Privacy Policy

Pacific Private Bank Limited (company registration number 5467, address 278 Kumul Highway, Govant Building, Port Vila, Vanuatu, email: [email protected]) (hereinafter referred to as the “Bank”) places a high priority on (i) preserving banking secrecy under applicable laws and (ii) maintaining utmost confidentiality and security of its customers’ and potential customers’ (as well as their authorized agents and representatives) data and personal information (collectively referred to as “Customers” or “Clients”).

Data processing principles

While processing Customers’ data and personal information the Bank ensures it is:

• processed lawfully, fairly, and in a transparent manner in relation to the Customer;
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date;
• kept in a form which permits Customer’s identification for no longer than is necessary for the purposes for which the personal data are processed;
• processed in a manner that ensures appropriate security of the Customer’s personal data.

Data processing lawfulness

Customer’s personal data will be lawfully processed by the Bank if:

• Customer has given a consent; and/or
• processing is necessary for the performance of a contract to which the Customer is a party or in order to take steps at Customer’s request prior to entering into a contract; and/or
• processing is necessary for compliance with a legal obligation to which Banks is a subject; and/or
• processing is necessary for the purposes of the legitimate interests pursued by the Bank or the third party;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Bank.

What is personal information and what information the Bank collects

Personal information is information or an opinion about the Client/user/visitor (hereinafter all referred to as the “Client” or the “Customer”), or information or an opinion that may reasonably identify the Client, whether or not the opinion is true or not and whether or not the information is stored in material form or not.

Depending on the need and proportionally to the engagement in Bank’s services by the Customer, the Bank may collect the following personal information about him/her:

• name;
• address;
• gender;
• nationality;
• residency status;
• landline and mobile telephone numbers;
• e-mail address;
• personal website details;
• Tax File Number;
• the name and contact details of individuals listed as referees within applications provided to the Bank;
• name and contact details of Client’s professional advisers or representatives such as Client’s solicitor, accountant, conveyancer, financial planner, etc.;
• financial information;
• transaction information where the Client has a product with the Bank or use a service provided by the Bank;
• any details contained within identity documents provided to the Bank (such as the maiden name of Client’s mother in his birth certificate, government identifiers such as a passport number, driver’s license number, medicare card number, etc.);
• investment objectives and risk tolerance of the Customer;
• creditworthiness, credit history, credit eligibility, repayment history information and default information;
• information regarding reputation, conviction or any other compliance related information which may be of personal nature;
• other information which may be necessary for the Bank to provide the Customer with the services or other data processing purposes.

Mobile banking application acquires Customer’s unique device identification in order to establish the link between particular Customer and his unique mobile device. Internet banking and mobile banking applications request to input data allowing to identify the person as Bank’s Customer, such as usernames, passwords, PIN Codes and passlock patterns.

The Bank is entitled to perform video surveillance and video recording of the premises owned and/or possessed by the Bank in the interests of the Bank and its Customers.

Purposes of Acquiring Data and Information

The main reason and purpose of processing of personal data is their use in the needs of rendering the Bank’s services and ensuring of the Bank’s activities and performance of the Bank’s functions.

When the Client contacts the Bank or visits Bank’s website, in order to be able to place his/her request or question to the Bank, the Client may be asked to enter his/her name, surname, email address or other personal details, which allow the Bank to help the Client with the experience and maintain correspondence with him/her.

The Bank’s Mobile Application collects and stores “Unique device identification“ of its users in order to provide Quick login functionality.

Detailed purposes for which the Bank collects, holds, uses and/or discloses (and performs other actions related to data processing) personal information:

• to assess an application for a product or service and provide the Client with such product or service;
• to enter into any transactions with the Client or on his/her behalf;
• for any purpose related to the provision of a product or services to the Client and carrying out associated payments, administration and account services;
• to allow for the sound and secure processing of transactions via Bank’s internet banking and mobile banking application;
• to ensure that Customers receive the highest level of service in the provision of products and services;
• to promote, facilitate and manage the provision of any the Bank’s products or services to the Client;
• for planning, product development and research purposes and to seek the Client’s feedback on products and services;
• to identify and develop products or services that may interest the Client and market them to the Client (unless the Client ask the Bank not to do so);
• to analyze transaction details and transactions history to build customer profiling;
• to detect fraud, money laundering or terrorist financing activities as required under applicable Anti-Money Laundering (AML) legal acts, regulations and respective Bank’s internal Procedures implementing the applicable AML regulations; or to detect breaches of applicable sanctions of the Security Council of the United Nations, European Commission, US or other international or country’s sanctions that the Bank is obliged to by legal acts or voluntarily chooses to respect under its internal policies; or to detect or report other breaches of certain overseas sanctions, laws and in order to comply with other regulatory requirements of Vanuatu or applicable overseas regulators;
• to take any action the Bank consider appropriate to meet the Bank’s compliance obligations with respect to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, or violations, or attempts to circumvent or violate any laws, regulations or governmental directives relating to these matters. Such action may include, but is not limited to: (a) screening, intercepting and investigating any instruction, communication, drawdown request, application for a product or service, or any payment sent to or by the Client or on his/her behalf, (b) investigating the source of or intended recipient of funds, (c) combining the Client’s personal information with other related information in the Bank’s possession or the possession of the group companies, (d) making further enquiries as to the status of a person or entity, whether they are subject to a sanctions regime, under criminal investigation or prosecution, or confirming the Customer’s identity and status;
• to facilitate any transactions entered into between the Client and another person, or provide any transactions entered into or performed by a person at the Client’s request and for or on his/her behalf;
• to verify Client’s identity and confirm at periodic intervals whether such details are up-to-date whilst the Client has a product with the Bank or is receiving a service from the Bank. In doing this, the Bank may hire third parties and use third-party IT solutions and aggregated databases in order to compare the Client’s details with the names, residential addresses and dates of birth contained in those databases for the purposes of executing the Bank’s obligations under applicable legal acts and to be able to make proper risk assessment. If the Customer does not provide personal information as requested, the Bank may not be able to provide him/her/it with the products or services sought;
• to assess operational, solvency, default risk, analysis of the outstanding liabilities monitoring according to the legal acts applied to the Bank’s activities.

Data and Information Acquisition and Storage Method

The Bank may acquire Customers’ data and personal information via e-mail, Skype, a mobile or stationary line telephone, regular post, personal delivery, during the interview with the Client, internet banking, mobile banking application or other personal or electronic channels. The Bank may acquire Customer’s information from the Customer himself, his representative, publicly available sources, paid third parties services including aggregated information databases and IT software used for compliance reasons. The Bank shall enforce adequate security measures at all times to protect the confidentiality of all acquired data and information.

The Bank may hold Client’s personal information in the following ways:

• within its computerized systems such as computer hard drives, e-mail programs and electronic servers;
• within owned/rented out quality data centers/servers outside Vanuatu;
• physically, stored on both Bank’s premises and in the external premises of the Bank’s service providers;
• within USB sticks (only on an exceptional basis).

Personal data retention period

Personal data shall be processed by the Bank for as long as it is necessary to achieve the purposes of the processing or required by the Client and/or provided for by applicable law.

Although the Customer may terminate the provision of the Bank’ s services at any time, the Bank may still remain obliged to store the Customer’s data for some time for compliance with legal obligations, for establishment, exercise or defence of legal claims, etc.

Provision of personal information

Customers personal data may be provided by the Bank to the below indicated categories of personal data recipients:

• banks, credit, financial, payment and (or) electronic money institutions, agencies, bureaus;
• payment service providers and related service providers, as well as intermediary services providers;
• related business partners, agents;
• authorities (i.e., supervising institutions, law enforcement institutions, courts, bailiffs);
• auditors, legal and financial consultants;
• IT providers;
• fraud detection services providers;
• other service providers which services may include, or which are engaged in personal data processing executed by the Bank.

