PRIVACY POLICY
Unicomer (St. Kitts & Nevis) Limited and Redstart Investments San Cristobal Limited (collectively, “Unicomer St. Kitts”) are committed to respecting the privacy of our customers, third-party vendors, and all individuals who provide personal data to Unicomer St. Kitts. As part of our commitment to protecting your privacy and complying with our data protection obligations under the Data Protection Act, 2018 of St. Kitts and Nevis and other applicable laws, we have developed this Privacy Policy (the “Policy”) to outline to you how we protect the personal data you have provided to us.
This Policy applies to all personal data you may provide to us, and information that we collect from our customers, or any other person who may interact with us. It outlines:
- What data we might collect about you;
- How we might use that data;
- When we might use your details to contact you;
- What data of yours we might share with others; and
- Your rights in relation to the personal data you give us.
WHAT DOES THIS POLICY COVER?
This Policy covers all services or products offered by all brands within Unicomer St. Kitts, that is, Courts, Courts Ready Cash, and Courts Optical under which Unicomer St. Kitts conducts business within St. Kitts and Nevis. This policy applies to you when you are in St. Kitts and Nevis.
The companies identified within Unicomer St. Kitts are the users for the purposes of this Policy. This means that we are responsible for deciding how your personal data is used and ensuring that it is used in compliance with applicable data protection law. Sometimes, we may work with other companies to decide how your personal data is used. In those scenarios, we are joint users with these companies because we jointly determine the purposes and means of processing your personal data.
If you have any comments, queries, or questions about this Policy, feel free to contact us at dpo@unicomer.com.
1. PERSONAL DATA THAT WE PROCESS
We collect the following information from you, directly and through third parties. The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed:
- Personal Data: Name, driver’s license number, passport number, photo ID, taxpayer number, social security number, NIS, voter’s identification.
- Contact Details: Email address, telephone numbers, residential address, mailing address.
- Employment Information: Employment status, employer name and address, nature of self-employment, type of business, salary and benefits, employment history.
- Demographic Details: Date of birth, gender, age, nationality, marital status.
- Financial Information: Credit report, credit card statement, bank statement, income, expenses, PEP status, and other AML KYC data as required by law.
- Payment Information: Credit or debit card details, bank account information, to the extent that it identifies you.
- Background Check Information: Sanction list checks.
- Account Login Credentials: Username and password.
- Health Information: Medical history, health status, and outcomes of medical reports, family medical history.
- Electronic Communications Data: IP address, geographic location, operating system, and browser type, when you visit our sites or use our online services.
- Image: CCTV surveillance in our stores may capture your image and likeness on camera.
- Religious Beliefs: We may receive information about your religious beliefs specifically as it relates to your delivery preferences and timelines.
2. HOW YOUR PERSONAL DATA IS COLLECTED
We collect most of this personal data directly from you (in person), by telephone, letter, or email and/or via our website. However, we may also collect information:
- When you register and/or attend any of our events, webinars, or the conferences we host, sponsor, or are represented;
- From publicly accessible sources, e.g., government authorities or social media websites;
- Directly from a third party, e.g., sanctions screening providers, credit reference agencies, customer due diligence providers;
- From a third party, which may be with your consent or pursuant to a legal obligation, e.g., banks or building societies;
- Through our IT systems, e.g., automated monitoring of our websites and other technical systems, such as:
- Our computer networks and connections;
- CCTV and access control systems, including in our branch;
- Communications systems, such as call recordings, email, and instant messaging systems; and
- From cookies on our website – For more information on our use of cookies, please see Section 11 of this Policy.
3. ACCURACY OF YOUR INFORMATION
We rely on the availability of accurate personal information to provide services to you and operate our business. You should therefore notify us of any changes to your personal information, such as changes concerning your contact details or any other information that may affect the proper management and administration of the services we provide to you.
4. WHY DO WE PROCESS YOUR DATA
Under data protection law, we can only use your personal data if we have a valid purpose for doing so.
We may process your personal data for the following purposes:
- To provide you with retail of goods or our services.
- To deliver any goods to your designated location and verify your location.
- To enable our Contact Centre to initiate the resolution of any issues you may raise in the provision of our goods or services.
- To process any payments or refunds to you.
