Privacy Notice for Retail Customers

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ ​​ ​​​This Privacy Notice was last updated on September 2025.


1. Purpose

The purpose of this Privacy Notice is to explain how Bank ABC retail banking entities (“Bank ABC”, “we”, “us” and “our”) process your personal data.


2. Who is your data controller?​

The data controller is the Bank ABC retail banking entity responsible for your personal data, with which you have established a banking relationship or hold an account, inclusive of interactions facilitated through our digital platforms.

Our retail banking entities are:

  • Bank ABC Algeria, PO Box 367, 38 Avenue des Trois Frères, Bouadou Bir Mourad Rais, Algiers, Algeria
  • Bank ABC Egypt, PO BOX 38, Kattameya Street 90 (North), Plot Number: B-39, Fifth Settlement, New Cairo, Egypt
  • Bank ABC Jordan, 38 Abdul Rahim Al-Waked Street, Shmeisani, Amman, Jordan
  • Bank ABC Tunisia, ABC Building, Rue du Lac d’Annecy, Les Berges du Lac, 1053, Tunis

For more information about the Bank ABC Group, including who is a member of it, you may visit www.bank-abc.com.


​​3. ​Definitions and interpretation

For the purposes of this Privacy Notice "personal data" is information:

  • that identifies or can be used to identify you; or
  • that relates to, describes, is reasonably capable of being associated with or could reasonably be linked (directly or indirectly) with you.

Where the customer of Bank ABC is a natural person, any reference to the “customer” and “you” will mean such natural person.


​​4. What personal data do we collect about you?​

The personal data we collect about you includes information that we collect when we setup, administer, and manage our relationship with you, such as the following:​

Type of personal data​ ​​Details​​ Collection
Personal data you provide us (at the start of our relationship or at any at any time thereafter)
  • Full name, email, address, telephone number(s), nationality, country and date of birth, place of residency, identification documents, details of income and source of wealth, tax status and tax identification number (including FATCA), proof of address documents, and signature.
  • Data about your identity including identity documents such as, details of ID cards, details of passports, national social security or insurance number, and driving license number.
  • Income and source of income, source of wealth, average account financial activity, and engagement data.
  • Your identity documents, along with any associated information they contain, as well as proof of address documents.
  • Your employment status, employment information, financial status, tax status, tax identification number, details of income and its source, and source of wealth.
  • Other data provided by you by completing forms and via other means including e-mail, electronic messages, recorded calls, live chat, chatbots and face-to-face contact.
  • Personal data collected through customer onboarding forms.
  • Personal data received and collected via our online banking and mobile application.
  • Registration for our products (for yourself, someone else for supplementary cards) and e-banking service.
  • Correspondence and interactions with us.
  • When you speak with customer support team, call center, or contact us for any other reason.
Personal data collected or generated during our business activities
  • Personal data relating specifically to transactions carried out on our digital platform and mobile app by you (such as type, dates, amounts, currencies, payer, payee, and beneficiary details).
  • Debit card, credit card, prepaid card, security token, or electronic key that you must use to confirm your identity when accessing our digital platform.
  • Data about your ability to get and manage your credit.
  • Data concerning complaints and disputes or about the instances where you have exercised your legal rights related to the protection of your personal data.
  • Due diligence data (e.g. data required to comply with financial crime regulations).
  • Email address(es) and telephone number(s) used to receive digital alerts (meaning an alert by SMS or email which we send to inform our customers on certain types of transactions or to provide financial information).
  • Data that we need to support our regulatory obligations (e.g. information about transaction details, detection of any suspicious and unusual activity and data about parties connected to you for these activities).
  • Data about your geographic location and Bank ABC branches your visit.
  • Correspondence, records of interactions, and complaints.
  • Information on monthly income and average account financial activity.
  • Website and mobile app account set-up.
  • Account usage and transactions.
  • When you speak with customer support team or contact us for any other reason.
  • Personal data collected through customer onboarding forms.
Online identifiers and Cookies
  • Online Identifiers that may leave traces which, when combined with unique identifiers and other data received by servers, may be used to identify you. Online Identifiers may include internet protocol (IP) addresses and cookie identifiers (although we do not usually use cookies to track individual users or to identify them).

