Privacy Policy

1.      INTRODUCTION

GraceKennedy Money Services (“GKMS”, “we”, “us”, “our”) is the umbrella entity which encompasses FX Trader – The Foreign Exchange Place from GraceKennedy, Bill Express – The Bill Payment Place from GraceKennedy and Western Union – Moving Money for Better.  Some or all of these services may be found in Jamaica, Trinidad and Tobago, Guyana, Anguilla, St. Kitts and Nevis, St. Vincent and the Grenadines, British Virgin Islands, Montserrat, the Cayman Islands and the Turks and Caicos, and The Bahamas. The Group is dedicated to complying with data protection laws in all jurisdictions where we operate. Our goal is to bolster the trust and confidence of all our stakeholders including our team, customers, business partners, shareholders, and the beneficiaries of our community outreach initiatives, in our stewardship of their personal data.

This privacy notice aims to give you information on how we collect and process your personal data.

Please ensure that you read this privacy notice carefully and along with any additional privacy policy we may release periodically. This will help you understand why and how we use your personal information.

2.      TYPES OF DATA WE COLLECT

We collect your personal data to provide you with customised products and services that cater to your needs. The types of personal data we collect varies based on the business you conduct with us. For example, if you use the GKOne App, we collect your contact information to on-board you as a customer. Other examples of the types of personal data we may collect directly or indirectly from you include:

  • Contact Details
  • Demographic Details
  • Biographical Information
  • Financial Information
  • Identity Data
  • Technical Data

3.      HOW WE COLLECT PERSONAL DATA

Your personal information is collected using:

  • Direct interactions. By completing data collection forms, corresponding with us by post, phone, email, via our website, mobile applications, or when you contract with us for the provision of our products or services.
  • Automated technologies or interactions. As you use our websites, technical information regarding your equipment, browsing behaviour and patterns may be collected. We gather your personal information through the use of cookies and similar technologies.
  • Third Parties. Where we use third party suppliers to assist us with our business operations to enable us to provide you with products and services.

4.      HOW WE PROCESS PERSONAL DATA

Use

We only use your personal data for the purposes for which it was acquired, or where we have a lawful reason for using it, such as:

  • To administer, manage and offer the products and services we provide to you, including opening, and maintaining your account, and providing customer/member care services.
  • To meet our regulatory and legal obligations, and to ensure adherence with internal controls.
  • To conduct market research to develop and enhance products and services, improve existing processes, and evaluate the effectiveness of our marketing campaigns.
  • To manage our human resources, including recruitment, on-boarding, and benefits administration.
  • To improve the operation of our websites and provide those services which you have requested us to provide.

Disclosure

Your personal data will only be disclosed to those of our employees or third-party providers that have a need for such access to fulfil the purpose for which it was collected. Your personal data will not be disclosed to any other individuals or entities unless there is a lawful basis to do so.

International Transfer

It may be necessary for your personal data to be transferred to another member of the Group, or to a third-party outside of the jurisdiction in which your data was collected.

Unless an exemption applies, we will only transfer your personal data out of the jurisdiction it was collected if:

  • Your data is being transferred to a jurisdiction that provides an adequate level of protection for personal data.
  • The third party to whom the data is being transferred agrees to protect your personal data in the same way we do.

Retention & Destruction

We will only retain your personal data for the time necessary to fulfil the purposes for which we collected it, where we are required to retain it to satisfy legal or business requirements, or other lawful purposes.

5.      LAWFUL BASIS FOR PROCESSING PERSONAL DATA

We rely on one or more of the following lawful bases for processing your data.

  • Consent – We will obtain your clear, informed and freely given consent before processing your personal data, except in circumstances where we have another lawful basis to process your data.
  • Vital Interest – To protect your life, in instances that the same cannot be reasonably achieved by a means other than processing your data.
  • Contractual Obligation – In contemplation of entering a contract with you or to fulfil our existing contractual obligations to you.
  • Legitimate Interest – We may process your personal data in the interest of our business in maintaining and enhancing its goodwill and reputation, avoiding or minimising legal claims, conducting and managing our business to enable us to provide you with the best products and services and a secure customer experience.
  • Legal Obligation – To comply with our obligations under the law.  

6.      INDIVDUAL/DATA SUBJECT RIGHTS

We are committed to observing your rights as an individual in respect of your personal data. The rights which you may exercise are:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data that we hold about you corrected.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) where you feel it impacts on your fundamental rights and freedoms.
  • Request erasure of your personal data. You may ask us to delete or remove personal data where there is no lawful basis for us to retain it.
  • Request restriction of processing of your personal data. You may ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Withdraw consent where we rely on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. You also have the right to withdraw consent where we process your personal data for direct marketing purposes.

7.      HOW WE PROTECT PERSONAL DATA

We are committed to protecting your personal data. We (and our third-party service providers) use a variety of industry-standard security technologies and procedures, as well as organisational measures to help protect your personal data from unauthorised access, use, or disclosure, such as:

  • Vulnerability scanning.
  • Malware scanning.
  • Secure networks and access management
  • Encryption
  • Multi-Factor Authentication

Notifiable data breaches

We take data breaches very seriously. If a data breach occurs, we will endeavour to meet the deadlines stipulated by data protection laws to report data breaches to the supervisory authority. Where there is likely to be an impact on your rights because of the breach, we will endeavour to notify you without undue delay.

We will inform you of:

  • the nature of the data breach;
  • the measures taken or proposed to be taken to mitigate or address the possible adverse effects of the breach; and
  • the contact information of our Data Protection Officer or representative to whom you may address any concerns.

We will review every breach and take action to prevent future breaches.

8.      CHANGES TO PRIVACY NOTICE

We reserve the right, in our sole discretion, to modify any part of this Privacy Notice. It is your responsibility to check this Privacy Notice periodically for changes. Continued use of our website indicates your acknowledgement that it is your responsibility to review this Privacy Notice periodically and become aware of any modifications. Changes to this notice are effective once they have been uploaded to our website.

9.      CONTACT INFORMATION

 If you have a question or comment regarding this Privacy Notice or you would like to make a complaint related to data privacy, please contact our Privacy Office using the details below.

GraceKennedy Limited

privacyoffice@gkco.com

42 – 56 Harbour Street, Kingston

(876) 922-3440

You may submit a complaint to the supervisory authority in the jurisdiction that your information was collected if you feel that we have not addressed your complaint: