National Commercial Bank Jamaica Limited (NCBJ) is a company within NCB Financial Group Limited (NCB Financial Group) with registered office in Jamaica.
NCBJ and its subsidiaries provide an expansive range of products and services aimed at meeting all the commercial banking, wealth and asset management needs of customers primarily in Jamaica, the Cayman Islands, Barbados and Trinidad and Tobago. A number of the functions in the Group are centralised and performed by NCBJ on behalf of its affiliates.
We refer to NCBJ together with its affiliates, as "we," "us," or "our" in this Privacy Notice.
This privacy notice will explain how our organisation uses the personal data we collect from you when you use our website and our services. This privacy notice is in compliance with the Data Protection Act of Jamaica and its regulations.
For the purposes of this privacy notice, "personal data" means information that, either separately or together with other identifying information, can identify you. This may include information provided by the individual or collected by us from the use of our products and services, third parties or public sources and includes information in any format, including digital formats.
Purpose and scope of this privacy notice
At NCBJ we understand that your personal data is important to you. This privacy notice explains in a simple and clear manner which personal data we collect, store and use and otherwise process and how we do this. Our approach can be summarized as follows: the right people are using the right personal data for the right purpose.
This privacy notice applies to:
· all former, existing and potential customers of NCBJ who are natural persons ("you"). This also includes sole proprietorships, general partnerships, partnerships, limited partnerships and legal representatives or contact persons acting on behalf of our corporate clients;
· persons who are not customers of NCBJ. This may concern persons who transfer money to an NCBJ account or to whom money is transferred from an NCBJ account; persons who visit an NCBJ website, branch; professional advisors; shareholders, persons who act as guarantors; the beneficial owner, director or representatives of a company that uses our services; debtors or tenants of our customers; persons involved in other transactions with us or our customers.
The types of personal data we process
Personal data is all data with which a natural person can be identified, or which can be linked to a natural person. In our dealings with you, we may process the following personal data from you:
· Identification data: your name, date and place of birth, ID number, email address, telephone number, title, nationality, tax number/social security number and a sample of your signature. We
may receive same from government issued identification, such as passport, national identification card, voter’s card, or driver’s license as well as other documents confirming your identity. We may also ask for documents such as utility bills to verify your name and address.
· Transaction data: such as your bank account number and deposits, debits and credits to your accounts, and where and when they took place.
· Financial data: such as invoices, credit notes, pay slips, payment behavior, the value of your house or other assets, your credit history and borrowing capacity, the financial products you purchase from NCBJ, your payment arrears and information about your income.
· Sociodemographic data: for example, whether you are married and have children.
· Data about devices, operating system, online behavior, and preferences: such as the IP address of your mobile device or your computer, the type, version and brand of device used for visiting our websites or apps, which operating system and version of the browser you use, your cookie settings, your mobile advertising ID and the pages you visit on the NCBJ website or apps.
· Information about your interests and needs that you share with us, for example when you contact our call center or complete an online survey, promotions or contest with NCBJ.
· Know-your-customer data as part of customer due diligence and to prevent the commission of fraudulent acts and acts that violate international sanctions and to comply with applicable rules against money laundering, terrorist financing and tax fraud.
· Audiovisual data: where applicable and to the extent permitted by law, we make CCTV recordings in NCBJ branches, and we record telephone, video and chat conversations with our branches. For example, we may use these recordings to verify telephone orders or for fraud prevention or training purposes.
· Your interactions with NCBJ on social media such as Facebook, X (formerly Twitter), Instagram, LinkedIn, Google+ and YouTube. We follow public messages, posts, likes and reactions on and about NCBJ on the internet.
Special personal data
Special personal data includes information about your health, ethnic background, religious and political beliefs, genetic and biometric data and data about criminal offenses (information about fraud contains such data and we record it). We may process your special personal data if:
· you have given us explicit permission to do so;
· the laws and regulations stipulate that we may or must do so. For example, we may be required to keep a copy of your passport or identity card when you become a customer;
· for example, you instruct us to transfer money to a political party or religious institution;
· you want to use facial, fingerprint or speech recognition as authentication for opening mobile apps and performing certain actions in them, provided that the laws and regulations allow the collection of special personal data in this context.
