The purpose of this Personal Data Protection Policy is to inform you about the processing of your personal data by BOAD, whether you are a project holder, a customer, a prospect, a candidate for a position within BOAD or an individual involved in a banking relationship such as a legal representative, a point of contact, an employee or a beneficiary.
Privacy policy
The West African Development Bank (hereinafter "WADB") is the joint development finance institution of the countries of the West African Monetary Union (WAMU). Its mission is to promote the balanced development of its member states and contribute to the economic integration of West Africa.
GLOSSARY
Personal data
Any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, e-mail address, etc., is treated as confidential.
Applicable regulations
Corpus of rules relating to the protection of personal data applicable to BOAD as indirect manager of European Union funds, namely :
- European General Regulation n°2016/679 of April 25, 2016 on the protection of personal data and their free movement in the European Union (known as « RGPD »);
- European Regulation n°2018/1725 of October 23, 2018, on the protection of individuals with regard to the processing of personal data by the institutions, bodies, offices and agencies of the Union and on the free movement of such data ;
- Law n°2019-014 on the protection of personal data in Togo, dated October 29, 2019.
Data controller
Person, public authority, company or organization that determines the purposes and means of personal data processing.
Treatment
Any operation on Personal Data such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, deletion or destruction.
DATA CONTROLLER
The Data Controller is the Banque Ouest Africaine de Développement, created by the Agreement dated November 14, 1973, located at 68, Avenue de la Libération, BP 1172 Lomé, Togolese Republic (hereinafter, « BOAD »).
PERSONAL DATA
- What personal data is collected?
In the course of its relations with you, BOAD may collect various categories of Personal Data, such as :
-
- identification data (e.g. surname, first name, date of birth, contact details, identity document);
- data relating to your project;
- data relating to your professional life ;
- economic and financial data about you or your company (e.g. tax and asset situation, project financial appendix, projected income statement, financing);
- banking data (e.g. bank identifiers and details, account history and details, guarantees, credits).
- How is your personal data collected?
Your Personal Data may be collected by BOAD directly from you via forms or when communicating your information by email or post and/or via other sources, including :
-
- our commercial and banking partners ;
- third parties such as commercial intelligence agencies, anti-fraud, anti-money laundering, anti-terrorist financing and anti-corruption agencies, in compliance with data protection regulations.
Personal Data concerning you may also be generated or calculated by BOAD during the analysis of a financing application (calculation of a score as part of the evaluation of your file, determination of credit risk or fraud risk, etc.).
LEGAL BASIS AND PURPOSES OF PROCESSING
BOAD processes your Personal Data for the purposes and on the legal bases specified below:
PROCESSING PURPOSES | SUB-FINALITIES | LEGAL BASES |
Financing applications: study of applications, management of applications, financing follow-up | – Filing applications – Requesting information by email or post – Entering into banking relations and maintaining accounts – Managing and monitoring customer relations – Signing contractual documents – Granting and managing loans – Issuing bank guarantees – Monitoring financing files – Managing operations and special requests, validating any instruction or transaction requested or authorized as the legal representative of the company you represent – Managing unpaid invoices – Any exchange and communication with customers and prospects. | – Performance of pre-contractual measures or of a contract concluded at your request – Legitimate interests in processing requests for information – Your consent sought prior to the implementation of the processing. |
Administrative management of files | – Administrative management of application dossiers – Examination of dossiers – Selection of projects | – Legitimate interests in evaluating funding applications and projects – Performance of pre-contractual measures or of a contract concluded at your request |
Risk management and crime prevention/detection | – Knowledge of the customer and/or, where applicable, the guarantor(s) or other parties involved in the banking relationship – Examination of files – Project selection | Legitimate interests in assessing the risks associated with financing applications |
Compliance with our legal and regulatory obligations as a banking institution | – Preventing fraud and corruption – Combating money laundering and the financing of terrorism – Exchanging tax-related information with the tax authorities – Maintaining regulatory files (Ficher central des chèques, Fichier national des incidents de crédit, etc.). | Meeting our legal and regulatory obligations |
Management of recruitment applications | – Managing and processing applications – Managing and monitoring recruitment – Organizing recruitment interviews – Signing employment contracts | – Your consent requested prior to the implementation of the processing – Legitimate interest relating to the recruitment of employees |
Studies and communications | – Prospecting and sales promotion (communication campaigns, events, etc.) – Sending newsletters – Information on products and services that may be of interest to you or the company you represent | Your consent, obtained prior to processing |
Other | – Management of claims or disputes – Management of physical access – Management of requests to exercise rights – Defense of our legal rights and interests (e.g. collection of sums due, assignment of receivables) | – Compliance with our legal and regulatory obligations – Legitimate interests in defending our legal rights |
Your Personal Data may only be shared under the conditions provided for by the law and regulations applicable to BOAD as an international banking organization or with your specific consent.
