Everything you need to know about how we protect your personal data. A copy of this notice can be downloaded here.
What is the purpose of this notice?
This notice explains how the Commonwealth Trade Bank Plc (referred to in this notice as the CTB Plc, we, us or our) collects, stores and uses personal data about you in relation to conducting our business with you or your connected company or providing you with details of our product and service offering.
It tells you about your privacy rights and how the law protects you.
We keep this privacy notice up to date so if there are any changes to the way in which your personal data is used, this privacy notice will be updated and we will notify you of the changes on our website. We will only use your personal data in accordance with the purposes set out in this privacy notice.
You should read this notice so that you know what we are doing with your personal data.
We respect your privacy and we are committed to protecting your personal data. This notice covers the following:
- What is personal data?
- Who we are
- The personal data we collect about you
- How your personal data is collected
- How we use your personal data
- The legal bases that permits us to use your personal data
- What happens if you do not provide the personal data we request
- How we share your personal data
- How we keep your personal data secure
- How long we retain your personal data
- Your data protection rights
- How to complain
If you have any queries or concerns in relation to this privacy notice, please contact the
Data Privacy Compliance Officer
Tel: +44 207 184 4117
a. What is personal data?
Personal data means any information about a living individual from which that person can be identified. This would include, among other things, information such as name, contact details or an online identifier.
b. Who we are
The CTB Plc (a licensed wholesale bank primarily engaged in trade finance) is a controller in respect of the personal data that we process about you and the company you are connected to and of the personal data that you provide to us on this website.
This means that we are the company responsible for making decisions about how and why we collect, store, and use your personal data.
c. The personal data we collect about you
We may collect, use, store and share information about you, the Directors, Shareholders, Ultimate Beneficial Owners, Guarantors and Authorized Signatories of our corporate customers, and we may collect, use, and store contact details and cookies provided by prospective customers (referred to as you) grouped as follows:
- Identity Data
This includes title, first name, surname, maiden name (where applicable), date of birth, gender, nationality (which includes ethnic origin), permanent residential address.
- Contact Data
Personal email addresses and telephone numbers.
- Financial Data
Bank account details (where applicable), information about your source of wealth and asset and liability statements for guarantors.
- Ownership Data
Details of shareholding and shareholders and ultimate beneficial owners.
- Tax Data
Information about your tax residency status and tax nationality.
- Public Status Data
Details of public positions held by you or held by your immediate family (spouse, partner, children and their spouses and partners, parents) and close associates.
- Criminal Convictions and Offences
Information about criminal convictions and offences committed by you.
- Regulatory Matters
Information about any regulatory matters connected to you.
- CCTV Footage
Where you visit the Bank, images from CCTV footage for safety and security purposes.
Where you visit the Bank’s website. Please also see our Cookies Policy for further details of the cookies we use.
e. How we use your personal data
We will use your personal data for the following purposes:
- To make decisions about whether to enter into a contract with you or a customer you are connected to (e.g. where you are a Director, Guarantor, Shareholder, Authorized Signatory or Ultimate Beneficial Owner of a potential customer);
- Where we need to perform the contractual arrangement that we are about to enter with you, your company or that we have entered with your company;
- To make decisions about providing credit to a customer you are connected to;
- To comply with our regulatory and legal obligations to perform customer identification, verification and ongoing monitoring of customer relationships and customer transactions for money laundering, terrorist financing, fraud and other financial crime prevention;
- To comply with our regulatory and legal obligations to report tax and financial crime information to the relevant authorities (Her Majesty’s Revenue Service, the Financial Conduct Authority, and Law Enforcement Agencies including the National Crime Agency);
- For compliance with statutory record keeping requirements in relation to money laundering, terrorist financing and financial crime prevention;
- To correspond with you, our existing and potential customers, about our product and service offering;
- To administer our website and to notify you about any changes to our website.
f. The legal bases that permit us to use your personal data
We will only use your personal information where we have a legal basis for doing so. We rely on the following legal bases in relation to you or your company’s business relationship with us:
- Where we need to comply with a legal obligation as follows:
- Where we are obliged to complete customer identification, verification and ongoing monitoring of relationships and transactions to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions.
This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement agencies and regulatory bodies.
- Reporting to tax authorities under Common Reporting Standards (CRS) and Foreign Account Tax Compliance Act (FATCA);
- Other reporting to regulatory bodies in relation to financial crime;
- To comply with legal record keeping requirements in relation to money laundering and terrorist financing;
- Where we are obliged to share data with police, other law enforcement or other government, including reporting suspicious activity and complying with production and court orders;
- To deliver mandatory communications to you or the customer you are connected to; and
- To investigate and resolve your complaints or those of the customer you are connected to.
- Where it is necessary for our legitimate interests without prejudicing your interests or fundamental data protection rights as follows:
- To carry out checks (in addition to legal requirements) on you and associated persons, including performing adverse media checks, screening against third party databases and sanctions lists and establishing political exposed persons (PEPS), immediate family members of PEPS and close associates of PEPS;
- To monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
- To ensure network and information security, prevention and detection of crime and protection of your personal data;
- To provide assurance on the bank’s material risks and reporting to internal management and supervisory authorities on whether the Bank is managing them effectively;
- To enable a sale, reorganisation, transfer, financial arrangement, sub-participation, asset disposal, including without limitation loan portfolio sales, securitisations or other transactions relating to you or the customer connected to you and/or assets held by our business where your information may be shared with any relevant third party;
- To perform analysis on your complaints or those of the customer connected to you for the purposes of preventing errors and process failures and to rectify any negative impact on you or the customer you are connected to;
- To carry out financial and credit assessments;
- To enforce guarantor agreements;
- To promote our business by bringing to your attention our product and service offering; and
- To administer our website and to update you on changes to our website.
