Pacific Private Bank Limited (hereinafter referred to as the “Bank”) places a high priority on (i) preserving banking secrecy under applicable laws and (ii) maintaining utmost confidentiality of its customers’ and potential customers’ (as well as their authorized agents and representatives) data and personal information (collectively referred to as “Customers” or “Clients”).
What is Personal information and what information the Bank collects
Personal Information is information or an opinion about the client/user/visitor (hereinafter all referred to as the client or the customer), or information or an opinion that may reasonably identify the client, whether or not the opinion is true or not and whether or not the information is stored in material form or not.
Depending on the need and proportionally to the engagement in Bank’s services by the customer, the Bank may collect the following Personal Information about him/her:
- residency status;
- landline and mobile telephone numbers;
- e-mail address;
- personal website details;
- Tax File Number;
- the name and contact details of individuals listed as referees within applications provided to the Bank;
- name and contact details of client’s professional advisers or representatives such as client’s solicitor, accountant, conveyancer, financial planner, etc.;
- financial information;
- transaction information where the client have a product with the Bank or use a service provided by the Bank; and
- any details contained within identity documents provided to the Bank (such as the maiden name of client’s mother in his birth certificate, government identifiers such as a passport number, driver’s license number, Medicare card number, etc.);
- investment objectives and risk tolerance of the Customer;
- credit worthiness, credit history, credit eligibility, repayment history information and default information;
- information with regard to reputation, conviction or any other compliance related information which may be of personal nature;
Mobile banking application acquires Customer’s Unique device identification in order to establish the link of particular Customer and his unique mobile device. Internet banking and mobile banking applications request to input data allowing to identify the person as Bank’s Customer, such as usernames, passwords, PIN Codes and passlock patterns.
Purposes of Acquiring Data and Information
The Bank collects Personal Information the Bank needs to provide products and services it offers.
When the client contacts the Bank or visits Bank’s website, in order to be able to place his/her request or question to the Bank, the client may be asked to enter his/her name, surname, email address or other personal details, which allows the Bank to help the client with the experience and maintain correspondence with him/her.
The Bank’s Mobile Application collects and stores “Unique device identification“ of its users in order to provide Quick login functionality.
Other purposes for which the Bank collects, holds, uses and/or discloses personal information:
- to assess an application for a product or service and provide the client with such product or service;
- to enter into any transactions with the client or on his/her behalf;
- for any purpose related to the provision of a product or services to the client and carrying out associated payments, administration and account services;
- to allow for the sound and secure processing of transactions via Bank’s internet banking and mobile banking application;
- to ensure that Customers receive the highest level of service in the provision of products and services;
- to promote, facilitate and manage the provision of any the Bank’s products or services to the client;
- for planning, product development and research purposes and to seek the client’s feedback on products and services;
- to identify and develop products or services that may interest the client and market them to the client (unless the client ask the Bank not to do so);
- to analyze transaction details and transactions history to build customer profiling;
- to detect fraud, money laundering or terrorist financing activities as required under applicable Anti-Money Laundering (AML) legal acts, regulations and respective Bank’s internal Procedures implementing the applicable AML regulations; or to detect breaches of applicable sanctions of the Security Council of the United Nations, European Commission, US or other international or country’s sanctions that the Bank is obliged to by legal acts or voluntarily chooses to respect under its internal policies; or to detect or report other breaches of certain overseas sanctions, laws and in order to comply with other regulatory requirements of Vanuatu or applicable overseas regulators;
- to take any action the Bank consider appropriate to meet the Bank’s compliance obligations with respect to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, or violations, or attempts to circumvent or violate any laws, regulations or governmental directives relating to these matters. Such action may include, but is not limited to: (a) screening, intercepting and investigating any instruction, communication, drawdown request, application for a product or service, or any payment sent to or by the client or on his/her behalf, (b) investigating the source of or intended recipient of funds, (c) combining the client’s Personal Information with other related information in the Bank’s possession or the possession of the Group companies, (d) making further enquiries as to the status of a person or entity, whether they are subject to a sanctions regime, under criminal investigation or prosecution, or confirming the Customer’s identity and status;
- to facilitate any transactions entered into between the client and another person, or provide any transactions entered into or performed by a person at the client’s request and for or on his/her behalf;
- to verify client’s identity and confirm at periodic intervals whether such details are up-to-date whilst the client has a product with the Bank or is receiving a service from the Bank. In doing this, the Bank may hire third parties and use third party IT solutions and aggregated databases in order to compare the client’s details with the names, residential addresses and dates of birth contained in those databases for the purposes of executing the Bank’s obligations under applicable legal acts and to be able to make proper risk assessment. If the Customer does not provide Personal Information as requested, the Bank may not be able to provide him/her/it with the products or services sought.
Data and Information Acquisition and Storage Method
The Bank may acquire Customers’ data and personal information via e-mail, Skype, mobile or stationary line telephone, regular post, personal delivery, during interview with the client, internet banking, mobile banking application or other personal or electronic channels. The Bank may acquire Customer’s information from the Customer himself, his representative, publicly available sources, paid third parties services including aggregated information databases and IT software used for compliance reasons. The Bank shall enforce adequate security measures at all times to protect the confidentiality of all acquired data and information.
