Privacy Policy

Last updated: March 1, 2023

For purposes of this Privacy Policy, the term “Bank” means Paxum Bank Limited, having its registered address at Centre Cross Lane, Roseau, Dominica.

At Paxum Bank, we take the privacy of our Clients very seriously. This privacy policy outlines how we collect, use, and protect your personal information. By using our services and accepting this policy, you consent to us collecting and using your information as described below.


Glossary

In this privacy policy, the following terms shall have the following meanings:

  • "Client," "Client," or "User" means a natural or legal person or another type of entity that registers for the Service or uses the Service as a Client, i.e. you.

  • "Data Protection Act" means the Data Protection Act of Dominica.

  • "Personal data" is any information about an identified or identifiable natural person.

  • "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • "Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

  • "Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

  • "GDPR" means the General Data Protection Regulation of the European Union.

  • "CCPA" means the California Consumer Privacy Act of the United States.

  • "Website" means www.paxumbank.com or www.paxum.com.

  • "Sensitive personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or a natural person's sex life or sexual orientation.

  • "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by an explicit affirmative action, signify agreement to the processing of personal data relating to them.

  • "Data subject" means the individual to whom the personal data relates.

  • "Third-party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  • "Data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

  • "Privacy Notice" means a statement or document describing how an organization collects, uses, and shares personal data.

  • "Privacy Shield" means the framework for transatlantic exchanges of personal data between the European Union and the United States."

  • Right to be forgotten" means the right of a data subject to have their personal data erased by the data controller.

  • "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict factors concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  • "Data portability" means the right of a data subject to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They have the right to transmit those data to another controller without hindrance.


1. Introduction

This privacy policy sets out how Paxum Bank collects, uses, and protects personal data per the requirements of The Data Protection Act (Dominica), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Personal Data We Collect

  • 2.1. Categories of Personal Data

    The Bank may collect the following categories of personal data:

    • Identifiers such as name, address, email address, telephone number, date of birth, and government-issued identification numbers;
    • Financial information such as bank account numbers, credit card numbers, and transaction data;
    • Employment information such as job title, employer name, and salary information;
    • Internet and network activity such as browsing history, IP address, and device information; and
    • Other information that identifies or relates to an individual.
    • Sensitive personal data that is required to detect and prevent financial crime and other unlawful activity.

    If you visit the Bank's website ("Site") or the website of its Paxum.com brand for informational purposes only, the Bank will not require you to provide any personal information. You will remain anonymous unless you register for our services or otherwise disclose your identity. However, the Bank may collect and store specific visitor data including, but not limited to, browser type, Internet Protocol ("IP") address, and geo-location information.

    Other data may be collected in such cases as:

    • If an individual registers for an account with the Bank, the Bank will request information which includes the individual's name, email address, physical address, country of residence, contact phone numbers, date of birth, tax identification number, employment information, and the Bank may request bank account details and credit and/or debit card details;
    • If an entity registers for an account with the Bank, the Bank will request information from certain owners, directors and authorized individuals for the entity, which includes those individuals' names, email addresses, physical addresses, contact phone numbers, dates of birth, and government-issued identification numbers;
    • Before a Client utilizes any of the Bank's services and throughout our relationship with a Client, the Bank may require a Client to provide additional information to verify an individual's identity, address or other data to manage risk and compliance. We may also obtain information from third parties providing services such as identity verification, fraud prevention and similar services;
    • If you choose to participate in a Client survey, the Bank may ask for your name, email address and other information required by the particular survey; and
    • If you report a problem or submit a Client review, the Bank will ask you to provide your name, email address, and account number.

  • 2.2. Sources of Personal Data

    The Bank may collect personal data directly from individuals, third-party service providers, and publicly available sources, from the documentation you submit to us or information you submit to us through our website or other means of electronic communication.

