IMPORTANT INFORMATION ABOUT WHO WE ARE
This Privacy Notice describes how Al Hilal Bank PJSC (“AHB”, “Bank”, “We” or “Our”) may collect, use, store, whom we share it, or otherwise process your personal data including personal data provided when using our websites as well as the choices you can make about our collection and use. It is important to us that you are aware of our personal data and security practices and policies while using our products and services including access to our online services at www.alhilal.abudhabi and any of its ancillary pages and websites (the “Sites”). This Privacy Notice applies to users of our products and services and visitors to our Sites. We also describe the measures we take to protect the security of your personal information or personal data and how you can contact us about our privacy practices. When you visit the Sites, use our products or services, or provide us with information, you agree to be bound by the terms and conditions of this Privacy Notice. We also think it is important to highlight to you that the Central Bank of the United Arab Emirates has issued a Consumer Protection Regulation to protect the rights and interests of consumers in the UAE. As part of protecting you, and in order to comply with the regulation, AHB will obtain consent to continue to serve you with products and services, as well as share your personal data with third parties including those outside of the UAE. Separately AHB will get express consent from you to market to you our products and services. Please review this Privacy Notice periodically as we may update it from time to time without notice to you to reflect changes in our data practices.
This Privacy Notice aims to give you information about how the Bank may collect and processes your personal data. It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may issue on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
"Al Hilal Bank PJSC" is the Bank's registered business name. The Bank is regulated by the Central Bank of the United Arab Emirates (“CBUAE”). The registered Head Office of Al Hilal Bank PJSC, is Al Bahar Towers, Sheikh Zayed Street, Eastern Mangroves, Abu Dhabi, United Arab Emirates. For the purposes of applicable data protection legislation, the Bank is the data controller in respect of the information that we collect or obtain about you in most cases where we process your information. This is because the Bank in most cases, is the person who (either acting alone or jointly with others) determines why and how your personal information is processed.
3. Contact us
Our Data Privacy Office is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about the terms set out herein, including any requests to exercise your legal rights, please contact our Data Privacy Office at email@example.com. If you wish to get in contact with our Data Protection Officer directly, please note this in the subject line.
This Privacy Notice is updated from time to time. We will post any material changes that we may make to this Privacy Notice on our website and, where appropriate, we will notify you of the change by email. It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if any of the information we hold on you changes during your relationship with us.
5. Your personal data
Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed and the person is not or no longer identifiable (anonymous data). Your personal information will be collected or obtained by us whether we deal with you as an individual or on behalf of an individual, business, charity, trust or other organization that you represent. Broadly, personal information is any information that can identify you as an individual. We process many different types of personal information (as further described below). If you have made an application on behalf of another individual, a joint application with another individual, or an application on behalf of a business, charity, trust or other organization and have provided us with information in relation to its directors, shareholders, owners, trustees or beneficiaries (as applicable), or if you have provided us with personal information in relation to any guarantor, provider of security, donor or financer of any deposit monies or any occupier of any security property, then this Privacy Notice will also apply to the information that we collect or obtain about those individuals. You must provide a copy of this Privacy Notice to those individuals as soon as possible and obtain their confirmation that they have read and understood the terms set out herein.
We will collect, use, store and transfer different kinds of personal data about you, which may include:
- identifying information: i.e. information used to identify a specific individual, such as: name; date of birth; place of birth; nationality; country of residence; country of tax domicile; passport number and place of issue; residency permit details; tax identification details, passport details, photo;
- contact information: e.g. postal address, telephone number, email address, mobile number;
- family information: e.g. marital status;
- financial information: e.g. source of wealth, personal assets, bank account numbers, spending, income details and credit bureau reports from relevant authorities;
- professional information: e.g. employer, business interests, career history, monthly income;
- website technical data: e.g. your internet protocol (IP) address, website login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- website profile and usage data: e.g. your interests, preferences, feedback and survey responses, and information about how you use our website; and/or
- transaction details while performing online payments: e.g. merchant name, location, device used.
