This Privacy Notice aims to give you information about how the Bank may collect and processes your personal data. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may issue on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.

"Al Hilal Bank PJSC" is the Bank's registered business name. The Bank is regulated by the Central Bank of the United Arab Emirates (“CBUAE”). The registered Head Office of Al Hilal Bank PJSC, is Al Bahar Towers, Sheikh Zayed Street, Eastern Mangroves, Abu Dhabi, United Arab Emirates.
For the purposes of applicable data protection legislation, the Bank is the data controller in respect of the information that we collect or obtain about you in most cases where we process your information. This is because the Bank in most cases, is the person who (either acting alone or jointly with others) determines why and how your personal information is processed.

Our Data Privacy Office is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about the terms set out herein, including any requests to exercise your legal rights, please contact our Data Privacy Office at dataprivacy@alhilalbank.ae. If you wish to get in contact with our Data Protection Officer directly, please note this in the subject line.

This Privacy Notice is updated from time to time. We will post any material changes that we may make to this Privacy Notice on our website and, where appropriate, we will notify you of the change by email.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if any of the information we hold on you changes during your relationship with us.

Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed and the person is not or no longer identifiable (anonymous data).

Your personal information will be collected or obtained by us whether we deal with you as an individual or on behalf of an individual, business, charity, trust or other organization that you represent. Broadly, personal information is any information that can identify you as an individual. We process many different types of personal information (as further described below).

If you have made an application on behalf of another individual, a joint application with another individual, or an application on behalf of a business, charity, trust or other organization and have provided us with information in relation to its directors, shareholders, owners, trustees or beneficiaries (as applicable), or if you have provided us with personal information in relation to any guarantor, provider of security, donor or financer of any deposit monies or any occupier of any security property, then this Privacy Notice will also apply to the information that we collect or obtain about those individuals. You must provide a copy of this Privacy Notice to those individuals as soon as possible and obtain their confirmation that they have read and understood the terms set out herein.

We will collect, use, store and transfer different kinds of personal data about you, which may include:

1. identifying information: i.e. information used to identify a specific individual, such as: name; date of birth; place of birth; nationality; country of residence; country of tax domicile; passport number and place of issue; residency permit details; tax identification details, passport details, photo;
2. contact information: e.g. postal address, telephone number, email address, mobile number;
3. family information: e.g. marital status;
4. financial information: e.g. source of wealth, personal assets, bank account numbers, spending, income details and credit bureau reports from relevant authorities;
5. professional information: e.g. employer, business interests, career history, monthly income;
6. website technical data: e.g. your internet protocol (IP) address, website login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
7. website profile and usage data: e.g. your interests, preferences, feedback and survey responses, and information about how you use our website; and/or
8. transaction details while performing online payments: e.g. merchant name, location, device used.

In certain circumstances, we will also collect, use, store and transfer “Special Categories of Data” (as explained further in the Glossary) about you. Note that we will only process Special Categories of Data to the extent permitted under applicable law. In circumstances where we rely on express consent as the legal basis for our processing, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent or not.

Where we require your express consent to use and/or share your personal data, you have the right to refuse to provide us with such express consent. If you do refuse to provide us with your express consent to use and/or share your personal data due to regulatory restrictions we may not be able to provide you with the banking products or services for which your consent is being requested.

Please note that if certain information is not shared with us, that may limit what we are able to do for you and in some cases you may be unable to access our website or receive our offers. We will notify you if this is the case at the time.

Where we need to collect personal data due to the requirements of applicable law or professional standards and you fail to provide that data when requested, we may have to decline a request for services or, if we are already supplying services, suspend or stop providing you with our services. We will notify you if this is the case at the time.

We may collect your personal information directly from you in a number of ways, including:

1. when you apply for any product on our website (www.alhilal.abudhabi) or the bank’s digital application, through a postal application, telephone or direct with one of our employees;
2. when you provide it on-line or by any other method of communication, for example, on "contact us" forms, or when you provide it through the course of our relationship, for example, if you inform us of a change in your circumstances; and
3. technical information, including the Internet Protocol (IP) address used to connect to the internet, may be collected from you when you visit our website.
   We may obtain your personal information indirectly from third parties in the following ways:
   
4. following an introduction to us by another third party, such as an accountancy firm, law firm or management consultancy;
5. if another person provides your information to us when they apply to obtain a product from us:
   1. on your behalf; or
   2. that is to be held jointly with you; or
   3. on behalf of a business, charity, trust or other organization of which you are a director, shareholder, owner, trustee or beneficiary (as applicable); or
   4. they have nominated you as a guarantor under our agreement with them, or to provide any other security, or informed us that you are a donor or lender of any deposit monies or occupier of any security property;
6. when we carry out searches for the purposes of processing your application and/or during the course of your relationship with us; or
7. in response to our marketing activities, you request information about our products via a third party (e.g. websites and social media platforms).

