This Policy also outlines our privacy practices for consumers who apply for and/or obtain services from us, such as deposits, loans, insurance, custody services or credit card services (the “Services”). The information Jewel collects and uses is limited to the purpose for which our customers engage us, our services, and other purposes expressly described in this Policy. Any discussion of your use of the Service in this Policy is meant to include your interactions with Jewel. The Policy is designed to comply fully with among other laws, the Bermuda Personal Information Protection Act 2016 ("PIPA").
2. What do we mean by Personal Information?
In this Policy, personal information means all information related to an identifiable individual. It does not refer to anonymous aggregated information (information not pertaining to any one individual and cannot be traced to any individual) or information related to a business entity. Except as described in this Policy, Jewel will not give, sell, rent or loan any personal information to any third party.
Personal information does not include Usage Data which we define as encoded or anonymized information or aggregated data that we may collect about a group or category of services, features or users which does not contain personally identifying information. Usage Data helps us understand trends in usage of the Service so that we can better consider new features or otherwise tailor the Service. In addition to collecting and using Usage Data ourselves, we may share Usage Data with third parties, including our customers, partners and service providers, for various purposes, including to help us better understand our customers’ needs and improve the Service as well as for advertising and marketing purposes. We do not share Usage Data with third parties in a way that would enable them to identify you personally.
In this Policy, sensitive personal information means any personal information relating to an individual's place of origin, race, colour, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information.
The safeguarding of sensitive personal information will be proportionate to the risk of unlawful or unauthorized access to the sensitive personal information. The Bank will obtain explicit consent for the use of sensitive personal information and use sensitive personal information to carry out legal obligations, where there is a public interest and where such information is already available to the public, as well as processing legal claims and to protect an individual's vital interest and the individual is not capable of providing consent.
If you are viewing this information from a country within the European Economic Area (including the European Union) see Section 28 “Notice to European Visitors” for an explanation of the legal grounds for us processing and transferring your personal information.
4. The Information We May Collect from You
If you are our customer or have begun to apply for a product or service, the types of personal information we collect depends on the product or service. We collect your personal information when you open an account or apply for a loan; sell or trade in digital assets, use Online Banking or enroll in a service; or use one of our other financial products or services.
The information Jewel can collect from you can include:
- Your name, home address and other contact information
- Your identifying numbers (such as a Bermuda Social Insurance Number/UK National Insurance Number/or U.S. Social Security Number)
- Your financial history and transactions
- Your account balances and payment history
- Your consumer report information
- The identity of your assets held with Jewel
- Your investment experience
- Network information resulting from surfing our Site (such as your internet protocol (IP) address, length of time on our Site, cookies, applications used on our Site, type of device you are using, type of operating system, pages opened; and other interactions with our Site
- Network information regarding transactions that result from using the Services
- Usage information, such as information about how you use the Service and interact with us
- Feedback and surveys, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us
We may receive information about you from information services and consumer reporting agencies. Some special information, such as any criminal history, may be collected for certain limited purposes.
We do not collect, and we will never ask you to share your private keys or similar information.
5. Our Social Media Pages
On our Sites, you remain anonymous unless you register for, apply for or use a product or service or otherwise choose to disclose your identity to us (for example, by logging into Online Banking, choosing to register on the Site or select “like” on a Jewel social media page). We may collect information generated by your computer or device, including the IP address (a numeric address assigned automatically to computers and mobile devices when they access the Internet) or other identifiers. We also may collect your location when you log on or when you register to receive or request location-based content.
6. Disclosure of Personal Information To Third Parties
6.1. Extent and Purpose for Sharing Your Information:Extent and Purpose for Sharing Your Information:
We do not sell your personal information. We will only disclose or share your personal information with a third party under the following circumstances:
- With banks and similar financial institutions. We may disclose your personal information to those banks, their affiliates and similar financial institutions, as is necessary to complete a transaction with you.
- For business engagements. We may share personal information when we do a business engagements or negotiate such engagements. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- With law enforcement. We may disclose your personal information with law enforcement, including regulators, and government entities involved in public safety and security, law enforcement and compliance with current laws.
