Privacy policy
Privacy Notice
The purpose of this Privacy Notice is to explain to you how ila Bank (“ila”, “we”, “us”, and “our”), a retail branch of Arab Banking Corporation (B.S.C.) (“Bank ABC”), processes your personal data.
This Privacy Notice should be read together with all other relevant agreements, arrangements and terms and conditions of ila.
Who is your data controller?
Your data controller is ila.
You can find ila’s contact details at the end of this Privacy Notice. For more information about ila please visit www.ilabank.com.
What personal data do we collect about you?
The personal data we collect about you includes information that we collect when we setup, administer, and manage our relationship with you, such as the following:
Type of personal data | Details | Collection |
|---|---|---|
Personal data you provide us | Your full name, nationality, date of birth, gender, residential address, country of birth, age. Your email addresses and telephone numbers. Your identity documents, along with any associated information they contain, as well as proof of address documents. Your employment status, employment information, tax status, tax identification number, FATCA forms, details of source of income and source of wealth. Your images, videos, and facial scan data (referred to as ‘biometric data’) are collected to verify your identity during the onboarding process as part of our Know-Your-Customer (KYC) procedures, to authenticate your status as an authorized user of our digital application, and to assist in fraud detection. | Personal data received and collected via our mobile application and onboarding forms Registration for our products (for yourself, someone else for supplementary cards). When you speak with customer support team or contact us for any other reason. |
Personal data that we gather from social media | Your social media profiles, messages (when interacting with us) and biographies. Social media posts and interactions with us on social media. | Publicly available information on social media. When you take part in online discussion or promotions When you enter competition. |
Personal data generated or collected during our relationship | Correspondence, records of interactions, and complaints. Personal data relating specifically to transactions carried out on our digital platform by you (such as type, dates, amounts, currencies, payer, and payee details). Information on monthly income and average account financial activity. Debit card, credit card, prepaid card, security token, or electronic key that you must use to confirm your identity when accessing our digital platform. | Correspondence and interactions with us. Account transactions. |
Personal data gathered from various other sources | Credit reports, scores, and creditworthiness. Financial status. | Credit Reference Bureaus, official registers, public databases, and other third parties providing fraud prevention. Publicly accessible sources. Internet. Third party providers (i.e., webinars). |
Personal data collected from your use of our products and services | Internet online identifiers (i.e., cookies, IP addresses) and other technical personal data (these may leave traces which, when combined with unique identifiers and other information received by servers, may be used to identify you). Technical personal data may include mobile network information, unique device identified, traffic data including web logs. Geolocation. Security codes, including all confidential codes, usernames, user identifications and passwords, PIN/Password. | Personal data we learn about you from the way you operate our products, services, and use the ila mobile application. |
Recordings and CCTV | Closed-circuit television (“CCTV”) may be used in and around our premises and ATM locations for the purposes of security and preventing crime, therefore we may have images of you captured by our CCTV cameras. When you call our Customer Service, your call will be recorded. | When you call us. When you visit our branch and ATMs. |
Profiling | Any personal data that we process about you except for sensitive personal data could be used for profiling and analytics. | Personal data we learn about you from your purchasing history, demographic information, shopping to enhance your banking experience by understanding your needs and preferences better. |
Sensitive personal data | Biometrics. Criminal and court records including CBB account blocks and Politically Exposed Persons (“PEP”). Religion. | Directly from you during onboarding. Publicly accessible sources. Internet. |
How we handle personal data shared with us about you and others?
Although our banking relationship is with you, we may collect information related to transactions conducted by other customers that involve you. For example, when another customer uses your IBAN or phone number for a transaction.
When you give us personal data about other individuals (such as a joint account holder, spouse, or family member), or ask us to share their information with third parties, you are expected to have previously informed them of this Notice.
How will we use your personal information, and on what legal basis?
We will use your personal data for the following reasons:
Lawful basis | Usage |
|---|---|
Processing that is necessary to set up, maintain and administer the contractual relationship with you | To enable you to manage your account with us and to assist you to transact with us. To operate and manage your ila account and to manage your cards (debit and / or credit) that you have with ila. To communicate with you and to resolve your queries. |
Processing that is necessary for our own legitimate interests (including those of ila’s affiliates) | To collect due and outstanding debt which may involve passing your personal information to debt collection agencies. To keep records of communications to evidence what has been discussed, keep a record of your instructions, activity on the digital platform, and to prevent or detect crime. To record customer account activities where we have reason to believe that fraud or other crimes are being committed or where we suspect non-compliance with anti-money laundering regulations to which we are subject. To test the performance of our products, services, and internal processes to ensure that your personal information is only collected as needed and is held and processed securely. To develop statistics and for market research and analysis including the development and improvement of our products and services so that we can offer new and enhanced products and services to you. To administer internal operational requirements. |
Processing that is necessary to comply with the following legal obligations | To comply with laws that require us to verify the identity of our customers and to detect and prevent financial crime. To comply with tax regulations that require us to report the tax status of our customers. When enforcing or defending our rights, or those of any ila affiliate or a third party employed by us. To process requests relating to the exercise of your rights. |
Processing based on your consent | Where you have agreed to us collecting your personal data, for example: When you have ticked a box to indicate that you are happy for us to use your personal data in a certain way. To manage ila website registration page for newsletter sign-up. When you agreed to collection of Cookies (i.e., online Identifiers that may leave traces which, when combined with unique identifiers and other data received by servers, may be used to identify you). For more details about Cookies, see our online Cookie Policy. |
Do we share your personal data with third parties?
