Privacy Policy
This privacy policy (the “Privacy Policy”) applies to all information we collect, use and process about you as a customer, potential customers, and third parties in relation to the products/services you receive from us carried out by Arab National Bank (referred to as “anb” in this policy).
anb is a data controller in respect of personal information that we process in connection with our
business (including the products and services that we provide). In this policy, references to “we”, “us” or “our” are references to ANB. The purpose of this policy is to explain the purpose of personal data collection, what personal data to be collected, what means are used for data collection, processing, storage and destruction. This policy also highlights the rights of the data subjects and how they can exercise the rights. “Personal information” means any information, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual.

For the avoidance of doubt, we would like to clarify that this Policy does not alter any agreement applicable to your business relationship with us, including the General Conditions.

It is important that you check back often for updates to the Privacy Policy. You will also be notified of any significant changes in this policy. We may update this Privacy Policy periodically to reflect changes in our personal information practices with respect to the Services or changes in applicable law. We will post a policy on our website to notify you in advance of material changes to our Privacy Policy and indicate at the top of the Privacy Policy when it was most recently updated.

Table of Content:
What types of personal data do we collect? For which purposes do we process your Personal Data and what legal basis do we rely on?
 
How do we protect Personal Data? Who has access to Personal Data and with whom are they shared?
How long do we store your data? What are your rights and how can you exercise them?
What are the consequences of not providing personal data? Collection of Data from Minors
 
Updates to this Policy Changes to your Personal Data
Contact Details  



 

1.    What types of personal data do we collect?

We collect and process various categories of personal information at the start of, and for the duration of, your relationship with us and beyond (subject to appropriate retention periods as set out in section 5 below). We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this policy. Personal information may include: (to the extent permitted by applicable law):
  • Personal details such as your name, identification number, date of birth, compliance related documents (including a copy of your national identity card or passport where it is required by law, or by a competent public authority), phone number, address and residency status electronic address, and family details such as the name of your spouse, partner or children;
  • Financial information, including payment and transaction records and information relating to your assets (including fixed properties), financial statements, liabilities, revenues, earnings and investments (including your investment objectives);
  • Professional information, wherever relevant, about you, such as your job title and work experience;
  • Your knowledge of and experience in investment matters;
  • Details of our interactions with you and the products and services you use, including electronic interactions across various channels such as e-mails and mobile applications;
  • Any records of phone calls between you and ANB, specifically phone log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls;
  • Voice recording and communication data;
  • Details of your nomination of a mandate, wherever relevant;
  • identifiers we assign to you, such as your client, business relation, contract, partner or account number, including identifiers for accounting purposes;
  • when you access ANB websites or some of our applications, your activity in our products and services, data transmitted by your browser or device you are using and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your device, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our website if their disclosure is made voluntarily, e.g., in the course of a registration or request); and
  • In some cases (where permitted by law), special categories of Personal Data, such as your biometric information, political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.
  • We may use cookies, tracking technologies and other means to collect and process the above information from different channels and devices you use, including e-mail and devices that you use to interact with us to access ANB websites, ANB platforms, products, services and applications for mobile devices. 

Cookies are small data files that are placed by a website server on your web browser, processor memory or hard drive of your computer or mobile device when you visit a website. To place the cookie in the browser memory, a small code snippet is placed along with other codes on the web page. As the browser loads the web page, these code snippets also get executed placing the cookies in the browser memory. As you browse, cookies gather and store information about the way you use that website for example, the device you are using laptop/mobile or tablet, browser type and its version, Operating System, which pages visited, time spent on the site etc.

Generally, cookies on ANB websites are the following categories:
 

Category  

Description
Strictly Necessary or Essential cookies These cookies are essential to enable navigation around ANB website and web features.
Performance cookies These cookies collect information about customer visit and often visited sites used for enhancing customer experience through analytics.
All information these cookies collect is anonymous and only used to improving customer service.
Advertising or Marketing These cookies are used for Marketing campaigns.

•    For more details on the cookie policy please refer to the Cookie Policy section on ANB Privacy Page.

In some cases, we collect this information from public registers, public administration or other third-party or public sources, such as credit reference agencies, financial crime prevention service provider agencies, intermediaries that facilitate data portability.
 

