Continental Capital Bank

Privacy Policy

Continental Capital Bank Ltd.

Effective Date: 2026-03-10

1. Introduction

Continental Capital Bank Ltd. ("CC Bank", "the Bank", "we", "our", or "us") respects the privacy and confidentiality of personal data.

This Privacy Policy explains how we collect, process, store, and protect personal information when individuals interact with the Bank through:

  • our website www.cc-bank.com
  • mobile or web-based applications
  • customer onboarding procedures
  • identity verification processes
  • customer support communications

The Bank processes personal data in accordance with applicable financial regulations, including anti-money laundering (AML) and know-your-customer (KYC) obligations.

By using our services or accessing our website, you acknowledge the practices described in this Privacy Policy.

2. Information We Collect

The Bank may collect the following types of information depending on the nature of the interaction.

Personal Identification Information

This may include:

  • Full legal name
  • Date of birth
  • Nationality
  • Residential address
  • Government-issued identification documents
  • Photographs or biometric verification data used for identity verification

Contact Information

  • Email address
  • Telephone number
  • Mailing address

Financial and Account Information

Where applicable, the Bank may process information relating to:

  • account activity
  • payment transactions
  • card transactions
  • customer account identifiers

Technical Information

When individuals access our website or digital services, certain technical information may be collected automatically, including:

  • IP address
  • browser type
  • device type
  • operating system
  • website pages visited
  • access times

This information helps maintain system security and improve service performance.

3. Purpose of Data Processing

Personal data may be processed for the following purposes:

  • verifying customer identity
  • complying with AML and KYC regulations
  • preventing fraud and financial crime
  • providing banking and payment services
  • administering customer accounts
  • responding to customer inquiries
  • maintaining system security
  • complying with legal and regulatory obligations

The Bank processes personal data only where necessary for legitimate business or regulatory purposes.

4. Identity Verification and KYC

To comply with regulatory requirements, the Bank performs identity verification during customer onboarding.

Identity verification may be conducted through specialized third-party providers including:

Sumsub (Sum & Substance Ltd.)

These providers assist with:

  • identity document verification
  • biometric verification and liveness detection
  • sanctions and politically exposed person (PEP) screening
  • fraud and identity risk detection

Personal data required for identity verification may be transmitted to these providers through secure encrypted application programming interfaces (APIs).

These providers process personal data solely for identity verification and regulatory compliance purposes.

5. Sharing of Information

The Bank may share personal information with trusted third parties where necessary to provide services or comply with legal obligations.

These parties may include:

  • identity verification providers (e.g., Sumsub)
  • payment processing partners
  • card program managers and issuing banks
  • fraud monitoring and risk management providers
  • regulatory authorities and law enforcement agencies when legally required

The Bank does not sell personal data to third parties.

Third-party service providers are required to process personal information only for authorized purposes and in accordance with applicable confidentiality and security standards.

6. Technical Data and Cookies

When you access our platform, we automatically collect certain technical information (e.g., IP address, device type, operating system).

We use essential and functional cookies to ensure the security and performance of our services. These cookies are strictly necessary for features such as:

  • Security & Authentication: To maintain your secure session and protect your account from unauthorized access.
  • Identity Verification: To support fraud prevention measures during the mandatory onboarding and verification process.
  • Service Functionality: To ensure the proper operation of card management and payment features.

By using our platform, you consent to the use of these technical cookies. You can manage cookie settings in your browser, though disabling them may limit the availability of certain services.

7. Card Program and Payment Data Processing

The Bank may provide prefunded debit or payment card services to customers through licensed card program partners and payment network providers.

In connection with such services, certain transaction and account-related information may be processed by authorized partners responsible for the card issuing and transaction processing infrastructure.

These partners may include:

  • card program managers
  • payment processors
  • issuing banks
  • card networks such as Visa or Mastercard

Such partners process personal data solely for the purpose of enabling card transactions, settlement, fraud monitoring, dispute resolution, and regulatory compliance.

The Bank does not store sensitive authentication data associated with payment cards unless required for operational or regulatory purposes.

8. Fraud Prevention and Card Network Compliance

To protect customers and comply with payment network requirements, transaction data related to card usage may be monitored for fraud detection and risk management purposes.

Card transaction information may be shared with authorized payment processors, card networks, and issuing partners in order to:

  • detect and prevent fraudulent activity
  • process chargebacks and transaction disputes
  • comply with payment network rules and regulatory requirements

Such monitoring is conducted in accordance with applicable financial regulations and security standards.

9. International Data Transfers

Because the Bank operates internationally and works with service providers located in multiple jurisdictions, personal data may be transferred across borders.

Such transfers occur only where necessary to provide services or comply with legal obligations and are subject to appropriate safeguards designed to protect personal data.

10. Data Retention

The Bank retains personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal and regulatory requirements.

Customer identification records and transaction data are typically retained for a minimum of seven (7) years following termination of the business relationship or as otherwise required by applicable AML regulations.

11. Data Security

The Bank implements appropriate technical and organizational security measures designed to protect personal data against:

  • unauthorized access
  • loss or destruction
  • misuse
  • unauthorized disclosure

Security measures may include encryption, restricted access controls, monitoring systems, and secure infrastructure.

12. Security of Data Transmission

Personal data transmitted between the Bank and its authorized service providers is protected through secure communication channels.

This may include encrypted APIs, secure authentication systems, and transport layer security (TLS) protocols.

Access to systems processing personal data is restricted to authorized personnel and monitored for security and compliance purposes.

13. Cookies and Website Usage

The Bank's website may use cookies and similar technologies to improve user experience and analyze website traffic.

Cookies may be used to:

  • remember user preferences
  • analyze website performance
  • improve website functionality

Users may disable cookies through browser settings; however, some website features may not function properly if cookies are disabled.

14. Third-Party Websites

The Bank's website may contain links to third-party websites.

The Bank is not responsible for the privacy practices of external websites and encourages users to review the privacy policies of those websites.

15. Children's Privacy

The Bank's services are not intended for individuals under the age of eighteen (18).

The Bank does not knowingly collect personal information from minors.

16. Changes to This Privacy Policy

The Bank may update this Privacy Policy periodically to reflect changes in services, regulatory requirements, or internal procedures.

The latest version will always be available on the Bank's website.

17. Contact Information

For questions regarding this Privacy Policy or the processing of personal data, please contact:

Continental Capital Bank Ltd.

40 Kennedy Ave.
Roseau
Commonwealth of Dominica

Email: privacy@cc-bank.com