For more details about cookies, see our online Cookie Policy.

  • Website and mobile app.
Personal data that we gather from social media and online
  • Your social media profiles, messages (when interacting with us) and your biographies.
  • Information that we gather from publicly available sources or other local trade register and online registers or directories.
  • When we conduct general searches on you.
  • Publicly available information on social media.
  • When you take part in online discussion or promotions.
  • When you enter a competition.
Personal data gathered from various other sources
  • Credit reports, scores, and creditworthiness.
  • Financial status.
  • Information obtained from third parties such as credit reference, debt recovery, fraud prevention agencies or government agencies (e.g. this information may have originated from publicly accessible sources, such as court decisions).
  • We may perform credit and identity checks with one or more credit reference agencies (“CRAs”) when you apply for a loan (including overdraft facility, credit card limit, personal loan, mortgage, car loan, etc.) or when we review such loans.
  • To do this, we must share your personal data with the CRAs including details about the credit application, your financial situation and financial history.
  • Credit Reference Bureaus, official registers, public databases, and other third parties providing fraud prevention.
  • Publicly accessible sources.
  • Internet.
  • Third party providers (i.e., webinars).
Personal data collected from your use of our products and services
  • Internet online identifiers (i.e., cookies, IP addresses) and other technical personal data (these may leave traces which, when combined with unique identifiers and other information received by servers, may be used to identify you).
  • Technical personal data may include mobile network information, unique device identified, traffic data including web logs and geolocation.
  • Security codes, including all confidential codes, usernames, user identifications and passwords, PIN/Password.
  • ​Personal data we learn about you from the way you operate our digital platforms, products, and services.
Recordings and CCTV
  • Closed-circuit television (“CCTV”) may be used in and around our branches and ATM locations for the purposes of security and preventing crime, therefore we may have images of you captured by our CCTV cameras.
  • Bank ABC may record and keep track of your conversations when you call our Customer Service including phone calls, face-to face meetings, letters, emails, social media messages, live chats, video chats and any other kinds of communication between you and employee of Bank ABC.
  • When you visit our branch and ATMs.
  • When you interact with us in person, over the phone, or in writing.
Sensitive personal data

Depending on the Bank ABC banking entity responsible for your personal data, with which you have established a banking relationship or hold an account with, we may process the below sensitive personal data:

  • Biometrics to authenticate your status as an authorized user of our digital application, and to assist in fraud detection.
  • Criminal and court records including Central Bank account blocks and Politically Exposed Persons.
  • Religion.
  • Directly from you during onboarding.
  • Publicly accessible sources.
  • Internet.
​​​

​​5. ​How we handle personal data shared with us about you and others?​​

Although our banking relationship is with you, we may collect information related to transactions conducted by other customers that involve you. For example, when another customer uses your IBAN or phone number for a transaction.

When you give us personal data about other individuals (such as a joint account holder, spouse, or family member), or ask us to share their information with third parties, you are expected to have previously informed them of this Privacy Notice.


​​6. How will we use your personal data and on what legal basis?
Legal Basis​ Purpose
Processing that is necessary to set up, maintain and administer the contractual relationship with you
  • To enable you to manage your account with us and to assist you to transact with us.
  • To operate and manage your account and to manage your cards (debit and / or credit) that you have with us.
  • To communicate with you and to resolve your queries.
  • To authenticate you as an authorized user of your account with us.
Processing that is necessary for our own legitimate interests (including those of Bank ABC Group entities and affiliates)
  • To assess the suitably of our products and services for your needs.
  • To collect due and outstanding debt which may involve passing your personal information to debt collection agencies.
  • To keep records of communications to evidence what has been discussed, keep a record of your instructions, activity on the digital platform, and to prevent or detect crime.
  • To record customer account activities where we have reason to believe that fraud or other crimes are being committed or where we suspect non-compliance with anti-money laundering regulations to which we are subject.
  • To test the performance of our products, services, and internal processes to ensure that your personal information is only collected as needed and is held and processed securely.
  • To administer our internal operational requirements (including credit, compliance, risk management, market research, system and product development, quality control, accounting and audit).
  • To keep records of activities on our digital platforms, websites, and mobile applications, such as your connection’s timestamp and duration.
  • To exercise or defend our legal rights or those of a member of Bank ABC Group or a third party employed by us.
Processing that is necessary to comply with the following legal obligations
  • To comply with laws that require us to verify the identity of our customers and to detect and prevent financial crime.
  • To comply with tax regulations that require us to report the tax status of our customers.
  • When enforcing or defending our rights, or those of any Bank ABC Group entities and affiliate or a third party employed by us.
  • To comply with our regulatory obligations under any applicable regimes including without limitation sanctions, due diligence checks, and tax regulations requiring us to report the tax status of our customers.
  • To prevent or detect financial crime or suspected financial crime, including (but not limited to) fraud, money laundering and financing of terrorism.
  • To process requests relating to the exercise of your rights under applicable data protection laws.
Processing based on your consent