- With other parties where you agree to such disclosure. We may disclose your personal information with those other entities as you request or that you agree to such disclosure.
6.2. Business Partners Who We May Share Personal Information With
|OnFido Ltd.||Identity and document verification services;||https://onfido.com/privacy/|
Front end digital platform manager
|RegTech One||Manager of regulatory compliance programs||https://amlpartners.com/regtech-one-platform/|
|ComplyAdvantage||Transaction monitoring, Identity verification services||https://complyadvantage.com/privacy-notice/|
|Mambu||Jewel’s core banking platform||https://mambu.com/legal/privacy-policy|
6.3. Transfer of Personal Information to an Overseas Third Party
Where the Bank transfers your personal information to an overseas third party for that overseas third party to use your personal information on behalf of the Bank or for the third party's own business purposes, the Bank remains ultimately responsible for compliance with PIPA and the obligation thereunder.
Prior to making a transfer of personal information to an overseas third party, the Bank will assess the level of protection afforded by the overseas third party, and where it is comparable or superior to the protections provided for under PIPA, the Bank will proceed to transfer the personal information to the relevant third party. Where the level of protection afforded by the third party is not comparable, the Bank will enter into a contract with the third party to ensure the overseas third party is contractually obligated to only use your personal information in compliance with the provisions of PIPA.
The Bank may transfer information to overseas third parties certified under the Asia Pacific Economic Cooperation Cross Border Privacy Rules, which is an approved certification mechanisms for transfers of personal information to overseas third parties by the Privacy Commissioner and any additional certification mechanisms recognized by the Privacy Commissioner.
6.4. Intermingled Web Sites or Social Networks
We are not responsible for any content provided by third parties that may have links from our Site or social networks where we maintain a profile page, such as LinkedIn or Facebook. If you provide these third parties with information, the collection and use of that information will be subject to their privacy policies and will not be subject to this policy.
We also may use third parties to provide other services on our behalf. For example, third-parties may host microsites and moderate our social media pages. These third parties are contractually obligated to comply with Jewel Bank’s privacy and security standards and are limited in their use of information collected on our behalf.
7. Retention of Your Information
In order to determine the retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
8. Third-Party Applications, Plug-Ins, Widgets and Links to Third-Party Web sites
9. Log Files
As is true with most Sites, Jewel gathers certain information automatically and stores it in log files. This information includes internet protocol addresses, browser, internet service provider, referring/exit pages, operating system, date/time stamp, and click stream data as well as certain personal information such as user name, user email address and other information that may be included in open textual fields. We generally use this information as we would Usage Data to analyze trends, administer and maintain the Platform, or track activity within the Service. Our application log files are subject to the same strict data security policies and procedures as the application databases for our Service.
We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.
10. Cookies and Similar Technologies
Technologies such as cookies, beacons, tags and scripts are used by Jewel and our marketing partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
If you want to learn more about cookies, or how to control or delete them, please visit aboutcookies.org for detailed guidance.
In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.
Many jurisdictions require or recommend that website operators inform users as to the nature of cookies they utilize and, in certain circumstances, obtain the consent of their users to the placement of certain cookies. If you are a customer of Jewel, it is your responsibility to inform the individuals with whom you interact using the Platform, including your Agents and End- Users as to the types of cookies utilized in the Service and, as necessary, to obtain their consent. You can find out more about each cookie by viewing our current cookie list. In addition, if you require more specific information as to the nature of the cookies utilized in the Service for purposes of fulfilling these obligations, please contact us by email at email@example.com.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as Flash to collect and store information. To manage Flash LSOs please click here.
11. Private Security Keys
As part of our ongoing efforts to enhance our online security and protect your information, we may place a private key on your desktop or mobile device to help us identify the device as belonging to you. The use of a private key on your device assists you in conducting your Online Banking transactions.
