Everything you need to know about how we protect your personal data
This policy explains how Diamond Bank (UK) PLC (referred to in this policy as Diamond Bank, we, us or our) collects, stores and uses personal data about you in relation to conducting our business with your connected company or providing you with details of our product and service offering.
It tells you about your privacy rights and how the law protects you.
You should read this policy so that you know what we are doing with your personal data.
We respect your privacy and we are committed to protecting your personal data.
This policy covers the following:
a. What is personal data?b. Who we arec. The personal data we collect about youd. How your personal data is collectede. How we use your personal dataf. The legal bases that permits us to use your personal datag. What happens if you do not provide the personal data we requesth. How we share your personal datai. How we keep your personal data securej. How long we retain your personal datak. Your data protection rightsl. How to complain
Personal data means any information about a living individual from which that person can be identified. This would include, among other things, information such as name, contact details or an online identifier.
Diamond Bank (a licensed wholesale bank primarily engaged in trade finance) is a controller in respect of the personal data that we process about the company you are connected to and of the personal data that you provide to us on this website.
This means that we are the company responsible for making decisions about how and why we collect, store, and use your personal data.
We may collect, use, store and share information about Directors, Shareholders, Ultimate Beneficial Owners, Guarantors and Authorized Signatories of our corporate customers, and we may collect, use, and store contact details and cookies provided by prospective customers (referred to as you) grouped as follows:
Identity Data This includes title, first name, surname, maiden name (where applicable), date of birth, gender, nationality (which includes ethnic origin), permanent residential address.
Contact Data Personal email addresses and telephone numbers.
Financial Data Bank account details (where applicable), information about your source of wealth and asset and liability statements for guarantors.
Ownership Data Details of shareholding and shareholders and ultimate beneficial owners.
Tax Data Information about your tax residency status and tax nationality.
Public Status Data Details of public positions held by you or held by your immediate family (spouse, partner, children and their spouses and partners, parents) and close associates.
Criminal Convictions and Offences Information about criminal convictions and offences committed by you.
Regulatory Matters Information about any regulatory matters connected to you.
CCTV Footage Where you visit the Bank, images from CCTV footage for safety and security purposes.
We use different methods to collect data from and about you including through:
Direct Interaction with you
You may give us your identity, contact details including email address and telephone number, financial, ownership, tax, public status data by filling in forms provided to you by us or by corresponding with us by post, phone, email or in person or via our website contact forms.
This includes personal data you provide when you:
Engage in a business relationship with us / apply for our products and services;
Request information from us in relation to our business relationship;
Request information about our product and service offering; and
During our business relationship with a customer you are connected to.
Third parties or publicly available sources
We may collect personal data about you from third parties and public sources when we carry out verification and background checks and ongoing monitoring as set out below:
Identity, contact and shareholder / ownership data from publicly available sources (e.g. Companies House, Registries in other EEA countries, the UK’s electoral register, your corporate website and annual reports);
Regulatory information from publicly available sources (e.g. FCA Register, other European Regulatory Registers);
Publicly available information about you from internet search providers (e.g. Google searches); and
Public status, criminal convictions and offences, and regulatory data from our third-party screening service provider.
We will use your personal data for the following purposes:
To make decisions about whether to enter into a contract with a customer you are connected to (e.g. where you are a Director, Guarantor, Shareholder, Authorized Signatory or Ultimate Beneficial Owner of a potential customer);
Where we need to perform the contractual arrangement that we are about to enter with your company or that we have entered with your company;
To make decisions about providing credit to a customer you are connected to;
To comply with our regulatory and legal obligations to perform customer identification, verification and ongoing monitoring of customer relationships and customer transactions for money laundering, terrorist financing, fraud and other financial crime prevention;
To comply with our regulatory and legal obligations to report tax and financial crime information to the relevant authorities (Her Majesty’s Revenue Service, the Financial Conduct Authority, and Law Enforcement Agencies including the National Crime Agency);
For compliance with statutory record keeping requirements in relation to money laundering, terrorist financing and financial crime prevention;
To correspond with you, our existing and potential customers, about our product and service offering;
To administer our website and to notify you about any changes to our website.
We will only use your personal information where we have a legal basis for doing so. We rely on the following legal bases in relation to your company’s business relationship with us:
Where we need to comply with a legal obligation as follows:
Where we are obliged to complete customer identification, verification and ongoing monitoring of relationships and transactions to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions.
This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement agencies and regulatory bodies.
Reporting to tax authorities under Common Reporting Standards (CRS) and Foreign Account Tax Compliance Act (FATCA);
Other reporting to regulatory bodies in relation to financial crime;
To comply with legal record keeping requirements in relation to money laundering and terrorist financing;
Where we are obliged to share data with police, other law enforcement or other government, including reporting suspicious activity and complying with production and court orders;
To deliver mandatory communications to you or the customer you are connected to; and
To investigate and resolve your complaints or those of the customer you are connected to.
