Privacy and Information Security Policy
Privacy and data security are central to CCB’s services
June 28, 2022
With reference to the privacy acts in effect in the jurisdictions in which Caribbean Credit Bureau operates:
Aruba: Landsverordening van 19 mei 2011 houdende nieuwe regels ter bescherming van de persoonlijke levenssfeer in verband met het vastleggen en verstrekken van persoonsgegevens (Landsverordening persoonsregistratie)
Curaçao: Landsverordening bescherming persoonsgegevens AB 2010, 84
Netherlands Caribbean (B.E.S.): Wet Bescherming Persoonsgegevens BES, Stb. 2010, 349
Sint Maarten: Landsverordening bescherming persoonsgegevens AB 2010, GT no. 2
Caribbean Credit Bureau with offices in:
Aruba: C.C.B. Credit Registry N.V.
Curaçao: Caribbean Credit Bureau N.V.
Netherlands Caribbean: Caribbean Credit Bureau Bonaire N.V.
Sint Maarten: Caribbean Credit Bureau Sint Maarten N.V.
Section I – Privacy
Objectives Relating to Processing Personal Data
CCB is a consumer credit bureau operating in the Dutch Caribbean that has the following objectives:
- To give information on consumer credit behavior, possibly reflected in a credit score, to credit-issuing institutions to mitigate their risk of losses, or to prove good and trustworthy credit behavior of consumers towards credit issuing institutions.
- To provide total credit exposure of individuals, possibly reflected in a credit score, to prevent over-crediting by credit-issuing institutions and to keep individuals out of credit repayment problems; and
- To provide credit issuing institutions information about other credit-related behavior of consumers such as fraudulent behavior, debt restructuring programs, or bankruptcies.
- Personal data may be shared with members, selected respected international credit bureaus, and with any individual requesting to see their personal credit report.
Other than sharing the data in accordance with the above stated objectives, personal data of individuals, whether public or private, will not be sold, exchanged, transferred, or given to any person, company or institution for any reason whatsoever, unless the respective individual has given explicit consent or unless it is required by law or by order of a competent court.
Adherence to all applicable Personal Data Protection Acts (PDPA’s)
The Personal Data Protection Act in force in each of the jurisdictions in which CCB operates forms the legal basis of the privacy rights of each individual. CCB complies with the PDPA applicable in each respective jurisdiction in which it operates.
Under all of the above-listed PDPA’s, CCB is allowed to process personal data of individuals subject to the specific privacy clauses. Because CCB has a clearly described objective serving a legitimate interest in each of the above-listed jurisdictions, CCB is not required to obtain neither written nor explicit consent from each individual. Notwithstanding the fact that CCB is not required to, it operates on the basis of informed consent viz. each individual. Individuals are informed by means of an inclusion of a clause in the general terms and conditions of the members and in all new credit-related contracts of the members. Also, in the credit application forms of the members, a clause has to be included to inform individuals that a credit check can be part of the credit application. Although CCB monitors compliance by the members that these clauses are part of the procedures of the members, the members are responsible for compliance.
Specific Measures in place to limit use of data and Protect the Privacy of Individuals
Specific measures to protect the data of individuals include, but are not limited to, the following:
- Data is only shared on a reciprocal basis with other CCB members and with a selected number of respected international credit bureaus, but only to their members who also provided data to that international Credit Bureau.
- Only such data that is needed towards the objectives of CCB are collected.
- Data is only shared for the intended use, in accordance with the objectives.
- All inquiries made by members and CCB are logged and reported on the personal credit report that each individual can obtain regarding its own data from CCB.
- Personal Data is not used in test environments and development environments.
Although the law requires neither written nor explicit consent of the individual, because the objectives of CCB with regards to personal data are clearly formulated and disclosed, CCB operates on the following basis with its members to inform individuals. Based on contractual agreements between CCB and each member, each member has agreed to disclose its membership with CCB and the related sharing of data, in its General Terms and Conditions, in its credit-related contracts and in its credit application forms to notify individuals that his/her credit data will be checked.
Limited Use of Personal Data Collected
We assure users that all personal information collected can be used or disclosed only for the purposes for which it was collected. We will obtain consent from users should we need to use the personal data for a new purpose or for a purpose not previously identified. We assure users that consent will be obtained prior to use of their personal data.
Limited Scope of Personal Data Collected
Only necessary personal data is collected from registered users for business purposes. Both the amount and the type of data collected shall be limited to that which is necessary to fulfill the purposes identified.
Sources and methods of collecting the Data
Data stored by CCB can be obtained as follows:
- From the data subject (being the consumer), or from a member who has obtained explicit authorization from the data subject, or where the authority of the member to submit the data to CCB can reasonably be implied.
- From members who have a business or financial relationship with the data subject that is relevant to the objectives of CCB provided that the use of the data complies with those objectives.
- From other Credit Information supplies with whom CCB has entered into a formal relationship and who obtain and disclose their data legitimately in accordance with the laws prevailing in their jurisdictions.
- Other public sources, provided that the data is collected legitimately and is relevant to CCB’s objective and only used by CCB in line with those objectives.
Types of information that can be stored
Personal Data stored in CCB’s Online Registry as provided by Members
- The full name and the initials of the Consumer, his or her gender, the Consumers address(es) known to the various Members;
- The types of the credits that are outstanding, the account number, the original amount, and the recent balances outstanding on the credit;
- The credits that are in default and the status of the default;
- Disputes expressed by Customers to the Member are to be registered in the system;
- Annotations provided by the Member provided the information factual and can be supported by the Member on request of the Consumer;
- Annotations provided by the Consumer provided the information factual and can be supported by the Consumer;
- Two summary scores containing factual information:
Credits that are stored in the system:
The following types of credits are stored in the system:
Credits for which positive and negative information is registered:
- Car loans
- Personal loans
- Credit cards
- Business Loan (this is for sole proprietorships only)
- Credit that originated from the sale of goods or services (retail credit)
- Other credits
- Guarantees that were not (fully) honored when called for payment by a Member
The members (data owners) are responsible that the data that is submitted to CCB is accurate and correct.