3. How We Use Personal Data

  • 3.1. The Bank may use personal data for the following purposes:

    • Evaluating a Client for the Bank services a Client requests;
    • Registering a Client as a client and opening an account;
    • Contacting a Client to verify or reconfirm the accuracy of the information provided;
    • Facilitating payments and transactions as directed by a Client;
    • Confirming the existence and availability of funds;
    • Administering a Client's account;
    • Assisting in the provision of other services or products requested by a Client;
    • Resolving disputes and troubleshooting problems;
    • Preventing potentially fraudulent, prohibited or illegal activities and enforcing our contracts with a Client;
    • Complying with legal processes such as subpoenas and court orders and performing other duties as required by law;
    • Researching the demographics and behaviours of the Bank's Clients; and
    • Reporting to law enforcement authorities if the Bank believes a crime has been committed.

  • 3.2. Profiling and Automated Decision Making

    We may use some instances of your data to customize our Services and the information we provide to you and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymized data where ever possible. This activity has no legal effect on you.

    We may use Automated Decision Making (ADM) to improve your experience or to help detect and fight financial crime. For example, we may use ADM to verify your identity documents or to confirm the accuracy of the information you provided us to provide you with efficient service. None of our ADM processes have a legal effect on you.

The Bank will only process personal data if it has a lawful basis. The legal bases for processing personal data may include the following:

  • The individual gives consent for one or more specific purposes;
  • Performance of a contract with the individual;
  • Compliance with the Proceeds of Crime Act (2014) and associated regulations;
  • Compliance with other legal obligations; or
  • Legitimate interests pursued by the Bank or a third party.

5. Data Protection Principles

  • 5.1. Lawfulness, Fairness, and Transparency

    The Bank will process personal data lawfully, fairly, and transparently.

  • 5.2. Purpose Limitation

    The Bank will only collect personal data for specified, explicit, and legitimate purposes and will not process personal data in a manner that is incompatible with those purposes.

  • 5.3. Data Minimization

    The Bank will only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

  • 5.4. Accuracy

    The Bank will take reasonable steps to ensure that personal data is accurate and up to date.

  • 5.5. Storage Limitation

    The Bank will only retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. The Bank must keep all account data for seven (7) years following the closure of an account or account application.

  • 5.6. Integrity and Confidentiality

    The Bank will process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

  • 5.7. Individual Rights

    Individuals have the following rights regarding their personal data:

    • The right to access their personal data held by the Bank;
    • The right to request correction or deletion of inaccurate data;
    • The right to object to the processing of their personal data;
    • The right to restrict processing of their personal data;
    • The right to data portability; and
    • The right to withdraw consent at any time.

  • 5.8. Your Rights

GDPR

  • 5.8.1. Under the GDPR, you have the following rights with respect to your personal data:

  • 5.8.1.1. The right to be informed: You have the right to know how your personal data is being processed and why.

  • 5.8.1.2. The right of access: You have the right to access your personal data held by us. You can exercise this right by making a request in writing to us.

  • 5.8.1.3. The right to rectification: You have the right to rectify inaccurate or incomplete personal data we hold on you. You can exercise this right by making a request in writing to us.

  • 5.8.1.4. The right to erasure (right to be forgotten): You have the right to have your personal data erased under certain circumstances. You can exercise this right by making a request in writing to us.

  • 5.8.1.5. The right to restrict processing: You have the right to request the restriction or suppression of your personal data. You can exercise this right by making a request in writing to us.

  • 5.8.1.6. The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • 5.8.1.7. The right to object: You have the right to object to the processing of your personal data in certain circumstances.

  • 5.8.1.8. The right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of our processing based on your consent before its withdrawal. You grant us consent to process your personal data by agreeing to this policy.

CCPA

  • 5.8.2. Under the CCPA, you have the following rights with respect to your personal data:

  • 5.8.2.1. The right to know: You have the right to know what personal information we collect, use, disclose, and sell about you.

  • 5.8.2.2. The right to delete: You have the right to request the deletion of your personal information.

  • 5.8.2.3. The right to opt-out: You have the right to opt out of the sale of your personal information. Note that Paxum Bank does not sell your personal information.

