CCB Privacy Policy

Privacy Policy (CCB)

Effective Date: March 15, 2025

Contents

1.     Introduction and Scope ​ ​ ​ ​ ​ ​ ​ ​

2.    Privacy Overview ​ ​ ​ ​ ​ ​ ​

3.    Scope and Terminology

4.    Objectives Relating to Processing Personal Data

5.    Legal Basis for Processing

6.    Sources of the Data We Collect in the Credit Registry

7.    Information We Securely Store in our Systems ​ ​ ​ ​

8.    Retention of Data ​ ​ ​ ​ ​ ​ ​ ​ ​

10.   Sharing Your Information

11.    International Data Transfers

12.   Your Rights

13.   Security Measures

14.   Data Breach Notification

15.   Accountability Measures (Compliance)

16.   Data Protection Impact Assessments (DPIAs)

17.   Automated Decision-Making and AI Ethics

18.   Using our Website

19.   General Information

1.    Introduction and Scope

At Caribbean Credit Bureau (CCB, we, us, our) protecting the privacy of individuals is our top priority. This Privacy Policy explains how we collect, use, share, and safeguard your personal data in compliance with the local privacy regulations in the jurisdictions in which we provide our services as well as observing the General Data Protection Regulation (GDPR).

This policy applies to personal data collected through our members, websites, applications, services, offline interactions, and trusted third-party sources.

On our website a Plain Language Simplified Summary of this Privacy Policy is made available.  We are furthermore committed to making this Privacy Policy accessible to everyone, including those with disabilities. If you need a different format (e.g., audio, or large print), please let us know at dpo@caribbeancreditbureau.com and we will make reasonable efforts to provide a suitable version promptly.

CCB generally acts as the Data Controller for any personal data it collects directly from consumers (e.g., when individuals request their credit report). When processing data received from our Members, CCB typically also acts as a Data Controller, given the fact that we decide how and why the data is processed in our registry.  In some instances, where we process personal data solely on behalf of and under the instructions of our Members, CCB may act as a Data Processor. In such cases, we rely on contractual agreements to define the purposes and methods of processing.

We value your feedback on this policy and use it to improve our privacy practices. Contact our Data Processing Officer for suggestions, questions, or concerns at dpo@caribbeancreditbureau.com.

For a summary of key points, refer to the Privacy Overview below.

2.    Privacy Overview

This summary provides an overview of our privacy practices:

-          What We Collect:

o    Personal (full name, date of birth, address, ID Number)

o    Credit related (type, amount, outstanding, arrears)

o    Website/application related (Technical cookies, data necessary for providing services, maintaining security, and complying with legal obligations)

-          Your Rights:

o    Access to your data

o    Correction of errors

o    Right to object, whereby objections can be escalated to a dispute committee (‘geschillencommissie’)

-          Our principles:

o    Data is only used for intended and disclosed purposes and is not re-sold

o    Data minimization

o    Data retention that is appropriate and balances interests

o    Data sharing is subject to a reciprocity principle.

o    All access to credit files is logged in case needed for investigative purposes.

o    We may share information with a selected number of respected international credit bureaus adhering to the same level of security and privacy principles, but only to the extent that such international credit bureau also provides valuable information to the Members of CCB.

-          Artificial Intelligence (AI) that may be Used:

o    To support fraud detection

o    To improve efficiencies

-          We Protect Data with Advanced Safeguards like:

o    Encryption

o    Advanced role-based access controls (RBAC)

o    Regular reviews and audits ensure your data remains secure

-          International Transfers:

o    Data is transferred securely using legally approved safeguards, with additional protection where required

For more details, continue reading below.

3.    Scope and Terminology

​
​CCB:    ​ ​All or one of the following entities in the following jurisdictions:
​ ​ ​ ​   Curaçao: ​ ​ ​ ​Caribbean Credit Bureau N.V.
​ ​ ​​   Netherlands Caribbean:  ​ ​Caribbean Credit Bureau Bonaire N.V.
​ ​ ​ ​   Sint Maarten:  ​ ​ ​ ​Caribbean Credit Bureau Sint Maarten N.V.