- To process and investigate any complaints or queries you may have about our goods or services.
- To process and enable any service request relating to any of our goods.
- To initiate any collections, debt recovery efforts, or litigation against any defaulting customer, as may be necessary.
- To assess your medical needs for the provision of prescription eyewear and other ophthalmic needs.
- To share information with a contracted optometrist to provide you with prescription eyewear.
- To assess your suitability for any credit facility or retail finance which you have requested.
- To collect information on behalf of our remittance partners.
- To carry out “Know Your Customer” due diligence checks, including data validation and verification, sanction checks, credit reference checks, and other customer acceptance, vetting, and risk management checks as required under anti-money laundering law.
- To capture your image and likeness through CCTV surveillance systems, which monitor and record activities at our properties to maintain a safe and secure environment for our employees, customers, and visitors to our properties.
We may also, with your consent, use your personal data to contact you about products, services, and special offers from us or our affiliates that may interest you. While we may process personal data with your consent, you have the right to withdraw consent to processing for specific purposes, as outlined below.
5. LAWFUL BASES FOR PROCESSING
We must have a valid reason to use your personal information. This is called the “lawful basis for processing.”
Consent: Where we process your personal data with consent, you may choose whether you wish to provide us with the information we request or not. You are free to choose to provide your information or not, and you may choose to withdraw your consent at any time. If you wish to withdraw your consent, please contact dpo@unicomer.com with your request. We will collect your consent through any forms or agreements you may sign with us.
Most times, we will ask for your consent to process your personal information. Other times, when you may reasonably expect us to use your personal data, we may do so without your consent. Where we do not obtain your consent, we will only use your personal information when we have one or more of the following lawful bases for processing:
- Performance of a Contract: Where the processing is necessary for the performance of our contract with you to provide you with products and/or services (e.g., cash and credit transactions, delivery of goods, open accounts, maintain account details, perform administrative tasks, and provide services to fulfill our obligations in the contract with you).
- Legitimate Interests: The collection and use of some aspects of your personal information may be necessary to enable us to pursue our legitimate commercial interests. Examples include:
- To improve suitable products and/or services;
- For CCTV surveillance on our properties;
- To prevent fraud;
- To ensure network and information security of our systems;
- To operate our business and manage and develop our relationship with you;
- For intra-group administrative transfers;
- To understand how you use our products, services, and websites and effect improvements.
- Administration of Justice: We may process your personal data to aid with the administration of justice. This may occur when we initiate any legal action against a defaulting customer or when we are legally required to provide information or allow access to law enforcement and other governmental authorities/agencies.
- Medical Purposes: For Courts Optical, we may process sensitive personal data through contracted health professionals to provide you with eye examinations and treatment and to offer you prescription eyewear.
- Legal Obligations: In some instances, we are required by law to collect and process certain personal information about you when you apply for a product or service and on an ongoing basis. For example, compliance with the Proceeds of Crime Act, where we are required to collect information about your identity (Know Your Customer). If we do not receive this information, it may not be possible for us to continue to operate your account or provide services to you.
6. WHEN DO WE SHARE YOUR DATA
There may be instances where we share your personal data with third parties. This includes:
- Companies within the Unicomer Group.
- Contractors we engage to help us run our business, e.g., marketing agencies, bailiffs, debt collection agencies, delivery drivers, technicians, or website hosts.
- Banks to help trace funds where you are a victim of suspected financial crime and you have agreed for us to do so, or where we suspect funds have entered your account because of a financial crime.
- Credit reference agencies, insurers, brokers, and other professional advisers.
- Regulatory bodies or government authorities or executive agencies, as may be necessary to record any security interest we may have, notify any pending insolvency or bankruptcy proceedings, or fulfill regulatory requirements.
- Fraud prevention agencies if false or inaccurate information is provided and/or fraud is identified or suspected.
- Law enforcement agencies and other organizations to report suspected crimes in accordance with anti-money laundering laws and regulations or as part of a criminal investigation.
- External auditors, where necessary for conducting company audits.
- Remittance partners to facilitate a remittance service.
- Additional authorized users on your account regarding indebtedness or account usage.
We may also disclose health information for the following purposes:
- For Treatment: Disclosed to doctors, nurses, technicians, or other personnel involved in your care.
