Introduction
Bank of Bahrain and Kuwait B.S.C (BBK) is committed to maintaining the confidentiality, integrity, and security of personal and sensitive information collected from customers, in accordance to applicable laws.
This privacy statement defines BBK procedures to process personal and sensitive personal data collected and processed by BBK through all means including requests for banking services via BBK’s various channels (including but not limited to branches, website and mobile applications).
BBK recognizes the importance of data privacy, and treats your data in accordance to applicable data protection regulations.
This statement should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing personal data.
This privacy statement shall be updated from time to time so you may wish to check it each time you submit Personal Data on our websites and applications.
This privacy statement explains how we collect, use, store and share the personal data you provide us when requesting BBK’s services through any of the Bank’s various channels.
By accessing and using our electronic services and mobile applications, you agree to the terms and conditions of this privacy statement.
Definitions
Data or Personal Data
Any information of any form related to an identifiable individual, or an individual who can be identified, directly or indirectly, particularly through his/her personal ID number, or one or more of his/her physical, physiological, intellectual, cultural or economic characteristics or social identity.
To determine whether an individual can be identified, all the means used by, or that may be available to, the Data Controller or any other person, shall be taken in consideration.
Sensitive Personal Data
Any personal information that reveals, directly or indirectly, the individual’s gender, race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to his/her health or marital status.
Data Controller
The person who decides, solely or in association with others, the purposes and means of processing of certain personal data. In the events where such purposes and means are 3 prescribed by Law, the Data Controller shall be the person who is responsible for the processing.
Data Processor
The person who processes the data for and on behalf of the Data Controller, not including whoever works for the Data Controller or Data Processor.
Data Privacy Officer
The person who’s in charge of data privacy matters at the organization and support compliance with the requirements of data privacy laws by providing internal guidance and monitoring as well as external interaction and liaison.
Processing
Any operation or set of operations carried out on personal data by automated or nonautomated means, such as collecting, recording, organising, classifying in groups, storing, modifying, amending, retrieving, using or revealing such data by broadcasting, publishing, transmitting, making them available to others, integrating, blocking, deleting or destroying them.
Direct Marketing
Any communication, by any means, through which a marketing or advertising material is directed to a specific person.
What kind of Information does BBK collect?
As part of our legitimate business use and regulatory requirements, BBK may collect the following information about past, existing and prospective clients (individuals and legal entities) for the purpose of providing our services. In addition, BBK may collect some of the following information about BBK third party service providers, guests visiting BBK facilities, online channels and social media users as relevant.
This information includes (and is not limited to):
| Data class | Indicative data elements |
|---|---|
| Individual’s information | Name, Phone Number, Residential Address, CPR Number, Passport Number, Email Address, Date of Birth, Employment Information, Salary Information, Credit Information |
| Legal entity’s information | Entity Name, Commercial Registration Number, Registered Address, Incorporation Information, VAT Registration Number, Shareholder Information, Management Information, Credit Information |
| Financial information of legal entities | Turnover (Sales), Net Profit, Net Worth (Total Assets, Total Liabilities) |
| Transaction information | Banking Transactions (Recipients, Transaction Amounts, Corresponding Bank, Destination Country) |
| Website and application usage information | Time Spent, Pages Visited |
| Cookies, log files and web beacons | IP Address, Device Identifiers |
In certain cases, BBK may collect Sensitive Personal Data about you for the purpose of providing you with our products and services.
BBK will ensure not to collect this information without your consent unless it is allowed under applicable data privacy laws:
| Sensitive Personal Data Category | Reasons for collection |
|---|---|
| Location data | In certain cases where you wish to open an account using our digital channels, BBK may use geo-location feature to verify your location. |
| Biometrics | In certain cases where you wish to open an account using our digital channels, BBK may use facial recognition mechanisms to verify your identity. |
| Health Information | In certain cases health information may be collected to assess your eligibility for loans. |
| Criminal and court records including CBB account blocks, Politically Exposed Person (“PEP”) status | To fulfil our legal and regulatory obligations. |
| Voice recording and virtual recording | During your interaction with BBK, we may record your calls for quality assurance purposes and to evidence your decisions. In addition, we may retain images captured by video surveillance in marked areas at BBK branches and premises for our vital interest and to fulfil our regulatory obligations. |
| Religion | In certain instances when performing KYC and AML. |
How does BBK collect my Personal Data?
