OPM Security Corporation Bank Privacy Statement

04/07/2022

OPM Security Corporation Bank Public Company Limited (referred to as ‘we’, ‘us’, ‘our’, ‘OPM Security Corporation Bank’ or the ‘Bank’)
is committed to protecting your privacy and handling your data in an open and transparent manner. The personal
data that we collect, and process depends on the product or service requested and agreed in each case.

This privacy statement:

provides an overview of how the OPM Security Corporation Bank collects and processes your personal data and tells you about
your rights under the local data protection law and the General Data Protection Regulation (‘GDPR’),

is directed to natural persons who are either current or potential customers of the Bank, or have provided
or may potentially provide guarantees, indemnities or other securities to the Bank, or are authorised
representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or
potential customers of the Bank or which/who have provided or may potentially provide guarantees,
indemnities or other securities to the Bank,

is directed to natural persons who now have or who had a business relationship with the Bank in the past,

is directed to any other natural persons whose personal data has or may in the future be lawfully obtained
by the Bank in the normal course of its business,

contains information about when we share your personal data with other members of the OPM Security Corporation Bank Group
and other third parties (for example, our service providers or suppliers).

In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also
sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such
action as “processing” such personal data.

For the purposes of this statement, personal data shall mean any information relating to you which identifies or
may identify you and which includes, for example, your name, address, identification number.

1.      Who we are

OPM Security Corporation Bank is a licensed credit institution registered in Panama under registration number HE165 as a public
limited liability company having its registered office and head offices at Ave Samuel Lewis Edificio Omega, Floor 5 Obrarrio, Panama.

If you have any questions or want more details about how we use your personal information, you can contact your personal manager.

2.      Other entities of the OPM Security Corporation Bank Group

OPM Security Corporation Bank is part of the OPM Security Corporation Bank Group.  Each entity of the OPM Security Corporation Bank Group has its own
separate privacy statement. Such entities maintain their own websites that may be linked to our website. 
If you are interested in learning about how such entities process your personal data, please refer to their
corresponding privacy statements which may be found on their particular websites.

3.      What personal data we process and where we collect it from

We collect and process different types of personal data which we receive from data subjects in person or via
their representative or via our alternative channels of communication such as online bank or our website, in the
context of our business relationship.

We may also collect and process personal data which we lawfully obtain not only from you but from other entities
within the OPM Security Corporation Bank Group, or other third parties e.g. credit reference agencies such as public authorities, companies that introduce you to us, companies that process card payments such as JCC .

We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar
of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press,
media and the Internet) which we lawfully obtain and we are permitted to process.

If you are a prospective customer, or a non-customer counterparty in a transaction of a customer (e.g. account
or payment authorization (by SWIFT or not) and over-the-counter transactions) or prospective security
provider (e.g. a guarantor for a credit facility) or an authorised representative/agent or beneficial owner
of a legal entity or of a natural person which/who is a prospective customer or a prospective security
provider, the relevant personal data which we collect may include:

Name, address, contact details (telephone, email), identification data, basic payment account identification,
birth date, place of birth (city and country), marital status, employed/self-employed, if you hold/held a
prominent public function (for PEPs), FATCA / CRS info, authentication data [e.g. signature].

When we agree to provide products and services to you or another person (for example, a legal entity
for which you are the
authorized representative / agent or beneficial owner) then additional personal
data may be collected and processed which may include:

In the context of providing banking facilities

Current income and expenses, employment history, property ownership and personal debts, number of dependent
children, personal investments and investment income, life insurances (life insurance companies, policy numbers,
current surrender values, other banking relationship details, tax residence and tax ID, credit reference agency
data [e.g. Artemis, Worldcheck], residence or work permit in case of nationals, own and/or third party
security [e.g. if an existing personal guarantor], employment position [e.g. as per corporate certificates of
directors/shareholders].

For individuals who will be providing their personal guarantees, the Bank will request personal data disclosing
their economic and financial background and credit reference agency data [e.g. Artemis].

For the purpose of issuing letters of guarantee, the Bank may collect from third parties personal data  such
as the name, surname, ID or passport number, telephone number and address of the beneficiary which are provided
by the applicant  requesting the issuance of the letter of guarantee.