If you are applying to us through a third party, then they should have provided you with their own privacy notice in order to tell you (whether online or in person) how they may process your personal information.

We will only use your personal data to the extent permitted by applicable laws and regulations. For example, we will use your personal data in the following circumstances:

1. Processing applications for products and services, including assessing customer suitability and performing necessary checks and risk assessments (e.g., in case of credit request).
2. Providing products and services (including electronic banking services, financing, mortgages, credit cards, etc.), including effecting payments, transactions and completing instructions or requests.
3. Create, manage, monitoring, improving and maintain your experience on the Sites.
4. Operate, evaluate and improve our business and the products and services we offer, including establishing and managing banking relationships and accounts.
5. Conducting market research and surveys with the aim of improving our products and services.
6. Analyze and enhance our marketing communications and strategies (including by identifying when emails we have sent to you have been received and read).
7. Analyze trends and statistics regarding visitors’ use of our Sites, mobile applications and social media assets.
8. Notify you from time to time about relevant products and services operated by AHB.
9. To protect against, unauthorized transactions, claims and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users.
10. Preventing, detecting, investigating and prosecuting crimes (including but not limited to money laundering, terrorism, fraud and other financial crimes) in any jurisdiction, identity verification, government sanctions screening and due diligence checks.
11. Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement or court orders, as well as regulator or enforcement agency obligations.
12. To perform the contract, we are about to enter into, or have entered into, with you. Establishing, exercising or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings.
13. Monitoring: To the extent permitted by law, AHB may record and monitor your communications with us to ensure compliance with our legal and regulatory obligations and our internal policies. This may include the recording of telephone conversations.
14. Surveillance of premises.

We have set out below, in a table format, a description of the ways we plan to use your personal data.

As per the UAECB Consumer Protection requirements, all licensed financial entities will need to get express consent from our customers to process your personal data. AHB will at all times use its best endeavours to get express consent from you to process your personal data. You should be aware that you have the right to withdraw your consent at any time, you can do this by contacting us at dataprivacy@alhilalbank.ae

You will only receive marketing communications from us if you have consented to us to market to you.
You may request to stop receiving marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting the AHB Customer Care Team on contactsus@alhilalbank.ae at any time.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us for other purposes.
We will only use your personal data for specified, explicit and legitimate purposes which are compatible with the purposes determined at the time we collect the personal data.
If we need to use your personal data for a new and unrelated purpose, we will make all reasonable efforts to collect consent from you for this new processing. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may have to share your personal data with the parties set out below for the purposes set out in the table above. Where we do share your personal data with third parties, we will use our best endeavours to collect your express consent for such disclosures.

1. Internal Third Parties as further described in the Glossary below.
2. External Third Parties as further described in the Glossary below.
3. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
4. In some instances we may be required by law, regulation or instruction to provide your personal data to governmentauthorized Credit Information Agencies. To do this, we will supply your personal data to such agencies which may lead to possible limitations of accessing future Financial Products and/or Services based on the Consumer records provided to these agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Your personal data will be shared with Internal Third Parties. In some circumstances where the law permits, this will involve us transferring your data from one jurisdiction to another, either inside or outside the United Arab Emirates. Where this is the case, we will use our best endeavours obtain express consent from you for such transfers, as well as informing you, as appropriate in a separate just in time notice.

When we transfer your personal information to any other territories or countries, we will take such steps as are necessary to ensure appropriate safeguards apply to maintain the same levels of protection as are needed under data protection laws. If we do so you may contact us to obtain a copy of the applicable safeguards.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see “Request Erasure” below for further information

You may be able to access other websites through our website. When you do so you are thereby subject to those other sites policies regarding privacy and data collection and you should read those sites' privacy policies to make sure you agree to them before using such sites.

