Privacy Code
A word about your privacy
We respect and protect your privacy. We only share your personal information in circumstances that we will describe in this Code and that align with our privacy principles. We have provided this document to explain our privacy principles and procedures. This Code reflects both the importance of the issue and the legal and regulatory requirements for privacy protection.
Introduction
Westminster Bank (or “we”) is committed to keeping personal information of our Clients and prospective Clients (“you” or “your” personal information) accurate, confidential, and secure. The Westminster Bank Privacy Code reflects this commitment.
This Privacy Code describes how Westminster Bank complies with privacy principles.
The scope of this Privacy Code
This Privacy Code describes the principles Westminster Bank will use to protect the personal information in its possession or control. This Privacy Code does not apply to information about business Clients who carry on business as corporations, partnerships or other forms of association. We do, however, protect the confidentiality of such information in accordance with the law and our policies. This Privacy Code applies to any personal information that we collect about individual owners of sole proprietorships or personal information about officers, directors, employees or partners of a business Client.
Changes to this Privacy Code
In order to ensure that this Privacy Code is kept up to date, we will change this Privacy Code from time to time. Notice of any significant changes to the Privacy Code may be distributed by email, through Westminster Bank statements, letters, posted on the Westminster Bank website, through your online Inbox or any other electronic method used by Westminster Bank to communicate with you.
EXPLANATION OF TERMS USED IN THIS PRIVACY CODE
Associates
The Client services representatives at Westminster Bank who will address any questions and concerns about a Westminster Bank product or service.
Personal information
Personal information is information that identifies you or can be used to identify you. Examples of personal information include: first and last name, mother’s maiden name, mailing address, telephone number (including mobile), email address, date of birth, government-issued identification, credit history, information about your employment and education, annual income, assets and liabilities and financial transactions.
Privacy Office
The department at Westminster Bank that is responsible for the protection of your personal information.
Westminster Bank
“Westminster Bank” is the operating name of Westminster Bank Limited.
SECTION 1
Principle – Westminster Bank’s accountability
We are accountable for all personal information in our possession or control, including any personal information transferred to third parties for processing. We have established procedures to comply with this Privacy Code and have designated one or more persons to be accountable for compliance.
- Our Privacy Office is responsible for protecting the privacy of our Clients’ personal information and our compliance with this Privacy Code.
- We are also accountable for personal information that has been transferred to a third party for processing (for example, cheque clearing services). Our policies for safeguarding personal information transferred to third parties are set out in this Privacy Code.
- To ensure compliance with the principles of this Privacy Code, we:
- have established procedures to protect personal information;
- have established procedures to receive and respond to questions and complaints;
- published this Privacy Code; and
- have trained our staff to understand and follow our privacy procedures.
We also oversee compliance with this Privacy Code through regular audits and other compliance procedures. Senior management reports to a committee of Westminster Bank’s Board of Directors regarding compliance with this Privacy Code.
SECTION 2
Principle – Identifying the purposes of collecting personal information
We will identify the purposes of collecting personal information.
- We take care to explain purposes which are not as obvious as others. While the purposes for collecting a name or address may be obvious and do not need to be explained, the purposes for collecting other information may not be as self-evident.
- We will clearly identify the purpose for which we are collecting your personal information either through writing, verbally when we are speaking with you or through any other means we use to communicate with you. There are some cases where we are not required to obtain your consent.
- You can ask for information about the purposes for which we collect personal information when you phone us or write to our Privacy Office.
- In addition to any purposes identified to you before or at the time of collection, we will collect personal information (which may include credit, employment and other financially related information) for the following purposes:
- to help identify you;
- to determine your suitability or eligibility for our products or services;
- to set up and manage Westminster Bank’s products and services;
- to offer, set up and manage products and services, including those of our affiliates or trusted business partners;
- to provide ongoing service; and
- to meet legal and regulatory requirements and credit reporting requirements.
