This Privacy Notice was last updated on
1 September 2020.
The purpose of this Privacy Notice is to explain how Bank ABC (“Bank ABC”, “we”, “us” and “our”) and the other members of the Bank ABC Group may process your personal data.
The “Bank ABC Group” includes Arab Banking Corporation (B.S.C.) and any entities wholly or partially owned by it. For more information about the Bank ABC Group, including who is a member of it, you may visit
www.bank-abc.com or contact your Coverage Relationship Manager.
2. Who is your data controller?
A data controller determines the purposes and means of the processing of your personal data.
Your data controller is Bank ABC B.S.C, Bank ABC Tower, Diplomatic Area, P.O. Box 5698, Manama, Kingdom of Bahrain, with which you have entered into a banking relationship, or with which you operate an account, including through the use of our digital platforms.
You can find more details on how to contact us at the end of this Privacy Notice.
3. Definitions and Interpretation
For the purposes of this Privacy Notice "personal data" is information:
- that identifies or can be used to identify you;
- that relates to, describes, is reasonably capable of being associated with or could reasonably be linked (directly or indirectly) with you;
- that can be used to authenticate you or provide access to an account.
Where the customer of Bank ABC is a natural person, any reference to the “customer” and “you” will mean such natural person.
The term “you” also refers to any individual whose personal data is provided to us by the customer, or anyone acting on their behalf (a “connected person”).
Where the customer of Bank ABC is a business customer, (i.e. they are organized as a legal entity) any reference to “you” will mean any connected person and a reference to the “customer” will mean the business customer of Bank ABC.
Personal data we collect as a result of transactions with a business customer is usually limited to details on owners (direct, indirect and beneficial), officers, authorized persons, and personal guarantors.
If you are a senior manager, authorized signatory or beneficial owner of a business customer of Bank ABC, or if you are a personal customer of Bank ABC, you must ensure that every connected person receives a copy of this Privacy Notice before their personal data is shared with Bank ABC.
4. Why do we need your personal data and what is the legal basis for this?
We will use your personal data where we have your consent or when we have another lawful reason such as:
- The need to process the data to enter into or carry out an agreement we have with you;
- The need to pursue our own legitimate interests;
- The need to process the data to comply with a legal obligation (e.g. compliance with our regulatory obligations under any applicable regimes including without limitation sanctions due diligence checks, or to comply with tax regulations that require us to report the tax status of our customers);
- The need to establish, exercise or defend our legal rights or those of a member of Bank ABC Group or a third party employed by us; and
- When we believe the use of your data as described is in the public interest.
Specific reasons or purposes for which we may use your personal data include:
- To set up, maintain, fulfil and administer the contractual relationship that we have with you;
- To provide you with products and services and to process the data to enter into or carry out an agreement we have with you;
- To enable you manage your account and transact with us;
- To make credit assessments and checks;
- To collect debt (which may involve passing your personal data to debt collection agencies);
- To assess the suitably of our products and services for your needs;
- To keep records of your instructions, transactions and communications for any further required evidence, and to prevent or detect financial crime or suspected financial crime, including (but not limited to) fraud, money laundering and financing of terrorism;
- To test the performance of our products, services, and internal processes;
- To administer our internal operational requirements (including credit, compliance, and risk management, market research, system and product development, staff training, quality control, accounting, and for audit purposes);
- To keep records of activities effected on our digital platforms, websites or mobile applications, such as your connection’s timestamp and duration;
- To process requests relating to the exercise of your rights under data protection laws; and
- To develop statistics and for market research, surveys and analysis including to develop and improve our products and services so that we can offer new and enhanced products and services to you, which may include converting your personal data into statistical or aggregated data which cannot be used to identify you.
5. What personal data do we collect about you?
The personal data we collect includes data provided by you when at the start of our relationship, or at any time thereafter such as:
- Personal data including full name, nationality, gender, date of birth, country of birth, social status, names of relatives, employment status, photos (including selfies), signature;
- Data about your identity including documents, biometric data, details of ID cards, details of passports, national social security or insurance number, driving license number;
- Contact details including residential address, email addresses, telephone numbers, proof of address documents;
- Employer, employment status, job title, full name, email, address and telephone number(s) used for work purposes;
- Financial data: income and source of income, source of wealth, average account financial activity, and engagement data;
- Data about your tax status including a tax identification number, FATCA forms, etc.; and
- Other data provided by you via completing forms and other means including e-mail, electronic messages, recorded calls, live chat, chatbots and face-to-face contact.
The personal data that we collect or generate during our business activities includes:
- Details of transactions done by you or by any of your connected persons. Details include dates, amounts, currencies, payer and payee details;
- Data about your relationship with us, the channels you use and your ways of interacting with us, the technology you use for this and your language preferences;
- Data about your ability to get and manage your credit;
- Data concerning complaints and disputes or about the instances where you have exercised your legal rights related to the protection of your personal data;
- Market research data, e.g. opinions expressed by you when participating to our market research campaigns or surveys;
- Risk rating information, e.g. credit risk rating, transactional behaviour and underwriting information;
- Due diligence data, e.g. data required to comply with financial crime regulations (anti-money laundering, anti-terrorism financing, etc.);
- Data used to identify you such as usernames, PIN codes, passwords, signatures and biometric information (e.g. fingerprint, iris scan, voice, face recognition) or a physical token (e.g. a debit, credit or prepaid card, a security token or electronic key) that are required when using our products or services;
- Email address(es) and telephone number(s) used to receive digital alerts (meaning an alert by SMS or email which we send to inform our customers on certain types of transactions or to provide financial information);
- Information about your device or the software you use, e.g. its IP address, technical specification and uniquely identifying data;
- Data about your geographic location, ATMs used and branches you visit;
- Data that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity and data about parties connected to you for these activities;
- We may record calls, email, text messages, social media messages and other communications between you and employees of Bank ABC;
- Closed-circuit television (“CCTV”) videos, with or without audio recording, used in and around our premises and ATM locations for the purpose of physical security and crime prevention - therefore we may have images of you captured by our CCTV cameras;
- Data relating specifically to transactions carried out on our digital platform by users. Whilst our banking relationship is with our customer, we will be collecting data specific to transactions carried out by users. For example, we will be able to inform our customer of details (such as dates, amounts, currencies, payer and payee details) about transactions made on our digital platforms and which user initiated the transactions. Some of this may be personal data about the user.
6. How is your personal data collected?
We collect your personal data from a number of sources, including:
- Data provided by you when we set up, administer and manage our relationship with you;
- Data we otherwise receive directly from you or from a person acting on your behalf;
- Data we obtain from third parties such as brokers, credit reference, debt recovery, fraud prevention or government agencies;
- Data that we gather from publicly available sources such as the Internet and companies’ registries or other local trade registers;
- Data that we learn through your use of our services and products such as when you use our digital platforms or mobile applications, when you visit our websites or when you interact with us through a recorded channel (e.g. a recorded telephone line, a chatbot etc.);
- Data that we identify through our fraud prevention controls;
- Data provided by other members of the Bank ABC Group; and
- Data we receive directly by your engagement with our social media platforms.
7. Recording of data
Bank ABC may record and keep track of your conversations with it, including phone calls, face-to face meetings, letters, emails, live chats, video chats and any other kinds of communication.
These recordings will be used to check your instructions to us, assess, analyse and improve the quality of our services, train our people, manage risk or to prevent and detect fraud and other crimes.
Bank ABC may also capture additional data about these interactions, e.g. telephone numbers that you call us from and data about the devices or software that are used.
8. Credit reference checks
We may perform credit and identity checks with one or more credit reference agencies (“CRAs”) when you apply for a loan (including overdraft facility, credit card limit, personal loan, mortgage, car loan, etc.) or when we review such loans.
