Skip to main content
Entire section Custom print Text Only Rich Text Print

6.1.3 Expressed Consent by Consumers

C 8/2020 STA Effective from 25/12/2020
  1. 6.1.3.1Licensed Financial Institutions must ensure Personal Data is:
    1. a.Collected for a lawful purpose directly related to the Licensed Financial Activities of the Licensed Financial Institution;
    2. b.Adequate and not excessive in relation to the stated purpose; and
    3. c.Collected with appropriate security and protection measures against unauthorized or unlawful processing and accidental loss, destruction, or damage.
  2. 6.1.3.2Before requesting the consent of a Consumer to share Personal Data, the Licensed Financial Institution must proactively disclose in Writing to a Consumer its intent to use and/or share Personal Data and with whom the Consumer’s Personal Data will be shared.
  3. 6.1.3.3The Consumer must give his/her expressed consent freely and explicitly to a request for the use and/or sharing of Personal Data by the Licensed Financial Institution. The request for consent must be expressed in clear and plain language and inform the Consumer of his/ her right to refuse to provide expressed consent.
  4. 6.1.3.4Licensed Financial Institutions must obtain informed and expressed consent before using and sharing a Consumer’s Personal Data for direct marketing or transferring the Personal Data to Authorized Agents for direct marketing. A copy of the expressed consent must be retained for 5 years after the relationship with the Consumer has terminated.
  5. 6.1.3.5The Consumer shall have the right to withdraw expressed consent for the following at any time:
    1. a.The processing of Personal Data by the Licensed Financial Institution except where Persona Data is required for business operations related to the Consumer’s Products and Services; and
    2. b.Personal Data sharing with Authorized Agents and other third parties for purposes such as but not limited to sales and marketing.
  6. 6.1.3.6Prior to a Consumer entering any contract with a Licensed Financial Institution, the Licensed Financial Institution must provide the following disclosures to the Consumer:
    1. a.That Licensed Financial Institutions will only collect Data / Personal Data for a lawful purpose directly related to a function or activity of the Consumer;
    2. b.Whether the collection is obligatory or voluntary for the Consumer to provide the Data / Personal Data;
    3. c.Where it is obligatory for the Consumer to provide the Data / Personal Data, the consequences for the Consumer for failing to provide the Data / Personal Data as required;
    4. d.A future withdrawal of expressed consent by a Consumer shall not affect the lawfulness of Data processing based on the prior expressed consent. Unless specified otherwise, the withdrawal must take effect within complete 30 calendar days of the Consumer requesting the withdrawal with the Licensed Financial Institution;
    5. e.When Data / Personal Data of the Consumer is being processed by or on behalf of the Licensed Financial Institution, provide a description of the Data / Personal Data being processed;
    6. f.When other external information on the Consumer is collected by the Licensed Financial Institution and the source of that Data / Personal Data;
    7. g.The Consumer’s right and means to request access to and to request correction of the Data / Personal Data and how to contact the Licensed Financial Institution with any inquiries or Complaints in respect of the Data / Personal Data; and
    8. h.The choices and means the Licensed Financial Institution offers the Consumer for limiting the processing of Data / Personal Data.