  • 5.8.2.4. The right to non-discrimination: You have the right not to be discriminated against for exercising your privacy rights under the CCPA.

DPA

  • 5.8.3. Under the DPA, you have the following rights with respect to your personal data:

  • 5.8.3.1. The right to be informed: You have the right to know how your personal data is being processed and why.

  • 5.8.3.2. The right of access: You have the right to access your personal data held by us. You can exercise this right by making a request in writing to us.

  • 5.8.3.3. The right to rectification: You have the right to rectify inaccurate or incomplete personal data we hold on you. You can exercise this right by making a request in writing to us.

  • 5.8.3.4. The right to erasure (right to be forgotten): You have the right to have your personal data erased under certain circumstances. You can exercise this right by making a request in writing to us.

  • 5.8.3.5. The right to restrict processing: You have the right to request the restriction or suppression of your personal data. You can exercise this right by making a request in writing to us.

  • 5.8.3.6. The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

  • 5.8.3.7. The right to object: You have the right to object to the processing of your personal data in certain circumstances.

  • 5.9. Limitations

    Paxum Bank reserves the right to restrict certain information being sent to you, which is not about you should the Bank consider certain information a trade secret or if it infringes on another person's privacy rights. For example, if you request a list of all Paxum Bank employees who have access to your personal data, we will not be able to accommodate your request due to the privacy rights of those employees.

    Paxum Bank reserves the right to restrict certain information about you being sent to you if the Bank determines that sending such information to you does not fall under the purview of your data rights or if it is unlawful for the Bank to send information about you to you.

6. International Data Transfers

  • 6.1. Transfer Mechanisms

    The Bank may transfer personal data to countries outside Dominica, the EU/EEA, and the United States, where data protection laws may offer a different level of protection than those in the regions mentioned above. In such cases, the Bank will ensure that adequate safeguards are in place to protect personal data, such as:

    • Standard Contractual Clauses (SCCs): the Bank will use SCCs as approved by the European Commission or other relevant supervisory authorities.
    • Binding Corporate Rules (BCRs): where applicable, the Bank may use BCRs to ensure that personal data transferred within the Bank's group of companies are adequately protected.
    • Other Transfer Mechanisms: the Bank may use other transfer mechanisms recognized by applicable data protection laws, such as the EU-U.S. Privacy Shield framework.

  • 6.2. Data Subject Requests

    Data subjects have the right to access their personal data, as well as to request the correction, erasure, or restriction of processing of their personal data. Data subjects also have the right to object to the processing of their personal data, as well as the right to data portability.

    To exercise these rights, data subjects should contact the Bank's Data Protection Officer (DPO) using the contact details provided in section 10.

7. Data Security

  • 7.1. Technical and Organizational Measures

  • 7.1.1. The Bank is committed to ensuring the security and confidentiality of personal data. The Bank will implement appropriate technical and organizational measures to protect personal data from unauthorized access, accidental loss, destruction, or damage.

    Such measures may include:

    • Access controls and authentication mechanisms to restrict access to personal data to authorized personnel only.
    • Encryption of personal data in transit and at rest.
    • Regular backups and disaster recovery plans.
    • Monitoring and logging of access to personal data.
    • Employee training on data protection and information security.

  • 7.2. Third-Party Service Providers

    The Bank may engage third-party service providers to process personal data on its behalf, such as IT service providers, cloud service providers, or payment processors. The Bank will ensure that such third-party service providers offer sufficient guarantees to implement appropriate technical and organizational measures to ensure the security of personal data.

    The Bank will enter into written agreements with such third-party service providers that include provisions requiring them to implement appropriate technical and organizational measures to ensure the security of personal data and to process personal data only in accordance with the Bank's instructions.

  • 7.3. How the Bank Protects your Personal Information

    The Bank has implemented technical and managerial procedures to maintain accurate, current and complete information as well as to protect personal information from loss, misuse or alteration when it is under the Bank's control.

    Personally identifiable information will be stored on the Bank's secure servers or third-party servers in secure data centers. The Bank has ensured that or has confirmed that third parties maintaining the servers have appropriate safeguards such as firewalls and data encryption and that proper physical access controls to the files are enforced. The Bank authorizes access to personal information only for those employees who require it to fulfill their job responsibilities.

    Personal information is also password protected so that access is limited to Clients and those with whom a Client shares their password, the Bank, and third-party access facilitated by the Bank in relation to the performance of the services offered.

    The Bank has also taken steps to protect the integrity of its Clients' personal financial information when they initiate a transaction on the Bank's Site.

    Despite the Bank's reasonable efforts to protect personal information, the Bank cannot guarantee that personal information will not be accessed, disclosed, altered or destroyed.

8. Data Retention

  • 8.1. Because we're a regulated financial institution, Paxum Bank is obliged to store some of your personal and transactional data for up to 7 years following the closure of your account. Only a small number of our employees can see that data, and they'll only look at it if they need to. We always delete information that we no longer need. And everything we need to keep is subject to the highest levels of security.

    Please note: Retention periods could be subject to change, depending on where you live, changes to regulatory requirements, or other legal obligations with which we need to comply.

  • 8.2. Paxum Bank is required to retain all data associated with accounts determined to have been opened for seven years following account closure.

    For the purposes of data retention, Paxum Bank considers an account to be "open" once an application for a Paxum Bank or Paxum.com account has been submitted. An account is not required to be verified and active in order for it to be considered open. Submitting an account application and agreeing to Paxum Bank's Terms and Conditions, including this Privacy Policy, renders the account "open" and subject to data retention.

  • 8.3. In the event of identity theft, the Bank remains obligated to retain personal data submitted to the Bank, regardless of the circumstances of the identity theft.

  • 8.4. Basis of Retention: Even if you exercise your right to request data erasure vis-à-vis your personal data held by Paxum Bank, we may not be able to accommodate your request to other legal obligations of the Bank, including data retention for the purposes of complying with the Proceeds of Crime Act (2014) and its associated regulations and amendments.

    For example, if you wish to exercise your rights under GDPR to request the erasure of your data, you should keep in mind that Paxum Bank is entitled to retain all records related to natural and legal persons who apply for or who obtain a Paxum Bank account under:

    Recital 19 of the GDPR

    Article 6.1c of the GDPR

    Article 6.1e of the GDPR

    Article 17.3 of the GDPR

    We are entitled to retain your personal data, including sensitive personal data, because we are obliged to keep your data on file for a period of 7 years following the closure of your account to meet our legal obligations under the Proceeds of Crime Act (2014) and associated legislation and regulations.

    Paxum Bank also reserves the right to refuse a data erasure request following the data retention period in rare circumstances where it has a legal obligation to retain that data.

9. Contact Information

  • 9.1. Data Protection Officer

    The Bank has appointed a Data Protection Officer (DPO) who is responsible for overseeing the Bank's compliance with data protection laws and for addressing any inquiries or complaints regarding the Bank's processing of personal data.

    The DPO can be contacted at:

    privacy@paxumbank.com, where the request is for Paxum Bank Services.

    privacy@paxum.com, where the request is for Paxum.com Services.

  • 9.2. Other Contact Information

    Data subjects can also contact the Bank's Client service department or any of the Bank's branches or offices to obtain more information or to raise any concerns regarding the processing of their personal data.

    Data subjects can contact their local Data Protection Commission or local equivalent with questions about their personal data and lodge complaints or submit information requests. Below is a non-exhaustive list of Data Protection Commissions and their contact information:


Argentina

Agencia de Acceso a la Información Pública

Av. Pte. Gral. Julio A. Roca 710, piso 5

C1067ABP Ciudad Autónoma de Buenos Aires

info@aaip.gob.ar


Australia

Office of the Australian Information Commissioner Office of the Australian Information Commissioner

PO Box 5288

Sydney NSW 200

Toll-free: 61 2 9942 4099

Tel: 1300 363 992 (Enquiries Line)

foi@oaic.gov.au


Austria

Österreichische Datenschutzbehörde Austrian Data Protection Authority

Dr Andrea Jelinek- The head of the data protection authority Barichgasse 40-42 1030 Wien

Tel. +43 1 52 152-0 dsb@dsb.gv.at


Belgium

The competence for complaints is split among different data protection supervisory authorities in Belgium.

