Terms & Conditions
PRIVACY POLICY
PURPOSE OF THIS POLICY (“NOTICE”) CalBank Plc and its subsidiaries routinely collect and use information relating to identifiable individuals ("personal data"), including data relating to:
1. Our clients and prospective clients where these are individuals ("natural person clients");
2. the beneficial owners, directors, representatives and signatories of our legal entity and other legal entities;
3. the settlors, trustees and beneficiaries of the funds (or similar legal arrangements) to which we provide services or to which we may seek to provide services;
4. advisors, managers, staff, intermediaries and other representatives of our clients and prospective clients ("representatives"); and
5. other persons affiliated or associated with our clients and prospective clients and their representatives, such as guarantors and family members.
6. Vendors, suppliers, contractors, agents and other third parties where these are individuals.
We provide this privacy policy in accordance with our obligations under the Ghana’s Data Protection Act 2012, Act 843 and as part of our commitment to processing personal data responsibly and transparently.
Contents
1.0 WHO CAL BANK PLC IS
2.0 CONTACT DETAILS ON YOUR PRIVACY-RELATED ISSUES
3.0 TYPES OF PERSONAL DATA WE COLLECT AND HOLD ABOUT YOU AND THE SOURCE OF THE INFORMATION
4.0 THE PURPOSE OF YOUR PERSONAL DATA AND WHAT WE USE IT FOR
5.0 THE LEGAL BASIS FOR COLLECTING, PROCESSING AND STORING YOUR PERSONAL DATA
6.0 CONSENT
7.0 WHERE YOUR PERSONAL DATA IS STORED AND PROCESSED
a. Data Processor
8.0 WHO WE SHARE YOUR PERSONAL DATA WITH, AND THE REASONS FOR SHARING
9.0 DIRECT MARKETING
10.0 HOW LONG WE WILL STORE YOUR PERSONAL DATA (RETENTION)
11.0 HOW WE PROTECT YOUR PERSONAL DATA
12.0 USE OF COOKIES ON OUR WEBSITE
13.0 YOUR RIGHTS TO YOUR PERSONAL DATA:
a. Your right to information and access to your personal data
b. Your right of rectification to your personal data
c. Your right of erasure of your personal data
d. Your right to give and withdraw consent
e. Your right to restrict processing of your personal data
f. Your right to object to the processing of your personal data
g. Your right not to be subject to automated decision making and profiling
h. Your right to complain
14.0 UPDATES TO THIS POLICY
1.0 WHO CAL BANK PLC IS
We are a financial group duly incorporated and regulated in Ghana. We are registered by the Registrar’s General Department and our registered office is 37 Independence Avenue, Ridge Accra. We are regulated by the Bank of Ghana, National Pensions Regulatory Authority and Securities and Exchange Commission (as a Listed Company and Custodian; and the subsidiary as a Pensions Manager and the Ghana Stock Exchange. and Prudential Regulation Authority. We are the data controller for information that you provide to us and of information that we hold about you from third parties. Phone Number: 0302-680062-3 Website address: www.calbank.net
2.0 CONTACT DETAILS ON YOUR PRIVACY-RELATED ISSUES
If you would like to contact us regarding the processing of your personal data, you may contact us through the following mediums;
• Via Phone ; 0302-680062-3
• Via Email ; customercare@calbank.net; www.dataprotection.org.gh
• Via our Website: www.calbank.net
3.0 TYPES OF PERSONAL DATA WE COLLECT AND HOLD ABOUT YOU AND THE SOURCE OF THE INFORMATION
We currently collect and process certain personal information relating to you (as an individual) directly from you or from third parties to include the following:
• Personal details such as name, date of birth, family details, sex, ID details, Tax Identification Number (TIN), Social Security Number (SSN), contact information online identifiers
• Financial details and Investor Profile including account details, financial standing and history, credit rating, the nature of our mandate and any discretion you permit us, investment preferences, restrictions and objectives (including your personal circumstances, where relevant), job title, tax-related information and codes, information relating to your level of experience in investment matters, and, if you apply for a product with us or service provided by us, details to enable us to assess your application.