Personal data may also be provided to other recipients if:

• the Customer’s consent is obtained;
• data and personal information are entrusted with a third party for the purpose of outsourcing operations. In this situation, the Bank shall ensure that the third party undertakes strict controls to ensure the confidentiality of the data and personal information;
• the Bank is compelled to disclose the data and personal information under applicable laws and regulations or pursuant to a judicial or regulatory order;
• the data requesting party has a legitimate interest to request for such information;
• other grounds indicated in applicable laws are applied;

The Bank never sells or otherwise trades Client’s personal information.

Data and Information Security

The security of Customer information is of utmost importance to the Bank and the Bank take all reasonable precautions to protect information from misuse, loss, unauthorized access, modification or disclosure.

The Bank takes the various security ensuring technologies and procedures, such as latest security systems, passwords, computer access limitations and computer virus countermeasures, to prevent the loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage, falsification, and leakage of Customers’ data and personal information.

The Bank shall ensure that any agent or service provider of the Bank which receives or has access to data and personal information of the Bank’s Customers shall also maintain strict controls over such personal information to ensure confidentiality.

However, no transmission of information via e-mail or other telecommunication channels or Customer’s access to the website, mobile application or the services through the internet could be fully secured. Therefore, the Customer should take due care when accessing the website, mobile application or using the services via internet or sharing confidential information via e-mail or other telecommunication channels.

Specific Security Measures for Bank’s Internet Banking and Mobile Application

The Bank has implemented the following security measures:

• Encryption: Critical data and personal information stored on the Bank mobile application platform and internet banking are encrypted. Channel between mobile application/internet banking page and servers are also encrypted;
• Remote Wipe: The Bank can de-attach Customer’s mobile device from Customer‘s account (disable quick login in the exact mobile device) if the PIN code is misused or the mobile phone is lost. The Bank and the Customer can remotely wipe the mobile application and keychain data if the PIN code is misused or the mobile phone is lost. Wiping Customers’ data and personal information includes wiping the keys used to encrypt said data and information;
• Time Out: The Bank mobile application/internet banking automatically locks after a period of inactivity. The PIN code must be re-entered to unlock the application;
• Update: Customers are compelled to use the latest version of the Bank mobile application and always make sure to use the authentic internet banking page: https://ib.pacificprivatebank.com/ ;
• Authentication Processes: The Bank has implemented a series of authentication processes for full access of its mobile application and internet banking (i.e. authentication by insertion of username, password, PIN code generated by PIN generator, drawing Customer’s unique passlock pattern for quick login etc.);

NB! Customers should never access internet banking from computer terminals which are shared with other users (e.g. Internet cafés), as these computers may have various malware collecting Client’s personal/account information, as well as Client’s personal information, may be retrievable from the hard drive of such computers.

Cookies Policy

Cookies are text files containing small amounts of information which are downloaded to Client’s computer or device when he/she visits Bank’s website or internet-enabled service. Cookies are then sent back to the originating web domain on Client’s subsequent visits to that domain.

Cookies are useful because they allow a website or internet-enabled service to recognize a Client’s device. Cookies allow the Customer to navigate between pages efficiently, remember preferences and generally improve the Customer’s experience and for the Bank to make the banking services more secure.

Session cookies are deleted automatically when the Client closes the browser and persistent cookies remain on the device after the browser is closed (for example to remember Client’s preferences when he/she returns to the site or service).

The Bank also uses cookies as help to compile aggregate data about site traffic and site interaction so that the Bank can offer better site experiences and tools in the future, deliver service functionality and to enhance the security of the banking services.