Local Privacy
Laws:                     The local privacy laws are the following privacy laws that are in effect in the jurisdictions in which CCB operates:

Members:            Institutions that extend credit to consumers and that have entered into a membership agreement, code of conduct 
​ ​ ​ ​and general rules with (one of the) CCB entities listed above.

4.    Objectives Relating to Processing Personal Data.

We process data for specific clearly described objectives.

a. To provide credit issuing institutions with relevant information to mitigate their risk of losses, thereby strengthening the financial infrastructure in the jurisdictions in which we operate.

b. To provide total credit exposure of individuals, possibly reflected in a credit score, to prevent over crediting by credit issuing institutions and to prevent over-indebtedness of individuals preventing credit repayment problems

c. To provide credit issuing institutions with information about other credit related behavior of consumers such as fraudulent behavior, debt restructuring programs or bankruptcies.

d. To give individuals a copy of their own credit report information of credit behavior, to provide them with a current copy of the report as it is being shared with Members.

e. Personal data is shared with Members, selected respected international credit bureaus, and with any individual requesting to see their personal credit report.

f. To contribute to sound financial infrastructures and promote access to finance and credit.

5.    Legal Basis for Processing

a.       Compliance with laws, regulations and best practices

To the extent specific credit registration laws and regulations exist in the jurisdictions in which we operate, we shall strictly and fully adhere to such laws and regulations.  In the absence of credit registration laws and regulations, we shall comply with the applicable privacy laws and adhere to international best practices for credit bureaus that are most appropriate for the specific jurisdiction(s).

We rely on one or more of the following legal bases:

-        Contractually Informed Consent – for example, when the consumer has entered into contracts that include (or where contracts are subject to general terms and conditions that include) language about their data being processed with a credit bureau.

-        Explicit Consent – for example where a consumer gives explicit consent to the use of our digital application when requesting a personal copy of their credit rapport, or when approving an assessment to be conducted by a partner of CCB.

-        Contractual or Authoritative Necessity – for instance, data processed to facilitate agreements between our Members and their customers, or when authorities desire or require certain information to be processed.

-        Legal or Regulatory Obligation – to comply with credit registration laws or regulatory requirements, where applicable.

-        Legitimate Interests – in absence of any of the above legal bases, to further our core activities like promoting responsible lending, promoting financial inclusion, maintaining financial stability, and performing fraud detection, we process data on the basis of legitimate interest, provided such interests do not override fundamental rights and freedoms.

We have conducted Legitimate Interests Assessments (LIAs) ensuring that our data processing is proportionate, and that individuals’ privacy rights are respected.

b. Legitimate Business Interests

We process personal information based on careful consideration of our legitimate business interests and the fundamental rights and freedoms of privacy to which data subjects are entitled. Our legitimate interests are:

Promoting financial inclusion, stability and responsible lending through:

-        Verified and objective credit behavior compilation

-        Enhancing access to credit for everyone

-        Providing lenders with information for the prevention of over-crediting

-        Assisting lenders to make default risk assessments

We have determined these interests are legitimate because:

-        They serve a clear economic, community and social benefit

-        They are proportionate to the privacy impact

-        Only necessary data points are used

-        They are less intrusive and more transparent than alternative methods

-        The sharing of credit data is only for specific purposes within a closed group of Members

-        The access to private data is highly limited

-        The data is not used for any other purpose, nor is it sold to third parties

-        We employ high security measures to secure the data

c. Contractual Framework

While our primary contractual relationships are with financial institutions (our Members), our processing activities are:

-        Always designed with the privacy of individuals in mind

-        Limited to data elements strictly necessary for credit assessment

-        Directly linked to the fulfillment of specific, documented purposes

-        Structured to minimize impact on data subject privacy

We maintain clear documentation demonstrating why each category of personal data we collect is necessary for:

-        Verification of credit history

-        Assessment of creditworthiness

-        Maintenance of accurate records

d. Contractual and Explicit Consent

The personal data we process is provided to us by our Members under strict contractual conditions. 

