Data Protection
At ABC Banking Corporation Ltd (the “Bank”), we value the trust our customers place in us when sharing their personal information and we reaffirm this trust by ensuring that all personal data is managed with integrity, transparency, and the strictest security protocols, in compliance with the Data Protection Act 2017 (the “DPA”) and General Data Protection Regulation (the “GDPR”), together referred to as Data Protection Laws.
The present private notice (“Private Notice”) governs the manner in which the Bank, in its capacity as registered controller, collects, processes, stores, and safeguards data of customers (“Customer Data”), which may be obtained either directly from customers or indirectly through authorised third-party resources, in compliance with Data Protection Laws. The Bank processes Customer Data where it has a legitimate interest or where such processing is necessary for the proper provision of services to its customers. The Bank is committed to ensure that all Customer Data remains confidential, secure, and private at all times.
This Privacy Notice applies to any processing of your personal information by the Bank, whether such information is provided through our website, via email, through the completion of forms (including employment-related documents), through the exchange of contractual paperwork, by letter or fax, verbally, or through any other means of communication.
Definitions
Data Subject (Individual) means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Personal Data means any information relating to a data subject.
Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Processing
The processing of your personal data is conducted in compliance with the Data Protection Laws.
Personal data is processed to:
- ensure compliance with regulatory obligations under the applicable anti-money laundering or other applicable laws and regulations;
- assess applications with respect to a loan, a debit card, and any other banking, investment or fiduciary products or services; and
- as is necessary for the performance of obligations to you under any agreement entered into with the Bank, as may be amended in accordance with its terms.
The provision of personal data is of course entirely voluntary. You are free to choose whether to provide your personal data to us or not. Please note however that if you choose not to provide your personal data, we may not be able to provide certain services to you or enter into a contractual relationship with you.
We do not knowingly process data relating to a child under the age of 16, without the consent of his parents or guardians. If you are a child under the age of 16, please ensure that you (a) obtain the consent of your parents or guardians before providing such data to us; and (b) provide a record of such consent to us.
If you provide us with the personal data of another person, you are responsible for ensuring that such person is made aware of the information contained in this Private Notice and that the person has given you his/her consent for sharing his/her personal data with us.
The categories of personal data we collect are set out in the Information Table:
| Categories of Data | Data |
|---|---|
| Customer identification | Name, e-mail, postal address, telephone number, country of residence, passport scan and number, national identity card scan and number, tax identification number; |
| Personal Characteristics | Date of birth, marital status |
| Employment and occupation | Employer, function, title, place of work |
| Academic/study information | Academic records, qualifications and elated information |
| Family information; | Information about family members or dependents |
| Banking/non-banking and financial data | Account information, transactions, financial history |
| Investment appetite and risk profile | Investment preferences, risk tolerance, financial goals |
| Electronic identification data | IP addresses, cookies, login credentials |
| Data received in the context of the performance of an agreement | Information collected during contractual or service interactions, power of attorney |
| Tax related data | Tax filings, identification numbers, tax-related documents |
| Images, sounds and communications | Surveillance camera footage, telephone recordings, exchange of letters/emails with the Customer |
Lawful Basis
The law provides that personal data cannot be processed in the absence of a lawful basis. The lawful bases which apply to the processing of personal data by the Bank are as follows:
- your consent having been obtained;
- the processing being necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract;
- for compliance with any legal obligation to which the Bank is subject;
- for the purpose of historical, statistical or scientific research; and/or
- for the legitimate interests pursued by the Bank (except if the processing is unwarranted in any particular case having regard to the harm and prejudice to your rights and freedoms or legitimate interests).
Your Rights
In accordance to the Data Protection Laws, you have certain rights relating to the personal data being processed by the Bank. These rights are set out below.
- Right to withdraw consent at any time
Where personal data is processed on the basis of express consent, such consent may be withdrawn at any time.The withdrawal of consent will not affect the lawfulness of any processing done by the Bank prior to such withdrawal.
Please note that withdrawal of consent may result in the Bank not being able to provide certain services or enter into a contractual relationship with you. - Right of access
You may request a copy of the personal data held. Such request to be made in writing to the Bank’s Data Protection Officer.
If the request is manifestly excessive, a fee shall be charged for attending to same, at the discretion of the Bank. - Rectification, erasure or restriction of processing
You may also, at any time, request:- to have any inaccurate personal data the Bank holds on the data subject corrected. This includes the right to supplement and/or update existing personal data provided to the Bank;
- that the Bank erases any personal data held where (i) such data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; (ii) consent to hold and process such data has been withdrawn and there are no overriding legitimate grounds for the continued processing; or (iii) the personal data has been unlawfully processed.
It is understood that this right is not absolute and that it will not be applicable where the exceptions provided for by law apply, including where processing of the personal data is necessary for the purpose of historical, statistical or scientific research or for compliance with a legal obligation or for the establishment, exercise or defence of a legal claim;
The Bank to shall restrict processing of the personal data where (i) the accuracy of the personal data is contested by you. This restriction will apply for such period as may be necessary to enable the Bank to verify the accuracy of the data; (ii) the personal data is no longer needed for the purpose of processing; (iii) the processing of the personal data is deemed by you to be unlawful, but do not wish the Bank to erase it; or (iv) you have objected to the processing of the personal data. Such restriction will apply pending verification as to legitimate grounds of the Bank to keep processing the personal data, despite your objection.
- Right to object
You have the right to object to the processing of his/her personal data at any time. Upon receiving such objection, the Bank shall stop processing the personal data, except where there are compelling legitimate grounds to continue such processing. - Right to lodge a complaint
If you feel that the Bank has not processed your personal data lawfully, the Data Protection Officer of the Bank shall be contacted for lodging of a complaint.
Where you remain unsatisfied, you may lodge a complaint with the Data Protection Office in Mauritius. Contact details are as follows:Address: 5th Floor, SICOM Tower, Wall Street, Ebène
Email address: dpo@govmu.org
Phone number: + (230) 460-0253
Fax: + (230) 489-7346To exercise any of the above rights, please contact the Data Protection Officer of the Bank, whose contact details are available in the Information Table.
Data Breach Notification
A data breach occurs where there is an unauthorised disclosure or a loss of personal data. Any breach must be reported to the Data Protection Officer as soon as the breach is noted so that appropriate measures can be taken to recover or limit any damage.
The Bank is bound by law to notify the Data Protection Office of any breach within 72 hours after becoming aware. Further, where a breach is likely to put your rights and freedoms at risk, the Bank has the obligation to notify you directly.
Cookies
Information is collected via cookies or similar technology on the website or apps of the bank. Cookies are small text files that are automatically placed on a computer or mobile device when visiting a website. These are stored by the internet browser. Cookies contain basic information about one’s use of the internet. The internet browser sends these cookies back to the website of the bank every time a user visits it, so it can recognise a computer or mobile device and personalise and enhance the browsing experience of the user.