Listen to the content of the page by clicking on listen below...
IMPORTANT INFORMATION ABOUT WHO WE ARE
This Privacy Notice describes how Al Hilal Bank PJSC (“AHB”, “Bank”, “We”, or “Our”) may collect, use, and store personal information. It outlines whom we share it with. And it outlines how we otherwise process your personal data. This includes personal data provided when using our websites and the choices you can make about our collection and use. It is important that you know our personal data and security practices and policies while using our products and services. This includes accessing our online services at www.alhilal.abudhabi and any of its ancillary pages and websites (the “Sites”). This Privacy Notice applies to users of our products and services and visitors to our Sites. We also describe the measures we take to protect your personal information or data security. This includes how you can contact us about our privacy practices. You agree to be bound by the terms and conditions of this Privacy Notice. This applies when you visit our sites, use our products or services, or provide us with information. It is important to highlight that the Central Bank of the United Arab Emirates has issued a Consumer Protection Regulation. This protects the rights and interests of consumers in the UAE. As part of protecting you and complying with the regulation, AHB will obtain consent. This is to continue serving you with products and services and share your personal data with third parties, including those outside the UAE. Separately, AHB will get express consent from you to market our products and services to you. Please review this Privacy Notice periodically. We may update it from time to time without notice to you to reflect changes in our data practices.
1.1. Al Hilal Bank PJSC (“AHB”, “Bank”, “We” or “Our”)
1.2. Data Protection in AHB is regulated by the United Arab Emirates ("UAE") Data Protection Law and the Central Bank of the UAE Consumer Protection Regulation and accompanying Consumer Protection Standards.
1.3. Our Contact Information
AHB will obtain Express Consent from you to serve you with products and services, as per the Central Bank of the UAE’s Consumer Protection requirements. You should be aware that you have the right to withdraw your Consent at any time. You can do this by contacting us at [email protected]. However, this will not affect the lawfulness of any processing carried out before you withdraw your Consent.
We have set out a description of why we process your Personal Data in the table below, including what personal data we collect, and the legal basis for such processing.
Processing Activities | Description | Legal Basis | |
---|---|---|---|
1 | Account Opening |
Personal Data processed: name, Emirates ID details, passport details, date of birth, nationality, employment details, transaction pattern (no of credits/no of debits), source of income, income, contact details and address. Processing description: We process your Personal Data in order to consider and process your application for an account with us. This Processing is necessary in order for us to take regulatory steps at your request before we enter into an agreement with you and is also necessary for deciding whether or not we can offer you the product you have applied for. This type of Processing is required in order for you to enter into an agreement with us. Personal Data is also required as part of regulatory financial crime protection, including Know Your Customer ("KYC") process mandated for account opening. We use your Personal Data to prepare KYC forms, CRS forms, W-8 and W-9 forms, application forms, and to evaluate your Customer profile. In respect of fraud searches and identity verification, this Processing is necessary for fraud prevention and to comply with our legal obligations. If you do not provide this information, then we cannot proceed with your application. Processing form: physical, digital platform, and AHB mobile applications. |
Consent |
2 | Credit card |