For payment services [applying also for online banking] either for ad hoc or for standing order/direct debit
set up [additional to the account opening data]

Personal data relative to the order data [e.g. payment and transfer orders] and personal data arising from the
performance of our contractual obligations.

Savings and deposits

Personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax
residency, tax identification number), financial info (e.g. expected annual credit/debit turnover, nature of
transactions, source of income, source of assets), information on any third-party beneficiaries.

Retail financing [including credit cards]

Nature and term of the employment relationship, other banking relationships, proof of tax return submissions,
statements and transaction history, purpose of financing, property documentation for house financing [e.g.
property description, property valuation reports, construction and municipal permits, land registry reports,
sale agreements].

Commercial financing [for self-employed individuals]

Data that will be collected and processed refer to business records, e.g. cash flows and balance sheets and
business management information as well as tax declarations, proof of tax return submissions, purpose of
financing, collateral information, property documentation [property description, Land Registry report,
property-valuation reports].

Investment and interest rate and currency products and services

Specific information which we may request includes: knowledge and experience with shares, funds and interest
rate/currency products (e.g. for MiFID services), investment strategy and scope, personal investment portfolio,
personal objectives.

Life and pension insurance, home and car insurance and health insurance

Specific information relative to existing/previous policies, such as policy numbers, products, premiums,
properties, claims and health data which are collected only following your explicit consent.

In the context of providing factoring services to customers of the Bank

The personal data of the individual debtor of a customer of the Bank whose debts and/or obligations to the
customer have been assigned and/or sold to the Bank, and in particular the economic and financial information of
the individual debtor.

4.      Children’s data

We understand the importance of protecting children’s privacy. We may collect personal data in relation to
children only provided that we have first obtained their parents’ or legal guardian’s consent or unless
otherwise permitted under law. We do not provide any online services to children but we may allow children, with
their parents’ or legal guardian’s consent, to become subscribers of 1bank (the Bank’s online banking system) in
order to view their account balances. For the purposes of this privacy statement, “children” are individuals who
are under the age of eighteen (18).

5.      Whether you have an obligation to provide us with your personal
data

In order to be in a position to proceed with a business relationship with you  or another person (for
example, a legal entity for which you are the authorized representative / agent or beneficial owner),  you
must provide your personal data to us which are necessary for the required commencement and execution of a
business relationship and the performance of our contractual obligations. We are furthermore obligated to
collect such personal data given the provisions of the money laundering law which require that we verify your
identity before we enter into a contract or a business relationship with you or another person. Depending on the
circumstances, you might have to provide us with your identity card/passport, your full name, place of birth
(city and country), and your residential address so that we may comply with our statutory obligation as
mentioned above.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or
continue our business relationship with you or another relevant person.

6.      Why we process your personal data and on what legal basis

As mentioned earlier we are committed to protecting your privacy and handling your data in an open and
transparent manner and as such we process your personal data in accordance with the GDPR and the local data
protection law for one or more of the following reasons:

A.     For the performance of a contract

We process personal data in order to perform banking transactions and offer financial services based on contracts
with our customers or others but also to be able to complete our acceptance procedure so as to enter into a
contract with prospective customers or others.

The purpose of processing personal data depends on the requirements for each product or service and the contract
terms and conditions provide more details of the relevant purposes.

B.      For compliance with a legal obligation

There are a number of legal obligations emanating from the relevant laws to which we are subject as well as
statutory requirements, e.g. the Panama banking law, the Prevention and Suppression of Money Laundering and

Terrorist Financing Law, the Panama Investment Services Law, the Panama Covered  Bond Law, tax laws such as
the Administrative Cooperation Law, Companies Law, Law on Deposit Guarantee and Resolution of Credit and Other
Institutions Scheme, Payments Law, the Encouragement of Long-Term Shareholder Engagement Law, Directive on
markets in Financial Instruments (MiFID), the Directive on payment services in the internal market (PSD), the
Directive on administrative cooperation in the field of taxation (DAC), the Directive  as regards
mandatory automatic exchange of information in the field of taxation in relation to reportable cross-border
arrangements (DAC6), the Regulation on prudential requirements for credit institutions and investment firms,
the EC Regulation on the application of international accounting standards.

