DATA PRIVACY NOTICE

1. INTRODUCTION AND SCOPE

In the course of our business, we will need to process information about individuals (“Personal Data”), including information about job applicants and our potential, current, and former customers. We will also collect and process information about individuals who visit our website and/or download our mobile applications (the “Sites”), and who utilise our services (the “Services”).We take your privacy seriously. This Privacy Notice contains information on how Singapore Gulf Bank B.S.C (c) and our affiliates (collectively, “SGB”, “we”, or “our”) collect, use, disclose, transfer, and protect personal data in our possession or under our control, and how you can exercise your rights in relation to the processing of your Personal Data.

We may amend this Privacy Notice from time to time by posting the updated Privacy Notice on our Sites. By continuing to use our Sites and the Services after the changes come into effect, you agree to be bound by the revised Privacy Notice.

2. WHAT DOES THIS NOTICE COVER?

This Privacy Notice applies to all Personal Data collected and processed by SGB through the Sites and the Services, including in respect of our recruitment processes and in the course of our business in respect of our customers and service providers, whether prospective, current, or former.

Additionally, if you are an institutional or corporate customer, we may collect information about your directors, employees, and/or shareholders. Before you provide us with this information, you should provide a copy of this Privacy Notice to those individuals.

3. CONSENT TO PROCESSING

By providing any Personal Data to us on the Sites or in order to utilise the Services, you fully understand the implications and consent to the transfer of such Personal Data to us, and our collection and processing of such Personal Data, to the extent permitted in this Privacy Notice.

Please note that we may link third-party websites or services on the Sites. You must exercise your own due diligence when following a link to any of these websites and services, which may have their own data protection practices and policies. We do not accept any responsibility or liability for any practices of, or handling of Personal Data by, third-party websites and services that are linked on the Sites.

4. WHAT KIND OF PERSONAL DATA DO WE COLLECT FROM YOU?

a. Visitors to the Sites

When you visit the Sites, we may automatically collect the following information:

  1. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your log-in information, browser type and version, time zone setting, operating system and platform;
  2. location information, such as your GPS location; and
  3. information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our site (including date and time), content you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

We collect this data to measure and improve the effectiveness of the Sites, to help diagnose problems with our server, to administer the Sites, to see where website traffic is coming from and to identify our customers.We may also collect other information such as website usage activity and preferences, also known as demographic or profile data. In this connection we may use “cookies” to collect this information. For more information see Section 6 below (Cookies and Other Tracking Technologies).

Additional data will only be recorded via the Sites if you disclose them voluntarily, e.g. if you submit information to us by filling in forms on our Sites, or by corresponding with us via email or through marketing activities.

  1. Potential, current, and former customers

For prospective, current, and former customers, we collect Personal Data about you, including:

  • personal details such as your name, identification number, date of birth, compliance related documents (including a copy of your national identity card or passport, and proof of residence (POA) documents), phone number, address and domicile, email address, and family details such as the name of your spouse or partner;
  • financial information, including payment and transaction records, risk profile, information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings, and investments (including your investment objectives);
  • tax domicile and other tax-related documents and information;
  • where relevant, professional information about you, such as your employment details, including your job title and work experience;
  • your knowledge of and experience in investment matters;
  • details of our interactions with you and the products and services you use, including electronic interactions across various channels such as emails and the Sites;
  • any records of phone calls between you and SGB, specifically phone log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls;
  • voice or video recordings and communication data;
  • specimen signatures and other identifiers we assign to you, such as your client or account number, including identifiers for accounting purposes; and
  • in some cases (where permitted by law), special categories of Personal Data, such as your biometric information (including facial image and fingerprint data), political opinions or affiliations, health information, and, to the extent legally possible, information relating to criminal convictions or offences. For more information see Section 7 below (Treatment of Sensitive Personal Data).

If relevant to the Services that we provide to you, we will also collect information about your business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents.

5. WHEN DO WE COLLECT PERSONAL DATA ABOUT YOU?

We collect Personal Data about you in the following (non-exhaustive) situations:

ⅰ. when you subscribe to any of our newsletters or updates;

ⅱ. when you register for or attend any of our events, or visit our booth at conferences and share your business contact information;

ⅲ. when you complete any survey or questionnaire we send you;

ⅳ. when you access the Sites or our Services (see Section 6 below (Cookies and Other Tracking Technologies);

ⅴ. When you sign up for any of our services

ⅵ. when you report any problem to us;

ⅶ. when you request any support from us;

ⅷ. when you contact us via the form on our Sites or via our employees or service providers to request for further information or to onboard with us as a customer;

ⅸ. when required to do so for compliance with applicable legal and regulatory requirements; or

ⅹ. when you submit your resume to us via our Sites or via our social media.

