PRIVACY POLICY

Purpose

Boslil Bank Limited and its affiliated companies significantly value your trust in us. We truly understand our duty to protect and responsibly use the information that you share with us, and we pledge our commitment to fulfilling that responsibility. The purpose of this Privacy Statement, a policy shared by all of our affiliate companies, is to inform you on how we treat your personal information.

Information we collect and how we use it

The types of personal information we may collect (directly from you or third parties) depend on the nature of the relationship that you have with Boslil. Regardless of the source, we only collect information relevant for the purposes of processing information to which you have consented, except where required by law, to protect the interests of Boslil or in the discharge of public duty.

Below are some of our sources for collecting personal information and, once collected, how we use it.

Customers. In order to service your business, Boslil obtains information (including financial) about you from some or all of the following sources:

Information you provide on the Bank application and other forms;
Information from your intermediaries;
Information from your transactions with us;
Information from consumer reporting agencies;
Individually identifiable information when you apply for a banking product, investment, or any lending product that Boslil offers;
Individually identifiable health information from your health care providers; and
Information from our website, mobile applications, online customer portals, such as site visit data and information collection devices (cookies).

From these sources we may obtain information such as:

Name, address (e-mail address, if applicable), telephone number, date of birth, government identifier;
Driver’s License Number, and accident and violation history;
Telematics data;
Credit information and information about previous insurance transactions;
With your authorization;
Banking information; and Payment and account history.

Websites

We collect two types of information about users of our sites:

Information that users provide through optional, voluntary submissions. These are voluntary submissions from disclosures regarding customers’ profile and participation in polls, surveys, completion of online forms and subscriptions for services.
Information that we gather through aggregated tracking and information derived mainly by tallying page views throughout our sites and telematics data. This information allows us to better tailor our content to user’s needs and to better understand the demographics of our audience. Compiling such aggregated demographic data is essential to keeping our service up to date for our users.

We shall not disclose any information collected from any user unless such disclosure is permitted by law, required by an order of a court of competent jurisdiction or the disclosure is consented to by the owner of the information.

Collection of information from websites and mobile applications

[1] Optional Voluntary Information.  We offer the following services, which require some type of voluntary submission of personal information by users:
Insurance products
Investment products
Banking products
Mortgages

[2] Usage Tracking.  We track user traffic patterns throughout all of our sites. However, we do not correlate this information with data about individual users. We break down overall usage statistics according to a user’s domain name, browser type, and MIME (Multipurpose Internet Mail Extension) type by reading this information from the browser string (information contained in every user’s browser).

[3] Cookies.  We may place a text file called a “cookie” in the browser files of your computer. The cookie itself does not contain personal information although it will enable us to relate your use of this site to information that you have specifically and knowingly provided. However, the only personal information a cookie can contain is information that you supply yourself. A cookie cannot read data off your computer or read cookie files created by other sites. When visiting one of our sites for the first time, you will be prompted with a pop-up box to accept or decline our use of cookies. Should you decline to allow cookies, some features of our sites may be unavailable to you. Should you consent to our use of cookies, the cookie will be deleted once you end your session by closing your browser. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You do not need to have cookies turned on to use this site. However, you do need cookies to participate actively in features such as but not limited to online message boards, forums, polling and surveys.

Use of information.  We use information provided by users through analytics to enhance their experience on our site, whether to provide interactive or personalized elements on the site; to better prepare future content based on the interests of our users or to develop new leads for potential sales.

Sharing of the Information.  We use the information provided by users to tailor our content to suit your needs. We will only share information about individual users with any third party in circumstances where we are legally permitted or required for business operations to provide information.

Network Security.  We operate secure data networks which comply with the industry standards for information systems security. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by users. Notwithstanding the foregoing, every reasonable effort will be made to secure your data but we cannot guarantee that the information you share will be secure during transmission to our web-servers.

INFORMATION WE SHARE.  We will not disclose our current and former customers´ information to affiliated or nonaffiliated third parties, except as permitted by law. To the extent permitted by law, we may disclose to either affiliated or non-affiliated third parties all of the information that we collect about our customers, as described in this section.

In general, any disclosures to affiliated or non-affiliated third parties will be for the purpose of them providing services for us so that we may more efficiently administer your policy or product and process the transactions and services you request. Our agreements with third parties require them to use this information responsibly and restrict their ability to share this information with other parties. We do not sell information to either affiliated or non-affiliated parties.

We also may disclose the information we obtain about you to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. The information we may share may include your name, address and phone number, and the product(s) you own.

We do not internally or externally share health information other than, as permitted by law, to process transactions or to provide services that you have requested or to facilitate transparency or risk mitigation. These transactions or services include, but are not limited to, underwriting insurance policies, obtaining reinsurance on life policies and processing claims for waiver of premium, accelerated death benefits, terminal illness benefits or death benefits.

You should know that if your intermediary is independent of Boslil, he or she is responsible for the use and security of information you provide him or her. Please contact your intermediary if you have questions about his or her privacy policy.

RETENTION OF YOUR INFORMATION.  We will only retain your personal information as long as it is necessary or as required by law. When we destroy the information, we will use safeguards to prevent unauthorized parties from gaining access to the information during the process.

