Privacy Policy

1. This Policy
This Policy is issued by the National Bank of Bahrain B.S.C. (“NBB”) on behalf of itself, and its branches, 
and is addressed to individuals outside our organisation with whom we interact, including customers, business partners, vendors, visitors to our websites, and other recipients of our services (together, "you"). 
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the
Processing of Personal Data, or changes in respect of the Personal Data Protection Law (the “PDPL”). 

2. Processing your Personal Data
This section lists places where we get data that counts as part of your Personal Data.
Collection of Personal Data: We collect Personal Data about you:

• When you provide it to us (e.g., where you contact us via telephone or by any other means)
• In the ordinary course of our relationship with you (e.g., in the course of managing your transactions)
• That you choose to make public, including via social media (e.g., we may collect information from your social media profile(s), to the extent that you choose to make your profile publicly visible)
• From third parties who provide it to us (e.g., your employer; our customers; credit reference agencies; law enforcement authorities and so forth)
• When you visit our websites or use any features or resources available on or through our website. When you visit our website, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to our website and other technical communications information), some of which may constitute Personal Data
• When you download, register or use our mobile applications we will automatically collect Personal Data, including Device Data, Location Data and Usage Data. We collect this data using cookies and other similar technology

Creation of Personal Data: We create Personal Data about you, such as records of your interactions with us, and details of your accounts, subject to the PDPL.

Unique application number: When you wish to install or uninstall the App containing a unique application number or when such application searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.

Relevant Personal and Sensitive Personal Data: 

This section explains what different types of Personal Data mean. 
Pursuant to the PDPL, the categories of Personal Data about you that we Process are as follows:

Sensitive Personal Data: Any personal information that directly or indirectly discloses any of the following: the ethnic origin of the individual, their ethnic group, political or philosophical views, religious beliefs, trade union affiliation, criminal record, or any data relating to their health or sexual status.

Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:

1. the Processing is necessary for compliance with a legal obligation;
2. the Processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by the PDPL;
3. you have made those Sensitive Personal Data public;
4. the Processing is necessary for the establishment, exercise or defence of legal rights;
5. we have, in accordance with the PDPL, obtained your explicit consent prior to Processing your Sensitive Personal Data; or
6. Processing is necessary for reasons of substantial public interest and occurs on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental rights and interests.

Purposes for which we may Process your Personal Data: 

We will only use your Personal Data when the law allows us to do so, most commonly we will use your Personal Data in the following circumstances:

• where you have consented before the processing;
• where we need to perform a contract we are about to enter or have entered with you;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
• where we need to comply with a legal or regulatory obligation(s).

Here is a list of all the ways that we may Process your Personal Data:
 

3. Disclosure of Personal Data to third parties

We may disclose your Personal Data for legitimate business purposes (including providing services to you), in accordance with the PDPL. In addition, we may disclose your Personal Data to:

1. you and, where appropriate, your family, your associates and your representatives;
2. credit reference agencies;
3. anti-fraud services;
4. Governmental, legal, regulatory, or similar authorities, regulators, and central and/or local government agencies, upon request or where required, including for the purposes of reporting any actual or suspected breach of applicable law or regulation;
5. accountants, auditors, financial advisors, lawyers and other outside professional advisors to NBB, subject to binding contractual obligations of confidentiality;
6. debt-collection agencies;
7. data aggregation services;
8. accreditation bodies;
9. third party Processors (such as payment services providers; shipping companies; etc.), located anywhere in the world, subject to the requirements noted below in this Section 3;
10. any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent
11. necessary for the establishment, exercise or defence of legal rights in accordance with applicable law;
12. any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law;
13. the press and the media; and
14. voluntary and charitable organisations.

If we engage a third-party Data Processor to Process your Personal Data, the Data Processor will be subject to binding
contractual obligations to: 

1. only Process the Personal Data in accordance with our prior written instructions; and 
2. use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.

4. International transfer of Personal Data

We may need to transfer your Personal Data to third parties as noted in Section 3 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those that apply in the country in which you are located, in such circumstance we shall ensure that your Personal Data shall be held in a manner consistent with the rules and standards expected in the Kingdom of Bahrain.

If you want to receive more information about the safeguards applied to international transfers of personal data,
please use the contact details provided in Section 10 below.

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your
Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised
access, and other unlawful or unauthorised forms of Processing, in accordance with the PDPL.

6. How long we keep your Personal Data

This section explains how long we may keep your Personal Data for and why.

1. We will keep copies of your Personal Data for as long as you are a customer of NBB.
2. We may keep your data for up to 10 years after you stop being a customer. The reasons we may do this are:
3. To respond to a question or complaint, or to show whether we gave you fair treatment
4. To study customer data as part of our own internal research
5. To comply with any data retention rules that apply to us about keeping records. For example, the Central Bank of   Bahrain requires us to retain certain data for a minimum of 5 years.
6. We may also keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.
7. We will only use your Personal Data for those purposes and will make sure that your privacy is protected.

7. Your legal rights

Subject to the PDPL, you may have a number of rights regarding the Processing of your Personal Data, including:

1. the right to request access to your Personal Data, together with information regarding the nature, Processing and disclosure of your Personal Data;
2. the right to request rectification of any errors in your Personal Data;
3. the right to request, on legitimate grounds:
   • erasure of your Personal Data; or
   • restriction of Processing of your Personal Data; and
4. where we Process your Personal Data on the basis of your consent, the right to withdraw that consent.
5. This does not affect your statutory rights.
6. Subject to the PDPL, you may also have the following additional rights regarding the Processing of your Personal Data:
7. the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf; and
8. the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section 10 below.

8. Cookies

A cookie is a small file that is placed on your device when you visit a website. It records
information about your device, your browser and, in some cases, your preferences and browsing habits. We may
Process your Personal Data through cookie technology. We use cookies and / or other tracking technology to distinguish you from other users of the App, App Site, the distribution platform or Services Site and to remember your preferences. This helps us to provide you with a good experience when you use the App or browse any of our Sites and also allows us to improve the App and our Sites.

9. Direct Marketing 

We may Process your Personal Data to contact you so that we can provide you with information on our products and services that may be of interest.

If you do not wish to receive marketing communications from us you can opt out at any time by contacting your
regular NBB contact. After you unsubscribe, we will not send you further promotional text messages, but we may continue to contact you to the extent necessary for the purposes of any services you have requested.

We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

As NBB continues to update and improve its internal processes, systems and controls, we may notify you in the future about the best way for you to update your Personal Data and your preferences.  

10. Contacting us 

If you have any comments, questions or concerns about any of the information in this Policy, or any other issues
relating to the Processing of Personal Data by NBB, please contact your regular NBB client service contact, or:

National Bank of Bahrain
12th Floor Old Tower, P.O Box 106, Manama, Kingdom of Bahrain
Email: privacy@nbbonline.com

11. Defined terms