Autorité de la protection des données – Gegevensbeschermingsautoriteit (APD-GBA)

President of APD-GBA Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel

Tel. +32 2 274 48 00 Fax +32 2 274 48 35 commission@privacycommission.be


Bulgaria

Commission for Personal Data Protection Komisiyata za zashtita na lichnite danni depozira v delovodstvoto

Chairman of the Commission for Personal Data Protection 2, Prof. Tsvetan Lazarov blvd. Sofia 1592

Tel. +359 2 915 3580 Fax +359 2 915 3525 kzld@cpdp.bg


Brazil

Autoridade Nacional de Proteção de Dados

Setor Comercial Norte - SCN, Quadra 6, Conjunto "A", Edifício Venâncio 3000, Bloco "A", 9º andar, CEP 70.716-900

Brasília – DF

Tel: (61) 3411-4733

relacoes.institucionais@anpd.gov.br

international@anpd.gov.br


Canada

Office Of the Privacy Commissioner of Canada Office of the Privacy Commissioner of Canada

30 Victoria Street

Gatineau, Québec

K1A 1H3Toll-free: 1-800-282-1376

Phone: 819-994-5444

Fax: 819-994-5424


Chile

Senado de Chile

Avenida Pedro Montt s/n, Valparaíso.

Tel: (56-32) 250 4000

Morandé 441, Santiago

Tel: (56-2) 2519 6700


Costa Rica

Sistema Costarricense de Información Jurídica - Procuraduría General de la República

Avenida 2 y 6, calle 13, Apdo.: 78-1003 La Corte

San José

Tel: (506) 2243-8400

Agencia de Protección de Datos de los Habitantes - Prodhab

San Pedro de Montes de Oca, Alameda, avenida 7 y calle 49, edificio Da Vinci

San José

Tel: (506) 2234 0189

Fax: (506) 2234 2510


Croatia

Croatian Personal Data Protection Agency Agencija za zaštitu osobnih podataka

Director Selska cesta 136 10000 Zagreb

Tel. +385 1 4609 000

Fax +385 1 4609 099

azop@azop.hr or info@azop.hr


Cyprus

Office of the Commissioner for Personal Data Protection

Commissioner for Personal Data Protection 1 Iasonos Street, 1082 Nicosia P.O. Box 23378, CY-1682 Nicosia

Tel. +357 22 818 456 Fax +357 22 304 565 commissioner@dataprotection.gov.cy


Czech Republic

Urad pro ochranu osobnich udaju The Office for Personal Data Protection

President Pplk. Sochora 27 170 00 Prague 7

Tel. +420 234 665 111 Fax +420 234 665 444 posta@uoou.cz


Colombia

Superintendent of Industry and Commerce

Av. Carrera 7 No. 31a - 36 pisos 3

Bogotá

Tel: 57 (601) 587 0000 - 01 8000 910165

Contact center: +57 (601) 592 0400

contactenos@sic.gov.co


Denmark

Datatilsynet

Director Carl Jacobsens Vej 35 2500 Valby

Tel. +45 33 1932 00

dt@datatilsynet.dk


Estonia

Andmekaitse Inspektsioon Estonian Data Protection Inspectorate

Director General Tatari 39 10134 Tallinn

Tel. +372 6828 712 info@aki.ee


Finland

Office of the Data Protection Ombudsman

Ombudsman P.O. Box 800 FI-00531 Helsinki

Tel. +358 10 3666 700 Fax +358 10 3666 735 tietosuoja@om.fi


France

Commission Nationale de l'Informatique et des Libertés – CNIL

President of CNIL 3 Place de Fontenoy TSA 80715 – 75334 Paris, Cedex 07

Tel. +33 1 53 73 22 22 Fax +33 1 53 73 22 00


Germany

The office of Federal Commissioner for Data Protection and Freedom of Information

