Last updated: 24 April 2022
If you are viewing this Notice online, you can click on the below links to jump to the relevant section:
We do not use automatic decision-making or profiling when processing Personal Data. Were we to decide to do so, we would confirm this to you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you.
A loss of Personal Data is known as a data breach. The GDPR imposes requirements on businesses to identify, assess and report breaches in a timely manner (within 72 hours). We undertake to inform you if your Personal Data is compromised and there is a high risk to your rights and freedoms as a result.
We may update this notice from time to time by publishing a new version on our website, and will also update the “Last updated” field at the top of this notice. If you do not have a business relationship with us, you are encouraged to review our website regularly in order to remain informed about how we process Personal Data. If you have a business relationship with us, we reserve the right to inform you of changes to this notice from time to time either through our website or via other means of communication.
Trusted Novus Bank Limited is a company incorporated in Gibraltar with registered number 3936 and registered office situated at 76 Main Street, Gibraltar. We are also regulated by the Gibraltar Financial Services Commission and further details appear in our general Terms and Conditions. If there are any questions regarding this notice, you wish to exercise any of the rights described in this notice, or if you are concerned about the way we have handled your Personal Data you may contact our DPO or (in the DPO’s absence) the Data Protection Steering Group using the details below:
Data Protection Officer / Data Protection Steering Group
Trusted Novus Bank
76 Main Street
GX11 1AA
Gibraltar
Telephone: +350 2000 3000
Website: www.trustednovusbank.gi
Email: This email address is being protected from spambots. You need JavaScript enabled to view it. / This email address is being protected from spambots. You need JavaScript enabled to view it.
As outlined in our Privacy Notice, you have the following rights under the Data Protection Legislation, which can be exercised by contacting our Data Protection Officer (contact details below under ‘Our details’):
You have the right to ask us to confirm to you whether or not we collect, process or store your Personal Data. Where we collect process or store your Personal Data, you are entitled to access to your Personal Data and you further have the right to be informed about:
Note that most of this information is already contained within our Privacy Notice. Exercising this right is also referred to as submitting a “data subject access request” or “DSAR”.
You have a right to be informed about the processing of your Personal Data (and if you did not give it to us, information as to the source) and this Notice intends to provide the required information. Note that your right to information is limited in certain cases, and the requirements to give information do not apply insofar as:
You have the right to have any inaccurate Personal Data about you rectified and to have any incomplete Personal Data about you completed. You may also request that we restrict the processing of that data until rectified. If you ask TNB to restrict processing your Personal Data or parts thereof, TNB may have to suspend the operation of your accounts, products or services that are provided to you. It is important that the Personal Data we hold about you is accurate and current. Any terms of business which we may have with you will also require you to inform us if your Personal Data changes during your relationship with us. If we do hold Personal Data and you believe it is incorrect, you may submit a request to us to correct any alleged mistakes. We shall communicate any rectification of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request this information.
You have the general right to request the erasure of your Personal Data. This right can be exercised if one of the following applies:
Once you have requested erasure of your Personal Data for one of the reasons above, we will proceed to comply without delay unless continued retention is necessary for:
We shall communicate erasure of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request this information.
You have the right to restrict the processing of your Personal Data under certain circumstances. You may restrict the processing of your Personal Data when:
We shall communicate restriction of processing of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request this information
You have provided to create a user profile, then this Personal Data would not be in scope of data portability (but could be in the scope of a data subject access request as explained above). Additionally, if we are not responsible for the privacy practices of others where you ask us to port your data to a third party.
You have the right to object to processing of your Personal Data under certain circumstances. These include:
Where you object on the above bases, we will cease to process your Personal Data unless we can demonstrate compelling legitimate interests for processing your Personal Data that override your interests or we need to process your Personal Data to establish, exercise, or defend legal claims.
If you consider that our processing of your Personal Data infringes data protection laws applicable to you, then you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are outside of Gibraltar, you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. Before raising a complaint, you may wish to contact us using the ‘Our details’ section of our Privacy Notice so we can investigate the matter.
Alternatively, if we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled (regardless of where you are based) to make a complaint to the Information Commissioner under the Data Protection Act 2004, which is presently the Gibraltar Regulatory Authority (“GRA”). You may contact the GRA on the below details:
Address: Gibraltar Regulatory Authority, 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: (+350) 200 74636
Fax: (+350) 200 72166
Website: www.gra.gi
In certain cases, you may also have the right under the EU GDPR to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA
Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Consent should be as easy to withdraw as it is to give, so we will normally provide toggle switches, tick boxes or forms that allow you to change your preference at any time online. However, if an online option is not available, or if you have submitted a paper form and no longer have a copy available, you can always enquire about and exercise your right to withdraw consent by contacting us using the information under ‘Our details’ in our Privacy Notice. Note that withholding or withdrawing consent may limit the scope of services we are able to provide, and we will inform you of the consequences of withholding or withdrawal at the relevant time
You have an absolute, unqualified right to freedom from direct marketing also referred to as “opting out”. You can exercise the right at any time by contacting us, using the details in our Privacy Notice. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to “opt-out” of any further marketing emails. If you opt-out of our marketing materials, you will be added to our suppression list to ensure we do not accidentally send you further marketing. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.
We may still need to contact you administrative or operational purposes, in order to deliver our services to you in compliance with relevant legislation (e.g. send you statements). However, we will make sure that those communications don’t include direct marketing.
You have a right to request that decisions made about you using your personal information are made by humans, and not by automated means, such as by computers. As noted in our Privacy Notice, we do not use automated decision-making methods (including profiling) and whilst certain risk assessment systems may be automated there will be human intervention following such processing, unless we specifically notify you that this is not the case. This means decisions are not made by robots or computers, and therefore not ‘automated’.
If any automated decision-making takes place in the future, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your Personal Data are made by natural persons, not only by computers
Certain third parties (e.g. credit referencing agencies) may use automated decision-making tools or software. Even in such cases, we will continue to ensure our decisions affecting you are made by human beings. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.
Note that this right does not apply when the decision:
Trusted Novus Bank Limited is a company registered and incorporated in Gibraltar with company No. 03936.
Trusted Novus Bank Limited is regulated by the Gibraltar Financial Services Commission under the Financial Services Act 2019 (Permission No. 3207).
Registered address: 76, Main Street, P.O. Box 143, Gibraltar, GX11 1AA.