1. Introduction
Asprofin Bank (License No. 2779) is authorized and regulated by the Financial Services Unit of the Commonwealth of Dominica and is headquartered at 7 Turkey Lane, Roseau, Dominica. The Bank takes the privacy and security of your personal information seriously. This Privacy Policy explains how the Bank collects, uses, discloses, and protects personal data in the course of providing banking and financial services. By using our services or accessing our website, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.
2. Personal Data We Collect
2.1. Categories of Personal Data
The Bank may collect and process the following categories of personal data:
• Identifying information: Name, physical address, email address, telephone number, date of birth, and government-issued identification numbers (for example, passport number or national ID number).
• Financial information: Bank account details, credit or debit card information, transaction data, account balances, and payment history.
• Employment and business information: Job title, employer or company name, business address, and annual income. For corporate clients, this includes information about beneficial owners, directors, and authorized representatives.
• Electronic and network information: IP addresses, device information (such as device IDs and operating system), browser type, and log data when accessing the Bank’s online services or website.
• Other personal data: Any additional personal data you provide, such as information collected through client surveys, feedback forms, or during customer support interactions.
• Sensitive personal data: Where required for legal compliance (for example, anti-money laundering or fraud prevention), the Bank may collect sensitive data such as copies of identification documents, biometric data (for identity verification), or information about an individual’s financial status.
If you visit the Bank’s website or use its online services without registering for an account, the Bank does not intentionally collect personally identifiable information about you. The Bank may, however, automatically collect non-identifiable technical data such as your IP address, geolocation (derived from IP address), browser type, and access logs for security, analytics, and maintenance purposes.
The Bank may collect data in other circumstances, including:
• Account opening: When you apply for an account or service, we collect the personal data necessary to process your application. This typically includes your name, contact information, date of birth, nationality, occupation, tax identification number, and source of funds.
• Corporate account opening: When a company or other legal entity opens an account, the Bank collects personal data for the company’s owners, directors, and authorized officers. This includes their names, addresses, dates of birth, and identification documents.
• Ongoing compliance: Throughout the client relationship, the Bank may require updated information to meet legal and regulatory requirements. For example, we may ask for updated contact details or proof of address (such as utility bills or bank statements) to verify your identity. We may also obtain information from third-party providers (such as credit bureaus, identity verification services, or fraud detection providers) to verify or supplement the information you provide.
• Surveys and feedback: If you choose to participate in a Bank survey or feedback program, we will collect any personal data you provide (such as your name and comments) to help improve our services. Participation is voluntary, and you can opt out at any time.
• Customer support and inquiries: When you contact customer service or support, we collect your name, contact information, account number (if applicable), and details of your inquiry or issue to address and resolve your request.
2.2. Sources of Personal Data
We obtain personal data from various sources, including:
• Directly from you: Data you provide when you open an account, apply for a service, or communicate with the Bank (for example, via application forms, email, or telephone).
• Third-party service providers: Data from third parties that perform services for the Bank, such as credit reference agencies, identity verification companies, or fraud prevention services.
• Public sources: Information available in public records or registries, which may be used for identity verification or due diligence.
• Website and mobile applications: Information collected automatically when you use our website or mobile apps (as described above).
• Government and regulatory authorities: Data obtained from government or regulatory entities when required by law (for example, sanctions lists or law enforcement requests).
3. How We Use Personal Data
The Bank processes personal data for legitimate business purposes, including:
• Account management and services: to open and maintain accounts, process transactions (such as deposits, withdrawals, payments, and transfers), issue statements, and otherwise provide the banking services you have requested.
• Customer communication: to communicate with you regarding your account and services, including sending transaction alerts, notices, updates, or confirmations.
• Identity verification and due diligence: to verify your identity and perform background checks as required by law (such as Anti-Money Laundering and Know Your Customer regulations) when you open an account or conduct certain transactions.
• Compliance and legal obligations: to comply with applicable laws and regulations. For example, we process personal data to meet reporting requirements under Dominican law, including the Money Laundering (Prevention) Act No. 8 of 2011 and the Proceeds of Crime Act No. 4 of 1993. This includes screening clients against sanctions lists and reporting suspicious activities.
• Security and fraud prevention: to monitor and analyze transactions for suspicious or fraudulent activity, and to maintain the security of the Bank’s systems and clients. This helps prevent unauthorized access and financial crime.
• Business operations and analytics: to conduct internal functions such as auditing, accounting, and record-keeping. We may also use aggregated or pseudonymized data for statistical analysis and business planning without identifying individual clients.
• Product and service improvement: to improve our existing products and services and to develop new ones based on client needs and feedback. We may analyze usage patterns and customer feedback to tailor our offerings.
• Marketing and promotions: to send you information about new products, services, promotions, or events that may be of interest to you, subject to your consent. You may opt in or out of marketing communications as described below.
• Legal processes and dispute resolution: to comply with legal requests (such as subpoenas or court orders) and to establish, exercise, or defend our legal rights.
The Bank will not use personal data for purposes incompatible with those described above without informing you and, where required, obtaining your consent.
4. Automated Processing and Profiling
The Bank may use automated methods to analyze or make decisions based on your personal data, as described below:
• Service customization: We may analyze anonymized or pseudonymized data about your transaction history and usage patterns to provide you with personalized information about our services (for example, notifying you about currency exchange options based on your transaction history). This automated processing is intended to enhance your experience and does not adversely affect your rights.
• Identity verification and fraud detection: The Bank employs automated systems and algorithms to verify identification documents and detect anomalies in account information or transactions. For instance, our systems may check the authenticity of a scanned passport or flag unusual transaction behavior. These automated checks are used to enhance security and compliance but do not make final decisions about your account.
• Automated customer support: Certain routine inquiries or requests may be initially handled by automated systems (such as chatbots or interactive voice response). You always have the option to request assistance from a Bank representative.
5. Legal Basis for Processing Personal Data
The Bank processes personal data only when it has a lawful basis under applicable law. These legal bases include:
• Contractual necessity: Processing that is necessary to perform our contract with you. For example, processing your personal data to open an account or process a transaction that you have requested.
• Legal and regulatory compliance: Processing necessary to comply with laws and regulations of Dominica. For example, the Bank is required to verify client identities, maintain transaction records, and file reports under the Money Laundering (Prevention) Act No. 8 of 2011, the Proceeds of Crime Act No. 4 of 1993, and other applicable laws.
• Legitimate interests: Processing necessary for the Bank’s legitimate business interests, provided those interests do not override your privacy rights. Examples include protecting the security of our systems, preventing fraud, developing new banking products, and safeguarding the Bank’s legal rights.
• Consent: In limited cases (such as certain marketing communications or optional services), we rely on your consent to process personal data. You may withdraw your consent at any time, subject to any legal or contractual restrictions and with reasonable notice.
6. Data Protection Principles
The Bank adheres to the following principles in handling personal data:
• Lawfulness, fairness, and transparency: Personal data is processed in a lawful manner and in accordance with this Privacy Policy. We are transparent about the purposes for which we use your data.
• Purpose limitation: We collect personal data only for specific, explicit, and legitimate purposes (as described in this policy). We will not use your data for purposes incompatible with those for which it was collected.
• Data minimization: We collect and retain only the personal data that is necessary for the purposes. We do not collect or retain data that is irrelevant or excessive.
• Accuracy: We take reasonable steps to ensure that personal data is accurate, complete, and up to date. You should inform us if your personal information changes.
• Storage limitation: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and regulatory requirements (such as record-keeping obligations). After this period, we securely delete or anonymize the data.
• Integrity and confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
• Accountability: The Bank is responsible for complying with these principles and can demonstrate its compliance.
7. Your Rights
Subject to applicable law, you may have the following rights with respect to your personal data:
• Right to access: You can request confirmation of whether the Bank holds your personal data and obtain a copy of that data.
• Right to correction: You can request that the Bank correct or update any inaccurate or incomplete personal data it holds about you.
• Right to erasure: You may ask the Bank to delete your personal data when it is no longer needed for the purposes it was collected, and no legal obligations require its retention. The Bank may refuse a deletion request if it must retain the data to comply with legal obligations (for example, under anti-money laundering or tax laws) or for other legitimate reasons.
• Right to restrict processing: You can request a temporary restriction on processing of your personal data (for example, if you dispute the accuracy of the data while it is verified).
• Right to object: You can object to the processing of your personal data when such processing is based on the Bank’s legitimate interests. Upon receiving an objection, the Bank will cease processing personal data for that purpose unless it demonstrates compelling lawful grounds for continuing.