In certain circumstances, we will also collect, use, store and transfer “Special Categories of Data” (as explained further in the Glossary) about you. Note that we will only process Special Categories of Data to the extent permitted under applicable law. In circumstances where we rely on express consent as the legal basis for our processing, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent or not. Where we require your express consent to use and/or share your personal data, you have the right to refuse to provide us with such express consent. If you do refuse to provide us with your express consent to use and/or share your personal data due to regulatory restrictions we may not be able to provide you with the banking products or services for which your consent is being requested. Please note that if certain information is not shared with us, that may limit what we are able to do for you and in some cases you may be unable to access our website or receive our offers. We will notify you if this is the case at the time.
6. If you fail to provide personal data
Where we need to collect personal data due to the requirements of applicable law or professional standards and you fail to provide that data when requested, we may have to decline a request for services or, if we are already supplying services, suspend or stop providing you with our services. We will notify you if this is the case at the time.
7. How your personal data is collected
We may collect your personal information directly from you in a number of ways, including:
- when you apply for any product on our website (www.alhilal.abudhabi) or the bank’s digital application, through a postal application, telephone or direct with one of our employees;
- when you provide it on-line or by any other method of communication, for example, on "contact us" forms, or when you provide it through the course of our relationship, for example, if you inform us of a change in your circumstances; and
- technical information, including the Internet Protocol (IP) address used to connect to the internet, may be collected from you when you visit our website. We may obtain your personal information indirectly from third parties in the following ways:
- following an introduction to us by another third party, such as an accountancy firm, law firm or management consultancy;
- if another person provides your information to us when they apply to obtain a product from us:
- on your behalf; or
- that is to be held jointly with you; or
- on behalf of a business, charity, trust or other organization of which you are a director, shareholder, owner, trustee or beneficiary (as applicable); or
- they have nominated you as a guarantor under our agreement with them, or to provide any other security, or informed us that you are a donor or lender of any deposit monies or occupier of any security property;
- when we carry out searches for the purposes of processing your application and/or during the course of your relationship with us; or
- in response to our marketing activities, you request information about our products via a third party (e.g. websites and social media platforms).
8. How Your Personal Data Is Used
We will only use your personal data to the extent permitted by applicable laws and regulations. For example, we will use your personal data in the following circumstances:
- Processing applications for products and services, including assessing customer suitability and performing necessary checks and risk assessments (e.g., in case of credit request).
- Providing products and services (including electronic banking services, financing, mortgages, credit cards, etc.), including effecting payments, transactions and completing instructions or requests.
- Create, manage, monitoring, improving and maintain your experience on the Sites.
- Operate, evaluate and improve our business and the products and services we offer, including establishing and managing banking relationships and accounts.
- Conducting market research and surveys with the aim of improving our products and services.
- Analyze and enhance our marketing communications and strategies (including by identifying when emails we have sent to you have been received and read).
- Analyze trends and statistics regarding visitors’ use of our Sites, mobile applications and social media assets.
- Notify you from time to time about relevant products and services operated by AHB.
- To protect against, unauthorized transactions, claims and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users.
- Preventing, detecting, investigating and prosecuting crimes (including but not limited to money laundering, terrorism, fraud and other financial crimes) in any jurisdiction, identity verification, government sanctions screening and due diligence checks.
- Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement or court orders, as well as regulator or enforcement agency obligations.
- To perform the contract, we are about to enter into, or have entered into, with you. Establishing, exercising or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings.
- Monitoring: To the extent permitted by law, AHB may record and monitor your communications with us to ensure compliance with our legal and regulatory obligations and our internal policies. This may include the recording of telephone conversations.
- Surveillance of premises.
9. Purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways we plan to use your personal data.
As per the UAECB Consumer Protection requirements, all licensed financial entities will need to get express consent from our customers to process your personal data. AHB will at all times use its best endeavours to get express consent from you to process your personal data. You should be aware that you have the right to withdraw your consent at any time, you can do this by contacting us at firstname.lastname@example.org
|Stage in your AHB journey||Purpose of the processing and the personal data we collect. Transfer to third-parties and outside the country||Lawful basis for processing|
In the physical application form
In the digital platform
In AHB mobile applications
|We process your personal information in order to consider and process your
application for an account with us. This processing is necessary in order for
us to take regulatory steps at your request before we enter into an
agreement with you and is also necessary for our legitimate interests (i.e. in
deciding whether or not we can offer you the product you have applied for).
This type of processing is required in order for you to enter into an agreement with us.
We collect name, Emirates ID details, passport details, date of birth, nationality, employment details, transaction pattern (no of credits/no of debits), source of income, income, contact details and address.
The information is also required as part of regulatory financial crime protection (“KYC”) mandated for account opening.
We use your data to prepare KYC-forms, CRS-form, W-8 and W-9 forms, application forms, and to evaluate your customer profile.
In respect of fraud searches and identity verification, this processing is necessary for our legitimate interests (i.e. fraud prevention) and compliance with our legal obligations.
If you do not provide this information, then we cannot proceed with your application.
In a physical
On the digital platform
|When you apply for a credit card, we collect your name, Emirates ID details,
passport details, date of birth, nationality, your mother's maiden name,
banking details, home country address details, employment details, income
details, name and contact of two friends.
We ask for your consent for checking your credit score with the Al Etihad Credit Bureau (“AECB”).
We ask for your consent to pull a statement from CBUAE.
Credit Assessment, profiling, cross sales, data may be shared to regulatory authorities, if requested. Consent for the same is recorded in the application form.
Relevant Shariah set of contracts (Murabaha contract, Offer to sell & Service Contract) covering the principal amount, profit amount, tenor and instalment amounts payable is also accepted by the customer.
|3.||Deliver your debit card||Only contact and delivery information is shared with a third-party courier for debit card delivery.||Consent|
& Auto Finance
In a physical application form
On the digital platform
|We make a credit assessment of you and collect your name, Emirates ID
details, passport details, date of birth, nationality, mother's maiden name,
banking details, home country address details, employment details, income
details, name and contact of two friends.
We ask for your consent for checking your credit score with the AECB.
We ask for your consent to pull a statement from CBUAE.
Relevant Shariah set of contracts (Murabaha contracts) as per Shariah principles covering the principal amount, profit amount, rate, tenor and instalment amounts payable is also accepted by the customer.
In a physical
On the digital platform
|In order to consider you for Home finance, we collect your name, Emirates ID
details, passport details, date of birth, nationality, mother's maiden name,
banking details, home country address details, employment details, Income
details, name and contact details of two friends.
We ask for your consent for checking your credit score with AECB. We ask for your consent to pull a statement from CBUAE.
Relevant Shariah set of contracts (Ijarah documents) covering the principal amount, profit amount and/or rate, tenor and instalment amounts payable is also accepted by the customer.
Risk Profile Questionnaire
|In order for us to assess your risk profile and tolerance towards investment,
and ultimately your investment strategy, and give you access to our
investment management, we will process your name, information on your
current investments at AHB, previous experience with investments, time
horizon, liquidity, and time horizon as well as return expectations, and we
collect your signature.
Subscription Amount, name and account number, address, profession, country, nationality, DOB, source of funds, contact details, joint account holder info, signatures.
We collect the redemption amount, units, name and account number, signatures.
Your personal data is not shared with any third party, but may be shared with Authorities if requested.
Documents by email
Sukuk Execution Form
|In order for us to assess your risk profile and tolerance towards investment
and ultimately your investment strategy, and to take instructions to execute
on behalf of you, we process your name, info on investments at AHB, previous
experience with investments, time horizon, liquidity, and time horizon as well
as return expectations. We also collect your signature.
