top of page
SP MONZA BANK logo 1B WHITE Clear SQ copy.png

Privacy Policy

Privacy Policy - The Basics 

Effective Date: 1 May 2025
Last Updated: 1 May 2026

 

SP Monza Bank (“the Bank,” “we,” “us,” or “our”) is committed to safeguarding the privacy and confidentiality of personal information entrusted to us by our clients. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with our private banking, wealth management, custody, lending, investment, and digital asset services.

This Policy applies to both traditional financial services (“TradFi”) and decentralized finance-related services (“DeFi”), including any platform, portal, wallet, or digital infrastructure used to access our services.

Information We Collect

We may collect personal information from you directly, from your transactions, from your devices, from service providers, from blockchain networks where relevant, and from public or regulatory sources as permitted by law.

The information we collect may include:

  • Identity and contact details.

  • Date of birth, nationality, residency, and tax information.

  • Account, portfolio, and transaction information.

  • Source of wealth and source of funds documentation.

  • Beneficial ownership and entity control information.

  • AML, sanctions, fraud, and compliance screening data.

  • Device identifiers, IP addresses, login data, and usage analytics.

  • Wallet addresses, on-chain transaction data, and digital asset activity.

 

Where you use DeFi or digital asset services, we may also collect or infer information relating to wallet ownership, protocol interactions, transaction patterns, and smart contract activity.

How We Use Information

We use personal information to:

  • Open, administer, and service client accounts.

  • Verify identity and complete due diligence.

  • Provide banking, investment, custody, and digital asset services.

  • Execute client instructions and process transactions.

  • Conduct fraud prevention, security monitoring, and risk management.

  • Comply with legal, regulatory, tax, and reporting obligations.

  • Communicate with you regarding your relationship with the Bank.

  • Improve our services, systems, and client experience.

 

Where permitted by law, we may also use information to personalize offerings, manage client relationships, and support operational planning.

DeFi and Digital Asset Processing

If you use our DeFi-related services, you acknowledge that blockchain networks are typically public, distributed, and irreversible. Even when wallet addresses are pseudonymous, blockchain activity may be associated with an individual or entity through analytics, counterparties, or compliance reviews.

We may use blockchain analytics, wallet screening, transaction monitoring, and protocol risk tools to help detect suspicious activity, manage compliance, and protect the Bank and its clients. DeFi, smart contracts, and third-party protocols may involve technical, liquidity, governance, custody, and counterparty risks beyond the Bank’s direct control.

How We Share Information

We do not sell your personal information.

We may share personal information, as necessary and permitted by law, with:

  • Our affiliates.

  • Custodians, administrators, counterparties, payment providers, and liquidity providers.

  • Technology, security, analytics, and professional service providers.

  • Blockchain infrastructure providers and DeFi protocol counterparts, where relevant to service delivery or transaction support.

  • Regulators, tax authorities, courts, and law enforcement agencies.

  • Any person or entity to whom we are required or authorized to disclose information under applicable law.

 

Where we disclose information to third parties, we seek to use reasonable contractual and technical safeguards appropriate to the sensitivity of the data and the nature of the service relationship.

Confidentiality and Professional Secrecy

We recognize that discretion is central to private banking. We restrict access to personal information to personnel and third parties with a legitimate need to know and require confidentiality obligations where appropriate.

Where applicable, we also comply with professional secrecy, banking secrecy, or comparable confidentiality duties under local law. However, confidentiality may be limited by legal, regulatory, tax, AML, sanctions, or court-ordered disclosure requirements.

Legal Bases for Processing

Depending on the jurisdiction, we may process personal information on one or more of the following bases:

  • Your consent.

  • Performance of a contract or steps taken at your request.

  • Compliance with legal and regulatory obligations.

  • Our legitimate interests, including security, fraud prevention, service delivery, and business operations.

 

Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include access controls, encryption, authentication tools, monitoring, secure storage, and vendor oversight.

For digital asset services, we may also apply wallet controls, key management procedures, transaction approval processes, and protocol risk assessments. No method of transmission or storage is entirely secure, and we cannot guarantee absolute security.

Data Retention

We retain personal information for as long as necessary to provide services, meet legal and regulatory requirements, maintain records, resolve disputes, conduct audits, support tax reporting, and fulfill AML and compliance obligations.

Retention periods may vary depending on the type of information, the services provided, and applicable legal requirements. For banking records, retention obligations may extend beyond the end of the client relationship.

International Transfers

Your information may be transferred to, stored in, or accessed from jurisdictions other than your own, including where we or our service providers operate. Where required, we apply appropriate safeguards for cross-border transfers and processing.

Your Rights

Depending on applicable law, you may have rights to:

  • Access your personal information.

  • Request correction or updating of inaccurate data.

  • Request deletion or restriction of certain processing.

  • Object to certain processing.

  • Withdraw consent where processing is based on consent.

  • Receive information about our data practices.

 

Some rights may be limited where we must retain information for legal, regulatory, AML, tax, or risk-management purposes. This may include records relating to blockchain or digital asset transactions.

Cookies and Online Tracking

If you use our websites, portals, or mobile applications, we may use cookies and similar technologies for authentication, security, analytics, functionality, and service improvement. Where required by law, we will provide notice or obtain consent regarding such technologies.

Third-Party Services

Our services may link to or integrate with third-party websites, custodians, exchanges, payment providers, analytics tools, or DeFi protocols. Their privacy practices are governed by their own policies, and we are not responsible for how they process your information.

Changes to This Policy

We may amend this Privacy Policy from time to time to reflect changes in law, technology, regulation, or our business practices. We will post the updated version with a revised effective date and provide additional notice where required.

Contact Us

If you have questions about this Privacy Policy or how we handle personal information, contact:

SP Monza Bank
Chief Legal Officer
1 Hillcrest Manor, PO Box N1401, Nassau, Bahamas
info@spmonzabank.com
 

bottom of page