To do this, we have to share your personal data with the CRAs including details about the credit application, your financial situation and financial history. We will also inform the CRAs about your repayment history.
We may use data received from the CRAs to:
- Assess if we can offer you credit and whether you can afford to take the product you applied for;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We may use your data to inform you about products and services offered by Bank ABC or other entities of the Bank ABC Group.
You can, at any time, withdraw your consent for this marketing purpose. For more information, refer to ‘Your right to data protection’ section of this Notice.
Please note that Bank ABC will continue to use your contact details to provide you with important information, such as changes to our Terms & Conditions or when we have legitimate reasons to do so, including compliance with our regulatory obligations.
10. Is providing your personal data obligatory?
We are unable to enter into or administer the relationship with you without some of your personal data.
In cases where providing your personal data is optional, we will make this clear, for instance by explaining in application forms if certain data fields can be left blank. In particular, it is not mandatory that you sign up for or transact on digital platforms operated by us. If we are seeking a consent to justify our processing of your personal information, we shall make this clear to you.
11. Updates to your personal data
You are responsible for ensuring that the data that you provide is accurate.
If any of the personal data you have given to us should change, such as your contact details, please inform us without delay.
Similarly, if we have collected personal data about you that you consider to be inaccurate, please inform us.
Kindly refer to the section on “How to contact us” below for information on how Bank ABC can be reached for updating your information
12. Sharing of personal data
Bank ABC may share your personal data with other parties where you have provided your explicit consent to do that. For example, you may have instructed us to send your bank statements to your accountant. Bank ABC may also share your data with others where it is lawful to do so including where we or they.
Bank ABC may share your data with others where it is lawful to do so including where we or they:
- Need the data to provide you with products or services you have requested;
- Have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
- Need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
- Have a legitimate business reason for doing so such as to manage risk, verify your identity, enable another company to provide you with services you have requested, or assess your suitability for products and services; and
- Have asked you for your permission to share it, and you have agreed.
Bank ABC may share your data for the specific purposes below with other parties including:
- Anyone who provides instructions or operates any of your accounts on your behalf, e.g. holders of a Power of Attorney, solicitors, intermediaries, persons to whom you have granted security over your account and anybody else that we have been instructed to share your data with by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf;
- Any joint account holders, trustees, beneficiaries or executors, your legal representative and their advisors and member of your family if you die or suffer mental incapacity for the purposes of them making a payment on your account;
- Parties who give guarantees or other security for any amounts you owe us;
- Parties you make payments to or receive payments from;
- Other Bank ABC Group companies (including their employees, sub-contractors, service providers, directors and officers) and any of their sub-contractors, agents or service providers such as for instance backup and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other processing and support services;
- Our legal and professional advisers such as auditors and external legal counsel;
- Other financial institutions, clearing houses, custodians, counterparties, fund managers, lenders and holders of security over any property you charge to us;
- Trade associations, credit reference or rating agencies, payment service providers and debt recovery agents;
- Our business partners who we may have arranged to provide a service to you and anybody party that provides marketing services to us;
- Parties involved in any disputes, law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- Agencies for the prevention of fraud and financial crime;
- Providers of card services, members of a credit card association or merchants where we need to disclose in regard to the operation of cards we supplied to you;
- Any introducing broker or other intermediary to whom we provide instructions or referrals;
- With any party to a transaction acquiring risk in, or assuming risk in, or in connection with, the products and services of Bank ABC or the Bank ABC Group;
- Any governmental, banking, taxation or other regulatory authorities or similar bodies with jurisdiction over any part of the Bank ABC Group, or under the rules of a relevant stock exchange, including those which are based overseas;
- Any member of Bank ABC Group to allow you to access our products and services including our Relationship Managers (if they are employed or engaged by a member of the Bank ABC Group) and our IT support teams for digital platform services;
- Any potential or actual participant, sub participant, assignee, transferee or novate (and their employees and advisors) in respect of any of any of our obligations to you under any banking agreement; and
- The courts, and as may otherwise be necessary for the administration of justice, to protect vital interests and to protect the security and integrity of our business operations or those of the Bank ABC Group.