2.    For which purposes do we process your Personal Data and what legal basis do we rely on?

2.1.     Purpose of Processing

We always process your Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. In particular, we process Personal Data, within applicable legal limitations, for the following purposes:

A.    Essential Product and Services
  • Client Onboarding: To verify your identity and assess your application (including the need for guarantees or other securitization tools if you apply for credit);
  • To provide products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;

B.    Client Relationship Management
  • To manage our relationship with you, including communicating with you in relation to the products and services you obtain from us and from our business partners, handling customer service-related queries and complaints, facilitating debt recovery activities, making decisions regarding credit or your identity, tracing your whereabouts, and closing your account (in accordance with applicable law) if it remains dormant and we are unable to contact you after a period of time;
  • To receive and handle complaints, requests or reports from you or third parties made to designated units within ANB;

C.    To enhance our service quality and provide a personalized experience.
  • To help us to learn more about you as a client, your preferences on the products and services you receive, including profiling based on the processing of your Personal Data, for instance by looking at the types of applications, platforms, products and services that you use from us, information we obtain via monitoring software and how you like to be contacted;
  • To evaluate whether and how ANB may offer products, services and events, including those offered by us and that may be of interest to you;

D.    Marketing and Awareness
  • To contact you for direct marketing purposes about products and services we think will be of interest to you;
  • To analyze the results of our marketing activities to measure their effectiveness and relevance of our campaigns;

E.    To serve you and your Affiliates
  • To provide services to child or incompetent, we may collect and process their personal data only if their legal guardian consents for the same. We will verify the identity of the legal guardian before processing the personal data of child or incompetent and will reach out to the guardian for any intention to communicate directly with the child or incompetent individual;
  • We may collect and process your personal data if you are the owner, a board member, or a representative of a company to fulfill our contractual obligations, communicate effectively, and provide relevant services to the organization;

F.    Ensure Compliance with regulatory obligations
  • To carry out legal and regulatory compliance checks, including during the onboarding process and through periodic reviews, in order to meet our ongoing obligations. This includes complying with anti-money laundering laws, fraud prevention, financial crime prevention, and other regulatory requirements such as recording and monitoring communications, applying risk classifications to business relationships, and making disclosures to tax authorities, financial service regulators, and other regulatory, judicial, or governmental bodies. This may involve profiling based on the processing of your personal data, such as analyzing how and from which geographic location you use our applications, products, and services;
  • To reply to any actual or potential proceedings, requests or the inquiries of a public or judicial authority;
  • To share periodic reports with regulators and law enforcement agencies;

G.    Other purposes:
  • For ANB’s operational management (including credit, compliance and risk management, technological support services, reporting, insurance, audit, systems and products training and administrative purposes);
  • To collect data to ensure the security of buildings, the safety of staff and visitors, as well as property and information located, stored on or accessible from the premises, to prevent, and if necessary, investigate unauthorized access to secure premises (e.g., maintaining building access logs and CCTV system images to prevent, detect and investigate a theft of equipment or asset owned by ANB, visitor or staff, or threats to the safety of personnel working at the office);
  • To undertake transactional and statistical analysis, and related research; 
  • To exercise our duties and/or rights vis-à-vis you or third parties;
  • To provide IT solutions to you and ensure their proper execution in accordance with your instructions and our contractual arrangements with you, for instance by providing incident management and testing directly connected to the provision of the service, or by supporting our obligations regarding Personal Data storage, legal and regulatory compliance, audit activity and investigations;
  • To take steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide;
We use both automated and manual methods to process your Personal Data for these purposes. Our automated methods often are related to and supported by our manual methods. 
 

2.2.    Basis for processing of Personal Data

ANB processes your Personal Data as per the principles stated in Personal Data Protection Law (PDPL). The processing of your Personal Data will be one of the following grounds:
  • We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
  • When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
  • Necessary for the legitimate interests of ANB, without unduly affecting your interests or fundamental rights and freedoms and to the extent such Personal Data is necessary for the intended purpose (such as when we use your data for some of the purposes in Section 2.1 a), b), d), e), f), g) and h). 
  • Our activities where we may rely on your consent, including where we process certain special categories of data (as described in Section 1); where we use cookies or similar technologies (as described in Section 8); or where we collect your permission for sending marketing communication or any other processing where we request your consent.
  • In some cases, necessary for the performance of a task carried out in the public interest.
  • In some case, to process the personal data of a child or legally incompetent individual, by obtaining explicit consent from their legal guardian.
Where the Personal Data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this Personal Data, there is a possibility, we may be unable to on-board you as a client or provide products or services to you (in which case we will inform you accordingly).
 