We may collect your Personal Data from public registers and other third-party sources, such as name screening services, credit reporting agencies, fraud prevention agencies, intermediaries that facilitate data portability, know-your-customer and know-your-transaction third party service providers, business partners, and our affiliates and/or subsidiaries.

We will only collect and use Personal Data that is necessary and proportionate for our business activities and services, and will avoid collecting or retaining irrelevant or excessive information that is not needed.

We will notify you whether any of our requests for your Personal Data are mandatory or optional, and where applicable, the potential consequences if you do not furnish us with the requested information.

6. COOKIES AND OTHER TRACKING TECHNOLOGIES

Our website, www.sgb.com may use cookies and other third-party tracking solutions to provide you with a more responsive and personalised service.

a. Cookies

We may utilise cookies and tracking technologies to recognise you when you visit our Sites. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you choose to decline cookies, you may not be able to fully experience the features of our Sites.

b. Google AdSense Advertising

We may use Google AdSense Advertising on our website. Google, as a third party vendor, uses cookies to serve ads on the Sites. Google’s use of the DART cookie enables it to serve ads to our users based on their visit to the Sites and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting Google’s policies on Advertising and Privacy.

We may implement the following features from Google AdSense Advertising on the Sites:

  1. Remarketing with Google AdSense
  2. Google Display Network Impression Reporting
  3. Demographics and Interests Reporting
  4. DoubleClick Platform Integration

We, along with third-party vendors such as Google, may use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.

If you wish to opt out from Google AdSense Advertising, you can set your preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

b. Do Not Track signals

When you browse the web on computers or Android devices, you can send a request to websites not to collect or track your browsing data across websites. This is known as “Do Not Track”. At present, there has not been any globally adopted standard for “Do Not Track” signals and requests. We currently do not respond to “Do Not Track” signals in browsers, as we do not use that information.

7. TREATMENT OF SENSITIVE PERSONAL DATA

As a digital bank, we may need to process certain information that may amount to Sensitive Personal Data under the Kingdom of Bahrain’s Personal Data Protection Law No. 30 of 2018, such as your personal criminal record, for some of our services, in order to carry out our legal and compliance obligations - such as verifying your identity, assessing your creditworthiness, complying with legal and regulatory guidelines and obligations (such as anti-money laundering (AML), know-your-customer (KYC), know-your-transaction (KYT), and combating the financing of terrorism (CFT) regulations), or to provide you with tailored financial products.

If you are a potential employee, we may need to process your Sensitive Personal Data in certain situations, such as when we need to verify your background or qualifications, or for diversity and inclusion monitoring purposes.

Where you voluntarily provide Sensitive Personal Data to us, we will assume that we have your explicit consent to use that information in connection with the purpose for which it has been provided. We will not process your Sensitive Personal Data unless it is strictly necessary and justified.

8. HOW DO WE USE INFORMATION ABOUT YOU?

We may use your Personal Data for various purposes, including:

  • analytics and measurement (incl. machine learning and profiling) to process your Personal Data;
  • to perform the business relationship with you, or to take steps to enter into a business relationship with you;
  • to provide our banking services and products to our customers, such as processing transactions, verifying identity, conducting credit checks, facilitating payments, and managing accounts;
  • to comply with our legal and regulatory obligations, such as reporting to the Central Bank of Bahrain, the Ministry of Industry & Commerce, and any other competent authorities;
  • to comply with internal policies and procedures, such as risk management, audit, compliance and governance;
  • to cooperate with law enforcement and judicial authorities, such as responding to court orders, warrants, or requests for information that we believe are valid and necessary
  • to contact you for direct marketing purposes about products and Services which we think may be relevant to you, including those offered by us, our affiliates and/or subsidiaries, and our other business partners;
  • for our operational management (including credit and risk management, technological support services, reporting, insurance, audit, systems and products training, and administrative purposes);
  • to protect our rights, interests, property, and security, and those of our customers, employees, affiliates, and others, such as enforcing our terms and conditions, policies, and agreements, preventing fraud, crime, money laundering, terrorism, and cyberattacks, and resolving disputes and claims;
  • to provide customer support, feedback or complaints handling services, such as engaging third-party call centres, chatbots, or survey platforms;
  • to offer complementary or value-added products or services to customers, such as partnering with third-party insurance, investment, or loyalty providers;
  • to transfer Personal Data in the event of a merger, acquisition, sale, reorganisation, or any other change in our ownership or control, subject to obtaining the consent of the Data Subjects where required or ensuring that the transferee is subject to the same or equivalent data protection obligations as us; and/or
  • to pursue the legitimate interests of SGB, such as conducting market research, analysis, and development, improving our products and services, enhancing our customer experience, and marketing our offerings to existing and potential customers, and enabling central management and operations of our group of companies.