The Bank may hold client’s Personal Information in the following ways:
• within its computerized systems such as computer hard drives, e-mail programs and electronic servers;
• within owned/rented out quality data centers/servers outside Vanuatu;
• physically, stored on both Bank’s premises and in the external premises of the Bank’s service providers; and
• within USB sticks (only on an exceptional basis).
Use and Provision of Data and Information
The Bank shall not disclose acquired Customers’ data and personal information to third parties except in the cases indicated and agreed to with the Customer in Account Opening Agreement and General Terms and Conditions of the Bank. The disclosure cases inter alia include:
- The Customer’s consent is obtained;
- Data and personal information is entrusted with a third party for the purpose of outsourcing operations. In this situation, the Bank shall ensure that the third party undertakes strict controls to ensure the confidentiality of the data and personal information;
- The Bank is compelled to disclose the data and personal information under applicable laws and regulations or pursuant to a judicial or regulatory order.
The Bank never sells or otherwise trades client’s Personal Information.
Data and Information Security
The security of Customer information is of utmost importance to the Bank and the Bank take all reasonable precautions to protect information from misuse, loss, unauthorized access, modification or disclosure.
The Bank takes the appropriate security measures, such as computer access limitations and computer virus countermeasures, to prevent the loss, destruction, falsification, and leakage of Customers’ data and personal information.
The Bank shall ensure that any agent or service provider of the Bank which receives or has access to data and personal information of the Bank’s Customers shall also maintain strict controls over such personal information to ensure confidentiality.
Specific Security Measures for Bank’s Internet Banking and Mobile Application
The Bank has implemented the following security measures:
- Encryption: Critical data and personal information stored on the Bank mobile application platform and Internet banking are encrypted. Channel between mobile application/internet banking page and servers are also encrypted;
- Remote Wipe: The Bank can de-attach Customer’s mobile device from Customer‘s account (disable quick login in exact mobile device) if the PIN Code is misused or the mobile phone is lost. The Bank and the Customer can remotely wipe the mobile application and keychain data if the PIN Code is misused or the mobile phone is lost. Wiping Customers’ data and personal information includes wiping the keys used to encrypt said data and information;
- Time Out: The Bank mobile application/internet banking automatically locks after a period of inactivity. The PIN Code must be reentered to unlock the application;
- Update: Customers are compelled to use the latest version of the Bank mobile application and always make sure to use the authentic Internet Banking page: https://ib.pacificprivatebank.com/ ;
- Authentication Processes: The Bank has implemented a series of authentication processes for full access of its mobile application and internet banking (i.e. authentication by insertion of username, password, PIN Code generated by PIN generator, drawing Customer’s unique passlock pattern for quick login etc.);
NB! Сlients should never access Internet Banking from computer terminals which are shared with other users (e.g. Internet cafés), as these computers may have various malware collecting client’s personal/account information as well as client’s personal information may be retrievable from the hard drive of such computers.
What are cookies?
Cookies are text files containing small amounts of information which are downloaded to visitor’s computer or device when he/she visits Bank’s website or internet enabled service. Cookies are then sent back to the originating web domain on visitor’s subsequent visits to that domain.
Cookies are useful because they allow a website or internet enabled service to recognize a user’s device. Cookies allow the visitor to navigate between pages efficiently, remember preferences and generally improve the user experience and for the Bank to make the banking services more secure.
Session cookies are deleted automatically when the user closes browser and persistent cookies remain on the device after the browser is closed (for example to remember user’s preferences when he/she returns to the site or service).
The Bank uses two types of cookies:
- strictly necessary cookies, which are specific cookies to enhance the security of the internet banking and mobile banking service, and
- functionality cookies which may be used to provide the client with certain functionality. Functionality cookies may be used for example, to remember choices the user makes (such as user name, language or the region user is in), or to recognize the platform from which the user access the website, and to provide enhanced and more personal features. These cookies are not used to track user’s browsing outside of the Bank’s service usage.
With regard to the website the Bank may use Google Analytics cookies or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they may relate to the Bank’s website.
Where the client access the services through a tablet or mobile device the cookies are stored in the Mobile Application the client downloads to his mobile device.
If the client does not consent to the use of the cookies he/she should not browse the Bank’s webpage, should not access Bank’s internet banking site or download the Mobile Application to his/her device.
General Conditions of Use
This Policy is part of the General Terms and Conditions of the Bank and is subject to any rules, manuals or procedures governing the use of the Bank mobile application (hereafter “Usage Manuals”) as disclosed to the Customer personally or publicly on Bank’s website www.pacificprivatebank.com. In case of discrepancy between the provisions of this Policy and the provisions of the General Terms and Conditions or Usage Manuals, the latter shall prevail.
The Bank may amend this Policy in accordance with any amendments to (i) the applicable laws, rules, regulations of Vanuatu, or (ii) the Bank’s internal rules, instructions and guidelines relating to the protection of confidential information and/or personal data.