DATA PRIVACY AT THE ASIAN INFRASTRUCTURE INVESTMENT BANK DATA PRIVACY AT THE ASIAN INFRASTRUCTURE INVESTMENT BANK

DATA SUBJECT REQUEST


A Data Subject* (or their duly authorized representative), who provides sufficient evidence of being the relevant Data Subject, may request to access, correct or delete their personal data processed by the Asian Infrastructure Investment Bank (AIIB or the Bank) as follows:

  1. Access: Data Subjects shall have the right to obtain information from the Bank as to whether or not their personal data is being or has been processed by the Bank, and, where that is the case, to access information on (i) what personal data concerning them is or has been processed by the Bank, (ii) the purpose of such processing and the categories of the Data Subject’s personal data processed by the Bank, and (iii) the length of time for retention of the personal data by the Bank.
  2. Correction: Upon providing satisfactory evidence to demonstrate that their personal data processed by the Bank is inaccurate, the Data Subject may request to have such personal data updated or corrected.
  3. Deletion: Data Subjects may request deletion of their personal data: (i) if they can provide satisfactory evidence that such processing does not comply with the Policy on Personal Data Privacy (PPDP), or (ii) where the only legitimate basis for processing is consent, the Data Subject has submitted written notification to withdraw their consent.

“Data Subjects” are identified or identifiable natural persons whose personal data is subject to processing by AIIB. “Personal data” is any information relating to an identified or identifiable natural person. “Processing” means any operation or set of operations, wholly or partly automated or otherwise, which is performed on personal data, including but not limited to, collection, recording, storage, use, transmission, disclosure, dissemination, or deletion.

Personal data that could be the subject of any of the above requests is limited only to personal data which is within the control of the Bank. The Bank shall not be required to comply with blanket requests, or to gather, extract or recreate personal data that is not under the Bank’s control.

The Bank shall withhold or redact information from a response where the disclosure of the same falls within one of the exceptions to disclosure set out in Section 8 of the Bank’s Policy on Public Information (PPI).

Process for Submission of Requests

  1. Data Subject shall submit the Data Subject Request Form and any relevant and supporting documentation here. All requests shall be submitted in English.
    1. AIIB will inform the requestor of the receipt of the request within five (5) working days, and of the decision to grant or deny the request within thirty (30) working days, from receipt of the request. If the request does not contain sufficient information needed by the Bank to process the request, the 30-day period may be extended to allow the Data Subject additional time to provide the required information.
    2. If a delay is expected, the Bank will inform the requestor of the reason for the delay within the same 30-day period.
  2. In the event the initial request is denied, the Data Subject may submit an appeal by following the procedures here.

Data Subject Request Form

Home How We Work Policies and Directives Policy on Personal Data Privacy Data Subject’s Request