Our Privacy Notice

Before we begin

Your privacy is important to Bank One. This Privacy Notice explains how we collect, share, use,and protect your information. It also explains your rights in relation to the collection of personal information and how you can exercise those rights.

It covers Bank One’s many online services, including Bank One websites, mobile applications,and branded social media sites or pages, as well as any interactions you may have with us while viewing content provided through one of Bank One’s digital advertising campaigns. It also covers information we collect for any personal products or services you have with us, including savings, loans, credit cards, investments and insurance, and when you call us, visit one of our branches, or ask about any of our products and services.

The Bank One Privacy Notice continues to apply even if your agreement for banking, insurance or other products and services with us ends. It should also be read alongside your banking or insurance terms and conditions, as these include sections relating to the use and disclosure of information.

Wherever we have said ‘you’ or ‘your’, this means you, any authorised person on your account,anyone who does your banking or deals with us for you (e.g. trustees or executors, attorneys under a Power of Attorney) and other related people (including authorised signatories, partners, members and trustees). If you’re an insurance customer it also means you, named insured parties or beneficiaries under your policy, dependants, claimants and other third parties involved in an insurance policy or claim (such as witnesses).
When we say ‘we’, we mean Bank One Limited which acts as a data controller with respect to your personal data. Unless otherwise stated below, the data controller for the purposes of this notice is Bank One Limited.
The address for Bank One Limited set out in this notice is 16, Sir William Newton Street Port Louis, Mauritius. If you’d like to get in touch with us, you can also find our contact details below.

The information we collect

We will only collect your information in line with relevant regulations and law. We may collect it from a range of sources and it may relate to any of our products or services you apply for, currently hold or have held in the past. We may also collect information about you when you interact with us, e.g. visit our online services, call us or visit one of our branches, or ask about any of our products and services.
Some of it will come directly from you, e.g. when you provide your ID to open an account. It can also come from your financial advisor, broker or intermediary, the insurance company which provides the insurance policies we offer, or any other sources from which you have asked us to obtain information. We might also collect some information from publicly available sources.

The type of information we collect will differ depending on whether you are a banking, wealth or insurance customer.

Download the Subject Access Request (Record)

The information we collect may include:

Information that you provide to us, e.g.:
  • personal details, e.g. name, previous names, gender, date and place of birth;
  • contact details, e.g. address, email address, landline and mobile numbers;
  • information concerning your identity e.g. photo ID, passport information, Tax Account Number, National ID card and nationality;
  • market research, e.g. information and opinions expressed when participating in market research;
  • user login and subscription data, e.g. login credentials for phone banking, online banking and/or mobile banking applications;
  • other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise;
  • if our relationship arises out of an insurance policy or claim, we may also collect:
  • information regarding your family members or other third parties who might be covered by or benefit from your insurance policy, or be financially dependent on you;
  • information which is relevant to your insurance policy including details of previous policies and claims history. This will depend on the type of policy that you have with us;
  • lifestyle information, e.g. your smoking status and alcohol consumption if you apply for a life insurance policy;
  • details about your physical or mental health which are relevant to your insurance policy or claim, e.g. if you make a claim we may ask for medical information relating to the claim;
  • details about your criminal convictions or related information. This will include information relating to offences or alleged offences;
  • any other information which is relevant to a claim that you make.
Information we collect or generate about you, e.g.:
  • your financial information and information about your relationship with us, including the products and services you hold, the channels you use and your ways of interacting with us, your ability to obtain and manage your credit, your payment history, transaction records, market trades, payments into your account including salary details and information concerning complaints and disputes;
  • information we use to identify and authenticate you, e.g. your signature and your biometric information, such as your voice for voice ID, or additional information that we receive from external sources that we need for compliance purposes;
  • geographic information, e.g. about which branches or ATMs you use;
  • information included in customer documentation, e.g. a record of advice that we may have given you;
  • marketing and sales information, e.g. details of the services you receive and your preferences;
  • cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you – our cookie policy contains more details about how we use cookies and can be found at www.bankone.mu/cookie-policy
  • risk rating information, e.g. credit risk rating, transactional behaviour and under writing information;
  • investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals and/or organisations, including emails, voicemail, live chat, etc.;
  • records of correspondence and other communications between us, including phone calls, email, live chat, instant messages and social media communications;
  • information that we need in order to meet regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities.
Information we collect from other sources, e.g.:
  • information you have asked us to collect for you, e.g. information about your accounts or holdings with other companies including transaction information;
  • information from third party providers, e.g. information that helps us to combat fraud or that relates to your social interactions (including your communications via social media, between individuals, organisations, prospects and other stakeholders acquired from companies that collect combined information);
  • if our information arises out of an insurance policy or claim, we may also collect:
    -information relating to your insurance application where you apply for a policy via a comparison website or aggregator;
    -information relating to your medical records, with your agreement;
    -information relating to your insurance claims history;
    -information from other parties involved in your insurance policy or claim;
    -information from publicly available sources.
How we use your information

