FAQs About Privacy and Data Protection

Rules are changing around the world, in particular with updated data protection requirements in The Cayman Islands. Proven Bank wants to ensure that we comply fully with global expectations, as well as the requirements of the legislation and regulations in the jurisdictions in which we operate and the countries where our customers are based.

Proven Bank has opted to adhere to the higher standards arising for the various legislative changes occurring in the locations in which we operate; likely to be equivalent to GDPR in most instances.

Q. WHAT IS GDPR?

A. General Data Protection Regulation (“GDPR”) which came into effect in the European Union on 25 May, 2018.

Q. WHAT IS PERSONAL INFORMATION?

A. Personal Information is defined broadly and includes and comprises data in relation to any living individual who can be identified from that data, and can include:

  • names;
  • addresses;
  • social security numbers or local equivalent;
  • telephone numbers and e-mail addresses; and
  • financial information.

Q. WHAT IS THE AIM OF HAVING DATA PROTECTION LAWS?

A. The aim of this legislation is to ensure there are good information handling practices in place. For example, identity theft, stolen credit cards and violated privacy policies may result in fraud, theft and deception. Abuse of health data, financial data or children’s data can have an adverse impact on insurance, credit, jobs or parental control.

Q. WHAT IS PROVEN BANK DOING TO ADHERE TO THESE REQUIREMENTS?

A. We have done the following:

  • appointed a Data Protection Officer (“DPO”) which serves as the Local Information Officers (“LIO”) in each jurisdiction and for each subsidiary;
  • published an internal policy to assist our staff;
  • created a privacy notice which is included our website;
  • continue to ensure third parties we deal with and to whom we pass information uphold our data protection standards; and
  • adjusted, where necessary, our terms and conditions for clients to properly reflect new requirements.

Q. WHAT’S THE ROLE OF THE DATA PROTECTION OFFICER (“DPO”)?

A. The DPO will provide the knowledge, expertise, day-to-day commitment and independence to properly advise the Bank of its duties and conduct compliance activities in relation to local legislation and applicable data protection requirements. They will be supported in their work by Local Information Officers (if separate), as well as being supported by our Risk and Compliance personnel. The DPO will be responsible for ensuring timely notification to the Audit and Risk Management Committee (ARMCO) and to the Board of Directors of material breaches and ensuring prompt liaison with our regulators.

The DPO also serves as the Local Information Officer within the jurisdiction of operation. The DPO will be required to handle local reporting to regulators of breaches as well as ensuring material breaches are escalated promptly for timely notification to the Senior Management and the Ombudsman.

Q. WHAT’S THE ROLE OF A LOCAL INFORMATION OFFICER (“LIO”)?

A. Where the LIO is separate from the DPO, they will have responsibility for a specific jurisdiction or subsidiary with accountability to ensure that senior management, the local board(s) and the DPO are made aware of any issues arising. They will be required to handle local reporting to regulators of breaches (in conjunction with local management and Compliance as required,) as well as ensuring material breaches are escalated promptly to the DPO for timely notification to Senior Management, the Board and the parent regulator (i.e. the Cayman Islands Monetary Authority).

Q. WHAT IS A BREACH?

A. There are a variety of breaches that can occur, from sending one client’s information (or certain information) to a wrong address, to not ensuring client data is protected from an IT or cyber security perspective, to not seeking client consent to process their data appropriately, etc. Whilst the DPO will be primarily responsible for breach reporting, all of our employees are directed to be vigilant and draw potential breaches to the attention of the DPO as soon as possible. Where appropriate, impacted clients will also be promptly notified.

Q. CAN I ASK WHAT INFORMATION PROVEN BANK HOLDS ON FILE/IN ITS SYSTEMS ABOUT ME?

A. Yes. You may make a Data Subject Request (“DSR”) for a copy of data held we hold about you. All such requests must go through the DPO/LIO in the first instance. There is certain data held by PROVEN Bank in compliance with our regulatory obligations for Anti-Money Laundering and Counter-Terrorist Financing (together “Financial Crime”) which does not need to be disclosed to clients, nor may it be destroyed.

Q. CAN I ASK FOR MY PERSONAL DATA TO BE REMOVED?

A. Yes. Clients are permitted to ask for data to be erased, subject to any local laws that require certain data to be retained. Any request for data to be erased must be provided to the DPO/LIO in the first instance who will liaise as required. Should data be erased, the DPO/LIO will ensure a formal notification of confirmation is provided to you.

Q. WILL YOU SHARE MY DATA WITH ANYONE ELSE?

A. We have put in place appropriate inter-Group data transfer agreements to allow for certain data to be shared among PROVEN Bank entities. This will be for the purposes of ensuring customers receive the correct product or service from Proven Bank.

Q. WHO CAN I CONTACT IF I HAVE A QUESTION ABOUT MY DATA?

A. Please see our Privacy Statement for contact information.

 

Go back to homepage

 

This Website uses cookies to improve the user experience. By using our site, you’re agreeing to our use of cookies.
For more information please click here. close