AHB operates channels, pages and accounts on some social media sites to inform, assist and engage with customers. AHB monitors and records comments and posts made on these channels about AHB in order to improve its products and services.
Please note that you must not communicate to AHB through such social media sites the following information:

1. confidential personal data, including any information regarding your financial situation, bank account details, transactions, etc.
2. special category data (please see below).
3. excessive, inappropriate, offensive or insulting information towards individuals.

AHB is not responsible for any information posted on those sites other than the information posted by its employees on its behalf. AHB is only responsible for its own use of the personal data received through such sites.

Cookies - We use 'cookies' to monitor how people use our site. A cookie is a piece of information that is stored on your computer's hard drive and it records how you have used a website. This helps us to understand how our customers use our website so we can develop and improve the site. For more information about our use of cookies please refer to our Cookie Policy.
View our Cookie Policy

Under certain circumstances, you may have rights under data protection laws in relation to the personal data we hold about you, including:

1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you have any concerns of how we process your personal data you may inform us of any issues you have and we will endeavour to resolve these for you. If you need to make a complaint then you can contact the UAECB as per the Consumer Protection Regulations. If you wish to exercise any of the rights set out above, please contact the Data Privacy Office at dataprivacy@alhilalbank.ae.

External third parties
External third parties include:

1. Anyone that AHB reasonably believes to be acting on your behalf with authority to do so, such as payment recipients, beneficiaries of your account, nominees, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges or companies in which you have an interest in securities (where such securities are held by AHB for you), a debt charity, power of attorney or your professional advisors.
2. Legal, supervisory, regulatory, governmental and quasi-governmental bodies such as the Central Bank of the United Arab Emirates, the Securities and Commodities Authority (SCA), fraud prevention agencies, tax authorities, our professional advisors and/or the courts when it is necessary for our legitimate interests (e.g. to obtain legal advice or for fraud prevention purposes) and/or when we have a legal obligation to do so.
3. Credit reference/information agencies and bureaus as well as (including without limitation, Al Etihad Credit Bureau), as AHB chooses from time to time for the purposes of obtaining or providing credit references and other information when it is necessary for our legitimate interests (e.g. for our commercial operations and to assess your ability to meet your commitments) and/or when we have a legal obligation to do so.
4. Organizations that provide us with business support services. For example, account service and administration companies, back-up and server hosting, IT software and maintenance and platforms, document storage and management services.
5. Any party, including but not limited to AHB’s professional advisors, for the purpose of enforcing or preserving AHB’s rights against you when it is necessary for our legitimate interests and/or for the establishment, exercise or defence of legal claims.
6. Third parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help us to resolve any complaint made by you and/or any dispute between you and us. This type of processing is necessary for our legitimate business interests (e.g. to help us to ensure that the intermediary or broker is fulfilling the terms of their contract with us) and in order for us to fulfil our legal obligations (e.g. our complaint-handling obligations).
7. Market research organizations who we engage to assist us in developing and improving our products and services. This type of processing is necessary for our legitimate interests (e.g. for our commercial operations).
8. Any person or entity that provides services to you through AHB as an intermediary, including investment management or insurance services and including in relation to additional products and services.
9. Any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with AHB.
10. Any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with us and their professional advisors. This type of processing is necessary for the fulfilment of our contract with you (e.g. to enable us to recover any sums we have advanced under our agreement with you).
11. Any entity (and their professional advisors) that provides funding to us or members of the Bank's group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business. This type of processing is necessary for our legitimate interests (e.g. to enable us to fund our business).
12. Any entity/third party used for recovery or collection of receivables to AHB from delinquent or defaulted customers

Internal third parties
We may share your personal information with other companies within the Bank’s group so that they can provide you with relevant products and services. This type of processing is necessary to enable us to take steps at your request prior to you entering into a contract with a company within the Bank's group.
Consent
Consent means a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of your personal data, sharing with third parties, transferring your personal data outside of the UAE, or marketing our products or services to you.
Special category data
Examples of special category data include:

1. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
2. genetic or biometric data that is processed for the purpose of uniquely identifying a natural person;
3. data concerning health;
4. data concerning a natural person’s sex life or sexual orientation; or
5. data relating to a natural person’s criminal record or alleged criminal activity