We will only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:

  • need to pursue our legitimate interests;
  • need to process the information to carry out an agreement we have with you;
  • need to process the information to comply with a legal obligation;
  • believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime;
  • need to establish, exercise or defend our legal rights;
  • need to use your information for insurance purposes.
The reasons we use your information include to:
  • deliver our products and services;
  • carry out your instructions, e.g. to fulfill a payment request, or make a change to your insurance policy;
  • carry out checks in relation to your creditworthiness;
  • manage our relationship with you, including (unless you tell us otherwise) telling you about products and services we think may be relevant to you;
  • understand how you use your accounts and services;
  • support our banking operations;
  • prevent or detect crime including fraud and financial crime, e.g. financing for terrorism and human trafficking;
  • ensure security and business continuity;
  • manage risk;
  • provide online banking, mobile applications and other online product platforms;
  • improve our products and services;
  • analyse data to better understand your circumstances and preferences to make sure we can provide you with the best advice and offer you a tailored service;
  • protect our legal rights and comply with our legal obligations;
  • correspond with solicitors, surveyors, valuers, other lenders, conveyancers and third party intermediaries;
  • undertake system or product development and for planning, insurance, audit and administrative purposes;
  • recover money which you owe (e.g. where you have not paid for your insurance policy)
How we make decisions about you

We may use automated systems to help us make decisions, e.g. when you apply for products and services, to make credit decisions and to carry out fraud and money laundering checks. We may use technology that helps us identify the level of risk involved in customer or account activity, e.g. for credit, fraud or financial crime reasons, or to identify if someone else is using your card without your permission.
You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision. More details can be found in the ‘Your rights’ section below.

Tracking or recording what you say or do

To help keep you and your money safe, we may record details of your interactions with us. We may record and keep track of conversations you have with us including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of communication. We may use these recordings to verify your instructions to us, assess, analyse and improve our services,train our people, manage risk or prevent and detect fraud and other crimes. We may also capture additional information about these interactions, e.g. telephone numbers from which you call us and information about the devices or software that you use. We use closed circuit television (CCTV) in and around our premises and these may collect photos or videos of you, or record your voice.

Compliance with laws and regulatory compliance obligations

We will use your information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other supervision authorities that Bank One may be subject to. This may include using such information to detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal obligation, when it is in our legitimate interests and that of others, or to prevent or detect unlawful acts.

Marketing and market research

We may use your information to provide you with details about our products and services, and also those of our partners and other relevant third parties. We may send you marketing messages by post, email, telephone, text or secure messaging. You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please contact us in the usual way.
If you ask us not to send you marketing messages, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive such messages. Even if you tell us not to send you marketing messages, we will continue to use your contact details to provide you with important information, such as changes to your terms and conditions or if we need to provide you with specific information in order to comply with our regulatory obligations.

We may use your information for market research and to identify trends. Market research agencies acting on our behalf may get in touch with you by post, telephone, email or other methods of communication to invite you to take part in research. We will not invite you to take part in research using a particular communication method if you have expressly asked us not to get in touch that way. Any responses that you provide whilst participating in market research will be reported back to us anonymously unless you give us permission for your details to be shared.

