Republic Bank (Barbados) Limited Data Privacy Notice

1. About Us
This website www.republicbarbados.com is operated by Republic Bank (Barbados) Limited. The Bank’s registered company address is Independence Square, Bridgetown, Barbados.

We have appointed a Data Privacy Officer (DPO) who manages our personal data handling practices. If you have a question or complaint about our personal data handling practices, please contact our DPO at rbbbdpo@rfhl.com.

In this Privacy Notice, the terms the “Bank”, "we", "our" and "us" mean Republic Bank (Barbados) Limited.

2. What is the purpose of this Privacy Notice?
The Bank is responsible for processing personal data about you and is committed to protecting the privacy and security of your personal data. We discuss below what is meant by “personal data”.

This Privacy Notice describes and provides you with notice of how we collect and use personal data about you in accordance with applicable data protection laws, including the Data Protection Act, 2019 of the laws of Barbados (the “DPA”). The Bank is a "data controller". This means that we collect your personal data and are responsible for deciding how we hold and use personal data about you.

3. Data Protection Principles
The DPA requires that the personal data we hold about you must be:
  • Used lawfully, fairly and in a transparent way.
  • Collected only for specified, explicit and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Adequate and relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary.
  • Kept securely.
4. What Personal Data Do We Collect?
The DPA defines personal data as data which relates to an individual who can be identified from that data; or from that data together with other information which is in the possession of or is likely to come into the possession of the data controller. This personal data may include your name, date of birth, IP address, bank/credit card details, personal e-mail address, your home address, your home telephone number, your personal cellphone number, your signature, your image, and may include your age, your income and other similar data when associated with you. Personal data may also be data containing details as to whether you have opened our promotional e-mails or how you have used our website, if we can associate that personal data with you.

What are the Sources for the Collection of Personal Data?
We collect personal data directly from you and indirectly from other sources. These other sources are official Government registries, persons providing reference letters, credit bureaus, employers and background check agencies and warning lists issued by credible agencies. We may also acquire data about you from other promotional or marketing companies with whom you shared your data and whom you have allowed to provide data to us.

Some classes of personal data are categorized as “sensitive personal data”. The DPA defines “sensitive personal data” as personal data consisting of information on a data subject’s racial or ethnic origin; political opinions; religious beliefs or other beliefs of a similar nature; membership of a political body; membership of a trade union; genetic data; biometric data; sexual orientation or sexual life; financial record or position; criminal record; or proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court of competent jurisdiction in such proceedings.

As a result of the services that we offer, the Bank sometimes needs to process “sensitive personal data” about you. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

5. What are your rights in relation to the personal data provided to us?
By law, under certain circumstances, you have the right to:
  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a description of the personal data we hold about you.
  • Obtain from us, without undue delay, the rectification of inaccurate personal data concerning you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • • Request the erasure of personal data concerning you without undue delay. This enables you to ask us to delete or remove personal data where the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent where the processing is done pursuant to us obtaining your consent to process your personal data or sensitive personal data, and where there is no other legal ground for the processing; you object to the processing where it is likely to cause damage or distress and there are no overriding legitimate grounds for the processing, or you object to the processing for purposes of direct marketing; the personal data has been unlawfully processed; the personal data has to be erased in compliance with a legal obligation in Barbados or there is no good or legitimate reason for us continuing to process it.
  • • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; where we no longer need the personal data for the purposes of the processing, but the personal data is required by you for the establishment, exercise or defence of legal claims; where you have objected to processing likely to cause damage or distress pending the verification whether the legitimate grounds of the Bank overrides your grounds.
  • Receive the personal data concerning you. You will also have the right to have your personal data transmitted directly from us to another data controller, where technically feasible and under certain circumstances.
  • Require that we, after providing a written notice, at the end of a 21 day period cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which you are the data subject, on the ground that the processing of the data or our processing for that purpose or in that manner is causing or is likely to cause substantial damage or distress to you or another; and the damage or distress is or would be unwarranted.
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.


6.How Do We Use Your Personal Data?
The Bank will process (collect, record, hold, store, disclose and use) the data you provide in a manner compatible with the DPA. Some examples include:
(a) Services - to provide you with our products and services and fulfil our contractual obligations.
(b) Legal and Regulatory – to comply with legal and regulatory such as lawful requests from government agencies, court orders or reporting to credit bureaus.
(c) Marketing - for marketing and promotional purposes, including with our promotional partners.
(d) Security - to protect the security or integrity of our websites and our business.

7. Data retention - How long will you use my data for?
The Bank has defined procedures for adhering to the retention periods as set out by relevant laws, contracts and our business requirements, as well as adhering to the DPA requirement to only hold and process personal data for as long as is necessary to fulfil the purposes we collected it for.

8. Personalized Experience and Web Analytics
We also automatically collect data when you visit our website, use our mobile and electronic banking and any other applications which the Bank uses to provide its services in order to customize your experience. For example, we collect data about your browser type, operating system type and version, language, and your Internet Protocol ("IP") address. We also collect data about how you browse through our website, including logging the pages you visit and the amount of time you spend on certain pages. We use this data for a number of technical purposes to ensure that our pages load correctly in your browser. We also use this data to improve our website. For example:
(a) we use IP addresses for your geographical location;
(b) we log the frequency of visits to certain pages on our website and how visitors navigate through our website in order to detect problems, improve our website and learn about what services are of interest to our customers; and
(c) we track whether certain types of promotional e-mails were opened by you and whether you sought data about a particular product or service in order to make inferences about other products and services you might be interested in.

