This Privacy Statement relates to the collection, use and disclosure of personal data, including special or sensitive personal data, by any member of the Kush Bank Plc (“Kush Bank”, “we” or “our”). Personal Data is information relating to an individual (“you” or “your”). Personal data comprises all the details Kush Bank holds or collects about you, directly or indirectly, your transactions, transactions you effect, financial information, interactions and dealings with Kush Bank, including information received from third parties, the public domain, collected through use of our website, cookies, and our electronic banking services.

For Bank Clients

The data controller of your personal data is the KUSH BANK entity you have or may have a relationship with or with whom an account is maintained that you are a security provider for. Our Head Office functions may also be the controller of your Personal Data. If you have or are party to more than one account with KUSH BANK, including to a Corporate and Institutional Banking relationship, we will link all your accounts and personal data to enable us to have an overall picture of your relationship with us. Personal data we collect in respect Corporate and Institutional Banking, Global Banking and Commercial Banking (collectively “Corporate and Institutional Banking”) relationships is primarily limited to the information on Directors and Officers, direct and indirect beneficial owners and authorized persons we need to enable us to meet our due diligence obligations, signatory details and contact information of individuals we interact with to enable the provision of services to a Corporate and Institutional Banking entity. If you do not provide us with personal data, we need to meet our legal and regulatory obligations or to enter into an agreement with you we may not be able to provide you with the products or services you have requested.

Purposes for which we may process your Personal Data

To enable us to fulfil the contract between us for the products or services you have requested.

We need to process your personal data for purposes including the following:

  • Processing applications for products and services, effecting payments, transactions and completing instructions or requests;
  • Providing products and services (including electronic banking services);
  • Assessing suitability for products and services;
  • Credit assessment, including conducting credit checks and setting credit limits;
  • Operational purposes;
  • Statistical purposes;
  • Establishment, continuation, and management of banking relationships and accounts;
  • Surveillance of premises and ATMs.
For some purposes in connection with the service you have requested, we have a legal or regulatory obligation to process your Personal Data.

These purposes include:

  • The prevention, detection, investigation and prosecution of crime in any jurisdiction (including, without limitation, money laundering, terrorism, fraud and other financial crime);
  • Identity verification, government sanctions screening and due diligence checks;
  • To comply with local or foreign law, regulations, directives, judgments or court orders, government sanctions or embargoes, reporting requirements under financial transactions legislation, and demands of any authority, regulator, tribunal, enforcement agency, or exchange body.

We may also process your Personal Data in line with any voluntary codes; to effect agreements between any member of the Kush Bank Plc and any authority, regulator, or enforcement agency; to comply with policies (including the Kush Bank Plc.’s policies) and good practice standards where it is in our legitimate interest to do so.

We may also process your Personal Data where it is in our legitimate interests to seek professional advice, including, in connection with any legal proceedings (including any prospective legal proceedings), for obtaining legal advice or for establishing, exercising or defending legal rights.

To whom we may disclose Personal Data

Any member of Kush Bank, including our officers, employees, agents and advisers, may disclose your Personal Data to any of the following parties for any of the purposes specified above:

  • Any member of the Kush Bank Plc anywhere in the world, including any officer, employee, agent or director;
  • Professional advisers (including auditors), third-party service providers, agents or independent contractors providing services to support Kush Bank’s business;
  • Our business alliance partners who may provide their product or service to you;
  • A merchant or a member of a card association where the disclosure is in connection with use of a card;
  • Upon your death or mental incapacity, your legal representative and their legal advisers, and a member of your immediate family for the purpose of allowing him/her to make payment on your account;
  • Any security provider or any person authorized to operate your account and to act on your behalf in giving instructions, to perform any other acts under our banking agreement or use any product;
  • Any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument;
  • Any court, tribunal, regulator, enforcement agency, exchange body, tax authority, or any other authority (including any authority investigating an offense) or their agents;
  • Any debt collection agency, credit bureau or credit reference agency, rating agency correspondents, insurer or insurance broker, direct or indirect provider of credit protection and fraud prevention agencies;
  • Any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes;
  • Anyone we consider necessary to facilitate requests for services or applications for products with any member of the Kush Bank Plc;
  • Anyone we consider necessary in order to provide services in connection with a product;
  • Any actual or potential participant or sub-participant in relation to any of our obligations in respect of any banking agreement, assignee, novatee or transferee (or any officer, employee, agent or adviser of any of them);

