The Bank is a data controller in respect of personal information and is required, under the General Data Protection Regulation, to inform you about how and when the Bank collects, processes, shares and/or discloses your personal data.
For Trusted Novus Bank it is essential to protect any data you entrust us with and to ensure confidentiality of this data. We ensure compliance with data protection rules and guidelines. Moreover, we do not collect, use or process personal data without an appropriate legal basis or without your express consent (which may also be given electronically). Consent, which has been given, may be revoked by you at any time with effect for future use.
This policy sets out what Personal Data we collect and how we process it.
- We collect and process various categories of Personal Data at the commencement of and for the duration of our relationship with you. The collection and processing of Personal Data is limited to that which is necessary to achieve one or more of the legitimate purposes identified in the policy.
- Personal Data which we may collect and process may include:
- basic personal information, such as name and address, contact details, marital status, tax information, residency status and date of birth;
- financial history and information, such as transactional and account information;
- information regarding your financial circumstances, such as proof of income, sources of wealth, assets and liabilities, credit and borrowing history, details of expenditure and other outgoings;
- information regarding your financial needs and requirements;
- information about the purposes and scope of your expected relationship with the Bank;
- basic information about your family, partners and dependants;
- employment and education history;
- personal identification documents, such as copies of passports, identity cards or CCTV images;
- Online profile and social media information obtained as a result of use of the Bank’s websites, platforms and applications, such as the browser types and versions used, the date and time of access to our website, platforms and applications, the Internet protocol address (“IP address”), the Internet service provider of the accessing system; and any other similar data and information that may be used in the event of attacks on our information technology systems.
- Additionally, the Bank may also collect and process certain special categories of data. This data would only be collected and processed with your explicit consent (or where the Bank is lawfully permitted to do so without your consent) and only for limited purposes such as fraud prevention, prevention of money laundering, financial crime and terrorist financing, bribery and corruption. This data may include matters such as:
- Basic information about racial or ethnic origin and religious or philosophical belief;
- Trade union membership and affiliation;
- Information related to health or medical conditions (physical or psychological);
- Criminal convictions and alleged offences;
- Sanctions lists.
- The purposes of processing
The purposes for which your Personal Data is collected and processed are as follows:
- Contractual necessity – your Personal Data will be processed where it is necessary to enter into a contract with you for the provision of our services or to perform any contractual obligations;
- Legal Obligation – The bank is required to collect and process certain Personal Data where you apply for or are provided with a product or service by the Bank;
- Legitimate interests of the Bank – we may collect and process your Personal Data where it is in our legitimate interests to do so and without prejudicing your interests or fundamental rights or freedoms.
- How we collect and process your Personal Data
- Information you provide to us directly or via a third party;
- Information we receive from third parties. This may include other Trusted Novus Bank Group entities, third party service providers, credit reference agencies and resources, government and quasi-government agencies, other banks and regulatory authorities;
- Information acquired by us during our relationship with you, such as the use of our services, accounts, payment services, inquiries etc.;
- Information collected through the use of the Bank’s websites, platforms and applications;
- Information that may be collected as a result of the recording of telephone conversations;
- Information available as a result of your use of credit or payment cards, Netbank or other kinds of payment services. The Bank will obtain information from you, shops, financial institutions and others;
- Information obtained from sources and records accessible to the general public.
- What do we use your Personal Data for?
We will only use and share your information where it is necessary and lawful for us to do so. Any of the information we collect from you may be used in one or more of the following ways:
- To provide services to you;
- To manage your relationship with the bank and any transactions;
- To meet Compliance and or Regulatory obligations;
- To perform financial crime risk management;
- To collect money you owe us;
- To enforce/defend the rights of Trusted Novus Bank
- To meet our internal policy requirements;
- To market our services/products to you.
- Sharing Your Personal Data
- In certain cases we may access, preserve, and disclose to third parties information about you if we believe disclosure is in accordance with, or required by, any contractual relationship with you, applicable law, regulation or legal process. Personal Data may be processed by us and/or our affiliates, agents, vendors, consultants or suppliers, as well as any other third party service providers who are performing certain services on our behalf for the purposes specified above (for example, external Counsel, financial institutions, and/or experts) or on your specific instructions.
- The bank discloses information internally within the Group and to external business partners (including correspondent banks and other financial institutions) if you have consented to this or if such disclosure is lawful. In addition we may be required by law or by a Court of law to disclose certain information about you to relevant regulatory, law enforcement and/or other competent authorities. We may also need to share your information in order to enforce or apply our legal rights under any agreed terms of business.
- In connection with IT development, hosting and support, Personal Data is transferred to data processors, including data processors in third countries outside the EEA (which includes countries in the European Union as well as Iceland, Lichtenstein and Norway), such as Switzerland and India. We will only do so where it has been determined by the EU that the country or organisation we are sharing your Personal data with will protect your information adequately. We also use a number of legal mechanisms, including standard contracts approved by the EU Commission to ensure that your rights and protection level follow your data.