13. International transfers of personal data
We may need to share any of the above data with parties in different countries, when that is required to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our own legitimate interests.
The parties that we may share your personal data with may be located in countries that already have adequate protection for personal data under their applicable laws. Where parties are located in countries that do not have such data protection laws, Bank ABC will apply safeguards to maintain the same level of protection as the country in which the products and services are supplied.
These safeguards may be contractual agreements with the overseas recipient, or it may require the recipient to subscribe to international data protection frameworks.
In this way your personal data may be transferred outside the country of the Bank ABC office with which you have a relationship.
For more information about these safeguards, and others as may be relevant from time to time, you can contact us as explained in the ’How to contact us’ section of this Notice.
14. How long do we keep your personal data and what is the criteria used to determine this?
We keep your personal data for as long as necessary to fulfil the purposes for which it was collected (as described above). Even when you close your account with us, we retain, as long as required, some of your personal data in order to comply with legal and regulatory requirements or in case of claims or in order to answer any of your queries.
Such personal data include:
- Activities and transactions carried out by users on the customer’s account via our digital platforms;
- Username (used in our digital platforms) of a connected person who no longer works for our customer.
Please reach out to us as per the “How to contact us” section in this Notice if you want more information about the retention of Personal Data.
We will continue to look after your personal data securely and your rights listed in this Privacy Notice remain in place until your personal data is safely deleted from our systems.
The criteria we use to determine data retention periods for your personal data includes the following:
- Retention in case of queries. We will retain some of the data in case of queries from you (for instance, if you submit an application for a product or service and if that is unsuccessful);
- Retention in case of claims. We will retain some of the data for the period in which a customer might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We will retain some of the data after our agreement with the customer has come to an end and, with respect to access to our digital platform, following the termination of such access, based on our legal and regulatory requirements.
15. Your right to data protection
You have the following rights to data protection:
- The right to be informed about the processing of your personal data;
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to have your personal data erased (the right to be forgotten);
- The right to request access to your personal data and to obtain information about how we process it;
- The right to move, copy or transfer your personal data (data portability);
- The right not to be subject to a decision based solely on automated processing, including profiling;
- which produces legal effects concerning you or similarly significantly affects you; and
- The right to withdraw your consent at any time (e.g. no longer be included in our marketing campaigns).
Please note that these rights are not absolute and do not apply in all circumstances. It is understood that you will be entitled to any additional rights that would be conferred by the applicable Laws and Regulations. If you wish to exercise any of these rights, please write or mail to us.
Kindly refer to the section “How to contact us” if you want to exercise any of your data protection rights.
In addition, you have the right to complain to the relevant supervisory authority which has enforcement powers and can investigate compliance with data protection laws.
The relevant Personal Data Protection Authority in the Kingdom of Bahrain is the Ministry of Justice, Islamic Affairs and Waqf.
17. Other Terms and Conditions between us
There may be other terms and conditions in our agreements with the customer that will apply to our use of your personal data. Such terms and conditions must be read in conjunction with this Privacy Notice.
Please contact us in case you need a copy of this Notice in another format and we will seek to accommodate.
Kindly refer to the section below for information on how such request can be made.
19. How to contact us
If you have any questions about this Privacy Notice or the way Bank ABC B.S.C. handles personal data, please contact us at the address below:
- Bank ABC BSC, ABC Tower, Diplomatic Area
P.O., Box 5698, Manama, Kingdom of Bahrain for the attention of the Data Protection Coordinator.
- E-mail: Privacy.firstname.lastname@example.org
20. Download PDF Version