We share your personal data with ila affiliates including with Bank ABC to provide you with the best service, IT infrastructure, and protection.
We also engage third parties to perform certain services on our behalf, including but not limited to:
Intermediaries to whom we provide instructions or referrals.
Legal and professional advisers, such as auditors and external legal counsel.
Sub-contractors, agents, or service providers engaged by ila—including digital identity service providers—comprise entities such as backup and server hosting providers, IT software and maintenance specialists, and suppliers responsible for various back-office functions.
As a digital bank, when legally obliged, we may be required to share your personal data with:
Governmental, and other regulatory authorities or similar organizations with jurisdiction over any aspect of ila or Bank ABC, or as required by the rules of a relevant stock exchange, including those located in other countries provided that such countries meet the adequate level of data protection standards as determined by the Bahrain Personal Data Protection Authority.
Persons and financial institutions acting on behalf of the customer, payment recipients, beneficiaries, account nominees, correspondent, and agent banks.
Courts, and as may otherwise be necessary for the administration of justice, to protect vital interests and to protect the security and integrity of Bank ABC’s business operations or those of ila.
Credit reference agencies, debt collectors, and fraud prevention bodies.
Tax authorities, including those based overseas.
Is providing your personal data obligatory?
We are unable to enter into or administer the relationship with you without some personal data about you. In cases, where providing your personal data is optional, we will make this clear, for instance by explaining this in application forms if certain data fields can be left blank. If we are seeking a consent to justify our processing of your personal data, we will make this clear.
Is your personal data transferred internationally?
Some of our third parties and affiliates are located outside the Kingdom of Bahrain. Certain countries have established adequate personal information protection under their respective data protection laws. To ensure your personal data receives the same level of protection as in Bahrain, we implement contractual agreements, regulatory authorizations (where applicable), or require adherence to international data protection frameworks by data recipients.
Is your personal data used for profiling and automated decision making?
We use data analytics to evaluate relevant metrics in order to identify products that may match your interests, based on segmentation and prediction methods. This process is sometimes referred to as profiling. These activities are carried out to support the efficient delivery of our services.
We also use your personal data to facilitate automated decision-making processes, which are essential for enhancing security and efficiency. Specifically, these processes are used for:
Personal data is analyzed using advanced algorithms to identify and prevent fraudulent activities.
We utilize biometric data, such as facial recognition, to verify identities.
If we make an automated decision or create a profile about you that significantly affects you, you have the right to request a manual review of that decision by a person.
For more information, please see the ‘Your Rights’ section below.
How long do we keep your personal data and what is the criteria used to determine this?
We need to keep your personal data for as long as necessary to fulfil the purposes for which it was collected. Even when you close your customer account with us, we must retain some of your personal data in order to comply with our legal and regulatory requirements and in case of claims.
We will continue to look after your personal data securely and your rights listed in this Privacy Notice remain in place until all of your personal data is safely deleted from our systems.
The criteria we use to determine data retention periods for your personal data includes the following.
• Retention in accordance with legal and regulatory requirements. We will retain personal data after our agreement with you has come to an end and, with respect to access to our digital platform, following the termination of such access, based on our legal and regulatory requirements.
• Retention in case of queries. We will retain some information in case of queries from you.
• Retention in case of legal claims. We will retain some information for the period in which you might legally bring claims against us.
• Retention in case of suspected fraud or legal hold.
Your rights
Your rights are as follows (noting that these rights do not apply in all circumstances):
• the right to be informed about the processing of your personal data including to be informed about your right to be able to object to direct marketing
This Privacy Notice explains how we handle your personal data and your rights.
• the right to be notified upon processing of your personal data
If you make a formal request to us, we will provide a copy of the personal data we hold about you. Please note that there is certain information that we cannot give you. For example, any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you, etc.
• the right to request rectification, blocking or erasure of your personal data
You can have your incomplete, outdated, or inaccurate personal data rectified.
Please note that we may not be able to agree to your request for personal data deletion. As a licensed conventional retail bank branch by the Central Bank of Bahrain, we must keep certain customer personal data even when you ask us to delete it. If you have closed your ila account, we may not be able to delete your entire file because these regulatory responsibilities take priority.
• the right to object to the processing of your personal data
Causing material or moral damage to data subject or others
Based solely on automated decision-making for the assessment of financial standing, creditworthiness, reliability of conduct
For direct marketing
• the right to withdraw your consent at any time
If you wish to opt-out or withdraw your consent (including from receiving marketing communications), you may click on unsubscribe on the email or contact our team on +973 1723456.
Please be advised that ila will continue to deliver essential notifications, including transactional messages and any other communications required under lawful grounds.
• the right to lodge a complaint
You may lodge a complaint to the Bahrain Personal Data Protection Authority.
To exercise these rights, contact us by mail or phone. Please note that these rights are not absolute and do not apply in all circumstances. It is understood that you will be entitled to any additional rights that would be conferred by the applicable laws and regulations.
How to keep your personal data updated?
If any of the personal data you have given to us should change, such as your contact details, please inform us without delay. Similarly, if we have collected personal data about you that you consider to be inaccurate, please inform us. Our contact details are below.
How can you contact us?
For inquiries regarding this Privacy Notice or your personal information, please reach out for further assistance.
ila Service Centre
Bank ABC Tower 2
Building 152, Road 1703
Block 317, Diplomatic Area
Manama, Bahrain
Telephone: +973 17123456
Last updated.
This Privacy Notice was last updated in September 2025.
Like what you see? Start your ila journey today
Download the app and experience banking that reflects you.