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

The Federal Commissioner for Data Protection and Freedom of Information Graurheindorfer Straße 153 53117 Bonn

Tel. +49 228 997799 0; +49 228 81995 0 Fax +49 228 997799 550; +49 228 81995 550 zast@bfdi.bund.de

German Regional Data Protection Officers:


Baden-Wuerttemberg

The State Commissioner for Data Protection and Freedom of Information Koenigstrasse 10 a 70173 Stuttgart P.O. Box 10 29 32 70025 Stuttgart

Telephone: 07 11/61 55 41-0 Fax: 07 11/61 55 41-15


Bavaria

The Bavarian State Commissioner for Data Protection

P.O. Box 22 12 19 80502 Munich, or Wagmüllerstr. 18 80538 Munich

Telephone: 089/21 26 72-0

Fax: 089/21 26 72-50 poststelle@datenschutz-bayern.de


Berlin

Berlin Commissioner for Data Protection and Freedom of Information Berliner Beauftragte fur Datenschutz und Informationsfreiheit Friedrichstrasse 219 10969 Berlin Visitor entrance: Puttkamer Straße 16 – 18 (5th floor)

Tel: 030/138 89-0 Fax: 030/215 50 50 mailbox@datenschutz-berlin.de


Brandenburg

The state commissioner for data protection and for the right to inspect files in Brandenburg Landesbeauftragte fur Datenschutz und Akteneinsicht Stahnsdorfer Damm 77 14532 Kleinmachnow

Telephone: 03 32 03 / 356-0 Fax: 03 32 03 / 356-49 poststelle@lda.brandenburg.de


Bremen

The State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen Arndtstrasse 1 27570 Bremerhaven

Tel: 04 21 / 361-2010 Fax: 04 21 / 496-18495 office@datenschutz.bremen.de


Hamburg

The Hamburg Commissioner for Data Protection and Freedom of Information Der Hamburgische Beauftragte fur Datenschutz und Informationfreiheit Ludwig-Erhard-Str. 22 7th floor 20459 Hamburg

Tel: 040/428 54-40 40 Fax: 040/428 54-40 00 mailbox@datenschutz.hamburg.de


Hesse

The Hessian Commissioner for Data Protection and Freedom of Information Der Hessische Beauftragate fur Datenschutz und Informationsfreiheit P.O. Box 31 63 65021 Wiesbaden Gustav-Stresemann-Ring 1 65189 Wiesbaden, Germany

Tel: 06 11/140 80 Fax: 06 11/14 08-900 poststelle@datenschutz.hessen.de


Mecklenburg-Western Pomerania

The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania Der Landesbeauftragte fur Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern Lennéstrasse 1, Schwerin Castle 19053 Schwerin

Tel: 0385 / 59494-0 Fax: 0385 / 59494-58 info@datenschutz-mv.de


Lower Saxony

The State Commissioner for Data Protection Lower Saxony Prinzenstrasse 5 30159 Hanover Tel: 05 11 / 120-45 00

Fax: 05 11 / 120-45 99 poststelle@lfd.niedersachsen.de


North Rhine-Westphalia

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia Landesbeauftragte fur Datenschutz und Informationsfreiheit Nordhein-Westfalen P.O. Box 20 04 44 40102 Düsseldorf Kavalleriestraße 2-4 40213 Düsseldorf

Tel 02 11/384 24-0 Fax: 02 11/384 24-999 poststelle@ldi.nrw.de


Rhineland-Palatinate

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate P.O. Box 30 40 55020 Mainz Rear bleach 34 55116 Mainz

Tel: 061 31 / 208-24 49 Fax: 061 31 / 208-24 97


Saarland

Independent data protection center Saarland The state commissioner for data protection and freedom of information Fritz-Dobisch-Strasse 12 66111 Saarbrücken