Disclosure of information

We may share your information with others where it is lawful to do so including where we or they:

  • need it to provide you with products or services you have requested, e.g. fulfilling a payment request;
  • need it to provide you with your insurance policy or to administer your claim;
  • have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
  • need it in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
  • have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with services you have requested, or assess your suitability for products and services;
  • have asked you for your permission to share it, and you have agreed.
We may share your information for these purposes with others including:
  • Bank One sub-contractors, agents or service providers who work for us or provide services to us (including their employees, sub-contractors, service providers, directors and officers);
  • any joint account holders, trustees, beneficiaries or executors;
  • people who give guarantees or other security for any amounts you owe us;
  • people you make payments to and receive payments from;
  • your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counter parties and any companies you hold securities in through us, e.g. stocks, bonds or options;
  • other financial institutions, lenders and holders of security over any property you charge to us, tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents;
  • any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us on your behalf;
  • any entity that has an interest in the products or services that we provide to you, including if they take on the risks related to them;
  • any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • law enforcement, Government, Courts, dispute resolution bodies, our regulators,auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
  • other parties involved in any disputes, including disputed transactions;
  • fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity;
  • anyone who provides instructions or operates any of your accounts on your behalf, e.g. Power of Attorney, solicitors, intermediaries, etc.;
  • anybody else with whom we have been instructed to share your information by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf;
  • our card processing supplier(s) to carry out credit, fraud and risk control, process your payments, issue and manage your card;
  • If our relationship arises from an insurance policy or claim, we will also share your information with:
    – other parties involved in providing your insurance policy, e.g. the intermediary or insurer who provides your policy;
How long we will keep your information

We keep your information in line with our data retention policy. For example, we will normally keep your core banking data for a period of seven years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise.
We may need to retain your information for a longer period where it is required in order to comply with regulatory or legal requirements or where we may need it for other legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime,responding to requests from regulators, etc.
If we do not need to retain information for this period of time, we may destroy, delete or anonymise it sooner.

Transferring your information overseas

Your information may be transferred to and stored in locations outside of Mauritius and the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we will ensure that it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfill a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries, the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we will only share your information with people who have the right to access it.
You can obtain more details of the protection given to your information when it is transferred outside of Mauritius and the EEA by contacting us using the details in the ‘More details about your information’ section below.

Your rights

You have a number of rights in relation to the information that we hold about you. These rights include:

  • the right to access the information we hold about you, and to obtain information about how we process it;
  • in some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may, however, continue to process your information if we have another legitimate reason for doing so;
  • in some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
  • the right to request that we rectify your information if it is inaccurate or incomplete;
  • in some circumstances, the right to request that we erase your information. We may continue to retain your information if we are entitled or required to do so;
  • the right to object to, and to request that we restrict our processing of your information in some circumstances. Again, there may be situations where we are authorised to continue processing your information and/or to refuse such request.

You can exercise your rights by contacting us using the details set out in the ‘More details about your information’ section below. You also have a right to lodge a complaint to the Mauritius Data Protection Office by visiting http://dataprotection.govmu.org, or to the data protection regulator in the country where you live or work.

 

Credit Reference Checks, Fraud and Money Laundering

Credit Reference Checks

If you apply for new products or services (including credit such as a housing loan, lease facility, personal loan or credit card), we may perform credit and identity checks with the Mauritius Credit Information Bureau (MCIB). When you use our banking services, we may also make periodic searches at MCIB to manage your account with us.
To do this, we will share your personal details to the MCIB and they will provide us with information about you. This will include information from your credit application and about your financial situation and financial history. The MCIB will supply us with both public and shared credit information, financial situation, history and fraud prevention information.
We may use this information to:

  • assess if we can offer you credit and whether you can afford to take the product you have applied for;
  • verify the accuracy of the data you have provided to us;
  • prevent criminal activity, fraud and money laundering;
  • manage your account(s);
  • trace and recover debts;
  • ensure any offers provided to you are appropriate to your circumstances.