12. Use of Customer Biometrics
As part of our ongoing efforts to enhance our online security and protect your information, we may use some customer biometric information. We may ask you to authenticate an online transaction with the use of your fingerprint, facial, or eye biometric information. There could be other forms of biometrics we may also choose to offer for authentication as well. Also, we may look at how you use your mouse or keyboard on a PC or how you move your finger over a screen on our mobile app to help determine if you are the real user during an online session. The use of biometrics on your device assists you in conducting your Online Banking transactions.
13. Telephone Carrier Information
As part of our ongoing efforts to enhance our online security and protect your information, we may access your operator (Digicel, CellOne, AT&T, Sprint, T-Mobile, Verizon, or any other branded operator) to use your regular phone number, your mobile phone number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow verification of your identity and to compare information you have provided to Jewel Bank with your wireless operator account profile information for the duration of the business relationship. The use of mobile carrier data on your device assists you in conducting your Online Banking transactions.
14. Web Browser 'Do Not Track' Signals
We do not respond to Web browser 'do not track' signals at this time.
15. Web Analytics
16. How we Use Your Information: Non-Identifying Information
The following are some of the ways in which we may use non-identifying information:
- To advertise and market our products and services to you.
- To present targeted messages, including ads, to you.
- To determine whether our ads or other promotional activities are effective;
- To learn more about how consumers use our Sites.
- To provide location-based services that you may request and
- To manage fraud and security risks, including, but not limited to, detecting and preventing fraud or criminal activity.
17. How We Use Your Information: Identifying Information
If you are a Jewel Bank customer or have begun to apply for a product or service, the reasons we use your information may include: we may contact you about your account, including to resolve issues around transactions, handle maintenance of your account, alert you about fraud or unusual activity on your account, or for debt collection purposes. Because we need to be able to contact you to run our businesses and offer you services, you cannot opt out of this contact. We may use any phone number, including any mobile phone number you have given us to contact you about these or other issues. If you give us a mobile number, please be aware that you may incur additional fees from your carrier. By giving us your mobile number, you also agree that we may contact you by text message and carrier charges may apply. You further agree that we may call the phone number you have provided to us to contact you about your account using an automated dialer and/or pre-recorded message.
17.1. Ways of Use
Other ways we may use personal information we collect from you alone or in combination with information we have collected from other sources include:
- To provide products and services.
- To present targeted messages, including ads, to you.
- To process your application for our products or services.
- To service your account(s) (for example, to respond to questions about your accounts).
- To report to credit bureaus.
- To advertise and market our products and services to you.
- To learn more about how customers use our Sites and interact with our products and services.
- To manage fraud and security risks, including, but not limited to, detecting and preventing fraud or criminal activity.
- To safeguard your data.
- To respond to court orders or legal investigations.
- In other ways as required or permitted by law or with your consent.
17.2. Conditions of Use
The Bank will only use personal information about you where it is permissible under law, which may include the following conditions:
- With your consent.
- For the performance of a contract between you and the Bank or for the taking of steps at your request with an intention of entering into a contract.
- Where the use of your personal information is to comply with a provision of law that authorizes or requires such use.
- Where the use of the personal information is for the purpose of complying with an order made by a court, individual or body having jurisdiction over the organisation.
- Where the use of the personal information is necessary in order to collect a debt owed to the Bank or for the Bank to repay to you money owed by the Bank.
- Where the use of the personal information is reasonable to protect or defend the Bank in any legal proceeding.
18. How We May Share Your Information
We may share our customers' and potential customers' personal information for our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus. We may share our customers' personal information to offer our products and services to you. We may also share your information in the event of a sale or transfer of all or some of our assets. We do not share your personal information with other companies, such as for the purposes of jointly marketing a product to you with a third-party entity. We do not sell exchange or otherwise share your information to any third party.
19. Telephone and Electronic Communication Monitoring or Recording
Monitoring, storing and analysis of telephone conversations has become a staple of communications and customer relations training. Jewel is committed to improving the customer experience, and, accordingly, employs telephone call reviews as part of its training and team improvement procedures. Jewel, including its agents and service providers, may monitor, record electronically, and retain telephone conversations and electronic communications between you (including anyone acting on your behalf) and us.