3.    How do we protect Personal Data?

We take data protection seriously and, in our commitment, to safeguarding your information, we employ a robust security measures and best practices. This includes access controls, encryption, regular security assessments, and employee trainings. We continuously monitor and adapt our security measures to mitigate risks and protect your information from unauthorized access, disclosure, alteration, or destruction. Our vigilant approach to information security ensures the highest standards of privacy and compliance with data protection regulations.
 

4.    Who has access to Personal Data and with whom are they shared?

4.1 Within ANB

  • We usually share Personal Data within ANB, for the purposes indicated in Section 2.1, to ensure a consistently high service standard across the bank, and to provide services and products to you.
  • Our subsidiaries within ANB who are required to process the data as per the purposes set out in this Privacy Policy.
  • Any joint account holders, guarantors, trustees or beneficiaries who are authorized to receive your personal data.
  • Anyone who operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney.

4.2 Outside ANB

  • Providers of payment-processing services and other businesses that we use to process your payments.
  • Government-authorized Credit Information Agencies and fraud prevention agencies to comply with the mandatory legal and regulatory obligations.
  • Your fund managers who provide asset management services and any brokers who introduce you to us or deal with us for you.
  • Independent third-party service providers (including their sub-contractors) such as collection agents or providers who may deliver a gift or provide a gesture of goodwill;
  • Our hotels, restaurant, airlines business partners, along with whom we provide services and service providers who provide services on their behalf.
  • Insurance providers, including underwriters, brokers and associated parties;
  • Analytics providers who optimize our website and apps by measuring the performance of our online campaigns and analyzing visitor activity;
  • Social media companies to display messages to you about our products and services or make sure you do not get irrelevant messages;
  • Any people or companies as required in connection with potential or actual corporate restructuring, merger, acquisition, or takeover including the transfer of any of our rights or duties under our agreement with you;
  • Law enforcement authorities, government bodies, courts, dispute resolution bodies, regulators, auditors, and any party appointed by our regulators to carry out investigations or audits of our activities;
  • Fintech Applications, integrating cutting-edge financial technology for enhanced your experiences;
  • Background Verification Services, ensuring thorough verification processes for reliable information;.
  • Repossessing Companies, managing and recovering assets from auto lease department when necessary.
  • Logistic Service Provider, ensuring efficient and secure delivery logistics for credit cards.

4.3 Data transfers to other countries

We are headquartered in Riyadh, Kingdom of Saudi Arabia. We may transfer your personal data to other countries where we (or other companies within the ANB Group or authorities) or our service providers that maintain operations.
When we transfer personal data, we ensure it has an appropriate level of protection and that the transfer is lawful. This includes relying on adequacy decisions issued by the relevant data protection authority and using standard contractual clauses for transfers of personal data. You can obtain more details of the protection given to your information when it is transferred by contacting us using the contact details, refer to section 10
 

5.    How long do we store your data?

We will retain your Personal Data for:
  • The duration of our banking relationship; and 
  • For as long as necessary to fulfil the purpose for which it was collected.  
However, we will not keep your personal information for longer than is necessary for the purpose for which it was collected. This means that information will be destroyed or erased from our systems when it is no longer required. We take appropriate steps to ensure that we process and retain information about you based on the following logic:
  • At least the duration for which the information is used to provide you with a service;
  • As required under law, a contract, or with regard to our statutory obligations;
  • Only for as long as is necessary for the purpose for which it was collected, is processed, or for longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.
Please note that there may be instances where we are unable to enforce your instructions with respect to delete your personal information due to legal or regulatory requirements, such as those set by authorities like SAMA.
However, when we no longer require the Personal Data that ANB collected about you, we will either delete or anonymize them (so that it is no longer personally identifiable with you) or, if this is not possible (for example, due to your Personal Data has been stored in backup archives), then we will isolate your Personal Data from any further processing, employing security safeguards designed to protect it until deletion thereof is possible.
 

6.    What are your rights and how can you exercise them?

You have the right to exercise your data subject rights, including requesting whether the bank is using or storing your personal information, obtaining copies of your personal data, updating, completing or deleting your personal data.
 

6.1 Your Rights

Rights

Description
Right to Access: You have a right to get access to the personal information we hold about you You have the right to access the personal data we hold about you, in accordance with the rules and procedures set out in the relevant regulations.
When you raise a request, we will provide you with any of your personal data that we are processing.  The more specific you are about what you are looking for the more quickly and effectively we can respond to your request.