The basis of the clients providing their customer’s data to us is based on their rights to do so based on their terms and conditions and/or lending agreements.

As such, the personal and credit data we receive from our Members is:

-        Collected from the consumers based on the relationship between the Members and the consumers

-        Is entrusted to us by the Members for specified processing purposes

-        Is limited to information required for such processing

For our services where the consumers provide data to us directly (for example when they request a copy of their own credit report or request to conduct a behavioral assessment), we collect such data on the basis of their consent, where we ensure that such consent is:

-        Necessary:        ​ ​No information will be collected that is not needed

-        Freely given:   ​ ​No negative consequences for refusing consent

-        Specific:          ​ ​Separate consent for distinct processing operations

-        Informed:       ​ ​Clear explanation of processing purposes

-        Unambiguous: ​ ​Requiring clear affirmative action

-        Clearly documented by a checkbox or similar prior to signature by the consumer

e. Processing of personal information

Our processing activities consist of the following:

-        Storage of personal information for identification purposes

-        Storage of credit information

-        Linking credits provided by various members to a combined credit file set belonging to the consumer

-        Calculating the days in arrears for each credit

-        Producing Credit Scores (indicating the credits that are outstanding) and Default scores (indicating the credits that have gone in an overdue (“Default”) status.

-        The extent that a repayment arrangement has been made or if the default has been resolved

-        Compiling the above information into a digital credit report

-        Reporting the information on an aggregated, anonymous basis for statistical analysis and publication.

f. Proportionality and Necessity for processing consideration

For each processing activity, we maintain documentation of:

-        Why the processing is necessary

-        How it is proportionate to its purpose

-        What alternatives were considered

-        Why chosen methods are least intrusive

-        How data minimization is achieved

g. Regular Reviews

We conduct periodic reviews of:

-        Balancing tests for legitimate interests

-        Necessity assessments

-        Processing purposes

-        Data minimization measures

-        Effectiveness of controls

h. Documentation and Accountability

We commit ourselves to maintain detailed records demonstrating:

-        How each legal basis was determined

-        Regular reviews and updates

-        Impact assessments where required

-        Stakeholder consultations

-        Mitigation measures implemented

 Paragraphs a to h above form the legal basis of our processing of personal data.

6.    Sources of the Data We Collect in the Credit Registry

Data stored by CCB can be obtained as follows:

a. From the data subject (being the consumer), or from a member who has obtained explicit authorization from the data subject, or where the authority of the member to submit the data to CCB can reasonably be implied.

b. From members who have a business or financial relationship with the data subject that is relevant to the objectives of CCB provided that the use of the data complies with those objectives.

c. From other information suppliers with whom CCB has entered into a formal relationship and who obtain and disclose their data legitimately in accordance with the laws prevailing in their jurisdictions.

d. Other public sources, provided that the data is collected legitimately and is relevant to CCB’s objective and only used by CCB in line with those objectives.

7.    Information We Securely Store in our Systems

Types of information that can be stored.

Personal Data stored in CCB’s Online Registry as provided by Members

1.      The full name and the initials of the Consumer, the Consumers address(es) known to the various Members

2.      The types of the credits that are outstanding, the account number, the original amount and the recent balances outstanding on the credit

3.      The credits that are in default and the status of the default

4.      Disputes expressed by Customers to the Member are to be registered in the system

5.      Annotations provided by the Member provided the information factual and can be supported by the Member on request of the Consumer

6.      Annotations provided by the Consumer provided the information factual and can be supported by the Consumer

7.      Scores containing factual information

8.      Scores and data based on assessments processed

Credits that are stored in the system:

 The following types of credits are stored in the system:

Credits for which positive and negative information is registered:

1.      Mortgages

2.      Car loans

3.      Personal loans

4.      Overdrafts

5.      Credit cards

6.      Business Loan (this is for sole proprietorships only)

7.      Credit that originated from the sale of goods or services (retail credit)

8.      Other credits

9.      Guarantees that were not (fully) honored when called for payment by a Member.

The members (data owners) are responsible that the data that is submitted to CCB is accurate and correct. CCB will do certain logical checks but as CCB does not have access to the data of the Members, CCB cannot verify the completeness nor accuracy of the data.

