Privacy Statement

Privacy Statement

Introduction

This is a privacy statement of SAI Bank. The term ‘SAI Bank’ or ‘us’ or ‘we’ refers to South American International Bank Curaçao N.V., a limited liability company (naamloze vennootschap) incorporated under the laws of Curaçao with its registered office at Plasa Smeets 6, Willemstad, Curaçao and registered with the Trade Register of the Chamber of Commerce in Curacao under number 36047 (0). The term ‘you’ refers to the user or viewer of our website or electronic application, any client or potential client and any authorised person on the account and anyone who does your banking with us for you (such as persons under power of attorney) and other related persons such as authorised signatories and partners (as further detailed below).

We know privacy is important to you, which is why SAI Bank commits itself to make every effort to protect it. In doing so SAI Bank commits itself to be in compliance with the Curaçao National Ordinance Protection Personal data (A.B. 2010 no. 84) and the European Union General Data Protection Regulation (jointly: the “Regulations”).

As our client or potential client we will collect personal data from you as required by law and/or contract and therefore this Privacy Statement will be applicable to you. That is also the case if you are a representative, an ultimate beneficiary owner of such client or a third party requested to provide information (e.g. spouse, guarantor). Also in the event you are using our website, apps or any (electronic) platform we from time to time might offer we will collect personal data from you and also in that case this Privacy Statement is applicable.

Also without a contractual relationship we may collect personal data. This is for example the case with contact persons of our clients and business relations, shareholders, ultimate beneficial owners, guarantors and from third parties in connection with effectuating transfers from our clients to such third parties.

Contact person and questions regarding privacy

SAI Bank is considered the data controller under the Regulations and is responsible for the collection of personal data. SAI Bank has appointed a data protection officer who is responsible for the implementation of and compliance with the Regulations.  If you have questions regarding this privacy statement or any other privacy related matters or have objections, please email our data protection officer at info@sai-bank.com.

The information we collect

We collect information from you in order for you to be identified. These may include your name, home/business address and email address, age, birthdate, bank account, IP-address, personal identification number and other registration numbers such as tax ID(s). SAI Bank may from time to time offer services that use your biometrical information, such as face recognition and fingerprint, as identification tools. In such case we will also collect such biometrical information from you. Though electronic applications we may also collect information regarding your location, for instance by using GPS technology.

SAI Bank will also keep one or more certified copies of you identification card, passport or drivers license in its files, as required by law. We will collect information regarding your financial standings, such as you annual income, assets, liabilities and credit history. Information regarding your account activity will also be collected, such as your transaction history and payment patterns.

We may record and keep track of conversations you have with us including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of communication.

We also keep video footages of activities on our premises, which means that we may store recordings of you when visiting our offices. This is being done for your and our safety. We may also record telephone conversations and store chats between you and our employees and representatives. We do this to ensure we meet the highest level of integrity, to improve our services and serve as evidence.[1]

The use of personal data

 The banking services we provide are not possible without collecting you personal data. The information we collect is used for the following purposes:

  • Banking contract. We use your personal data in order to provide you with banking services pursuant to the agreement between the client and SAI Bank. This information is needed for the setup of the account and for administration purposes. It is also necessary that we keep your personal data in order to collect a debt and to enforce security rights.
  • Integrity of the bank and the banking sector. We as a banking institution have the obligation to insure the integrity, not only of our bank, but also of the banking sector as a whole. We therefore use your personal data in order to detect and prevent criminal activity. This will include monitoring, mitigation and risk management, carrying out customer due diligence, name screening, transaction screening and customer risk identification. We may also use your information in manual or automated systems designed for illicit activity detections and risk management alerts. Pursuant to the National Ordinance Reporting Unusual Transactions we are obliged to report unusual transactions to the authorities. We are also obliged to report any criminal activity to the Public Prosecutors.
  • Required by law. The National Ordinance Information Before Rendering Services requires us as a banking institution to have your personal data on file. The Central Bank of Curaçao and Sint Maarten pursuant to supervisory laws and other institutions pursuant to other laws may request that we provide certain information to facilitate any investigation they are having. We will always access the legality of such request prior to providing any information.
  • Internal research and development. We use your personal data to conduct research to amongst others access trends, analyse our processes, improve our existing products, implement new products and train our employees. This is also the case when performing internal or external audits.
  • Legal defence. We may use your personal data to protect our legal interest, for instance when collecting debts, enforcing or protecting our security rights or when defending any and all rights, including but not limited to court actions, when managing complaints or disputes or when restructuring debts.
  • We strive to provide you with personalized offers and news. In order to do that we use information that you have provided us and/or questions you might have asked us regarding certain services. We also may use personal data we received from third parties.

 

The legal bases for processing your personal data

 Personal data may only be collected if there is a legal justification pursuant to the Regulations. The legal bases for collecting your data are the following:

  • Performance of a contract. We need your personal data in order to enter into a banking contract with you and also for the performance of that agreement by us.
  • Required by law. Pursuant to amongst others supervisory laws applicable on banks, we are obliged to keep you personal data on file. This is not only applicable on our client, but also (if applicable) on its representative (such as directors or other company officers) and its ultimate beneficiary owners. These law requirements serve various purposes, such as anti money laundering and terrorism financing, sound banking and compliance with the duty of care applicable to banks generally.
  • Legitimate interest. We may also collect data if it serves a legitimate interest for us or for others, unless your interests outweigh such interest. In order to comply with principles of sound banking and also to maintain the highest standard of integrity, we consider it very important that all our data be kept and monitored constantly in order to protect our, your property and that of others, protect our financial standings, your interests and that of others and to prevent any fraud in order for us nor you, nor any other party to incur damages.
  • Consent. In the most cases we do not need your consent in order to collect and process your personal data. That is because such collection is based on one of the legal bases mentioned above. In other cases where we need to obtain your consent, your personal data will not be collected prior to receiving your consent. For special categories of personal data, such as biometric information, we will always need your consent. This we will also do in case an electronic application asks to use your location. We also use cookies on similar technologies on our website and electronic applications. You can reed more on our cookies statement.