SAFEGUARDING YOUR INFORMATION.  Boslil has security practices and procedures in place to prevent unauthorized access to your nonpublic personal information. Our practices of safeguarding your information help protect against the criminal use of the information. Boslil administrative, technical and physical safeguards are designed to protect personal information that is received against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Our employees receive training, are bound by a Code of Conduct requiring that all information be kept in strict confidence, and they are subject to disciplinary action for violation of the Code. We restrict access to information about you to only those employees who need to know that information to perform their job. We maintain physical, electronic, and procedural safeguards, which comply with local laws and regulations to guard your information.

CHANGES TO THIS PRIVACY STATEMENT.  We reserve the right to change our privacy policy in the future, but we will not disclose your nonpublic personal information as required or permitted by law without giving you an opportunity to instruct us not to do so.

QUESTIONS.  You have a right to know the information we have about you. You must request this in writing. If you believe any of the information is erroneous, please explain in writing. If we do not agree that it needs correction, we will notify you and you will be entitled to provide a statement of disagreement which we will file with the information.

For requests about your information, or questions about this Privacy Statement, please write or call:

Boslil Bank Limited
Boslil Bank Limited
Boslil House
Rodney Bay Marina
P.O. Box RB 2385
Gros Islet Highway, Gros Islet
Saint Lucia +1 246 467 7577

PRIVACY NOTICE REGARDING PERSONAL INFORMATION FOR DATA SUBJECTS WHO RESIDE IN THE EUROPEAN UNION

EU GENERAL DATA PROTECTION REGULATION (“GDPR”).  Although we do not market or sell Boslil products or services in the European Economic Area (“EEA”), in order to continue serving an existing business relationship, we may incidentally collect or transfer personal information from individuals (“Data Subjects”) located within the EEA.  Personal information that may be collected by us from a Data Subject in the EEA may include:

NAME
ADDRESS
PHONE NUMBER
EMAIL ADDRESS
SPECIFIC INFORMATION GATHERED ON AML QUESTIONNAIRE
OTHER DATA ELEMENTS

LAWFUL GROUNDS TO PROCESS AND OBTAIN CONSENT.  Data subjects whose personal information is collected in the EEA may withdraw consent at any time where consent is the lawful basis for processing his/her information.  Should a data subject withdraw consent for processing or otherwise object to processing that impedes Boslil’s ability to comply with applicable regulations, a data subject may be unable to avail him/herself of the products or services that Boslil provides.

DATA SUBJECTS’ RIGHTS.  All individuals whose personal information is held by Boslil have the right to:

Ask what information Boslil holds about them and why;
Ask for a copy of such information or access to such information;
Be informed how to correct or keep that information up to date;
Be informed on how Boslil is meeting its data protection obligations.

Furthermore, for data collected in the EEA, data subjects have the right to:

Ask for a copy of such information to be sent to a third party;
Ask for data to be erased if possible and required under the GDPR;
Ask for processing of personal information to be restricted if possible and required under GDPR;
Object to processing of personal information if possible and required under GDPR;
Object to automated decision-making where applicable; and
Contact a supervisory authority in the EEA to lodge a complaint regarding Boslil processing of your personal data.

AUTOMATED DECISION-MAKING. Boslil does not engage in automated decision-making as defined by the GDPR.

NON-DISCLOSURE OF INFORMATION. Boslil does not share any nonpublic personal information with any non-affiliated third parties, except in the following circumstances:

As necessary to provide the service that the customer has requested or authorized, or to maintain and service the customer’s account;
As required by regulatory authorities or law enforcement officials who have jurisdiction over Boslil or as otherwise required by any applicable law; and
To the extent reasonably necessary to prevent fraud and unauthorized transactions.
To the extent reasonably necessary to facilitate business operations.

Boslil employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside Boslil, including family members, except under the circumstances described above.  An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the customer.

SECURITY AND DISPOSAL OF INFORMATION. Boslil restricts access to nonpublic personal information to those employees who need to know such information to provide services to our customers.  All electronic or computer files containing such information shall be secured and protected from access by unauthorized persons.  Electronic and paper records used for business purposes must not be left in places where they are visible to unauthorized persons.  Data printouts and files must be disposed of securely when no longer needed.

Boslil’s information safeguarding standards encompass all aspects of its business and are adopted in its Information Security Standards document, which include the following key Standards:

Information Security
Ownership of Data
Business Use of Systems
Individual Identification and Authentication
Access Control
Information Management
Policy Awareness and Security Training
Security Incident Management
Availability
Monitoring
Logging and Auditing
Physical Security
Third Party Information Exchange
Systems Development and Maintenance of Infrastructure
Protection of Third Party Information
Acceptable Encryption
Information Risk Analysis
Forensics Investigation
Application and Information Access Control
Security of System Files

BOSLIL CONTACT INFORMATION FOR PERSONS LOCATED WITHIN THE EEA. If you are located in the European Economic Area (“EEA”) or Switzerland and have questions or concerns regarding the processing of your personal information, you may contact our EU Representative at: info@boslil.com; or write to us at:

Boslil Bank Limited
Boslil House
Rodney Bay Marina
P.O. Box RB 2385
Gros Islet Highway, Gros Islet
Saint Lucia