MauBank Ltd is committed to being transparent about how it handles your Personal Data, to protecting the privacy and security of your Personal Data. This document outlines our approach to Data Privacy to fulfil our obligations under the prevailing Data Protection laws.
DEFINITIONS AND INTERPRETATIONS
The masculine shall include the feminine; the plural shall include the singular, and vice-versa.
Words and expressions used in this notice shall have, except where not appropriate in the context, the meanings as specified below.
“ MauBank”, “Bank”, or “We/Us/Our’s” means MauBank Ltd.
“Customer” or “You/Your” mean any natural or legal person who uses, has used or has expressed an intention to use a service provided by MauBank.
“Sensitive Personal Data” refers to the special categories of Personal Data such as racial or ethnic origin, political opinion or adherence, religious or philosophical beliefs, trade union membership, physical or mental health or condition, sexual orientation, practices or preferences, genetic data or biometric data uniquely identifying a person, the commission or alleged commission of an offence or any other information that may be deemed to be sensitive under applicable law.
“Biometric data” means any Personal Data relating to the physical, physiological or behavioural characteristics of an individual, which allow his unique identification, including facial images or dactyloscopic data;
“Controller” means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision-making power with respect to the processing;
“Personal Data” means any information relating to an identified or identifiable individual in particular by reference to a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic cultural or social identity of the individual.
“processing” means an operation or set of operations performed on personal data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Processor” means a person who, or public body which, processes Personal Data on behalf of a controller;
PROCESSING YOUR PERSONAL DATA
COLLECTION OF PERSONAL DATA
The information we collect may include:
Information that you provide to us, e.g.:
- Personal details: name(s), previous names, gender, date and place of birth, age, marital status, National Identity Card (NIC) number, passport number, tax identification number, other government issued number, nationality, images of NIC, passport, birth certificate, marriage certificate, death certificates, affidavits, utility bills and any other documents submitted to us;
- Family details: names and contact details of family members and dependents;
- Contact details: address, phone numbers, email address and social media profile details;
- Employment details: industry, role, business activities, names of current and former employers, work address, work telephone number, work email address and work-related social media profile details;
- Education history: details of your education and qualifications;
- Financial details: billing address, bank account numbers, credit card numbers, cardholder or accountholder name and details, instruction records, transaction details and counterparty details;
- Market research: information and opinions expressed when participating in market research;
- User login and subscription data: login credentials for Online Banking and Mobile Banking Services;
- Views and opinions: any views and opinions that you choose to send to us, or publish about us (including on social media platforms);
- Other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise;
- If our relationship arises out of an insurance policy or claim, depending on the type of policy that you have with us, we may also collect:
- Information regarding your family members or other third parties who might be covered by or benefit from your insurance policy, or be financially dependent on you.
- Information, which is relevant to your insurance policy including details of previous policies and claims history.
- Lifestyle information, e.g. your smoking status and alcohol consumption if you apply for a life insurance policy.
- Details about your physical or mental health which are relevant to your insurance policy or claim,
e.g. if you make a claim we may ask for medical information relating to the claim.
- Details about your criminal convictions or related information. This will include information relating to offences or alleged offences.
- Any other information, which is relevant to a claim that you make.
If you give us information about someone else, or someone gives us information about you, (for example, where another person provides your information to us during the course of a joint application), we may add it to any Personal Data we already hold and use it in the ways described in this Privacy Notice. Before you disclose information to us about another person, you should ensure that you have his or her consent to do so and show him or her this Privacy Notice. You need to ensure they give their consent to share their Personal Data with us for the purposes described in this Privacy Notice.
Information we collect or generate about you, e.g.:
- Your financial information and information about your relationship with us, including the products and services you hold, the channels you use and your ways of interacting with us, your ability to get and manage your credit, your payment history, transactions records, market trades, payments into your account including salary details and information concerning complaints and disputes;
- Information we use to identify and authenticate you including your biometric information, such as your signature, photo or additional information that we receive from external sources that we need for compliance purposes;
- Geographic information, e.g. about which branches or ATMs you use;
- Information included in customer documentation, e.g. a record of advice that we may have given you;
- Marketing and sales information, e.g. details of the services you receive and your preferences;
- We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site. When you visit a Site, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data.
- Risk rating information, e.g. credit risk rating, transactional behaviour and underwriting information;
- Investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals and/or organisations, including emails, voicemail, live chat, etc.;
- Records of correspondence and other communications between us, including email, live chat, instant messages and social media communications;
- Information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities.
Information we collect from other sources, e.g.:
- Information you’ve asked us to collect for you, e.g. information about your accounts or holdings with other companies including transaction information;
- Information from third party providers, e.g. information that helps us to combat fraud or that relates to your social interactions (including your communications via social media, between individuals, organisations, prospects and other stakeholders acquired from companies that collect combined information);
- Where the Personal Data of children under the age of 18 is provided, the consent of the child’s parent or legal guardian must be obtained.
