Data Privacy policy


In compliance with European General Data Protection Regulation, we, CSCBank SAL, CSCFinance SAL, CSC Overseas development limited, collectively known as “CSC group” inform you that we will process the Data you provide us for the following purposes and as per the following policy:

Personal Data

Personal data means any information relating to an identified or identifiable person (“Data Subject”). Identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, Identity Document (ID), a photograph, address, an e-mail, an identification number, location data, an online identifier – e.g. IP address, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Data We Collect

We collect and process your personal Data mainly to provide you with access to our services and products, and to help us improve same.
We may collect personal Data about you from different sources, including the following:
-Data Given to us directly or indirectly by yourself
-Data collected automatically when your use our website, internet Banking, Mobile Banking App and ATM''s
-Data collected from user publicly available sources

Scope of processing

CSC group will process personal data for the following purposes mainly:
-To be able to provide the product or services that you have applied for, in order to fulfil our agreement with you.
-To verify your identity and comply with applicable laws and regulations relating to the prevention of money laundering and terrorist financing, as well as to use fraudulent use of your funds.
-To provide you with statements and other data regarding those products and services.
-To process your transactions.
-For internal assessment and analysis ( including credit and behavior scoring, market, product analysis, risk , management, and in order to protect our legitimate interest)
-For the detection and the prevention of fraud, prevention of money laundering and other criminal report which CSC group is bound to report, including the carrying out of customer due diligence.
-For direct marketing, such as to inform you, by mail, telephone, e-mail or other electronic means, about other products or services supplied by CSCBank, its subsidiaries, associates, agents and by other carefully selected third parties.
-To safeguard our legal rights, such as in the case of enforcing our security, or recovering amounts owed to us by you or your co-debtors.

We may use your data to protect you in the following ways:
-We may record phone calls to confirm details of our conversations, for your protection, to train our staff, and to maintain the quality of our services.
-We use CCTV to record images in and around our premises to prevent and detect crime, as well as our ATM’s to fraud prevention or to comply with local laws.
-Before we provide any service, we will carry out anti-money laundering checks, which may include searches to confirm your identity.

Your data may be transferred to and stored in locations outside the European Economic Area, including countries that may not have the same level of protection of personal data. When we do this, we will make sure that such transfer is legal and submitted to GDPR laws. We may need to transfer your data in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and /or our legal interests.

Data We Share

Your personal data may be disclosed to or exchanged with all employees of the Bank and its subsidiaries, and their consultants, associates or agents. We do not share personal data with companies, organizations or individuals outside of CSC group unless one of the following circumstances applies:

-With your consent- we will share personal data with companies, organizations or individuals outside of the Bank when we have your consent to do so- we require opt-in consent for the sharing of any sensitive personal data.
-For external processing-we provide personal data to trusted businesses or persons to whom we may outsource certain functions from time to time, in order to provide you with the services you have requested, and in compliance with the GDPR requirements, our Privacy Policy and any other appropriate confidentiality and security measures.
-For legal reasons – we will share personal data with companies, organizations or individuals outside of the bank if we have a good – faith belief in the access, use, preservation or disclosure of the data is reasonably necessary to:

•Meet any applicable law, regulation, legal process or enforceable governmental request
•Enforce applicable terms of service, including investigation or potential violations
•Detect, prevent, or otherwise address fraud
•Protect against harm to the rights, property or safety of the group, our users or the public as required or permitted by law.

We may share non-personally identifiable data publicly. For example, we may share data publicly to show trends to about the general use of our services.

Data Retension

We will not retain your personal data for longer than it is required for the maintenance of your relationship with us including for the purpose of satisfying any legal or regulatory requirements.

Data Security

We make sure to use reasonable measures to protect the personal data within the Group. If you have reason to believe that your interaction with us is no longer secure, please immediately advise us.


When you visit CSC’s website, CSC’s webserver will automatically records details about you, such as IP address, type of browsers and CSC’s website pages visited by you including date.

Data subject rights

By law, you have the rights to:
-Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and how we process it.
-Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
-Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
-Object to processing of your personal data where we are relying on a legitimate interests. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedom.
-Request the restriction of your processing of your personal data.
-Request the transfer of your personal data to another party.

You can send these requests to e-mail: or by post to the registered address of our Company.

Your consent

By using our websites and our services you agree and accept the terms of this Privacy Policy and consent to the collection and use of your personal information in the manner described herein. You also warrant that all data provided by you in the course of our business relationship is accurate and up to date.