Security

Personal Data may be transferred to, or stored at, a location outside of your country of residence, which may not have data protection law. The security of your personal data is important to us. Kush Bank has technical and organizational security measures in place to safeguard your personal data. When using external service providers, we require that they adhere to security standards mandated by Kush Bank. We may do this through contractual provisions, including any required by a privacy regulator, and oversight of the service provider. Regardless of where personal data is transferred, we take all steps reasonably necessary to ensure that personal data is kept securely.

You should be aware that the Internet is not a secure form of communication and sending us any personal data over the Internet carries with it risks including the risk of access and interference by unauthorized third parties. Information passing over the Internet may be transmitted internationally (even when sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than in your country of residence.

Other Terms and Conditions

There may be specific terms and conditions in our banking and product agreements that govern the collection, use, and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this Privacy Statement.

Retention

We retain your personal data in line with our legal and regulatory obligations and for business and operational purposes. In the majority of cases this will be for seven years from the end of your relationship with us.

Automated decisions and profiling

We may use profiling, including behavioral analysis, to assist us to provide you with better services, to make decisions and to prevent money laundering, terrorism, fraud and other financial crime, for example using profiling may help us to try and detect whether use of your credit card may be fraudulent. If any profiling will result in an automated decision relating to you, we will let you know and you will have the right to discuss the decision with us.

Marketing

We may use your Personal Data:

  • To conduct market research and surveys with the aim of improving our products and services;
  • For marketing purposes, promotional events, competitions and lucky draws.

We process your personal data for these purposes because it is in the interest of our business to do so with the intention of improving our products and services and generating business. We will not send you marketing material if you have specifically asked us not to do so. You have the right to opt-out of receiving marketing material at any time. To do so, please contact your branch or relationship manager.

If you change your mind and ask us not to send you marketing material or other promotional or research material you have subscribed to receive, we may need to retain a record that you have asked us not to do so to ensure that you do not receive anything further.

Monitoring

To the extent permitted by law, we may record and monitor your electronic communications with us to ensure compliance with our legal and regulatory obligations and internal policies for the purposes outlined above.

Your Rights

Subject to applicable law, regulations and/or banking industry guidelines, you may have the following rights:

Access

To request a copy of the personal data processed in relation to you. KUSH BANK may be allowed by law to charge a fee for this.

 

Correction

To request that we correct your personal data. You can do this at your branch or through your relationship manager.

 

Erasure

To ask us to delete your personal data, for example, if we no longer have a valid reason to process it.

 

Object

To object to how we process your personal data. This does not mean you can decide or choose how we process your personal data other than in relation to marketing. If you have any concerns about how we process your personal data, please discuss this at your branch or with your Relationship Manager. We may not be able to offer you services if you do not want us to process the personal data, we consider it necessary to process to provide the services.

Restriction

To restrict how your personal data is processed in certain cases, such as when the accuracy of your Personal Data is contested. If you have any concerns about how we process your Personal Data, please discuss this at your branch or with your Relationship Manager.

Portability

To request a copy of the personal data you have given to us in a machine-readable format.

For Non-bank clients

This is a privacy statement for visitors to our website and individuals who do not have a relationship with the Bank either as a client or through any other way. We collect personal data which you voluntarily provide when visiting our website. We may also collect personal data collected through cookies and similar technology – for further information on our use of cookies please read our cookie policy.

When visiting our website, you may choose to provide personal data to us for the following purposes:

  • Subscribe to our publications and research
  • Contact us for information, either through an online form or through email
When you provide personal data for the above purpose, we will only use your personal data for the purpose provided and for statistical analysis. You can unsubscribe from receiving our publications and research at any time.