First Citizens Group Personnel Privacy Notice
May 2024
Protecting your Privacy
The First Citizens Group (“the Group”) is committed to protecting the privacy of your Personal Information in accordance with applicable privacy laws and regulations.
Purpose
This Privacy Notice ("Notice") explains the type of Personal Information we collect, how we use this Personal Information, and your privacy rights.
Scope
This Notice applies to the processing (collecting, using, storing, and sharing) of your Personal Information as an employee (permanent, contract or temporary), former employee or retiree, independent contractors, job applicants, other prospective employees (e.g., those joining the Group through an acquisition) (collectively “Personnel”), as well as employee dependents, including insured spouse and partners, children, parents, and emergency contact person(s).
We encourage you to read this Notice thoroughly for a better understanding and for informed decision-making about sharing your Personal Information with us. The use of the terms “the Group,” “we,” “us” or “our” refers to the First Citizens holding companies and subsidiaries, its successors, and assigns.
This Notice does not cover your use of the Group’s products or services as a customer. To learn more about the Group’s customer privacy practices you can review the Group’s Consumer Privacy Notice on the Group’s website www.firstcitizensgroup.com.
-
Personal Information is generally information that can be used to directly identify an individual (e.g., passport number, government identity number, driver’s license number) or information that may be used to indirectly identify an individual (e.g., date of birth, address, employment information, health information).
The Personal Information we process (collect, use, store, and share) may include:
Contact information
Full name
Telephone number
Email address
Physical mailing address
Beneficiary information
Emergency contact information
Relationship Type
Professional Background
Employment History
Professional memberships
Licenses and certifications
Education
Honours/awards
Courses/workshops/seminars
Hobbies or leisure pursuits
Career goals
Publications authored or co-authored
Board Memberships
External/Other Employment
Identity, Education, and Political Information
Gender
Nationality
Country of residence
Valid passport information
National identification card information
Photograph
Driver’s license information
Birth certificate information
Signature exemplar
Mother’s maiden name
Marital status
Spouse or partner’s information
Children’s information
Number of dependents
Parents information
Any other family relations within the Group
Home ownership
Political affiliation (e.g., public officials in Trinidad and Tobago)
Financial information
Financial account information (e.g., institution, account numbers)
Transaction history
Credit ratings
Credit report
Salary
Assets and liabilities
Annual income
Collateral provided
Technological information
IP address
Device characteristics
Geo-location
URLs websites to which you arrive or leave
Your browser type, operating system, internet service provider
Mobile device provider
Other necessary technical and security information
Sensitive Personal Information
We do not collect Sensitive Personal Information unless you provide your consent, and/or it is permitted under applicable law.
For purposes of this Notice, Sensitive Personal Information, which is a subset of Personal Information, includes:
Racial or ethnic origin
Political opinions
Health, welfare, medical absence information
Criminal record or record of proceedings for an offence committed or alleged to have been committed Financial record or position
Membership in a trade union
Biometric data
Physical or mental health, (includes disabilities)
Sexual orientation or sexual life
-
Directly from you. We may directly collect your personal information when you interact with us or access our services or communicate with us in-person or online.
Third Party Service Providers. We may also collect your Personal Information through third-party service providers (e.g., credit bureaus, reporting agencies, public sources, employment/staffing services, background checks, referees). -
We only process your Personal Information for purposes permitted by applicable laws, which may vary depending on where you live and where the Group operates. These purposes may include:
Talent Acquisition. We process your Personal Information when you communicate with us regarding potential employment opportunities within the Group to:
Evaluate your interest and qualifications for employment
Discuss the position/vacancy advertised
Monitor recruitment statistics
Comply with applicable laws and regulations
Managing Our Professional Relationship. In order to administer our employment relationship, we may process your Personal Information:
To meet our obligations in the offer letter, employment contract, or applicable policies, including on-boarding, payroll, benefits administration, pension and retirement administration, managing vacation, sick and other types of leave, tax reporting, and similar administrative purposes.