Personal Data processed: name, Emirates ID details, passport details, date of birth, nationality, your mother's maiden name, banking details, home country address details, employment details, income details, name and contact of two friends. Processing description: We process your Personal Data in order to consider and process your application for a credit card. Such Processing may include credit assessment, Profiling, and cross sales. We will obtain Consent to check your credit score with Al Etihad Credit Bureau ("AECB"). We will obtain Consent to pull a statement from the Central Bank of the UAE. Credit Assessment, profiling, cross sales, data may be shared to regulatory authorities, if requested. Consent for the same is recorded in the application form. Relevant Shariah set of contracts (Murabaha contract, Offer to sell & Service Contract) covering the principal amount, profit amount, tenor and instalment amounts payable is also accepted by the customer Processing form: physical and digital platform. |
Consent |
3 | Personal Finance & Auto Finance | Only contact and delivery information is shared with a third party courier for debit card delivery. | Consent |
4 | Debit Card Delivery |
Personal Data processed: name, Emirates ID details, passport details, date of birth, nationality, mother's maiden name, banking details, home country address details, employment details, income details, name and contact of two friends. Processing description: We will obtain Consent for checking your credit score with AECB. We will obtain Consent to pull a statement from the Central Bank of the UAE. Relevant Shariah set of contracts (Murabaha contracts) as per Shariah principles covering the principal amount, profit amount, rate, tenor and instalment amounts payable is also accepted by the customer. Processing form: physical and digital platform. |
Consent |
5 | Home Finance |
Personal Data processed: name, Emirates ID details, passport details, date of birth, nationality, mother's maiden name, banking details, home country address details, employment details, income details, name and contact details of two friends. Processing description: We will obtain Consent for checking your credit score with AECB. We will obtain Consent to pull a statement from the Central Bank of the UAE. Relevant Shariah set of contracts (Ijarah documents) covering the principal amount, profit amount and/or rate, tenor and instalment amounts payable is also accepted by the customer. Processing form: physical and digital platform. |
Consent |
6 | Mutual Funds |
Personal Data processed: name, information on your current investments at AHB, previous experience with investments, liquidity, return expectations, time horizon, subscription amount, account number, address, profession, country, nationality, DOB, source of funds, contact details, joint account holder info, redemption amount, units, and signature. Processing description: The Personal Data is processed to assess your risk profile and tolerance towards investment, and ultimately your investment strategy, and give you access to our investment management. Your Personal Data may be shared with Authorities upon request. Processing form: digital platform, risk profile questionnaire, subscription form, redemption form. |
Consent |
7 | Sukuks |
Personal Data processed: name, information on your current investments at AHB, previous experience with investments, liquidity, return expectations, time horizon, and signature. Processing description: The Personal Data is processed to assess your risk profile and tolerance towards investment, and ultimately your investment strategy, and to take instructions to execute on behalf of you. Your Personal Data may be shared with Authorities upon request. Processing form: digital platform, email attachments, Sukuk execution form. |
Consent |
8 | Regulatory and Law Enforcement Requests and Instructions | We may process your Personal Data to handle requests and instructions from the regulator, law enforcement departments and the Ministry of Interior that ask for information about specific individuals. | Compliance with a legal obligation |
9 | Declined Onboarding | If your application is declined, we will store your personal information in accordance with our record retention procedures and to comply with our legal obligations. | Consent |
10 | Account Administration | We process your Personal Data in order to administer your account in a number of ways. This will include, for example, providing you with account statements, notices, and other information such as changes to your profit rate, managing any arrears on your account, enforcing any security that we have in place, and dealing with any queries or complaints you may have including data privacy requests and complaints.