• Records connected with offering our services such as written or electronic correspondence, use of our website, agreements, payments, investments and transactions that contain your name and personal data.
• Information for regulatory compliance and monitoring purposes such as nationality, country of residence and other documents required for anti-money laundering related checks and monitoring (including passport and national identity information); records of any required disclosures, details of the origin of your wealth, and other details of your affiliations and/or of our relationship with you as necessary to enable us to establish and meet applicable regulatory reporting requirements and identify any conflicts of interest. Where required or authorised by applicable laws, this may involve processing data relating to any political affiliations you may have, as well as criminal convictions or allegations of offences.
• Data relating to third parties such as dependants and family members. In some cases, we may obtain your personal data from third parties. Depending on the products and services we provide to you, this may include trade or transaction counterparts, credit reference agencies, public registers (such as beneficial ownership registers), financial crime screening databases, fraud prevention agencies, and persons or entities instructed by you to provide us with your personal data.
4.0 THE PURPOSE OF YOUR PERSONAL DATA AND WHAT WE USE IT FOR
CALBANK PLC and its subsidiaries always process your personal data for a specific purpose and process only the personal data relevant for achieving that purpose. Depending on our relationship with you and the products and services that we provide to you, we may process your personal data for the following compatible purposes:
a. Account opening;
b. Understanding clients needs and offering our products and services;
c. Providing products and services including identity verification, transactions processing, cards issuance and maintenance, keeping appropriate records;
d. Managing our client and related parties’ relationships including compiling internal reports, managing clients file, conducting risk reviews, allowing access to our website and banking platforms and where applicable managing agreements and working arrangements.
e. For communication purposes through various mediums such as in person, via phone, email, keep communication records and manage any complaints
f. Carrying out operational and administrative functions including payment administration, staff and access management, preparing business reports and accounts,
g. Improve our products, services and operations through the conduct of market research, analysis of clients’ preferences, transactions and market trends, assessing potential new products and services, as well as testing new systems and updating existing systems
h. Prudential management of our business and protection and enforcement of our rights. This includes This includes assessing, monitoring and managing financial, reputational and other risk, conducting audits of our business, liaising with our regulator, protecting data used by our business and establishing, enforcing and defending against legal claims.
i. Marketing including direct marketing of products and services that we think may be of interest to you or to our client or prospective client (as applicable), including on behalf of the bank’s subsidiaries, affiliates and other strategic partners.
j. Meeting our regulatory and compliance obligations and preventing financial crime including prudential and regulatory compliance checks, account and transactions monitoring and reporting, making disclosures to, and complying with requests from, public authorities, regulators, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud and other crime; We may also process data for other purposes we notify to you from time to time
5.0 THE LEGAL BASIS FOR COLLECTING, PROCESSING AND STORING YOUR PERSONAL DATA
Under Ghana’s Data Protection Act 2012, Act 843), the lawful basis we rely on for processing your personal information are; a. To comply with legal obligations b. To enter and perform our contractual obligations c. Necessary for the legitimate interest of CalBank and its subsidiaries d. Necessary for the proper performance of a statutory duty. e. In limited circumstances to the extent the legal basis does not apply, processed with your consent (which we obtain from time to time) Data Relating to Criminal Convictions and Offences We process personal data relating to criminal convictions and offences as required or authorised by applicable law. For example, we may process data relating to actual or alleged criminal convictions and offences as part of checks and ongoing monitoring for anti-money laundering purposes
6.0 CONSENT
In some circumstances, we may rely on your consent to process your information for certain services. On other occasions we believe that there may be some services that will inure to your benefit such as a client loyalty reward program, we may sign you up for a service automatically. You however reserve the right to withdraw your consent to such processing at any time. You can do this by contacting your relationship manager, customer care or the Data Protection team through email details stated above. Where you have withdrawn consent, but CALBANK PLC retains the personal data we will only continue to process that personal data where necessary for those purposes where we have a different legal basis to do so. However, this may mean that we cannot continue to provide you with all or some of our services, in which case we may terminate the relevant service(s). Please note that this notice does not apply to consents you provide for any other reason, such as in connection with bank secrecy purposes.