- To perform our contract with you or the customer you are connected to (e.g. to register them as a customer, open and manage customer accounts and effect transactions).
Certain of your personal information is classified as special or sensitive. This includes information relating to racial or ethnic origin or political opinions (note: there are other categories of special or sensitive data but the Bank does not collect, store or use these other categories for our relationship with you or the customer you are connected to).
There are also additional restrictions in relation to the collection, storage and use of criminal conviction data.
- We will use information relating to racial or ethnic origin to perform identity and identity verification checks for the purposes of our legal obligations under money laundering and terrorist financing legislation;
- We may use information about your political opinions and those of your immediate family and close associates if this information is relevant to establishing your status as a politically exposed person for the purposes of our legal obligations under money laundering and terrorist financing legislation; and
- We will use information about criminal offences and convictions to comply with our regulatory obligations under money laundering and terrorist financing legislation.
g. What happens if you do not provide the personal data we request
We need your information so that we can comply with our legal obligations, for our legitimate interests and to perform the contract with you or the company you are connected to.
If you fail to provide certain information when requested, we will not be able to provide services to you or the customer you are connected to.
If you do not provide information as requested during our relationship or during the relationship with the customer you are connected to, we will have to stop providing services to you or the customer you are connected to.
h. How we share your personal data
We share your personal information in the following ways:
- Where we use third party service providers who process personal information on our behalf to provide services to us. The following activities are carried out by third-party service providers:
- Screening for adverse media information, criminal offences and convictions, establishment of whether you, your immediate family or your close associates are politically exposed persons;
- Audit services as part of the Bank’s internal audit and statutory audit requirements;
- IT system providers for ongoing monitoring of customer relationships and transactions; and
- Our website provider.
- We will share your personal information with the police and other law enforcement agencies where we are required to do so to comply with our legal and regulatory obligations (e.g. reporting suspicious activity to the National Crime Agency, complying with production and court orders);
- We will share your personal information with other governmental third parties where we are required to do so by law e.g. where we are required to provide tax-related information to HMRC under CRS and FATCA legislation;
- We may share your personal information with other entities within the group where the customer you are connected to is also a customer of the CTB PLC. These entities may be in countries outside of the United Kingdom. Information sent to these countries is covered by a data transfer agreement using model contract clauses in the form approved by the European Commission. If you would like to see a copy of the adequacy mechanism that we use to protect your personal information please contact the Bank’s Data Privacy Compliance Officer (see contact details in this notice); and
- If we sell any part of our business and/or integrate it with another organisation your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs the new owners of the business will only be permitted to use your information in the same way as set out in this privacy notice.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes set out in this notice and in accordance with our instructions.
i. How we keep your personal data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and third parties who have a business need to know. They will only process your personal information on our instructions and subject to a duty of confidentiality.
Details of these measures may be obtained from the Bank’s Data Privacy Compliance Officer, email@example.com or telephone +44 207 184 4117.
We have put in place procedures to deal with any suspected data security breach and we will notify you and the relevant regulators of a suspected breach where we are legally required to do so.
j. How long we retain your personal data
We will retain your information for the duration of your or the customer’s contract with us (the customer connected to you) and for a period of five (5) years after the closure of your account or of the customer relationship relating to the entity connected to you or the date of the last transaction on your account or of the any entity account connected to you, whichever is later, as mandated in money laundering and terrorist financing statutory record keeping periods.
Where we are required to do so by law enforcement agencies or where we require your information in relation to a legal claim, we may need to retain your information for a longer period.
We will retain CCTV footage of you (where you visit our premises) for a period of seventy two (72) days.
k. Your data protection rights
Under certain circumstances, by law, you have the right to:
Request access to your personal information (commonly known as data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information (commonly known as the right to be forgotten). This enables you to ask us to delete or remove personal information where we continue to process beyond the necessary period, where you withdraw consent, where you object (see right to object to processing), where the data has not been processed lawfully or it is necessary to delete the personal information to comply with a legal obligation.
Object to processing of your personal information where we are relying on a legitimate interest or exercise of a public interest task to make the processing lawful.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information where you believe the information in inaccurate, our processing is unlawful, or where you have raised an objection to processing.
Request to transfer your personal information to another party.
If you want to exercise any of your rights, please contact the Data Privacy Compliance Officer at firstname.lastname@example.org or write to the Data Privacy Compliance Officer at 36/38 Leadenhall Street, London, EC3A 1AT, United Kingdom.
l. How to complain
If you have any complaints about the way we use your personal information please contact the:
Data Privacy Compliance Officer
+44 207 184 4117 or
who will try to resolve the issue.
If we cannot resolve your complaint, you have the right to complain to the Information Commissioner in the United Kingdom. Contact details and further information on your rights can be found at www.ico.org.uk.