This type of Processing is necessary for the performance of our contract with you and to comply with our legal obligations. |
Consent |
11 | KYC Update |
Personal Data processed: Emirates ID, passport copy, income proof, address proof, Visa copy, and Email ID. Processing description: The KYC process is mandatory for identification and verification of your identity when opening an account, and also periodically over time. The objective of the KYC is to prevent the Bank from being used by criminal elements for money laundering activities. Your Personal Data may be shared with Authorities upon request. Processing form: digital platform, email attachments, CIF update from branches, internet banking. |
Consent |
12 | Fraud Investigation |
Personal Data processed: Name, bank account information, children’s names, CIF, company entity, contact details, credit card number, credit history, date of birth, debit card number, gender, home address, job title role, Emirates ID, nationality, parents names, passport details, reference or background checks, religious beliefs, signature, spouse’s name. Processing description: Fraud investigation is a mandatory response plan to incidents of suspected and actual fraud and involves the processing of relevant Personal Data under standard protocols and a clear framework. Your Personal Data may be shared with Law Enforcement if deemed necessary. Processing form: digital platform, case report/investigation form. |
Consent |
13 | Transaction Disputes |
Personal Data processed: Name, audio information, bank account details, CIF contact details, credit card number, debit card number, contact details. Processing description: We may process your personal data to handle your queries and confirm transactions. Processing form: physical and digital platform, transaction dispute form. |
Consent |
14 | Issuance of Certificate |
Personal Data processed: Name, account number, age, bank account information, bank statements, CIF, citizenship status, compensation data, contact details, credit card number, credit history, date of birth, debit card number, emergency contact details, gender, home address, marital status, Emirates ID details, passport details, signature. Processing description: We process your Personal Data in order to consider and process requests for certificates related to customer’s relationship with AHB Processing form: digital platform |
Consent |
15 | Customer Complaints |
Personal Data processed: Name, bank account information, bank statements, CIF, compensation data, contact details, credit card number, credit history, date of birth, debit card number, gender, home address, marital status, Emirates ID details, passport details, relatives information, signature. Processing description: We may process your Personal Data in order to consider and process your feedback and complaints. Processing form: physical and digital platform |
Consent |
16 | Digital Banking | We process your Personal Data in order to facilitate your use of our online banking services via website and mobile applications | Consent |
17 | Facepass / Emirates face recognition |
We process and share your facial biometric data with a third party service provider and a UAE Government Authority for verification against UAE Government records, to confirm your identity. The use of FacePass is optional. You may consent and opt-in to use FacePass by turning the feature on or off in the Mobile App or Internet Banking. Activation of FacePass will result in FacePass being the sole permitted means of authentication for certain transactions, to which the FacePass applies. Other means of authentication, such as by a One-Time-Password (OTP), may automatically be deactivated once FacePass has been activated. When you activate FacePass, your photograph is collected, processed and stored by AHB for the purpose of identification and verification, in order to authenticate your financial and nonfinancial transactions. |
Consent |
18 | Business Operations | We may process your Personal Data to manage and improve our business operations, for example, our internal governance functions, which may include monitoring communications and activities in relation to your account. Such Processing may be necessary for our business and compliance purposes, accounting and audit purposes and to comply with our legal obligations. | Consent |
19 | Marketing |
We may process your Personal Data for marketing purposes to provide you with information about products and services that you may be interested in. We will obtain Express Consent before using and sharing your Personal Data for direct marketing or transferring the Personal Data to any third parties for direct marketing. You may place your request to stop receiving marketing messages at any time. In order to do so, follow guidance in section “Marketing From Us” of this Notice. |
Consent |
20 | Analysis | We may process your Personal Data for the purposes of performing statistical analysis and conducting market research. This enables us to better understand our Customer base and the markets in which we operate, or may wish to operate. | Consent |
21 | Websites | The Personal Data that we process when you are browsing our Websites, such as your Internet Protocol ("IP") address, is processed so that we can create, manage, monitor, improve and maintain your experience on our Websites. | Consent |
22 | Assisting You in the Exercise of Your Rights | Should you make a request to exercise your legal and regulatory rights, we will respond to you as per our legal obligations and Applicable Law. | Consent |
23 | Retention | After your agreement has ended we will retain your Personal Data in accordance with our record retention procedures and to comply with our legal obligations and Applicable Law. | Consent |
We may collect your Personal Data from two primary sources
1. Directly From You
We may collect your Personal Data directly from you in a number of ways, including the following:
2. Indirectly From Other Parties
We may obtain your Personal Data indirectly from third parties in the following ways:
1. Following an introduction to us by another third party, such as an accountancy firm, law firm or management consultancy;
2. If another person provides your information to us when they apply to obtain a product from us
3. When we carry out searches for the purposes of processing your application and/or during the course of your relationship with us; or,
4. In response to our marketing activities, you request information about our products via a third party (e.g. websites and social media platforms).
