Cookies

The relying party cookie (claims authentication mode) that is used to cache authentication information.

Session

__RequestVerificationToken

This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery.

Session

addevent_track_cookie

This cookie identifies the user and allows them to add events to a user’s calendar.

1 year

amb.cc

Cookie used to track if the cookie disclaimer message is shown to user or not.

1 year

bnppflanguageselector

Front end cookie to keep the language selection

600 days

catIds

Cookie used to prefill the search categories.

1 day

citrix_ns_id

Citrix Web App Firewall cookie. This is a web application firewall (WAF) that protects web applications and websites against known and unknown attacks.

Session

citrix_ns_id_***_wat

The Application Firewall generates one wat cookie to track all application session cookies.

Session

citrix_ns_id_***_wlf

The Application Firewall generates one wlf cookie to track all persistent application cookies.

Persistent

csrf-token

Cookie to prevent Cross Site Reference Forgery and to prevent calls made from other origin.

Session

DefinedUserType

This cookie keep the value of the customer segment (Priority Banking / Private Banking / Wealth Management).

1 year

locale

The cookie determines the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language.

5 years

searchText

Cookie used to prefill the search field.

1 day

SelectedLanguage

Front end cookie to keep the language selection

1 year

selectLanguage

Front end cookie to keep the language selection

10 days

ServerID

Generated for Load balancer reasons

Session

sf-payload-ident

This is a functional cookie strictly necessary for the legitimate purpose of enabling the use of the customer onboarding flow explicitly requested by the user.

3 days

sf-prs-lu

Saves the landing URL.

Session

sf-prs-ss

Holds the time of first page visit.

Session

sf_site

In multisite environment, remembers the ID of the current site. 

2 years

sf_timezoneoffset

Stores the value of the UTC time zone offset for the particular user, that is, the timezone difference between UTC and the user's local time, in minutes. This cookie is stored only for logged in users. 

Session

SF_TokenID

Handles the claims token (claims authentication mode).

2 Hours

sf_trckngckie

Logs the page visit.

180 days

SurveyMonkey

Tool that allows us to create some small survey.

_splunk_rum_sid

Stores the session ID

Session

ep201

These cookies are used to for load balancing site traffic and preventing site abuse.

30 minutes

ep203

Enables the system to uniquely identify browsers/devices for the purpose of mitigating account sharing. Identifies devices that could be account sharing which is not allowed under our terms of use

90 days

2. Audience measurement cookies (subject to your consent)

These cookies enable us to understand how users arrive at our Website, to measure the number of visitors to our Website, and to analyse how visitors browse the Website or to recreate their journey. This helps us improve how our Websites function by ensuring, for example, that users can easily find what they are looking for.

Tool

Description

cookie

Purpose

Validity

Opt-out

Adobe Analytics

Adobe analytics is used to provide aggregated statistics on navigation. This allows the bank to monitor performance of the website and improve it accordingly.

_sdsat_enrolment_ID

Cookie used to remember the value of a unique identifier of the transaction taking place when doing an enrolment.

1 year

http://www.adobe.com/privacy/opt-out.html

_sdsat_language

This cookie is used to remember the language in which the content is displayed.

1 year

_sdsat_MGM_sponsor_ID

This cookie is used to remember the unique identifier of a "godfather" user in the Hello bank "Member get member" process.

1 year

_sdsat_MGM_user_ID

This cookie is used to remember the unique identifier of a "godson" user in the Hello bank "Member get member" process.

1 year

_sdsat_zid

Custom Adobe Dynamic Tag Manager Cookie.

1 year

AMCV_F46824205476152E0A4C98A2%40AdobeOrg

The AMCV cookie contains the Experience Cloud visitor ID or MID. The MID is stored in a key-value pair that follows this syntax, mid|Experience Cloud ID. To know more about about the privacy policy of the Adobe Experience Cloud or to opt-out please visit https://www.adobe.com/be_en/privacy/opt-out.html

2 years

AMCVS_F46824205476152E0A4C98A2%40AdobeOrg

The AMCVS cookie serves as a flag indicating that the session has been initialized. Its value is always `1` and discontinues when the session has ended.

Session

demdex

The Adobe Experience Cloud Identity Service uses the demdex cookie (with the BNPPF organization id and AMCV cookie) to create and store a unique, persistent identifier for our site visitors. These cookies let the Adobe ID service track visitors across the different domains of BNP Paribas Fortis and enable data sharing among different Experience Cloud solutions that BNP Paribas Fortis is using.

180 days

dpm

DPM (Data Provider Match) informs internal, Adobe systems that a call from the Adobe Experience Cloud ID Service is requesting a visitor ID. This only happens when the AMCV cookie (that contains an Experience Cloud id) isn’t set.

180 days

s_cc

This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True"). This cookie is a session cookie and expires when the browser is closed. If we do not have this cookie, we cannot do performance analysis on the website (what was visited and what not).