- If our information arises out of an insurance policy or claim, we may also collect:
- Information relating to your insurance application where you apply for a policy via a comparison website or aggregator;
- Information relating to your medical records, with your agreement;
- Information relating to your insurance claims history;
- Information from other parties involved in your insurance policy or claim;
- Information from publicly available sources.
PROCESSING OF PERSONAL DATA
MauBank do not seek to collect or otherwise Process your Sensitive Personal Data, except where:
- The Processing is necessary for compliance with a legal obligation;
- The Processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law;
- You have manifestly made those Sensitive Personal Data public;
- The Processing is necessary for the establishment, exercise or defence of legal rights;
- We have, in accordance with applicable law, obtained your explicit consent prior to Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way); or
- Processing is necessary for reasons of substantial public interest and occurs on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental, rights and interests and in any event, such processing is in conformity with section 28 of the Data Protection Act 2017.
PURPOSES FOR WHICH WE MAY PROCESS YOUR PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING.
The Bank will only use the Personal Data for the purposes for which we collected it. If the Personal Data is Process for other purposes, the Bank will amend this table accordingly. The purposes for which we may Process your Personal Data and the legal bases are:
Legal basis for Processing
AML/KYC:fulfilling our legal obligations, including ‘Know Your Customer’ checks and confirming and verifying your identity (including by using credit reference agencies); and screening against government, international bodies and/or law enforcement agency sanctions lists as well as internal sanctions lists.
Customer on boarding: on-boarding new Customers; and compliance with our internal compliance requirements, policies and procedures.
Credit Risk Rating: conducting credit reference checks and other financial due diligence.
Provision of products and services: administering relationships and related
Marketing/Prospecting: communicating with
Operation of our Sites/Applications: operation and management of our Sites/Applications; providing content to you; displaying advertising and other information to you; and communicating and interacting with you via our Sites and Mobile Applications.
IT operations: management of our communications systems; operation of IT
Health and safety: health and safety
Financial management: sales; finance;
Research: conducting market or customer
Security: physical security of our premises
Investigations: detecting, investigating and
Legal compliance: compliance with our legal
Legal proceedings: establishing, exercising
Improving our products and services:
Risk Management: Audit, compliance,
Fraud prevention: Detecting, preventing and
Employment: To manage our employees
WHO WE MAY SHARE YOUR INFORMATION WITH?
We may share your information with others where it is lawful to do so including where we or they:
- Need to in order to provide you with products or services you’ve requested, e.g. fulfilling a payment request;
- Need to in order to provide you with your insurance policy or to administer your claim;
- Have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and
- Need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
- Have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with services you’ve requested, or assess your suitability for products and services;
- Have asked you for your permission to share it, and youhave agreed.
We may share your information for these purposes with others including:
- Other MauBank Group companies (including their employees, sub-contractors, service providers, directors and officers) and any sub-contractors, agents or service providers who work for us or provide services to us;
- Any joint account holders, trustees, beneficiaries or executors;
- People who give guarantees or other security for any amounts you owe us;
- People you make payments to and receive payments from;
- Your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you hold securities in through us, e.g. stocks, bonds or options;
- Other financial institutions, lenders and holders of security over any property you charge to us, tax authorities, trade associations, credit reference agencies, service providers and debt recovery agents;
- Any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you;
- Any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them;
- Any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
- Law enforcement, government, courts, dispute resolution bodies, accreditation bodies, our regulators and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- Accountants, auditors, financial advisors, lawyers and other outside professional advisors to MauBank, subject to binding contractual obligations of confidentiality;
- Other parties involved in any disputes, including disputed transactions;
- Fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity;
- Anyone who provides instructions or operates any of your accounts on your behalf, e.g. Power of Attorney, Barristers, intermediaries, etc.;
- Anybody else that we’ve been instructed to share your information with by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf;
- Our card processing supplier(s) to carry out credit, fraud and risk checks, process your payments, issue and manage your card;
- We may share aggregated or anonymised information within and outside MauBank with partners
such as research groups, universities or advertisers. You won’t be able to be identified from this information.
- If our relationship arises from an insurance policy or claim, we’ll also share your information with:
- Other parties involved in providing your insurance policy, e.g. the intermediary or insurer who provides your policy;
- Third parties involved in the administration of the relevant insurance policy or claim including loss adjusters, claims handlers, private investigators, experts and our advisors;
- Where relevant, medical experts and rehabilitation providers.
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We may need to transfer your Personal Data to third parties as noted in Section 3 above, in connection with the purposes set out in this notice. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those that apply in the country in which you are located.
When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it.
If you need more information about the safeguards applied to international transfers of Personal Data, please use the contact details provided in Section 15 below.
You have a number of rights in relation to the information that we hold about you. These rights include:
- The right to access information we hold about you and to obtain information about how we process it;
- In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so;
- The right to request that we rectify your information if it’s inaccurate or incomplete;
- In some circumstances, the right to request that we erase your information. We may continue to retain your information if we’re entitled or required to retain it;
- The right to object to, and to request that we restrict, our processing of your information in some
circumstances. There may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing your information and/or to refuse that request.
