Top Saver PRO

Top Saver PRO

Top Saver

Top Saver

Investment Loan

To acquire both tangible and intangible investment assets.
More information

Real Estate Loan

For real estate developments intended for resale.
More information

Project Financing Loan

To finance the development of rental properties.
More information

Working Capital Loan

For day-to-day business activities.
More information
Online Banking
Contact us

Privacy Policy

Confidentiality and Privacy Policy (The “Privacy Policy”)

 

DATA PROTECTION AND PRIVACY POLICY

 

Contents

Introduction. 3

1.      Definitions. 3

2.      Why information is collected. 3

3.      What information is collected. 4

4.      Recipients. 4

5.      Third Party Access to information. 4

6.      Direct Marketing. 5

7.      Customer Rights. 5

8.      Retention of data. 6

9.      Security of data. 6

10.     Cookies. 6

11.     Personal Data Transfers. 6

12.     CCTV and Telephone. 6

13.     Contact 7

 

Introduction

 

The General Data Protection Regulation or “GDPR” is an EU regulation (2016/679/EU) dealing with data protection that came into effect across the EU, including Malta, on 25 May 2018. The Maltese Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect replacing the former Data Protection Act (Chapter 440 of the Laws of Malta).

 

The GDPR and the implementing domestic laws regulate the way the personal data of data subjects are processed by data controller. FCM Bank Ltd (the “Bank”), a licensed credit institution, as a “Data Controller” has to ensure that personal data is processed in accordance with the GDPR, Maltese Data Protection Act and any other relevant regulations. The Bank is committed to protecting your privacy and to preserve the confidentiality of all the information provided and in so doing the Bank has developed the following policy.

 

1. Definitions 

“Data subject” means an individual who is subject of personal data, hereafter the “Customer”.

 “Data controller” means an entity controlling and responsible for the keeping and use of Personal data both electronically and in manual files, hereafter the “Bank”.

 “Personal data” means any information relating to an identified or identifiable individual.

 “Processing of Personal data” means any operation or set of operations which is taken in regard to personal data, whether or it occurs by automatic means, and includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data.

 

2. Why information is collected

 The Bank stores and processes the data, including personal data in terms of Data Protection Act, and this information about the Customer may be put onto the Bank’s database and used, analysed and assessed by the Bank to provide the Customer with a better service. The Bank only collects information that the Bank believes to be relevant and required to better conduct our business. The information is collected for the following purposes:

-        for the provision of information or other services in relation to any specific requests;

-        for internal assessments and analysis;

-        for research and statistics;

-        for the detection and prevention of fraud and any other illegal acts or criminal activity which; the Bank is bound to report;

-        for the prevention of money laundering;

-        to report to tax authorities in terms of FATCA/CRS or other agreements or laws;

-        to develop and improve the Bank’s products and services;

-        to recover debts and to assist in debtor tracing;

-        to check your identity and address.

 

3. What information is collected

 The Bank collects different types of information, including:

-        Identification related data e.g. name, contact information, gender, date and place of birth, country identification documents (photo ID, passport, national ID card);

-        Data about your education, profession or work;

-        Details of your family members and other relationships, including your marital status;

-        Due Diligence information (including country of origin, residence, citizenship, bank statements, source of funds and wealth);

-        Other regulatory requirements e.g. country of taxation or foreign tax payer reference and anti-money laundering requirements;

-        Special categories of data which might include marital and related separation deeds, required for loan products (where applicable);

-        Public sources and legal documentation (including but not limited to court decrees, court judgements and powers of attorney) concerning special or general authorisations, which may include health, marital and family status;

-        Online identifiers (including IP addresses, cookie and information data generated via your browser) including user login and registration data e.g. login credentials for internet and mobile banking applications (where applicable);

-         Any other information provided during our interaction whether face-to-face, online, by phone, email or otherwise.

 

4. Recipients

The recipients of personal data are:

 -        Employees of the Bank;

-        Third-party services providers, agents or any other party which may be engaged or otherwise used by the Bank for any purpose in connection with the Customer relationship.

 

5. Third Party Access to information

 The Bank constantly strives to ensure that information is always kept safe and secure. All staff and all third parties with permitted access to information are specifically required to observe this Policy. The Bank aims to keep information up to date and in this regard may use third parties to process information on behalf of the Bank. The Bank will only disclose Personal data to third parties if this is required for the purpose of fulfilling any specific request that the Customer may make to the Bank or otherwise if the Bank is to provide information if required by governmental bodies, tax authorities,  or regulators, however exclusively under proper authority, or if permitted in terms of this Policy. The Bank will not process or provide third parties with information regarding your financial transactions unless the Bank is required or permitted to do so by law, by court order, with Customer’s consent or as otherwise set out in terms of this Policy. Whenever third parties process Customer’s information on request the Bank will bind them to keep such information in strict confidentiality. In the processing of information, information shall at all times be kept protected by strict codes of secrecy and security. 

Personal data in relation to transactions effected via SWIFT (Society for Worldwide Interbank Financial Telecommunication) may be required to be disclosed to the United States authorities in order to comply with legal requirements applicable in the United States for the prevention of crime and in accordance with the EU-US Terrorist Finance Tracking Program (TFTP) agreement.