 

We will continue to exchange information about you with the MCIB as long as you have a relationship with us. We will also inform the MCIB about your repayment history. If you borrow and do not repay in full and on time, the MCIB will record the outstanding debt. This information may be supplied to other organisations by the MCIB.
When the MCIB receives a search request from us, they will place a search footprint on your credit file that will be seen by the Bank of Mauritius. If you apply for a bank account or credit (e.g.when you apply for a housing loan, consumer loan, lease facility or credit card), we will obtain details of your credit history (and share information about you with the Credit Bureau) and use this information to work out how much you can afford to borrow or pay back. We may also carryout further credit checks on you while you are a customer in order to maintain an accurate and up-to-date record of your credit history. We may use your personal details to verify the accuracy of information that you have provided to us to prevent criminal activity, fraud and money laundering, manage your account(s), trace and recover debts and ensure any offers provided to you are appropriate to your circumstances.
If you are making a joint application, or inform us that you have a spouse or financial associate,we will link your records together. You should discuss this with them, and share this information with them before submitting the application. The MCIB will also link your records together and these links will remain on both your individual files until you or your partner successfully files fora disassociation with the MCIB to break that link.
To comply with the law and for our own legitimate interest in assessing and managing risk, we may share details about your financial situation and financial history with the MCIB, fraud prevention agencies, etc. This includes information on any bank accounts or credit you have with us, including:

  • how you manage your bank accounts or credit;
  • if you owe us money;
  • if we have concerns about financial crime;
  • if you have not kept up with your payments or paid of what you owe us (unless there is a genuine dispute over how much you owe us), or if you have agreed and stuck to are payment plan;
  • details of your spouse (who may not necessarily execute on our documents except for an MCIB consent),
  • details of guarantors to the loan, education and qualification history, assets owned, client’s net worth, employment details.
Scoring System

The scoring system will mostly use similar data as available on core systems for existing clients. The remaining data needed is exactly the same information that is presently collected through physical files and saved on the bank’s archive system.
Some scoring tools share data to third parties who use it in their worldwide database, such as Moody’s, in order to give a score or for calibration purposes.

Fraud Prevention Agencies

We will carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering, and to verify your identity before we provide products and services to you. These checks require us to process personal information about you.

The personal information you provide or which we have collected from you, or received from third parties, will be used to carry out these checks in order to prevent fraud and money laundering, and to verify your identity.

We will process personal information such as your name, address, date of birth, contact details, financial information, employment details, and device identifiers, e.g. IP address.

Together with the fraud prevention agencies, we may also allow law enforcement agencies to access and use your personal data in order to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity. This enables us to protect our business and to comply with laws that apply to us. This processing is also a contractual requirement of any of our products or services you use.
Fraud prevention agencies can hold your personal data for different periods of time. If they are concerned about a possible fraud or money laundering risk, your data can be held by them for up to six years.

Consequences of Processing

If we, or a fraud prevention agency, have reason to believe there is a fraud or money laundering risk, we may refuse to provide the services and credit you have requested. We may also stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in other organisations refusing to provide services to you. The information we hold about you could make it easier or harder for you to get credit in the future.

What we need from you

You are responsible for making sure the information you provide to us is accurate and up-to-date, and you must inform us if anything changes as soon as possible. If you provide information for another person (e.g. a joint account holder, a beneficiary under an insurance policy or a dependant), you will need to direct them to this notice.

How we keep your information secure

We use a range of measures to keep your information safe and secure including encryption and other forms of security. We require our staff and any third party who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate security measures for the use and transfer of information.

More details about your information

if you would like further information on anything we have said in this Privacy Notice, or to contact our Data Protection Officer, write a letter addressed to The DPO, 16, Sir William Newton Street, Port-Louis, Mauritius or send an email to [email protected]. This Privacy Notice may be updated from time to time and the most recent version can be found at bankone.mu/en/privacy-notice.

Last updated on :24 October, 2018