Letters spacing
Line height
Default
Big
More big
Default
Black & White
ADCB Privacy Notice Abu Dhabi Commercial Bank PJSC – KSA Branch
1. Who We Are
1.1 Abu Dhabi Commercial Bank PJSC – KSA Branch (“ADCB”, “Bank”, “We” or “Our”)
1.2. Data Protection in ADCB is regulated by the Kingdom Of Saudi Arabia (“KSA”) Data Protection Law and the KSA Central Bank “SAMA” Consumer Protection Regulation and accompanying Consumer Protection Standards.
1.2 Our Contact Information
- National Address:Building No. 2239, Al-Urubah Road, Secondary No. 9597, Al-Olaya District, Postal Code 12214, Riyadh, Kingdom of Saudi Arabia), Short Address (RHOB2239)
- Email: [email protected]
2. Introduction - Purpose and Applicability of This Privacy Notice
ADCB is committed to protecting your privacy and your Personal Data. To do so, it follows general principles in accordance with applicable privacy laws.
This Privacy Notice (“Notice”) details:
- the Personal Data we Process about you;
- the legal basis and purpose of that Processing;
- if and whom we share your Personal Data with;
- how long we retain your Personal Data;
- your data privacy rights and choices regarding the Personal Data we process about you; and
- the various measures we have in place to protect the security of your Personal Data and minimise the potential for its unauthorised use, disclosure and destruction.
The terms of this Notice will apply to you when you use our products or services, banking channels, visit our online services at https://www.adcb.com and any of its ancillary pages and websites (the “Websites”), or provide us with your Personal Data.
ADCB may change this notice from time to time if required by law or where there are any changes to its business practices. Should you wish to contact us to discuss any questions, concerns and comments you may have regarding your Personal Data that we process, please reach us through our contact details provided in section “Our Contact Information” of this Notice.
3. Our Role as Controller and Processor
3.1 Controller
A Controller is an entity who solely, or jointly with others, determines the how and the why of Personal Data Processing. In most cases, we will act as the Controller when Processing your Personal Data.
3.2 Processor
A Processor is an entity who processes Personal Data on behalf of another entity, i.e the Controller, and does so solely on the basis of instructions provided by the Controller.
4. Understanding Personal Data and Processing
Personal Data and Processing have very specific meanings under Applicable Law. It is important that you understand these terms.
4.1 What is Personal Data?
Personal Data means any data which relates to a living individual (natural person) regardless of its source or form, who can be identified directly or indirectly from that data. The definition includes a wide range of personal identifiers that constitute Personal Data, including names, identification numbers, location data or online identifiers, contact numbers, license numbers, records, and personal property, bank accounts, still or moving images, and any other data of a personal nature., in line with data protection law, reflecting changes in technology and the way organizations’ collect information about people. Examples of Personal Data we may collect from you include:
- marital status (married, single, divorced);
- national origin; age; language; birth; education;
- financial history (e.g. income, expenses, obligations, assets and liabilities or buying, investing, lending, insurance, banking and money management behaviour or goals and needs based on, amongst others, account transactions);
- employment history and current employment status (for example when a customer applies for credit);
- gender or sex (for statistical purposes as required by the law);
- identifying number (e.g. Saudi ID number: an account number, national identity number or passport number, NI number and driver’s license number);
- email address; physical address (e.g. National address, work address or physical location); telephone number;
- information about a customer’s location (e.g. geolocation or GPS location); · online identifiers; social media profiles;
- biometric information (e.g. fingerprints, signature or voice);
- race (for statistical purposes as required by the law);
- physical health; mental health; wellbeing; disability; religion; belief; conscience; culture;
- medical history criminal history; employment history; contact information;
- transactional data;
- website technical data: e.g. your internet protocol (IP) address, website login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website; and
- website profile and usage data: e.g. your interests, preferences, feedback and survey responses, information about how you use our Websites, transaction details while performing online payments: e.g. merchant name, location, device used.
4.2 What is Processing?
In this Notice the term “process or processing” explains how we collect, use, store, makes available, destroy, update, disclose, or otherwise deal with your Personal Data. As a general rule, we will only process your Personal Data if this is required to deliver or offer a product or service to you or comply to a regulatory requirement. The Bank respects customers’ privacy and ensures its duty of confidentiality is maintained throughout our relationship with you.
5. Personal Data We Collect About You and the Purposes for Which We Do So
When you choose ADCB to provide you with banking and other services we need to collect Personal Data from you in order to supply those products or services and comply with our legal and regulatory obligations. Where we are Processing your Personal Data based on your Consent, you have the right to withdraw your Consent at any time, and this will take effect within 30 calendar days. You can do this by contacting us at [email protected]. Please refer to section 14 ‘Marketing from Us’ for information in relation to withdrawing Consent for marketing communications.
