Section 01
Our Commitment to Your Privacy
For Merivane International Private Bank Ltd. (hereinafter "Merivane International", "we", "us", or "the Bank"), protecting the personal data of our clients, employees, counterparties and suppliers is a matter of institutional principle — not merely regulatory compliance.
When you interact with Merivane International through our offices, correspondence, online banking platform, or any other channel, you consent to our collection and use of your information in accordance with the terms of this policy.
Regulatory Basis. Merivane International Private Bank Ltd. is licensed and regulated by the relevant financial supervisory authority in its jurisdiction of incorporation. This Privacy Policy is issued in compliance with applicable data protection legislation, prudential banking regulations, and international standards for the handling of personal data in private banking relationships.
We are committed to maintaining the confidentiality of personal information collected throughout all our business relationships — including after those relationships have concluded — in strict accordance with the legal framework governing personal data protection.
Section 02
Definitions
For the purposes of this Privacy Notice and Personal Data Processing Policy, the following terms shall have the meanings attributed to them below.
Data Subject / Client
Any natural person whose personal data is processed by Merivane International, including private banking clients, corporate principals, beneficial owners, and prospective clients.
Personal Data
Any information relating to an identified or identifiable natural person, including name, date of birth, address, identification numbers, financial information, and any other data that directly or indirectly identifies an individual.
Sensitive Data
Data pertaining to the private sphere of its owner, or whose misuse could give rise to discrimination or serious risk, including racial or ethnic origin, religious beliefs, health data, biometric data, sexual orientation, or genetic data.
Biometric Data
Personal data derived from specific technical processing of physical, physiological, or behavioural characteristics that allow the unique identification of a natural person.
Data Processing
Any operation performed on personal data, including collection, recording, storage, organisation, use, disclosure, transfer, or deletion.
Data Controller
Merivane International Private Bank Ltd., as the entity that determines the purposes and means of processing personal data.
Consent
A freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.
Data Processor
Any natural or legal person, public authority, or other body that processes personal data on behalf of Merivane International.
Correspondent Network
The global network of correspondent banks, custodians, payment processors and service providers through which Merivane International delivers its services.
Section 03
What Information We Collect
Merivane International collects only the information necessary to establish, maintain and service our banking relationships, comply with our regulatory obligations, and protect our clients and the institution.
- Identity Data: Full legal name, date of birth, nationality, government-issued identification numbers, passport details, and tax identification numbers.
- Contact Data: Residential and correspondence addresses, email addresses, telephone numbers, and preferred communication channels.
- Financial Data: Bank account details, source of wealth and funds declarations, investment profiles, transaction history, and credit information.
- KYC & Compliance Data: Politically Exposed Person (PEP) status, sanctions screening results, beneficial ownership declarations, and due diligence documentation.
- Biometric Data: Where required for identity verification at our offices or via secure digital onboarding, facial recognition or fingerprint data may be collected exclusively for authentication purposes.
- Technical Data: IP address, device identifiers, browser type, operating system, and online banking session data when you use our digital services.
- Communications Data: Records of correspondence, meeting notes, and instructions provided to us by telephone, email, or in person.
- Sensitive Data: Collected only where strictly necessary for the provision of services or where required by law, and subject to enhanced protections.
Section 04
How We Collect Your Information
- Directly from you: Information you provide when opening an account, completing application forms, corresponding with us, or using our online banking platform.
- Automated collection: When you use our online banking platform or digital services, we automatically collect technical and usage data to secure your session and improve performance.
- Third parties: Credit reference agencies, sanctions databases, KYC verification providers, correspondent banks, introducers, and publicly available sources, for the purposes of due diligence and compliance.
- Office security systems: CCTV cameras are operated at our offices and meeting rooms for the purposes of security, fraud prevention, and regulatory compliance. Footage is retained in accordance with applicable law.
- Cookies and tracking technologies: Our online banking platform and website use cookies to maintain session security and improve user experience. See Section 11 for our full Cookie Policy.
Merivane International will collect and process personal data only where there is a lawful basis to do so, including: the express consent of the data subject; the performance of a contract; compliance with a legal obligation; the legitimate interests of the Bank; or the protection of vital interests.
Section 05
How We Use Your Information
Your personal data is used exclusively for the following purposes, categorised by lawful basis:
Performance of Contract & Legal Obligation
- Opening, managing, and administering your banking accounts and facilities.
- Processing payment instructions, transfers, and foreign exchange transactions.
- Conducting Know Your Client (KYC), Anti-Money Laundering (AML), and sanctions screening as required by law.
- Evaluating creditworthiness and managing credit facilities.
- Providing investment management, custody, and advisory services.
- Sending legally required notices, statements, and disclosures.
- Complying with requests from regulatory authorities, courts, and law enforcement agencies.
Legitimate Interests
- Fraud prevention, risk management, and the security of our systems and clients.
- Internal audit, compliance monitoring, and management reporting.
- Improving the quality and security of our services.
- Maintaining records required for legal proceedings or regulatory investigations.
With Your Consent
- Sending personalised communications about products, services, or market insights that may be of interest to you.
- Sharing your information with affiliated entities within the Merivane Group for the purposes you authorise.
- Conducting client satisfaction surveys, research, or focus groups.
No data is sold. Merivane International does not sell, rent, or trade your personal data to any third party for their own commercial purposes under any circumstances.
Section 06
Sharing Your Personal Data
We may share your personal data with third parties only in the following circumstances, and only to the extent necessary for the stated purpose:
- Correspondent banks and payment networks: To process international payments and foreign exchange transactions on your behalf.
- Regulatory and supervisory authorities: Where disclosure is required by law, court order, or regulatory obligation, including tax reporting under FATCA, CRS, and applicable AML regulations.
- Professional advisors: Lawyers, accountants, auditors, and compliance consultants engaged by the Bank, subject to strict confidentiality obligations.
- KYC and compliance service providers: Third-party providers who assist us in identity verification, sanctions screening, and due diligence, acting as data processors on our behalf.
- Custodians and investment platforms: Where required to execute and settle investment transactions or maintain custody of assets on your behalf.
- Affiliated entities: Other entities within the Merivane Group, where necessary for the provision of services or as authorised by you, subject to equivalent data protection standards.
- Successors in title: In the event of a merger, acquisition, or transfer of our business, your data may be transferred to a successor entity subject to the protections of this policy.
All third parties with whom we share personal data are required to maintain confidentiality and to process data only for the specified purpose and in accordance with applicable data protection law. Cross-border data transfers are conducted under appropriate legal mechanisms including standard contractual clauses or equivalent safeguards.
Section 07
Your Consent
When you provide us with your personal information — whether in person, by correspondence, or through our digital channels — you consent to our collection and use of that information for the purposes described in this policy.
Consent may be given in writing, electronically, or verbally where a written record is maintained. All consents are recorded with a date stamp and reference for audit purposes.
Right to withdraw. You may withdraw consent at any time by contacting your relationship manager or our Data Protection Officer. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal, and does not apply where processing is required by law or contract.
Where the provision of personal data is a legal or contractual requirement — for example, for KYC or AML compliance — failure to provide the requested information may prevent Merivane International from establishing or continuing a banking relationship with you.
By engaging our services, you confirm that you are at least 18 years of age and that all personal data you provide is accurate and complete. You undertake to notify us promptly of any changes to your personal information.
Section 08
Your Rights as a Data Subject
As a data subject, you hold the following rights in relation to your personal data held by Merivane International. We are committed to honouring these rights within the timeframes specified below.
A
Access
You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data along with information about how it is used. Requests are fulfilled within 10 business days.
R
Rectification
You have the right to request correction of inaccurate, incomplete, or outdated personal data. We will action rectification requests within 5 business days.
C
Cancellation / Erasure
You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations. Fulfilled within 10 business days.
O
Objection
You have the right to object to the processing of your data on grounds of legitimate interest, or to withdraw consent where processing is consent-based. Fulfilled within 10 business days.
- Portability: Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.
- Restriction: You may request that we restrict the processing of your data in certain circumstances, for example while a rectification request is being assessed.
- Automated decision-making: You have the right not to be subject to a decision based solely on automated processing that produces significant legal effects, except where necessary for contract performance or required by law.
To exercise any of the above rights, please contact your relationship manager directly or submit a written request to our Data Protection Officer at the address set out in Section 13. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority.
Section 09
Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements.
- Client account data: Retained for a minimum of ten (10) years from the date of account closure or termination of the banking relationship, in accordance with anti-money laundering regulations.
- Transaction records: Retained for a minimum of seven (7) years from the date of the transaction.
- KYC and due diligence records: Retained for a minimum of five (5) years following the end of the business relationship.
- Marketing and consent records: Retained for the duration of your consent and for a reasonable period thereafter for audit purposes.
- CCTV footage: Retained for a maximum of ninety (90) days unless required for an active investigation or legal proceeding.
Upon expiry of applicable retention periods, personal data is securely destroyed or anonymised in accordance with our data disposal procedures.
Section 10
Security of Your Data
Merivane International implements appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
- All data transmitted via our online banking platform is encrypted using TLS 1.3 or equivalent industry-standard protocols.
- Access to personal data is restricted to employees and authorised personnel who require it to perform their professional responsibilities, and is governed by role-based access controls.
- Our systems undergo regular security audits, penetration testing, and vulnerability assessments by independent specialists.
- Electronic backups are performed regularly and stored in secure, geographically separated locations.
- All staff with access to personal data receive mandatory data protection training on an annual basis.
Data breach notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Merivane International will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
Section 11
Cookie Policy
Our website and online banking platform use cookies — small text files placed on your device — to maintain session security, remember your preferences, and improve performance. We do not use cookies for advertising or third-party tracking purposes.
- Strictly necessary cookies: Required for the operation of our online banking platform, including session authentication and security tokens. These cannot be disabled.
- Functional cookies: Remember your preferences, such as language and display settings, to improve your experience.
- Analytics cookies: Used internally to understand how our platform is used, so we can improve it. No data is shared with third-party analytics providers.
You may control or disable non-essential cookies through your browser settings. Disabling strictly necessary cookies will prevent access to the online banking platform.
Section 12
Changes to This Policy
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in law, regulation, our business practices, or the services we offer. The date of the most recent revision is displayed at the top of this document.
Where changes are material, we will notify you directly through your relationship manager, by written correspondence, or via your registered email address, with reasonable notice prior to the changes taking effect.
Your continued use of our services following notification of any changes constitutes acceptance of the updated policy. If you do not agree with any amendment, you may contact us to discuss the implications for your account relationship.