Disclosure to legal authorities

We may share your Personal Information with Regulators, law enforcement agencies, data protection authorities, government officials, our external auditors and attorneys, or other authorities, where this disclosure does not contravene any mandatory national law, in the following situations:
a)In connection with a formal request, subpoena, court order, or other legal procedure
b)When we believe in good faith that the disclosure is necessary to prevent money laundering, terrorist financing, tax evasion or other illegal activity
c)Disclosure is necessary to investigate violations of this Privacy Policy or our Terms and Conditions or to prevent financial loss

By submitting your personal data, you consent to this disclosure, transfer or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Notifications of change

This Privacy Policy may be revised over time and we may change this Privacy Policy at any time by posting a revised version of it on our website. Unless we have legal grounds to do otherwise, we will provide you with at least 30 days' prior notice of the effective date of the revised Privacy Policy. We may post the notice on our website and/or send you the notice by e-mail. As of the effective date of the revised Privacy Policy, you will be considered as having consented to all changes to the Privacy Policy.

How we use your personal information

We use your personal information to service your account and to improve our service to you. We strictly obey the following principles when using your personal data:

a)We are doing our very best to ensure that your personal information is processed lawfully, fairly and in a transparent manner
b)We limit the personal information collected from you to what is strictly necessary in relation to the purposes for which it is processed and try to maintain this information accurate and up to date
c)We apply best industry standards to process Customers data in a manner that ensures its security, integrity and confidentiality

Our communication with you

We communicate with our Customers via email to provide the requested services. We may also communicate with Customers by phone to:
•Resolve complaints or claims
•Respond to requests for customer service
•Inform on illegitimate use of accounts or suspicious transactions
•Confirm information concerning a Customer’s identity, business or account activity
We may communicate with you as described above by SMS or e-mails to send you transaction notification alerts or tokens (2-factor-authentication) to process certain transactions on your account

Disclosure of your personal Information to third parties

There are circumstances in which we may need to share your personal data. We may need to do this in order to help us carry out our operations.

In processing your transactions we may disclose your Personal Information to third parties, to legal and regulatory authorities or may transfer it for processing outside the European Economic Area (“EEA”).

Your information will not be sold, exchanged, or shared with any third parties except where required by law.

Third party service providers are contractually bound with us to protect and use your personal data only for the purposes for which it is disclosed and we ensure that such third parties are subject to the same protective rules as those described in this Privacy Policy.

Third parties cannot use personally identifiable information about our Customers for any secondary purposes without your explicit consent.

You agree that we may share your personal information with:
a)Third party service partners, who are acting on our behalf as data processors, who are members of our group.
b)Selected third parties including business partners or agents for the performance of any contract we enter into with them or with you to provide our services to you, noting that such data processors, partners or agents shall abide by confidentiality and security measures requested by law.

How we store your personal information

The Personal Information you provide to us are treated securely. We adopt layered-security-approach and defense–in-depth to ensure that your data is protected. Sensitive information is stored encrypted using globally approved cryptography standards. Access to this data is restricted on need-to-know basis.

The data that we collect from you may be transferred to and stored at a destination both within and outside of the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our partners. This could be related to fulfilment of your order, processing of your payment details and provision of support services. Noting that such persons will undertake to operate under the GDPR laws.

You are responsible to keep strictly confidential any security credentials provided to you for access to our site and to your personal account with us. We ask you not to share them with anyone, noting that we will never ask you to provide them to us for what so ever reason.

Retention of your personal information

In order to comply with the legal requirements regarding the prevention of money laundering and countering terrorist financing, we are obliged to keep Customers personal information together with audit trail of their transactions for at least five years after the end of the business relationship. In case of on-going criminal investigations and legal proceedings, further retention of records for a period not exceeding an additional five years may be required.

By submitting your personal data, you agree to this storing and retention of your records. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Security of your personal information

We use a variety of security measures to ensure the confidentiality of your Personal Information and protect your Personal Information from loss, theft, unauthorized access, misuse, alteration or destruction. We conform to the PCI DSS standards for protection of cardholder data and have implemented security measures including, but not limited to:

•Strict policies on user accesses
•Restricted accesses to Personal Information based on least-privileges and need-to-know principles.
•Approved security standards to protect the confidentiality of your information at rest.
•Transport Layer Security (TLS) to ensure the confidentiality of your data in transit.
•Systems hardening to protect our servers from vulnerabilities and attacks
•Audit trails to track changes on your Personal Information
•Audit log reviews to detect unauthorized access attempts
•Independent periodic security testing to check the efficiency and effectiveness of the implemented controls.

To maintain data availability, the information is stored in a secure clustered environment and backups are performed regularly. Any sensitive data that needs to be transferred is encrypted before being transferred electronically.

The security measures will be reviewed regularly in light of new and relevant legal and technical developments.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy policy, if you have any questions about this Privacy Policy, or wish to lodge a complaint about how your personal data is used by CSC Group, you can contact us electronically at the email address given above or by writing to our registered address.

Upon receipt of your complaint we will investigate it and respond to you within a month time. Where this deadline cannot be observed, we will explain to you the reason and will notify to you the extended time for reply.

Privacy Policy & Legal  |  Data Privacy policy  |  Sitemap Copyright © 2021 CSCBank SAL - All rights reserved