We endeavour to maintain the highest standards of confidentiality and to respect the privacy of our customers and associated persons who deal with us. Our commitment to privacy includes being transparent about the nature and extent of the personal data processing we undertake. This privacy statement aims to inform you about how we collect, store, use and disclose information about you when you:
- interact or use our websites;
- register and/or attend any of our events, webinars, or the conferences we host; and
- if you use any of our products, services or applications (collectively the “services”) in any manner.
Who we are
JN Bank is a member company of The Jamaica National Group Limited (the parent company). Our Head Office is in Jamaica and we have a Representatives Office in Canada and a sister company, JN Bank UK, in the United Kingdom. JN Bank takes its data protection and information security responsibilities very seriously. The effective management of all personal data, including its security and confidentiality, lies at the very heart of our business and underpins our practices and processes.
As a firm with a global presence, we are subject to the varying requirements of data protection legislation in the jurisdictions where we operate. Our aim is to be as consistent as possible and obey all applicable laws and apply the highest standard of privacy laws to our approach.
What information do we collect?
We gather various types of information that may identify you as an individual (“personal information”). We gather information from the following sources:
From Websites or Events: We may collect any personal information that you choose to send to us or provide to us. For example, our online forms for our JN Live system collect personal information, or if you register for a JN Bank account or event, we may also collect personal information from you. If you contact us through the website, we will keep a record of correspondence.
From the Services we provide: We receive and store information you provide directly to us. For example, when opening a bank account or transacting through our offices, we may collect your personal information.
The types of information we may collect directly from our customers include:
- Valid Photo ID, for example a Passport, Drivers Licence or ID card
- NI number
- Proof of Employment
- Proof of address, for example a utility bill or credit card bill
- Email address
- Two character references
- Birth certificate
- Declaration of US citizenship, Tax residency, if appropriate
- Tax reference number
- Mother’s maiden name
- Employment status
- Politically Exposed Person declaration, if applicable
- Public Office Exposure, if applicable, as well as any other information the customer chooses to provide us.
If information is uploaded to our systems in connection with the services we retain this information in line with our retention policy.
How do we use the information?
We may use the information we collect from our customers and their users in connection with the services we provide for a range of reasons, including to:
- provide, operate and maintain the services;
- process and complete transactions, and send related information, including transaction confirmations and invoices;
- manage our customers’ use of the services, respond to enquiries and comments and provide customer service and support;
- send customers technical alerts, updates, security notifications, and administrative communications;
- verify customers identity and check credit with credit reference agencies;
- investigate and prevent fraudulent activities, unauthorised access to the services, and other illegal activities; and
- for any other purposes about which we notify customers and users.
When you use the Websites: When you visit our Websites, we may collect certain information related to your device, such as your device’s IP address, what pages your device visited, and the time that your device visited our Website. These include;
- Usage information– we keep track of user activity in relation to the types of services our customers and their users use, and the performance metrics related to their use of the Services.
- Log information– we log information about our customers and their users when you use one of the services including Internet Protocol (“IP”) address.
- Information collected by cookies and other similar technologies– we use various technologies to collect information which may include saving cookies to users’ computers.
For further information, please read the section headed “Cookies” in the “Your Privacy Rights” section of this statement.
We collect this information via our websites:
- to administer our website, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- for trend monitoring, marketing and advertising;
- for compliance purposes, for example, to comply with Know Your Client(KYC) and Anti Money Laundering(AML) laws;
- for purposes made clear to you at the time you submit your information – for example, to fulfil your request for an information note requested about our services;
- as part of our efforts to keep our website secure.
We may access and use information from credit reference and fraud prevention agencies when you open your account and periodically to:
- manage your accounts, including assessing your credit worthiness and checks to avoid customers becoming over-indebted;
- to prevent criminal activity, fraud and money laundering;
- to check your identity and verify the accuracy of the information you provide to us;
- to trace debtors and recover debts.
Our Lawful basis for processing includes:
- Performance of a contract: Our lawful basis for processing is the “Performance of a Contract” for opening a bank account, maintaining your account details and services connected with a bank account. Our Lawful basis for our notary service for the arrangement of Mortgages and Loans is Performance of a Contract. Our Lawful basis for the administration of your pension affairs is Performance of a Contract.
- Legitimate Interest:Our use of your personal information may also be based on our legitimate interest to ensure network and information security if you use any of our systems such as JN Live, and for Credit Checking your details. Our lawful basis is our legitimate interest for the purposes of direct marketing, to provide you with the most appropriate products and services. JN Bank will not share your information with third parties for their own marketing purposes without your permission. For the purposes of risk reporting, general financial and accounting reporting, to internal management and supervisory bodies, our legal basis for processing your details is legitimate Interest.