- For Payment: To bill and collect payment from you, your insurance company, or a third party.
- For Health Care Operations: To ensure quality care for you and other patients.
7. INTERNATIONAL TRANSFER OF YOUR INFORMATION
We may transfer personal data that we collect from you to our third-party data processors, vendors, remittance partners, or hosting partners acting on our behalf located in countries outside of St. Kitts and Nevis or to other entities in our group of companies, such as El Salvador, where our headquarters are located, in connection with the purposes set out above.
We may transfer your personal data to data processors located in the Caribbean, USA, UK, the EU, or Canada. In particular, we may make such transfers to offer, administer, and manage the services provided to you, to improve the efficiency of our business operations, in keeping with your directives, and to comply with a legal duty to do so.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and we require them to have data processing agreements with us. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and established procedures.
If you would like further information, please contact our Data Protection Officer at dpo@unicomer.com.
8. HOW LONG WE KEEP YOUR DATA
We take the principles of data minimization and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.
We normally keep customer account records for up to five (5) years after your relationship ends, after which the information is securely destroyed. We may also keep your data for longer than five (5) years if we cannot delete it for legal and regulatory purposes, or as necessary to resolve disputes and enforce our agreements.
9. AUTOMATED DECISION MAKING
The information we have for you is made up of what you tell us, data we collect when you use our services, or from third parties we work with. When you apply for a loan or any other form of credit, we will need to assess your creditworthiness based on a number of factors. We may use an automated decision-making process for that decision.
We and other organizations acting to prevent fraud may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work or notice that an account is being used in a way that is unusual for you. Either of these could indicate a risk that fraud or money-laundering may be carried out against a customer, us, or the insurer.
In the above circumstances, we use various factors to make a decision in relation to you, which may include automation. However, this is not the sole basis of our decisions. In all cases, you have the right to have that decision explained to you and, if necessary, have the information corrected that made the decision.
10. RIGHTS YOU HAVE OVER YOUR DATA
We aim to maintain data that is accurate and up-to-date. Under the circumstances that your personal data changes (e.g., moving addresses), please notify us of any changes or updates to your data which may be required.
You have the legal right to the following:
- To be informed as to whether we process your personal data.
- To request all personal data we have collected about you, if any.
- To request rectification of any errors or omissions in the personal data we have collected about you.
- To object to the processing of your personal data for the purposes of direct marketing at any time.
- To prevent the processing of your personal data outside the scope of your consent.
- Assurance that no decisions having significant impact on you are processed by automated means only.
To exercise these rights, please contact us via email, mail, or phone as indicated below in the “Contact Information” section.
11. OUR USE OF TECHNOLOGY
While you are using any of our technology online or offline, we automatically process certain personal information, such as CCTV, foot traffic, visits to our websites, or mobile app. We use this information to find out which areas of our business, whether retail or websites, people visit most and to monitor our capacity to serve our traffic across the business. This helps us to add more value to our services.
CCTV at Unicomer St. Kitts Sites and Retail Stores
We use CCTV surveillance systems to monitor and record activities at our properties and premises (including our workplace and logistics and retail center premises). The main purpose of this is to maintain a safe and secure environment for our employees, customers, and visitors to our premises.
We also use the data collected from our CCTV surveillance systems to maintain or improve our properties, premises, and services. We may do this:
- For security and risk management, loss prevention, incident investigation purposes, and other purposes set out in this Policy, or as permitted by the law.
- By collecting and analyzing customer behavior.
- By monitoring patterns of foot traffic.
- By analyzing shopper demographics and browsing habits (data is aggregated anonymously, and we do not identify individuals for these uses).
We securely discard the data collected from our CCTV surveillance systems when it is no longer required for business or legal purposes.
12. CONTACT US
If you have any queries or complaints about privacy, please contact our Data Protection Officer at:
Email: dpo@unicomer.com
13. CHANGES TO THIS PRIVACY POLICY
Unicomer St. Kitts reserves the right to reasonably amend this Policy from time to time to ensure that it accurately reflects the way that we collect and use personal information about you. You are encouraged to regularly review this Policy to ensure that you understand how we collect and use your personal information and to see any changes that may have occurred.
This Privacy Policy was last updated on July 4, 2024.