7.0 WHERE YOUR PERSONAL DATA IS STORED AND PROCESSED
We are based in Ghana, and we keep our fling and storage systems and databases here. We may be required to send or allow access to personal data from elsewhere in the world. This might be the case, for example, when a service provider providing support services to us is based overseas or uses overseas data centres. While some countries ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection when it comes to personal data. As a result, if we do send personal data overseas, we will make sure suitable safeguards are in place in accordance with Ghana Data protection requirements, to protect the data. For example, these safeguards might include putting in place a contract with the recipient as providing a suitable level of protection. If your data has been sent overseas like this, you can find out more about the safeguards used from us. Whenever fraud prevention agencies transfer your personal data outside of Ghana, they impose contractual obligations on the recipients of that data to protect your personal data. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
a. Data Processor CALBANK PLC from time to time, may outsource business and administrative services to third parties. The Bank may also offer services of third parties to its clients which would require the third party to process personal data of the Bank customers for the service. In such cases, CALBANK PLC remains ultimately responsible for the processing of such information and as such ensures that the Data Processor adheres to our data protection standards. The responsibilities and obligations of the third party as a data processor are also detailed in the contract agreement.
8.0 WHO WE SHARE YOUR PERSONAL DATA WITH, AND THE REASONS FOR SHARING
We do not sell any of your information to third parties, we will not give anyone your information so that they can market to you. Due to the size and complexity of CALBANK PLC’s operations, it is not possible to name all the data recipients in this policy. However, CALBANK PLC may share your information with the following;
a. Relevant governmental, regulatory, supervisory, law enforcement, prosecuting, tax or similar authority or industry body under applicable laws of any relevant jurisdiction;
b. Lawyers and auditors
c. Service Providers and Suppliers
d. clearing houses, and clearing or settlement systems; and specialised payment networks, companies or institutions such as SWIFT;
e. Credit Reference Agencies
f. Survey companies
g. any other person or entity CALBANK PLC reasonably thinks customary, necessary or advisable for the processing purposes described in this policy or to whom CALBANK PLC is obliged by applicable law or regulation to make the disclosure; In some instances, CALBANK PLC independently verifies your information through independent sources. As such, we may share or capture your information on public or private verification platforms in order to ascertain the genuineness of documents you have provided to us. This is required by law and for financial crime related purposes. If however, you have told us that you do not wish to receive marketing information or surveys from us by e-mail, then we will not send the agencies any information about you, and you will not receive these emails from them.
9.0 DIRECT MARKETING
As a financial services provider, we believe that there may be some information that may be of interest to you. As such we may send you marketing information of our new and upgraded existing products and services. You are entitled by law to object to use of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. You can opt-out through all customer communication mediums or by email to the data protection team; dataprotection@calbank.net.
10.0 HOW LONG WE WILL STORE YOUR PERSONAL DATA (RETENTION)
CALBANK PLC, and its subsidiaries retain your personal data for the period required for the purposes for which it was collected or to comply with legal, regulatory and CALBANK PLC policy requirements. CALBANK PLC, and its subsidiaries may also retain personal data in order to enable compliance with any requests made by regulators or other relevant authorities and agencies, to enable us to establish, exercise and defend legal rights and claims, and for other legitimate business reasons. As soon as your relationship with us is terminated and we have finalized our administrative work in relation to the relationship, then we will hold your information in secure storage until we are permitted by law, regulation or internal policy guidelines to permanently erase it. To comply with our current legal, regulatory and financial crime records retention obligations, we will hold your information for a period of six years after the end of your relationship with us; after which we securely delete all electronic copies of your information or shred any hard copies. This period may be extended if your information is needed in relation to any civil or criminal proceedings or if we are required to hold it for longer by our regulators, law enforcement agencies or the courts.