Legal Obligations. We may process your Personal Information to comply with applicable laws and regulations, related to:
Wages, taxes, insurance benefits health and safety, immigration, and data subject rights requirements
Court orders (e.g., search warrant)
Treating with litigious matters and disciplinary action -
The Group uses your Personal Information only when we have a lawful basis to do so.
To fulfill our contract with you
To comply with legal obligations e.g., court orders, search warrants or other lawful demands or requests, or to comply with the rules of a court
To protect your vital interests
To support the administration of justice.
For legitimate business purposes or interests (as identified above), except where such interests are outweighed by your fundamental rights and freedoms
Legitimate Interests.
We may process your Personal Information for our or others’ legitimate interests. If you decline to provide your Personal Information upon request, we may be unable to perform these actions and/or complying with our legal obligations. We may use and share your Personal Information with our subsidiaries, affiliates, and third parties for the legitimate interests below:
For Human Resources administration (e.g., insurance, travel, payroll, benefits administration, maintenance of employee directory)
For general business management and operations (e.g., to conduct staffing and salary benchmarking exercises, maintenance of IT services, compilation of statistical data)
For auditing and reporting purposes
For employee surveys
For marketing/advertising purposes (e.g., marketing employee services to you)
For network and information systems security management
For physical security (e.g., life safety and building management)
For data protection
For improving business operations and the overall employee experience
For applications and systems used to record and assess employee performance metrics
For investigating potential and actual internal violations of law or our internal policies and defending litigation
For assisting in investigating, processing and adjudicating complaints made internally or externally
For assisting with the identification and mitigation of fraudulent activities, anti-money laundering and terrorism financing
For monitoring and analyzing trends, usage, and activities relating to our services
For facilitating the enforcement of debts or any obligation owed to us by you
Any other legitimate business purposes to aid in evaluating and improving our employee services
Recipients of Your Personal Information. Your Personal Information may be shared with:
Business units, and subsidiaries within the Group
Third-party service providers
Successors in title (through merger, acquisition)
Credit agencies
Professional advisors (e.g., lawyers, auditors)
Government agencies (e.g., law enforcement, regulators)
Other entities or persons requesting the disclosure of your Personal Information in accordance with the law
Cross-Border Data Transfers
We may share your Personal Information with other countries within the Group and with third-party service providers located outside of your country. The Group will apply appropriate safeguards to protect your Personal Information.
Safeguards
We will ensure that appropriate safeguards are in place to protect your Personal Information from unauthorized access and our third-party service providers shall only utilize your Personal Information for the purposes of the engagement with the Group.
Save for the purposes outlined above, we will keep your Personal Information confidential to the extent that such information is not:
Information which at the time of disclosure is published or otherwise generally available to the public
Information, which after disclosure by you, is published or becomes generally available to the public, other than through any act or omission by the Group
Information in our possession which is not otherwise confidential
Information rightfully acquired from a third party who did not, to the best of the Group’s knowledge and belief, obtain it under pledge of confidentiality to you or another
Storage
Your Personal Information may be stored on premises and/or by third-party cloud service providers in any country where we operate or in which we engage service providers. Third-party Service Providers are contractually obligated to comply with applicable policies, laws, and regulations in protecting your information.
Automated Decision-Making
The Group may use automated decision-making (i.e., using automated means to make decisions) in limited circumstances.
Workplace Monitoring
In order to comply with applicable laws and regulations, ensure financial integrity, protect our IT infrastructure, personnel, customers, business partners, and shareholders, the Group monitors its IT and communications systems through automated tools (e.g., network authentication and wireless connectivity hardware and software, anti-malware software, advanced threat protection software, endpoint detection and response software, website filtering and spam filtering software, security information and event management (SIEM) solution, security software for cloud-based applications, access and transaction logging, and mobile device management solutions).