We have set out in the table below why we process your Personal Data, what Personal Data we collect, and the legal basis for such Processing.
| Processing Activities | Description | Legal Basis |
|---|---|---|
| Account Opening | Personal Data processed: Name, contact details, address, Saudi ID details, passport details, date of birth, nationality, employment details, transaction pattern (no of credits/no of debits), source of income, and income details.
Processing description: We process your Personal Data in order to consider and process your application for an account with us. This Processing is necessary in order for us to take regulatory steps at your request before we enter into an agreement with you and is also necessary for deciding whether or not we can offer you the product you have applied for. This type of Processing is required in order for you to enter into an agreement with us. Personal Data is also required as part of regulatory financial crime protection, including Know Your Customer (“KYC”) process mandated for account opening. We use your Personal Data to prepare KYC forms, CRS forms, application forms, and to evaluate your Customer profile. In respect of fraud searches and identity verification, this Processing is necessary for fraud prevention and to comply with our legal obligations. If you do not provide this information, then we cannot proceed with your application. Processing form: Physical, digital platform, and ADCB mobile applications. |
Consent |
| Account Closing | Personal Data processed: Name, account number, bank account number, bank statements, CID, credit card number, date of birth, debit card number, home address, Saudi ID details, passport details, phone numbers, contact details.
Processing description: We process your Personal Data in order to consider and process your account closure request and to handle dormant/inactive accounts. Processing form: Physical, digital platform, and ADCB mobile applications. |
Consent |
| Credit Card | Personal Data processed: Name, Saudi ID details, passport details, date of birth, nationality, your mother's maiden name, banking details, home country address details, employment details, income details, name and contact of two friends.
Processing description: We process your Personal Data in order to consider and process your application for a credit card. Such Processing may include credit assessment, Profiling, and cross sales. Your Personal Data may be shared with Authorities upon request. We will obtain Consent to check your credit score with The Saudi Credit Bureau (“SIMAH”). Processing form: Physical and digital platform. |
Consent |
| Debit Card Delivery | Only contact and delivery information is shared with a third party courier for debit card delivery. | Consent |
| Personal Finance & Auto Finance | Personal Data processed: Name, Saudi ID details, passport details, date of birth, nationality, banking details, home country address details, employment details, income details, name and contact of two friends.
Processing description: We will obtain Consent for checking your credit score with SIMAH. . Processing form: Physical and digital platform. |
Consent |
| Home Finance | Personal Data processed: Name, Saudi ID details, passport details, date of birth, nationality, mother's maiden name, banking details, home country address details, employment details, income details, name and contact details of two friends.
Processing description: We will obtain Consent for checking your credit score with SIMAH. Processing form: Physical and digital platform. |
Consent |
| Loans | Personal Data processed: Name, account number, bank account information, bank account number, bank statements, CID, company entity, contact information, contract type, date of birth, home address, job title role, Saudi ID details, office location, passport information, salary wage, signature.
Processing description: We process your Personal Data in order to consider and process your application for a loan with us. Processing form: Physical and digital platform, relevant loan application form. |
Consent |
| Guarantees | Personal Data processed: Name, account number, bank account information, bank account number, CID, contact details, home address, letter communication, signature.
Processing description: We process your Personal Data in order to consider and process your application for a guarantee. Processing form: Physical and digital platform, Letter of Guarantee application, third party indemnity (if the guarantee is to be issued on behalf of a third party). |
Consent |
| Transactions Processing | We process your Personal Data in order to process transactions to and from your account. | Consent |
| Declined Onboarding | If your application is declined, we will store your personal information in accordance with our record retention procedures and to comply with our legal obligations. | Consent |
| Regulatory and Law Enforcement Requests | We may process your Personal Data to handle requests and instructions from regulators, law enforcement departments and the Ministry of Interior that ask for information about specific individuals. | Compliance with a legal obligation |
| Dispute Resolution | We may process your Personal Data to resolve disputes. | Consent and compliance with a legal obligation |
| Issuance of letters and certificates | We process your Personal Data in order to consider and process requests for letters/certificates, e.g., liability certificate. | Consent |
| Digital Banking | We process your Personal Data in order to facilitate your use of our online banking services via website and mobile applications. | Consent |
| Account Administration | We process your Personal Data in order to administer your account in a number of ways. This will include, for example, providing you with account statements, notices, and other information such as changes to your profit rate, managing any arrears on your account, enforcing any security that we have in place, and dealing with any queries or complaints you may have including data privacy requests and complaints.