9. DISCLOSURE OF YOUR INFORMATION

We may share Personal Data with our affiliates, subsidiaries, or parent company for the purposes stated in Section 8 (How Do We Use Information About You) above.

We may also share Personal Data with third parties outside our group of companies (including other credit and financial services institutions, comparable institutions and to our professional advisers and consultants) for the purposes stated in Section 8 (How Do We Use Information About You) above. We may also engage third parties to perform certain functions or services for us, such as IT, cloud, or payment services. For such engagements, we will only share Personal Data with third parties who have sufficient guarantees to implement appropriate technical and organisational measures to ensure the protection of the Personal Data and the rights of Data Subjects.

We may need to transfer your Personal data outside of the Kingdom of Bahrain. In such a situation, we will ensure that there is an adequacy decision by the Kingdom of Bahrain’s Data Protection Authority in place for the recipient country, or that such transfers have a legal basis.

10. HOW LONG DO WE STORE YOUR INFORMATION

We will not keep your Personal Data for longer than necessary in order to achieve the purposes for which the information was collected, unless required to do so in order to maintain our business relationship with you, or by operation of law and/or guidelines, or to comply with internal policies and procedures.

11 SECURITY

We are committed to implementing information security best practices to safeguard your Personal Data against unauthorised, accidental or unlawful access, processing, loss, damage or destruction, and we continuously review our information collection, storage and processing practices from time to time to guard against unauthorized access, processing or use.

Please note, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of data that you transmit to the Sites, and any transmission is at your own risk.

12 Your Rights

Subject to any applicable legal and regulatory exemptions, you have the right to:

ⅰ.check whether we hold Personal Data about you;

ⅱ.access any Personal Data we hold about you;

ⅲ.require us to correct any inaccuracy or error in any Personal Data we hold about you;

ⅳ.withdraw your consent to our processing of your Personal Data;

ⅴ. request erasure of any Personal Data we hold about you; and

ⅵ. to lodge a complaint with the Data Protection Authority of the Kingdom of Bahrain where you deem necessary.

You may refuse to provide or withdraw your consent for us to collect, use or disclose your personal data by giving us reasonable notice in writing via email to our Data Protection Officer at the contact details provided below, as long as there are no legal, regulatory or contractual restrictions preventing you from doing so. In general, we shall seek to notify you of whether your request has been accepted or rejected within fifteen (15) business days of receiving it.

Please note that any requests must be accompanied by proof of your identity, and must set out full particulars of your request. You understand that we may not be able to accept or fulfil your request if there are particulars missing. In such a situation, we will inform you of the details we require for the request to be processed. If you subsequently do not provide us with the information, we may have no choice but to reject your request.

If you refuse to provide or withdraw your consent for us to use your personal data, depending on the nature and scope of your request, such a request may render it impossible or commercially impractical for us to provide you with access to the Sites, our Services, or to continue maintaining your status as a customer due to our ongoing regulatory and compliance obligations. In such a situation, we may be forced to cease our commercial relationship with you.

For customers, we may also be required by operation of legal or regulatory guidelines to suspend, restrict, or terminate your and/or your company’s account upon your withdrawal of consent. We shall, in such circumstances, notify you of the likely consequences before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing via email at the contact details provided below.

Please note that your withdrawal of consent does not affect our right to continue to collect, process, retain and disclose your personal data where such collection, use and disclosure without consent is permitted or required under applicable laws and/or regulatory guidelines.

13. Contact Us

You may contact our privacy team if you have any enquiries or feedback on our personal data protection and privacy policies and procedures, or if you wish to make any request, in the following manner:

Data Privacy Team, Singapore Gulf Bank B.S.C (Closed)

Address: Unit 2901, Building 1B, Block 316, West Tower, Bahrain World Trade Center, Isa Al-Kabeer Avenue, Manama Center

Email address: dataprivacy@sgb.com

Last updated: 09 July 2024