Investment Group Bank
Contact Email: [email protected]

1. Introduction

Investment Group Bank (“the Bank”) is committed to protecting the privacy, confidentiality, and security of all customer information.
This Data Protection & Security Policy outlines the principles, technologies, and procedures used to ensure safe handling, storage, and transmission of personal and financial data.

2. Scope of the Policy

This policy applies to:

  • All customer data collected through the Bank’s website, digital banking platforms, mobile apps, customer support channels, and offline processes

  • All employees, contractors, and authorized third parties

  • All data storage systems, databases, and servers operated or managed by the Bank

3. Data Protection Principles

Investment Group Bank follows internationally recognized data protection standards, ensuring that:

  • Data is processed lawfully, fairly, and transparently

  • Data collection is limited to what is necessary for service delivery

  • Data is accurate and kept up to date

  • Data is stored securely with strict access controls

  • Data is retained only for as long as necessary

  • Data is protected against unauthorized access, loss, misuse, or alteration

4. Types of Data Collected

The Bank may collect the following categories of information:

Personal Information

  • Full name

  • Date of birth

  • Address and contact details

  • Identification documents (passport, ID, etc.)

Financial Information

  • Account details

  • Transaction histories

  • Payment methods

  • Source of funds (where applicable)

Technical Information

  • IP addresses

  • Device information

  • Browser type

  • Usage analytics

Verification Information

  • KYC/AML screening data

  • Sanction/PEP checks

5. Data Usage Purposes

Customer data may be used for:

  • Account creation and management

  • Transaction processing and verification

  • Customer identity verification (KYC/AML)

  • Preventing fraud and financial crime

  • Internal reporting and compliance

  • Improving banking services

  • Communication regarding customer accounts or support

The Bank does not sell customer data to third parties.

6. Data Storage & Security Measures

Investment Group Bank employs advanced security technologies and procedures including:

Encryption

  • End-to-end encryption of sensitive data

  • Encrypted servers and databases

  • SSL/TLS protection for all online communication

Access Controls

  • Role-based access permissions

  • Multi-factor authentication (MFA)

  • Strict monitoring of internal system access

Network & Infrastructure Security

  • Firewalls and intrusion detection/prevention systems

  • Regular vulnerability assessments

  • Secure cloud infrastructure compliant with industry standards

Data Backup & Recovery

  • Encrypted backups stored securely

  • Disaster recovery systems

  • Business continuity procedures

7. Sharing of Data

Data may be shared only when:

  • Required by law or regulatory authorities

  • Needed for transaction processing

  • Necessary for fraud prevention or AML/KYC compliance

  • Shared with trusted service providers under strict confidentiality agreements

Investment Group Bank does not share data for marketing purposes without explicit customer consent.

8. Customer Rights

Customers have the right to:

  • Access their personal data

  • Request corrections or updates

  • Request deletion of certain information (subject to legal retention obligations)

  • Withdraw consent where processing is based on consent

  • Request information about how their data is used

  • Lodge complaints regarding data handling

Requests can be made via [email protected].

9. Data Retention

Personal and financial information is retained:

  • Only as long as legally required for AML/KYC compliance

  • For the duration necessary to provide banking services

  • In accordance with financial, regulatory, and audit requirements

After the retention period, data is securely erased or anonymized.

10. Third-Party Service Providers

Where the Bank uses third-party providers (e.g., payment processors, cloud hosting providers), they must:

  • Meet strict data protection standards

  • Sign confidentiality and data-processing agreements

  • Undergo periodic security and compliance checks

The Bank remains fully responsible for all data processed on its behalf.

11. Data Breach Response

Investment Group Bank maintains a structured Data Breach Response Plan including:

  • Immediate isolation of affected systems

  • Investigation and incident assessment

  • Notification of affected customers when required

  • Reporting to regulatory authorities where applicable

  • Implementation of corrective measures

12. Employee Responsibilities

All employees must:

  • Follow internal data security guidelines

  • Handle customer information confidentially

  • Use Bank systems responsibly

  • Report suspected breaches immediately

Regular training is provided to maintain awareness and compliance.

13. Policy Updates

This policy may be updated periodically to reflect:

  • Changes in legal requirements

  • Evolving cybersecurity standards

  • Technological advancements

  • Updated internal procedures

Any significant updates will be posted on the Bank’s website.

14. Contact Information

For inquiries or data-related requests:

Email: [email protected]