Last revised date: 20 June 2024.

Bank of Jamaica, (‘we’ or the ‘Bank’) is charged with the statutory responsibility to promote and maintain price stability and financial system stability. The law specifies that the function of the Bank include, (a) to formulate and implement monetary policy; (b) the implementation of prudential and macro-prudential policies; (c) to issue and redeem notes and coins; (d) to hold and manage the external reserves of Jamaica; (e) to foster the development of money and capital markets in Jamaica; (f) to act as banker and financial agent of the Government; and (g) to act as banker to deposit taking institutions.

In carrying out the functions associated with our mandate, we process personal data pertaining to our staff, business contacts, customers, staff and related parties of regulated firms, as well as members of the public. This privacy notice outlines our mechanisms for safeguarding personal data in the execution of our duties. In our commitment to respect individuals’ privacy, we recognize that the responsible handling of personal data is not only a legal requirement but a fundamental ethical imperative that cultivates trust and public confidence, which are critical to the achievement of our mandate and regulatory obligations.

Importantly, we:

  • process personal data in a fair, lawful way while also ensuring that appropriate security measures are in place to protect the personal data.
  • will uphold the individuals’ rights regarding their personal data.

We are committed to maintaining the privacy and security of all personal data in our custody by establishing policies, procedures and protocols that are in keeping with the applicable data protection laws, regulations and international best practices.

On this page, we explain:

  • Purposes for processing your personal data
  • How we protect your personal data
  • Sharing and disclosure of personal data
  • Transfer of personal data outside Jamaica
  • Retention policy
  • Data subject rights

Purposes for Processing your Personal Data

For regulatory purposes

In the execution of our official duties and in the interest of the public, we supervise the activities of commercial banks and other specified financial institutions as provided for under Sections 34A, 34AA and 34B of the Bank of Jamaica Act, as well as provide regulatory oversight for foreign exchange traders and remittance companies pursuant to Section 22B and Section 22G (2) of the Bank of Jamaica Act, respectively. In addition, the Bank regulates and supports the major clearing, payments and settlement systems through which financial institutions execute the transfer of funds for a range of financial transactions. These activities, along with ensuring the ongoing stability of entities, monitoring regulatory compliance, and taking corrective measures in cases of non-compliance, may involve the collection and processing of personal data.

While most of the information we receive pertains to the business operations, corporate structures, and financial performances of the entities; there are instances where personal data related to the entities’ employees, related parties and clients may be necessary. This can include names, professional details, financial information, addresses, opinions, and, in certain cases, detailed information about identity and qualifications for specific roles. The information is obtained from individuals, the entities themselves, or third parties.

For statistical and market analysis, research, and regulatory policy development

The Bank collects various types of data to analyse markets, conduct research, and develop policies. This includes personal information like financial details, professional backgrounds, locations, criminal and civil proceedings history, opinions, ethnicity, nationality, gender identity, socio-economic status, and disability status. Gathering this broad range of information is crucial for us to fulfil our responsibilities effectively and efficiently.

We may obtain this data from different sources, including regulatory bodies, government agencies, the firms we oversee, and other third-party sources, commercial databases, and publicly available records.

For staff related purposes and corporate policy development

The Bank collects various types of personal data on staff, to ensure their safety, security, well-being and engagement while employed to the Bank. This includes personal information such as financial details, professional backgrounds, locations, civil and criminal proceedings history, opinions, ethnicity, nationality, gender identity, health and disability status. Gathering this broad range of information is crucial in the development of corporate policies, procedures and protocols that help us to fulfil our legal obligations to staff.

We may obtain this information from different sources, including regulatory bodies, government agencies, law enforcement organizations and other third-party sources, commercial databases, and publicly available records.

For exchanging notes and coins

The Bank collects evidence of individuals’ national identification, and other relevant information to facilitate the exchange of notes and coins. It is necessary to verify your identity and to meet other legal and security obligations.

For other regulatory purposes

This data processing is essential for carrying out tasks in the public interest and exercising the official authority of the Bank. These tasks include providing vital banking, payment, and settlement services, participating in the financial marketplace to manage the Bank’s balance sheet and the country’s foreign reserves, and offering foreign exchange and other money market services to customers.

We collect personal data for varied purposes under the regulatory arrangements we have in place with individuals’ banks and other financial institutions. We request that these banks or other financial institutions minimise the personal data shared with us to the extent of the intended purpose for which the data will be used. This means that, whenever feasible, we use identifiers instead of your personal information, so that the Bank cannot identify you solely based on the information provided by your bank or other financial institution.

For visiting our website

We acquire information about your general internet usage through Cookie files kept on your computer hard drive. Some Cookies are essential for websites to function while others aim for a more enjoyable experience online.

Our cookie statement provides detailed insights into the utilisation of personal data during visits to our website, including how we use Cookies. Our Privacy notice is not applicable to other websites. Please be informed that we are not responsible for the privacy practices of such other websites or third parties. Please check these third-party privacy policies before you submit any personal information to these websites.

For visiting our premises

We collect personal information details on visitors to the Bank’s premises, such as their identification card, driver’s licence or passport, to verify their identity. Additionally, our premises have CCTV surveillance and other security measures in operation that capture images and videos indiscriminately. These measures are undertaken to fulfil tasks in the public interest or in the exercise of official authority by the Bank; and to safeguard our staff, premises, assets and visitors, aligning with our legitimate interests.

For recruitment of staff and service providers/contractors

We collect personal information details on prospective employees/contractors/service providers, such as their educational and professional backgrounds during our recruitment procedures. Applicants receive a distinct privacy notice through our Careers page and during onboarding.