CCB does not store any of the following types of data:

1.      Any data regarding religion, race, political orientation, health, sexual preference, nor any membership data.

2.      Information relating to a criminal nature, with the exception to those directly relating to the objectives of CCB, such as financial fraud, identity theft, and similar. In case of doubt, CCB will present the issue to the relevant Data Protection Authority.

8.    Retention of Data

We determine our retention periods based on:

-        Statutory or Regulatory Requirements – local laws, regulatory mandates, international best practices, or supervisory authority guidelines.

-        Business Needs – ensuring records remain available for financial risk assessments, credit decisions, or fraud prevention.

-        Data Minimization Principles – once the retention period expires, personal data is securely deleted or anonymized.

 Here is an overview of our retention periods.

 * Note that the number of checks performed on the individual relating to credit requests are shown for 2 years only.

At the end of retention periods, data is securely deleted or anonymized.

 If a dispute is ongoing or there is a legal obligation to retain specific records, we will keep the relevant information until the issue is resolved or until the legal requirement expires.

9.    How We Use Your Information

Data collected for storage in the credit registry is shared in a responsible manner with Members for purposes described above.

Besides storing data in the registry, we may collect certain data that we may use your data for the following purposes:

-          Delivering, personalizing, and improving our services.

-          Ensuring compliance with legal and regulatory requirements.

-          Preventing fraudulent activity and improving security.

-          Communicating updates, promotions, newsletters or relevant content.

Artificial Intelligence (AI) Use and Oversight:

Our systems may use AI technology.  Such technology may be used by us to assist in fraud detection, recommending content, and optimizing service delivery. Decisions that significantly affect your rights are always reviewed by qualified personnel. AI systems are regularly scrutinized for fairness, accuracy, and cultural sensitivity, with annual reviews or when significant updates are introduced. For example, we’ve implemented adjustments to prevent geographic biases in content recommendations and partnered with external auditors to assess language-model accuracy for non-English-speaking regions.

If you believe an automated decision has significantly impacted on your rights, you may request a review by contacting our DPO.

10.          Sharing Your Information

We share your data only when necessary and under strict safeguards:

-          Service Providers: For payment processing, IT support, anonymized analytics, and other essential services.

-          Legal Authorities: To comply with legal obligations or regulatory requirements.

-          Business Transfers: In the event of mergers, acquisitions, or sales, under strict confidentiality agreements.

You may request additional information about the third parties involved in data processing.

Categories of Third-Party Recipients

-        Credit Bureaus: For reciprocal exchange of relevant credit information, under strict data-sharing agreements.

-        Cloud/IT Service Providers: Offering secure data storage or processing capabilities, bound by confidentiality and secure processing.

-        Analytics/Consulting Firms: Assisting with risk assessments or credit scoring enhancements, only with anonymized or de-identified data where feasible.

All third parties are subject to contracts ensuring compliance with applicable privacy and data security standards. We do not permit any third parties to use your data for their own marketing or other purposes without your consent.

11.          International Data Transfers

When transferring personal data outside of the jurisdiction in which it was originally collected, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission (where the GDPR applies) or equivalent safeguard mechanisms. We also implement technical and organizational measures such as encryption and pseudonymization to protect your data.

If you would like to obtain a copy of the SCCs or learn more about the measures we have in place, please contact our DPO. Where explicit consent is needed under local law, we will notify you and request your authorization prior to any such transfer.

12.          Your Rights

You have the right to:

-          Access your data and request a copy of your data and credit report

-          Correct inaccurate or incomplete information.

-          Delete your data unless retention is legally required.

-          Restrict or object to data processing.

-          Request your data in a machine-readable format for portability.

-          Withdraw consent for optional data processing, by sending an email to the Data Protection Officer.