11.0 HOW WE PROTECT YOUR PERSONAL DATA
We have developed strong security measures to protect customer privacy. We restrict access to non-public personal information about you to any employer or employees who need to know that information to provide products or services to you. We maintain physical, electronic and procedural safeguards that comply with standards to guard your non-public personal information. If you decide to close your account(s) or your account(s) become inactive, we will continue to adhere, as required by law, to the Bank’s current data protection policies and practices.
12.0 USE OF COOKIES ON OUR WEBSITE
Cookies are small data files which are placed on your device when you visit certain parts of our Website or click on our online advertisements. Whenever you visit our site, we use cookies to collect information such as internet protocol (IP) address; browser data; data about your device; the date and time of your visit; operating system and version; web browser type and version; page(s) visited on the site; data about videos or other content viewed on the Site (e.g., type and name of content and time viewed); and the web page you visited immediately prior to visiting this Site. Cookies help us to give you the best browsing experience. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Sites. We generally do not collect sensitive personal information (e.g., information relating to an individual’s racial or ethnic origin, political opinions or other similar beliefs, health or medical conditions, criminal background, or trade union membership). If you voluntarily provide sensitive personal information for any reason or we are required to collect such information as a result of legal requirements imposed on us, we will, where necessary, obtain your explicit consent and use such information in accordance with this Privacy Policy and applicable law.
13.0 YOUR RIGHTS TO YOUR PERSONAL DATA: We recognise that your information is your information - it does not belong to us. You have several important rights which put you in control of your information. To help you understand your rights, we will explain them below; a. Your right to information and access to your personal data You have the right to know and be provided with the information and processing of your personal data with us. We will respond to the request or provide the information within twenty-one (21) days of receipt. If we are unable to provide the information within the stated period, we will notify you of the extension and the reasons for the delay. We may request you to provide us with information to verify your identity before providing you with the information requested.
b. Your right of rectification to your personal data You have the right to request or directly update, correct or amend any personal data we hold about you. We will provide mediums through which you can perform this such as self-service update platform or at any of our branches. We may ask you to provide supporting evidence to verify the information you are amending or correcting with us.
c. Your right of erasure of your personal data You have the right to require that your data be erased in certain circumstances. You have this right;
i. When it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data,
ii. if there is no legal basis for us to process your personal data
iii. if we unlawfully process your personal data or
iv. To comply with a legal obligation to which we are subject
v. Where we processed this data based on your consent, and you have since withdrawn this consent We will ensure that your personal data is permanently erased without undue delay if one of these circumstances do exist. d. Your right to give and withdraw consent To the extent that GS is relying upon your consent to process personal data, you have the right to withdraw such consent at any time. Please see section 6 above.
e. Your right to restrict processing of your personal data You have the right to restrict CALBANK PLC’s processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another person, or for reasons of important public interest.
f. Your right to object to the processing of your personal data As explained in this notice, we process your personal data because we have a legitimate interest in doing so. However, you have the right object to us processing your personal data, on grounds relating to your particular situation. If you object then we will stop processing your personal data unless we can show compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. For example, where we detect fraud it is unlikely that your objection may prevent us supplying that information to fraud prevention agencies and legal authorities. Another example is that it is unlikely that your objection may prevent us reporting to the regulator in relation to your account even if you object to us processing your personal data. The only exception to this relates to where you have previously given consent to us to market to you and you change your mind and object to us using your personal data to market to you. In this case We will without undue delay stop marketing to you and we will take your objection as a withdrawal of that consent and we will update your marketing preferences.
g. Your right not to be subject to automated decision making and profiling CALBANK PLC will not make any decisions or profile you based on automated processing except you have given us consent to do so. h. Your right to complain You have a right to complain if you are not satisfied with the way that we have processed your personal data or the way that we have dealt with you when exercising any of your rights. You may do so through any of our customer care mediums or send an email to dataprotection@calbank.net. You may also refer your concerns to the Data Protection Commission via their website; www.dataprotection.org.gh
14.0 UPDATES TO THIS POLICY
The information in this notice may change from time to time – for example, the categories of personal data that CALBANK PLC and its subsidiaries collects, the purposes for which it is used and the ways in which it is shared may change. This notice may be updated from time to time.