For activities in public interest

We engage in various initiatives to enhance the public’s understanding of our operations and policy objectives. As a component of our official endeavours in this regard, we might gather personal information to organise events or disseminate materials. Certain events may necessitate the collection of identification or the implementation of security measures. We will handle the personal information you voluntarily provide, typically comprising your name and contact details.

For maintaining business and industry contacts

We keep in touch with people from various industries to stay abreast of market and economic trends and how policy decisions affect them. Some of these contacts also participate in Bank events or provide advice on economic or market developments. Without these connections, we cannot effectively carry out important tasks that relate to our mandate or benefit the public. Usually, the personal information we handle includes people’s names, work contact details, and their opinions. We typically get this information directly from the individuals or from public sources. We use it to communicate, organise events, conduct surveys, and produce outputs related to our work.

For contacting people who get in touch with us

When you reach out to our public inquiries team, submit a request or complaint, subscribe to specific mailing lists, or participate in consultations, we will collect personal information from you. We will handle the personal details you provide, typically including your name and either business or personal contact details. We will clearly indicate if we’re seeking your consent to process your information. Otherwise, we may process this data because it would be necessary to perform tasks in the public interest or as part of the Bank’s official duties, or because it is in the Bank’s legitimate interest, or because it is necessary for the Bank to fulfil a legal obligation.

How We Protect Your Personal Information

The security and confidentiality of your personal data is important to us, and the Bank has invested significant resources to safeguard and keep your personal data confidential. We strive to take reasonable measures to ensure your personal information is secured and to keep you informed of any changes to the way we collect, use, share, or otherwise process your personal information.

We require our staff and any third parties who carry out any work for us to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the collection, usage, transfer, or otherwise processing of information.

Sharing and Disclosure of Personal Information

To serve your needs to the best of our ability, we may need to share any information you provide to us with third parties such as government or other regulatory entities.

In some instances, we may need to handle sensitive personal data, such as criminal records of individuals. We may also disclose your sensitive personal information, with predefined processes, if such disclosure is:

  • permitted by law
  • in response to a legal process (e.g. police order) to comply with a court order or applicable law or in connection with judicial proceedings or other legal process.
  • expressly permitted by you (express opt-in consent)
  • sharing with law enforcement agencies or the courts when necessary for crime prevention or detection, which may involve providing CCTV footage.

Transfer of Personal Data outside Jamaica

To fulfil specific purposes that necessitate the processing of personal data, there might arise instances where transferring personal data outside Jamaica becomes necessary. According to the Data Protection Act, 2020, we are prohibited from transferring personal data to a State or territory outside of Jamaica unless adequate protection for the rights and freedoms of data subjects regarding the processing of personal data is ensured by that State or territory. However, there are certain exceptions to this rule, including:

  • the data subject consents to the transfer.
  • transfer is necessary for the performance of a contract between the data subject and the data controller.
  • transfer is necessary for reasons of substantial public interest.
  • transfer is necessary in connection with, any legal proceedings, obtaining legal advice, or establishing, exercising, defending any legal right.
  • transfer is necessary to protect the vital interests of the data subject.
  • transfer is part of the personal data on a public register, and any conditions governing access to the register are adhered to by any individual to whom the personal data is or may be disclosed following the transfer.
  • transfer has been authorised by the Information Commissioner.
  • transfer is necessary for the purposes of national security or the prevention, detection, or investigation of crime.

Retention Policy

Our retention policy is based upon the volume, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. We have implemented appropriate measures, in keeping with the law and our internal records management policies, to ensure your personal information is securely destroyed in a timely and consistent manner when no longer required.

Data Subjects Rights

Data subjects have certain rights under the Data Protection Act, 2020 in relation to the personal data we collect and process. For example, under certain circumstances, by law, you have the right to:

  • Request access to your personal data and request details of the processing activities conducted by the Bank.
  • Request that your personal data is rectified if it is inaccurate or incomplete which also includes to erase or destroy, as may be required to correct the inaccuracy.
  • Request to prevent or object to the processing of your personal data in certain circumstances.
  • Transmit your personal data in a structured, commonly used, and machine-readable format to another controller in certain circumstances.
  • Rights in relation to automated decision-taking.
  • Withdraw any consent you have provided to us at any time by contacting us.

The rights set out above are not absolute and are subject to several important exemptions and limitations that mean we don’t always need to comply with your request.

To exercise the rights outlined above in respect of your personal data you may submit a data subject request. We aim to address your request promptly. At times, we may need to ask for specific information to verify your identity and ensure your right to access the information.

To contact us about any data subject rights, please contact us at:

Privacy Office
Bank of Jamaica
Nethersole Place
P.O. Box 621, Kingston
Jamaica, West Indies

Tel: (876) 922-0750
Fax: (876) 922-0854
Email: PrivacyOffice@boj.org.jm

For more details or follow up on your request or report any concerns regarding the processing of your personal data, you can reach out to the Bank’s Data Protection Officer.

You can contact the Bank’s Data Protection Officer using the details below:

Data Protection Officer
Bank of Jamaica
Nethersole Place
P.O. Box 621, Kingston
Jamaica, West Indies
Email: DPO@boj.org.jm

If you do not feel satisfied with the Bank’s or the Data Protection Officer’s response, you can report your concerns or complain to the Information Commissioner’s Office at https://oic.gov.jm/form/data-subiect-complaint

CHANGES TO OUR PRIVACY NOTICE

We may periodically update this Privacy notice. When we do, we will let you know by revising the “Last Update” legend at the top of this page. Any changes to this Privacy notice will become effective when we post the revised Privacy notice on our site, unless otherwise indicated.

We encourage you to periodically review this notice, so that you will be aware of our privacy practices.