If you are applying to us through a third party, then they should have provided you with their own privacy notice in order to inform you how they may process your Personal Data.
Where we need to collect Personal Data due to applicable legislative requirements or professional standards and you fail to provide that data when requested, we may have to decline a request for services or, if we are already supplying services, suspend or stop providing you with our services. We will notify you if this is the case at the time.
The security of your Personal Data is important to us. We have designed and implemented appropriate measures to prevent your Personal Data from being disclosed, modified or destroyed without sufficient authorisation. These measures address several dimensions of data security including and not limited to the following:
If you want to exercise any of your rights, please contact our Data Protection Officer (“DPO”) in writing at [email protected]. Your rights in relation to our Processing of your data may differ based on your relationship with us as per Applicable Law. Your rights are outlined in the table below:
Description of Your Relationship With Us | Your Rights |
---|---|
Consumers |
|
All Other Data Subjects (e.g. Website Visitors, Contactors) |
|
AHB will maintain the following obligations in relation to your rights concerning our Processing of your Personal Data:
Throughout the course of your relationship with AHB and even after its conclusion, your Personal Data may need to be shared with Processors who are both internal and external to AHB. Under certain circumstances, within the permits of Applicable Law, this will involve us transferring your data outside the UAE.
If we need to transfer our Customer’s Personal Data outside the UAE, we will obtain an Express Consent from them for such transfers as well as informing them as appropriate in a separate just in time notice.
In addition, we will take such steps as are necessary to ensure appropriate safeguards apply to maintain the same levels of protection as required under Applicable Law. These safeguards include, but are not limited to:
1. Equal Data Protection standards: we may transfer your Personal Data to jurisdictions outside the UAE if they have Data Protection legislation in place covering key Data Protection provisions.
2. Bilateral or multilateral agreements relating to Data Protection are in place between UAE and a state to which Personal Data is transferred.
3. Derogations: we may transfer your Personal Data outside the UAE on the basis of the following derogations:
We may share your Personal Data with the parties set out below for the purposes set out in this Notice:
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow third parties to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Term | Definition |
---|---|
AHB or Bank | means Al Hilal Bank and any of its branches, successors and assignees. |
ADCB | Means Abu Dhabi Commercial Bank or The Group Entity |
Authority(ies) | means legal, supervisory, regulatory, governmental and quasi-governmental bodies such as the Central Bank of the UAE, the Securities and Commodities Authority (“SCA”), fraud prevention agencies, tax authorities etc. |
Automated Processing | means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human. |
Applicable Law(s) | means all Applicable Law(s) relating to the Processing of Personal Data and privacy, in each case which are in force at the date on which this policy is updated in the UAE including the UAE Data Protection Law as well as the Central Bank of the UAE Consumer Protection Regulation and accompanying Consumer Protection Standards as amended. |
Biometric Data | means any Personal Data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of the Data Subject, which allow the identification or confirm the unique identification of the Data Subject, such as facial images or fingerprints. |
Central Bank of the UAE | means the Central Bank of the United Arab Emirates. |
Consent | means the Consent by which the Data Subject authorises AHB or third parties to process his Personal Data, provided that such Consent is clear, specific and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of his Personal Data. |
Consumer Protection Regulation or CPR | means the Consumer Protection Regulation of the Central Bank of the United Arab Emirates, and accompanying Consumer Protection Standards that apply to all Licensed Financial Institutions licensed by the Central Bank of the UAE in relation to their activities specified in Article 65 of the Decretal Law No. 14 of 2018. |
Consumer Protection Standards or CPS | means the Consumer Protection Standards of the Central Bank of the United Arab Emirates that accompany the Consumer Protection Regulation and apply to all Licensed Financial Institutions licensed by the Central Bank of the UAE in relation to their activities specified in Article 65 of the Decretal Law No. 14 of 2018. |
Consumer(s) |