Children's data
We only collect information about children if they use an NCBJ product or if you provide us with information about your children in connection with a product you purchase or service you have received. We will ask for parental consent if required by law.
When and how we collect information about you
Your information is made up of all the financial and personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. It includes:
· information you give to us;
· information that we receive from third parties (including other companies in the NCB Financial Group, third parties who provide services to you or us, a credit bureau, fraud prevention or government agencies), and other banks (where permitted by law);
· information that we learn about you through our relationship with you and the way you operate your accounts and/or services, such as the payments made to and from your accounts;
· information that we gather from the technology which you use to access our services (for example location data from your mobile phone, or an IP address or telephone number) and how you use it (for example pattern recognition);
· information that we gather through cookies or similar tracking tools (e.g. pixels) when you use our websites, internet banking, mobile banking app or web chat services. Advertising or targeting cookies or similar technologies may also be used to track your responses to particular advertisements, messages or forms which help us to ensure we present you with the most relevant content in the future. When running email campaigns, we may also track delivery and log when emails are opened and when the links within them are clicked (we do not track an individual’s activity after clicking a link). These tracking logs are created by recording URLs as they are automatically downloaded to the email, for example, when images in the email are activated; and
· Information that we gather from publicly available sources, such as the press, the electoral register, tax administration databases, company registers and online search engines and information that you make public on social media (e.g. Facebook, Instagram).
How we use and disclose your Data
Whether we’re using it to confirm your identity, to help in the processing of an application for a product or service, disclosing it to any person or organisation or to improve your experiences with us, your information is always handled with care and the principles outlined in this Privacy Notice are always applied.
· To enter into a relationship. In the event that you would like to open an account, or access various products and services which we offer, we need your personal data. We are required, by law, to perform certain due diligence on potential and existing customers and request documentation; for example, we may need to obtain a true copy of your government issued Identification and be advised of your source of funds as part of the onboarding process. We may use third parties’ information in this process, such as accessing your information from government databases. Your data may also be used to assess suitability or your eligibility for certain products and/or services.
· For executing your transactions and maintaining our relationship. When you request that we execute a transaction for or on your behalf, we need your name and other required information
which we may have to share with the beneficiary and any intermediaries or organization including any member of NCBJ. We can, as part of monitoring our client contact processes or as part of evidencing record telephone conversations.
· To verify information (including your identity and/or information needed for business processing). We may collect, use and disclose your personal data to verify and report credit information to credit bureaus and credit reporting agencies as well as to confirm your identity with various entities. We may also verify relevant information you give us with your employer, your references or other reliable independent sources. We may also collect information from entities, that have similar disclosure agreements with you, to share information relevant to business you are engaging with us for, once those parties have also been duly authorized by the Bank to provide those services. You authorize any person whom we contact in these instances to provide such information to us. If you apply for or enrol in a product and/or service and during the time you have the product and /or service, we may share data with relevant authoritative databases, third parties or private investigative bodies maintained in relation to the type of product and/or service you have applied for, enrolled in, or have, to complete enrollment and/or maintenance of this relationship. You also authorize us to release information about you to these databases and investigative bodies.
· To protect your and our interests. We process personal data in order to safeguard your interests when dealing with us as well as the interests of the respective industries in which we operate. For example, in avoiding or investigating potential and actual fraud cases, we may maintain or use certain incident registers and use public sources and share personal details with third parties engaging in the prevention of crime. We will only do so if we have agreed upfront that these parties will be bound to rules to safeguard the use of your personal data or if they otherwise have a right (example by law or regulation) to do so or if we have a legal obligation to disclose your personal data to them.
· To share within NCB Financial Group. In providing you with accurate and up-to-date service, we may share your personal data within the NCB Financial Group to augment and update information currently held by each entity, streamline services, process your data on our behalf, and verify accuracy of your data.