Your personal data is not shared with any third party, but may be shared with the relevant authorities if requested.
|8.||Declined on boarding||If your application is declined, we will store your personal information in accordance with our record retention procedures and to comply with our legal obligations.||Consent|
|9.||Account administration||The Bank will process your personal information in order to administer your account in a number of ways. This will include, for example, providing you with account statements, notices, and other information such as changes to your profit rate; managing any arrears on your account; enforcing any security that we have in place; and dealing with any queries or complaints that you may have. This type of processing is necessary for the performance of our contract with you and in order to fulfil our legal obligations.||Consent|
Documents by email
CIF update from branches
|The KYC check (Know Your Customer) is a mandatory process of identifying
and verifying your identity when opening an account, and also periodically
over time. The objective of the KYC is to prevent the Bank from being used by
criminal elements for money laundering activities.
We collect your Emirates ID, passport copy, income proof, address proof, Visa copy, and Email ID.
This data may be shared with regulatory authorities if requested.
|11.||Business operations||We will also process your personal information to manage our business operations, for example, our internal governance functions, which will include monitoring communications and activities in relation to your account, and for accounting and audit purposes. We have legitimate interests in doing so (i.e. it is necessary for our business and compliance purposes) and we may also have legal obligations to fulfil.||Consent|
|12.||Marketing||We process your personal information for marketing purposes. This is necessary in order to fulfil our legitimate interests of providing you with information about products and services that you may be interested in.||Consent|
|13.||Analysis||We may process your personal information for the purposes of performing statistical analysis and conducting market research. This is necessary in order to fulfil our legitimate interests (i.e. to enable us to better understand our customer base and the markets in which we operate, or may wish to operate).||Consent|
|14.||Website||The personal information that we process when you are browsing our website (such as your IP address) is processed on the basis that we have legitimate interests in doing so or that you have given your consent to this by accessing and browsing the website.||Consent|
|15.||Assisting you in the exercise of your rights||If we are dealing with a request you have made in order to exercise your legal and regulatory rights, this will be done in order to fulfil our legal obligation to respond to you.||Consent|
|16.||Retention||After your agreement has ended we will retain your personal data in accordance with our record retention procedures and to comply with our legal obligations.||Consent|
10. Marketing from us
You will only receive marketing communications from us if you have consented to us to market to you.
You may request to stop receiving marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting the AHB Customer Care Team on email@example.com at any time.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us for other purposes.
We will only use your personal data for specified, explicit and legitimate purposes which are compatible with the purposes determined at the time we collect the personal data.
If we need to use your personal data for a new and unrelated purpose, we will make all reasonable efforts to collect consent from you for this new processing. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
11. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table above.
Where we do share your personal data with third parties, we will use our best endeavours to collect your express
consent for such disclosures.
- Internal Third Parties as further described in the Glossary below.
- External Third Parties as further described in the Glossary below.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
- In some instances we may be required by law, regulation or instruction to provide your personal data to governmentauthorized Credit Information Agencies. To do this, we will supply your personal data to such agencies which may lead to possible limitations of accessing future Financial Products and/or Services based on the Consumer records provided to these agencies.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
12. International transfers
Your personal data will be shared with Internal Third Parties. In some circumstances where the law permits, this will
involve us transferring your data from one jurisdiction to another, either inside or outside the United Arab Emirates.
Where this is the case, we will use our best endeavours obtain express consent from you for such transfers, as well as
informing you, as appropriate in a separate just in time notice.
When we transfer your personal information to any other territories or countries, we will take such steps as are necessary to ensure appropriate safeguards apply to maintain the same levels of protection as are needed under data protection laws. If we do so you may contact us to obtain a copy of the applicable safeguards.
13. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used
or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those
employees, agents, contractors and other third parties who have a business need to know. They will only process your
personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
14. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for
the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see “Request Erasure” below for further information
15. Other websites
You may be able to access other websites through our website. When you do so you are thereby subject to those other sites policies regarding privacy and data collection and you should read those sites' privacy policies to make sure you agree to them before using such sites.
16. Social Media
AHB operates channels, pages and accounts on some social media sites to inform, assist and engage with
customers. AHB monitors and records comments and posts made on these channels about AHB in order to improve
its products and services.