Tel: 06 81/947 81-0 Fax: 06 81/947 81-29 poststelle@datenschutz.saarland.de


Saxony

The Saxon data protection officer P.O. Box 11 01 32 01330 Dresden or Devrientstrasse 5 01067 Dresden

Tel: 03 51 / 85471-101 Fax: 03 51 / 85471-109 saechsdsb@slt.sachsen.de


Saxony-Anhalt

State Commissioner for Data Protection Saxony-Anhalt P.O. Box 19 47 39009 Magdeburg Leiterstrasse 9 39104 Magdeburg

Tel: 03 91/818 03-0 Fax: 03 91/818 03-33 poststelle@lfd.sachsen-anhalt.de


Schleswig-Holstein

Independent state center for data protection Schleswig-Holstein P.O. Box 71 16 24171 Kiel Holstenstrasse 98 24103 Kiel

Tel: 04 31 / 988-12 00 Fax: 04 31 / 988-12 23 mail@datenschutzzentrum.de


Thuringia

Thuringian State Commissioner for Data Protection and Freedom of Information P.O. Box 90 04 55 99107 Erfurt Häßlerstrasse 8 99096 Erfurt, Germany

Tel: 03 61/57 311 29 00 Fax: 03 61/57 311 29 04 poststelle@datenschutz.thueringen.de


Greece

Hellenic Data Protection Authority

President of the Hellenic Data Protection Authority Kifisias Ave. 1-3, 11523 Ampelokipi Athens

Tel. +30 210 6475 600 Fax +30 210 6475 628 contact@dpa.gr


Hungary

Hungarian National Authority for Data Protection and Freedom of Information Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

President of the National Authority for Data Protection and Freedom of Information Falk Miksa utca 9-11 H-1055 Budapest

Tel: +36 1 3911 400 privacy@naih.hu


Ireland

Data Protection Commissioner

Data Protection Commissioner 21 Fitzwilliam Square D02 RD28 Dublin 2

Tel: +353 76 110 4800 info@dataprotection.ie


Italy

Garante per la protezione dei dati personali

President of Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma

Tel. +39 06 69677 1 Fax +39 06 69677 785 segreteria.stanzione@gpdp.it


Japan

Personal Information Protection Commission

Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1,

Kasumigaseki, Chiyoda-ku,

Tokyo, Japan,

100-0013

Tel: +81-3-6457-9680


Latvia

Data State Inspectorate

Director of Data State Inspectorate Elijas Street 17 LV-1050 Riga

Tel: +371 6722 3131 Fax +371 6722 3556 info@dvi.gov.lv


Lithuania

State Data Protection Inspectorate Valstybinė duomenų apsaugos inspekcija

Director of the State Data Protection Inspectorate L. Sapiegos str. 17 LT-10312 Vilnius

Tel: + 370 5 279 14 45 Fax: +370 5 261 94 94 ada@ada.lt


Luxembourg

Commission Nationale pour la Protection des Données

President of the Commission Nationale pour la Protection des Données 15, Boulevard du Jazz L-4370 Belvaux

Tel: +352 2610 60 1 Fax: +352 2610 60 6099 info@cnpd.lu


Malta

Office of the Data Protection Commissioner

Deputy Commissioner 2, Airways House High Street, Sliema SLM 1549

Tel: +356 2328 7100 Fax: +356 2328 7198 commissioner.dataprotection@gov.mt


Mexico

Secretaría de Bienestar

Av. Paseo de la Reforma 116, Col. Juárez, 06600

Ciudad de México

Tel: 555328 5000

demandasocial@bienestar.gob.mx


Netherlands

Autoriteit Persoonsgegevens Dutch Data Protection Authority

Chairman of the Autoriteit Persoonsgegevens Bezuidenhoutseweg 30 P.O. Box 93374 2509 AJ Den Haag/The Hague

Tel: +31 70 888 8500 Fax +31 70 888 8501 info@autoriteitpersoonsgegevens.nl


New Zealand

Privacy Commissioner Te Mana Mataponi Matatapu

Office of the Privacy Commissioner

PO Box 10 094,

Wellington

New Zealand

6143

Tel : 0800 803 90

oia@privacy.org.nz.