- Legal Obligation: When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account or provide services to you. This includes processing to: confirm your identity, to perform checks and monitor transactions and location data for preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions.
This may require us to process information about criminal convictions to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies.
We are legally obliged to assess affordability and suitability of credit for initial credit applications and throughout the duration of the relationship, including analysing customer credit data for regulatory reporting. We have a legal obligation to report suspicious activity and complying with court orders.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements. We, and other Jamaica National Group companies, normally keep customer account records for up to seven years after your relationship with the bank ends, then the information is securely destroyed.
We have CCTV in various location on our premises. CCTV is kept until the storage is full and then it is overwritten. We have some cameras that take constant images and some that are activated by motion and consequently our retention policy varies by premises. Our retention policy for CCTV footage varies between 14-90 days depending on the location and nature of recording. We will supply footage if we have it, but do not commit to supplying any footage over 14 days.
Job applicant’s data is kept only for the duration of the application process then it is destroyed if the applicant is unsuccessful.
We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons. As an example, we have to hold pension transfer information indefinitely; and if you apply for insurance cover through us, we may keep insurance claims data for up to 15 years after you stop being a customer.
How do we share and disclose information to third parties?
We do not rent or sell your personal information to anyone. We may share and disclose information (including personal information) about our customers in the following limited circumstances:
- where required for your product or service. If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third-party provider to provide you with account information or payment services, you’re allowing that third party to access information relating to your account. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
- we may share your information with the Police, National Crime Agency or Her Majesty’s Revenue and Customs (HMRC) if requested to do so;
- we may share your information for compliance purposes to national law enforcement agencies in other countries if requested to do so for compliance purposes;
- we may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf;
- we may share your information with credit reference agencies, and they will give us information about you for the purpose of credit and identity checks;
- we may share information with other banks and third parties where required by law to help recover funds that have entered your account as a result of a misdirected payment by such a third party;
- we may share information with other banks to help trace funds where you are a victim of suspected financial crime and you have agreed for us to do so, or where we suspect funds have entered your account because of a financial crime;
- we may share information with third parties providing services to us, such as correspondent banking, and agents and sub-contractors acting on our behalf.
- If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information;
- In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
If JN Bank services receives your personal information and subsequently transfers that information to a third-party agent or service provider for processing, JN Bank services remains committed to ensuring that such third-party agent or service provider processes your personal information to the standard required to meet GDPR and other local privacy laws.
One such third-party service provider who may process your personal information for JN Bank is the Credit Reference Agency, Idology Inc. They, in turn, use the services of Equifax to assist with Credit Checking. You may review the Credit Reference Privacy Notice for Equifax at https://www.equifax.co.uk/crain/ for more information on how your personal information is treated by Idology Inc.
International Data Transfers
We may transfer data when we process an international transaction as part of our contract of service with you. If you send payment information or engage in a money transfer, you allow the end destination bank access to your data.
These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information on the basis that anyone to whom we pass the information protects it in the same way we would and in accordance with this privacy notice and applicable laws. All international transfers outside the EU are protected by EU-based modal contract clauses where there are terms approved by the EU commission.
Personal Information you submit on the websites or through our JN Live system is processed on our servers located in Jamaica and Canada. We have representative offices also in the Cayman Islands, USA and Canada. Information sent from the client to the server is encrypted and our servers are securely protected.
For your convenience, hyperlinks may be posted on the website that link to other websites. We are not responsible for these sites, and this privacy notice does not apply to, the privacy practices of any linked sites or of any companies that we do not own or control. Linked sites may collect information in addition to that which we collect on our website. We encourage you to seek out and read the privacy notice of each linked site that you visit to understand how the information that is collected about you is used and protected.
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of this transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
Jamaica National Group Companies:
We may also share your personal data with our parent company or group company for the purposes consistent with this Privacy Notice. When we send your data to our group companies outside of the EU, you are protected by model contract clauses.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
We use CCTV as a deterrent to protect our staff, customers, equipment and your personal data.
Exercising your Privacy Rights
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to transact with us or to take advantage of some of our offers and discounts.
- track your Internet usage after leaving the website or
- store personal information others may read and understand.
Processing of personal data associated with the use of these cookies occurs based on our legitimate Interests to administer the website.