· For marketing or promotion purposes. We may use your personal data for these purposes, to be better equipped to serve you, such as identifying whether you are eligible for a particular product or service, conducting market research, including customer surveys, analytics, and related activities, running competitions and promotions and other direct marketing activities. This may include sending you relevant marketing information. In some cases, we may need your express consent to send marketing material to you.
· To meet legal obligations. Based on law, rules, regulations and directives, we need to ensure that we have current information about you on our records. The laws on prevention of money laundering oblige us to assess, for example, certain unusual transaction patterns, when certain thresholds are met or to identify an ultimate beneficiary owner of legal entities. Based on legal obligations we must provide certain data to governmental bodies, regulators and other third parties.
· As part of our business management. As financial institutions, we need, for instance, to assess certain business risks and to use risk mitigation measures; for instance, we can insure (part of)
our credit risks with an external insurance company. Personal data might be shared as part of such an agreement.
· To meet archiving requirements. We can use your personal data for legal cases, historical or statistical purposes while your personal data remains in our possession during this timeframe.
· Where you have given us permission (which you may withdraw at any time). This occurs in situations where you have consented for us to send electronic messages to you about products and services within the NCB Financial Group. When we ask for your consent, we will do so in the form required by law.
Who we share your data with and why
In order to provide you with the best possible services and to remain competitive in our industry, we share certain data internally (i.e. internal units in NCBJ) and externally (i.e. with third parties which may be either companies in the NCB Financial Group or outside the NCB Financial Group).
We always ensure that third parties only have access to personal data that is necessary for their specific work.
When we share your personal data externally with third parties in countries outside the areas where we operate, we always take the necessary measures to protect this data. We rely on, among other things:
· the requirements based on applicable laws and regulations;
· where applicable, we use standard clauses in agreements with service providers to ensure that transfers of personal data to parties outside the areas where we operate comply with the required data protection law;
· where transfers are made within the NCB Financial Group, those transfers are governed by binding corporate rules, policies and/or agreements.
You understand and agree that your personal data may be transferred to and collected, used, disclosed and stored in countries outside of the jurisdiction you reside.
NCBJ Divisions and Companies
Data is exchanged between NCBJ divisions for various reasons. We may also store data collected from different companies in the NCB Financial Group in central storage systems or process it at a central point within NCBJ for efficiency reasons. In all internal data transfers, we are bound by the laws and regulations and by our company rules as laid down in our data protection policy.
Companies within the NCB Financial Group
Where Data is shared with other companies within NCB Financial Group to be able to provide you with products, services and offers that may be of interest to you, your consent would first be requested before such data is shared with other companies in NCB Financial Group. You would additionally have the ability to withdraw such consent at any time.
Government and supervisory and judicial authorities
In order to comply with our legal obligations, we may provide data to competent government and supervisory and judicial authorities including:
· government agencies, regulators and supervisors such as central banks and other financial regulators;
· judicial/law enforcement agencies such as the police, prosecutors and courts where we are legally obliged to provide the information.
Financial Institutions
Processing certain payment and cash withdrawal transactions may require us to share information about customers or their representatives with other banks and specialised financial companies. We also share information with financial sector specialists who help us with financial services such as:
· exchange of secure messages on financial transactions;
· payments and credits worldwide;
· global electronic transaction processing;
· settlement of domestic or cross-border securities transactions and payment transactions;
· services from other financial service providers including banks, pension funds, stock brokers, custodians, fund managers and portfolio service providers.
Service Providers and other third parties
When we use other service providers or third parties in the context of certain common business activities, we may need to share your personal data to perform specific tasks. This concerns matters such as:
· designing, developing and maintaining internet tools and web applications;
· providing application or infrastructure services (such as cloud services);
· marketing activities and events and customer communication management;
· preparing reports and statistics, printing publications and designing products;
· placing advertisements in apps and on websites and social media;
· legal, auditing and other special services provided by lawyers, trustees, auditors and other professional advisers;
· discovering, investigating and preventing fraud and other crimes with the help of specialized companies;
· the provision of specialised services such as the archiving or conversion into electronic form of physical documents and the provision of services by contractors and third-party service providers;
· executing securitisation schemes.