Examples of additional purposes for which we may collect, disclose or use your personal information:
-
- references are used to verify information on an application;
- your date of birth and other identifying information may be collected and used to verify your identity, and to protect you and Westminster Bank from error or fraud. We may also collect and use personal information obtained from credit reporting agencies and other financial institutions in order to help verify your identity when you are a new Client;
- a Taxpayer Identification Number (TIN) is collected because the CRS and other national or international regulations related to the taxing of nationals require it for income tax reporting. In addition, a TIN may be used to match credit bureau information or protect you and Westminster Bank from reporting errors or fraud. Providing your TIN for these identity verification purposes is optional;
- personal information is exchanged with credit reporting agencies, credit insurers (including health information), and other financial institutions, to maintain the integrity of the credit-granting process and to determine eligibility for financial products and services including creditor insurance products. In certain cases, you have a right to access your personal information in the control of these institutions.
- personal information, including transaction details for any product or service offered by Westminster Bank, is used by us to determine your eligibility for products and services or to identify products or services that may be of interest to you, and we will use your contact and other information to notify you of such products including by website, mail (including statement inserts), email, phone, SMS text messages, our Mobile Banking app or any other electronic method offered by Westminster Bank and used by you.;
- personal information may be disclosed to investors or potential investors, lenders and government guarantors in order for us to process, fund and securitize your mortgage;
- personal information may be collected, used and disclosed to investigate specific transactions or patterns of transactions for the purpose of detecting unauthorized, fraudulent or other illegal activities;
- personal information may be collected and used to ensure that your instructions can be properly verified and to prevent errors;
- personal information may be collected, used and disclosed to investigate your complaints;
- should you open an Account to be operated on behalf of a third party, personal information of that third party will be collected from you in accordance with Anti-Money Laundering and Counter-Terrorism Financing legislation;
- we may share personal information with members of a group of companies and other service providers who provide operational, administrative and support services on our behalf, to meet legal and regulatory obligations, for fraud prevention purposes, and to perform analytics;
- members of a group of companies and our service providers may be located outside of Vanuatu and may access and process your personal information from Australia, the United States or other jurisdictions;
- we may share your personal information with other members of a group of companies and our service providers so that they may contact you for the purposes of marketing, including telemarketing, or to help you manage your credit responsibly;
- personal information may be collected, used and disclosed for the purpose of legal or regulatory requirements;
- personal information may be collected, used and disclosed if you participate in a contest, survey or promotion to administer your participation in the contest or promotion and as otherwise described to you when you enter. Information obtained through our surveys is used in an aggregated form. We use this information to help us understand our Clients and to improve our products and services;
- personal information about a joint Account and any transactions on that Account may be disclosed to any Account holder; and
- personal information may be disclosed to a representative (such as a legal guardian, Power of Attorney, estate representative or lawyer) where reasonably necessary to administer the estate.
SECTION 3
Principle – Obtaining consent
We will collect, use or disclose personal information without your consent only in limited circumstances as permitted by law.
Subject to certain legal, regulatory and contractual obligations and reasonable notice, an individual can refuse or withdraw their consent to the collection, use or disclosure of personal information about them at any time. In certain instances, that means we may not be able to offer you certain products and services.
- Generally, we will seek consent to use and disclose personal information at the time of collection. In some circumstances, we may identify a new purpose and seek consent to use and disclose personal information after it has been collected.
- We will explain to you in plain language how personal information will be used or disclosed before requesting your consent.
- Consent to the collection, use and disclosure of personal information can be expressed, implied, or given through your authorized representative.
- You can express consent verbally, such as when information is collected over the telephone, in writing, such as when completing and signing an application, or electronically, such as when applying online.
- Your consent can be implied, for example, by using a Westminster Bank product or service.
- You can also give consent through an authorized representative, such as a legal guardian or a person with a Power of Attorney. This may be necessary, for example, when we cannot obtain express consent from a minor, or an individual who is seriously ill.
- We may collect, use or disclose personal information without your knowledge and consent only in limited circumstances as permitted by law. For example:
- We may collect, use and disclose personal information without your knowledge or consent if it is clearly in your best interest to do so and consent cannot be sought in a timely manner. An example of such a circumstance is when an individual is seriously ill.
- Westminster Bank may collect, use and disclose personal information without your knowledge or consent in accordance with law or upon the lawful request of a government institution or part of a government institution. An example would be when a government institution lawfully requests the information for the enforcement of federal or provincial Canadian law or laws of a foreign jurisdiction.
