1. INTRODUCTION

    This Privacy Notice explains how The Jamaica National Group Limited and its subsidiaries (“JN Group”) collect, use, and disclose your personal information, including the types of information we process and the reasons for which we process them. The personal information we collect from you depends on the nature of the services we provide and how we interact with you. This Notice may be supplemented by additional Privacy Notices relevant to the applicable subsidiary with which you do business.

    1. WHO WE ARE

    The JN Group consists of member companies which are set up as separate legal entities. These companies provide services including banking, insurance, investment management, money remittance, bill payment, information technology and fleet management. Based on our global presence, we are subject to the varying requirements of data protection legislation in the jurisdictions where we operate. Our aim is to be as consistent as possible as we obey all applicable laws and apply the highest standard of privacy laws to our approach.

    1. OUR DATA PROTECTION COMMITMENT

    The JN Group respects our customers, employees, and other stakeholders’ right to privacy and we commit to take great care to safeguard their personal data in our possession. We commit to adopt and observe appropriate data protection standards in compliance with the Data Protection Act, 2020, the General Data Protection Regulations (GDPR) and all other applicable Privacy laws and regulations in the territories in which we operate. Part of our commitment to data protection compliance is our sustained commitment to deploy stringent security measures to protect the personal data entrusted to us.

    The JN Group cares about and values data privacy!

    1. THE TYPES OF INFORMATION WE COLLECT

    We collect various types of information that may identify you as an individual (“personal information”). The personal information that we collect varies depending on the subsidiary providing the service as well as the nature of the service. We collect sensitive personal information (such as health information) only where this is relevant to the service being provided to you.

    The information we collect from you may include the following:

    1. Personal Identifiers: For example: name, driver’s license number, passport number, photo ID, TRN, SSN, NIS
    2. Contact Details: For example: email address, telephone numbers, residential address, mailing address
    3. Employment Information: For example: employment status, employer name and address, nature of self-employment, type of business, salary and benefits, employment history  
    4. Demographic Details: For example: date of birth, gender, age, nationality, marital status
    5.  Financial Information: For example: credit report, credit card statement, bank statement, income, expenses)       
    6. Insurance/Driving History: For example: driver’s license details, existing and previous insurance policy details, previous accidents, claims history, motor vehicle details, motor convictions, lien information
    7. Payment Information: For example: credit or debit card details, bank account information
    8. Background Check Information: For example: sanction list checks
    9. Account Login Credentials: For example: username and password
    10. Health Information:: For example: medical history, health status and outcomes of medical reports     
    11. Beneficiary Information: For example: beneficiary name, relationship
    12. Employee Information: For example: employment history, dependent information, emergency contact
    13. Online Details: For example: IP address, operating system, and browser type, when you visit our sites or use our online services.

     

    1. HOW WE GET YOUR PERSONAL INFORMATION
    1. Most of the personal information we process is provided to us directly by you when you:
    • Request information about our products and services.
    • Apply for a product or service from us.
    • Speak to us on the phone or in one of our locations (this includes recorded calls and the notes we make).
    • Supply us with information in the normal course of our providing a product or service to you, for example, when you submit an insurance claim.
    • Send us correspondences (such as letters and emails).
    • Participate in customer surveys.
    • Register or apply for benefits under our rewards program.
    • Apply for and maintain employment within the JN Group.
    • Attend an event hosted by us or take part in our competitions or promotions.

     

    1. We also receive personal information indirectly, from the following sources:

     

    Information we Collect Automatically

    • We may collect certain types of information about you automatically when you use our services, visit our websites, or communicate with us online or through email exchanges. We may collect this information through the use of “cookies” to gather statistical data about your browsing actions and patterns from the devices that you use (such as computers and mobile phones) to connect to our website, e-commerce and mobile banking services. We may also collect information about your computer for system administration and to report aggregate information to our advertisers. Further information about our use of cookies can be found in our Cookie Notice below.
    • We may also collect information through recorded calls made to/from us, to facilitate our organizational needs such as, improving the quality of the service we provide to you.
    • We have Closed Circuit Television Systems (CCTV) throughout our locations to ensure the security and safety of our staff, customers, and other visitors, whilst within or situated on the premises of the JN Group.

     

    Information Collected from Third Parties

    We may collect personal information about you from third parties, such as credit reporting agencies, government bodies, insurers, medical professionals, claimants, insurance professionals such as investigators or loss adjusters and recruitment agencies.