Where it is necessary for our legitimate interests without prejudicing your interests or fundamental data protection rights as follows:
To carry out checks (in addition to legal requirements) on you and associated persons, including performing adverse media checks, screening against third party databases and sanctions lists and establishing political exposed persons (PEPS), immediate family members of PEPS and close associates of PEPS;
To monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
To ensure network and information security, prevention and detection of crime and protection of your personal data;
To provide assurance on the bank’s material risks and reporting to internal management and supervisory authorities on whether the Bank is managing them effectively;
To enable a sale, reorganisation, transfer, financial arrangement, sub-participation, asset disposal, including without limitation loan portfolio sales, securitisations or other transactions relating to the customer connected to you and/or assets held by our business where your information may be shared with any relevant third party;
To perform analysis on your complaints or those of the customer connected to you for the purposes of preventing errors and process failures and to rectify any negative impact on you or the customer you are connected to;
To carry out financial and credit assessments;
To enforce guarantor agreements;
To promote our business by bringing to your attention our product and service offering; and
To administer our website and to update you on changes to our website.
To perform our contract with the customer you are connected to (e.g. to register them as a customer, open and manage customer accounts and effect transactions).
Certain of your personal information is classified as special or sensitive. This includes information relating to racial or ethnic origin or political opinions (note: there are other categories of special or sensitive data but the Bank does not collect, store or use these other categories for our relationship with the customer you are connected to).
There are also additional restrictions in relation to the collection, storage and use of criminal conviction data.
We will use information relating to racial or ethnic origin to perform identity and identity verification checks for the purposes of our legal obligations under money laundering and terrorist financing legislation;
We may use information about your political opinions and those of your immediate family and close associates if this information is relevant to establishing your status as a politically exposed person for the purposes of our legal obligations under money laundering and terrorist financing legislation; and
We will use information about criminal offences and convictions to comply with our regulatory obligations under money laundering and terrorist financing legislation.
We need your information so that we can comply with our legal obligations, for our legitimate interests and to perform the contract with the company you are connected to.
If you fail to provide certain information when requested, we will not be able to provide services to the customer you are connected to.
If you do not provide information as requested during the relationship with the customer you are connected to, we will have to stop providing services to the customer you are connected to.
We share your personal information in the following ways:
Where we use third party service providers who process personal information on our behalf to provide services to us. The following activities are carried out by third-party service providers:
Screening for adverse media information, criminal offences and convictions, establishment of whether you, your immediate family or your close associates are politically exposed persons;
Audit services as part of the Bank’s internal audit and statutory audit requirements;
IT system providers for ongoing monitoring of customer relationships and transactions; and
Our website provider.
We will share your personal information with the police and other law enforcement agencies where we are required to do so to comply with our legal and regulatory obligations (e.g. reporting suspicious activity to the National Crime Agency, complying with production and court orders);
We will share your personal information with other governmental third parties where we are required to do so by law e.g. where we are required to provide tax-related information to HMRC under CRS and FATCA legislation;
We may share your personal information with other entities within the group where the customer you are connected to is also a customer of Diamond Bank PLC. Information sent to these countries is covered by a data transfer agreement using model contract clauses in the form approved by the European Commission. If you would like to see a copy of the adequacy mechanism that we use to protect your personal information please contact the Bank’s Data Privacy Compliance Officer (see contact details in this notice); and
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes set out in this policy and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and third parties who have a business need to know. They will only process your personal information on our instructions and subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and we will notify you and the relevant regulators of a suspected breach where we are legally required to do so.
We will retain your information for the duration of the customer’s contract with us (the customer connected to you) and for a period of five (5) years after the closure of the customer relationship or the date of the last transaction whichever is later, as mandated in money laundering and terrorist financing statutory record keeping periods.
Where we are required to do so by law enforcement agencies or where we require your information in relation to a legal claim, we may need to retain your information for a longer period.
We will retain CCTV footage of you (where you visit our premises) for a period of seventeen (17) days.
Under certain circumstances, by law, you have the right to:
Request access to your personal information (commonly known as data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where we continue to process beyond the necessary period, where you withdraw consent, where you object (see right to object to processing), where the data has not been processed lawfully or it is necessary to delete the personal information to comply with a legal obligation.
Object to processing of your personal information where we are relying on a legitimate interest or exercise of a public interest task to make the processing lawful.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information where you believe the information in inaccurate, our processing is unlawful, or where you have raised an objection to processing.
Request to transfer your personal information to another party.
If you want to exercise any of your rights, please contact the Data Privacy Compliance Officer at firstname.lastname@example.org or write to the Data Privacy Compliance Officer at 36/38 Leadenhall Street, London, EC3A 1AT, United Kingdom.
If you have any complaints about the way we use your personal information please contact the:
who will try to resolve the issue.
If we cannot resolve your complaint, you have the right to complain to the Information Commissioner in the United Kingdom at www.ico.org.uk.