Additional GDPR-Specific Rights (for EU/EEA Residents)

If you reside in jurisdictions where GDPR applies, you may also have the following rights, subject to certain limitations:

-        Right to Erasure (Right to be Forgotten) – to request the deletion of your personal data when it is no longer necessary for the purposes for which it was originally collected, or if you have validly objected to processing.

-        Right to Restrict Processing – to request that we limit the use of your data under certain circumstances (e.g., while we address a dispute about its accuracy).

-        Right to Data Portability – to receive your personal data in a structured, commonly used and machine-readable format, and to request that we transmit it to another controller where technically feasible.

-        Right not to be Subject to Automated Decision-Making – to object to decisions based solely on automated processing (including profiling) if such decisions produce legal or similarly significant effects on you.

Access to own Data and Right to Request for Correction

We allow users the right to access their personal credit report. Everyone is entitled to one free credit report per year.  A fee will be charged for providing more than one credit report. This applies to requests for own credit reports made by individuals via our members, the international credit bureaus with whom we have a data exchange contract, and at CCB office.

If you believe that the personal data stored by CCB is not (no longer) correct or complete, you can request the member who has supplied the data to update or correct your personal data. If necessary, we will intermediate with the member that is requested to make such adjustments, but it is the member who has to make the correction.

Lodging a Complaint

If you feel your privacy has been compromised or you have concerns about the way we secure the data we manage, please use the electronic Complaint / Dispute Form on our website to raise your concern with us.  You can also e-mail or call management or the Data Privacy Officer.

If you believe we have not satisfactorily addressed your privacy concerns or if your complaint directed to us remains unresolved, you have the right to lodge a complaint with your local Data Protection Authority in your jurisdiction.

-        Caribbean Netherlands: Kaya Industria 15-E, Kralendijk, Bonaire. +5997159114 info@cbpbes.com Website: www.cpbbes.com

-        Other local jurisdictions: For details on your local authority, please refer to the official government website of your jurisdiction or contact our DPO for assistance.

-        European Union/EEA: A list of EU Data Protection Authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

13.          Security Measures

CCB is committed to ensure protection of its information systems and data and has implemented generally accepted good practices for information security management and governance. These good practices include defined roles and responsibilities for information security; a regular information security risk analysis; policies, standards and procedures to mitigate risks; and independent review. The security measures and policies are reviewed and updated at least annually.

We endeavor to have procedures in place to ensure that our systems and services use up-to-date security measures and technologies.

Specific Measures to Ensure Data Security

Specific measures to protect the data of individuals include, but are not limited to, the following:

1.      The personal credit reports that individuals can request about themselves can only be produced by a limited number of CCB personnel.

2.      Other than printing the report mentioned above, no access to the data is possible by any CCB employee, management ICT officers, programmers nor advisors.

3.      Personal Data is stored securely after being encrypted using AES 256 asymmetrical encryption. The encryption key is stored by and only known to an independent custodian, who does not have access to the CCB system.

4.      Access to the system is based on two-factor authentication: a password and a security code.

5.      Secure Sockets Layer (SSL) technology is employed to exchange sensitive information between the CCB system and its users. SSL encrypts data and is one of the safest methods of passing information over the Internet.

6.      Data is mirrored to prevent accidental loss.

7.      Reports can only be requested on a single call basis. Batch requests are not provided for.

  As users enter the payment information, it is captured on a page that uses the SSL protocol by default. All personal and financial information is encrypted as it travels over the Internet. All financial information is stored in encrypted form on our servers. The server is also not accessible through the Internet. Credit card security will continue to be a top priority for our company.

14.          Data Breach Notification

We maintain a robust Data Breach Response Plan. Should a personal data breach occur that poses a risk to the rights and freedoms of individuals, we will:

-        Notify the relevant supervisory authority within 72 hours (when required by law).

-        Inform affected individuals without undue delay, especially if the breach is likely to result in a high risk to their rights and freedoms.

