1. Policy Statements
1.1. PURPOSE OF COLLECTING PERSONAL DATA AND PROCESSING
This Privacy Notice explains what personal data we collect about you and other people (such as your family or joint account holders) why we collect, whom we share it, how long we keep it, and what rights you have in relation to that personal data.
1.2. WHAT IS PDPL AND HOW anb IS IMPLEMENTING IT?
The Personal Data Protection Law (PDPL), as amended, is the first of its kind to be passed in the Kingdom of Saudi Arabia (KSA). PDPL was issued by the Royal Decree on September 17, 2021. It regulates on how businesses collect, process, and store personal data about individuals residing in KSA.
anb processes personal data as per the principles stated in PDPL. This includes ensuring that there is a legal basis for processing personal data, as well as ensuring that personal data is processed fairly, lawfully, transparently, and securely. In addition, safeguards are put in place to protect personal data from loss, damage, or destruction.
1.3. FROM WHERE WE COLLECT THE PERSONAL DATA?
We collect your personal data from the following sources:
• anb branches
• anb web and mobile applications
• Other anb entities;
• Credit Information agencies and fraud prevention agencies;
• People appointed to act on your behalf;
• Third party providers and partners to help us improve the personal data we hold and to provide more relevant and interesting products and services to you;
• Joint account holders;
• Our co-branded financial services product partners such as anb Capital.
• Criminal record checks from organizations authorized to provide this data;
• Debt recovery agents;
• Advertisers and social media partners may share technical information and information about your visits with them including your experiences or interactions with them;
• Databases made available by official authorities and government authorized sources to update/verify your documents; and
• Publicly available sources.
1.4. WHAT PERSONAL DATA IS COLLECTED?
Personal data includes information that we collect and process about you depending on the products or services you obtain or receive. Typically, we process the following categories of information about yourself that you provide us with:
1.5. IS IT OBLIGATORY OR VOLUNTARY TO PROVIDE MY PERSONAL DATA?
||Name, previous names, nationality, photograph, gender, date, and place of birth.
||Email address, residential address (national address) or business address and contact telephone number.
||National ID, Iqama Number, Passport number and any other similar items.
||Bank account number, statement of account, credit or debit card numbers, financial history, credit score and authentication-related information.
|Economic, financial and residency information
||Income and other revenues, the value of your assets and your country of residence.
|Education and Employment related data
||level of education, employment, employer’s name and remuneration.
||Details about payments to and from your accounts including repayments of any loan or credit facilities, beneficiary names, account numbers, addresses and transaction details.
||Information you give to us by filling in any of our forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.
||Details of any marketing preferences we receive from you.
|Video protection (including CCTV)
||Surveillance of our premises and ATMs for security reasons.
||Telephone conversation when you connect with our call center. We may also collect any phone number you use to call our customer service team (including call metadata such as the date, time and length of a call) or the social media channel you use to connect with our customer service team. We may record calls for training and performance purposes to establish clear records and for legal reasons.
||For certain products and services, we may collect your racial/ethnic origin, religious beliefs, biometric data, health data and information about criminal convictions and offences.
||Fingerprints, voice patterns or facial recognition which can be used for identification and security purpose where required.
||Health data may be required and held by us in relation to some insurance contracts.
We need your personal data to provide you with the services or products requested by you.
After you submit an application form to us or become our customer, we have certain legal obligations to process your personal data. If you do not provide us with the requested personal data, we will be unable to comply with the legal or regulatory obligations and will not be able to offer our products and services to you.
It is voluntary for you to provide us your personal data or consent for sales or marketing purposes.
We make it clear on our application forms what personal data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*).
1.6. AUTOMATED PROCESSING
The way we analyze personal data relating to our services may involve profiling or other automated methods to make decisions about you that relate to the following purposes:
• Credit and affordability checks (including credit limits) – we will consider a number of factors including information about your income, expenses and how well you have kept up on payments in the past.
• Anti-money laundering, sanctions checks and screening 'politically exposed' people.
• Monitoring your account for fraud and other financial crimes – we will assess your transactions to identify any that are unusual processes.
• Assessments required by regulators and appropriate authorities – certain details in your information may suggest that you are likely to become financially impacted and we may need to help you.
You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.
1.7. HOW LONG PERSONAL DATA IS RETAINED?
We retain your personal data for any period as mandated by the regulations, necessary for the purpose for which your personal data was collected, processed, required by law or where we may need it for our legitimate purposes such as maintaining records for analysis or audit purposes, responding to queries or complaints, monitoring fraud, defending or taking legal action and responding to requests from regulators.
If you opt-out from receiving marketing communications or object to any other processing of your personal data, we may keep a record of your objection to ensure that we continue to respect your wishes and do not contact you further.
1.8. HOW PERSONAL DATA IS RETAINED & PROTECTED?
We implement internal technical and organizational measures to keep personal data safe and secure including encryption, anonymization and physical security measures. We require our staff and any third parties who carry out any work on our behalf to comply with strict compliance standards including agreeing to contractual obligations to protect any personal data.
When we collect personal data, we provide a safe, secure and confidential environment in all of our delivery channels to ensure that your personal data remains private and used for the purposes it was requested for. We have a legal obligation to keep your personal data confidential, except in circumstances where the disclosure of your personal data is imposed by a legal authority; or in circumstances where the disclosure is made with your explicit consent or through a representative nominated by you.