Our legitimate interests in workplace monitoring includes:
Security of our applications, systems, and network(s)
Network and device management and support
Document business transactions and recordkeeping
Protect confidential information and company assets
Detect and/or investigate potential violations of law or company policy
Other legitimate business purposes as permitted under applicable law.
Closed-Circuit Television (CCTV)
As permitted by law, we monitor our offices, branches and automated teller machines using CCTV cameras. These cameras cover outer areas of our premises, as well as, entry points, exit points and specific areas inside our buildings, such as waiting areas, lobbies and spaces with monetary, mission critical or sensitive assets with a high risk of theft.
Cameras are positioned to monitor access to and ensure security of our premises, employees, visitors and customers. Video from CCTV cameras is retained to investigate unauthorized physical access to our premises; theft of assets of the Bank or that of persons on our premises; customer transaction queries; and safety of persons on our premises. CCTV cameras are not used to monitor employee workstations or used in private spaces (such as restrooms, mothers’ rooms, sick rooms, dressing rooms or locker rooms).
Access control cards assigned to employees are also utilized with CCTV cameras to monitor access to the Bank’s premises for the purposes of building management and security.
Online Activity
When you use the Group network (e.g., send/receive messages, files, data, documents, facsimiles, audio/video, social media posts, instant messages), or any other types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (including when you use your own personal devices to access Group IT systems) are all presumed to be business-related and may be monitored or accessed by us in accordance with applicable law, workplace agreements, and our applicable policies. -
Your Personal Information belongs to you. The following privacy rights, subject to applicable laws, apply to all Personnel (as defined above).
Right to Access
You have the right to request access to your Personal Information held by the Group.
Right to Correction
Your Personal Information should always be accurate and up to date. You are required to inform us of any changes to your Personal Information during the tenure of your employment or provide updates upon request.
Right to Withdraw Your Consent (Opt-Out)
You may withdraw your consent to the collection, use, or disclosure of your Personal Information at any time, but in limited circumstances. Please note that withdrawing your consent may limit the services the Group can provide.
You may not opt-out of receiving administrative messages. -
Cookies are small files placed on your device when you visit a website or use mobile applications. The Group and/or Third-Party Service Providers may use cookies and similar technologies to help us store your preferences and settings, assist in security measures and to understand the performance of our websites, online services, and mobile applications.
-
We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes identified for collection, and to meet our legal obligations. We will collect, store and process your Personal Information during the tenure of your relationship with the Group and for the purposes outlined in this Notice. Upon termination of our relationship with you, your Personal Information will be retained for a period prescribed by applicable laws and regulations, and thereafter it will be destroyed..
-
We have implemented procedural, physical and online security measures and systems that align with industry standards to protect any Personal Information we collect, store and process.
You should only access our website and provide your Personal Information over a secure connection.
While the Group utilizes all reasonable efforts to protect your Personal Information, it is your personal responsibility to act prudently to secure such information.
We advise you that the Group will not send emails, texts, or messages via social media that require you to log-on, verify your identity, and/or disclose your Personal Information, or provide sensitive banking data using those channels. Please refer to our guidelines for protecting your Personal Information. Click here -
Our websites may contain links to products and services of our authorized Third-Party Service Providers. This Notice applies solely to the Group’s websites, or such websites operated and controlled by us, and we will not be responsible for any unauthorized access to your Personal Information disclosed on such websites. If you utilize any third- party link, please ensure that you read the policies and conditions governing the use of such websites..
-
You have a right to file a complaint with the data protection authority in your country if you allege a violation of its data protection law.
-
This Notice may be updated from time to time by the Group (“Revised Notice”). All parties affected by this Notice must abide by the updated terms and conditions of the Revised Notice. The Revised Notice will be made available on our website and may be accessed at our physical locations (on an ‘as needed’ basis).
-
If you have any privacy-related questions, you may contact us via email:
Email: data.privacy@firstcitizenstt.com