BDCB Privacy Policy Statement

This page sets out how we handle personal data in the performance of our functions, and how we protect the privacy of the individuals whose data we process.


Brunei Darussalam Central Bank (BDCB) is committed to protecting its employees, properties, information, reputation, as well as members of the public’s information from potential threats.

BDCB has implemented an Information Security Management System (ISMS) that adopts industry best practices and standards to ensure its privacy and that of members of the public, its stakeholders and employees’ information, by protecting it against unauthorised access, disclosure, and/or loss.

The objective of information security is to ensure the business continuity of BDCB and to minimise the risk of damage by preventing security incidents and reducing their potential impact.


The principles that shall be followed to secure the information are as follows:

  • Ensuring its privacy and that of members of the public, stakeholders and employees’ information by suitable protection of the information and its information processing infrastructure against all internal, external, deliberate or accidental threats.
  • Ensuring security of information to be implemented in BDCB’s day-to-day business operation with effective ISMS that adopts the industry standards and best practices.
  • Continuous reviews to ensure that ISMS Policy is aligned with BDCB’s business objectives.

BDCB’s Commitment

The BDCB information security policies and guidelines will be reviewed from time to time as necessary. BDCB is committed to protect its informational assets against all internal, external, deliberate or accidental threats. In addition, BDCB also aims to protect information belonging to third parties that has been entrusted to BDCB in a manner consistent with its sensitivity as well as in accordance with all applicable agreements.

Collection of Information

Personal data definition: Data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access to.

BDCB may collect personal data directly from members of the public, stakeholders and its employees where necessary, or should it be deemed as reasonable or practical to do so. When BDCB collects the personal data, BDCB will inform them how the personal data is used or disclosed unless it is apparent at the point of collection.

In some cases, it may be necessary, reasonable or practical for BDCB to collect personal data from other persons, with or without individual knowledge or involvement as part of our statutory functions and for recruitment purposes.

For visitors to BDCB’s premises, BDCB may collect personal data prior to entry for identity verification and security purposes. BDCB also operates CCTVs at exterior perimeters and within its premises for safety of the visitors and its employees, and for crime prevention and crime detection, which may collect photos, videos, or voice recordings of individuals.

Protection of Personal Data

BDCB ensures the security of individual personal data by taking appropriate security measures to preserve its confidentiality. The nature and extent of the safeguards will vary depending on:

  • The sensitivity of the data that have been collected.
  • The amount, distribution and format of the data.
  • The method of storage.
  • The state of technological development.
  • The cost and reasonableness of implementation of the safeguards.

Safeguards for data protection shall be assessed by BDCB from time to time, as and when required. In some occurrences, it is necessary for BDCB to process sensitive or special categories of personal data such as racial or ethnic origin, biometric data, and data concerning health as well as criminal data as part of its functions as described above. In such cases, BDCB will apply additional care as required by law.

Where data is to be transferred to a third party (other than the individual or BDCB), BDCB shall take reasonable measures to ensure that the data which is to be transferred will not be processed inconsistently with this policy.

Use and Disclosure of Personal Data to Third Parties

Efforts will be made to prevent personal data being made available to third parties (within and outside of Brunei Darussalam) for purposes other than those for which it was collected. However, BDCB may share personal data with third parties if:

  • The individual’s consent is obtained.
  • The use or disclosure is clearly in the interest of the individual.
  • It is impracticable to obtain the consent of the individual to that use or disclosure.
  • If it were practicable to obtain such consent, the individual will likely give it.
  • Use or disclosure of the data is for legal, medical, or security reasons. For example, when data is being used or disclosed for the detection and prevention of fraud or for law enforcement.
  • If data use or disclosure assists the individual to fulfil a statutory requirement.
  • Data is being used or disclosed in an emergency that threatens the life, health, or security of an individual.
  • Use or disclosure of data which is generally available to the public.
  • Use or disclosure of data is necessary to render a service which the individual has applied for.
  • Disclosure is made to an institution whose purpose is the conservation of records of historic or archival importance and disclosure is for such purpose.
  • A service provided requires interaction with a third party, or is provided by a third party on our behalf.
  • It is pursuant to legal action or law enforcement.
  • It is to perform our statutory functions and exercise powers under the law.

In instances where BDCB appoints a third-party service provider to process personal data on behalf of the organisation, BDCB will instruct such provider to only process such personal data for the specific purposes as required by BDCB.

If BDCB discloses any individual personal data to any person, BDCB will require such person to appropriately safeguard the personal data provided to them.

Individuals’ Information Rights

Under certain circumstances, an individual may have the right to:

Withdraw Consent
  • For processing of personal data
  • Request for erasure of individual personal data
  • Object to the processing of individual personal data
Request to Access Personal Data
  • Request for confirmation whether individual data is being processed
  • Request copy of personal data
Request for Correction
  • Request to correct or complete individual personal data held by BDCB
Data Portability
  • Request to provide individual personal data in a manner that allows the individual to transmit such personal data to a third party, or to directly transmit such personal data to a third party.

The rights set out above are not absolute and are subject to a number of important exemptions and limitations. BDCB has the right to allow or deny individual requests, at its discretion.

How to Contact Us

Please contact BDCB at should you:

  • Have enquiries or feedback on BDCB’s data protection policies and procedures.
  • Need more information on, or access to, data which you have provided to us in the past.
  • Have any questions or concerns about the collection, use, processing, protection, disclosure, or transfer of your personal data.