"Client," "Client," or "User" means a natural or legal person or another type of entity that registers for the Service or uses the Service as a Client, i.e. you.
"Personal data" is any information about an identified or identifiable natural person.
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
"Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
"GDPR" means the General Data Protection Regulation of the European Union.
"CCPA" means the California Consumer Privacy Act of the United States.
"Sensitive personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or a natural person's sex life or sexual orientation.
"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by an explicit affirmative action, signify agreement to the processing of personal data relating to them.
"Data subject" means the individual to whom the personal data relates.
"Third-party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
"Data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
"Privacy Notice" means a statement or document describing how an organization collects, uses, and shares personal data.
"Privacy Shield" means the framework for transatlantic exchanges of personal data between the European Union and the United States."
Right to be forgotten" means the right of a data subject to have their personal data erased by the data controller.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict factors concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Data portability" means the right of a data subject to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They have the right to transmit those data to another controller without hindrance.
2.1. Categories of Personal Data
The Bank may collect the following categories of personal data:
If you visit the Bank's website ("Site") or the website of its Paxum.com brand for informational purposes only, the Bank will not require you to provide any personal information. You will remain anonymous unless you register for our services or otherwise disclose your identity. However, the Bank may collect and store specific visitor data including, but not limited to, browser type, Internet Protocol ("IP") address, and geo-location information.
Other data may be collected in such cases as:
2.2. Sources of Personal Data
The Bank may collect personal data directly from individuals, third-party service providers, and publicly available sources, from the documentation you submit to us or information you submit to us through our website or other means of electronic communication.
3.1. The Bank may use personal data for the following purposes:
3.2. Profiling and Automated Decision Making
We may use some instances of your data to customize our Services and the information we provide to you and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymized data where ever possible. This activity has no legal effect on you.
We may use Automated Decision Making (ADM) to improve your experience or to help detect and fight financial crime. For example, we may use ADM to verify your identity documents or to confirm the accuracy of the information you provided us to provide you with efficient service. None of our ADM processes have a legal effect on you.
The Bank will only process personal data if it has a lawful basis. The legal bases for processing personal data may include the following:
5.1. Lawfulness, Fairness, and Transparency
The Bank will process personal data lawfully, fairly, and transparently.
5.2. Purpose Limitation
The Bank will only collect personal data for specified, explicit, and legitimate purposes and will not process personal data in a manner that is incompatible with those purposes.
5.3. Data Minimization
The Bank will only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
The Bank will take reasonable steps to ensure that personal data is accurate and up to date.
5.5. Storage Limitation
The Bank will only retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. The Bank must keep all account data for seven (7) years following the closure of an account or account application.
5.6. Integrity and Confidentiality
The Bank will process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
5.7. Individual Rights
Individuals have the following rights regarding their personal data:
5.8. Your Rights
5.8.1. Under the GDPR, you have the following rights with respect to your personal data:
18.104.22.168. The right to be informed: You have the right to know how your personal data is being processed and why.
22.214.171.124. The right of access: You have the right to access your personal data held by us. You can exercise this right by making a request in writing to us.
126.96.36.199. The right to rectification: You have the right to rectify inaccurate or incomplete personal data we hold on you. You can exercise this right by making a request in writing to us.
188.8.131.52. The right to erasure (right to be forgotten): You have the right to have your personal data erased under certain circumstances. You can exercise this right by making a request in writing to us.
184.108.40.206. The right to restrict processing: You have the right to request the restriction or suppression of your personal data. You can exercise this right by making a request in writing to us.
220.127.116.11. The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
18.104.22.168. The right to object: You have the right to object to the processing of your personal data in certain circumstances.
22.214.171.124. The right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of our processing based on your consent before its withdrawal. You grant us consent to process your personal data by agreeing to this policy.
5.8.2. Under the CCPA, you have the following rights with respect to your personal data:
126.96.36.199. The right to know: You have the right to know what personal information we collect, use, disclose, and sell about you.
188.8.131.52. The right to delete: You have the right to request the deletion of your personal information.
184.108.40.206. The right to opt-out: You have the right to opt out of the sale of your personal information. Note that Paxum Bank does not sell your personal information.
220.127.116.11. The right to non-discrimination: You have the right not to be discriminated against for exercising your privacy rights under the CCPA.
Paxum Bank reserves the right to restrict certain information being sent to you, which is not about you should the Bank consider certain information a trade secret or if it infringes on another person's privacy rights. For example, if you request a list of all Paxum Bank employees who have access to your personal data, we will not be able to accommodate your request due to the privacy rights of those employees.
Paxum Bank reserves the right to restrict certain information about you being sent to you if the Bank determines that sending such information to you does not fall under the purview of your data rights or if it is unlawful for the Bank to send information about you to you.
6.1. Transfer Mechanisms
The Bank may transfer personal data to countries outside Dominica, the EU/EEA, and the United States, where data protection laws may offer a different level of protection than those in the regions mentioned above. In such cases, the Bank will ensure that adequate safeguards are in place to protect personal data, such as:
6.2. Data Subject Requests
Data subjects have the right to access their personal data, as well as to request the correction, erasure, or restriction of processing of their personal data. Data subjects also have the right to object to the processing of their personal data, as well as the right to data portability.
To exercise these rights, data subjects should contact the Bank's Data Protection Officer (DPO) using the contact details provided in section 10.
7.1. Technical and Organizational Measures
7.1.1. The Bank is committed to ensuring the security and confidentiality of personal data. The Bank will implement appropriate technical and organizational measures to protect personal data from unauthorized access, accidental loss, destruction, or damage.
Such measures may include:
7.2. Third-Party Service Providers
The Bank may engage third-party service providers to process personal data on its behalf, such as IT service providers, cloud service providers, or payment processors. The Bank will ensure that such third-party service providers offer sufficient guarantees to implement appropriate technical and organizational measures to ensure the security of personal data.
The Bank will enter into written agreements with such third-party service providers that include provisions requiring them to implement appropriate technical and organizational measures to ensure the security of personal data and to process personal data only in accordance with the Bank's instructions.
7.3. How the Bank Protects your Personal Information
The Bank has implemented technical and managerial procedures to maintain accurate, current and complete information as well as to protect personal information from loss, misuse or alteration when it is under the Bank's control.
Personally identifiable information will be stored on the Bank's secure servers or third-party servers in secure data centers. The Bank has ensured that or has confirmed that third parties maintaining the servers have appropriate safeguards such as firewalls and data encryption and that proper physical access controls to the files are enforced. The Bank authorizes access to personal information only for those employees who require it to fulfill their job responsibilities.
Personal information is also password protected so that access is limited to Clients and those with whom a Client shares their password, the Bank, and third-party access facilitated by the Bank in relation to the performance of the services offered.
The Bank has also taken steps to protect the integrity of its Clients' personal financial information when they initiate a transaction on the Bank's Site.
Despite the Bank's reasonable efforts to protect personal information, the Bank cannot guarantee that personal information will not be accessed, disclosed, altered or destroyed.
8.1. Because we're a regulated financial institution, Paxum Bank is obliged to store some of your personal and transactional data for up to 7 years following the closure of your account. Only a small number of our employees can see that data, and they'll only look at it if they need to. We always delete information that we no longer need. And everything we need to keep is subject to the highest levels of security.
Please note: Retention periods could be subject to change, depending on where you live, changes to regulatory requirements, or other legal obligations with which we need to comply.
8.2. Paxum Bank is required to retain all data associated with accounts determined to have been opened for seven years following account closure.
8.3. In the event of identity theft, the Bank remains obligated to retain personal data submitted to the Bank, regardless of the circumstances of the identity theft.
8.4. Basis of Retention: Even if you exercise your right to request data erasure vis-à-vis your personal data held by Paxum Bank, we may not be able to accommodate your request to other legal obligations of the Bank, including data retention for the purposes of complying with the Proceeds of Crime Act (2014) and its associated regulations and amendments.
For example, if you wish to exercise your rights under GDPR to request the erasure of your data, you should keep in mind that Paxum Bank is entitled to retain all records related to natural and legal persons who apply for or who obtain a Paxum Bank account under:
Recital 19 of the GDPR
Article 6.1c of the GDPR
Article 6.1e of the GDPR
Article 17.3 of the GDPR
We are entitled to retain your personal data, including sensitive personal data, because we are obliged to keep your data on file for a period of 7 years following the closure of your account to meet our legal obligations under the Proceeds of Crime Act (2014) and associated legislation and regulations.
Paxum Bank also reserves the right to refuse a data erasure request following the data retention period in rare circumstances where it has a legal obligation to retain that data.
9.1. Data Protection Officer
The Bank has appointed a Data Protection Officer (DPO) who is responsible for overseeing the Bank's compliance with data protection laws and for addressing any inquiries or complaints regarding the Bank's processing of personal data.
The DPO can be contacted at:
firstname.lastname@example.org, where the request is for Paxum Bank Services.
email@example.com, where the request is for Paxum.com Services.
9.2. Other Contact Information
Data subjects can contact their local Data Protection Commission or local equivalent with questions about their personal data and lodge complaints or submit information requests. Below is a non-exhaustive list of Data Protection Commissions and their contact information: list of countries
If you would like to know more about your rights as a data subject, regardless of whether it relates to your account with Paxum Bank, a useful list of resources pertaining to data subject rights in various countries can be found here.