International transfers of personal data
Transfer of your personal data may take place in the case of international transfers originating from the country where we operate to another country. Under the Jamaican Data Protection Act, 2020, personal data may be transferred to a territory outside Jamaica where that territory ensues an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of data.
For transfers to countries where the level of protection has not been recognised as having adequate protections, we will either rely on a derogation applicable to the specific situation (for example if the transfer is necessary to perform our contract with you, such as complying with your request to perform an overseas wire transfer or when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:
· using in our contract, clauses approved by our data protection regulator;
· transferring the data under binding corporate rules, policies and/or agreements (which applies, for example, where the data is being transferred to an overseas company in the NCB Financial Group).
How we protect your data
We take appropriate technical and organisational measures to ensure the confidentiality and integrity of your personal data and the way it is processed.
We apply an internal policy framework and minimum standards throughout NCBJ to protect your personal data. The policies and standards are regularly adapted to new regulations and developments in the market.
In addition, NCBJ employees are obliged to maintain confidentiality and may not process your personal data unlawfully or unnecessarily. Always contact NCBJ if you suspect that your personal data has fallen into the wrong hands. In this way you help us to continue to protect your personal data.
How long we keep your personal data
Laws and regulations oblige us to keep personal data for a certain period of time. The retention period can vary from a few months to several years, depending on the applicable law.
When your personal data is no longer required for a procedure or activity for which it was originally collected, we delete the data or aggregate it at a certain level of abstraction (aggregation), anonymise it or delete it according to laws and regulations.
Your obligation to provide data
In some cases, we are required by law to collect personal data or need to have your personal data before we provide certain services or provide certain products.
We undertake to only ask for personal data that is strictly necessary for the purpose in question. Failure to provide the necessary personal data may lead to a delay in the availability of certain products and services.
What are your rights and how can you exercise them?
In accordance with applicable regulations and where applicable, you have the following rights:
· To access: you can obtain information relating to the processing of your personal data, and, at a cost, a copy of such personal data.
· To rectify: where you consider that any part of your personal data is inaccurate or incomplete, you can request that such personal data be modified accordingly.
· To erase: you can require the deletion of your personal data, to the extent permitted by law.
· To restrict: you may, in certain circumstances, request the restriction of the processing of your personal data.
· To object: you can object to the processing of your personal data, on grounds relating to your particular situation to the extent permitted by law. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
· To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time subject to legal, regulatory or contractual requirements.
· To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights listed above, please send a letter or e-mail to the respective Data Protection Officer identified in the relevant section below. In some instances, you may be required to make the request in a particular form or pay a fee. Please include a scan/copy of your proof of identity for identification purpose when required.
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the Information Commissioner, which is the data protection regulator appointed under the Data Protection Act, 2020.
Direct Marketing
You are in control of whether we may use your information for marketing. If you are an existing customer, we will only contact you if you have agreed for us to do so. Then, we might use your information to tell you about similar products and services that could interest you.
· If you are a client, we may share information within the NCB Financial Group to inform you of other products and services that may be of interest to you or members of your family, but we will only do this where you have provided your consent. You can always change your mind by contacting us using the details identified below telling us you no longer wish to be contacted.
· If you have expressed marketing preferences regarding marketing by us, we may share your contact details and those marketing preferences to ensure that the companies in the NCB Financial Group have the most up-to-date information, especially if you have objected to being contacted.
· If you wish to unsubscribe from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise, you can always contact us using the details identified below to update your contact preferences. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary, once such technological capabilities are in place.
· Please note that we may retain any data provided to us on our websites for a limited period, even if you do not complete your quote. The information may be used to enquire as to why you did not complete your quote or for us to better understand your needs but only if you have agreed for us to contact you.
Cookies and similar technologies
We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website or pixels within emails) to collect information about you. This technology is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services. For further information about cookies and other technologies we use on our website and how to manage cookies, please see our Cookie Policy.
Contact Details of the Data Protection Officer
If you wish to contact the e Data Protection Officer, you may do so at [email protected].