CCB does not store any of the following types of data:
- Any data regarding religion, race, political orientation, health, sexual preference, nor any membership data.
- Information relating to criminal nature, with the exception of those directly relating to the objectives of CCB, such as financial fraud, and identity theft. In case of doubt, CCB will present the issue to the CBP.
Access to own Data and Right to Request for Correction
We allow users the right to access their personal credit report. Everyone is entitled to one free credit report per year. A fee will be charged for providing more than one credit report. This applies to requests for own credit reports made by individuals via our members, the international credit bureaus with whom we have a data exchange contract, and at CCB office.
If you believe that the personal data stored by CCB is not (no longer) correct or complete, you can request the member who has supplied the data to update or correct your personal data. If necessary, we will intermediate with the member that is requested to make such adjustments, but it is the member who has to make the correction.
Section II – Information Security
CCB is committed to ensure protection of its information systems and data and has implemented generally accepted good practices for information security management and governance. These good practices include: defined roles and responsibilities for information security; a regular information security risk analysis; policies, standards and procedures to mitigate risks; and independent review.
We endeavor to have procedures in place to ensure that our systems and services use up-to-date security measures and technologies.
Specific Measures to Ensure Data Security
Specific measures to protect the data of individuals include, but are not limited to, the following:
- The personal credit reports that individuals can request about themselves can only be produced by a limited number of CCB personnel.
- Other than printing the report mentioned above, no access to the data is possible by any CCB employee, management ICT officers, programmers nor advisors.
- Personal Data is stored securely after being encrypted using AES 256 asymmetrical encryption. The encryption key is stored by and only known to an independent custodian, who does not have access to the CCB system.
- Access to the system is based on two-factor authentication: a password and a security code.
- Secure Sockets Layer (SSL) technology is employed to exchange sensitive information between the CCB system and its users. SSL encrypts data and is one of the safest methods of passing information over the Internet.
- Data is mirrored to prevent accidental loss.
- Reports can only be requested on a single-call basis. Batch requests are not provided for.
As users enter the payment information, it is captured on a page that uses the SSL protocol by default. All personal and financial information is encrypted as it travels over the Internet. All financial information is stored in encrypted form on our servers. The server is also not accessible through the Internet. Credit card security will continue to be an issue of top priority for our company.
Section III – Using our Web Site
When you use our website, CCB collects or uses certain personal data. We do this only for those purposes described in this policy. The following applies.
- Web visit
When you visit our website, technical data of your visit are recorded in log files on our servers. This data is stored exclusively for statistical analysis for up to 12 months. Examples of such data are the requested page, the IP-address, time stamp and browser type. We do not check who is using which IP-address at what time and we do not trace this information to your person.
- Correspondence via the contact form or e-mail
When you send us a message through the contact form on our website or via an e-mail message, your message and the technical characteristics of your message are recorded in our e-mail archive and/or our customer database. Your data is stored in these files for seven years for legal administrative retention purposes. We use this information to answer or handle your message and to get in touch with you as part of our normal business. We do not use these data to combine with other personal data available to us.
Cookies are small pieces of information that are stored by your browser on your computer. We apply cookies only to analyze the use of the website. Our analysis tools process the data locally and do not share the information with third parties. Your IP address is used only anonymously. This data is stored for up to 12 months.
This Privacy and Data Security Policy applies solely to information collected on our website. The Site contains links to web sites of third parties. CCB is not responsible for the actions of these third parties, including their privacy practices and any content posted on their web sites. We encourage you to review their privacy policies to learn more about what, why and how they collect and use personal information. CCB adheres to industry-recognized standards to secure any personal information in our possession, and to secure it from unauthorized access and tampering.
- No sharing with third parties
We take appropriate measures to protect against unauthorized access and use of your personal data. Furthermore, our people who need access to your data to perform their function, are required to respect the confidentiality of personal data.
- Abuse and/or misuse
When, in our opinion, there is any abuse or misuse of our website, we could decide to deny access to our website from certain IP-addresses and/or e-mail addresses for a definite or indefinite period of time. In case of abuse, we may attempt to trace the data to your person.
Section IV – General
This Privacy and Data Security Policy is displayed on CCB’s web site (www.caribbeancreditbureau.com). We encourage everyone to read this policy in order to understand CCB’s position and commitment towards respecting the privacy of individuals and the security measures we take surrounding the personal data we process.
CCB will endeavor to have procedures and guidelines in place to safeguard the accuracy of the data it processes. CCB shall not be held liable for data input errors made by users or incorrect data submitted by CCB members or other sources.
Providing Data by Force of Law
In addition to sharing data with members and other credit bureaus, CCB will not provide any personal data to anyone unless the law requires us to share personal data to any official authorities or if a demand of the courts is presented to us.
Enforcement of Policy / Complaints
If for some reason you believe CCB has not adhered to this policy, please notify us and we will do our best to promptly respond and address any valid issues raised. If you feel your privacy has been compromised or you have concerns about the way we secure the data we manage, please use the electronic Complaint / Dispute Form on our website to raise your concern with us. You can also e-mail or call us.
Changes to this Policy
CCB reserves the right to make changes to this Privacy and Data Security Policy without advance notice.
Questions or Comments
If you have questions that are not answered by this policy or if you have any comments, complaints or suggestions about the way CCB handles and protects personal data, please send an email to email@example.com or contact us by phone.