PROVEN Bank (Saint Lucia) Limited and its affiliated companies significantly value your trust in us. We truly understand our duty to protect and responsibly use the information that you share with us, and we pledge our commitment to fulfilling that responsibility. The purpose of this Privacy Statement, a policy shared by all of our affiliate companies, is to inform you on how we treat your personal information.
Information we collect and how we use it
The types of personal information we may collect (directly from you or third parties) depend on the nature of the relationship that you have with PROVEN Bank (Saint Lucia) Limited. Regardless of the source, we only collect information relevant for the purposes of processing information to which you have consented, except where required by law, to protect the interests of PROVEN Bank (Saint Lucia) Limited or in the discharge of public duty. Data will be maintained in accordance with timelines directed by the necessary policies and Acts.
Below are some of our sources for collecting personal information and, once collected, how we use it.
In order to service your business, PROVEN Bank (Saint Lucia) Limited obtains information (including financial) about you from some or all of the following sources:
Information you provide on the Bank application and other forms;
Information from your intermediaries;
Information from your transactions with us;
Information from consumer reporting agencies;
Individually identifiable information when you apply for a banking product, investment, or any lending product that PROVEN Bank (Saint Lucia) Limited offers; and
Information from our website, mobile applications, online customer portals, such as site visit data and information collection devices (cookies).
From these sources we may obtain information such as:
Name, address (e-mail address, if applicable), telephone number, date of birth, government identifier;
Driver’s License Number, and accident and violation history;
Credit information and information about previous insurance transactions;
With your authorization;
Banking information; and Payment and account history.
We collect two types of information about users of our sites:
Information that users provide through optional, voluntary submissions. These are voluntary submissions from disclosures regarding customers’ profile and participation in polls, surveys, completion of online forms and subscriptions for services.
Information that we gather through aggregated tracking and information derived mainly by tallying page views throughout our sites and telematics data. This information allows us to better tailor our content to user’s needs and to better understand the demographics of our audience. Compiling such aggregated demographic data is essential to keeping our service up to date for our users.
We shall not disclose any information collected from any user unless such disclosure is permitted by law, required by an order of a court of competent jurisdiction or the disclosure is consented to by the owner of the information.
Collection of information from websites and mobile applications
 Optional Voluntary Information. We offer the following services, which require some type of voluntary submission of personal information by users:
 Usage Tracking. We track user traffic patterns throughout all of our sites. However, we do not correlate this information with data about individual users. We break down overall usage statistics according to a user’s domain name, browser type, and MIME (Multipurpose Internet Mail Extension) type by reading this information from the browser string (information contained in every user’s browser).
Use of information. We use information provided by users through analytics to enhance their experience on our site, whether to provide interactive or personalized elements on the site; to better prepare future content based on the interests of our users or to develop new leads for potential sales.
Sharing of the Information. We use the information provided by users to tailor our content to suit your needs. We will only share information about individual users with any third party in circumstances where we are legally permitted or required for business operations to provide such information.
Network Security. We operate secure data networks which comply with the industry standards for information systems security. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by users. Notwithstanding the foregoing, every reasonable effort will be made to secure your data but we cannot guarantee that the information you share will be secure during transmission to our web-servers.
INFORMATION WE SHARE. We will not disclose our current and former customers´ information to affiliated or nonaffiliated third parties, except as permitted by law. To the extent permitted by law, we may disclose to either affiliated or non-affiliated third parties all of the information that we collect about our customers, as described in this section.
In general, any disclosures to affiliated or non-affiliated third parties will be for the purpose of them providing services to us so that we may more efficiently administer your policy or product and process the transactions and services you request. Our agreements with third parties require them to use this information responsibly and restrict their ability to share this information with other parties. We do not sell information to either affiliated or non-affiliated parties.
We also may disclose the information we obtain about you to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. The information we may share may include your name, address and phone number, and the product(s) you own.
We do not internally or externally share health information other than, as permitted by law, to process transactions or to provide services that you have requested or to facilitate transparency or risk mitigation. These transactions or services include, but are not limited to, underwriting insurance policies, obtaining reinsurance on life policies and processing claims for waiver of premium, accelerated death benefits, terminal illness benefits or death benefits.
RETENTION OF YOUR INFORMATION. We will only retain your personal information as long as it is necessary or as required by law. When we destroy the information, we will use safeguards to prevent unauthorized parties from gaining access to the information during the process.
SAFEGUARDING YOUR INFORMATION. PROVEN Bank (Saint Lucia) Limited has security practices and procedures in place to prevent unauthorized access to your nonpublic personal information. Our practices of safeguarding your information help protect against the criminal use of the information. PROVEN Bank (Saint Lucia) Limited administrative, technical and physical safeguards are designed to protect personal information that is received against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Our employees receive training, are bound by a Code of Conduct requiring that all information be kept in strict confidence, and they are subject to disciplinary action for violation of the Code. We restrict access to information about you to only those employees who need to know that information to perform their job. We maintain physical, electronic, and procedural safeguards, which comply with local laws and regulations to guard your information.
