Private Clients
Wealth Solutions
Accounts & Cards
Markets
Discover Pro Banking
Tailored to Your Needs
Business Banking
Corporate Solutions
Treasury
International Banking
for Your Business
Platform for Business
Global
logo

Privacy Policy

BankPro Limited ("BankPro", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you provide to us. This Privacy Policy ("Policy") explains how we collect, use, store, and disclose your personal data, as well as your rights in relation to that data.

By using our services or accessing our website, you acknowledge that you have read and understood this Policy.

We may update this Policy from time to time. The most current version will always be available on our website, and where changes are material, we will communicate them to you.

  • 1. Who Are We

  • BankPro Limited is incorporated under the laws of the Commonwealth of The Bahamas. We are licensed and regulated by the Central Bank of The Bahamas and the Securities Commission of The Bahamas. BankPro provides banking and financial services in compliance with Bahamian laws, regulations, and the applicable regulatory framework.

  • 2. What kind of personal information do we collect and store?

  • We collect personal data from clients, prospective clients, and others in connection with our services, including:

    • Identification & contact details: Name, surname, date of birth, gender, contact information, tax ID number, identification documents.
    • Financial information: Income, wealth, assets, liabilities, account balances, trading statements, tax and financial statements.
    • Employment & professional details: Profession, employment, and employer information.
    • Trading & investment data: Knowledge, experience, risk tolerance, trading preferences, transaction history.
    • Technical & online information: IP address, device specifications, location data, website and app usage, and communication data.
    • Corporate clients: Company registration documents, shareholder, director, and officer information, and other information required by law or deemed necessary by BankPro.

    We are required by law to verify your identity when you are opening a new account or adding a new signatory to an existing account. Anti-Money Laundering (AML) laws require us to sight and record details of certain documents (i.e., photographic and non-photographic documents) to meet legal standards. Identification documentation, as required under AML legislation or other legislation relevant to the services we provide to you, includes:

    (a) Passport;
    (b) Driver's licence;
    (c) National identity card (if applicable);
    (d) Utility bills;
    (e) Trust deed (if applicable);
    (f) A credit check on the individual; or
    (g) Other information we consider necessary to our functions and activities.

    To comply with our strict legal and regulatory obligations, including Anti-Money Laundering (AML) legislation, we specifically collect and process biometric data (for identity verification) and conduct criminal record and background checks. This sensitive personal data is processed strictly under our legal obligation to prevent unlawful acts and money laundering.

    Sensitive Personal Data means personal data consisting of information on a data subject's (a) racial or ethnic origin; (b) political opinions; (c) religious beliefs or other beliefs of a similar nature; (d) trade union membership; (e) genetic data; (f) biometric data for the purpose of uniquely identifying a natural person; (g) sexual orientation or sexual life; (h) medical data; (i) financial record or financial position; (j) criminal record; (k) physical or mental health or physical or mental condition; or (l) proceedings for any offence committed or alleged to have been committed by the data subject and the disposal of such proceedings.

    We reserve the right to request any additional information we deem necessary in order to comply with our legal and regulatory requirements.

    We obtain personal data directly from you, through your use of our services, account applications, onboarding processes, and ongoing relationship management. We may also obtain information from third parties such as regulators, correspondent banks, service providers, screening databases, and publicly available sources, where permitted by law.

    We may record any communications, including electronic, by telephone, in person or otherwise, in relation to the services we provide to you and our relationship with you for regulatory, evidentiary, training, and security purposes. These recordings will be our sole property and may constitute evidence of the communications between us. Such communications may be recorded without the use of a warning tone or any other further notice. CCTV surveillance may be used in our offices for security and monitoring.

  • 3. Who may we disclose personal information to?

  • As part of using your personal information for the purposes set out above, we may disclose your information to:

    • Affiliate entities where such disclosure is necessary for the provision of services, operational support, risk management, compliance, or other legitimate business purposes;
    • third party apps providers when you use our apps, communication systems and trading platforms which are provided to us by third parties;
    • service providers and specialist advisers who have been contracted to provide us with services such as administrative, legal, IT, analytics and online marketing optimization, financial, regulatory, compliance, insurance, research or other services;
    • introducing brokers and affiliates with whom we have a mutual relationship;
    • Payment service providers and banks processing your transactions;
    • auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;
    • courts, tribunals and applicable regulatory authorities as agreed or authorised by law or our agreement with you;
    • government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;
    • any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions of Service or other relevant agreements;
    • anyone authorised by you.

    We endeavour to disclose only the minimum personal data that is required for these parties to perform their contractual obligations to us. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.

    Our website may contain links to third-party websites. Such websites are not governed by this Privacy Policy and are subject to their own privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

  • 4. Automated Decision-Making & Profiling

  • We may use automated decision-making and profiling, particularly to assess your risk tolerance, trading preferences, and to fulfill our Anti-Money Laundering (AML) and security monitoring obligations. You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal or similarly significant effects concerning you. You may request human intervention, express your point of view, or contest any such automated decision by contacting our DPO.