Our cookies are listed below.
|Cookie Name||Default Expiration time||Description|
|_ga||2 years||This is a Google Analytics cookie used to distinguish users.|
|_gid||24 hours||This is a Google Analytics cookie used to distinguish users and its main purpose is for performance of the site.|
|_gat||1 minute||This is a Google Analytics cookie used to throttle the request rate limiting the collection of data on high traffic sites.|
|PHPSESSID||Expire when browser is closed||In-house cookie generated by applications based on the PHP language. This is a general-purpose identifier used to maintain user session variables. It is normally a random-generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. This is technically required for the functioning of the website.|
You can deactivate the non-technical cookies by not consenting to non-essential cookies when your first visit the site. When you first visit the site, it gives you an opportunity to opt-in or opt-out of cookies.
You may also set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookies preferences for the most common browsers can be found at:
- Google Chrome
- Mozilla Firefox
- MacOS Safari
- Microsoft Internet Explorer
- For other browsers please see allaboutcookies.org
You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google analytics cookies and the associated data processing. You can find the Opt-out browser add-on here.
You can find the Google privacy notice here.
Your rights subject to the application of GDPR
|The right to object to the processing||You have the right to object to the processing of your personal data in certain situations.|
|The right to information||You have the right to be informed whether and to what extent we process your data.|
|The right of access||Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data.|
|The right to rectification||If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.|
|The right to deletion
|Subject to certain exceptions if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations).|
|The right to restrict the processing
|You have the right to request that we restrict the processing of your personal data in certain situations:
· If you contest the accuracy of your personal data, you may request that its processing is restricted while we verify its accuracy.
· If the processing of your personal data is considered unlawful, but you do not require the deletion of your personal data.
· If we no longer need the data for the purposes of its processing, but you need it for the establishment, exercise or defence of legal claims.
· If you object to our processing of your data based on our legitimate interests
|The right to data portability
|Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format.|
|Rights in relation to automated decision making and profiling
|You have the right to object to decisions based exclusively on the automated processing of your personal data.|
|The right to withdraw your consent||If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.|
How Can I Exercise My Data Subject Rights?
If you would like to access, review, update, rectify, and delete any personal information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can obtain contact information from the “Contact Us” section of this privacy notice. Our privacy team will examine your request and respond to you as quickly as possible.
Please note that we may still use any aggregated and de-identified personal information that does not identify any individual. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Automated decision making
You may be subject to automated decision making in the following circumstances.
We may decide what to charge for some products and services based on what we know. This will help us decide whether to offer you the product and what price to charge you.
Tailoring Products, Services, Offers and Marketing.
We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs and behaviours, and to make decisions based on what we learn. This helps us to design products, services and offers for different customer segments, and to manage our relationships with them. It also helps us tailor the information that individuals receive or see on our own and other websites and mobile apps, including social media.
We use your personal information to help decide if your personal or business accounts may be being used for fraud or money-laundering. We may detect that an account is being used in ways that fraudsters work. Additionally, we may notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the account or refuse access to it.
When you open an account with us, we check that the product or service is relevant to you, based on what we know. We also check that you or your business meets the conditions needed to open the account.
Loans and Mortgages and Credit provision
If you take a loan, mortgage or we provide credit to you, we will use your personal information to assess the outcome of the decision to grant you a loan mortgage or credit.
To help us make decisions on when to give you credit, we credit score to assess your application. To work out your credit score, we look at information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available net income and existing debts.
You have right in relation to automated decision making, including a right to appeal if your application is refused.
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us or other Group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you, or you no longer wish to receive this information, you can have your information removed by clicking the unsubscribe link at the bottom of each email communication or by contacting us. For the contact information, please look at the “Contact Us” section of this notice.
We may still send you non-promotional communications, for instance, administration related emails concerning your account.
For any GDPR enquiry you can email us at firstname.lastname@example.org
Or Call us
If you would prefer to use a toll-free number:
You can write to us at 2-4 Constant Spring Road, Kingston 10, Jamaica
You can also contact or Data Protection Officers at;
JN Bank UK
For further information you can find us at www.jnbank.com
You also have the right to make a complaint to an EU regulator if you are resident in the EU. If you are unhappy about the way we have dealt with your privacy, you can contact our Data Protection Officer or make a complaint to the Information Commissioners Office. The details are:
Information Commissioner’s Office
Helpline number: 0044 (0)303 123 1113
Changes to this privacy statement occur from time to time as the business develops and grows and adds more processing. You are encouraged to check back regularly to see any changes that may have occurred.
Information pertaining to children
For children under the age of 13, all data held for children is with the consent of their parents and is held for the purpose of administering a bank account. Our practice is to hold bank accounts jointly in the name of the child and the adult parent. Identification details are held for both the child and the parent.
Updated December 8, 2021