The Access Bank Malta Limited – Privacy Statement
This Privacy Statement explains how The Access Bank Malta Limited obtains, uses and keeps your personal information confidential.
The Access Bank Malta Limited may act as the ‘data controller’ of the personal information you provide to us, for purposes of the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”), as may be amended from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”). Our company registration number is C10783 and the registered address is c/o Level 4 The Piazzetta Business Plaza, Triq Għar il-Lembi, Sliema SLM 1605 Malta.
If you have any questions about our Privacy Statement, you can write to: The Data Protection Officer, The Access Bank Malta Limited, c/o Level 4 The Piazzetta Business Plaza, Triq Għar il-Lembi, Sliema SLM 1605 Malta or email dpo@theaccessbankmaltaltd.mt
How is your personal data collected:
The type of personal data we collect about you and how it is used depends on what contract you have with us, the needs, the relationship you have with us and the products and services you hold or enquire about.
The categories of personal data we collect:
We will collect and record your data from a variety of sources; however, we rely mostly on this information coming directly from yourself.
We will collect and process this data in order to provide our products and services which include:
Why do we collect this data:
We can only use your personal information if we have a proper reason to do so and to comply with legal and regulatory requirement imposed on us by each jurisdiction, or for legitimate reasons. A legitimate reason occurs when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you.
Personal information and the law
As noted above, we can only use your personal information if we have a proper reason to do so. This includes sharing it outside The Access Bank UK Ltd. The law stipulates we must have one or more of the following legal reasons:
The table below lists all the ways that we may use your personal information, and the lawful basis on which we do so.
How we use your personal information | Our legitimate reasons |
• In order to manage our relationship with you; • Updating and improving the accuracy of our records; • Account Transaction analysis; • Processing Payments; • Arrears and Debt recovery activities; |
• Fulfilling contracts • Our legitimate Interests • Our legal obligation • Your consent • Fulfilling regulatory obligations |
• In order to develop our business and the products and services that we offer; • In assessing existing and new products; • Managing our product delivery; • During the application of fees and charges and interest to customer accounts, where applicable; |
• Our legitimate interests • Our legal obligation |
• In respect of the work that we undertake to protect the Bank from financial crime and terrorism financing, and effectively assess and mitigate risk to the Bank and our customers; • Fraud prevention and investigation. |
• Our legal obligation • Fulfilling regulatory obligations |
• While managing all aspects of our business including corporate governance and audit processes; • In respect of our rights and obligations in agreements or contracts that we hold. |
• Fulfilling regulatory obligations • Fulfilling contracts • Our legal obligation |
Categories of personal information
Category of personal information | Description |
Financial and Transactional | The financial information that we hold for you as a customer of the Bank, including your financial position and status, and details about transactional activity on the accounts that you hold with us. |
Special Category Personal Data | We will only use data that is classed as ‘sensitive’ in order to support you, for example if you are, or become, a vulnerable customer. For example, data concerning your health. Such information will only be collected and used when it is needed to help and provide personal additional support to you in respect of the product and/or services provided by the Bank, or to comply with our legal obligations. In this instance, a temporary note may be added to your record in order to ensure that staff members are aware that you may require extra support. |
Core personal information including social relationships | This refers to information that we hold in respect of your address and contact information, national identifiers such as National Insurance and Tax identification numbers, and also includes information relating to your family and associates. |
Demographic, educational and employment information | This refers to information that we hold in respect of your profession, nationality and education. |
Usage and contractual information | This information relates to the way in which you use our products and services that we provide to you. |
Location and technical information | Information that we obtain about your location, for example in respect of your usage of our website through your internet connection and the technology that you use. |
Communications | The information you provide to us in any medium, for example your communications by telephone, letter and email, noting that we record telephone calls to confirm details of our conversations, for your protection and in order to identify and address staff training needs. |
Information in the public domain | Information about you that is available in the public domain from all available sources including the internet. |
Documentary information | Information about you in documents such as your Passport, Driving licence or utility bills that you provide to us, whether original or copy documents. |
Consents | Any permissions, consents, or preferences that you provide to us. |
Information we collect
Information and third parties:
We may obtain information about you from third parties, these include:
We may provide information about you or share your personal information with third parties, for legitimate business reasons, in accordance with applicable law. This may include disclosing your personal information to:
We will only conduct information sharing activity with a third party if they agree to keep your information safe and confidential.
Transfer of personal information overseas
If we transfer your personal information to a person, office, branch, or organisation located outside of Malta or the EEA, we will make sure that they agree to apply the same levels of protection and is in line with applicable legal requirements, and to use your information strictly in accordance with our instructions. We would only share your personal information outside of Malta or the EEA:
If we do transfer your personal information to a person, office, branch or organisation outside of Malta or the EEA, we will ensure that it is protected in line with the applicable legal requirements by using one of the following safeguards:
Automated decisions and personal information
The Bank does not use your personal information to conduct automatic ‘profiling’ decisions. However, we do use third party organisations who use automated ‘decision’ making in relation to identification checks only, as part of the account opening process. You have the right to object to an automated ‘decision’, and ask that a person reviews it.
Some of the personal information we hold – or are allowed to obtain from others – about you may be used to assist us in our decision-making process. For example:
Account opening
The Bank will use the information you have provided to ensure that the product or service is relevant and meets the conditions needed to open the account.
Identifying fraudulent activity
The Bank has in place systems and controls to prevent fraud, money laundering and terrorism financing, and we may use your personal information to decide if your account is being used for these purposes. If we think the account is being used to facilitate such offences, we may block the account and refuse access to it.
