Last updated on 8 June 2023
AgriBank PLC, (hereafter referred to as the “Bank”, “we” or “us”) having company registration number C.57067 and its registered office at SkyParks Business Center, Malta International Airport, Luqa, LQA 4000, Malta will act as the Data Controller in processing your personal data and/or personal data relating to individuals connected to your business in accordance with the Data Protection Act, Chapter 586 of the laws of Malta and which implements and further specifies the relevant provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, better known as the General Data Protection Regulation (hereafter referred to as the “Regulation” or “GDPR”).
“You” or “your” shall mean you, any authorised person on your account, anyone who does your banking or deals with us on your behalf.
Information we collect and generate about you
The information collected by the Bank includes information that you provide to us, information that we generate about you and information collected from other sources.
When you apply for one of our products or services and open an Account with us, we will collect Personal Data as necessary to offer and fulfil the products and services you request. Depending on the product or service you request, we require you to provide us with your personal details or personal data relating to individuals connected to your business, including:
- Identification data like name, gender, photograph, date and place of birth, languages, signatures, titles.
- Relationships and involvements like connections to other individuals, connections to companies including employers, company structures including ownership, controllership powers, director and legal representative powers and authorised signatory powers.
- Contact details such as home and business address, email addresses, landline and mobile numbers.
- National Identification Information including documents and accompanying information concerning your identity such as National ID card, Passport, immigration status and documentation, visas, social security numbers, national insurance numbers, Tax identification number, Tax residency countries, and Nationality.
- Criminal records data like police conduct, due diligence checks, sanctions and anti-money laundering checks and criminal offence information needed to support regulatory obligations for the detection of any suspicious and unusual activity.
- Wealth details including the source of your wealth, source of funds, company structures including ownership percentages, credit risk rating including data obtained from professional or public sources like credit risk agencies or the central credit register.
- Financial Information like account(s) number(s) and history, transactions records and behaviour, payments into and out of your accounts including full debtor or creditor name, bank account numbers and sort codes, address and details of the underlying transaction.
- Correspondence from or to the Bank including instructions, queries, and complaints.
- Meeting records including possibly audio-visual recordings of such, attendance and contributions to company meetings and committees including meeting minutes.
- Information Technology Information like user login credentials for online banking, information that helps monitor the correct use of IT systems and networks, and any software or hardware inventories, and security questions which will enable us to identify you and authenticate you including when contacting our customer support.
- Telecommunication Information like phone logs and records
- Other sources of information collected from third parties include information received from Credit Reference Agencies, the Central Credit Register maintained by the Central Bank of Malta, other reference databases and any publicly available sources of information.
Purpose and legal basis for processing your personal data
The Bank uses your information for the following purposes:
- The provision of its banking products and services, including the administration of your account(s) or to carry out your payment orders/instructions. The Bank will process your information which is necessary for the performance of an agreement to which you are a party or in order to take steps at your request to entering into an agreement;
- The prevention and detection of crime including, fraud, tax evasion, terrorist financing and money laundering through our ongoing monitoring, mitigation and risk management, customer due diligence, name screening, transaction screening and customer risk assessments. This processing is necessary for compliance with legal obligations to which the Bank is subject and for the purpose of the Bank’s legitimate interest.
- Credit risk management – The Bank has a legitimate interest in conducting a risk assessment prior to providing credit and on an ongoing basis thereafter;
- The protection of the Bank’s legal rights and interests such as debt collection, enforcing or protecting the Bank’s collateral; court action; managing complaints or disputes. The Bank has a legitimate interest to take action against you or other persons, in the case of joint borrowers or persons who give a guarantee or other security for your obligations to the Bank.
- Marketing – For the Bank to use your information to provide you with information about its products and services, and also products and services from other relevant third parties. The Bank will always make sure that it obtains your consent before processing your information for marketing purposes. Furthermore, you will be granted the option to withdraw your consent for the processing of your information for marketing purposes at any time.
Disclosure of your personal data
The Bank will share your information with others where:
- It is lawful to do so including where the Bank or any third party needs it in order to provide you with the product or service.
- Has a public or legal obligation to do so for the detection and prevention of fraud, tax evasion and financial crime.
- In connection with regulatory reporting, litigation or asserting or defending its legal rights and interests.