QUESTIONS. You have a right to know the information we have about you. You must request this in writing. If you believe any of the information is erroneous, please explain in writing. If we do not agree that it needs correction, we will notify you and you will be entitled to provide a statement of disagreement which we will file with the information.
For requests about your information, or questions about this Privacy Statement, please write or call:
PROVEN Bank (Saint Lucia) Limited
Rodney Bay Marina
P.O. Box RB 2385
Gros Islet Highway, Gros Islet
Saint Lucia +1 246 467 7577
PRIVACY NOTICE REGARDING PERSONAL INFORMATION FOR DATA SUBJECTS WHO RESIDE IN THE EUROPEAN UNION
EU GENERAL DATA PROTECTION REGULATION (“GDPR”). Although we do not market or sell PROVEN Bank (Saint Lucia) Limited products or services in the European Economic Area (“EEA”), in order to continue serving an existing business relationship, we may incidentally collect or transfer personal information from individuals (“Data Subjects”) located within the EEA. Personal information that may be collected by us from a Data Subject in the EEA may include:
SPECIFIC INFORMATION GATHERED ON AML QUESTIONNAIRE
OTHER DATA ELEMENTS
LAWFUL GROUNDS TO PROCESS AND OBTAIN CONSENT. Data subjects whose personal information is collected in the EEA may withdraw consent at any time where consent is the lawful basis for processing his/her information. Should a data subject withdraw consent for processing or otherwise object to processing that impedes PROVEN Bank (Saint Lucia) Limited’s ability to comply with applicable regulations, a data subject may be unable to avail him/herself of the products or services that PROVEN Bank (Saint Lucia) Limited provides.
DATA SUBJECTS’ RIGHTS. All individuals whose personal information is held by PROVEN Bank (Saint Lucia) Limited have the right to:
Ask what information PROVEN Bank (Saint Lucia) Limited holds about them and why;
Ask for a copy of such information or access to such information;
Be informed how to correct or keep that information up to date;
Be informed on how PROVEN Bank (Saint Lucia) Limited is meeting its data protection obligations.
Furthermore, for data collected in the EEA, data subjects have the right to:
Ask for a copy of such information to be sent to a third party;
Ask for data to be erased if possible and required under the GDPR;
Ask for processing of personal information to be restricted if possible and required under GDPR;
Object to processing of personal information if possible and required under GDPR;
Object to automated decision-making where applicable; and
Contact a supervisory authority in the EEA to lodge a complaint regarding PROVEN Bank (Saint Lucia) Limited’s processing of your personal data.
AUTOMATED DECISION-MAKING. PROVEN Bank (Saint Lucia) Limited does not engage in automated decision-making as defined by the GDPR.
NON-DISCLOSURE OF INFORMATION. PROVEN Bank (Saint Lucia) Limited does not share any nonpublic personal information with any non-affiliated third parties, except in the following circumstances:
As necessary to provide the service that the customer has requested or authorized, or to maintain and service the customer’s account;
As required by regulatory authorities or law enforcement officials who have jurisdiction over PROVEN Bank (Saint Lucia) Limited or as otherwise required by any applicable law; and
To the extent reasonably necessary to prevent fraud and unauthorized transactions.
To the extent reasonably necessary to facilitate business operations.
PROVEN Bank (Saint Lucia) Limited employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside PROVEN Bank (Saint Lucia) Limited, including family members, except under the circumstances described above. An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the customer.
SECURITY AND DISPOSAL OF INFORMATION. PROVEN Bank (Saint Lucia) Limited restricts access to nonpublic personal information to those employees who need to know such information to provide services to our customers. All electronic or computer files containing such information shall be secured and protected from access by unauthorized persons. Electronic and paper records used for business purposes must not be left in places where they are visible to unauthorized persons. Data printouts and files must be disposed of securely when no longer needed.
PROVEN Bank (Saint Lucia) Limited’s information safeguarding standards encompass all aspects of its business and are adopted in its Information Security Standards document, which include the following key Standards:
Ownership of Data
Business Use of Systems
Individual Identification and Authentication
Policy Awareness and Security Training
Security Incident Management
Logging and Auditing
Third Party Information Exchange
Systems Development and Maintenance of Infrastructure
Protection of Third Party Information
Information Risk Analysis
Application and Information Access Control
Security of System Files
CONTACT INFORMATION FOR PERSONS LOCATED WITHIN THE EEA. If you are located in the European Economic Area (“EEA”) or Switzerland and have questions or concerns regarding the processing of your personal information, you may contact our EU Representative at: firstname.lastname@example.org; or write to us at: