Privacy Policy

Privacy Policy

Commercial Trust Bank (“the Bank”) is committed to protecting the personal data of its clients, representatives, and associated individuals. This Privacy Policy explains how we collect, process, store, and safeguard personal information when establishing or maintaining a banking relationship, whether directly, via our website, or through other services. All processing is conducted in compliance with applicable legal and regulatory requirements.

1. Collection of Personal Data

In the course of banking relationships, the Bank may collect information about clients, legal representatives, managers, authorized persons, and other related individuals. This may include:

  • Identification and civil status details
  • Copies of official identification documents
  • Contact information
  • Professional and financial details
  • Data relating to authorized representatives

To meet legal obligations — such as anti-money laundering (AML), counter-terrorism financing (CTF), fraud prevention, risk management, and transaction monitoring — the Bank may also collect data on:

  • Individuals linked to the client
  • Beneficiaries, recipients, or intermediaries in transactions
  • Parties connected to client-related financial operations

Data may be obtained directly from clients when opening accounts, subscribing to products, performing transactions, or providing instructions, or indirectly from authorized third-party sources such as public databases, commercial registers, or other legally recognized sources.

2. Purposes of Processing

Personal data is collected and processed for clear and legitimate purposes, including:

2.1 Account and Product Management

  • Administering accounts, products, and banking services
  • Executing and recording transactions and orders
  • Fulfilling contractual obligations

2.2 Relationship Management and Marketing

  • Managing client relationships and improving customer service
  • Organizing events or providing information on products and services
  • Conducting statistical and behavioral analyses for internal purposes

2.3 Regulatory and Compliance Requirements

  • Verifying identity and legal capacity
  • Monitoring transactions and assessing operational risk
  • Preventing fraud, financial crime, and conflicts of interest
  • Complying with AML/CTF regulations and reporting obligations

The Bank may also record electronic communications—including calls, emails, and digital messages—for regulatory, security, and quality-assurance purposes.

3.  Sharing Data with Third Parties

3.1 Within the Commercial Trust Bank

Data may be shared internally to:

  • Manage banking relationships
  • Provide products and services
  • Execute transactions
  • Perform centralized accounting, reporting, and operational tasks

3.2 Service Providers and Subcontractors

The Bank may share data with trusted external providers supporting IT, document management, customer service, and other operations. All providers are contractually obligated to maintain strict confidentiality, security, and limited use of personal information.

In all cases, the Bank ensures appropriate technical, organizational, and physical safeguards to protect personal data.

4. International Data Transfers

Personal data may be transferred to countries outside the African Economic Area, which may have different data-protection laws. Transfers are conducted under:

  • Binding contractual frameworks compliant with the African Commission’s 2011 standard contractual clauses
  • Authorization from national data-protection authorities, when required

Data may also be disclosed to official or regulatory authorities, inside or outside the African Economic Area, as required by AML/CTF laws or other legal obligations.

5. Security Measures

The Bank employs strong organizational, physical, and technical measures to:

  • Protect personal data from unauthorized access or destruction
  • Maintain confidentiality, integrity, and availability
  • Prevent alteration, loss, or unlawful disclosure

Security practices are continuously updated to comply with evolving laws and technology standards.

6. Rights of Individuals

Individuals whose data is processed by the Bank have the following rights under applicable law:

  • Access: Confirm whether data is processed and request a copy.
  • Rectification: Correct or update inaccurate or incomplete data.
  • Erasure: Request deletion of data where legally permissible.
  • Objection: Object to data processing on legitimate grounds (may affect services).
  • Restriction of Processing: Request limitations under specific legal conditions.
  • Marketing Refusal: Object to the use or sharing of information for commercial purposes.

These rights can be exercised by contacting your relationship manager or designated customer-service representative.