Client Privacy Statement

Home / Client Privacy Statement

CLIENT DATA PROTECTION AND PRIVACY STATEMENT

CLIENT DATA PROTECTION AND PRIVACY STATEMENT

1. Who does this Data Protection and Privacy Statement apply to?
This Client Data Protection and Privacy Statement applies to anyone who is, or has applied to become, a client by accessing a loan or any facility offered by the EXIM Bank.

2. What types of personal data will be processed by the EXIM Bank?
The personal data processed by us may include:

  • Contact Information: Name, mailing address, email address, telephone, and mobile number(s).
  • Account Application Information: Credit and income details.
  • Personal Financial Statements: Details of all assets owned (including companies in which you own shares) and liabilities.
  • Identifiers: Tax-Payer Registration Number (TRN), driver’s license number, passport number.
  • Supporting Documents: Copies of bank statements, company documents, and financial statements.
  • Biometric Data: Photographs and signatures.

If you apply through our online application service, your personal data will be stored in a database managed by a third-party provider.

Your personal data is created, stored, and transmitted securely in paper and electronic formats. This includes databases shared across the Bank to assess your application and eligibility to conduct business with the EXIM Bank. Access to your personal data is limited to staff and third parties with legitimate interests in carrying out their duties.

3. Why do we need your personal data, what is our legal basis for processing it, and how will we use it?
We process your personal data fairly and lawfully based on legal obligations and/or your consent to provide products or services offered by the EXIM Bank.

Specific Purposes for Processing Personal Data:

  • To deliver products and services, such as processing and approving loan applications.
  • To comply with applicable legal and regulatory requirements (e.g., Proceeds of Crime Act and Anti-Terrorist Financing) and internal policies.
  • To detect and prevent fraud and other risks.
  • To correspond with you.
  • For benchmarking, analyses, quality assurance, audits, review, and planning.
  • To compile statistics and conduct research for internal and statutory reporting.
  • As otherwise required or permitted by law, including pursuant to government directions.

We will obtain your consent for specific uses of your personal data not covered by this statement. You may withdraw consent at any time.

4. Who will the Bank share my personal data with?
Your personal data may be shared with:

  • Your nominated financial institution for disbursements.
  • Third-party providers (e.g., law firms, debt collectors).
  • Government agencies as required by laws and regulations.
  • Our intermediary bank(s).
  • The Portfolio Ministry.

5. How will the Bank use my personal data after the application process?
We are committed to the integrity and safeguarding of your personal data.

Your personal data will become part of your client file and will be retained for periods required by law, regulations, or necessary business purposes. This retention is managed under the Bank’s Records Management Policy.

Under normal circumstances, your personal data may be used to consider other loan products in the future. If you wish to be removed from our database, email monitoringunit@eximbankja.com, copied to dpo@eximbankja.com, with the subject line: Remove from database.

6. What are my individual rights?
Under Jamaica’s Data Protection Act (DPA), you have the right to:

  • Access your personal data.
  • Consent to or decline direct marketing.
  • Know how your data is being processed and prevent processing.
  • Have your personal data rectified.
  • Prevent automated decision-making.

7. Who can I contact if I have questions about how my personal data is being used or wish to exercise my rights?
For questions about how your personal data is being used, or to exercise your rights, contact the Bank’s Data Protection Officer at dpo@eximbankja.com.