BMCE Bank International

Our Information

The ‘Data Controller’* is BMCE Bank International Plc. Our registered office is at 26 Upper Brook Street, Mayfair, London, W1K 7QE, United Kingdom and we are registered with the Registrar of Companies in England and Wales as a public limited company with company number 05321714.

In this privacy statement (“Privacy Statement”), ‘Bank’, ‘we’, and ‘us’ refers to BMCE Bank International Plc and ‘you’ refers to you and those on whose behalf you are accessing this website.

Privacy Statement

This Privacy Statement sets out our current policy in relation to the protection of personal information and individuals and demonstrates our commitment to your privacy. We are obliged to inform you that any personal information we have about you or collect from you has a high level of protection against any unauthorised or accidental disclosure, access or deletion. We have strict security procedures covering the storage and disclosure of your information to prevent unauthorised access to comply with the General Data Protection Regulation (“GDPR”)***. The Bank will only process personal data for the purpose it was collected for. If we intend to process data other than for specified use, we will contact you before undertaking further processing.

Personal information we collect

The Bank may obtain the personal information about an individual such as

1. Identity information such as title, first name, last name, maiden name, marital status, date of birth, gender, father’s name, ID number, nationality, passport details, national insurance number, signature, job position country of residence and country of tax residence;
2. Contact information which can include billing address, delivery address, email and telephone numbers;
3. Financial information that may include bank account numbers, bank statements, bank balances and bills;
4. Information that we are obliged to acquire by law such as tax residency;
5. Transaction information which includes details about payments made through us and details of transactions made by you;
6. Usage information which consists of information about how you use the Bank’s website, products and services; and
7. Information that is freely available (such as information that is openly available on the internet) and information from public records.

The Bank doesn’t collect any sensitive data about its customer and suppliers. Sensitive data consists of details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.

Source of information

The Bank can collect personal information through various sources, for example

1. A ‘Data Subject’* can provide information directly by completing forms, applications, or contacting the Bank via its website, email, post or telephone;
2. Information that is provided to the Bank when it conducts identity and address checks;
3. Information that is received from companies that carry out due diligence checks on behalf of the Bank;
4. Information from agents and brokers that introduce potential clients to the Bank; and
5. Payments and remittances received by the Bank.

Use of information

We process personal information of a data subject for the following reasons:

1. To manage relationship with the customers;
2. To provide products and services;
3. To make and manage customer payments;
4. To manage and maintain fees, charges, interest and debt recovery;
5. To identify, investigate and prevent financial crime;
6. To comply with laws and regulations that apply to the Bank;
7. To reply to and manage complaints and to try to resolve them; and
8. To ensure that we carry our business in an effective and efficient manner.

Legal basis of processing personal information

The Bank in its personal information processes has applied the following legal basis:

1. When it has obtained clear consent from the data subject for a specific purpose;
2. When it takes specific steps to enter in a contract or performs its contractual obligations such as providing Banking products to its customers; and
3. When it performs its legal or statutory obligations such as reporting to regulators or sanction screening.
4. The Bank may process your personal information where it is in the Bank's legitimate interest. The bank will ensure that, whilst it may pursue its legitimate interest, it puts systems and controls in place to safeguard the fundamental rights and freeedom of the data subject. This may include processing your information to:
   • identify new business opportunities and develop a relationship with you; and
   • to process personal data for litigation purposes.

Disclosure of personal information

The Bank may decide to share personal information with other external organisations. This is essential in the delivery of its products and services, to conduct its business and to comply with all regulations. We can share personal information with, for example

1. Authorities that can include auditors and regulators based in the United Kingdom and other relevant jurisdictions who require reporting in certain circumstances;
2. Professional advisers including lawyers, auditors and insurers who provide consultancy, legal, insurance, private healthcare providers and accounting services to the Bank;
3. Companies that provide due diligence checks of customers;
4. Companies that provide checks in relation to the customers to identify “politically exposed persons”;
5. Financial service companies that help us to prevent, detect and report fraudulent and criminal activities;
6. Agents and brokers that provide business to the Bank;
7. Banks and other financial services companies that provide agents, correspondents or intermediary banking services;
8. Our holding companies for the purpose of internal reporting; and
9. Banks and other financial services companies that provide payment or remittances services.

Sending personal information outside the EEA

Personal information about individuals can be transferred to locations outside the European Economic Area (EEA). When this is done, the Bank ensures that this transfer is lawful. We also make every effort to ensure that there is an appropriate level of protection and safeguards in accordance with the GDPR.