Please note that you must not communicate to AHB through such social media sites the following information:
- confidential personal data, including any information regarding your financial situation, bank account details, transactions, etc.
- special category data (please see below).
- excessive, inappropriate, offensive or insulting information towards individuals.
AHB is not responsible for any information posted on those sites other than the information posted by its employees on its behalf. AHB is only responsible for its own use of the personal data received through such sites.
17. Your Use of Our Website
Cookies - We use 'cookies' to monitor how people use our site. A cookie is a piece of information that is stored on your
computer's hard drive and it records how you have used a website. This helps us to understand how our customers
18. Your Rights
Under certain circumstances, you may have rights under data protection laws in relation to the personal data we hold about you, including:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have any concerns of how we process your personal data you may inform us of any issues you have and we will endeavour to resolve these for you. If you need to make a complaint then you can contact the UAECB as per the Consumer Protection Regulations. If you wish to exercise any of the rights set out above, please contact the Data Privacy Office at firstname.lastname@example.org.
External third parties
External third parties include:
- Anyone that AHB reasonably believes to be acting on your behalf with authority to do so, such as payment recipients, beneficiaries of your account, nominees, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges or companies in which you have an interest in securities (where such securities are held by AHB for you), a debt charity, power of attorney or your professional advisors.
- Legal, supervisory, regulatory, governmental and quasi-governmental bodies such as the Central Bank of the United Arab Emirates, the Securities and Commodities Authority (SCA), fraud prevention agencies, tax authorities, our professional advisors and/or the courts when it is necessary for our legitimate interests (e.g. to obtain legal advice or for fraud prevention purposes) and/or when we have a legal obligation to do so.
- Credit reference/information agencies and bureaus as well as (including without limitation, Al Etihad Credit Bureau), as AHB chooses from time to time for the purposes of obtaining or providing credit references and other information when it is necessary for our legitimate interests (e.g. for our commercial operations and to assess your ability to meet your commitments) and/or when we have a legal obligation to do so.
- Organizations that provide us with business support services. For example, account service and administration companies, back-up and server hosting, IT software and maintenance and platforms, document storage and management services.
- Any party, including but not limited to AHB’s professional advisors, for the purpose of enforcing or preserving AHB’s rights against you when it is necessary for our legitimate interests and/or for the establishment, exercise or defence of legal claims.
- Third parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help us to resolve any complaint made by you and/or any dispute between you and us. This type of processing is necessary for our legitimate business interests (e.g. to help us to ensure that the intermediary or broker is fulfilling the terms of their contract with us) and in order for us to fulfil our legal obligations (e.g. our complaint-handling obligations).
- Market research organizations who we engage to assist us in developing and improving our products and services. This type of processing is necessary for our legitimate interests (e.g. for our commercial operations).
- Any person or entity that provides services to you through AHB as an intermediary, including investment management or insurance services and including in relation to additional products and services.
- Any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with AHB.
- Any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with us and their professional advisors. This type of processing is necessary for the fulfilment of our contract with you (e.g. to enable us to recover any sums we have advanced under our agreement with you).
- Any entity (and their professional advisors) that provides funding to us or members of the Bank's group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business. This type of processing is necessary for our legitimate interests (e.g. to enable us to fund our business).
- Any entity/third party used for recovery or collection of receivables to AHB from delinquent or defaulted customers
Internal third parties
We may share your personal information with other companies within the Bank’s group so that they can provide you with relevant products and services. This type of processing is necessary to enable us to take steps at your request prior to you entering into a contract with a company within the Bank's group.
Consent means a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of your personal data, sharing with third parties, transferring your personal data outside of the UAE, or marketing our products or services to you.
Special category data
Examples of special category data include:
- data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
- genetic or biometric data that is processed for the purpose of uniquely identifying a natural person;
- data concerning health;
- data concerning a natural person’s sex life or sexual orientation; or
- data relating to a natural person’s criminal record or alleged criminal activity