  • 5. When and how do we obtain your consent?

  • We process personal data based on one or more of the following lawful bases:

    • To perform our contractual obligations with you;
    • To comply with legal or regulatory requirements;
    • To pursue legitimate interests.

    If our use of your personal information does not fall under one of these Lawful Basis, we will require your consent. Such consent shall be freely given by you, and you have the right to withdraw your consent at any time by contacting us using the contact details set out in this Policy or by unsubscribing from email lists.

    You may receive marketing communications via phone, email, SMS, push notifications, or through your online account. You can opt out at any time via your online account portal or by contacting our DPO.

  • 6. Children and Vulnerable Persons

  • Our services are strictly intended for individuals who are at least 18 years of age. We do not knowingly collect personal data from anyone under the age of 18 without verifiable parental or guardian consent. If we discover that we have inadvertently collected personal data from a minor under 18 without proper authorisation, we will take immediate steps to delete that information.

  • 7. Safeguarding of personal data

  • We are committed to safeguarding your personal data. We implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. We have appointed a Data Protection Officer (DPO) to ensure compliance with this Policy.

    We require third-party organisations who handle or obtain personal information to acknowledge the confidentiality of this information, undertake to respect privacy rights, and comply with applicable data protection laws.

    Our data protection measures in place include the following:

    • Training employees to respect the confidentiality of customer information;
    • Requiring employees to use passwords and two-factor authentication to access systems;
    • Implementation of Chinese walls to ensure employees only access data necessary for their tasks;
    • Using encryption during data transmission and for client access codes;
    • Employing firewalls, intrusion detection systems, and virus scanning tools;
    • Using secure networks and encryption for electronic data transmission;
    • Practising a clean desk policy and secure storage for physical records;
    • Employing physical and electronic security such as access cards, cameras, and guards.

    In the unlikely event of a personal data breach that poses a high risk to your fundamental rights and freedoms, we will notify you and the Office of the Data Protection Commissioner without undue delay, and in any event within 72 hours, or as required by law.

  • 8. How do we store personal information and for how long?

  • BankPro takes the security and proper handling of your personal information seriously. We store personal data using a combination of secure electronic storage systems and, where necessary, physical records. Access to these records is strictly controlled and safeguarded to prevent unauthorized access, loss, alteration, or disclosure.

    We retain personal information only for as long as necessary to provide our services, meet our legal and regulatory obligations, and maintain proper records of our business relationship with you. When we determine that personal information is no longer needed, we will either remove identifying details or securely destroy the records. However, we may need to retain records for an extended period due to legal and regulatory obligations. We typically retain customer identification, transaction, and account records for a minimum of five (5) years after the end of the customer relationship or completion of a transaction, unless otherwise required by law.

    Personal data provided by you as a prospective client during account opening registration in case the registration was never completed or your account opening application was rejected, will be maintained for six (6) months unless there is a regulatory or other valid reason requiring us to keep it for a longer period of time.

    The personal data we collect from you may be transferred to and stored in countries outside The Bahamas, including by our affiliates, suppliers, or service providers, in accordance with applicable data protection laws and regulatory requirements. When we do so, we ensure your data receives an adequate level of protection by implementing relevant safeguards, in accordance with the Data Protection Act. These safeguards include obtaining your explicit consent, utilizing standard contractual clauses and ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data exists in any country where data may be transferred to and stored in.

  • 9. Your rights

  • Please note that these rights may not apply in all circumstances. Subject to applicable laws, you are entitled to:

    • Request access to your personal data (data subject access request);
    • Request correction of inaccurate or incomplete data;
    • Request erasure (subject to legal obligations);
    • Object to processing based on legitimate interests or direct marketing;
    • Request restriction to processing under certain conditions;
    • Request us to cease processing your personal data if such processing is causing unwarranted substantial damage or distress (Right to prevent data processing);
    • Receive your personal data in a portable format or request transfer to a third party (for automated data);
    • Withdraw consent at any time where we are relying on consent to process your personal data.

    To exercise your rights, contact our DPO at [email protected]. We may request identity verification before fulfilling your request.

    We aim to respond to valid requests for access or other data subject rights within 30 days of receiving a valid request, subject to applicable legal and regulatory requirements. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the receipt of your request, explain the reasons for the delay, and keep you updated.

    We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. In this case we will send you a fee request which you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your request in these circumstances.

  • 10. Contact Information

  • If you have any questions or concerns regarding this Privacy Policy or our handling of personal data, you may contact us at [email protected].

    If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of The Bahamas.

    Further information is available at: http://www.bahamas.gov.bs/dataprotection