Credit Reference Agencies (CRAs)
We may use Credit Reference Agencies (CRAs) for prospective and existing customers of the Bank. We conduct identity checks when you apply for a product or services for you or your business. Where we are unable to verify your identity by this means, we will ask you to provide physical forms of identification and may contact you in this respect.
We may share your personal information with CRAs and they may provide us with information about you, including:
Such information may be used for the following purposes:
Information held about you by a CRA may already be linked to records relating to your partner or members of your household where a financial ‘association’ has been created. Any enquiry we make at a CRA may be assessed with reference to any ‘associated’ records. Another person’s record will be ‘associated’ with yours when:
If you choose not to give personal information
As already stated in this statement, we may collect personal information on several bases including with your consent, for our legitimate reasons, due to legal or regulatory obligations, or under the terms of a contract we have with you. If you choose not to provide us personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It may also result in the cancellation of a product or service you hold with us.
Should any information collection be considered optional, we would specify this clearly from the outset.
Records and retention of personal information
The Bank will store all personal information as securely as possible, in a confidential manner.
We will only retain your personal information for as long as you are a customer of The Access Bank Malta Limited or otherwise for a limited period of time as long as necessary to fulfil the purposes for which we have initially collected it, unless otherwise required for legal, regulatory or fraud prevention purposes.
After account closure, or if your application has been declined or not progressed for any reason, we may retain information about you for up to 10 years where necessary for one of the following reasons:
We may keep your information for longer than 10 years if we are prevented from deleting it for the above mentioned legal, regulatory and fraud prevention reasons.
If we have not contacted you during this retention period, we will delete your personal information at the end of this period.
Your rights regarding your personal information
The right of access to your information that we hold:
Under the General Data Protection Regulation (GDPR) you have a right to see a copy of the information we hold on you. You can ask for a copy of this information by making a Personal Information Request (PIR) to us. This request can be made by email to dpo@theaccessbankmaltaltd.mt or in writing to:
Data Protection Officer
The Access Bank Malta Limited,
c/o Level 4 The Piazzetta Business Plaza,
Triq Għar il-Lembi, Sliema SLM 1605 Malta
Should you make such a request, the Bank will supply you with this information within one month of the request (extended for a further two months for complex/numerous requests in which case we will advise you of the extension within the one-month period). We may charge you an administration fee (based on the administrative costs of providing the information) for this service, or refuse to respond, where a request is ‘manifestly unfounded or excessive’. If we refuse to respond, we will explain to you the reason why the request has been refused and inform you of your right to complain, within one month of the receipt of the request.
In cases where large amounts of personal information are processed by us about you, it is permissible under GDPR for us to ask you to specify the information to which the request relates.
The right to rectify inaccurate information:
If any information we hold for you is incorrect, you may request us to rectify this at any time by contacting us by email, telephone or in writing to the Data Protection Officer at the above address. Taking into account the purposes of the processing, you have the right to have incomplete personal information completed, including by means of providing a supplementary statement.
If we have disclosed such personal information to a third party, we will inform them of the rectification where possible and inform you of the third parties to whom the inaccurate or incomplete information has been disclosed, where appropriate.
The right to restrict or object to the processing of information:
You may ask us to restrict the processing of your personal information at any time, or you may object to our continued use of your information by contacting us by email, telephone or in writing to the Data Protection Officer at the above address. You may do this in the following circumstances:
This does not affect any processing that has been carried out prior to your request being received. If you have requested or objected to processing of your personal information, this does not prevent us continuing to store the information.
Where we have disclosed personal information, we hold about you to a third party we will inform the third party of any restriction on the processing of that personal information.
We will inform you when we decide to lift a restriction on processing of personal information, we hold about you.
The right to information portability:
You may ask us to move, copy or transfer your personal information directly to another organisation if this is technically feasible to do so in a safe and secure way. You can request this by contacting us by email, telephone or in writing to the Data Protection Officer at the above address.
The right to have your information erased:
Also known as the ‘right to be forgotten’ this allows you to request that we delete any or all personal information that we hold about you where there is no compelling reason for its continued processing, for one of the following reasons:
You can make this request at any time by contacting us by email, telephone or in writing to the Data Protection Officer at the above address.
We can refuse to erase personal information we hold about you where it is processed for the following reasons:
If we erase personal information we hold about you, we will inform any third parties about the erasure UNLESS it is impossible or involves disproportionate effort to do so.
The right to withdraw your consent:
You may withdraw your consent at any time. This will not affect any usage of your information carried out up until that point but would have immediate effect from when we receive your request. Please contact us by phone, email or in writing to address above if you wish to do so.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.
Marketing
The Bank has made a policy decision that we will not send unsolicited marketing material to you. Should this position change, we will write to you.
If you wish to make a complaint
If for any reason you are unhappy with our use of your personal information and you wish to lodge a complaint, please contact us by email, telephone or in writing to the Data Protection Officer at the above address.
You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) (https://idpc.org.mt/en/Pages/Home.aspx). We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Cookies
Information about how we use Cookies is provided on the Bank’s website at the following location: https://www.theaccessbankukltd.co.uk/the-access-bank-malta-limited/cookies-malta/
The Access Bank Malta Limited is registered in Malta (C 107833), licensed and regulated by the Malta Financial Services Authority, to carry out the business of banking in terms of the Banking Act 1994.
Registered Office: Level 4, The Piazzetta Business Plaza, Triq Għar il-Lembi, Sliema, SLM 1605, Malta.
"*" indicates required fields
"*" indicates required fields