- Obtain a transferable copy of certain data to which can be transferred to another provider, known
as “the right to data portability”. You are not able to obtain through the data portability right all of the Personal Data that you can obtain through the right of access. The right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive Personal Data transferred to us and we will not be responsible for the accuracy of same.
You can exercise your rights by contacting us using the details set out in Section 15 below. You also have a right to complain to the Data Protection Office of Mauritius, or to the data protection regulator in the country where you live or work.
HOW WE KEEP YOUR INFORMATION SECURE?
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staffs and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. We also have in place procedures to deal with a suspected data security breach and will notify you and/or the Data Protection Commissioner (or any other applicable authority) of a suspected breach where the Bank is legally required to do so.
You are responsible for ensuring that any Personal Data that you send to us are sent securely.
We take reasonable steps to ensure that your Personal Data that we Process are accurate and, where necessary, kept up to date. Inaccurate data are erased or rectified without delay. From time to time we may ask you to confirm the accuracy of your Personal Data.
You’re responsible for making sure the information you give us is accurate and up to date, and you must inform us if anything changes as soon as possible. This can be done through our Change Request Form. If you provide information for another person (e.g. a joint account holder, a beneficiary under an insurance policy or a dependant), you’ll need to direct them to this notice.
We take reasonable steps designed to ensure that your Personal Data that we Process are limited to the Personal Data reasonably required in connection with the purposes set out in this Notice.
We will keep your information only for as long as we need to by law and in accordance with our Data Retention Policy. The length of time we hold your data depends on a number of factors, such as regulatory rules and the type of financial product we have provided to you.
Those factors include:
- The regulatory rules contained in laws and regulations or set by authorities like the Bank of Mauritius.
- The type of financial product we have provided to you. For example, we may keep data relating to a mortgage product for a longer period compared to data regarding a single payment transaction.
- Whether you and us are in a legal or some other type of dispute with another person or each other.
- The type of data we hold about you.
- Whether you or a regulatory authority asks us to keep it for a valid reason.
- Whether we use your data for long-term statistical modelling, provided that such modelling does not affect any decision we make about you.
- As a general rule, we keep your information for a specified period after the date on which a transaction has completed or you cease to be a customer. In most cases this period is seven (7) years.
ARE YOU OBLIGED TO PROVIDE PERSONAL DATA?
Sharing information with us is in both your interest and ours.
We need your information in order to:
- Provide our products and services to you and fulfil our contract with you.
- Manage our business for our legitimate interests.
- Comply with our legal obligations.
You may choose not to share some information, but doing so may limit the services we are able to provide to you.
- We may not be able to provide you with certain products and services that you requested. We may
not be able to continue to provide you with or renew existing products and services.
- We may not be able to assess your suitability for a product or service, or, where relevant, give you
a recommendation to provide you with our financial product or service.
- When we request information, we will tell you if providing it is a contractual requirement or not,
and whether or not we need it to comply with our legal obligations.
TO WHAT EXTENT IS THERE AUTOMATED DECISION MAKING?
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.
WILL PROFILING TAKE PLACE?
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance:
- Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing and other offenses. Data assessments (including on payment transactions) are also carried out for this purpose.
- We use assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed – including market and opinion research.
- We use scoring as part of the assessment of your creditworthiness. This calculates the probability that a Customer will meet the payment obligations pursuant to the contract. This calculation may be influenced by the Customer’s earning capacity, expenses, pending liabilities, occupation, employer, term of employment, experience from the business relationship thus far, contractual repayment of previous credits, and information from credit information offices (MCIB), for instance. Scoring is based on a mathematically and statistically recognised and established process. The calculated scores help us to make decisions in the context of product sales and are incorporated into ongoing risk management.
We may Process your Personal Data to contact you, primarily by post and email and also on occasion by telephone, so that we can provide you with information concerning products and services that may be of interest, provided that we have first obtained your consent, to the extent required by, and in accordance with applicable law. To opt in/out of our various marketing communication methods, simply fill out the Marketing Consent Form available on our website www.maubank.mu and return it to a MauBank Branch. We may continue to contact you to the extent necessary for the purposes of any services you have requested.
CHANGES TO THIS NOTICE
We invite you to review the latest version of this notice from time to time. Any changes will be communicated to you and made available on our website www.maubank.mu and, where appropriate, notified to you by SMS, e-mail or when you log onto one of our mobile apps. This notice was last updated on 12 July 2018.
If you have any questions about how your Personal Data is gathered, stored, shared or used, or if you wish to exercise any of your data rights, please contact our Data Protection Officer at;
Company Name: MauBank Ltd
Telephone: +230 4059400
Fax: +230 4040333
Postal Address: MauBank Ltd, 25, Bank Street, Cybercity, Ebene 72201