means a Customer for the purpose of Central Bank of the UAE Consumer Protection Regulation and the accompanying Consumer Protection Standards. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain services and/or products from AHB, with or without charge, to satisfy their personal need or others’ needs. |
Controller(s) |
means, as per the CPS, a natural or legal person, public authority, agency, or other body that has the authority over the Processing of Personal Data. This entity is the focus of most obligations under privacy and Applicable Law. It controls the use of Personal Data by determining the purposes for its use and the manner in which the data will be processed specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity. Means, as per the UAE Data Protection Law, the establishment or the natural person who is in the possession of the Personal Data and who, by virtue of its activity, alone or jointly with other persons or establishments determines the means, methods, criteria and purposes of the Processing of such Personal Data. |
Customer(s) | means anyone who uses, participates in, purchases or subscribes to any AHB Offering. |
Data Breach(es) |
means, as per the CPS, any unauthorised or accidental loss, misuse, modification, access, disclosure or Destruction of Personal Data. Means, as per the UAE Data Protection Law a breach of information security and Personal Data through unauthorised or unlawful access thereto, including replication, transmission, distribution, exchange, transfer, communication or Processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed. |
Data Protection | means the protection of Personal Data. |
Data Protection Officer or DPO | means any natural or legal person appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof. |
Data Protection Regulator | means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law, for example the UAE Central Bank, as per the CPS and The Emirates Data Office (“The Office”), as per the UAE Data Protection Law. |
Data Subject(s)/ Individual |
means, as per the CPS, any individual, who can be identified (either directly or indirectly) through one or more elements of Personal Data that are collected, used, shared, or otherwise processed as part of AHB’s operations. Means, as per the UAE Data Protection Law, the natural person to whom Personal Data relates. |
Data Subject Right(s) | means the set of rights afforded to individuals located in UAE, as per Applicable Law, who request information about the Personal Data collected or stored by AHB and to exert choice or control over how that data is used by AHB in accordance with Applicable Law. |
Destruction of Personal Data | means Personal Data no longer exists. |
Employee(s) | means any staff of AHB. |
Express Consent | means an indication that the Data Subject/ individual has given an active, clear and unambiguous agreement for their Personal Data to be used in a specific way, including, for example by signing a document, sending an email. |
Know Your Customer or KYC | means mandatory requirements to ensure updated information about AHB’s Customers, to perform identity verification and prevention of illegal transactions through the business relationship with AHB such as money-laundering, identity theft. |
Loss of Personal Data |
means that the Controller has lost control or access to the Personal Data. |
Personal Data | means any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his name, voice, image, identification number, online identifier, geographical location, or one or more physical, physiological, economic, cultural or social characteristics. Personal Data includes Sensitive Personal Data and Biometric Data. |
Processing | means any operation or set of operations performed upon Personal Data using any electronic means including the Processing or other means, including collection, storage, recording, organisation, adaptation or alteration, communication, modification, retrieval, exchange, sharing, use, description, disclosure by broadcasting, transmission, dissemination, or otherwise making available, formatting, merging, restriction, blocking, erasure, destruction or creation of a model of Personal Data. |
Processor(s) | means an establishment or a natural person who processes Personal Data on behalf of the Controller and under his supervision and instructions. |
Profiling | means a form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to the Data Subject. |
Recipient(s) |
means the entity to whom Personal Data is transferred. Target sectors to which Personal Data is transferred include, but is not limited to:
|
Sensitive Personal Data | means any data that directly or indirectly reveals a natural person’s family, ethnic origin, political or philosophical views, religious beliefs, criminal record, Biometric Data, or any data related to such person’s health and consisting of his physical, psychological, mental, cognitive, genetic or sexual status, including any information related to the provision of healthcare services to him which reveal his health condition. |
UAE | means the United Arab Emirates. |
UAE Data Protection Law | means Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data issued by the Cabinet of United Arab Emirates. |
Branches & ATMs