9. Choices
Due to the nature of the products and services we provide, it is usually necessary for us to be provided with your personal data. You may choose not to submit any personal data to us, but then we may not be able to fulfill the purpose for which the personal data was required, including the provision of such products or services. We may also ask for your consent for certain uses of your personal data, and you can agree to or decline those uses.

10. Regarding Children and Minors
In accordance with the DPA, we will not collect, use or disclose personal data from a child under the age of eighteen (18) without obtaining prior consent from an authorized parent or guardian, and we will use reasonable means at our disposal to verify that such consent has been provided by the authorized parent or guardian.

11. Why might you share my personal data with third parties?
We will share your personal data with third parties where required by law; where it is in the public interest to do so or where it is necessary for the performance of our functions. This will, in some circumstances, involve sharing sensitive personal data.
The third parties with whom we may share your personal data include credit bureau, credit card processors, correspondent banks, Regulators, auditors, security providers, survey providers, credit risks assessors, debt collectors, Attorneys-at-Law, service providers including technology service providers, mail service providers and customer service support.

12. Transferring data outside Barbados
We may transfer and process the personal data we collect about you to another country outside of Barbados to enable the Bank and its service providers to process your data consistent with this Privacy Notice.
We currently transfer to Trinidad and Tobago, Canada, European Union and the United States of America (USA).
We will ensure that adequate data protection clauses are included in any relevant agreements (including agreements between the Bank and other members of the Republic group of companies) to ensure that your personal data is treated by third parties in a way that is consistent with all applicable laws on data protection, including the DPA.

13. How Do You Access and Modify Your Personal Data or Make a Complaint?
If you have questions or concerns about personal data collected by us and would like assistance accessing that personal data or exercising any of your other rights under section 5, please contact our Data Privacy Officer using the contact details here. You also have the right to make a complaint at any time to the Office of the Data Protection Commissioner who is appointed under the DPA as the Barbados supervisory authority for data protection issues.

14. How Do We Protect Your Personal Data?
We take administrative, technical and physical measures to safeguard your personal data against unauthorized access, unauthorized disclosure, theft and misuse in accordance with the standards set out in the DPA.
Although we take precautions against possible breaches of our security systems, no company can fully eliminate the risks of unauthorized access to your personal data and no website is completely secure. We cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur.
We therefore encourage you to maintain up-to-date virus, malware and other security protections on all your electronic devices and means of communication together with keeping secret and safe all passwords to our banking services and products, including mobile and electronic banking, to better protect the security of your personal data.

15. Contacting our Data Privacy Officer
The contact details for our DPO are as follows and these details may be updated by us from time to time:
Address: Independence Square, Bridgetown, Barbados
Email Address:RBBBDPO@rfhl.com
Telephone: (246) 431-1262 Ext 4037

16. Changes to our Privacy Notice
We may change this Privacy Notice at any time in the future. When we do, we will let you know by appropriate means such as by posting the revised statement on this page with a new “Last Updated” date. Any changes to this Privacy Notice will become effective 30 days after being posted or on such earlier date as is permitted by the relevant authorities. We encourage you to revisit this page regularly and your continued access to or use of the website will mean that you agree to the changes.

 

Last Updated: Oct 2024.

The information we collect about you depends on how you use our websites and may involve the use of "cookies", as explained below.

What is a "cookie"?
A cookie is a small text file placed on your computer’s hard drive by our web page server and which we can later access. They are frequently used on websites and you can choose if and how your computer accepts them by configuring your preferences and options in your browser.

How we use cookies
Cookies are used so that we can improve our websites and learn how to provide a better and more customised service for you. We use them for two different purposes:

We allocate a cookie to your internet browser if you visit our websites (including if you visit an unsecured area - such as one which does not require you to log on to the relevant page). The cookie allows us to:
  • determine if you have previously visited our website
  • identify pages you have accessed and third party websites you have visited
We use certain ‘essential’ cookies to maintain online security and protect against online fraud in relation to the services on our websites such as:
  • online banking
  • online applications

Even if you say “No” in your browser’s settings to cookies on this website we'll continue to use these 'essential' cookies.
If you have provided your personal information through the use of our online facilities, such as an online enquiry form or online banking, we would be able identify you from the information provided, and track your browsing activities on our website from the cookie.

We use cookies to make our online services easier to use and help us to understand how people use our websites. For example, amongst other things they will:
  • Make online banking login faster by remembering you between visits on your personal devices
  • Simplify online transactions by remembering the last account you used and showing it as the default for your next transaction
  • Remember relevant information as you browse from page to page saving you from re-entering the same information repeatedly

We also use this type of cookie to understand how visitors use our online services and look for ways to improve them. For example, a cookie might tell us that lots of people give up on an application process at a particular step – so we can try to make that step easier to use.

Go to top