Where you have agreed to us collecting your personal data, for example:

  • ​When you have ticked a box to indicate that you are happy for us to use your personal data in a certain way.
  • To manage our website registration page for newsletter sign-up.
  • When you agreed to collection of Cookies (i.e., online Identifiers that may leave traces which, when combined with unique identifiers and other data received by servers, may be used to identify you). For more details about Cookies, see our online Cookie Policy.
​​​

7. ​​Is providing your personal data obligatory?​

We are unable to enter into or administer our relationship with you without some of your personal data. In cases where providing your personal data is optional, we will make this clear, for instance by explaining in application forms whether certain data fields can be left blank. In particular, it is not mandatory that you sign up for or transact on digital platforms operated by us. If we are seeking your consent to justify our processing of your personal information, we shall make this clear to you.


​​8. ​​Updates to your personal data

You are responsible for ensuring that the data that you provide is accurate. Should any of the personal data you have given to us change, such as your contact details, please inform us without delay. Similarly, if we have collected personal data about you that you consider to be inaccurate, please inform us. Kindly refer to the section on “How to contact us” below for information on how Bank ABC can be reached for updating your information


9. Sharing of personal data​

The global nature of our business means that your information may be shared within the Bank ABC Group and with other companies providing services to us. In this way, your personal information may be transferred outside the country of the Bank ABC office with which you have a relationship. ​

These may be located in countries that do not have data protection laws providing the same level of protection as the country in which the products and services are supplied. If we transfer your personal data to such a country, we will make sure that your personal data is sufficiently protected. ​

For example, we will ensure that a contract with strict data protection safeguards is in place before we transfer your personal data, or we may require the recipient to subscribe to international data protection frameworks.

In accordance with the Data Protection Laws applicable to your jurisdiction, the international transfer of your Personal data may be subject to prior authorization from the Data Protection Authority of your jurisdiction.

Bank ABC may share your personal data with others where it is lawful to do so. ​​​​​

Type of Sharing​ Shared With​
Public or legal duty​

To assist with detecting and preventing fraud, tax evasion and financial crime, or to protect the security and integrity of our business operations or those of the Bank ABC Group:

  • The courts, and as may otherwise be necessary for the administration of justice.
  • Parties involved in any disputes, law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities. li>
  • Agencies for the prevention of fraud and financial crime.
Regulatory reporting, litigation or asserting or defending legal rights and interests​
  • Any governmental, banking, taxation or other regulatory authorities or similar bodies with jurisdiction over any part of the Bank ABC Group, or under the rules of a relevant stock exchange, including those which are based overseas.
Legitimate business reason to provide you with products and services you have requested, or assess your suitability for products and services​
  • ​​Parties you make payments to or receive payments from.
  • Parties who give guarantees or other security for any amounts you owe us.
  • Any member of Bank ABC Group to allow you to access our products and services, including our Relationship Managers and our IT support teams for digital platform services and any of their sub-contractors, agents or service providers.
  • Our legal and professional advisers such as auditors and external legal counsel.
  • Other financial institutions, clearing houses, custodians, counterparties, fund managers, lenders and holders of security over any property you charge to us.
  • Trade associations, credit reference or rating agencies, payment service providers and debt recovery agents.
  • Our business partners who we may have arranged to provide a service to you and any party that provides marketing services to us.
  • Providers of card services, members of a credit card association or merchants, where we need to disclose information regarding the operation of cards we supplied to you.
  • Any introducing broker or other intermediary to whom we provide instructions or referrals.
In connection with your instructions​
  • ​Anyone who provides instructions or operates any of your accounts on your behalf (e.g. holders of Power of Attorney, solicitors, intermediaries, persons to whom you have granted security over your account and anybody else that we have been instructed to share your personal data with by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf).
  • Any joint account holders, trustees, beneficiaries or executors, your legal representative and their advisors, and members of your family if you suffer mental incapacity or death, for the purposes of them making a payment on your account.
  • Any party to a transaction acquiring risk in, or assuming risk in, or in connection with the products and services of Bank ABC or the Bank ABC Group.
  • Any potential or actual participant, sub participant, assignee, transferee or novate (and their employees and advisors) in respect of any of any of our obligations to you under any banking agreement.

10. ​​​​How long do we keep your personal data and what is the criteria used to determine this?

We keep your personal data for as long as necessary to fulfil the purposes for which it was collected (as described above). When you close your account with us, we retain, as long as required, some of your personal data in order to comply with legal and regulatory requirements or in case of claims or in order to answer any of your queries.

Such personal data include:

  • activities and transactions carried out by users on the customer’s account via our digital platforms; and
  • usernames (used in our digital platforms) of connected persons who no longer work for our customer.

We will continue to look after your personal data securely and your rights listed in this Privacy Notice shall remain in place until your personal data is safely deleted from our systems.

The criteria we use to determine data retention periods for your personal data includes the following:

  • ​Retention in case of queries: We will retain some of the data in case of queries from you (for instance, if you submit an application for a product or service and if that is unsuccessful);
  • Retention in case of claims: We will retain some of the data for the period in which a customer might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements: We will retain some of the data after our agreement with the customer has come to an end and, with respect to access to our digital platform, following the termination of such access, based on our legal and regulatory requirements.

11. ​​​​Your right under data protection laws

Your rights are as follows:​

  • The right to be informed about the processing of your personal data;
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • The right to object to the processing of your personal data;
  • The right to restrict the processing of your personal data;
  • The right to have your personal data erased (the right to be forgotten);
  • The right to request access to your personal data and to obtain information about how we process it;
  • The right to move, copy or transfer your personal data (data portability);
  • The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you;
  • The right to claim indemnification for damages incurred due to any illegal processing of your personal data; and
  • The right to withdraw your consent at any time (where processing is based on consent).

Please note that these rights are not absolute and do not apply in all circumstances.

You shall be entitled to any additional rights conferred by applicable laws and regulations.


12​. Complaints

You have the right to complain to the relevant supervisory authority which has enforcement powers and can investigate compliance with data protection laws.


13. ​​​​How do we protect your personal data?

We recognize the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. We use a variety of organizational and technical measures to:

  • maintain the confidentiality, availability and integrity of your personal data; and
  • make sure your personal data is not improperly used or disclosed.

We have detailed information security and data protection policies which our employees are required to follow when they handle your personal data. Our employees receive data protection and information security training. Electronic data and databases are stored on secure computer systems with access controls in place to limit physical, system and information access to only authorized employees.


14. ​​​​Automated decision making​

Depending on the products or services you use, we may make automated decisions about you. Some of these decisions are made using artificial intelligence without any initial human input. For example, we may make automated decisions about you that relate to detection of fraud, which involves monitoring your account to detect fraud and financial crime.

If we make an automated decision or create a profile about you that significantly affects you, you have the right to request a manual review of that decision by a person. You can also share your perspective and challenge the outcome.


15. ​​Changes to our privacy Notice

We may change or update this Privacy Notice from time to time and you will always be able to find the most recent version on our website. If changes to this Privacy Notice will have a fundamental impact on the nature of the processing of your personal data or otherwise have a substantial impact on you, we will give you sufficient notice.

​​

To download the Privacy notice, ​Click here.
Ask Fatema