This type of Processing is necessary for the performance of our contract with you and to comply with our legal obligations. |
Consent |
| KYC Update | Personal Data processed: Saudi ID, passport copy, income proof, address proof, Visa copy, and Email ID.
Processing description: The KYC process is mandatory for identification and verification of your identity when opening an account, and also periodically over time. The objective of the KYC is to prevent the Bank from being used by criminal elements for money laundering activities. Your Personal Data may be shared with Authorities upon request. Processing form: Digital platform, email attachments, CIF update from branches, internet banking. |
Consent |
| Business Operations | We may process your Personal Data to manage and improve our business operations, for example, our internal governance functions, which may include monitoring communications and activities in relation to your account. Such Processing may be necessary for our business and compliance purposes, accounting and audit purposes and to comply with our legal obligations. | Consent |
| Marketing | We may process your Personal Data for marketing purposes to provide you with information about products and services that you may be interested in. This also includes for the purposes of conducting market research and related statistical analysis to understand our Customer base and the markets in which we operate, or may wish to operate.
We will obtain Express Consent before using and sharing your Personal Data for direct marketing or transferring the Personal Data to any third parties for direct marketing. You may place your request to stop receiving marketing messages at any time. In order to do so, follow guidance in section “Marketing From Us” of this Notice. |
Consent |
| Websites | The Personal Data that we process when you are browsing our Websites, such as your Internet Protocol (“IP”) address is processed so that we can create, manage, monitor, improve and maintain your experience on our Websites. | Consent |
| Retention | After your agreement has ended we will retain your Personal Data in accordance with our record retention procedures and to comply with our legal obligations and Applicable Law. | Consent |
6. How We Collect Your Personal Data
6.1 Directly From You
We may collect your Personal Data directly from you in a number of ways, including:
- when you apply for any product on our Websites, through a postal application, telephone or directly with one of our Employees;
- when you provide your Personal Data online or by any other method of communication, for example, on "Contact us" forms, or when you provide it on the merit of your relationship with ADCB, for example, if you inform us of a change in your circumstances; and
- when you visit our Websites, technical information, including the IP address used to connect to the internet, may be collected from you.
6.2 Indirectly From Other Parties
We may obtain your Personal Data indirectly from third parties in the following ways:
- following an introduction to us by another third party, such as an accountancy firm, law firm or management consultancy;
- if another person provides your information to us when they apply to obtain a product from us:
- on your behalf; or,
- that is to be held jointly with you; or,
- on behalf of any other organisation of which you are a director, shareholder, owner, trustee or beneficiary (as applicable); or
- where they have nominated you as a guarantor under our agreement with them, or to provide any other security, or informed us that you are a donor or lender of any deposit monies or occupier of any security property;
- when we carry out searches for the purposes of processing your application and/or during the course of your relationship with us; or,
- in response to our marketing activities, you request information about our products via a third party (e.g. websites and social media platforms).
Please be aware that if you are applying to us through a third party, then they should have provided you with their own privacy notice in order to inform you how they may process your Personal Data.
7. If you fail to provide personal data
In order to provide banking and other services to you, we may need to process your Personal Data in order to ensure we comply with our legal and regulatory requirements, for example we are obliged to verify the identity of our customers so we may need to process your national ID or passport information. If you fail or refuse to provide us with the requested Personal Data we need we may not be able to supply, or continue to supply, our services to you, and should this occur we will notify you. We will only ever process your Personal Data where we have a lawful right to do so.
8. How We Secure Your Personal Data
The security and protection of your Personal Data is important to us. We have designed and implemented appropriate and reasonable technical and organizational measures to prevent your Personal Data from being unlawfully used, accessed, disclosed, modified or destroyed in line with industry best practices. Our security measures address several dimensions of data security including:
- Asset Security: concepts and principles that ensure the protection of assets, including information assets such as your Personal Data from theft, misuse or destruction;
- Access Control: techniques that regulate the ability of various entities to interact with your Personal Data (user authentication), and the degree to which they may do so (user authorization);
- Cryptography: the use of mathematical algorithms to protect your Personal Data by rendering it unreadable using methods such as encryption and hashing;
- Network Security: concepts and principles that secure our telecommunication networks appropriately to ensure your Personal Data flowing through them is not disclosed to unauthorized entities;
- Application Security: concepts and principles that ensure our software applications that collect, store and otherwise process your Personal Data are securely developed and operated;
- Communications Security: principles that drive secure transmission of your Personal Data across entities;
- Physical Security: principles that support a secure physical environment for your Personal Data as it relates to printed hard copy records, for instance; and
- Organisational Security: concepts and principles that ensure security of your Personal Data through policies, segmented access control and employee training & awareness, for instance.