- You can refuse to consent to our collection, use or disclosure of personal information, or you may withdraw your consent to our further collection, use or disclosure of your personal information at any time by giving us reasonable notice, subject to limited exceptions. This includes withdrawing your consent for the use of your SIN for identity verification purposes.
- We will inform you of the consequences of refusing or withdrawing consent. Refusing or withdrawing consent for Westminster Bank to collect, use or disclose personal information could mean that we cannot provide you with a product and/or service. For example, if you do not allow us to obtain a credit report, we may not be able to lend money to you.
- We may have legal, regulatory or contractual obligations to collect, use or disclose certain of your personal information, in which case you may not withdraw your consent. For example, during the term of a loan, you may not withdraw your consent to our ongoing collection, use or disclosure of your personal information in connection with the loan you have with us or have guaranteed.
- We will not unreasonably withhold products, services or information from individuals who refuse to give consent or who withdraw consent.
- Westminster Bank is required by law to collect certain types of personal information in order to verify your identity. If you do not allow us to collect and use this information, or if you later attempt to withdraw your consent, we may not be able to open or maintain an Account for you.
- Withdrawal of consent is not permitted in relation to a credit product where we must collect and report information after credit has been granted. This is to maintain the integrity of the credit reporting system.
- We will act on your instructions as quickly as possible but there may be certain uses of your information that we may not be able to stop immediately.
- You can opt out and withdraw consent.
- To opt out of email communications, click on the “unsubscribe” link included in each of our communications.
- To opt out of receiving SMS text messages, respond to any message by texting “STOP”.
- To opt out of the sharing of your personal information with trusted partners, contact us using the contact information set out above.
- To opt out of direct mail and phone marketing communications, contact us using the contact information set out above.
SECTION 4
Principle – Limits on the collection of personal information
Westminster Bank limits the amount and type of personal information it collects. We will collect personal information only for purposes that have been already identified to you or as permitted by law.
- We will only collect the amount and type of information needed for the purposes documented by us and identified to you.
- We will collect personal information about you primarily from you. Except as permitted by law, Westminster Bank will only collect personal information from external sources if you have consented to such collection.
SECTION 5
Principle – Limits on using, disclosing and keeping personal information
We will use or disclose personal information only for the reasons it was collected, unless consent is given to use or disclose it for another purpose. Under certain exceptional circumstances, we may have a legal duty or right to disclose personal information without your knowledge or consent.
We will keep personal information only as long as necessary for the identified purposes.
- We may disclose personal information without consent when required or permitted by law. Examples of such disclosure include:
- subpoenas, search warrants and other court and government orders;
- debt collection or demands from other parties who have a legal right to personal information; and
- disclosure of personal information to a lawyer who represents Westminster Bank to protect Westminster Bank’s interests.
- In any of the circumstances referred to above, we will protect your interests by making sure that:
- orders or demands appear to comply with the laws under which they were issued;
- when permitted by law, we may notify you that an order or demand has been received.
- We will collect health records only for specific purposes explained to you, such as establishing the effective date of a Power of Attorney or for creditor insurance purposes, as insurance providers require this personal information to assess insurance risk and to establish and administer the insurance coverage.
- In the event we provide personal information to a third party service provider for processing located in a foreign jurisdiction, we will be bound by the laws and regulations of that jurisdiction and may disclose personal information in accordance with those laws and regulations.
- We will destroy, erase or make anonymous any personal information no longer needed for its identified purposes or for legal requirements, in accordance with our records retention policies.
SECTION 6
Principle – Keeping personal information accurate
We will keep the personal information in our possession or control accurate and complete based on the most recent information available to us. From time to time, Westminster Bank may contact you to ask you to confirm your contact information and your marketing communication preferences.
You may challenge the accuracy and completeness of your personal information and have it amended as appropriate.
- We will make reasonable efforts to minimize the possibility of using inaccurate, incomplete or outdated personal information to make a decision about you.
- We will make reasonable efforts to keep personal information in our possession and control accurate and current if the information is used on an ongoing basis.
- We will rely on you to keep your personal information accurate, complete and current. If you demonstrate to us that personal information relating to you is inaccurate, incomplete, or out of date, we will revise or delete the personal information. If necessary, we will disclose the revised personal information to any third parties to whom we had disclosed wrong or outdated information in order to permit them to revise their records.
