Polaris Bank is committed to maintaining the highest degree of confidentiality in all information provided to the Bank during your communication/contact with us. This policy relates to all information provided through our website (www.polarisbanklimited.com) and other contact channels. As a customer of Polaris Bank, you have attested to our privacy and confidentiality agreement as contained on your account opening forms. By continuing to use our website and other customer contact channels, you accept and consent to our privacy practices described in this document.
- Specification of personal data being collected where this has not been explicitly defined in the medium being used (e.g. through named fields in forms)
- Purpose of collection of Personal Data
- Methods used to collect, store and process the personal data
- Access by third parties and the purpose of such access
- The Bank’s commitment to ensuring protection of the Personal Data
Security and Confidentiality
At Polaris Bank we take reasonable precautions to secure Personal Data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access. These precautions include technical, physical and organizational security measures to prevent unauthorized access.
Protecting the Rights of Data Subject
Individuals have rights when it comes to our handling of their Personal Data. Those rights include:
- The right to request for access to their Personal Data where those requests are reasonable and permitted by law or regulation. Polaris Bank shall provide reasonable and accessible means for Individuals to submit their requests, which do not have to take any specific form and can be submitted by any method. The Bank shall take appropriate measures to provide the requested information in writing, through electronic means or orally, in line with request of the Data Subject, provided that the identity of the Data Subject has been verified. The Bank shall provide such information free of charge, except where it has been demonstrated that the requests are unfounded and excessive. Where the Bank has reasonable doubts concerning the individual making the request, the Bank may request the provision of additional information necessary to confirm the identity of the Data Subject. Within 30 days of validating the identity of any Individual submitting a request for access to their Personal Data, the Bank shall provide the requested information, or provide legitimate reasons for not complying with their request.
- The right to request that the Bank erase their Personal Data if it is no longer valid or necessary for the purposes for which it was collected or if it is incomplete or inaccurate. The Bank shall delete such Personal Data based on request from the Data Subject and shall take reasonable steps to notify all Third Parties to delete such Personal Data.
- The right to rectify or amend inaccurate or incomplete Personal Data.
- The right to withdraw their Consent at any time.
- The right to object to the Bank’s processing of their Personal Data if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation. Individuals have the right to object to the Bank’s processing of their Personal Data for direct marketing purposes.
- The right to obtain restriction of the Bank’s processing of their Personal Data if one of the following applies: (i) the accuracy of the Personal Data is contested, (ii) the processing is unlawful, (iii) the Controller no longer needs the Personal Data for the purposes of processing, and (iv) the Individual has objected to the processing as set out above.
- The right to receive their Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
Sensitive Personal Data
Polaris Bank Personnel shall not process Sensitive Personal Data unless one of the following legal basis is met:
- The Individual gave explicit consent to the data
- Processing concerns data explicitly made public by the
Note: to process special categories of data, a contractual relationship with the data subject is thus not viewed as a legal basis for the legitimate processing of sensitive data, except for a contract with a health professional subject to the obligation of professional secrecy.
Privacy of Children
Polaris Bank Policy shall respect the privacy of children and will not directly collect names, email addresses or any other personally identifiable information from children. The bank do not knowingly market to children nor do we allow children under 18 to open online accounts." All transaction for children are carried out by parents or guardians to the account
Processing Personal Data for Marketing Purposes
Polaris Bank Personnel will not process Personal Data for the purposes of direct marketing, unless the individual gave a valid consent and effective procedures are implemented allowing Individuals to withdraw their consent at any time.
Transfer / Disclosure of Personal Data
Polaris Bank shall transfer to third parties on your behalf within and outside Nigeria for legitimate business activities in accordance with Data Protection Laws and professional standards.
In some circumstances the Bank may have legal obligation to share information for law enforcement purposes, such as to cooperate with investigations or in line with a court order. Subject to the provisions of applicable law, Personal Data may be provided to the following entities
- Central Bank of Nigeria (CBN)
- Economic and Financial Crimes Commission (EFCC)
- Nigeria Deposit Insurance Corporation (NDIC)
- Nigerian Police Force
- Judicial Court
- Professional Bodies
- Other regulatory and law bodies
Third Party Transfers
Polaris Bank will ensure that any transfer of Personal Data to a Third Party is governed by written agreements with third parties that impose obligations that reflect the requirements of Data Protection Laws and this Policy.
Polaris Bank shall not transfer Personal Data to another country or organization outside Nigeria unless the Company is satisfied that the Personal Data is adequately protected in accordance with Data Protection Laws. The Bank shall rely on the decision of the Relevant Authorities and the Honorable Attorney General of the Federation (HAGF) in determining which countries or foreign jurisdictions have implemented adequate safeguards for the protection of Personal Data. Where there is no decision by the Relevant Authorities or HAGF, the Bank may transfer Personal Data to a foreign country, provided any of the following conditions are met:
- that the Data Subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers;
- the transfer is necessary for the performance of a contract between the Data Subject and the Controller or the implementation of pre-contractual measures taken at the Data Subject's request;
- the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Controller and another natural or legal person;
- the transfer is necessary for important reasons of public interest;
- the transfer is necessary for the establishment, exercise or defense of legal claims; and
- the transfer is necessary in order to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving consent; provided, in all circumstances, that the Data Subject has been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this provision shall not apply to any instance where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third country.
Cookies are a kind of short-term memory for the web. They are stored in your browser and enable a site to ‘remember’ little bits of information between pages or visits. Cookies can be used by web servers to identify and track users as they navigate different pages on a website, and to identify users returning to a website. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Polaris Bank shall use both the Session Cookies (which expire once you close your web browser) and Persistent Cookies (which stay on your device until you delete them) for the following reasons:
(a) Functionality: These cookies enable technical performance of bank’s websites and allow users to ‘remember’ the choices and preferences they make.
(b) Performance/Analytical: These cookies allow the bank to collect certain information about how users navigate the sites. They provide assistance to understand which parts of the websites are interesting to users and which are not as well as what we can be done to improve the sites.
Summarily, cookies shall be used for the following purposes:
- To recognize your computer when you visit our website,
- To track you as you navigate our website,
- To improve the website’s usability i.e. Our live chat application to answer questions you have in real time,
- To analyze the use of our website - such as how many people visit us each day,
- In the administration of our website.
Although it is recommended that cookies should not be disable on the Bank’s websites, data subjects have the rights to disable cookies by adjusting the settings on the browser.
Any question regarding this policy or the Bank’s personnel rights and obligations can be addressed to the DPO at firstname.lastname@example.org.