The Bank uses these types of cookies:

• strictly necessary cookies which are specific cookies to ensure the navigation, performance, security and functionality of the internet banking and mobile banking service;
• functionality cookies which may be used to enable website to remember information that alters the way the website looks or functions, allowing the Customer to customize his/her experience on the website. Functionality cookies may be used, for example, to remember choices the Client makes (such as username, language or the region Client is in), or to recognize the platform from which the Client accesses the website, and to provide enhanced and more personal features. These cookies are not used to track Customer’s browsing outside of the Bank’s service usage;
• statistical cookies which help to understand how the Customer uses the website and, herewith, provide guidance how to make it better. These cookies do not use any personal data and provide only with the aggregated data;
• marketing cookies which are used on the website in order to deliver advertised content that is relevant to the Customer and measure the success of Bank‘s marketing campaigns. These cookies are placed on the website by our third-party service providers and may remember Customer‘s web browsing activity and actions across websites. Also, marketing cookies can be used to track the effectiveness of Bank‘s ad campaigns on third party websites. For example, the Bank may use Google Analytics cookies or other third-party identifiers together to compile data regarding Customer’s interactions with ad impressions and other ad service functions as they may relate to the Bank’s website.

Where the Client access the services through a tablet or mobile device the cookies are stored in the mobile application the Client downloads to his/her mobile device.

Customer’s rights and obligations regarding the processing of personal data

The Customer and (or) any related person upon written application to the Bank is entitled

• to review his/her processed personal data available to the Bank, and the individual may amend or correct same according to legal acts of Vanuatu on protection of personal data of individuals.
• to disagree with personal data handling, but in this case the data subject must provide the Bank with legal arguments of such disagreement in writing, if the latter decides that handling his personal data by the Bank is illegal;
• to disagree with personal data handling for direct marketing purposes and has the right to refrain from disclosing arguments for such disagreement.

Also this Policy does not deprive Customer of any other legal rights he/her may enforce under the applicable law.

The Customer may exercise his / her rights only after the Company has successfully identified him / her.

The Customer must ensure that he/she will familiarize the related persons indicated by him/her whose personal data he/she has provided to the Bank with the present terms for the protection of personal data and information prior to opening the Account or entering into any Agreement, and thereby confirms that the persons related to the Customer has read and agree with such terms.

Customer confirms that has provided and will provide only correct data about himself/herself in every required form and that afterwards, when changing or adding any data.

Customer is responsible for maintaining adequate security and control of every identification number, password, and / or any other code that he/she uses to access and use Bank’s services. If Customer has not complied with this obligation and / or could, but has not prevented it and / or performed it on purpose or due to own negligence, Customer assumes the losses and undertakes to reimburse the losses of other persons incurred as a result of Customer’s (in)action.

The Bank draws your attention to the fact that your user ID, email address or any other contact information you have chosen to link to your account are used for your identification and communication. You undertake responsibility to protect these instruments and logins to them. You are responsible for password disclosure and for all operations performed after you use the password for a relevant account or any other service of the Bank.

Applicability

This Privacy Policy applies to Customers‘ use of the website https://pacificprivatebank.com/, mobile application and any of the Bank services, available through them. The Privacy Policy explains how Bank processes Customers’ personal data through any relationship they may have with the Bank, whether it would be use of the Bank services or any other possible mean. In case the Customer provides information about other natural persons to the Bank, the Customer undertakes to make this Privacy Policy known to them before the disclosure of such information to the Bank.

In case the Client is the citizen of the European Union or reside there, this Privacy Policy will be applicable to his/her personal data processing whilst ensuring the same level of protection as foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including but not limited to ensuring the implementation of data subject‘s rights, data controller‘s obligations, security of personal data, safe data transfers, etc.

General Conditions of Use

This Privacy Policy is part of the General Terms and Conditions of the Bank and is subject to any rules, manuals or procedures governing the use of the Bank’s mobile application (hereafter “Usage Manuals”) as disclosed to the Customer personally or publicly on Bank’s website www.pacificprivatebank.com. In case of discrepancy between the provisions of this Privacy Policy and the provisions of the General Terms and Conditions or Usage Manuals, the latter shall prevail.

Modifications

The Bank may amend this Privacy Policy in accordance with any amendments to (i) the applicable laws, rules, regulations of Vanuatu, or (ii) the Bank’s internal rules, instructions and guidelines relating to the protection of confidential information and/or personal data.