 

6. Direct Marketing

 The Bank may use Customer contact details and process personal data to inform the Customer of relevant opportunities, developments, events and products. The Bank may carry out direct marketing in order to inform the Customer, by mail, telephone, email or other electronic means, about other products and services provided by the Bank, its subsidiaries, affiliates, associates, agents and by carefully selected third parties and for research purposes. In the case where the Customer does not want to be contacted for marketing purposes, the Customer should inform the Bank accordingly by ticking the appropriate box in the retail/corporate profile form or relevant application form or otherwise inform the Bank by sending a written request to this effect (by sending it to info@fcmbank.com.mt or by sending a letter to the address indicated in this Policy).

 The Bank may require contracting third-party companies to carry out bulk mailing or marketing campaigns on the Bank’s behalf, in which case we would be required to provide them with Customer contact details excluding personal financial information. Such third-party companies will be required to comply with all provisions of law including data protection when using information included in the Bank’s mailing list.

 

7. Customer Rights 

Customer has rights under data protection laws in relation to personal data, including:

 Request access to personal data (commonly known as a "data subject access request"). This enables customer to receive a copy of the personal data the Bank holds about the Customer by making a request via info@fcmbank.com.mt.

 Request correction of the personal data that the Bank holds about the customer.

 Request erasure of personal data where applicable and permissible. The Bank may not always be able to comply with the customer request of erasure for specific legal reasons which will be notified, if applicable, at the time of the request. As an MFSA authorised Bank, the Bank is under certain obligations to retain certain data for a minimum number of years.

 Object or request restriction of processing of personal data, where applicable. As a licensed institution, the Bank is under certain obligations to process and retain certain data for compliance purposes. These requirements supersede any right to objection requests under applicable data protection laws. If the customer objects to the processing of certain data then the Bank may not be able to provide any services and it is likely the Bank will have to terminate the customer account.

 Request the transfer of personal data to the customer or to a third party (Data portability). The Bank will provide to the customer with Personal data in a structured, commonly used, machine-readable format, which the customer can then transfer to an applicable third party. This right only applies to automated information which the customer initially provided consent for the Bank to use.

Withdraw consent at any time where the Bank is relying on consent to process personal data. However, this will not affect the lawfulness of any processing carried out before the customer withdraw the consent. If the customer withdraws the consent, the Bank may not be able to provide any services to the customer which will be informed.

 

8. Retention of data 

The Bank retains personal data obtained in relation to its licensed business activities for at least six (6) years from the date of receipt of such data. The retention period may vary and is dependent upon legal and regulatory obligations for the retention of records and Personal data by the Bank.

 

9. Security of data 

The bank will take appropriate measures to prevent unauthorised access or modification, improper use or disclosure to personal data, and in particular to any sensitive personal data held by it.

 

10. Cookies 

The Bank website utilises a standard technology called “cookies”. A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer’s (or other device’s) browser from a website’s server and is stored on your computer’s (or other device’s) hard drive. Cookies allow a website to remember things like your preferences or whether you have logged in, and they allow us to tailor our website to your interests.  Information supplied by cookies can also help to analyse use of the website and help to provide Customer with a better user experience.

 

11. Personal Data Transfers 

Personal data may be transferred to third-party recipients in the EU/EEA. In addition, it may be also necessary for the Bank to transfer the personal data to recipients outside of the EU/EEA, including countries that may not have the same level of protection for personal data. In doing so the Bank shall ensure that transfers to each of these countries will be protected by appropriate safeguards, namely that such third-party recipients are either subject to an adequacy decision or to appropriate safeguards in accordance with the applicable privacy laws and/or any other applicable legislation.

 

12. CCTV and Telephone 

The bank may monitor and record telephone calls in order to ensure that Customer instructions are accurately carried out, to help to continually improve services and to improve security. In the interest of security, the Bank may use CCTV recording equipment in and around premises. 

 

13. Contact 

For any questions, concerns or complaints regarding the processing of Personal data, the Customer can contact the bank and in particular the Data Protection Officer* (”DPO”) by:

 - email at info@fcmbank.com.mt and/or dpo@fcmbank.com.mt

- phone on (356) 2248 8000

- postal mail at FCM Bank Ltd, Suite 3, Tower Business Centre, Swatar, B’Kara BKR 4013, Malta

 

The Bank should respond to all legitimate requests within one (1) month of receipt of the request or within a maximum of three (3) months if the request is particularly complex (in this case the Customer will be informed about the reasons for such delay within one month of the request).

 If unsatisfied, the Customer can also file a complaint by contacting the office of the Information  and Data Protection Commissioner (https://idpc.org.mt/) (https://uoou.gov.cz/) (https://www.bfdi.bund.de/EN/Home/home_node.html).

  

The Bank may change the content or services found on website at any time without notice and consequently this policy may change at any time in the future without notice.

 

 

 

Your browser is out of date.

Please update your browser for better security, speed and experience with this site. For more information on the importance of updating, click here.