On Oct. 13, 2021, the Board of Directors of the Asian Infrastructure Investment Bank (AIIB or Bank) adopted the Policy on Personal Data Privacy (PPDP or Policy).
The PPDP strengthens the regulatory environment protecting personal data within the Bank. It helps mitigate reputational risks associated with managing personal data, protect the Bank’s privileges and immunities, safeguard the Bank’s IT infrastructure and facilitate international procurement.
It is aligned with the policies and best practices of peer international financial institutions (IFIs) and multilateral development banks (MDBs).
AIIB’s Responsibility to Manage Personal Data
The PPDP seeks to ensure that the Bank processes personal data in a consistent manner taking into consideration recognized international standards.
It shows the Bank’s commitment to protecting personal data and using it responsibly as an international organization. The Policy:
- reflects the overarching principles, which apply to all personal data collected by AIIB on or after July 1, 2022;
- is reaffirmed by appropriate policies and procedures aimed at supporting effective identification and management of privacy risks across AIIB; and
- is overseen by a dedicated Data Privacy Officer, who is responsible for implementing the PPDP throughout the Bank, as well as advising staff on data privacy-related matters and monitoring compliance.
Principles Governing the Processing of Personal Data by AIIB
- process personal data fairly and only for legitimate purposes. Processing is considered fair and for a legitimate purpose if the consent of the data subject is obtained, or when processing is in the vital or best interests of the data subject or another person, or necessary for AIIB to perform a contract or comply with a binding obligation, or necessary to fulfill AIIB’s functions and mandate.
- specify the legitimate purposes for the processing of personal data and notify the data subject of such purposes.
- collect only such amount and type of personal data necessary for and proportionate to the legitimate purposes for which it is processed.
- record personal data as accurately as possible to the best of its knowledge and update it where necessary to ensure it fulfills the legitimate purposes for which it is processed.
- delete personal data or render it anonymous as soon as reasonably practicable after its purposes have been fulfilled.
- adopt technical and organizational measures to protect personal data against accidental loss or modification, destruction or damage, and prevent its unauthorized or unlawful processing.
- transfer personal data to third parties only for legitimate purposes by using appropriate and secure means of transmission.
- take reasonable measures to ensure that personal data processed by third parties on its behalf will receive reasonably equivalent level of protection required by the PPDP.
- adopt mechanisms to ensure compliance with the PPDP and provide data subjects with a method, subject to reasonable limitations and conditions, to request information about their personal data processed by AIIB, correction of their personal data if the same is inaccurate, or deletion of their personal data when its processing no longer serves a legitimate purpose.
The full text of the PPDP is available at here.
All questions or requests related to the Bank’s processing of personal data can be directed to the Data Privacy Officer at email@example.com.