20. Your Choices
Jewel Bank customers may instruct us not to share personal and financial information with our affiliates (companies we own or control or under the common control of Jewel shareholders) and outside companies that we do business with by logging on to Online Banking at dltjewel.com and changing your “Affiliate Information Sharing” preferences.
Jewel Bank customers also may exercise these choices by calling (203) 529-5491. To opt out of receiving Jewel Bank email marketing, follow the directions at the bottom of the marketing email or send a message with the word “Unsubscribe” in the subject line or by selecting the “unsubscribe” button within the email.
21. The Rights of Individuals
The Bank recognises that individuals have specific rights conferred on them by PIPA, including:
- The right to access personal information about the individual in the custody or under the control of the Bank;
- The right to be informed about the purposes for which personal information has been and is being used by the Bank;
- The right to know the names of the persons or types of persons to whom and circumstances in which the personal information has been and is being disclosed;
- The right to make a written request to the Bank to correct an error or omission in any of the personal information which is under the control of the Bank;
- The right to request the Bank to cease, or not to begin, using personal information for the purposes of advertising, marketing or public relations or where the use of personal information is likely to cause substantial damage or substantial distress to the individual or to another individual;
- The right to request that the Bank erase or destroy personal information about the individual where that personal information is no longer relevant for the purposes of its use;
- The right to restrict the processing of the individual's personal information;
- The right to be informed of a personal information breach (unless the breach is unlikely to be prejudicial); and
- The right to complain to the Privacy Commissioner.
Individuals have the right to access their own personal information and receive information about its use. Unless it is reasonable in all circumstances to provide access, the Bank may refuse a request or may not grant access to an individual to their personal information, for the reasons set out below.
The Bank may refuse to provide access to personal information on the following grounds, where the personal information:
- Is subject to legal privilege.
- Would reveal confidential information of the Bank or of a third party that is of a commercial nature and it is not unreasonable to withhold the information.
- Is being used for a current disciplinary or criminal investigation or legal proceedings, and refusal does not prejudice the right of the individual to receive a fair hearing.
- Was used by a mediator or arbitrator, or was created in the conduct of a mediation or arbitration for which the mediator or arbitrator was appointed by the court or by an agreement.
- The disclosure of the personal information would reveal intentions of the Bank in relation to any negotiations with the individual to the extent that the provision of access would be likely to prejudice those negotiations.
Unless it is reasonable in all circumstances to provide access, the Bank must not provide access to personal information where the disclosure of personal information:
- Could reasonably be expected to threaten the life or security of an individual.
- Would reveal personal information about another individual.
- Would reveal the identity of an individual who has in confidence provided an opinion about another individual and the individual providing the opinion does not consent to the disclosure of their identity.
The Bank may consider providing an individual with their personal information where the Bank can reasonably redact information and provide the personal information to the individual who requested it.
21.2. Procedure For Making A Subject Access Request
In order to obtain a copy or examine personal information you must make the request in writing to the Bank, which can be provided in email to the Privacy Officer at firstname.lastname@example.org or be provided by hand to the Bank to the attention to the Privacy Officer at the address provided in Section 26 below.
The Bank will promptly acknowledge the request in writing and inform you if any further information is required to complete the request. A copy of the personal information must be provided within 45 days, or the Bank may extend the period by no more than 30 days (or as permitted by the Privacy Commissioner) where a considerable amount of personal information is requested and the request would interfere with the operations of the Bank, or more time is needed to consult with a third party. The Bank shall inform you in writing of any extension and the expected time of response.
The Bank may charge you a fee for access to the personal information, and such fee will be determined by the Bank, except where such request results in the correction of an error or omission in the personal information about you that is under the control of the Bank.
An individual is only entitled to their own personal information and certain information about the data, but not to information relating to other people (unless the information is also about them or they are acting in a legal capacity on behalf of someone else). The Bank will maintain a record of the details of requests received. . The Privacy Officer may request the advice of the Privacy Commissioner or Bermuda counsel to advise further where required.
