Privacy Policy
Introduction
This Policy outlines how Banco Lindo ("the Company") handles, stores, and protects personal data in line with applicable data protection regulations, including GDPR. It sets out the responsibilities of employees, partners, and contractors regarding the collection, use, and safeguarding of personal information.
We view all customer and internal data as valuable company assets. Protecting this information ensures the integrity, security, and accessibility of our operations across LATAM and beyond.
Definitions
- Personal Data: Information that identifies or can be used to identify a person, e.g., name, ID number.
- Public Data: Non-sensitive personal data that is publicly accessible.
- Private Data: Information relevant only to the individual, e.g., preferences, habits.
- Sensitive Data: Includes racial origin, beliefs, biometric data, and health information.
- Authorization: Consent given to use personal data.
- Database: Any collection of personal data subject to processing.
- Data Controller: Entity that determines the purpose and means of data processing.
- Data Processor: Entity that processes personal data on behalf of the controller.
- Data Subject: Individual whose data is being processed.
- Processing: Any operation performed on personal data—collection, storage, use, etc.
Core Principles
- Legality: We only process data in compliance with legal requirements.
- Purpose Limitation: Data is processed for legitimate, stated purposes.
- Freedom & Consent: Data is only collected with prior, informed consent.
- Accuracy: All processed data must be accurate and up-to-date.
- Transparency: Individuals may request information about how their data is used.
- Security: We implement appropriate technical and organisational measures to protect data.
- Confidentiality: Employees and partners must maintain strict confidentiality.
Data Access & Control
Access to personal data is granted only to employees and partners with a legitimate business need. All access is logged and regularly reviewed. Users are expected to:
- Use data only for authorised purposes
- Keep login credentials secure
- Report any suspected breach or misuse
Use of Data
Banco Lindo may collect and process data for the following purposes:
- Delivering banking services
- Verifying identity and performing KYC checks
- Responding to legal and regulatory obligations
- Communicating with users (transactional, legal, or commercial updates)
- Internal performance tracking and service optimisation
Data Rights
Data subjects have the right to:
- Access their personal data
- Request updates or corrections
- Withdraw consent
- Request data deletion where legally permitted
- Understand how their data is being used
GDPR & Global Compliance
Banco Lindo adheres to GDPR principles including:
- Lawful basis for processing
- Data minimisation
- Storage limitation
- Data transfer protocols (in/outside LATAM)
We do not process data in categories exempt under GDPR unless legally required.
Security Practices
We implement a layered approach to data security:
- End-to-end encryption for all systems
- Role-based access controls (RBAC)
- Multi-factor authentication
- Regular audits and penetration testing
- Internal confidentiality agreements
Technology & Usage Guidelines
- Company devices must be protected with secure passwords
- Antivirus software must be up-to-date
- Personal emails and unverified links must not be opened
- Files must be stored only in authorised cloud environments
Data Officer & Contact
Data Protection Officer (DPO): dataprotection@bancolindo.com
Complaints or access requests: Please reach out via our contact form or email.
Policy Updates
This policy is effective as of June 1, 2025. It may be updated periodically to reflect regulatory or operational changes. We recommend checking this page regularly for updates.
Banco Lindo is committed to handling your data with care, transparency, and security. For any questions, concerns, or requests, please contact us directly.