Session

s_ecid

The ECID cookie contains the Experience Cloud ID (ECID) or MID. The MID is stored in a key-value pair that follows this syntax, s_ecid=MID|Experience Cloud ID. This cookie is set by the customer's domain after the AMCV cookie is set by the client. The purpose of this cookie is to allow persistent ID tracking in the 1st-party state and is used as a reference ID if the AMCV cookie has expired. Check AMCV cookie for more details. To know more about the privacy policy of the Adobe Experience Cloud or to opt-out please visit http://www.adobe.com/en/privacy/opt-out.html.

2 years

s_fid

This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions.

2 years

s_flow_request_id

This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens.

30 minutes

s_flowtype

This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens.

30 minutes

s_pc

Cookie used for gathering statistics (where did a person click, where did he scroll to,…) of the website usage. These statistics are kept anonymous.

1 year

s_ppn

Record the portion of a page (0-100%) that the user views and passes the value into a variable on the next page view.

Session

s_pprt

Cookie used for gathering statistics of the website usage. These statistics are kept anonymous

Session

s_ppv

This cookie is set by the Adobe Analytics plugin “getPercentPageViewed” and is used to measure a visitor’s scroll activity to see how much of a page they view before moving to another page.

Session

s_products

This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens.

30 minutes

s_ptc

This provides a native method to get accurate and detailed timing statistics for loading events e.g. when page or functionality is loaded.

Session

s_sales_flowname

This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens.

30 minutes

s_selfservice_flowname

This cookie is set by the Adobe Analytics and is used to stitch customer journey data while measuring tracking on eSignature screens.

30 minutes

s_sq

This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link that was clicked by the user. It is used for reporting on website visits (how many times was website visited) , to create a "track" of the path. We do not know who visited (anonymous cookie), but we do know the path of the visit.

Session

s_vi_*

This cookie is used to identify a unique visitor, the cookie has the format of s_vi_* depending on the report site used.

2 years

TEST_AMCV_COOKIE_WRITE

This is used to check if the browser supports cookies.

Session

visited_domains

This cookie is used to remember which of the Hello bank platforms the user has already visited.

400 days

3. Preference cookies (subject to your consent)

These cookies enable us to personalise and offer the content and features of the Website (including displaying our products and services). They are used to improve our Website and your user experience.

Tool

Description

cookie

Purpose

Validity

Opt-out

Adobe Target

Adobe Target is a tool used to personalise content seen on the website.

at_check

Used by Adobe Target to check if cookies are enabled/supported on the browser

Session

http://optout.tt.omtrdc.net/optout

mbox

Adobe Target uses cookies to give website operators the ability to test which online content and offers are more relevant to visitors.

400 days

4. Advertising cookies (subject to your consent)

These cookies are used to provide you with personalised or non-personalised adverts, where applicable depending on your location. They record your visit to our Website, the pages that you have viewed and the links that you have followed. We and our partners use this information to personalise our Website and the adverts on them. They may also be used to display personalised or non-personalised adverts for our products on other websites, to measure the effectiveness of an advertising campaign, to limit distribution frequency, and for affiliate marketing.

Tool

Description

Cookie/Third party partner

Details

Validity

Google Campaign Manager

Google may contact you with their advertising material. Their advertising content will be tailored to your interests on the basis of your browsing behaviour and the pages you have consulted. The cookies are also used to measure the impact of the bank’s advertising campaigns on this site. The bank doesn’t collect any financial or personal data by means of these cookies. Our third party partner (Havas Media Belgium) may show you ads if you have visited our website. Those ads will be tailored to your interests, based on what you do online and the sites you visit. To improve our marketing content, this cookie may therefore send data to our third party parner. You can find more information about our third party partners' advertising policy and how to block the collection of your data on their respective pages.

_gcl_au

Used by Google AdSense for experimenting with advertisement efficiency across websites using their services

3 months

Amazon Ad Server (e.g. Sizmek)

(https://www.sizmek.com/privacy-policy/optedin)

90 days

Facebook & Instagram (Meta)


(https://www.facebook.com/settings?tab=ads)

180 days

Google (Alphabet)

(https://myadcenter.google.com/controls)

180 days

Jellyfish

(https://www.jellyfish.com/en-gb/privacy-policy/)

180 days

LinkedIn (Microsoft)

(https://www.linkedin.com/legal/privacy-policy)

30 days

Microsoft Advertising


(https://about.ads.microsoft.com/en-us/policies/legal-privacy-and-security)

13 months

Outbrain


(https://www.outbrain.com/privacy/)

180 days

Pinterest


(https://www.pinterest.com/settings/privacy/)

1 year

Reddit


(https://www.reddit.com/policies/cookies)

2 years

Snapchat


(https://support.snapchat.com/a/advertising-preferences)

1 year

Teads


(https://privacy-policy.teads.com/)

4 months

TikTok (ByteDance)


(https://www.tiktok.com/safety/en/ads-and-data/)

24 months

Twitch (Amazon)


(https://www.twitch.tv/p/en/legal/cookie-notice/)

5 years

Xandr (Microsoft)

(https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy)

180 days

X (Twitter)

(https://privacy.twitter.com/)

180 days

Zemanta (Outbrain)

(https://www.zemanta.com/opt-out/)

1 year

5. Content-sharing cookies (subject to your consent)

These cookies enable us to share information with the social media platforms used on our Websites or enable content hosted on an external website to be viewed on our Website. Displaying or viewing this type of content on our Websites shares information about your browsing on our Websites with the social media platforms used or the hosting websites in question.

Tool

Description

cookie

Purpose

Validity

Opt-out

Brightcove

Videos on our websites are embedded video’s from Brigthcove. 

__cf_bm

Cloudflare’s bot products identify and mitigate automated traffic to protect your site from bad bots.

30 minutes

 

_cfuvid

This cookie is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address.

Session

EMBEDDED

embedded Iframe set cookies on own domain. Shows the embedded video player of youtube.

Session

VISITOR_INFO1_LIVE

Tries to estimate the users' bandwidth on pages with integrated YouTube videos.

180 days

VISITOR_PRIVACY_METADATA

Stores the user's permission to use cookies on the current domain

180 days

vuid

Stores the user's video player preferences

2 years

YSC

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Session

yt-remote-cast-installed

Stores the user's video player preferences using embedded YouTube video

Session

yt-remote-connected-devices

Stores the user's video player preferences using embedded YouTube video

Persistent

yt-remote-device-id

Stores the user's video player preferences using embedded YouTube video

Persistent

yt-remote-fast-check-period

Stores the user's video player preferences using embedded YouTube video

Session

yt-remote-session-app

Stores the user's video player preferences using embedded YouTube video

Session

yt-remote-session-name

Stores the user's video player preferences using embedded YouTube video

Session

4. Who places cookies on your device?

When you select the types of cookies that you allow on your device, these cookies can be placed on them directly by us or by one of our partners.

From a practical point of view, this means that when you authorise the installation of some so-called “third-party” cookies on your device, our partners will also be able to access the information that they contain (such as, for example, your browsing statistics when you authorise third-party analytics cookies) in accordance with our Privacy Notice and the Privacy Notices of our partners.

Partner

link

Amazon Ad Server (e.g. Sizmek)

https://www.sizmek.com/privacy-policy/optedin

Facebook & Instagram (Meta)

https://www.facebook.com/settings?tab=ads

Google (Alphabet)

https://myadcenter.google.com/controls

Jellyfish

https://www.jellyfish.com/en-gb/privacy-policy/

LinkedIn (Microsoft)

https://www.linkedin.com/legal/privacy-policy

Microsoft Advertising

https://about.ads.microsoft.com/en-us/policies/legal-privacy-and-security

Outbrain

https://www.outbrain.com/privacy/

Pinterest

https://www.pinterest.com/settings/privacy/

Reddit

https://www.reddit.com/policies/cookies

Snapchat

https://support.snapchat.com/a/advertising-preferences

Teads

https://privacy-policy.teads.com/

TikTok (ByteDance)

https://www.tiktok.com/safety/en/ads-and-data/

Twitch (Amazon)

https://www.twitch.tv/p/en/legal/cookie-notice/

X (Twitter)

https://privacy.twitter.com/

Xandr (Microsoft)

https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy

Zemanta (Outbrain)

https://www.zemanta.com/opt-out/

5. Responsible for the cookies

The owner of the Website and the data controller for your personal data stored in the cookies is:

BNP Paribas Fortis SA-NV
Montagne du Parc 3
B-1000 Brussels
privacy@bnpparibasfortis.com

6. How do you manage cookies?

In order to view the different categories of cookies that we use on the Website and to configure your choices, you can take a look at the cookie management tool that can be accessed at the bottom of the page. You can change your preferences at any time (withdraw or give your consent again).

You can also manage the use of cookies by:

  • Configuring your browser's privacy settings (for more information on controlling cookies, please refer to your browser's Help function).
  • Visiting third-party websites: this will allow you to check how to manage cookie settings on websites and applications outside BNP Paribas Fortis – please refer to section 4 for more details on third parties.

Please note that the use of strictly necessary cookies for the proper functioning of the Website does not require your consent. This is why the “Strictly necessary cookies” is indicated as required in our cookie management tool and is not optional.

By refusing certain types of cookies (preference cookies, for example), we will not be able to optimise your user experience on our Website.

By default, we store your cookie choices for a given device for a maximum of 6 months. If you change your mind about the preferences that you have expressed about cookies, you can update your choices at any time, by following this link. We will ask you again to make a choice every 6 months.

7. Your rights as a visitor to our Website

For more information on BNP Paribas Fortis SA/NV as the personal data controller and your rights as a data subject, please take a look at our Privacy Notice, which can be accessed via the footer of the Website.

Additionally, as a visitor and subject of the data saved by these cookies, you are entitled to file a complaint with the Belgian Data Protection Authority:

https://www.dataprotectionauthority.be/


Version 5.2 (last updated on 01/10/2024)