February 4, 2015
This policy relates to the protection of data collected by Juntos Finanzas, Inc. (the “Company”) on behalf of the end users and clients of our customers, which include our banking customers (“Customers”). Data protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data held in both paper and electronic format. This document outlines the Company’s policy in respect of data protection. The law in the United States (the “Acts”) contain statutory obligations in relation to the collection, processing, and disclosure of personal and sensitive data. In addition, the Acts provide individuals with the right to access their personal data upon request, and to have incorrect personal data amended.
The objective of this policy is to affirm the Company’s commitment to protecting the privacy rights of individuals who are end users and clients of our Customers in accordance with the Acts. The definitions used in this policy are detailed in the appendix at the end of this document.
Data Protection Principles
The Company will perform its responsibilities in accordance with the Acts and the eight Data Protection Principles contained therein. These principles state that the Company, as a data controller, shall:
- Obtain and process information fairly
- Keep it only for one or more specified, explicit and lawful purposes
- Use and disclose it only in ways compatible with these purposes
- Keep it safe and secure
- Keep it accurate, complete and up to date
- Ensure it is adequate, relevant and not excessive
- Retain for no longer than is necessary
- Give a copy of personal data to the individual upon request
All policies and procedures in the Company shall be consistent with the eight Data Protection Principles and shall ensure that any data subject can exercise their rights under the Acts.
Collection and processing of data
The Company may collect, process or store personal data:
- to provide budget and planning services
- to improve the user experience of our Customers and clients of our Customers
- to perform market research for the purposes of advertising, marketing (both direct and distance marketing)
- to perform accounting and other record-keeping functions
- to comply with our legal obligations
Telephone calls may be recorded in order to confirm verbal instructions and for quality and training purposes. Personal data will be securely stored, in manual or electronic form, and in accordance with the Acts. In addition, data collected for a specific purpose, product or service may be stored in the Company with other information relating to an individual.
Disclosure of Information
The Company will not disclose an individual’s personal data outside the Company except:
- when requested by a Customer to review and hold the individual’s personal data because such individual is a client of the Customer
- when necessary, to our service providers, agents, regulatory bodies and auditors
- when the Company is required or permitted to do so by law
- to any persons who supply benefits or services to the individual, under or in connection with the Customer’s terms and conditions
- to fraud prevention agencies where required
Notification shall be given to you of any significant or material changes to the way in which data is collected, processed, stored or disclosed by the Company, where such changes are not covered by this policy. In the provision of any services that have been or may be requested from time to time, it may be necessary for some or all of an individual’s data to be transferred to other countries, including those outside of the United States of America. When data is transferred to another country, the Company will ensure that the country in which the recipient resides has similar Data Protection legislation to the Acts. In addition, the Company will ensure that the recipient of the data has systems and procedures in place to handle data securely and in a manner equivalent to those of the Company.
Sensitive Personal Data
Sensitive personal data shall only be held for the specific purpose for which it was obtained and only for the purposes of providing financial planning, budgeting a mortgage, credit, investment, savings product or other applicable banking or financial planning service.
The Company shall retain data in respect of data subjects for no longer than necessary.
Responsibility for ensuring compliance with the Acts rests with the Company, its employees and agents. All employees and contractors of the Company who separately collect, control or process personal data are individually responsible for compliance with the Acts. The Company’s Compliance Department coordinates the provision of support, assistance, advice and training within the Company.
Procedures and Guidelines
The Company is committed to ensuring individuals’ privacy and this is reflected in its training procedures that are in place for all employees of the Company to ensure high standards in relation to data protection are maintained.
Right of Access to Information
An individual has the right to access his/her personal data upon written request and payment of a small fee to the Company. In addition, the data subject also has the right to have any incorrect data held on file corrected. Requests to access or correct information should be forwarded to: The Compliance Department, firstname.lastname@example.org.
This Data Protection Policy shall be reviewed annually and in consideration of legislative or other developments, as appropriate. The Company reserves the right to amend this policy at any time by posting such changes to its website.
Data means individual facts, statistics, or items of information regarding an individual. Data can refer to automated data and manual data; Automated data means information that –(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose, or(b) is recorded with the intention that it should be processed by means of such equipment; Data controllers refers to those who, either alone or with others, control the contents and use of personal data. Manual data means information that is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system; Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller; Processing, of or in relation to information or data, means performing any operation or set of operations on the information or data, whether or not by automatic means, including – (a) obtaining, recording or keeping the information, or data(b) collecting, organizing, storing, altering or adapting the information or data,(c) retrieving, consulting or using the information or data,(d) disclosing the information or data by transmitting, disseminating or otherwise making it available, or(e) aligning, combining, blocking, erasing or destroying the information or data; Relevant filing system means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible; Sensitive personal data means personal data as to –(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject,(b) whether the data subject is a member of a trade-union,(c) the physical or mental health or condition or sexual life of the data subject, (d) the commission or alleged commission of any offense by the data subject, or (e) any proceedings for an offense committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.