-        Provide relevant details of the breach, including the nature of the data affected, the potential risks, and the steps taken to mitigate any potential adverse effects.

15.          Accountability Measures (Compliance)

We maintain detailed records of all data processing activities and conduct regular audits to ensure compliance. Internal privacy champions oversee adherence, and all employees undergo regular training on privacy practices. We also aim to maintain certifications such as SOC 2 and/or ISO 27001 for evidence of compliance with information security management.

Record of Processing Activities

We maintain a comprehensive Record of Processing Activities, documenting:

-        The categories of personal data processed and purposes.

-        Any data transfers to third countries and the safeguards in place.

-        Retention periods and erasure procedures.

-        Technical and organizational security measures implemented.

Regular training is provided to our staff to ensure ongoing awareness of privacy obligations, and our internal compliance team conducts audits to ensure adherence to this Policy.

16.          Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for high-risk processing activities, such as handling sensitive personal data, deploying large-scale behavioral tracking systems, introducing third-party AI models, or expanding operations to high-risk jurisdictions.

Privacy by Design and Default

We integrate privacy safeguards at the earliest stages of developing new systems or services, such as handling sensitive personal data, deploying large-scale behavioral tracking systems, introducing third-party AI models, or expanding operations to high-risk jurisdictions. Before introducing large-scale or high-risk processing, we conduct a Data Protection Impact Assessment (DPIA) to identify potential privacy risks and define appropriate controls. Where required, we consult with the relevant Data Protection Authorities to ensure compliance and transparency.

17.          Automated Decision-Making and AI Ethics

Systems used by us or by our partners may use AI technology.  In either case, the AI based systems are tested regularly for fairness, accuracy, and cultural sensitivity. External experts may audit these systems to ensure compliance with our ethical standards.

Right to Human Review of Automated Decisions

Where we use automated tools or AI to assist in credit scoring, fraud detection, or related processing, such assessments or profiles may impact your ability to obtain credit. If you believe an automated decision has significantly affected your rights, you have the right to request human intervention, express your views, or contest the decision.

18.          Using our W​ebsite

When you use our website, CCB collects or uses certain personal data. We do this only for those purposes described in this policy. The following applies.

Web visits

When you visit our website, technical data of your visit is recorded in log files on our servers. This data is stored exclusively for statistical analysis for up to 12 months. Examples of such data are the requested page, the IP-address, timestamp and browser type. We do not check who is using which IP-address at what time and we do not trace this information to your person. This way your anonymity is maintained.

Correspondence via the contact form or e-mail

When you send us a message through the contact form on our website or via an e-mail message, your message and the technical characteristics of your message are recorded in our e-mail archive and/or our customer database. Your data is stored in these files for the number of years for legal administrative retention purposes, which, depending on the type of correspondence shall be maintained for 5 to 10 years in accordance with local laws,  depending on the type of correspondence. We use this information to answer or handle your message and to get in touch with you as part of our normal business. We do not use this data to combine with other personal data available to us. At all times during the retention period we shall keep your data secured as described under the section Security Measures above, and we maintain strict safeguards to ensure that the data is deleted when it is no longer needed by force of law which stipulated the ten year period.

Cookies

We use cookies to enhance your browsing experience. By continuing to use this website, you consent to our use of cookies. You will be presented with a cookie banner where you can choose to accept or reject non-essential cookies. You may also adjust your cookie preferences at any time by modifying your browser settings or using our opt-out tools.

-        Essential Cookies: These cookies are strictly necessary for core functionality of the website and expire when you close your browser. Because they are required for the site to function, you cannot opt out of them.

-        Analytics Cookies: These cookies help us understand how the website is used, so we can improve its performance and user experience. They may persist for up to 90 days. Our analysis tools process data locally and never share personal information with third parties. Your IP address is used only in an anonymized form, and any data collected may be stored for up to 12 months.

Cookies are small pieces of information stored by your browser on your device. We only use them to analyze website usage, ensuring that sensitive data is processed anonymously and never disclosed to unauthorized parties. If you wish to opt out of analytics cookies, please use the links provided on our cookie banner or refer to your browser’s help instructions to manage your cookie settings.

