Privacy Policy of Nexus Centrier Bank

1. Introduction

This Privacy Policy describes how Nexus Centrier Bank ("Nexus Centrier Bank", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you use our banking services, visit our branches, access our websites, mobile applications, or contact our customer support. We are committed to safeguarding your privacy and handling your data in a transparent and lawful manner.

As a bank operating in England, we process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Nexus Centrier Bank is a banking institution established and operating in England. We act as a data controller in relation to the personal data we collect and process about you. This means we determine the purposes and means of the processing of your personal data.

Our main role is to provide banking, payment, savings, lending, and related financial services to individuals, businesses, and other entities. In providing these services, we operate as a financial Center for our customers, handling and protecting personal and financial information with great care.

3. Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Identification and Contact Details

• Full name, title, date of birth and place of birth
• Residential and correspondence address
• Email address and telephone numbers
• Nationality and, where required, tax residency information
• Identification documents (such as passport, driving licence, national ID) and identification numbers

3.2 Financial and Account Information

• Bank account numbers, sort codes, IBANs and card numbers (partially masked where appropriate)
• Account balances, transaction histories and payment details
• Loan, mortgage, savings, investment and credit product information
• Income, employment status and financial profile

3.3 Regulatory and Compliance Information

• Information required for Know Your Customer (KYC) and anti-money laundering (AML) checks
• Information about sanctions screening and politically exposed person (PEP) status
• Records and outcomes of compliance checks and risk assessments

3.4 Technical and Usage Data

• IP address, browser type and version, device identifiers, operating system and platform
• Login credentials, authentication data and security logs
• Usage data relating to our websites, online banking and mobile apps (pages visited, features used, time and date of access, session duration)

3.5 Communication Data

• Records of communications with us, including phone calls, emails, secure messages, and chat interactions
• Feedback, complaints, queries and survey responses

3.6 Special Categories of Data (Limited Circumstances) We generally do not seek to collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions or health data). However, in limited cases we may process such data where necessary and lawful, for example:

• Data you provide to support vulnerability assessments or payment relief
• Information required to comply with legal or regulatory obligations In such cases, we will rely on an appropriate legal basis and apply additional safeguards.

4. How We Collect Your Personal Data

We collect personal data from a variety of sources:

4.1 Directly From You

• When you open an account, apply for a product or service, or register for online or mobile banking
• When you complete forms, sign agreements, or update your details
• When you contact us by phone, email, post, in branch, or through our digital channels

4.2 Automatically

• Through your use of our online banking, mobile applications and websites (including cookies and similar technologies)
• Through our security and monitoring systems (for example, fraud and transaction monitoring)

4.3 From Third Parties

• Credit reference agencies and fraud prevention agencies
• Public registers and databases
• Other financial institutions, payment service providers and intermediaries involved in your transactions
• Employers or other entities that pay funds into your accounts
• Service providers and business partners that help us deliver our services

5. Legal Bases for Processing

We will only process your personal data where we have a lawful basis under data protection law. Depending on the context, we rely on one or more of the following legal bases:

5.1 Performance of a Contract To provide our banking and financial services, manage your accounts, process your transactions, and fulfil our contractual obligations to you.

5.2 Compliance With Legal or Regulatory Obligations To meet obligations under UK law and regulatory requirements, including those imposed by banking and financial regulators, tax authorities and law enforcement.

5.3 Legitimate Interests To pursue our legitimate business interests, provided they are not overridden by your rights and interests. These may include:

• Managing day-to-day banking operations
• Ensuring network and information security
• Preventing and detecting fraud and financial crime
• Developing and improving our services and systems
• Conducting analytics and internal reporting

5.4 Consent In certain cases, we may rely on your consent, for example for:

• Certain types of direct marketing communications
• Use of optional cookies or similar technologies not strictly necessary for service provision Where we rely on consent, you have the right to withdraw it at any time.