Data subject rights

There are certain rights for data subjects in relation to their personal information.

1. The right to access and rectify the information the Bank hold about them;
2. The right to erase or restrict processing;
3. The right to object to processing;
4. The right to data portability (ie your right to obtain and reuse your personal information across different services for your own purposes).

Data subjects can exercise their rights by contacting the DPO by email at dpo@bmce-intl.co.uk or in writing to The DPO, BMCE Bank International Plc, 26 Upper Brook Street, Mayfair, London, W1K 7QE, United Kingdom

When you choose to exercise your rights, it may delay or prevent the Bank from performing its contractual and legal obligations. It could also mean that the Bank will need to cancel a product or service that it may have with you. The Bank may still be able to process personal information if it has a lawful basis for doing so.

Request a copy of personal information

You have the right to request a copy of the personal information that the Bank hold on you. To do so, please either email your request at dpo@bmce-intl.co.uk or write to The DPO, BMCE Bank International Plc, 26 Upper Brook Street, Mayfair, London, W1K 7QE, United Kingdom.

The Bank will not ask for a fee to access any personal information. However, it may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, the Bank can refuse to comply with request in such circumstances.

The Bank can request for more specific information to help confirm identity and to ensure the right to access your personal information. We may also contact you to ask for further information in relation to your request to speed up our response. The Bank will ensure that it provides the information in the commonly used electronic or written format.

The Bank reserves the right to withhold information if it has any adverse effects on the rights and freedoms of other data subjects. This means that disclosing that information can be against the public or business interest.

The Bank aims to respond to all legitimate requests within one month. Occasionally it may take an additional two months if the request is particularly complex or multiple requests have been made. In this case, we will notify you and explain why such an extension is necessary.

Withdrawing consent

You have the right to withdraw consent if we have used consent as the lawful basis for the processing of your personal information. This can be done through the following ways:

1. Telephone main contact centre at +44 (0) 207 429 5500

2. In Branch.

3. In writing to BMCE Bank International Plc:

26 Upper Brook Street
Mayfair
London W1K 7QE
United Kingdom

Please allow 5 working days for the systems update and the Bank’s records to reflect the request to change your preferences.

Complaints

Data subjects can report a concern on ICO’s website at https://ico.org.uk/concerns/ or call their helpline at 0303 123 1113.

Accuracy

You need to ensure that you provide the Bank with accurate and relevant information as well as informing the Bank of any changes. The Bank reports, as part of its legal obligations, to the regulatory authority based on the information provided.

If inaccurate information is provided, the Bank may not be able to provide products and services to the data subject.

Automated decision making

The Bank in its processes, does not rely on automated decision making and profiling.

Retention of information

The Bank will retain personal information in line with its Data Retention Policy. The Bank will only retain personal information for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, it considers the amount, nature, and sensitivity of the personal information. If the personal information in no longer needed, the Bank may destroy, delete or anonymise it.

Third party sites and social media

Please note that this Privacy Statement does not extend to third party service providers. Any social media post/comments and any public reviews you send to us through third party sites and social media such as Facebook or LinkedIn, will be shared under the terms of the relevant platform and could be made public. We do not control these platforms and are not responsible for this kind of sharing.

Cookies Policy

The Bank may gather and analyse information regarding usage of this website, including domain name, the number of hits, the pages visited, previous/subsequent sites visited, the location from which this website is being accessed and length of the user’s session. This information may be gathered by using a cookie. A cookie is a small text file placed on your hard drive by our web page server. You can choose whether to allow the use of a cookie by altering the settings of your browser. A cookie will make the use of this web site faster and easier.

Amendments

If you have any questions about this Privacy Statement or our data processing activities, please either email your request to dpo@bmce-intl.co.uk or write to The DPO, BMCE Bank International Plc, 26 Upper Brook Street, Mayfair, London W1K 7QE, United Kingdom. BMCE Bank International Plc reserves the right to modify sections of this Privacy Statement at any time.

_____________________________________________

*The data controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed.

**The data subject means an individual who is the subject of personal information. In other words, the data subject is the individual the particular personal information is about.

*** The General Data Protection Regulation is a new law coming into effect across the European Union on 25 May 2018, introducing increased rights and transparency for individuals regarding their personal information and helping them understand how companies use their personal information.