    1. HOW WE USE YOUR PERSONAL INFORMATION

    We will use the information we collect about you, in connection with the following:

    1. To offer, administer and manage the products and services we provide to you, including opening, updating, and maintaining your account and providing customer/member care services.
    2. To carry out “Know Your Customer” due diligence checks including data validation, sanction checks, credit reference checks and other customer acceptance, vetting and risk management checks.
    3. To manage customer transactions including processing payments, fees, charges, and interest due, and to manage accounts receivables and payables.
    4. To administer, investigate and settle claims or complaints in relation to the services that we provide.
    5. To facilitate the prevention, detection, investigation and reporting of crime and the apprehension or prosecution of offenders.
    6. To ensure adherence to internal controls and external regulatory requirements.
    7. To enforce our contracts and recover any outstanding debt in connection with the services we provide.
    8. To fulfil our legal and regulatory obligations.
    9. To carry out “Know Your Employee” due diligence checks including to process applications for employment and inform recruitment decisions about appointments and new hires.
    10. To provide employment and post-employment benefits and carry out our obligations in respect of same.
    11. To respond to your requests, inquiries, comments, and concerns.
    12. To manage how we work with other companies that provide services to us and our customers.
    13. To execute and facilitate property transfers for and on behalf of our customers
    14. To analyze trends, perform benchmarking, modelling, market research and data analysis associated with the development of new and existing processes, products, and services and to determine the effectiveness of our promotional campaigns.
    15. For research, audit, reporting and other business operations purposes, including evaluating business performance.
    16. To tell you about products and services that may be of interest to you including sending newsletters, promotional material, and other communications.
    17. To transfer books of business in the event of a sale or reorganization, including the planning and due diligence processes both prior to and after closure of the transaction.

     

    1. WHEN WE SHARE YOUR PERSONAL INFORMATION

    We do not rent or sell your information to anyone and will only share your information in circumstances where we are legally permitted to do so. We may share your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you:

        1. Within the JN Group

    We may share your personal information with other entities or departments within the JN Group for the processing purposes outlined in this Notice.

        1. Third Party Suppliers

    We may share your information where we outsource our processing operations to suppliers that process personal information on our behalf. These processing operations will be guided by contract which includes requiring that your personal information be kept confidential and processed in accordance with data protection principles.

        1. Law Enforcement Bodies

    We may share your information where necessary to facilitate the prevention or detection of a crime or the apprehension or prosecution of offenders.

        1. Public Authorities and Regulators

    We may share your information where necessary for us to comply with our legal and regulatory obligations.

        1. External Auditors

    We may share your information with external auditors where necessary for the conduct of company audits.

        1. Credit and Other Risk Management Agencies

    We may share your personal information with credit reference, background check, fraud prevention, data validation and other professional advisory agencies where necessary to prevent and detect fraud, during our recruitment process and to assess the risk in relation to the products and services that we offer.

        1. Legal Advisers, Loss Adjusters and Claims Investigators

    We may share your information where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature.

        1. Successors of the Business

    We may share your personal information with any person to whom we transfer or may transfer all or any part of our business or assets, from whom we acquire any business or assets or who acquires substantially all the assets of the JN Group.

    If a JN Group company receives your personal information and subsequently shares that information with a third party, JN Group remains committed to ensuring that such third party processes your personal information to the standards required to comply with the Data Protection Act and/or any other applicable privacy laws.

     

    1. OUR LAWFUL BASIS FOR PROCESSING YOUR INFORMATION

    We rely on the following lawful basis for processing your information:

    Performance of a contract to which you are a party

    We process your personal information where necessary to enable us to open accounts, maintain account details, perform administrative tasks, and provide services to fulfil our obligations in the contract with you.

    Compliance with a legal obligation or duty

    We are required by law to collect and process certain personal information about you, when you apply for a product or service, and on an ongoing basis. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account or provide services to you.

    For the purposes of our legitimate interests or that of a third party

    The collection and use of some aspects of your personal information is necessary to enable us to pursue our legitimate commercial interests. For example, we have legitimate interests in:

        • preventing fraud.
        • ensuring network and information security of our systems.
        • operating our business and managing and developing our relationships with you.
        • intra-group administrative transfers.
        • understanding how you use our products, services and websites and effecting improvements.
        • providing you with the most appropriate products and services.

    Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure that the processing does not infringe on the rights and freedoms granted to you under the applicable data privacy laws.

    Consent

    Your personal information may be processed based on your request or agreement. Consent is received at that point to provide these services, and therefore, process your information. For example, putting a standing order in place on your account or adding a vehicle to your motor insurance policy.

    Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to provide information that we reasonably require to provide a service, we may be unable to offer you that service and/or we may terminate the service provided. Where you choose to receive the services from us, you agree to the collection and use of your personal information in the way we describe in this Notice.

        1. INTERNATIONAL TRANSFER OF YOUR INFORMATION

    We will only send your data outside of Jamaica or outside of the European Economic Area or any other area within which we operate for the purposes outlined in this Notice. In particular, we may make such transfers to offer, administer and manage the services provided to you, to improve the efficiency of our business operations, in keeping with your directives and to comply with a legal duty to do so. These countries may not have similar data protection laws to those in your country of residence, however, we will always protect your information on the basis that anyone to whom we pass the information protects it in the same way we would and in accordance with this Notice and applicable laws.

    All international transfers outside the EU are protected by EU-based model contract clauses, where there are terms approved by the EU commission. Where necessary, we may implement additional technical, organizational, or contractual measures to ensure an adequate level of protection for your personal information.

        1. ACCURACY OF YOUR INFORMATION

    We rely on the availability of accurate personal information to provide the services to you and operate our business. You should therefore notify us of any changes to your personal information, such as changes concerning your contact details or any other information that may affect the proper management and administration of the services we provide to you.

        1. RETENTION OF YOUR INFORMATION

    We retain appropriate records of your personal information to operate our business and comply with our legal and regulatory obligations. These records are retained for predefined retention periods that may extend beyond the period for which we provide the services to you. Retention periods are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements. In most cases we will retain your personal information for no longer than is required under the applicable laws.

    We normally keep customer account records for up to seven years after your relationship ends, then the information is securely destroyed. We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory, or technical reasons, or as necessary to resolve disputes, and enforce our agreements. For example, we must hold pension transfer information indefinitely, and, if you receive insurance cover through us, we may keep insurance claims data for up to fifteen years after you stop being a customer.

        1. INFORMATION SECURITY

    The security of your personal information is important to us, and we have implemented appropriate security measures to protect the confidentiality, integrity, and availability of the personal information we collect about you and ensure that such information is processed in accordance with applicable data privacy laws.

    Some technical and organisational measures used to protect your personal information includes firewalls, anti-virus protections, patches, encryption, software updates, written policies and procedures which are regularly audited, and the audits reviewed at senior level, limiting access to your personal information to those who need it to do their jobs and using CCTV as a deterrent to protect our staff, customers, equipment and your personal data.

        1. YOUR RIGHTS IN RELATION TO PERSONAL DATA

    You have the following rights under applicable data privacy laws in respect of any personal information we collect and use about you:

    Your Rights What They Mean
    The right to access your personal data You have the right to be informed whether, and to what extent, we process your data. Subject to certain exceptions, you have the right to obtain a confirmation as to whether we process your personal data, and if we do, request access to your data.
    The right to consent to processing You have the right to consent to the processing of your personal data. If your personal data is processed based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
    The right to prevent processing You have the right to object to the processing of your personal data in certain situations.
    Rights in relation to automated decision making You have the right to object to decisions based exclusively on the automated processing of your personal data.
    The right to rectification If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.

    It is important to note, however, that some of the rights described above can only be exercised in certain circumstances. If we are unable to fulfil a request from you to exercise one of your rights under applicable data privacy laws, we will write to you to explain the reason for refusal.

        1. HOW TO EXERCISE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

    You may exercise any of the rights available to you by contacting us using the information found in the “How to Contact Us” section of this Notice. We will examine your request and respond to you as quickly as possible and in accordance with the relevant law.

        1. USE OF AUTOMATED DECISION-MAKING

    Where you apply to receive a service from us, we may carry out an automated assessment to determine whether you are eligible to receive the service. This helps us to make sure our decisions are quick, fair, efficient, and correct based on what we know. An automated assessment is an assessment carried out automatically using technological means (e.g. computer systems) and excludes any human influence on the outcome. This assessment will analyze your personal information and may include activities such as pricing, fraud detection, account opening and credit provision.

    Automated decisions can affect the products, services or features we may offer you now or in the future. Where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us.