6. How We Use Your Personal Data

We may use your personal data for the following purposes:

6.1 Provision of Banking Services

• Opening, administering and closing accounts
• Processing deposits, withdrawals, payments, transfers and card transactions
• Issuing and managing cards, online banking and mobile banking access

6.2 Customer Support and Relationship Management

• Responding to your enquiries, requests and complaints
• Providing service notifications and important updates
• Managing your preferences, instructions and mandates

6.3 Risk Management, Security and Fraud Prevention

• Verifying your identity and authenticating access to services
• Monitoring transactions for suspicious activity
• Detecting, investigating and preventing fraud, money laundering and other financial crime

6.4 Compliance and Regulatory Reporting

• Conducting KYC, AML and sanctions screening
• Fulfilling reporting obligations to regulatory authorities and law enforcement
• Retaining records as required by law and regulations

6.5 Service Improvement and Analytics

• Analysing usage of our channels to improve functionality, security and user experience
• Developing and testing new products, services and features
• Conducting data analytics and internal reporting for business planning and risk analysis

6.6 Marketing and Communication (Where Permitted)

• Sending you information about our products and services that may be relevant to you
• Providing updates on features, promotions and events We will only send electronic marketing communications where permitted by law, and you may opt out at any time.

7. Cookies and Similar Technologies

When you access our websites or mobile applications, we may use cookies and similar technologies to:

• Enable essential site and app functions (for example, secure login and session management)
• Remember your preferences and improve user experience
• Analyse traffic and usage patterns to optimise our services

You can control or delete cookies through your browser or device settings. However, disabling certain cookies may affect the functionality of our online services.

8. How We Share Your Personal Data

We may share your personal data with carefully selected third parties, always on a need-to-know basis and subject to appropriate safeguards:

8.1 Within Nexus Centrier Bank

• With departments and personnel who need access to fulfil our contractual and legal obligations and to provide you with our services.

8.2 Service Providers and Professional Advisors

• IT and technology providers, cloud hosting providers, and payment processing providers
• Identity verification, credit reference and fraud prevention agencies
• Professional advisors such as auditors, lawyers and consultants

8.3 Other Financial Institutions and Intermediaries

• Banks, payment schemes, card networks and clearing houses involved in executing your transactions
• Correspondent banks and intermediaries when processing cross-border payments

8.4 Authorities and Regulators

• Regulatory bodies, law enforcement agencies, courts and government authorities where required by law or lawful request

8.5 Business Transfers In the event of a reorganisation, merger, acquisition or transfer of assets involving Nexus Centrier Bank, your personal data may be transferred as part of that transaction, subject to appropriate safeguards.

We do not sell your personal data.

9. International Transfers

Where we transfer personal data outside the UK, we will ensure that such transfers are made in compliance with data protection law, including by:

• Transferring to countries that have been deemed to provide an adequate level of protection; or
• Using appropriate safeguards such as standard contractual clauses or equivalent measures; or
• Relying on other lawful transfer mechanisms where applicable.

10. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, including to:

• Provide services and maintain our relationship with you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce agreements

Retention periods may vary depending on the type of data and our legal obligations, particularly in the banking and financial Center in which we operate. Typically, we are required to retain certain records for several years after our relationship with you ends.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

• Encryption and secure transmission of data
• Access controls and authentication mechanisms
• Network and infrastructure security controls
• Regular monitoring, testing and review of our security measures

While we strive to protect your data, no system is completely secure. You also play an important role in protecting your accounts by keeping your login details and authentication methods confidential.

12. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right of access: To obtain confirmation as to whether we process your personal data and, if so, to receive a copy and certain information about it.
• Right to rectification: To have inaccurate or incomplete personal data corrected.
• Right to erasure: To request deletion of your personal data in certain circumstances.
• Right to restriction: To request restriction of processing in certain circumstances.
• Right to data portability: To receive personal data you have provided in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible and legally permitted.
• Right to object: To object to processing based on our legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where we rely on your consent, to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, please contact us using the contact details provided in the "Contact Us" section below. We may need to verify your identity before responding to your request.

13. Children’s Privacy

Our services are generally not directed to children under the age at which they can lawfully enter into a banking contract in England without parental or guardian consent. Where we do process children’s data (for example, in relation to specific youth or junior accounts), we will do so in accordance with applicable laws and with appropriate safeguards.

14. Third-Party Websites and Services

Our websites and mobile applications may contain links to third-party websites, services or applications that are not operated by Nexus Centrier Bank. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We recommend that you review the privacy policies of any third-party services you use.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services. When we make material changes, we will take appropriate steps to inform you, such as by posting a prominent notice on our website or contacting you directly where reasonably possible.

The date of the latest revision will be indicated at the beginning or end of this Privacy Policy.

16. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our handling of your personal data, please contact Nexus Centrier Bank using the contact details made available on our official website or through your local branch.

We will respond to your query as promptly as reasonably possible and will work with you to address any concerns about how we handle your personal data.