1. This Policy
This Policy is issued by the National Bank of Bahrain B.S.C. (“NBB”) on behalf of itself, and its branches,
and is addressed to individuals outside our organisation with whom we interact, including customers, business partners, vendors, visitors to our websites, and other recipients of our services (together, "you").
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the
Processing of Personal Data, or changes in respect of the Personal Data Protection Law (the “PDPL”).
2. Processing your Personal Data
This section lists places where we get data that counts as part of your Personal Data.
Collection of Personal Data: We collect Personal Data about you:
Creation of Personal Data: We create Personal Data about you, such as records of your interactions with us, and details of your accounts, subject to the PDPL.
Unique application number: When you wish to install or uninstall the App containing a unique application number or when such application searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.
Relevant Personal and Sensitive Personal Data:
This section explains what different types of Personal Data mean.
Pursuant to the PDPL, the categories of Personal Data about you that we Process are as follows:
Type of Personal Data |
Description |
|
Address; telephone number; and email address |
|
given name(s); preferred name(s); gender; date of birth / age; marital status; Social Security number; passport number(s); driving license number(s); nationality; lifestyle and social circumstances; images of passports, driving licenses, and signatures; authentication data (passwords, |
|
Names and contact details of family members and dependents |
|
Your financial position; financial status; financial history; billing address; bank account numbers; credit card numbers; cardholder or accountholder name and details; instruction records; transaction details; and counterparty details |
|
Details about payments to and from your accounts with us, and insurance claims you make |
|
Details about how you use products and services from us and other organisations |
|
Industry; role; business activities; names of current and former employers; work address; work telephone number; and work email address |
|
IP addresses; cookies; activity logs; online identifiers; unique device identifiers; and geolocation data. |
Sensitive Personal Data: Any personal information that directly or indirectly discloses any of the following: the ethnic origin of the individual, their ethnic group, political or philosophical views, religious beliefs, trade union affiliation, criminal record, or any data relating to their health or sexual status.
Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:
Purposes for which we may Process your Personal Data:
We will only use your Personal Data when the law allows us to do so, most commonly we will use your Personal Data in the following circumstances:
Anti-Money Laundering / KYC
|
Client on-boarding
|
Credit worthiness
|
Providing products and services to you
|
Marketing
|
Operation of our website and App
|
Install the App and register you as a new App user
|
IT operations
|
Financial management
|
Research
|
InvestigationsDetecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law. |
Legal complianceCompliance with our legal and regulatory obligations under applicable law |
Legal proceedingsEstablishing, exercising and defending legal rights. |
Improving our products and services
|
Risk Management
|
Fraud preventionDetecting, preventing and investigating fraud. |
3. Disclosure of Personal Data to third parties
We may disclose your Personal Data for legitimate business purposes (including providing services to you), in accordance with the PDPL. In addition, we may disclose your Personal Data to:
If we engage a third-party Data Processor to Process your Personal Data, the Data Processor will be subject to binding
contractual obligations to:
4. International transfer of Personal Data
We may need to transfer your Personal Data to third parties as noted in Section 3 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those that apply in the country in which you are located, in such circumstance we shall ensure that your Personal Data shall be held in a manner consistent with the rules and standards expected in the Kingdom of Bahrain.
If you want to receive more information about the safeguards applied to international transfers of personal data,
please use the contact details provided in Section 10 below.
5. Data Security
We have implemented appropriate technical and organizational security measures designed to protect your
Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised
access, and other unlawful or unauthorised forms of Processing, in accordance with the PDPL.
6. How long we keep your Personal Data
This section explains how long we may keep your Personal Data for and why.
7. Your legal rights
Subject to the PDPL, you may have a number of rights regarding the Processing of your Personal Data, including:
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section 10 below.
8. Cookies
A cookie is a small file that is placed on your device when you visit a website. It records
information about your device, your browser and, in some cases, your preferences and browsing habits. We may
Process your Personal Data through cookie technology. We use cookies and / or other tracking technology to distinguish you from other users of the App, App Site, the distribution platform or Services Site and to remember your preferences. This helps us to provide you with a good experience when you use the App or browse any of our Sites and also allows us to improve the App and our Sites.
9. Direct Marketing
We may Process your Personal Data to contact you so that we can provide you with information on our products and services that may be of interest.
If you do not wish to receive marketing communications from us you can opt out at any time by contacting your
regular NBB contact. After you unsubscribe, we will not send you further promotional text messages, but we may continue to contact you to the extent necessary for the purposes of any services you have requested.
We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.
As NBB continues to update and improve its internal processes, systems and controls, we may notify you in the future about the best way for you to update your Personal Data and your preferences.
10. Contacting us
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues
relating to the Processing of Personal Data by NBB, please contact your regular NBB client service contact, or:
National Bank of Bahrain
12th Floor Old Tower, P.O Box 106, Manama, Kingdom of Bahrain
Email: privacy@nbbonline.com
11. Defined terms
Defined Term |
Meaning |
Authority |
An independent public authority established under the provisions of the PDPL that is legally tasked with overseeing compliance with the PDPL. |
Data Processor |
Any person or entity that Processes Personal Data on behalf of the Data Protection Controller (other than employees of the Data Manager or Data Protection Controller). |
Device Data |
includes the type of mobile device you use, a unique device identified (e.g. your device's IMEI number, MAC address of your Device's wireless network interface, or the mobile number used by your Device, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, from the following parties: analytics providers, advertising networks, search information providers. |
Location Data |
includes your current location disclosed by GPS technology |
Personal Data |
Information that is about any individual, or from which any individual is identifiable. |
Process or Processed or Processing |
Anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, classification, storage, modification, alteration, retrieval, use or disclosure by transmission, publishing, transferring, dissemination or otherwise making available to third parties, merging, blocking, wiping, restriction, erasure or destruction. |
Sensitive Personal Data |
Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health or any other information that may be deemed to |
Usage Data |
includes details of your use of any of our Apps or your visits to any of Our Sites including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. |