This right allows you to understand how your personal data is being used and to verify its lawfulness. However, please note that your access may be restricted in certain circumstances, such as if limiting access is necessary to protect you or others from harm.
These limitations are set to ensure that the exercise of your right to access does not adversely affect the rights and freedoms of others or compromise security.
Right to request a copy: You can obtain a copy of your personal data that was previously provided to us, in a legible and clear format, with some exceptions You have the right to request a copy of your personal data that you previously provided to us, in a legible and clear format, with some exceptions.

This right allows you to obtain your personal information in a structured, commonly used, and machine-readable format. This is particularly useful if you wish to switch services or take control of your personal information. However, please note that this right only applies to information that you provided to us.
Right to request correction or completion or updating: You have a right to rectification of inaccurate personal information and to update incomplete personal information You have the right to request the rectification of inaccurate personal information and to update incomplete personal information.

If you believe that the personal information, we hold about you is incorrect, outdated, or incomplete, you can request that we correct, update, or complete this information. This ensures that the data we process is accurate and up to date, which is essential for the proper provision of our services. We will take reasonable steps to verify the accuracy of the information before making any changes.
Right to Deletion or destruction: You have a right to request that we delete your personal information You may request that we delete your personal information if you believe that:
  • We no longer need to process your information for the purposes for which it was provided;
  • We have requested your permission to process your personal information where required for a particular purpose and you wish to withdraw your consent; or
  • We are not using your information in a lawful manner. 
Please note that there are some occasions when we may retain your personal information for legal, regulatory (including statutory retention periods) or judiciary. Also, we may not be able to delete your personal information for technical reasons. Also Bearing in mind that, if you request that we delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Withdraw consent – You have a right
to withdraw your consent		 You have the right to withdraw your consent where ANB obtained your consent to process personal data such as used for direct marketing, you have the right to object to direct marketing, including any related profiling activities

Where we process your Personal Data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, we will honor such withdrawal requests, but these rights are not absolute: they do not always apply, and exemptions may be engaged. For such requests, please reach out to us on the contact details given below.
Lodge complaints – You have
a right to lodge a complaint with
the regulator.		 If you wish to raise a complaint on how we have handled your personal information, please use our online complaints process which can be found here: https://anb.com.sa/ar/web/anb/questions-complaints . Alternatively, you can contact our Data Governance and Privacy Office at privacy@anb.com.sa who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the competent authority for lodging complaints.
 

6.2 Exercising your Rights

To exercise the above rights, please:
  • Contact ANB’s customer care on the details mentioned in the contact section below
  • Raise your request through the Data Subject Request section on ANB Privacy
  • Visit our branches
  • Use the Mobile Internet Banking service
  • You can also reach out to us through virtual branch and social media

7.    What are the consequences of not providing personal data?

Choosing not to provide necessary personal data or requesting the removal of your personal information may impact your ability to access the services we offer.
 

8.    Collection of Data from Minors

In accordance with applicable laws, we may process the Personal Data of data subjects that fully or partially lacks legal capacity only with the verified explicit consent of their legal guardian. We will take appropriate steps to verify the identity and legal authority of the guardian. The legal guardian may exercise the Data Subject's rights as applicable under the law. We ensure that this processing does not harm the Data Subject’s interests and that they can exercise their rights upon reaching legal capacity. For any concerns, please contact us via the details in section 10.
 

9.    Updates to this Policy

This Policy was updated in September 2024. We reserve the right to amend it from time to time.
Your review of this Privacy Policy and continue dealing with ANB shall constitute your explicit consent to the bank with respect to processing your personal data and/or changing the purpose for which it has been collected, including transferring thereof inside or outside the Kingdom. Continue to deal with ANB shall also be considered an explicit consent to the bank to obtain your personal data from you directly or from others in accordance with the Personal Data Protection Law, its Implementing regulation, and instructions from regulators.
 

10.    Changes to your Personal Data

We are committed to keeping your Personal Data accurate and up to date as provided to us. As such, you are required to keep us informed of any changes to your Personal Data without delay.
 

11.    Contact Details

You can contact us to update your preferences, correct your information, submit a request, or ask us questions.
The easiest way to do so is through the Support Section at out Contact us page 

You can send us your queries at: CustomerCare@anb.com.sa
You can call us on: 8001244040 or +966112127555


DPO Details:
Contact     Details
Data Governance and Privacy Office   privacy@anb.com.sa