AgriBank PLC, (hereafter referred to as the “Bank”, “we” or “us”) having company registration number C.57067 and its registered office at SkyParks Business Center, Malta International Airport, Luqa, LQA 4000, Malta will act as the Data Controller in processing your personal data and/or personal data relating to individuals connected to your business in accordance with the Data Protection Act, Chapter 586 of the laws of Malta and which implements and further specifies the relevant provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, better known as the General Data Protection Regulation (hereafter referred to as the “Regulation” or “GDPR”).
“You” or “your” shall mean you, any authorised person on your account, anyone who does your banking or deals with us on your behalf.
Information we collect
The information collected by the Bank includes information that you provide to us, information that we generate about you and information collected from other sources.
When you apply for one of our products or services and open an Account with us, we will collect Personal Data as necessary to offer and fulfil the products and services you request. Depending on the product or service you request, we require you to provide us with your personal details or personal data relating to individuals connected to your business, including:
name, gender, date and place of birth; contact details such as address, email address, landline and mobile numbers; and information concerning your identity such as photo ID, passport information, National Insurance number, Tax identification number, National ID card, tax residency and nationality.
Your user login credentials for online banking and security questions which will enable us to identify you when contacting our customer support.
The information the Bank generates about you include:
your financial information, your account(s) number(s) and history, transactions records, payments into your account including full beneficiary name, bank account number and sort code, address and details of the underlying transaction and information concerning your complaints;
information we use to identify and authenticate you and individuals connected to your business; your credit risk rating and transactional behaviour;
due diligence checks, sanctions and anti-money laundering checks and information that we need to support our regulatory obligations for the detection of any suspicious and unusual activity;
records of correspondence and other communications with you, including emails.
Other sources of information collected from third parties include information received from Credit Reference Agencies, the Central Credit Register maintained by the Central Bank of Malta, other reference databases and any publicly available sources of information.
Purpose and legal basis for processing your personal data
The Bank uses your information for the following purposes:
a) The provision of its banking products and services, including the administration of your account(s) or to carry out your payment orders/instructions. The Bank will process your information which is necessary for the performance of an agreement to which you are a party or in order to take steps at your request to entering into an agreement;
b) The prevention and detection of crime including, fraud, tax evasion, terrorist financing and money laundering through our ongoing monitoring, mitigation and risk management, customer due diligence, name screening, transaction screening and customer risk assessments. This processing is necessary for compliance with legal obligations to which the Bank is subject and for the purpose of the Bank’s legitimate interest.
c) Credit risk management – The Bank has a legitimate interest in conducting a risk assessment prior to providing credit and on an ongoing basis thereafter;
d) The protection of the Bank’s legal rights and interests such as debt collection, enforcing or protecting the Bank’s collateral; court action; managing complaints or disputes. The Bank has a legitimate interest to take action against you or other persons, in the case of joint borrowers or persons who give a guarantee or other security for your obligations to the Bank.
e) Marketing – For the Bank to use your information to provide you with information about its products and services, and also products and services from other relevant third parties. The Bank will always make sure that it obtains your consent before processing your information for marketing purposes. Furthermore, you will be granted the option to withdraw your consent for the processing of your information for marketing purposes at any time.
Disclosure of your personal data
The Bank will share your information with others where it is lawful to do so including where the Bank or any third party needs it in order to provide you with the product or service;
has a public or legal obligation to do so for the detection and prevention of fraud, tax evasion and financial crime;
in connection with regulatory reporting, litigation or asserting or defending its legal rights and interests;
under a legitimate interest to manage risk, including financial crime risk, verify your identity; or has obtained your consent to share it.
Specifically, the Bank may share your information for the above purposes with others including:
a) any brokers who introduce you to the Bank or deal with the Bank on your behalf, agents or service providers who work for the Bank or provide services to the Bank (including their employees, subcontractors, service providers, directors and officers);
b) any joint account holders;
c) third parties who give guarantees or other security for any amounts you owe the Bank such as guarantors;
d) people you make payments to and receive payments from, payment service providers, correspondent and agent banks, clearing houses, clearing or settlement systems;
e) other financial institutions, lenders and holders of security over any property you hypothec or pledge in favour of the Bank;
f) credit reference agencies and debt recovery agents;
g) law enforcement, government, tax authorities, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
h) the Central Bank of Malta in order to update the Central Credit Register maintained by the Central Bank of Malta;
i) other third parties involved in any disputes, including disputed transactions;
j) fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity;
k) anyone who you provided instructions or power of attorney or operates any of your accounts or service on your behalf.
Transfer of your personal data to third countries
The Bank shall not cause or permit any personal data to be transferred outside of the EEA, unless such transfer takes place under one of the following conditions:
a) Transfers based on adequacy decisions, that is, processing of the personal data carried out in a country that the European Commission has considered as offering an adequate level of protection;
b) Transfer subject to adequate safeguards on the basis of an agreement between the Bank and a data processor, designed to protect your information, in the appropriate form approved for this purpose by the European Commission;
c) You have consented to such transfer and acknowledge and accept that certain data processors engaged by the Bank in the provision of the products and services are located in a country that the European Commission has not formally declared to have an adequate level of protection and are not able to demonstrate appropriate safeguards;
d) the transfer is necessary for the performance of the agreement between you and the Bank;
e) the transfer is necessary for the conclusion or performance of the agreement between you and the Bank concluded in your interest between the Bank and the data processor;
f) the transfer is necessary for important reasons of public interest;
g) the transfer is necessary for the establishment, exercise or defence of legal claims; or
h) the transfer is made from a register which according to European Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or Member State law for consultation are fulfilled in the particular case.
Retention of information
In accordance with the Bank’s Data Retention Policy, your personal data will be retained for a period of six years from the end of our business relationship or for a longer period when required by a competent authority. Your account and transaction data will be retained by the Bank for a period of ten years to comply with fiscal legal requirements.
Automated decision-making, including profiling
The Bank may use automated systems to help it make decisions, such as when you apply for products and services, to make credit decisions and to carry out fraud and money laundering checks. We may use technology that helps us identify the level of risk involved in customer or account activity, such as for credit, fraud or financial crime reasons.
You have a number of rights in relation to the personal data that the Bank holds about you. These rights include:
a) the right to access information the Bank holds about you and to obtain information about how the Bank processes it;
b) the right to withdraw at any time your consent without affecting the lawfulness of processing based on such consent before its withdrawal;
c) where applicable, the right to receive certain information you have provided to the Bank in an electronic format and/or request the Bank to transmit it to a third party;
d) the right to request the Bank to rectify your information if it is inaccurate or incomplete;
e) the right to request in certain circumstances the Bank to erase your personal data, unless this is necessary for compliance with a legal obligation to which the Bank is subject to or for the establishment, exercise or defence of a legal claim;
f) in certain circumstances the right to obtain from the Bank restriction to your personal data; and
g) the right to object at any time to processing of your personal data for direct marketing purposes and to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similar significant effects to you, unless such decision is necessary for entering into, or performance of the agreement between you and the Bank.
You can exercise your rights at any time by contacting directly the Bank’s Data Protection Officer by email to email@example.com or by phone on 00356 2092 6000.
You have also the right to raise complaints or concerns about the Bank’s use or processing of your personal information with the body regulating data protection in your country. In Malta, this is the Office of the Information and Data Protection Commissioner (details are available at https://idpc.gov.mt/en/Pages/Home.aspx).
How we keep your personal data secure
We store your personal information on secure servers that are managed by us and maintained by our service providers. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.