General Data Protection Regulation (GDPR) Policy
The Medici Bank ("the bank) General Data Protection Regulation Policy intends to inform you about what a Puerto Rico registered and regulated International Financial Entity, does with your personal information. MBI respects your privacy and is committed to protecting your personal information therefore, it is important that you read this privacy notice together with any other notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your data.
The way we treat your personal information is regulated under the General Data Protection Regulation ((EU) 2016/679) or “GDPR”, which applies across the European Economic Area (“EEA”). This regulation also applies to companies outside of the EEA that provide their services to clients within the EEA. We collect personal information about you when you access our website, open an account through online banking, and contact us. We collect this personal information from you either directly, or indirectly, such as through your browsing activity while on our website (see our Online Security Disclosure).
We may collect, use, store and transfer different kinds of personally identifying information about you which we have grouped together follows:
Personally Identifiable Information:
- Where you fill in a contact form, which includes your name, your email address, and any personal information provided by you in your message to us, via a support ticket or through the account opening process. You may also correspond with us by email, phone and provide identifying information in that manner.
- Technical data: This includes your internet protocol (IP) address, your time zone setting and location, and may include other technology on the devices you use to access the Website. This data is collected by using cookies.
PERSONAL INFORMATION USAGE
We will only use your personal information when the law allows us to. Typically, we will use your
personal information in the following instances:
- When we need to perform everyday operations such as process your transactions, maintain your account(s), or to provide services. We also may provide data to our affiliates exclusively for the use of processing your everyday transactions
- Where we need to comply with a legal or regulatory obligation such as responding to court order and legal investigations.
COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable cookies, some parts of this website may not work as intended.
DATA USAGE CHANGE
Generally, data you have provides will be used for the reasons it was initially intended during its collection. If we need to use your personal information for reasons other than its intended purpose, we will inform you and provide justification.
THIRD PARTY ACCESS TO YOUR INFORMATION
We ensure that any third-party service providers we use are required to take appropriate security measures to protect your personal information in line with our policies and we only permit them to process your personal information for specified purposes and in accordance with our instructions. We will not share any of the information you provide to us with any third parties for marketing purposes.
TRANSFER OF YOUR PERSONAL INFORMATION OUT OF THE EEA
You agree to transfer your data outside of the EEA considering that Medici Bank International is in a region outside of the EEA. Your submission of your personal information during the account application confirms that you agree of your information being sent to us. You also agree that The Bank may send your personal information to third party sources for the purpose of daily operations, maintaining your account, validation or verification purpose amongst others needed by the bank to properly operate your account despite the third parties’ location.
DATA RETENTION
We will retain your personal information for a minimum of five (5) years to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements as per state or federal United States of America regulations. Data which is collected upon voluntary submission from the client such as through a contact form, phone conversation or support ticket will also be retained but the information will not be used for any marketing purpose, not will it be distributed.
DATA SECURITY
The bank has put in place security measures to prevent your personal information from being accidentally lost, used, or accessed unlawfully, altered, or disclosed. Additionally, we limit access to your personal information to those employees or other third parties who have a legitimate business need. They will only process your personal information on our instructions, and they are subject to confidentiality. In the event of a breach The Bank will follow the proper protocol as per regulatory requirement for disclosure whenever necessary.
PROCESSING IN LINE WITH YOUR RIGHTS UNDER THE GDPR
- By law you have certain rights under the following instances:
- Request access to your personal information (commonly known as a "data subject access
request"). - Request correction of the personal information that we hold about you.
- Request for your personal information to be erased This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party.
DATA PRIVACY MANAGEMENT
The Bank’s compliance team will oversee compliance with the GDPR Privacy Notice. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information or if you have any questions you may contact us at support@medici.bank or call us at 1.787.563.9290 between the hours of 9am-5pm EST