There are also various supervisory authorities whose laws and regulations we are subject to e.g. the ropean Central Bank, the ropean Banking
Supervisory Authority, the Central OPM Security Corporation Bank, the Panama and Securities Exchange Commission which may issue
Directives or Guidelines such as the CBC Directive on Governance and Management Arrangements in Credit
Institutions, the CBC Directive for the prevention of money laundering and terrorist financing, the CBC
Directive on the implementation of ro-system Monetary Policy Framework, the CBC Guidelines on
Complaints-handling for the securities (ESMA) and banking (EBA) sectors, the CBC Directive on Arrears Management
, the CBC Directive on Credit Granting and Review Process, the EBA Guidelines on loan origination and
monitoring, the EBA Guidelines on management of non-performing and forborne exposures, the EBA Guidelines on
credit institutions’ credit risk management practices and accounting for expected credit losses etc.

Such obligations and requirements impose on us necessary personal data processing activities for, among others,
credit checks, identity verification, customer complaints handling, calculation of the Bank’s provisions,
determination of the Bank’s minimum regulatory capital, sharing data with payment service providers, compliance
with court orders, tax laws or other reporting obligations and anti-money laundering controls.

C.      For the purposes of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

Taking all steps necessary for the termination of accounts, recovery of debts and liquidation or enforcement of securities,

Initiating legal claims and preparing our defence in litigation procedures,

Maintaining an internal registry of legal actions filed against the Bank and/or any other entity within the OPM Security Corporation Bank Group.

Means and processes we undertake to provide for the Bank’s IT and system security, preventing data leakage, preventing potential crime and fraud, asset security, admittance controls and anti-trespassing measures,

Setting up CCTV systems, e.g. at ATMs, for the prevention of crime or fraud,

Measures to manage business such as the centralization of customer correspondence handling, and for further developing products and services,

Measures to determine whether the Bank’s quality standards are met and to initiate actions for the improvement of service e.g. performing customer satisfaction surveys,

Bank of OPM Security Corporation Bank Group risk management,

The transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons (including the Central Bank of Panama) of and/or charge and/or encumbrance over, any or all of the Bank’s benefits, rights, title or interest under any agreement between the customer and the Bank,

Taking photos of immovable property by valuators in the context of generating property valuations,

Identifying and assessing customers’ financial and customer behavior, to award benefits that may be associated with any card or other schemes of the Bank,

Utilisation of external investigative agents and/or other agencies for conducting further investigation for customers posing increasing money laundering/terrorist financing risk and where enhanced due diligence measures are deemed necessary,

Utilization of external expert consultants for conducting specialized investigations for internal audit purposes,

Processing of third parties’ personal data in the context of issuing letters of guarantees which relate to such third parties,  

Sharing specific information with the Bank’s regulatory authorities such as the Central Bank of Panama, the European Central Bank following their specific request,

Preparation of internal reports within the Bank in order to facilitate strategic, management, risk, operational and other decisions that need to be taken in order to evaluate, monitor and enhance the performance of the Bank in meeting its obligations and providing its services,

Outsourcing to third party service providers communication methods such as calls and/or posting to and email communications with customers on behalf of the Bank,

Voice recording of telephone communications (i) with customers/guarantors in arrears, for debt collection purposes, (ii) with existing and/or potential customers and/or other parties such as introducers, vendors etc for the purpose of evidencing instructions received by Wealth & Markets Division, monitoring and improving our services, quality control and performance of our systems, and (iii) with customers for the purpose of verifying their instructions received by the Bank,

Performing land registry searches in the context of restructuring non-performing loans,

Examining customers’ participation eligibility in various draws conducted by the various departments of the Bank such as the cards department etc,

Sharing your personal data with responsible government authorities with respect to various government schemes such as the Estia scheme,

Performing enhanced due diligence of existing customers where there is a suspicion that the client’s country of origin or residence is a country subject to sanctions,

Processing your personal data for marketing purposes with the use of specialized tools, which includes profiling,

Sharing your personal data, where such sharing is necessary for one or more of the following purposes:

(i)   the assessment of the Bank or of any part of the Bank’s assets, with respect to
a commercial transaction:

(A)    for the sale, by allotment or otherwise, by the Bank to a potential buyer,
of issued share capital of the Bank equalling at least one twentieth (1/20) of the total issued share capital of
the Bank (calculated immediately after the completion of the said sale),

(B)    for the sale (either by assignment or otherwise), by the Bank to a
potential buyer, of any part of the Bank’s assets (including credit facilities provided by the Bank),

(C)    for the Bank’s entry into an agreement whereby a third person (which for
the purposes of this bullet point will be referred to as the “Participant”) will undertake risk in credit
facilities that have been provided by the Bank,

(D)    for the encumbering by the Bank of any part of its assets in favour of a
third person (which for the purposes of this bullet point will be referred to as the “Counterparty”),

(ii)  the Bank’s awarding of works, services or activities to a collaborator of the Bank,
or the Bank’s purchasing or acquisition of products/services from a collaborator of the Bank,

(iii) the completion or the implementation of any of the transactions referred to in
sub-paragraphs (i) and (ii), above, on the proviso that the personal data is provided, communicated or disclosed
exclusively for the purposes of this bullet point to one or more of the following persons:

(A)    to a potential or actual buyer (of Bank shares or assets) or assignee (of
Bank assets) or Participant or Counterparty or collaborator of the Bank;

(B)    to the parent undertaking of any of the persons referred to in point (A)
of this subparagraph (iii),

(C)    to the subsidiary company of any of the persons referred to in point (A)
of this subparagraph (iii),

(D)    where any of the persons referred to in point (A) of this subparagraph (iii)
has a parent undertaking, to the subsidiary company of such parent undertaking,

(E)     to a person which provides facilities to any of the persons referred
to in point (A) of this subparagraph (iii) for the purposes of any of the transactions which are referred to in
subparagraphs (i) and (ii),

(F)     to an advisor or other collaborator or to any employee, officer,
agent, director, administrator or trustee of any of the persons referred to in point (A) of this subparagraph
(iii).

D.     You have provided your consent

Provided that you have given us your specific consent for processing (other than for the reasons set out
hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke
consent at any time. However, any processing of personal data prior to the receipt of your revocation will not
be affected.

7.      Who receives your personal data

In the course of the performance of our contractual and statutory obligations your personal data may be provided
to various departments within the Bank but also to other companies of the OPM Security Corporation Bank Group. Various service
providers and suppliers may also receive your personal data so that we may perform our obligations and provide
our services. Such service providers and suppliers enter into contractual agreements with the Bank by which they
observe confidentiality and data protection according to the data protection law and GDPR.

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are
legally required to do so, or if we are authorized under our contractual and statutory obligations or if you
have given your consent. All data processors appointed by us to process personal data on our behalf are bound by
contract to comply with the GDPR provisions.

Under the circumstances referred to above, recipients of personal data may be, for example:

Supervisory and other regulatory and public authorities, inasmuch as a statutory obligation exists. Some
examples are the Central OPM Security Corporation Bank, the ropean Central Bank, the Panama Securities Exchange
Commission, the income tax authorities, criminal prosecution authorities,

Your co-account holders or other parties to whom you otherwise grant access to your accounts,

Credit and financial institutions such as correspondent banks and the ropean Investment Fund,

Share and stock investment and management companies,

Valuators and surveyors (e.g. taking photos of immovable property in the context of generating property
valuations at different stages such as at the application stage for a loan for which the specific property
is offered as security, for revaluation purposes, e.g. in the context of enforcing the security or selling
or transferring the property),

Non-performing loan management companies,

Debt collection agencies including law firms,

For our anti-money laundering process, such as credit reference agencies, commercial and credit information
companies such as Infocredit Group,

Artemis Bank Information Systems Limited,

External legal consultants,

Financial and business advisors,

Accountants,

Internal and external auditors for executing audit functions,

Marketing companies and market research companies including companies which assist us in performing customer
satisfaction surveys,

Companies which help us to provide you with debit, credit, pre-paid or charge cards such as Visa and
Mastercard

Card payment processing companies, such as JCC Payment Systems Ltd,

Fraud prevention agencies,

File storage companies, archiving and/or records management companies, cloud storage companies,