You can manage or withdraw your consent for non-essential cookies at any time by:

-        Adjusting your browser settings to block or delete cookies.

-        Using the cookie banner’s preference center, accessible on our website footer, where available.

Essential cookies remain active as they are necessary for core functionalities (e.g., security and accessibility). If you disable or block some cookies, parts of our website may not function optimally.

Links

This Privacy and Data Security Policy applies solely to information collected on our website. The Site contains links to web sites of third parties. CCB is not responsible for the actions of these third parties, including their privacy practices and any content posted on their web sites. We encourage you to review their privacy policies to learn more about what, why and how they collect and use personal information. CCB adheres to industry-recognized standards to secure any personal information in our possession, and to secure it from unauthorized access and tampering.

Legitimate Interests Relating to Website Interaction

We rely on legitimate interests for activities such as improving security, analyzing website usage, or detecting fraud. These interests are carefully assessed to ensure they do not override your rights.

No sharing with third parties

We take appropriate measures to protect against unauthorized access and use of your personal data. Furthermore, our people who need access to your data to perform their function are required to respect the confidentiality of personal data.

Abuse and/or misuse

When, in our opinion, there is any abuse or misuse of our website, we could decide to deny access to our website from certain IP-addresses and/or e-mail addresses for a definite or indefinite period of time. In case of abuse, we may attempt to trace the data to your personal identity.

19.          General Information

Transparency

This Privacy and Data Security Policy is displayed on CCB’s web site (www.caribbeancreditbureau.com). We encourage everyone to read this policy in order to understand CCB’s position and commitment towards respecting the privacy of individuals and the security measures we take surrounding the personal data we process.

Use of the website by minors

Age Verification Mechanisms. We do not knowingly process personal credit data of individuals under the age of 18. Where an interactive feature (e.g., contact form, application process) requires personal information, we implement age confirmation prompts. If we discover we have inadvertently processed data of a minor, we will delete such data promptly.

While minors are welcome to browse and read our website content, we do not process any personal credit data of individuals under the age of 18. For any interactive features or applications that involve direct engagement with our website or application (such as submitting personal information or participating in discussions), an age confirmation will be requested. Users under the age of 18 will not be permitted to access or use these interactive sections.

Accuracy

CCB will endeavor to have procedures and guidelines in place to safeguard the accuracy of the data it processes. CCB shall not be held liable for data input errors made by users or incorrect data submitted by CCB members or other sources.

Providing Data by Force of Law

In addition to sharing data with members and other credit bureaus, CCB will not provide any personal data to anyone unless the law requires us to share personal data with any official authorities or if a demand of the courts is presented to us.

Emerging Technologies and changes in Regulation

This policy is reviewed periodically to reflect changes in regulations, including data protection, technologies, or business practices. We also monitor advancements in privacy-enhancing technologies, such as federated learning, homomorphic encryption, quantum technologies and advanced anonymization techniques, to ensure compliance with industry best practices in case they become applicable to our way of operating. 

Enforcement of Policy / Complaints

If for some reason you believe CCB has not adhered to this policy, please notify us and we will do our best to promptly respond and address any valid issues raised within 60 days. 

Changes to this Policy

We review our Privacy Policy annually or when legal or operational changes require updates. We closely monitor developments in data privacy regulation in order to make any required updates to our policies and operations in a timely manner.

This Policy is effective as of February 15, 2025, and supersedes all prior versions. We will post any substantial modifications on our website at least 30 days prior to their effective date, and provide clear notice (e.g., a banner or email alert) so that you have time to review and understand any changes. Version history is maintained for your reference at the end of this document. Previous versions will be made available on request.

Contact Information Data Privacy Officer

For questions, concerns, or feedback, contact our Data Protection Officer:

Data Protection Officer: dpo@caribbeancreditbureau.com

Version History

v2025.1 (this version)        ​effective March 15, 2025
v2023                                    effective January 1, 2023