Data Protection

The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data and comes into effect on May 25, 2018

The GDPR not only applies to organisations located within the EU, but it will also apply to organisations located outside of the EU, if they offer goods or services to, or monitor the behaviour of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

The Data Protection laws require us to process your personal information fairly, lawfully and in a transparent manner. This means you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide a product or service that you require.

GDPR also requires companies to report data breaches which must be reported to the Information Commissioners Office in the UK within 72 hours and, to individuals affected without delay.

The Jamaica National Group has appointed a Data Protection Officer, who is responsible for monitoring internal compliance, informing and advising the organisation on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the supervisory authority.

Personal information (data) means all information that can be used to directly or indirectly identify a person. Examples would be names, dates of birth, addresses, tax reference number and also online identifiers such as IP addresses, types of website cookies and other device identifiers.

The lawful basis on which data is processed is as follows:

1. Consent: the individual has given clear consent for processing of personal data for a specific purpose.
2. Contract: the processing is necessary to fulfill a contract with an individual.
3. Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
4. Vital interests: the processing is necessary to protect someone’s life.
5. Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
6. Legitimate interests: the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

You have rights over your personal information. This includes the right to access a copy of personal information or have some elements of it transmitted to you or another company in an electronic format. In certain circumstances you can have your personal information corrected or erased or you can restrict the use of it.

You have the following rights:

• Access – You have a right to ask if we have your personal information. If we do, you have a right to know why we have it, what type of information we possess, whether we have or will send it to others, especially outside the European Economic Area, how long we will keep it, where we got it from, details of any automated decision-making.
• Rectification – Where any of your information is incorrect, you have a right to tell us to correct it promptly. Please tell us as quickly as possible if you change your address or other contact details. If your information is incomplete, you can ask us to correct this too.
• Right to object – Depending on the legal basis for which we are using your information, you may be entitled to object. For example, where we’re using your information connected with marketing, we will stop if you object. However, if we’re using your information to meet certain legal obligations, we may continue to do so even if you object.
• Erasure (right to be forgotten) – You may have a right to have some or all of the information we hold about you deleted. However you should be aware that, as a financial institution, we are required to retain many records even after you close your account.
• Portability – In certain circumstances, you would be entitled to receive some of your information from us electronically. We can either pass the information to you or to another person or business if you want.
• Restriction – You might also be entitled to ask us to restrict our use of your information — for example if you think the information we hold on you is incorrect.
• Automated decision-making – We may use automated systems to make decisions about whether you’re eligible for a particular account or products, and to carry out credit and fraud prevention checks. If we make an automated decision on something important to you, we’ll always allow you to contest the decision, give your views and make sure there’s proper human involvement. The logic and outcomes of this decision-making are tested regularly to make sure they’re fair, effective and unbiased.
• Consent – If you consent to us using your information, you have the right to withdraw that consent at any time.

We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right to complain to the Information Commissioner’s Officer (the ‘ICO’). As an independent UK authority, it upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit their website at https://ico.org.uk

Consent is defined as any freely given, specific, informed and unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data.

The GDPR does not set a specific time limit for consent. Consent is likely to degrade over time, but how long it lasts will depend on the context

All accounts and loans facilitated by the JN Bank UK Representative Offices are domiciled in Jamaica. This means that the Representative Office is collecting information and documents on behalf of JN Bank branches and departments in Jamaica and therefore will need to transmit information to Jamaica for you to obtain the service required.

Your information is therefore stored in Jamaica and disclosed to regulatory authorities and credit reference agencies in Jamaica as required.

JN ensures that contractual commitments are in place to ensure adequate protection is provided to your personal information similar to the standards in the UK.

We treat your personal information as private and confidential but may disclose same to meet our contractual and legal obligations in accordance with the terms and conditions of your account including other JN group company members providing a service in relation to your account/loan. Other conditions could include:

• Where your account is jointly held, the other account holder may be entitled to receive information on the account and transactions
• Where there are connected parties such as a loan guarantor

We will also disclose information where necessary to comply with all obligations include where:

• The law, a regulatory body or public interest requires it
• It is required as part of our duty to protect your accounts

We will keep your information for as long as an account or product application takes and for as long as you have accounts and products with us. We will also keep your personal information for a certain time after your application has ended or you’ve closed your accounts.

When determining how long we keep your information, we take into account our legal obligations, the expectations of financial and data protection regulators and the amount of time we may strictly need to hold your personal information to carry on our business, In usual circumstances, your information will be held for seven years.

The Open Banking (PSD2) initiative, which came into force in the UK on January 13, 2018, requires the UK’s nine biggest banks to release their data in a secure, standardized form, so that it can be shared more easily between authorized organisations online.  The request for sharing is done based on the customer’s request from their bank.  As the JN UK Representative Office is not a bank located in the United Kingdom, they are not affected by this initiative.