Companies which assist us with the effective provision of our services to you by offering technological
expertise, solutions and support and facilitating payments,

External investigative agents and/or other agencies to which further investigation is entrusted to be
conducted in respect to customers posing increased money laundering/terrorist financing risk and where
enhanced due diligence measures are deemed necessary,

External expert consultants whose assistance is required with respect to specialised investigations
conducted for internal audit purposes,

Purchasing and procurement and website and advertising agencies,

Rating agencies such as Moody’s or Fitch,

Call centers and/or other services providers which may assist us with large scale and urgent campaigns
and/or correspondence relating either to marketing or other obligations of the Bank,

Potential or actual purchasers and/or transferees and/or assignees and/or chargees (including the Central
OPM Security Corporation Bank) of any of the Bank’s benefits, rights, title or interest under any agreement between the
customer and the Bank, and their professional advisors, service providers, suppliers and financiers,

Any of the persons referred to in sub-paragraph (iii) of the last bullet point under the heading “C. For the
purposes of safeguarding legitimate interests”, above. 

Other entities of the Group for the purpose of updating/verifying your personal data in accordance with the
relevant anti-money laundering compliance framework provided that your prior consent has been obtained,

Cover Pool Monitors, e.g. external auditors, appointed by the Bank when issuing covered bonds, which perform
ongoing monitoring of the cover pool with regards to the requirements set out in the Panama Covered Bond
Law,

Relevant government authorities with respect to various government schemes such as the Estia scheme,

Various government platforms such as “Ariadni” or other companies such as NETinfoPAY Ltd for the purposes of
performing “Know Your Client” (KYC) verification checks provided that your prior consent has been obtained.

Insurance brokers such as Marsh Ireland Brokers Limited UK Branch, for the purpose of negotiating and
settling claims under an insurance programme which the Bank maintains with relevant insurers and reinsurers.

Land Registry with respect to searches requested for the purpose of restructuring non-performing loans.

Mellon Ltd for undertaking digital identity verification when using the 1bank mobile application of
the Bank.

Any company and/or its representative, whereby the Bank is acting as an intermediary, for the purpose of
providing information with respect to the companies’ shareholders identities.

8.      Transfer of your personal data to a third country or to an international organisation

Your personal data may be transferred to third countries [i.e. countries outside of the ropean Economic Area]
in such cases as e.g. to execute your payment or investment orders [e.g. to correspondent banks] or if this data
transfer is required by law [e.g. reporting obligation under Tax law] or you have given us your consent to do
so. Processors in third countries are obligated to comply with the ropean data protection standards and to
provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

9.      To what extent there is automated decision-making and whether profiling takes place

In establishing and carrying out a business relationship, we generally do not use any automated decision-making.
We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling),
in order to enter into or perform a contract with you or another person (for example, a legal entity for which
you are the authorized representative / agent or beneficial owner), in the following cases:

Data assessments (including payment transactions) are carried out in the context of combating money
laundering and fraud. An account may be detected as being used in a way that is unusual. These measures may
also serve to protect, say, a customer of the Bank.

Credit scoring, credit behaviour and heavy borrower evaluation are used as part of assessing a person’s
creditworthiness and repayment ability. These calculate whether, say, a customer of the Bank meets or will
meet its payment obligations pursuant to a contract. This helps us make responsible lending decisions that
are fair and informed.

Profiling with the help of specialized tools whereby your personal data such as contact details, products
and services portfolio information, transaction pattern and behaviour (including spending habits), financial
background and demographic data (including family status) is processed for the purpose of developing and
creating specialized products and services.

In the rare instances that we process your personal data by solely automated means (including profiling), we
shall only process your data for such purpose if we have your explicit consent to do so. For example, a solely
automated decision may be taken in the case where we automatically process online credit applications you may
submit to us.