22. How We Protect Your Information
We employ industry standard security measures designed to protect your personal information from unauthorized access and use. These measures include device safeguards and secured files and buildings, as well as oversight of our third-party service providers and employee training.
Jewel has put in place appropriate security safeguards to ensure the security of personal information against the risk of loss, unauthorized access, destruction, use, modification or disclosure or other misuse. Jewel has put in place procedures to deal with any suspected data security breaches and will notify you and the Privacy Commissioner or any other relevant regulator of a suspected breach where Jewel has a legal obligation to do so. Jewel will provide to the Privacy Commissioner a notice that describes the nature of the breach, the likely consequence for that individual and the measures taken and to be taken by the Bank to address the breach.
In addition, Jewel has limited access of personal information to those employees, agents, contractors, and other third parties who have a need to know. Those persons will only process your personal information on your instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Privacy Officer.
However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Sites and Services are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.
We also ask that you do your part by taking precautions such as keeping your User ID and password safe, running an updated version of your virus protection software, and notifying us immediately if you suspect fraudulent activity.
You can learn more about safeguarding your information here.
23. Protecting Children
If you are under the age of majority in your jurisdiction of residence, additional consents are required. You may only use the Services with the consent of, or under the supervision of, your parent or legal guardian.
Jewel does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Platform. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children never to provide personal information through our Platform without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to Jewel through our Platform, please contact us, and we will use commercially reasonable efforts to delete that information.
24. Data Protection Principles
The Bank is committed to using and safeguarding your personal information to the highest standard. In order to ensure that these standards are met, the Bank adopts the following privacy principles:
- The lawful, fair and transparent use of personal information.
- The use of personal information for a specific purpose or such purposes as are related to these.
- The use of information is adequate to fulfill the stated purpose, relevant and not excessive.
- Keeping personal information for only as long as required for the intended purpose.
- The use of personal information and sensitive personal information securely.
Jewel will ensure that any personal information used is accurate and kept up to date to the extent necessary for the purposes of that use.
We may add to or change this Policy from time to time and will post the revised Policy on this site. Your continued use of our site or any online service following changes to the Policy will constitute your agreement to any changes.
Any modifications to this Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site or Services after the posting of any modified Policy indicates your acceptance of the terms of the modified Policy.
26. How to Reach Us
The Chief Risk and Compliance Officer of Jewel has been designated the Privacy Officer of Jewel (the equivalent of the Data Protection Officer under the General Data Protection Regulation, which governs data protection and privacy for our European visitors).
As the Privacy Officer, the Chief Risk and Compliance Officer will be responsible for ensuring compliance with PIPA and the provisions of this Policy and will also have primary responsibility for communicating on behalf of the Bank to the Privacy Commissioner. If you have any questions about our privacy practices and measures, complaints or concerns related to this Policy, or you would like to review or request changes to your personal information, please contact our Chief Risk Compliance Officer, Adam Dean, at email@example.com or write us at:
The Swan Building
26 Victoria Street
Hamilton HM12, Bermuda
27. Notice to California Residents
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, California USA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
28. Notice to European Visitors
28.2. Sensitive Data
Some of the information you provide us may constitute “sensitive data” as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents and financial information.
28.3. Legal Bases for Processing
We will only use your personal information, as permitted by the GDPR and other applicable law.
We are required to inform you of the precise legal bases for processing your personal information. Below is a table which lists the purpose for our processing and its legal basis. If you have questions about the legal bases under which we process your personal information, contact us at firstname.lastname@example.org.
|To communicate with you
To optimize our platform
For compliance, fraud prevention, and safety
To provide our service
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests.
We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
28.4. Use for New Purposes
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by email to email@example.com. In order to process your request, we may request specific information from you to help us confirm your identity. We reserve the right to decline your request as expressly required by applicable law. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at the above or submit a complaint to the data protection or privacy regulator in your jurisdiction.
Cross-Border Data Transfer
Whenever we transfer your personal information out of the European Economic Area to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.
Please contact us if you would like to have further information on the transfer of your personal information out of the European Economic Area.