Founded in 1963, The Cyprus Development Bank is one of the leading niche financial institutions in Cyprus, dedicated to satisfying the needs of domestic and international clients, by exceeding their expectations and delivering superior personal service.
The Cyprus Development Bank Public Company Limited (referred to as ‘we’, ‘us’, ‘our’, ‘cdbbank’ or the ‘Bank’) is committed to protecting your privacy and handling your personal data in an open and transparent manner. The personal data that we collect and process will vary depending on the product or service we provide to you.
This privacy statement:
For the purposes of this privacy statement:
cdbbank is a licensed credit institution registered in Cyprus under registration number HE1148 as a public limited liability company having its registered office and head offices at 50, Arch. Makarios III Avenue, P.O. Box 21415, CY-1508, Nicosia.
If you have any questions, comments and/or requests regarding this privacy statement or wish to obtain more details in relation to the personal information we process about you, please contact our Data Protection Officer at 50, Arch. Makarios III Avenue, CY-1508, Nicosia, Cyprus, P.O. Box 21415, or send us an email at email@example.com.
a. We obtain your personal data mainly through any information you provide directly to us in person or via your representatives/agents or through our website, either in the context of our business relationship or when you wish to contact us to raise a question. We may also collect your data through information provided by third parties or other entities within the Cyprus Development Bank Group (the “Group”). Below is a list of ways in which we collect your data. Personal data collected directly from you, including:
b. Personal data collected from other sources, including:
Where we need to collect personal data in order to provide you with the services you have asked us for or to process your instructions or to comply with our legal obligations and you fail to provide that data when requested, we may not be able to provide you with the services you have asked us for or carry out your instructions. In this case, we may have to cancel the engagement we have with you, but we will notify you if this is the case at the time.
We collect and process various categories of personal data at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more of our legitimate purposes as identified in this privacy statement. Personal data may include the following:
|Types of Personal Data||Examples of Personal Data|
Identity and Contact Details
Your name, where you live, how to contact you and how to verify your identity. For example telephone number, home address, work address, email address, date of birth, fax number, passport number and identity card number.
Details about your work, job title and function, nationality, education, marital status, social security number and tax status.
Your personal wealth, proof of income, assets and liabilities, financial position and credit and borrowing history.
Details about payments to and from your accounts with the Bank, expenditure and tax information and direct debit data.
Details about the products or services we provide you with.
Details about how you use our products and services, including your online activity behavior, based on your interaction with us and our websites and applications including any searches, site visits and spending patterns.
Details on the devices and technology you use including your Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information.
How and what methods we use in order to communicate with you through formal and verbal correspondence.
Open Data and Public Records
Details about you that are in public records and information about you that is openly available on the internet.
Physical Access Data
Visual images and personal appearance, including CCTV images.
Other data about how you use our products and services.
Any permissions, consents or preferences that you give to the Bank. This includes things like how you want the Bank to contact you, whether you get paper statements.
We may also process certain sensitive personal data for specific and limited purposes. Such data may include information about racial and/or ethnic origin.
We understand the importance of protecting children's privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under applicable law. We do not provide any online services to children but we may allow children, with their parents’ or legal guardian’s consent, to become subscribers of cdbbank’s e-Banking (the Bank’s online banking system) in order to view their account balances. For the purposes of this privacy statement, “children” are individuals who are under the age of eighteen (18).
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Most commonly, we will use your personal data for one or more of the following reasons:
a. For the performance of a contract
We may process your personal data where it is necessary in order to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
The purpose of processing personal data depends on the requirements for each product or service and the contract terms and conditions provide more details of the relevant purposes.
b. For compliance with a legal obligation
There is a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements including among others the Cyprus Banking law, the Prevention and Suppression of Money Laundering and Terrorist Financing Law, the Cyprus Investment Services Law, Tax laws, the Law on Deposit Guarantee and Resolution of Credit and Other Institutions Scheme and the Payment Services and Access to Payment System Law. There are also various supervisory authorities whose legislative instruments are binding on us including the European Central Bank, the European Banking Authority, the Central Bank of Cyprus and the Cyprus and Securities Exchange Commission. Such legal obligations require us to carry out certain data processing activities for credit checks, identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
c. For the purposes of safeguarding legitimate interests
In some cases, we may process personal data so as to safeguard and pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights are not overridden by our interests. For example, we may process your personal data in order to:
d. You have provided your consent
We will only ask for your consent when we wish to provide marketing information to you in relation to our products or services which we believe may be of interest and of benefit to you.