In order to properly provide our services and to adhere to regulatory requirements, BBK collects Personal Data about you from the following sources:
- Directly from you (through application forms of various banking services)
- If you contact us, we may keep a record of the correspondence
- BBK websites and mobile applications
- Correspondence with BBK
- Events, surveys, and marketing campaigns
- BBK Group Companies, including; branches, subsidiaries, associates and other affiliates, as required for Group wide oversight
- Government Authorities and Regulators
- Data processors, ancillary service providers, contractors, vendors and any other third parties
Personal Data collected by BBK is restricted to the minimum information required to provide our services or as required by regulators. The consequences of not providing the requested information when BBK rely solely on a contractual or legal obligation may result in our inability to provide services requested by you.
When you visit BBK websites and mobile applications, we may collect certain information automatically from your device such as:
- Your IP address
- Device type
- Unique device identification number (such as MAC address)
- Browser type, broad geographic location (on a country or city level)
We may also collect information about how your device has interacted with our site, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from and what content on our website is of interest to them. We use this information for our internal analytics purposes, and to improve the quality and relevance of our site to our visitors.
Our site also uses various social media plugins as well as links to external websites that may collect information regarding your identifier and usage. BBK does not control and is not responsible for the data collection and content on these plugins and websites.
How does BBK safeguard the Personal Data collected?
As the Data Controller, we have a responsibility to apply technical and organizational measures capable of protecting the data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access, or any other form of processing.
We have instituted adequate measures for providing an appropriate level of security aligned to the nature of the data being collected and processed, and the risks that may arise from this processing. Our various security measures include but are not limited to data encryption, either at rest or in-transit, strong authentication, accessing monitoring, and rigorous access controls either from network or application level. Data is shared within BBK and its third parties (including employees, group companies, contractors, agents, etc) on a need to know basis and under strict confidentiality arrangements.
Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats. We have implemented suitable measures to identify, monitor and report any breaches to personal data in line with the requirements of the law.
BBK limits access to personal information to those working with BBK and its Group Companies, regulators, government authorities, vendors, consultants, external auditors and appointed experts, employees, contractors, business partners or agents who require such access in connection with providing products or services to you or for other legitimate business purposes or as required to comply with the relevant laws and regulations.
How does BBK process collected Personal Data?
We may process your Personal Data for:
- Providing our products or services to you (as an individual and/or legal entity)
- Administering and maintaining our contractual relationship
- Conducting due diligence on all customers and future customers, credit reference checks, and to fulfil Know Your Customer (KYC) requirements
- Complying with legal and regulatory requirements and reporting including CRS and FATCA reporting
- AML, CFT and fraud-prevention purposes
- Enhancement of our products and services
- Research, analysis and statistical purposes including the use of data analytics
- Marketing of our current and/or upcoming products/services. This may include sending Marketing SMS and Emails.
- Record keeping
- Audit and quality control
- Implement physical security measures at our premises, for example using CCTV.
- Credit and tax reporting
To which third-parties does BBK disclose Personal Data?
BBK only discloses data to third parties when explicitly requested by you, when required as per legal/regulatory requirement, have a public or vital interest to do so such as fraud prevention and financial crime, to perform contractual obligations, or when BBK have a legitimate business reason to do so. Third-party recipients of data may include:
- Government authorities and regulators
- BBK Group Companies, branches, subsidiaries, associates and other affiliated companies
- Financial Institutions (Such as corresponding banks)
- Credit reference agencies
- Courts, police and law enforcements
- Consultants, Advisors, auditors and law firms (when required and when associated with BBK)
- Data processors, ancillary service providers contractors, agents, business partners and other vendors associated with BBK in which BBK have a legitimate reason for sharing the Data such as: provide support with managing the internal operations, manage risk, identity verification, or assessing your suitability for products and services.
- Call centre and customer service provider
- Cloud service providers
Contact Us
- Do you have some privacy-related concerns? You may email our Data Privacy team at DataPrivacy@bbkindia.com or visit any BBK branch near you.