We use a range of measures to keep your personal data secure and protected against unlawful processing, accidental loss, destruction and damage.
When we interact with external service providers, we require them to provide the same data protection standards to be assured.
1.9. WHOM DO WE SHARE YOUR PERSONAL DATA WITH?
We may share your personal data with:
• Our subsidiaries within anb who are mandated to be required for the purposes set out in this Privacy Notice.
• Any joint account holders, guarantors, trustees or beneficiaries who are authorized to receive your personal data.
• Anyone who operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney.
• Providers of payment-processing services and other businesses that we use to process your payments.
• Government-authorized Credit Information Agencies and fraud prevention agencies to comply with the mandatory legal and regulatory obligations.
• Your fund managers who provide asset management services and any brokers who introduce you to us or deal with us for you.
• Independent third-party service providers (including their sub-contractors) such as collection agents or providers who may deliver a gift or provide a gesture of goodwill;
• Our hotels, restaurant, airlines business partners, along with whom we provide services and service providers who provide services on their behalf.
• Insurance providers, including underwriters, brokers and associated parties;
• Analytics providers who optimize our website and apps by measuring the performance of our online campaigns and analyzing visitor activity.
• Social media companies to display messages to you about our products and services or make sure you do not get irrelevant messages;
• Any people or companies as required in connection with potential or actual corporate restructuring, merger, acquisition, or takeover including the transfer of any of our rights or duties under our agreement with you.
• Law enforcement authorities, government bodies, courts, dispute resolution bodies, regulators, auditors, and any party appointed by our regulators to carry out investigations or audits of our activities.
1.10. IS YOUR PERSONAL DATA TRANSFERRED TO COUNTRIES OUTSIDE THE KSA?
We are headquartered in Riyadh, Kingdom of Saudi Arabia. We may transfer your personal data to other countries where we (or other companies within the anb Group) or our service providers that maintain operations.
When we transfer personal data, we ensure it has an appropriate level of protection and that the transfer is lawful. This includes relying on adequacy decisions issued by the relevant data protection authority and using standard contractual clauses for transfers of personal data. You can obtain more details of the protection given to your information when it is transferred by contacting us using the contact details, please refer to section 2.
1.11. HOW WE MANAGE DATA SUBJECT RIGHTS?
Your choices and rights as a Data Subject. you have the right to:
• Ask for an access or a copy of the personal data we collect and process;
• Ask to correct, update, or modify personal data we hold;
• Ask to delete the personal data;
• Ask to withdraw the consent.
1.12. WHAT IS OUR COOKIES POLICY?
Cookies are pieces of information that a website transfers to the cookie file on customer’s device. anb cookies cannot look into customer’s computer/devices and obtain information about them or their family information. Cookies cannot read any material kept on their hard drive, only when customer logs into online banking website it identifies them, store or update certain parameters on the cookie file, and cookie does not reveal customer’s identity.
1.12.1 TYPE OF INFORMATION COLLECTED USING COOKIES AND TRACKING TECHNOLOGIES
anb collects information that does not reveal customer specific identity or does not directly relate to an individual. anb collects the following information when customers use anb website:
• Customer equipment details, browsing actions and patterns gets collected.
• Information about customer computer and internet connection, including usage details, time of requests, browser types, operating system, IP addresses and information collected through cookies and other tracking technologies.
• Details of customer’s visits to our website, including traffic data, location data, logs and other communication data and the resources that customer access and use on the Website.,
• browser type.
1.12.2 COOKIE CATEGORIES USED ON ANB WEBSITE
Generally, cookies on anb websites are the following categories:
|Strictly Necessary cookies
||These cookies are essential to enable navigation around anb website and web features.
||These cookies collect information about customer visit and often visited sites.
All information these cookies collect is anonymous and only used to improve customer service.
||These cookies allow a site to remember customer choices (such as customer username, language, or the region) and provide more enhanced, personal features.
anb maintains the highest levels of confidentiality of this information. This anonymous information used and analyzed only at an aggregate level to help anb to understand trends and patterns.
1.13. DO WE USE YOUR PERSONAL DATA FOR MARKETING?
If you opt in, we will send you marketing messages and information about our products and services and use your personal data for marketing and market research purposes. We may use your personal data for market research and statistical purposes. We may share your personal data, your transactions, what products or services you have with our marketing research partners outside anb. Market research agencies acting on our behalf may get in touch with you (by post, telephone, email or any other form of messaging) to invite you to take part in research.
Even if you opt out we will continue to use your contact information to provide you with important information about your products and services, such as changes to the terms and conditions and account statements, or where we’re required to do so by law.
1.14. HOW DO WE PROTECT CHILDREN PERSONAL DATA?
All of our websites and applications are intended for use only by individuals who are at least 18 years old. If you are under the age of 18, your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.
1.15. CHANGES ON PRIVACY NOTICE
This privacy notice was last updated on 6/2023, and we reserve the right to make changes to this notice at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this notice. Any changes or modifications will be effective immediately upon posting the updated notice on the site, and you waive the right to receive specific notice of each such change or modification.
You are encouraged to periodically review this notice to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised notice by your continued use of the Site after the date such revised notice is posted.
anb is the data controller for the purposes of applicable data protection laws.
If you have any concerns as to how your data is collected and processed, you can contact our Data Privacy Office at email@example.com