- Under a legitimate interest to manage risk, including financial crime risk, verify your identity. or
- Has obtained your consent to share it.
Specifically, the Bank may share your information for the above purposes with others including with:
- Any brokers who introduce you to the Bank or deal with the Bank on your behalf, agents or service providers who work for the Bank or provide services to the Bank (including their employees, subcontractors, service providers, directors and officers).
- Any joint account holders.
- Third parties who give guarantees or other security for any amounts you owe the Bank such as guarantors.
- People you make payments to and receive payments from, payment service providers, correspondent and agent banks, clearing houses, clearing or settlement systems.
- Other financial institutions, lenders and holders of security over any property you hypothec or pledge in favour of the Bank.
- Credit reference agencies and debt recovery agents.
- Law enforcement, government, tax authorities, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities.
- The Central Bank of Malta in order to update the Central Credit Register maintained by the Central Bank of Malta.
- Other third parties involved in any disputes, including disputed transactions.
- Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity.
- Any OpenBanking Third Party Provider to whom you give access
- Anyone who you provided instructions or power of attorney or operates any of your accounts or service on your behalf.
Transfer of your personal data to third countries
The Bank shall not cause or permit any personal data to be transferred outside of the EEA, unless such transfer takes place under one of the following conditions:
- Transfers based on adequacy decisions, that is, processing of the personal data carried out in a country that the European Commission has considered as offering an adequate level of protection.
- Transfer subject to adequate safeguards on the basis of an agreement between the Bank and a data processor, designed to protect your information, in the appropriate form approved for this purpose by the European Commission.
- You have consented to such transfer and acknowledge and accept that certain data processors engaged by the Bank in the provision of the products and services are located in a country that the European Commission has not formally declared to have an adequate level of protection and are not able to demonstrate appropriate safeguards.
- The transfer is necessary for the performance of the agreement between you and the Bank.
- The transfer is necessary for the conclusion or performance of the agreement between you and the Bank concluded in your interest between the Bank and the data processor.
- The transfer is necessary for important reasons of public interest.
- The transfer is necessary for the establishment, exercise or defence of legal claims. Or
- The transfer is made from a register which according to European Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or Member State law for consultation are fulfilled in the particular case.
Retention of Information
In accordance with the Bank’s Data Retention Policy, your personal data will be retained for a period of six years from the end of our business relationship or for a longer period when required by a competent authority. Your account and transaction data will be retained by the Bank for a period of ten years to comply with fiscal legal requirements.
Automated Decision-Making Including Profiling
The Bank may use automated systems to help it make decisions, such as when you apply for products and services, to make credit decisions and to carry out fraud and money laundering checks. We may use technology that helps us identify the level of risk involved in customer or account activity, such as for credit, fraud or financial crime reasons.
You have a number of rights in relation to the personal data that the Bank holds about you. These rights include:
- The right to access information the Bank holds about you and to obtain information about how the Bank processes it.
- The right to request the Bank to rectify your information if it is inaccurate or incomplete.
- The right to withdraw at any time a consent provided to the Bank to process your Personal Data without affecting the lawfulness of processing based on such consent before its withdrawal.
- The right to request in certain circumstances the Bank to erase your personal data, unless this is necessary for compliance with a legal obligation to which the Bank is subject to or for the establishment, exercise or defence of a legal claim.
- Where applicable, the right to receive certain information you have provided to the Bank in an electronic format and/or request the Bank to transmit it to a third party.
- In certain circumstances the right to obtain from the Bank restriction to your personal data via submission of an objection.
- The right to object at any time to processing of your personal data for direct marketing purposes and to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similar significant effects to you, unless such decision is necessary for entering into, or performance of the agreement between you and the Bank.
You can exercise your rights at any time by contacting directly the Bank’s Data Protection Officer by email to firstname.lastname@example.org or by phone on +356 2092 6000.
You have also the right to raise complaints or concerns about the Bank’s use or processing of your personal information with the body regulating data protection in your country. In Malta, this is the Office of the Information and Data Protection Commissioner (details are available at https://idpc.gov.mt/en/Pages/Home.aspx).
How we keep your personal data secure
We store your personal information on secure environments that are managed and maintained by us or by our service providers. Personal information that we process, store or transmit is protected by means of technical, security and organisation measures including access controls, including login credential authentication, two-factor authentication, and data encryption where appropriate.