• Right to data portability: To the extent applicable, you can request that the Bank provide your personal data to you or a third party in a structured, machine-readable format. This right applies when the Bank’s processing is based on your consent or a contract and the processing is carried out by automated means.
• Right to withdraw consent: If any processing of your personal data is based on your consent, you may withdraw your consent at any time by contacting the Bank. Withdrawal of consent does not affect processing that occurred before the withdrawal.
To exercise any of these rights, please contact us as described in Section 12 (Contact Information). We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may require proof of identity to ensure that personal data is not disclosed to unauthorized individuals.
8. International Data Transfers
Asprofin Bank may process and store personal data on servers located outside the Commonwealth of Dominica (for example, with cloud service providers or affiliates in other countries). When personal data is transferred to jurisdictions outside Dominica, the Bank ensures that appropriate safeguards are in place. Such safeguards may include:
• Adequacy: Transferring data only to countries that provide an adequate level of data protection.
• Contractual clauses: Using data transfer agreements with standard data protection clauses to require recipients to protect personal data in accordance with this Privacy Policy.
• Organizational policies: Requiring service providers or affiliates outside Dominica to apply the same or equivalent level of data protection as required by this policy.
In all cases, the Bank uses encryption and other technical measures to protect personal data in transit and storage, regardless of location. You consent to these transfers when you use the Bank’s services.
9. Data Security
The Bank is committed to safeguarding personal data. We have implemented the following security measures:
• Access controls: Access to personal data is restricted to authorized personnel only. Each authorized employee has unique login credentials and access rights appropriate to their role. Access privileges are regularly reviewed.
• Encryption: Personal data transmitted between you and the Bank’s online services is protected by encryption (for example, via HTTPS/SSL). Sensitive data stored by the Bank (such as account credentials) is encrypted at rest.
• Network and system security: The Bank uses firewalls, intrusion detection and prevention systems, and anti-malware software to protect its network and servers. Systems are regularly tested and monitored for vulnerabilities.
• Physical security: The Bank’s data centers and offices are secured with controlled access, surveillance, and environmental protections (such as climate control and fire suppression).
• Data backups and disaster recovery: We maintain regular backups of personal data and have disaster recovery plans to restore data and operations in the event of an incident.
• Employee training and policies: Bank employees are trained on data privacy and security practices. We enforce confidentiality agreements and have policies governing the use of personal data.
• Third-party security: The Bank carefully selects third-party service providers that process personal data on our behalf. We conduct due diligence and require them to adhere to strict security requirements and this Privacy Policy.
Despite our efforts, no security measure can provide absolute protection. However, we use commercially reasonable methods to protect personal data.
10. Data Retention
Asprofin Bank is required by law and regulation to retain certain information. We generally retain personal data and account records for the following periods:
• Seven-year retention: The Bank retains customer account information, transaction records, and KYC documentation for a minimum of seven (7) years following the closure or last activity of the account, as required by law (for example, under the Money Laundering (Prevention) Act No. 8 of 2011 and its regulations).
• Account status: An account is considered “open” once an account application has been accepted by the Bank. The seven-year retention period begins after the account is closed or deemed inactive.
• Deletion requests: If you request deletion of your personal data, the Bank will comply where feasible. However, we may be required to retain certain data to comply with legal obligations (including anti-money laundering, tax, or legal requirements) and to protect our legitimate interests (such as resolving disputes or enforcing contracts).
• Periodic review: We periodically review the personal data we hold and securely dispose of data that is no longer needed for its original purpose or for compliance.
When the retention period expires, personal data is securely deleted or anonymized. For example, electronic records are securely erased or encrypted, and paper records are shredded or incinerated to prevent reconstruction.
11. Changes to this Privacy Policy
The Bank reserves the right to amend or update this Privacy Policy at any time. When we make changes, we will update the “Last updated” date at the top of this document. We will notify you of any material changes by posting the new policy on our website and, if appropriate, by sending a notification (such as an email). You are encouraged to review this Privacy Policy periodically to stay informed about how we are protecting your information.
12. Contact Information
If you have questions or concerns about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer at:
Asprofin Bank (Dominica)
7 Turkey Lane, Roseau
Commonwealth of Dominica
Email: privacy@asprofinbank.org
Phone: +1 (919) 885-1222
We will respond to your inquiry in a timely manner and in accordance with applicable law.
© 2025 Asprofin Bank. All rights reserved.
