The purpose of this privacy notice is to explain to you how Arab Banking Corporation (B.S.C.) (“Bank ABC”) acting through its retail branch (“ila”, “we”, “us”, and “our”) may process your personal information.
Who is your data controller?
Your data controller is ila with whom you have entered into a banking relationship and operate an account, including through the use of our digital platform. ila is a retail branch of Bank ABC. You can find ila’s contact details at the end of this privacy notice. For more information about ila please visit www.ilabank.com.
Definitions and interpretation.
Where the customer of ila is a personal customer, any reference to the “customer” and “you” will mean such personal customer and “you” also refers to any individual whose personal information the customer, or any person acting on behalf of the customer (a “Connected Person”), provides to any ila affiliate in connection with the provision of products and services.
Where the customer of ila is a business customer, any reference to “you” will mean any Connected Person and a reference to the “customer” will mean the business customer.
If you are a senior manager, authorised signatory, or beneficial owner of an ila business customer, or if you are a personal customer of ila, you must ensure that every Connected Person receives a copy of this privacy notice before their personal information is shared with ila.
What personal information do we collect about you?
The personal information we collect about you includes information that we collect when we setup, administer, and manage our relationship with the customer and users of our digital platform, such as the following.
Email addresses, biometric data, video selfie images, telephone numbers, identity document, type of identity document submitted, proof of address documents, type of proof of address documents submitted, Identity document number, full name, nationality, date of birth, gender, residential address, country of birth, employment status, employment information, tax status, tax identification number, FATCA forms, details of source of income and source of wealth, information on monthly income, average account financial activity, and engagement data.
Information that we gather from publicly available sources such as biographies held on the internet or other local trade registers.
Information relating to customer transactions (such as type, dates, amounts, currencies, payer and payee details).
Information we learn about you from the way you operate our products and services and use our websites; including the technology you use for this, language preferences, and mobile phone location data.
Internet online identifiers. These may leave traces which, when combined with unique identifiers and other information received by servers, may be used to identify the user. Internet online identifiers may include internet protocol addresses (IP addresses) and cookie identifiers.
Information relating specifically to transactions carried out on our digital platform by users. Whilst our banking relationship is with our customer, we will be collecting information specific to transactions carried out by users. For example, we will be able to inform our customer of details (such as dates, amounts, currencies, payer and payee details) about transactions made on our digital platform and which user initiated the transactions. Some of this may be personal information about the user.
Security codes, including all confidential codes, user names, user identifications and passwords, PIN/Password and information or a physical device (for example, an ATM card, a debit card, credit card, prepaid card, security token, or electronic key) that the user must use to confirm identity when accessing our digital platform.
Email addresses and telephone numbers used for work purposes and which must be active and accessible to receive digital alerts (meaning an alert by SMS or email which we send to alert users to certain types of transactions or to provide financial information).
We may record calls, email, text messages, social media messages and other communications between you and employees of ila.
Closed-circuit television (“CCTV”) may be used in and around our premises and ATM locations for the purposes of security and preventing crime, therefore we may have images of you captured by our CCTV cameras.
How is the personal information collected?
We collect personal information from a number of sources, including the following.
Information received and collected via the mobile application named “ila” (the “ila App”).
Information we receive directly by your engagement with our social media platforms.
Information that we learn through your use of our services and products such as when you visit our websites or when you speak to us by way of the contact centre.
Information we receive directly from you or from a person acting on your behalf.
Information we obtain from third parties such as credit reference, debt recovery, fraud prevention or government agencies, which may have originated from publicly accessible sources.
Information that we gather from publicly available sources such as the internet and/or other local trade registers.
Information that we identify through our fraud prevention controls.
Information provided by affiliates of ila.
From servers in relation to your use of our digital platform.
How will we use your personal information, with whom will we share it, and what is the legal basis for this?
We will use your personal information for the following reasons as permitted by applicable data protection laws.
Processing that is necessary for our own legitimate interests (including those of ila’s affiliates) or those of third parties to do the following.
To set up, maintain, and administer the contractual relationship that we have with the customer.
To enable you to manage the customer account with us and to assist you to transact with us.
To collect due and outstanding debt which may involve passing your personal information to debt collection agencies.
To keep records of communications in order to evidence what has been discussed, keep a record of your instructions, and to prevent or detect crime.
To record customer account activities where we have reason to believe that fraud or other crimes are being committed or where we suspect non-compliance with anti-money laundering regulations to which we are subject.
To test the performance of our products, services, and internal processes to ensure that your personal information is only collected as needed and is held and processed securely.
To develop statistics and for market research and analysis including to develop and improve our products and services so that we can offer new and enhanced products and services to the customer, which may include converting your personal information into statistical or aggregated data which cannot be used to identify you.
To administer ila’s internal operational requirements (including credit, compliance, and risk management, market research, system and product development, staff training, quality control, accounting, and for audit purposes).
To comply with our regulatory obligations under any applicable regulatory regimes.