9. How we secure you from data breaches
Whilst we take measures to secure your Personal Data and have a robust incident response plan in place, risks to data security do exist, and there is always a possibility of u nauthorized use, disclosure, modification and/or destruction of your Personal Data. In the event of a data breach, our robust data incident management process will be triggered and our incident management response team will be assembled. The incident will be assessed to identify whether a data breach has in fact occurred. Upon confirmation of an actual data breach, there are stringent protocols that we follow to ensure the efficient management of data breaches and compliance with our legal requirements. Our internal protocols enable the immediate containment, investigation and remediation of data breach through the implementation of corrective and preventative measures and an assessment of any regulatory reporting and disclosure requirements. We will communicate with affected parties in compliance with our legal obligations, where the circumstances of a data breach may reasonably pose a risk to their financial and personal security and/or where it may pose reputational harm to affected parties. We will ensure all notifications provide clear and concise information to you and contain all relevant information as required by law.
If you wish to report a data breach or would like further information on how we respond to and handle data breaches, please contact us at [email protected].
10. Your Data Privacy Rights
If you want to exercise any of your Data Privacy Rights, please submit a request to Data Protection Office (“DPO”) in writing at [email protected]. Your Data Privacy Rights in relation to our Processing of your Personal Data may differ based on your relationship with us. Your Data Privacy Rights are outlined in the table below:
| Description of Your Relationship With Us | Your Data Privacy Rights |
|---|---|
|
Consumers |
Right of access: you are entitled to request access to the information that we process about you.
Right to rectification: under certain circumstances, you have the right to have inaccurate Personal Data about yourself rectified or completed if it is incomplete. Right to complain: you have the right to contact us with any inquiries or complaints in respect of your Personal Data Processing. Right to erasure (deletion): you have the right to ask to have your Personal Data erased. We may have the right to refuse a request for erasure in some circumstances, for example where the Personal Data is required for compliance with the law or in connection with legal claims. We will respond to such requests within 10 business days of receipt stating whether we are able to fulfil your request, and the reasons why if not. Right to Withdraw Consent: you have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Unless specified otherwise, the withdrawal will take effect within 30 complete days upon receiving your request. |
| All Other Data Subjects (e.g. Website Visitors, Contractors) | Right of access: you are entitled to request access to the information that we process about you.
Right to request Personal Data portability: if you have provided information to us directly, the right to data portability allows you to obtain and easily reuse (move, copy or transfer) your Personal Data for your own purposes from one IT environment to another, securely and without affecting its usability. Right to rectification: under certain circumstances, you have the right to have inaccurate Personal Data about yourself rectified or completed if it is incomplete. Right to erasure (deletion): you have the right to ask to have your Personal Data erased. We may have the right to refuse a request for erasure in some circumstances, for example where the Personal Data is required for compliance with the law or in connection with legal claims. We will respond to such requests within 10 business days of receipt stating whether we are able to fulfil your request, and the reasons why if not. Right to restrict Processing: under certain circumstances, you are entitled to ask us to restrict the processing of your Personal Data. Right to stop Processing: under certain circumstances, you have the right to stop the processing of your Personal Data. For example, if your Personal Data is being used for direct marketing, statistical surveys and/or in contravention with the Applicable Law. Rights in relation to automated decision making and Profiling: you have the right not to be subject to a decision based solely on Automated Processing, including Profiling, which could produce legal effects, i.e. something which adversely affects your legal rights. You have the right to obtain an explanation of a decision made by automated means and to challenge it. |
Modalities to exercise your Data Privacy Rights: If you want to exercise any of your Data Subject Rights, please contact our DPO in writing at [email protected]. Please note, we may request an identity document from you in order to verify your identity.
Services at no charge: We will not charge you a fee for facilitating the exercise of your rights. In case of a repetitive or excessive request from you, we will either charge you a reasonable fee taking into account the administrative costs, or we may decide to not act on your request.
Notification to third parties if applicable: If you exercise your right to erasure, rectification or restriction of Processing, we will communicate this with applicable Processors or joint Controllers to ensure your wishes are communicated to all persons processing your Personal Data as applicable.
Notification of inaction if applicable: If we are unable to take action in response to your requests to exercise your rights, we will inform you along with the reasons for our inability to take action. We will also, in such cases, remind you of your right to lodge a complaint with the relevant Data Protection Regulator and seek a judicial remedy.
