Privacy and security policy

Exprinter International Bank N.V. (“EIB”)
EIB is responsible for thecollection of personal data as per the following Privacy Policy.

Personal Information is defined as personally identifiable information.

Personal information that EIB Bank collects and processes may include:

Collecting, using and disclosing your information

- Your name, address, telephone number, nature ofyour business or occupation and date of birth, all of which may be required by law;
- Identification, such as a valid driver’s license, ID-card (“Cedula”) or passport.
- We may also ask for documents such as a recent utility bill to verify your name and address;
- Your annual income, assets and liabilities and credit history;
- Information about your transactions, including payment history, account activity and how you intend to use the account or service and the source of any incoming funds or assets;
- Information we may need in order to provide you with a service such as health information if you are applying for certain insurance products. In some instances, providing this information is optional
- Information about third parties such as your spouse if you are applying for certain services, where this information is required by law; and
- Information about beneficial owners, intermediaries and other parties, which is required by law.
- Information about contact persons of the legal entity .

Purpose of data collection

We may collect your personal information for the following purposes:

- To confirm your identity;
- To understand your needs;
- To set up, manage and offer services that meet your needs;
- To satisfy legal and regulatory requirements that we believe are applicable to us;
- To help us collect a debt or enforce an obligation owed to us by you;
- To respond to a local or foreign court order, search warrant or other demand or request which we believe to be valid, or to comply with the rules of production of a local or foreign court
- To investigate and adjudicate insurance claims, other claims or complaints;
- To prevent or detect fraud or criminal activity or to manage and settle any actual or potential loss in connection with fraud or criminal activity.

Third Parties

EIB Bank may share your personal data with third parties. This may include, but is not limited to

- Third parties relevant to the services that we provide;
- Third parties that we engage with in order to comply with legal and regulatory obligations
- Third suppliers in connection with the processing of your personal data for the purposes described in this Policy, such as IT providers, communication service providers or other suppliers to whom we out source certain support services.

EIB Bank is committed to only transfer your personal data to the above mentioned third parties for the purposes and on the legal grounds stated in this Policy.

Third parties to whom we transfer your personal data are themselves responsible for compliance with privacy legislation. EIB Bank is neither responsible nor liable for the processing of your personal data by these third parties. To the extent that a third party processes your personal data as a data processor of EIB Bank, EIB Bank will conclude a processor agreement with such party that meets applicable requirements.

To be able to provide our services, it may benecessary for us to transfer your personal data to a recipient in a country outside of the EIB Bank jurisdiction. In that case, EIB Bank will ensure that the data transfer is compliant with the applicable law.

Retention of your personal information

EIB Bank may keep and use information about you in its records for such period of time needed to achieve the goals described in this Policy or to comply with applicable legislation and regulations.

Data security

EIB Bank will collect and process data using suitable technical or organizational measures, in a manner that ensures appropriate security of personal information, including protection against unauthorized or unlawful processing (e.g. such as against malicious hackers) and against accidental loss, destruction and/or damage.

In the unlikely event of a data breach causing high risk to personal information of customers, EIB Bank will where required notify the affected customers without undue delay.

What can you do?

When your personal data is collected and processed, you have the following rights:

- You have the right to be informed about the collection and use of your personal data;
- You have the right to access and obtain copies of your personal information kept in our files;
- You may at any time challenge the accuracy and completeness of your personal information and request that it be amended as appropriate;
- You have the right to request removal of your personal data at any time;
- You have the right to withdraw your consent. You can do by sending an email to our Customer Experience Officer at dataprotection@eib-bank.com.
- You have the right to request restriction orsuppression of processing activities related to your personal information;
- You have the right to data portability which allows you to obtain and reuse your personal data for your own purposes across different services;
You may ask us to refrain from sending you tailored marketing communications;
If you are dissatisfied, you have the right to lodge a complaint with the local data supervisory authority.

Please note that the above rights are not absolute. There may be circumstances in which EIB Bank may be entitled to refuse requests in order to meet its legal and/or regulatory obligations.