        1. MARKETING

    Unless you have told us that you do not want to hear from us, we will send you relevant marketing information by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you, or you no longer wish to receive this information, you can have your information removed by clicking the unsubscribe link at the bottom of each email communication or by contacting us. For the contact information, please look at the “Contact Us” section of this notice.

    We may still send you non-promotional communications, for instance, administration related emails concerning your account.

        1. USE OF COOKIES AND OTHER TECHNOLOGY

    We use cookies and other internet tracking software to collect data while you are using our websites or mobile apps. Cookies allow us to store information about the computer device you use to access our website so that you can conduct business with us easily. They allow us to recognize when you revisit our websites and to evaluate our websites’ advertising and promotional effectiveness. We use both our own (first party) and partner companies’ (third party) cookies to support this activity.

    We do not use Cookies to:

        • track your internet usage after leaving the website or
        • store personal information others may read and understand.

    Processing of personal data associated with the use of these cookies occurs based on our legitimate interests to administer the website. Our cookies are listed below:

    Cookie Name Retention Time Description
    _ga 2 years This is a Google Analytics cookie used to distinguish users.
    _gid 24 hours This is a Google Analytics cookie used to distinguish users and its main purpose is for performance of the site.
    _gat 1 minute This is a Google Analytics cookie used to throttle the request rate limiting the collection of data on high traffic sites.
    moove_gdpr_popup 1 year Stores your cookie consent state for the current domain.

     

    When you first visit our website, you will be given an opportunity to opt-in or opt-out of cookies. You can deactivate the non-technical cookies by not consenting to non-essential cookies.

    You may also set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookie preferences for the most common browsers can be found at:

    You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google analytics cookies and the associated data processing. You can find the opt-out browser add-on here https://tools.google.com/dlpage/gaoptout.

    You can find the Google privacy notice here Google Analytics privacy notice.

        1. LINKS TO OTHER WEBSITES / THIRD PARTY CONTENT

    For your convenience, hyperlinks may be posted on our website that link to other websites. We are not responsible for these sites, and this Notice does not apply to the privacy practices of any linked sites or of any companies that we do not own or control. Linked sites may collect information in addition to that which we collect on our website. We encourage you to seek out and read the privacy notice of each linked site that you visit to understand how the information that is collected about you is used and protected.

        1. HOW TO CONTACT US

    We are committed to the protection of your privacy rights and of your personal information. If you have any questions or require more details about how we use your personal information, you should contact us using the information below:

        1. Data Protection Office

    Shelly-Ann Walker
    JN Group Data Protection Officer
    c/o JN Group
    6A Oxford Road
    Kingston 5
    Jamaica

    Telephone: (876) 926-1344-9; Ext: 7347
    E-mail address: jngroupdpo@jngroup.com

        1. Contact Centre

    JAM: 876-926-1344-9

    CAN: 416-789-6675

    USA: 305-593-7967/954-535-5767

        1. Other

    WhatsApp us at 876-499-1605;

    Write to us at 2-4 Constant Spring Road, Kingston 10, Jamaica; or

    Email us at helpdesk@jngroup.com

        1. HOW TO COMPLAIN

    Please let us know if you are unhappy with how we have used your personal information.  You can contact us by visiting any of our locations where you will be assisted to lodge a formal complaint, or you can use our online complaint form on our website at https://www.jngroup.com/complaint-form.

    If you are not satisfied with the way that we have handled your complaint, you have the right to raise the matter with the relevant data protection regulator in your country.

    Information Commissioner’s Office – Jamaica

    The Masonic Building (2nd Floor)

    45-47 Barbados Avenue

    Kingston 5

    Jamaica

    Telephone (876) 920-4390

    Email address: info@oic.gov.jm

    Information Commissioner’s Office – UK
    Wycliffe House
    Water Lane
    Wilmslow, Cheshire

    SK9 5AF
    Helpline number: 0044 (0)303 123 1113

    Website: https://ico.org.uk/make-a-complaint/

        1. CHANGES TO THIS PRIVACY NOTICE

    JN Group reserves the right to reasonably amend this Notice from time to time to ensure that it accurately reflects the way that we collect and use personal information about you. You are encouraged to regularly review this Notice to ensure that you understand how we collect and use your personal information and to see any changes that may have occurred.

    This Privacy Notice was last updated on December 1, 2023.