- If the Bank enters into a sale, reorganisation, transfer, asset disposal or joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.
- The Bank will not share your Personal Data with third parties for their own marketing purposes without your permission,
- Yours Rights As A Data Subject
As a data subject you have the following rights which can be exercised by contacting our Data Protection Officer (contact details below):
- The right to confirmation and access
- You have the right to ask us to confirm to you whether or not we collect, process or store your Personal Data. Where we collect process or store your Personal Data, you are entitled to access to your Personal Data and you further have the right to be informed about:
- the purposes of the processing;
- the categories of Personal Data concerned;
- the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the Personal Data is not collected from you, any available information as to its source;
- the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you; and
- whether your Personal Data is transferred to a third country and if so of the appropriate safeguards relating to the transfer.
- The right to rectification
- You have the right to have any inaccurate Personal Data about you rectified and to have any incomplete Personal Data about you completed. You may also request that we restrict the processing of that data until rectified. If you ask the Bank to restrict processing your Personal Data or parts thereof, the Bank may have to suspend the operation of your accounts, products or services that are provided to you.
- The right to erasure
- You have the general right to request the erasure of your Personal Data. This right can be exercised if one of the following applies:
- the Personal Data is no longer necessary for the purpose the data controller collected it for;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your Personal Data; and
- Erasure is required to comply with a legal obligation that applies to us; Once you have requested erasure of your Personal Data for one of the reasons above, we will proceed to comply without delay unless continued retention is necessary for: Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defense of legal claims.
The right to restrict processing
You have the right to restrict the processing of your Personal Data under certain circumstances. You may restrict the processing of your Personal Data when:
- you contest the accuracy of the Personal Data;
- processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed Personal Data;
- we no longer need to process your Personal Data but you need the Personal Data for the establishment, exercise, or defense of legal claims;
- you object to processing that relies on the public interest or on our legitimate interests as the lawful processing grounds we must restrict the challenged processing activity pending verification of whether our legitimate interests override your interests.
The right to object to processing
You have the right to object to processing of your Personal Data under certain circumstances these, include:
- where our processing of your Personal Data is for direct marketing purposes (including profiling for direct marketing purposes);
- where our processing of your Personal Data is for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation;
- Where you object on the above bases we will cease to process your Personal Data unless there is legitimate ground for processing your Personal Data that overrides your interests or we need to process your Personal Data to establish, exercise, or defend legal claims.
The right to data portability
- Where the legal basis for our processing your Personal Data is at your consent or is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the Personal Data you provided to the Bank in a portable format.
Additionally, you may also ask us to provide it directly to a third party and we will do so where this is possible. The Bank will not be responsible for the use for any third party’s use of that Personal Data.
- The right to complain to a supervisory authority
If you consider that our processing of your Personal Data infringes data protection laws applicable to you, then you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
- The right to withdraw consent
Where the legal basis for processing your personal data is your consent, you have the right to withdraw that consent at any time.
Storing Personal Data
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this policy. Records can be held on a variety of media (physical or electronic) and formats.
Retention periods are determined based on the type of record, the nature of the record and activity and the legal or regulatory requirements that apply to those records. The Bank will, in the normal course of events, keep client records for up 10 years after the termination of the relationship.
However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Existence of automated decision-making
We do not use automatic decision-making or profiling when processing personal data.
How we secure your information
We are committed to taking appropriate measures designed to keep your Personal Data secure. Our technical, administrative and physical procedures are designed to protect Personal Data and non-personal data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once it is received.
To prevent unauthorised access, we follow strict security procedures in the storage and disclosure of information which you have given us. Our security procedures mean that we may request proof of identity before we are able to disclose Personal Data to you following a request from you for us to do so. We implement security measures across the Bank to ensure our clients’ data is protected within secured and encrypted servers we control. We may also keep hard copy records of this Personal Data in physical storage facilities with access restricted solely to our personnel. We also take steps to monitor access to and modification of your information by our contractors, advisers, consultants and staff members, and ensure that they are aware of and properly trained in their obligations for managing your privacy.
We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
A loss of personal data is known as a data breach. The GDPR imposes requirements on businesses to identify, assess and report breaches in a timely manner (within 72 hours). We undertake to inform you if your Personal Data is compromised and there is a risk to your rights and freedoms as a result.
We may update this policy from time to time by publishing a new version on our website.
When we make such changes or update this policy we may notify you of changes to this policy by email
If you would like a copy of the personal records we hold about you, just write in to us at:
Data Management Team
Trusted Novus Bank 76 Main Street Gibraltar
If there are any questions regarding this privacy notice or if you are concerned about the way we have handled your data you may contact us using the details below:
Data Protection Officer
Trusted Novus Bank. 76 Main Street Gibraltar
Tel: +350 2000 3000
Click here to view PDF version of the document