In this context, the following may receive your Personal Data, depending on the purposes for which it is to be used, and within the limits of their respective responsibilities:
- other BOAD entities, in particular in the context of operational risk prevention (risk assessment, security and prevention of non-payment and the fight against fraud, money laundering and the financing of terrorism);
- Service providers and subcontractors performing services on behalf of BOAD;
- banking partners ;
- Mediators, court officers and public officials, as part of their debt collection duties;
- administrative, financial and judicial authorities, state agencies and public bodies, at their request and within the limits permitted by law;
- certain regulated professions such as lawyers, notaries and auditors.
RETENTION PERIODS FOR PERSONAL DATA
BOAD keeps Personal Data only for as long as necessary:
- the fulfilment of the purposes of their processing and
- compliance with its legal and regulatory obligations, and the preservation of evidence in contractual matters until such time as the rights of the parties or third parties concerned are extinguished.
- By way of illustration, BOAD’s main retention periods for Personal Data are as follows:
Shelf life
DATA | SHELF LIFE |
Corporate name and contact details of a legal entity applying for financing | – 5 years for customer and partner data if the project is not financed, and – up to 5 years after repayment for financing files. |
Documents and information on customer transactions | Up to 5 years from completion of the operation. |
Accounting information (books and registers) | 10 years from the end of the financial year. |
Some projects may require BOAD to make international transfers. In the event that your Personal Data is transferred to, hosted by or accessed from a country outside the location of its registered office, where data protection legislation is not equivalent to that imposed by the applicable Regulations, such transfers will be subject to appropriate security and control measures, in compliance with the rules laid down by the applicable Regulations.
BOAD has taken the necessary physical, technical and organizational measures to ensure the security, integrity, availability and confidentiality of Personal Data, in particular in order to protect Personal Data against destruction, loss, theft, accidental destruction, alteration or unauthorized access.
YOUR RIGHTS AND HOW TO EXERCISE THEM
In accordance with the applicable regulations, you have the following rights, as applicable:
- Right of access: you may obtain information concerning the processing of your Personal Data as well as a copy of such data;
- Right of rectification: if you believe that your Personal Data is inaccurate or incomplete, you may request that it be amended accordingly;
- Right to deletion: you may request the deletion of your Personal Data, within the limits of what is provided for by the Regulations;
- Right to the limitation of processing: you may request the limitation of the processing of your Personal Data under the conditions provided for by the Regulation;
- Right to withdraw your consent: if you have given your consent to the processing of your Personal Data, you have the right to withdraw that consent at any time;
- Right to portability: where this right is applicable, you may request the communication of the Personal Data you have provided to us or, where technically possible, the transfer of such data to a third party;
- Right to object to processing: you may object to the processing of your Personal Data on grounds relating to your particular situation, where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. You also have the right to object at any time to your Personal Data being used for commercial prospecting purposes, or for profiling purposes if such profiling is linked to commercial prospecting.
These rights may be exercised by contacting the Personal Data Protection Officer (or DPO) appointed by BOAD by email: dpo@boad.org or by sending a letter to the Banque Ouest Africaine de Développement, Département Conformité et Règlementation, 68, Avenue de la Libération, BP 1172 Lomé, République Togolaise.
You may be refused the exercise of any of these rights if your request does not meet the conditions laid down in the applicable regulations. In this case, you will be duly informed.
Finally, you have the right to lodge a complaint with the competent supervisory authority.
POLICY UPDATE
This Policy may be amended and updated from time to time to reflect changes in practice, or in accordance with legislative or regulatory developments.
We invite you to refer to them regularly on our website.