Peru

Dirección de Protección de Datos Personales

Scipión Llona 350 Lima - Lima - Miraflores - Perú

Tel: (01) 204 8020 Anexo 1030

protegetusdatos@minjus.gob.pe


Philippines

National Privacy commission

5th Floor Delegation Building, PICC Complex,

Roxas Blvd, Pasay,

Metro Manila,

Philippines

Toll Free: 09050310638

Tel: 09186454490

info@privacy.gov.ph


Poland

Urząd Ochrony Danych Osobowych The Bureau of the Inspector General for the Protection of Personal Data – GIODO

President of the Personal Data Protection Office ul. Stawki 2 00-193 Warsaw

Tel: +48 22 53 10 440 Fax: +48 22 53 10 441

kancelaria@giodo.gov.pl desiwm@giodo.gov.pl


Portugal

Comissão Nacional de Protecção de Dados – CNPD

President, Comissão Nacional de Proteção de Dados Av. D. Carlos I, 134, 1º 1200-651 Lisboa

Tel: +351 21 392 84 00 Fax: +351 21 397 68 32 geral@cnpd.pt


Romania

The National Supervisory Authority for Personal Data Processing Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal

President of the National Supervisory Authority for Personal Data Processing

B-dul Magheru 28-30 Sector 1, BUCUREŞTI

Tel: +40 21 252 5599 Fax: +40 21 252 5757 anspdcp@dataprotection.ro


Slovakia

Office for Personal Data Protection of the Slovak Republic Úrad na ochranu osobných údajov

Hraničná 12 820 07 Bratislava 27

Tel: + 421 2 32 31 32 14 Fax: + 421 2 32 31 32 34 statny.dozor@pdp.gov.sk


Slovenia

Information Commissioner of the Republic of Slovenia Informacijski pooblaščenec

Information Commissioner of the Republic of Slovenia Dunajska cesta 22 1000 Ljubljana

Tel: +386 1 230 9730 Fax: +386 1 230 9778 gp.ip@ip-rs.si


South Korea

Personal Information Protection Commission

Personal Information Protection Commission (PIPC)

209, Sejong-daero, Jongno-gu, Seoul, Korea Rep.

4th floor, Government Complex Seoul,

03171

Tel: 02-2100-3037

Fax: 02-2100-3003


Spain

Agencia Española de Protección de Datos (AEPD)

Director of the Spanish Data Protection Agency C/Jorge Juan, 6 28001 Madrid

Tel: +34 91 266 3517 Fax: +34 91 455 5699 internacional@agpd.es


Sweden

Datainspektionen

Director General of the Data Inspection Board Drottninggatan 29 5th Floor Box 8114 104 20 Stockholm

Tel: +46 8 657 6100 Fax: +46 8 652 8652 datainspektionen@datainspektionen.se


South Africa

Information Regulator (South Africa) The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein,

Johannesburg, South Africa, 2001

Tel: 010 023 5200

enquiries@inforegulator.org.za


Supervisory Authorities for EEA member states

Iceland

Persónuvernd

Commissioner Rauðarárstígur 10 105 Reykjavík

Tel: +354 510 9600 Email: postur@dpa.is

Liechtenstein

Data Protection Authority, Principality of Liechtenstein

Commissioner Städtle 38 9490 Vaduz

Tel. +423 236 6090 Email: info.dss@llv.li

Norway

Datatilsynet

Director-General Tollbugata 3 0152 Oslo

Tel. +47 22 39 69 00 Email: postkasse@datatilsynet.no

10. Changes to this Policy

  • 10.1. The Bank may update this Privacy Policy from time to time. The Bank will notify data subjects of any material changes to this Policy, such as changes to the purposes or categories of personal data collected, or changes to the Bank's contact information. The Bank will obtain the necessary consents from data subjects where required by applicable data protection laws.