 Required documents

As stated herein there are certain personal data that we are required to obtain from you in order to perform the contract. We could also be required by law and/or when having a legitimate interest. In the event you do not provide us with one or more of such mandatory personal data we will not be able to enter into a banking contract with you. Also in the event during the performance of the contract you fail to provide us with additional personal data upon request or fail to renew documents, we reserve the right to terminate the banking contract with you.

Sharing your personal data

Providing banking services is not possible without engaging external service providers, which in circumstances will need access to your personal data in order to perform their services. When processing your transactions we may use correspondent and agent banks. Your personal data will be shared with those correspondent and agent banks in order to effectuate such transactions.

We choose our service providers carefully and will only share your personal data in case strictly necessary for the performance of their services. We will only do so after making clear arrangements regarding confidentiality and how to handle the information. The responsibility for your personal data will remain with us.

Your personal data will also be shared with:

  • Any joint account holders, trustees, beneficiaries or executors;
  • Persons giving guarantees or other security relating to your debts to us;
  • Persons you make payments to and receive payments from;
  • Your beneficiaries and intermediaries;
  • Other financial institutions, lenders and holders of security over any property you charge to us.

The Central Bank of Curaçao and Sint Maarten, the Public Prosecutor and other governmental authorities may request us to provide information and the law states in which circumstances we are obliged to comply with such request. We will always assess the legality of such request, prior to any disclosure.

How we store and process your personal data

As our operations are outside the European Union (EU), your personal data will be stored in locations outside the EU, including countries that may not have the same level of protection for personal data as the EU. This is based on our contract with you, law requirements and our legitimate interest. When we do this, we will ensure it has an appropriate level of protection. In some countries the law might require us to share certain information with authorities. Even in these cases, we will only share your personal data if we are legally required to do so.

The way we secure your personal data

We use a range of measures to protect data against accidental loss and to prevent authorized access and use. These measures may include encryption and other forms of security. We train our staff and require any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.[2]

We keep your personal data for this long

We will keep your personal data as long as necessary for the performance of the contract and to reach to purposes as stated herein. We are also required by law and rules and regulation from the Central Bank of Curaçao and Sint Maarten to keep certain information for certain period of time. We will keep the personal data even after the end of our legal relationship in order to comply with such statutory requirements.

We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, such as to help us respond to questions or objections, dealing with fraud and financial crime and responding to requests from public authorities.

When we no longer need to retain your personal data, we may destroy, delete or anonymise your information. We will do this in a secure way insuring that no data are accessed or disclosed.

Your rights in relation to personal data

SAI Bank respects your right to access and control your personal data. In light thereof, but also to comply with the Regulations, we provide you with the following rights:

  • Access information. You have the right to access your personal data we are holding from you. You also have the right the right to obtain information on the way we process it.
  • Data portability. In certain circumstances you have the right to obtain information we hold of you and to transfer such information to third parties. That is for instance the case where we hold your information based on consent or contract and such data is being processed electronically.
  • Right to rectify. If upon your review you are of the opinion that certain information are not recorded correctly or are incomplete, you have the right to request for them to be corrected.
  • Right to be forgotten. You have the right to request us to erase you personal data. In certain circumstances mentioned in the Regulations we are obliged to comply with such request.
  • Withdrawal of consent. Any consent you might have given to us regarding collecting and processing your personal data can be revoked by you at any time.
  • Right to object. In case your consent is not required based on our legitimate interest, you have the right to object, including when such is used for profiling. You also have a right to object when your data is being used for direct marketing purposes, including profiling relating to such direct marketing.

If possible we will comply with your requests based on the aforementioned rights. However, we will retain your personal data if we are entitled or required to do so.

In case you wish to exercise your rights based on the above, please contact our data protection officer at info@sai-bank.com.

Use of automated decision-making and profiling

We may use automated systems to help us make decisions. This could for instance be the case when you apply for products and services. Automated systems are used to perform fraud, financial crime and money laundering checks. This is also done to run risk analysis relating to the client or the account activity.

As a banking institution we have a duty of care to prevent and fight fraud, financial crime, money laundering and terrorism. In light thereof we use profiling as a tool to help us detect such activities. Due to the sensitivity of these matters we will not be able to discuss the specific methods we use in detail.

You may have a right to certain information about how we make the automated decisions mentioned above. You may also have a right to request human intervention and to challenge the decision.

Amending this Privacy Statement

This Privacy Statement may be changed from time to time by SAI Bank. Always the latest version will be applicable. The latest version can be found at sai-bank.com.

Applicable law and jurisdiction

The laws of Curaçao govern this Privacy Statement. SAI Bank and you irrevocably submit to the jurisdiction of the competent Courts in Curaçao in connection with any disputes arising under this Privacy Statement.

[1] NTD: SAI Bank to identify any other (personal) information that is or will be collected from clients.

[2] NTD: SAI Bank to identify any current (IT) measurements (if any) it has in place to secure data that should be mentioned herein.