You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We will only process your sensitive personal data for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to customers. We will only process sensitive personal data when we have obtained your explicit consent or are otherwise lawfully permitted to do so.
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Bank but also to other companies of the Group. Various service providers and suppliers may also receive your personal data in order to assist us in carrying out our business obligations and meeting our business needs. Such service providers and suppliers enter into contractual agreements with the Bank by which they observe the confidentiality and data protection of the information we provide to them according to applicable data protection laws including the GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions which are relevant to them. Under the circumstances referred to above, recipients of personal data may be, for example:
If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third-party provider to provide you with account information or payment services, you are allowing that third party to access information relating to your account. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
The Bank will not share your information with third parties for their own marketing purposes without your consent.
The Bank will only send your personal data to a country outside the EEA (a “third country”):
If the Bank does send your personal data to a third country, the Bank will make sure that your personal data is protected in the same way as if it was being used in the EEA. The Bank will use one of these safeguards:
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. However, we may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you or where we are required by law to do so, in the following cases:
We may process your personal data so as to inform you about products, services and offers that may be of interest to you or your business.
The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products and/or services.
We can only use your personal data to promote our products and/or services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, by contacting your personal banker at any time or any branch of the Bank either in person or in writing or by clicking on the option to opt out of receiving marketing information in any future marketing communication.
Even if you inform us that you no longer wish to receive marketing material, you will still receive other important information from us from time to time, such as changes to your existing products or services.
We may ask you to confirm or update your choices, if you purchase any new products or services from us in the future. If you change your mind you can update your choices at any time by contacting your personal banker or any branch of the Bank either in person or in writing.
By providing you with products and/or services, we create records that contain your information, such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
We will keep your personal data for as long as we have a business relationship with you (as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner, signatory or officer). Once our business relationship with you has ended, we may keep your personal data for up to ten (10) years in accordance with guidance 1/2017 and 2/2017 of the Data Protection Commissioner (http://www.dataprotection.gov.cy). After the expiration of the ten (10) year retention period, the Bank will erase and/or destroy your personal data via secured procedures. Following the completion of the aforementioned secured procedures, the recovery of your personal data with technical and/or other means will not be possible. We may keep your data for longer than ten (10) years if we cannot delete it for legal, regulatory or technical reasons. For example, the Bank may keep your data for such longer periods as is necessary to preserve evidence for legal or other proceedings which have not yet come to a conclusion. If we do so, we will make sure that your privacy is protected and that your data are only used for those purposes.
For prospective customer personal data (or authorised representatives/agents or beneficial owners of a legal entity that is a prospective customer) we shall keep your personal data for six (6) months from the date of notification of the rejection of your application for banking services and/or facilities or from the date of withdrawal of such application, as per guidance 1/2017 and 2/2017 of the Data Protection Commissioner (http://www.dataprotection.gov.cy).
We want to make sure you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply further below.
You have the following rights in terms of your personal data we hold about you:
Please note that if you request us to delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing.
If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
Depending on the circumstances, we may need to restrict or cease processing your personal data altogether or, where requested, delete your personal information. Please note that if you object to us processing your personal data, we may have to suspend the operation of your account and/or products and services we provide to you.
Please note that if you request us to restrict processing your personal data, we may have to suspend the operation of your account and/or the products and services we provide to you.
If you have any other questions about our use of your personal data, please visit any branch of the Bank, or send a message through the Bank’s e-Banking service if you are a subscriber of e-Banking. To exercise any of your rights, you may download and complete form F024 E_ Data Subject Request Form (in English) or F024 G_Αιτηση Παροχης Πληροφοριων Υποκειμενου Δεδομενων (in Greek) and submit it to any branch of the Bank, or send it through the Bank’s e-Banking service if you are a subscriber of e-Banking.
You can also contact our Data Protection Officer at firstname.lastname@example.org
We will endeavour to address all of your requests promptly.
If you have exercised any or all of your data protection rights or otherwise feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by submitting a request to the email email@example.com.
You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).
This privacy statement sets out the information that the Bank must provide to you for the purposes of the GDPR which is applicable as of 25 of May 2018. Any information in relation to the processing of personal data that is included in any of the Bank’s existing circulars, manuals and associated forms on matters which are covered by this privacy statement are deemed to be superseded by the information in this notice.
We may modify or amend this privacy statement from time to time.
We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.
Our website uses small files known as cookies to make it work better in order to improve your experience.