Privacy Notice - JNGI

Privacy Notice

Privacy Notice This privacy notice is to let you know how we manage your personal information at The Jamaica National Group. This is information that we collect when you establish and maintain a relationship with us. This notice also tells you about your privacy rights and how the law protects you.

OUR AGREEMENT WITH YOU As a customer, you agree to us collecting, using and appropriately disclosing your personal information in accordance with our contract with you. We may change our products and services at any time without notice, and consequently, our Privacy Notice may be updated at any time in the future. Continued use of our products and services implies ongoing acknowledgement and consent to same.

OUR PRIVACY PROMISE TO YOU We will:

  1. Secure and protect your personal information;
  2. Not disclose your personal information outside the JN Group without your consent;
  3. Enable you to express your preferences so that you can manage how we use your personal information.

WHO WE ARE The Jamaica National Group Limited (“JN Group”) consists of member companies which are set up as separate legal entities. These companies provide services including banking, insurance, investment management, money remittance, bill payment, information technology and fleet management.

Based on our global presence, we are subject to the varying requirements of data protection legislation in the jurisdictions where we operate. Our aim is to be as consistent as possible as we obey all applicable laws and apply the highest standard of privacy laws to our approach.

The Data Protection Act of Jamaica (DPA) is applicable to all JN Group companies that operate in Jamaica.  Where the DPA does not provide sufficient guidance, we will be guided by the principles and requirements of the General Data Protection Regulation of the UK/EU (GDPR), adjusted, if necessary, to the local environment.  The GDPR is recognised as the de-facto international standard of data protection.  Where necessary, we will also be guided by the principles and requirements of the data protection legislation and by any other relevant legislation in other legislative jurisdictions within which the JN Group operates.

WHAT INFORMATION DO WE COLLECT? We gather various types of information that may identify you as an individual (“personal information”). The information collected depends on the entity providing the service, as well as the service requested.

We collect your information in the following circumstances:

  • When you request information about our products and services;
  • When you apply for our products and services;
  • When you talk to us on the phone or in branch, including recorded calls and notes we make;
  • When you use our websites, web chats and mobile device apps;
  • When you send emails and letters;
  • When you submit insurance claims or other documents;
  • When you participate in customer surveys;
  • When you take part in our competitions or promotions.
  • When you register or apply for benefits under our rewards programs.

We may also collect data when you use our services. This data collection covers two areas:

  1. details about how and where you access our services and
  2. account activity that is shown on your statement as follows:
  • Payments and Transactions: This includes the amount, frequency, type, location, origin and recipients. If you borrow money, it also includes details of repayment and whether they are made on time and in full.
  • Profile and Usage of Information: This includes any security details you create and use to connect to our services. It also includes your settings and marketing choices. Additionally, we gather statistical data about your browsing actions and patterns, from the devices you use (such as computers and mobile phones) to connect to our internet, mobile and telephone banking services. We may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers.

HOW DO WE USE YOUR PERSONAL INFORMATION We may use the information we collect from our customers and their users in connection with the services we provide for a range of reasons, including to:

  • provide, operate and maintain the services;
  • process and complete transactions, and send related information, including transaction confirmations and invoices;
  • manage our customers’ use of the services, respond to enquiries and comments, and provide customer service and support;
  • send customers technical alerts, updates, security notifications, and administrative communications;
  • verify the identity of customers;
  • investigate and prevent fraudulent activities, unauthorized access to the services, and other illegal activities; and
  • perform any other functions about which we notify customers and users.

Below we detail the main ways in which JN Group may use your personal information and the reasons for collecting your information.

What we collect your data forHow we use your data that we collectOur reasons for collecting your data
Establishing a relationshipTo provide our Products and/or Services1. Keeping our records up to date, working out which of our products and services may interest you and telling you about them 2. Seeking your consent when we need it to contact you 3. Defining types of customers for new products or services 4. Developing products and services, and what we charge for them 5. Being efficient about how we fulfill our legal and contractual duties
Maintaining a relationshipUpdate customer personal data.
Update contractual agreement terms and conditions.
Offers related to our existing contract with you.
Marketing and Product DevelopmentTo test new products.
To manage how we work with other companies that provide services to us and our customers.
To develop new ways to meet our customers’ needs.
To communicate to you, information related to our products and services.
Transaction Processing/ Business OperationsTo execute business in accordance with industry best practice.1. Being efficient about how we fulfill our legal and contractual duties 2. Complying with rules and guidance from regulators
To deliver our products and services.
To facilitate and manage customer transactions.
To manage fees, charges and interest due on customer accounts.
To manage accounts receivables / payables.
To manage and provide treasury and investment products and services.
Regulatory Requirements and GovernanceTo adhere to laws and regulations that applies to us.1. To ensure adherence to internal controls and external regulatory requirements 2. Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect
To detect, investigate, report, and seek to prevent financial crime.
To manage risk for us and our customers.
To respond to complaints and seek to resolve them
Legal ProceedingsCustomer Complaints1. Manage and advise on customers’ legal queries or issues 2. Execute legal actions or query on behalf of client 3. Execute transfers on behalf of client (property, etc.) 4. Use any special categories of data as needed to establish, exercise or defend legal claims
Transaction Processes
      Conveyance
    Other Legal Proceedings

WHAT LAWFUL BASIS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA In accordance with the law, our internal procedures for processing (collecting, storing and securing) your personal information are governed by controls, which ensure the protection and security of your personal information. The law allows us to use personal information based on lawful bases for legitimate purposes. The following are the lawful bases upon which we process data:

  • Processing is necessary for fulfilment and performance of a contract to which you are a party. We process your personal information to open accounts, maintain account details, perform administrative tasks and provide services.
  • Processing is necessary for compliance with a legal obligation or duty.When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account or provide services to you.
  • Processing is necessary for the purposes of our legitimate interests or that of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Our use of your personal information may also be based on our legitimate interest to ensure network and information security if you use any of our systems; provide you with the most appropriate products and services (direct marketing); and make available reports (risk, financial, accounting, etc.) to internal management and supervisory bodies.
  • Consent is given.Your personal information may be processed for certain services, based on your request or agreement. Consent is received at that point to provide these services, and therefore, process your information. For example, putting a standing order in place on your account or adding a vehicle to your motor insurance policy.

JN Group companies may process personal information based on any of the above, in order to provide their services to you.

WHEN DO WE SHARE PERSONAL DATA We do not rent or sell your personal information to anyone. We may share your information, including how we manage your account(s) or visits to our website, with other companies within the JN Group and/or with relevant third parties, and as permitted by law, including, but not limited to the following:

  1. People who provide a service to us or are acting as our agents, on the understanding that they will keep your information strictly confidential and, otherwise, process it in accordance with data protection rules.
  2. Anyone, to whom we transfer or may transfer all or any part of our business or assets; from whom we acquire any business or assets; or who acquires substantially all of the assets of the JN Group.
  3. Credit reference and fraud prevention agencies.
  4. We may also provide information about you if we have a duty to do so to comply with any legal obligation, or to enforce or apply our terms of use, or if the law allows us so to do.

If a JN Group company receives your personal information and subsequently transfers that information to a third-party agent or service provider for processing, JN Group remains committed to ensuring that such third-party agent or service providers processes your personal information to the standard required to meet the DPA and/or other applicable privacy laws.

INTERNATIONAL DATA TRANSFERS We will only send your data outside of Jamaica or outside of the European Economic Area (‘EEA’) or any outside of any other area within which we operate in the following circumstances:

  1. to follow your instructions,
  2. to comply with a legal duty or
  3. to work with our service providers who help us to manage your accounts and to provide you with services.

These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information on the basis that anyone to whom we pass the information protects it in the same way we would and in accordance with this privacy notice and applicable laws. All international transfers outside of Jamaica are protected by contract clauses approved by the Information Commissioner. All international transfers outside the EU are protected by EU-based model contract clauses, where there are terms approved by the EU commission.

HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements. We normally keep customer account records for up to seven years after your relationship with JN Bank ends, then the information is securely destroyed.

We have CCTV at the different entities in various locations. CCTV recordings are kept until the storage is full and then they are overwritten. We have some cameras that take constant images and some that are activated by motion, consequently causing our retention policy to vary by premises. Our retention policy for CCTV footage varies between 14-90 days depending on the location and nature of recording. We will supply footage if we have it, but do not commit to supplying any footage over 14 days.

Job applicant’s data is kept only for the duration of the application process, and then it is destroyed if the applicant is unsuccessful.

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. For example, we have to hold pension transfer information indefinitely; and if you apply for insurance cover through us we may keep insurance claims data for up to 15 years after you stop being a customer.

YOUR RIGHTS IN RELATION TO PERSONAL DATA

Your RightsMeaning
The right to access your personal dataYou have the right to be informed whether, and to what extent, we process your data. Subject to certain exceptions, you have the right to obtain a confirmation as to whether we process your personal data, and if we do, request access to your data.
The right to consent to processingYou have the right to consent to the processing of your personal data. If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal
The right to prevent processingYou have the right to object to the processing of your personal data in certain situations.
Rights in relation to automated decision makingYou have the right to object to decisions based exclusively on the automated processing of your personal data.
The right to rectificationIf the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.

HOW CAN I EXERCISE MY DATA SUBJECT RIGHTS? If you would like to access, review, update, rectify, and delete any personal information we hold about you, or exercise any other data subject right available to you under the DPA, GDPR or any other applicable data protection law, you may obtain contact information from the “How to Contact Us” section of this privacy notice. We will examine your request and respond to you as quickly as possible and in accordance with the relevant law.

Please note that we may still use any aggregated and de-identified personal information that does not identify any individual. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

USE OF AUTOMATED DECISION-MAKING AND PROFILING We sometimes use systems to make automated decisions about you or your business. This helps us to make sure our decisions are quick, fair, efficient and correct based on what we know. Automated decisions can affect the products, services or features we may offer you now or in the future. They are based on personal information that we have or that we are allowed to collect from others. Here are the types of automated decision we make:

Pricing 
We may decide what to charge for some products and services based on what we know. This will help us decide whether to offer you the product and what price to charge you.

Tailoring Products, Services, Offers and Marketing We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs and behaviours, and to make decisions based on what we learn. This helps us to design products, services and offers for different customer segments, and to manage our relationships with them. It also helps us tailor the information that individuals receive or see on our own and other websites and mobile apps, including social media.

Detecting Fraud We use your personal information to help decide if your personal or business accounts or customer relationships may be being used for fraud or money-laundering. We may detect that an account or customer relationship is being used in ways that fraudsters work. Additionally, we may notice that an account or customer relationship is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the account or customer relationship, or refuse access to it.

Opening Accounts or Establishing Customer Relationships When you open an account or establish a customer relationship with us, we check that the product or service is relevant to you, based on what we know. We also check that you or your business meets the conditions needed to open the account or customer relationship.

Credit Provision If we provide credit to you, we will use your personal information to assess the outcome of the decision to grant you a credit.

To help us make decisions on when to give you credit, we need a credit score to assess your application. To work out your credit score, we look at information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available net income and existing debts.

You have right in relation to automated decision making, including a right to appeal if your application is refused.

HOW TO CONTACT US We are committed to the protection of your privacy rights and of your personal information. If you have any questions or require more details about how we use your personal information please see below:

  • Contact our Member Ombudsman at 876-936-0262
  • Write to us at 2-4 Constant Spring Road, Kingston 10, Jamaica
  • Contact our Call Centre at
    • JAM: 876-926-1344-9
    • CAN: 416-789-6675
    • USA: 305-593-7967/954-535-5767
  • WhatsApp us at 876-499-1605
  • Email us at helpdesk@jngroup.com

You can also contact our Data Protection Officer:

Anthony Robinson
JN Group Data Protection Officer
c/o JN Group
2-4 Constant Spring Road
Kingston 10
Jamaica
E-mail address: jngroupdpo@jngroup.com

Please let us know if you are unhappy with how we have used your personal information.  You can contact us by visiting any of our locations where you will be assisted to lodge a formal complaint, or you can use our online complaint form on our website at https://www.jngroup.com/complaint-form.

You also have the right to make a complaint to an UK regulator if you are resident in the UK. If you are unhappy about the way we have dealt with your privacy, you can contact our UK Data Protection Officer or make a complaint to the Information Commissioners Office. Find out on their website how to report a concern or write to:

DPO@jnouk.com
Barry McCormack
JN Bank Representative Office
Unit 220 Elephant and Castle Shopping Centre
Elephant & Castle
London
SE16TE

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF
Helpline number: 0044 (0)303 123 1113

Changes to this privacy statement occur from time to time as the business develops and grows and adds more processing. You are encouraged to check back regularly to see any changes that may have occurred.

USE OF COOKIES AND OTHER TECHNOLOGIES We use cookies and other internet tracking software to collect data while you are using our websites or mobile apps. Cookies allow us to store information about the computer device you use to access our website so that you can conduct business with us easily. They allow us to recognise when you revisit our websites and to evaluate our websites’ advertising and promotional effectiveness. We use both our own (first party) and partner companies’ (third party) cookies to support this activity.

We do not use Cookies to:

  • track your internet usage after leaving the website
  • store personal information others may read and understand.

Processing of personal data associated with the use of these cookies occurs based on our legitimate Interests to administer the website.

Our cookies are listed below.

Cookie NameRetention TimeDescription
_ga2 yearsThis is a Google Analytics cookie used to distinguish users.
_gid24 hoursThis is a Google Analytics cookie used to distinguish users and its main purpose is for performance of the site.
_gat1 minuteThis is a Google Analytics cookie used to throttle the request rate limiting the collection of data on high traffic sites.
moove_gdpr_popup1 yearStores your cookie consent state for the current domain

You can deactivate the non-technical cookies by not consenting to non-essential cookies when your first visit the site. When you first visit the site, it gives you an opportunity to opt-in or opt-out of cookies.

You may also set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookies preferences for the most common browsers can be found at:

You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google analytics cookies and the associated data processing. You can find the Opt-out browser add-on here.

https://tools.google.com/dlpage/gaoptout

You can find the Google privacy notice here.

Google Analytics privacy notice.

LINKING TO OTHER WEBSITES / THIRD PARTY CONTENT For your convenience, hyperlinks may be posted on the website that link to other websites. We are not responsible for these sites, and this privacy notice does not apply to, the privacy practices of any linked sites or of any companies that we do not own or control. Linked sites may collect information in addition to that which we collect on our website. We encourage you to seek out and read the privacy notice of each linked site that you visit to understand how the information that is collected about you is used and protected.

INFORMATION PERTAINING TO CHILDREN We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for our services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Information, please contact us a soon as possible. You can find the information in the “Contact us” section of this privacy statement.