- If we do not agree to revise the personal information as requested by you, you may challenge our decision. We will make a record of this challenge, and, if necessary, disclose the challenge by you to any third parties to whom we have disclosed the personal information.
SECTION 7
Principle – Safeguarding personal information
We will protect personal information with safeguards appropriate to the sensitivity of the information.
- We will safeguard personal information in our possession or control from loss or theft and from unauthorized access, disclosure, duplication, use or modification.
- The safeguards employed by Westminster Bank to protect personal information will vary depending on the sensitivity, amount, distribution, format and storage of the personal information. We store most of your information electronically.
- We will safeguard personal information in our possession or control through security measures. For example:
- physical security, such as secure locks on filing cabinets and restricted access to offices;
- organizational security, such as controlled entry in data centres and limited access to relevant information; and
- electronic security, such as passwords, personal identification numbers and encryption.
- We may transfer personal information to third parties for processing. We will require these third parties to safeguard all personal information in a way that is consistent with our principles and as required by law. When we contract with third parties, they are given only the information necessary to perform the services as set out in the contract. The third parties are prohibited from storing, analyzing or using the personal information transferred by Westminster Bank for any other purpose. The third parties are required to protect personal information transferred by Westminster Bank in a manner that is consistent with our privacy principles.
- We will use care when disposing of or destroying personal information in order to prevent unauthorized access to the information.
SECTION 8
Principle – Making information about policies and procedures available to you
We will be open about the procedures used to manage personal information. Individuals will have access to information about these procedures through Westminster Bank’s Privacy Code, by contacting our Associates or by writing to the Privacy Office. The information will be available in a format that is easy to understand.
- We will make this Privacy Code available to the public.
- An electronic version of this Privacy Code is available on Westminster Bank’s website or a copy can be requested by calling one of our Associates.
- Information about this Privacy Code will be available in a format that is easy to understand.
- The contact information of the Associates and the Privacy Office are provided at the beginning of this document in the “Explanation of Terms” section, so you can inquire about Westminster Bank’s personal information practices.
- We may make information about our procedures available in a variety of ways, depending on the nature of the services you are using and the sensitivity of the personal information.
- We make information available on premises, by mail, or email, or provide online access.
SECTION 9
Principle – Access to personal information
When you request it, Westminster Bank will advise what personal information we have in our possession or control about you, what it is being used for and to whom it has been disclosed.
In certain exceptional situations, we may not be able to give individuals access to all of the personal information about them.
- You have the right to know, on request, what personal information we have in our possession or control about you, a right to access that personal information and to know to which third parties we have disclosed that information, subject to legal and regulatory exceptions. Individuals may direct their requests by telephone to our Associates or, in writing, to the Privacy Office.
- We have established procedures for responding to requests for access to personal information. In the unlikely event that we determine that there will be a cost to the individual in granting such access, we shall inform the individual of the reasonable costs permitted by law prior to granting such access.
- To process your request, we may ask you for information to validate your identity and confirm the scope of your request, such as your branch and Account Number, and clarification on the specific information or time period you are requesting.
- If you have a sensory disability, you may request that your personal information be made available in an alternative format.
- If we are prohibited from providing a request for access to personal information, we will advise of the reason for the refusal.
- We may not be able to provide you with access to your personal information in certain circumstances, such as where your request includes personal information about a third party that cannot be removed, or when the information you are requesting is protected by legal privilege.
- Westminster Bank may charge you a nominal access fee depending on the nature of your request. We will advise you of the fee, if any, prior to proceeding with your request.
SECTION 10
Principle – Handling complaints and questions
Individuals may challenge Westminster Bank’s compliance with this Privacy Code. We have policies and procedures to receive, investigate, and respond to individuals’ complaints and questions relating to privacy.
- Individuals are advised to direct their complaints and questions in writing to the Privacy Office.
- We will investigate all complaints. If we find a complaint to be justified, then we will attempt to resolve it.
- If you have an inquiry about Westminster Bank’s privacy practices or how we and our service providers treat your personal information, please contact an Associate or office you deal with or call us. If we are not able to resolve your concern to your satisfaction, you can contact the Privacy Office:
- Westminster Bank has policies and procedures to receive, investigate, and respond to your privacy complaints and questions. We will investigate all complaints we receive and if we find a complaint justified, we will try to resolve it.