10.   How we treat your personal data for marketing activities and whether profiling is used for such activities

We may process your personal data to tell you about products, services and offers that may be of interest to you
or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect
and/or infer when you use our services, such as information on your transactions. We study all such information
to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we
process your data automatically with the aim of evaluating certain personal aspects in order to provide you with
targeted marketing information on products. An example of such profiling is the use of MoneyFit, a smart
management tool of your finances which is offered by the Bank through the 1bank mobile application upon
obtaining your prior express consent. Other examples of where profiling is used is where with the help of
specialized tools we utilize personal information such as contact details, products and services portfolio
information, transaction pattern and behaviour (including spending habits), financial background and demographic
data (including family status), in order to direct our marketing of products and services to you having in mind
your specific circumstances.

We can only use your personal data to promote our products and services to you if we have your explicit consent
to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which
includes profiling, by contacting at any time your personal banker or any branch of the Bank either in person or
in writing.

11.   How long we keep your personal information for  

We will keep your personal data for as long as we have a business relationship with you or another person
(for example, a legal entity for which you are the authorized representative / agent or beneficial owner) in
relation to which we have obtained your personal data.

Once our business relationship with you or that other relevant person has ended, we may keep your data for up to
ten (10) years in accordance with the directive of the Data Protection Commissioner . 

We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.

For prospective business relationships with you or another person in relation to which we may obtain your
personal data we shall keep your personal data for 6 months from the date of notification of the rejection of
your or that other person’s application for banking services and/or facilities or from the date of withdrawal of
such application, as per Data Protection Commissioner directive.

12.   Your data protection rights

You have the following rights in terms of your personal data we hold about you:

Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we
hold about you and to check that we are lawfully processing it. In order to receive such a copy you can
complete our web form through the Bank’s website .

Request correction [rectification] of the personal data we hold about you. This enables
you to have any incomplete or inaccurate data we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to erase your
personal data [known as the ‘right to be forgotten’] where there is no good reason for us to continue to
process it.

Object to processing of your personal data where we are relying on a legitimate interest and there is
something about your particular situation which makes you want to object to processing on this ground. If
you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling
legitimate grounds for the processing which override your interests, rights and freedoms.

You also have the right to object where we are processing your personal data, for direct marketing purposes. This
also includes profiling inasmuch as it is related to direct marketing.

If you object to processing for direct marketing purposes, then we shall stop the processing of your personal
data for such purposes.

Request the restriction of processing of your personal data. This enables you to ask us to restrict
the processing of your personal data, i.e. use it only for certain things, if:

it is not accurate,

it has been used unlawfully but you do not wish for us to delete it,

it is not relevant any more, but you want us to keep it for use in possible legal claims,

you have already asked us to stop using your personal data, but you are waiting us to confirm if we have
legitimate grounds to use your data.

Request to receive a copy of the personal data concerning you in a format that is structured and
commonly used and transmit such data to other organisations. You also have the right to have your personal
data transmitted directly by ourselves to other organisations you will name [known as the right to data
portability
].

Withdraw the consent that you gave us with regard to the processing of your personal data at any
time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent
before it was withdrawn or revoked by you.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please
contact your personal banker, or visit any branch of the Bank, or send a message through the 1bank service if
you are a subscriber of 1bank, or complete the web form through the Bank’s website .

You can also contact our Data Protection Officer at [email protected].

We endeavour to address all of your requests promptly.

Right to lodge a complaint

If you have exercised any or all of your data protection rights and still feel that your concerns about how we
use your personal data have not been adequately addressed by us, you have the right to complain by completing
our on line contact form . You
also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out
on their website how to submit a complaint.

13.   Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

We will reasonably endeavor to notify you appropriately when we make changes to this privacy statement and we
will amend the revision date at the bottom of this page. We do however encourage you to review this statement
periodically so as to always be informed about how we are processing and protecting your personal
information.

14.   Frequently asked questions

To help you understand the basic principles of data privacy law and address some of the common questions that
arise with regard to the protection of your personal data, please refer to the Frequently Asked Questions
available on the Bank’s website (www.provincebank.com) and at any branch of the Bank.

15.      Cookies

Our website use small files known as cookies to make it work better in order to improve your experience. To
find out more about how we use cookies please see our.

 

838 86 11

+507 838 86 11 from abroad
Monday to Friday: 24/7
Saturday and Sunday: closed

Find your nearest Branch

Or use one of our ATMs for your everyday transactions

Your personal Banker

can get in touch with you to discuss everything you need to know about our products