For some direct marketing communications from us and/or for ila to inform you of products or services which may of interest to you or your business.
When sharing personal information with the following third parties.
- Any ila affiliate to allow you to access our products and services. This includes our IT support teams for digital platform services.
- Any introducing broker or other intermediary to whom we provide instructions or referrals.
- Our legal and professional advisers such as auditors and external legal counsel.
- With any party to a transaction acquiring risk in, or assuming risk in, or in connection with, the products and services of ila or Bank ABC.
- Any sub-contractors, agents or service providers (including our digital identity service provider) engaged by ila and/or Bank ABC (including their employees, directors, and officers), such as backup and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.
- Credit reference, debt recovery, or fraud prevention agencies.
- Tax authorities, including those based overseas.
- Persons acting on behalf of the customer, payment recipients, beneficiaries, account nominees, correspondent, and agent banks.
- Financial institutions and trade associations.
Processing that is necessary to comply with the following legal obligations.
To comply with laws that require us to verify the identity of our customers and to detect and prevent financial crime.
To comply with tax regulations that require us to report the tax status of our customers.
When enforcing or defending our rights, or those of any ila affiliate or a third party employed by us.
To keep records of communications and customer account activities (as described above) including (but not limited to) transactions and other activity effected on our digital platform, such as date and time of logging in and for how long the user is logged in.
To process requests relating to the exercise of your rights under data protection laws.
When sharing personal information with the following third parties:
- any governmental, banking, taxation, or other regulatory authorities or similar bodies with jurisdiction over any part of ila or Bank ABC, or under the rules of a relevant stock exchange, including those which are based overseas; and
- the courts, and as may otherwise be necessary for the administration of justice, to protect vital interests and to protect the security and integrity of Bank ABC’s business operations or those of ila.
Processing based on your consent.
ila may share your personal information with other persons where you have provided your explicit consent to do that.
For some direct marketing communications from us and/or Bank ABC.
Is providing your personal information obligatory?
We are unable to enter into or administer the relationship with the customer without some personal information about you. In cases where providing your personal information is optional, we will make this clear, for instance by explaining in application forms if certain data fields can be left blank. If we are seeking a consent to justify our processing of your personal information, we will make this clear.
Updates to your personal information.
If any of the personal information you have given to us should change, such as your contact details, please inform us without delay. Similarly, if we have collected personal information about you that you consider to be inaccurate, please inform us. Our contact details are below. You must let us know immediately if a user has left your organisation (by this we mean the customer organisation) in order for us to terminate their access to the digital platform.
The people and organizations that we may share your personal information with may be located in a country that does not have data protection laws which provide the same level of protection as the country in which the products and services are supplied. Affiliates of ila are located in other countries.
In this way your personal information may be transferred outside of Bahrain. Some countries already have adequate protection for personal information under their applicable laws. In other countries safeguards may be applied to maintain the same level of protection as the country in which the products and services are supplied. These safeguards may be contractual agreements with the overseas recipient, or requirements for recipients to subscribe to international data protection frameworks.
How long do we keep your personal information and what is the criteria used to determine this?
We need to keep your personal information for as long as necessary to fulfil the purposes for which it was collected (as described above). Even when you close the customer account with us, we must retain some of your personal information in order to comply with legal and regulatory requirements and in case of claims. We will also keep some of this information in case of queries from you.
If our customer has chosen to cease its access to ila’s banking services and products via our digital platform, we will retain personal information about activities and transactions carried out by users on the customer’s account via our digital platform for as long as necessary to comply with legal and regulatory requirements and in case of claims. We will also keep some information in case of queries from our customer about activities and transactions.
If you are a Connected Person who is a user, and then no longer work for our customer, we will keep your username only for as long as necessary in case of queries from our customer.
We will continue to look after your personal information securely and your rights listed in this privacy notice remain in place until your personal information is safely deleted from our systems.
The criteria we use to determine data retention periods for your personal information includes the following.
Retention in case of queries. We will retain some information in case of queries from you.
Retention in case of claims. We will retain some information for the period in which the customer might legally bring claims against us.
Retention in accordance with legal and regulatory requirements. We will retain some information after our agreement with the customer has come to an end and, with respect to access to our digital platform, following the termination of such access, based on our legal and regulatory requirements.
Identity verification and fraud prevention checks.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
Your rights under data protection laws.
Your rights are as follows (noting that these rights do not apply in all circumstances and that some of these rights are only relevant from the date of this policy notice):
the right to be informed about the processing of your personal information;
the right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
the right to object to processing of your personal information;
the right to restrict processing of your personal information;
the right to have your personal information erased (the right to be forgotten); and
the right to obtain information about how we process your personal information.
If you wish to exercise any of these rights, please write to us.
How to contact us.
If you have any questions about this privacy notice or your personal information, please contact us.
ila Service Centre
Bank ABC Tower 2
Building 152, Road 1703
Block 317, Diplomatic Area
Telephone: +973 17123456