Arival Bank International, Corp. Privacy Policy for EU Residents

Scroll

Effective Date: 09/23/2021

Last Updated on: 09/23/2021

This Privacy Policy Addendum is for people who are located in the European Economic Area (“EEA”) and supplements our general Privacy Policy. Our processing of personal data of people who are in the EEA is governed by the General Data Protection Regulation (the “GDPR”), which applies from May 25, 2018. The GDPR requires us to provide certain information to you about your personal data, which we refer to in this addendum as your personal information and any terms defined in the GDPR have the same meaning when used in this Policy.

For the purposes of this Addendum, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

MAINTENANCE OF INFORMATION:

We have established procedures designed to ensure that your personal data is as accurate and complete as possible. To review your customer information for accuracy or completeness, or if you believe that our records contain inaccurate or incomplete information about you, please contact us by calling +1 787 342 0043 or by sending a written inquiry to privacy@arival.com. You may also send your request by filling out this form. We will review your inquiry and assist with verifying your information and rectify or update your information accordingly.

HOW DO WE COLLECT YOUR DATA:

Arival Privacy Policy

WHY DO WE COLLECT YOUR DATA?

We will always process your personal data based on one of the legal bases provided for in the GDPR. In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, or racial or ethnic origin, in accordance with the special rules provided for in the GDPR.

We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate services and products:

  • to ensure that content from our site is presented in the most effective manner for you;
  • to notify you about changes to our services;
  • to manage your customer account;
  • to offer you products and services;
  • to inform you about our policies and terms;
  • to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;
  • to provide, improve, and develop our products, services, and advertising;
  • to use personal information for purposes such as data analysis, research, and audits;
  • to ensure business continuity.

Also, subject to obtaining your express prior consent, we may also collect and process your personal data for the following purposes:

  • to provide you with information which we feel may be of your interest;
  • to allow you to participate in interactive features of our services, when you choose to do so;
  • to manage your subscription to the newsletter;
  • for making business analysis.

We process personal information provided by visitors through our website on the basis of consent. We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations. Please be aware that you are entitled to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal thereof.

We will process your data for these specified, explicit, and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support its business activities. For additional information on the legitimate purposes of the data, please see our Privacy Policy.

USE OF COOKIES:

In addition to the information gathered pursuant to the General Privacy Policy, we also process automatically-gathered information by use of a feature of your Internet browser called “cookies.” Cookies are text files with small pieces of data that are used to identify your computer as you use a computer network. We may use these features on our website or online banking service to verify your identity, to remember personal settings including your preferences, to offer you additional options or enhance your online experience, and to improve our products and services. We also use them for our own analytics, marketing, website optimization, website personalization, and tracking of online applications and programs. Our server recognizes and records the domain name from which visitors to our website accessed the Internet and the names of the pages visited while at our website. We also may use cookies to track the effectiveness of advertisements for Arival’s products and services. Cookies used for tracking advertising effectiveness do not collect nonpublic personal or confidential information. If you are concerned about our use of cookies, you may be able to set your browser to decline cookies. However, if you choose to block cookies, certain features of our website may not function correctly.

HOW DO WE SHARE YOUR PERSONAL DATA?

We may share your personal data with Arival affiliated entities and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing. Furthermore, where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller and controller-to-processor, Standard Contract Clauses approved by the European Commission, in order to cover such transfers .

Affiliates and Business Transactions

We may share your personal data with all Arival’s affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.


Legal Compliance and Security

It may be necessary for us - by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence - to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.

We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

For the exhaustive list of third parties with whom we share your personal data, please visit https://arival.com/document/privacy-policy.

DATA TRANSFERS OUTSIDE THE EEA:

Arival is an international financial entity based in Puerto Rico, which is a USA territory. When you provide personal information to us, we request your consent to transfer that personal information to the USA. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

KNOW YOUR RIGHTS:

You have the following rights regarding personal data collected and processed by us.


Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you.

  • Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information.
  • Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data. You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.
  • Restriction on processing of personal data: You have the right to restrict the processing of your personal data upon request if it is (a) inaccurate or unlawful, (b) under contest, or (c) no longer being processed for the original purpose. Arival may continue to process the data if it is necessary to resolve legal claims, for the protection of the rights of another person, or for reasons of important public interest. If Arival objects to the restriction of data processing, we will notify you promptly after receiving your request.
  • Object to processing of personal data: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply.
  • Data portability of personal data: You have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply.
  • Not to be subject to automated decision-making: You have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply.
  • Receiving Promotional and Other Communications. We will obtain your consent before sending you promotional, newsletter, or product information emails that we feel may interest you. We may obtain consent from you through a website contact or consent form or by email. You may opt out by either checking the relevant box on the communication consent form, by following the optout instructions provided in our emails to you, or by emailing us with your specific request. If you opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of any Arival products or services or about our ongoing business relations.
  • Withdrawing Your Consent. You may withdraw any consent you previously provided to us for the processing of your personal data. As required by applicable law, we will apply your preferences going forward, within a reasonable amount of time. Even where you withdraw your consent, we may still process your personal data for limited purposes, for example, to give effect to your request or to safeguard our business. In some circumstances, withdrawing your consent to our use or disclosure of your personal information will mean that you cannot use our products or services.
  • Lodging a Complaint with a Supervisory Authority. You have the right to submit a complaint to an EU supervisory authority if you believe that your personal data has been processed in a manner that is not compliant with the GDPR. You also have the right to submit a complaint to an EU supervisory authority if Arival is unable to comply with your right of data portability or does not respond to your request within a timely manner.

If you intend to exercise such rights, please contact us by filling out this form.

Arival Bank is licensed and regulated by the Office of the Commissioner of Financial Institutions in Puerto Rico as an International Financial Entity (license #IFE-065). Arival Bank International Corp. is not directly insured by the FDIC, FSCS or DGS. Any applicable deposit insurance is provided through our settlement partners.

Arival®

Discover

Product

Careers

Info

Policies

User Guide

Pricing

FAQ

Contact Sales

Contact Us

Arival Bank International Corp.
1250 Ponce de León Ave., Ste 504
San Juan, PR 00907-3914, United States

© 2025 Arival Bank International Corp.
All rights reserved. Non-member FDIC