11. Cross-Border Personal Data Transfers
Throughout the course of your relationship with ADCB, we may need to share your Personal Data with its Processors, namely third parties or suppliers who process your Personal Data on behalf of ADCB. Under certain circumstances, as permitted by Applicable Law, this will involve us transferring your data outside the KSA.
If we need to transfer your Personal Data outside the KSA, we will (1) obtain your Consent for such Personal Data transfers; (2) comply with all relevant regulatory requirements and (3) provide you with any additional information (as and when required) for you to be able to make an informed decision.
In addition, we will ensure adequate level of protections are in place to protect your Personal Data as required under Applicable Law. Where we are permitted to transfer your Personal Data outside the KSA, one or more of the following transfer safeguard mechanisms will apply:
- The country to which the data is being transferred has local legislation that includes the main provisions, measures, controls, conditions and rules for protecting the confidentiality and privacy of the Personal Data, including the Data Subject’s individual rights;
- The country to which the data is being transferred has bilateral or multilateral agreements with the KSA in relation to data protection;
- A contract or agreement which applies the provisions, measures, controls and requirements of the KSA Data Protection Law will be signed between us and the Data Recipient (entity outside the KSA).
12. Data Retention
We will only retain your Personal Data in a form that permits your identification for a minimum period of 5 years from the termination of our business relationship (such as closure of your account) or a completion of transaction (in instances where we do not have a business relationship with you) but not longer than necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the expiry of the stipulated retention periods, your Personal Data will be destroyed irreversibly (where possible) in order to comply with legal retention obligations or in accordance with applicable statutory limitation periods. Where it is impossible or impractical to delete your Personal Data, we will de-identify (which will limit reconstruction) your Personal Data in accordance with appropriate safeguards to guard against the record being used for any other purpose. Under certain circumstances, we may be required to retain your Personal Data beyond the defined retention period as stated in the initial purposes of processing for legal, regulatory, or legitimate business purposes. In such cases, we apply appropriate security measures to ensure the confidentiality and integrity of archived data. As and when we no longer retain your Personal Data, in accordance with this Notice, we shall ensure it its secure destruction or de-identification in accordance with our internal data destruction procedure.
13. Marketing From Us
You will only receive direct marketing communication from us where we have obtained your Express Consent. You may withdraw your Express Consent to receive marketing communication at any time by following the opt-out links on any marketing message sent to you or by contacting the ADCB Customer Care Team on the following number: within KSA +966 11 5131320 at any time.
14. Disclosure of Your Personal Data
We may share your Personal Data with the parties set out below for the purposes set out in this Notice:
- Processors and Recipients, as further described in the section “Terms and Definitions” below;
- other companies within the Bank’s group so that they can provide you with relevant products and services;
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Notice;
- Our third party suppliers and vendors who support us in providing the products and services we offer to our customers, and enable our organizational operations. When we disclose your Personal Data to our third party suppliers, we take the necessary steps to ensure that these third parties have adequate safeguards in place to protect your Personal Data in the provision of their services to us. Please be aware that should you elect to withhold your consent for such sharing purposes (as provided in our Consumer Banking Terms and Conditions), we may be unable to provide you with the product or service you have requested from us and may discontinue the provision of such product or service; and
- We may share your personal data with our regulators such as the Central Bank. and with government and other entities as we may be required to by law in accordance with our internal processes upon assessment of the legitimacy of such requests.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow third parties who Process data on our behalf to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. For more information on the third parties to whom we may disclosure your information, please refer to our Consumer Banking Terms and Conditions which is available on our website.
15. Changes to this notice
The latest version of our privacy notice is available on our website. We will amend our privacy notice from time to time or as required. Please ensure that you visit our website to view any changes to our notice.
16. Terms and Definitions
| Term | Definition |
|---|---|
| ADCB | Means Abu Dhabi Commercial Bank PJSC and any of its branches, successors and assignees. |
| Authority(ies) | Means legal, supervisory, regulatory, governmental and quasi-governmental bodies such as the KSA Central Bank, The Saudi Data & AI Authority (SDAIA), fraud prevention agencies, tax authorities etc. |
| Automated Processing | Means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human. |
| Applicable Law(s) | Means all Applicable Law(s) relating to the Processing of Personal Data and privacy, in each case which are in force at the date on which this policy is updated in the KSA including the KSA Data Protection Law and Personal Data Protection Law as well as the KSA Central Bank Consumer Protection Regulation and accompanying Consumer Protection Standards as amended. |
| Central Bank of the Kingdom of Saudi Arabia or KSA Central Bank | Means the Central Bank of the Kingdom of Saudi Arabia “SAMA”. |
| Consent | Means the Consent by which the Data Subject authorises ADCB or third parties to process his Personal Data, provided that such Consent is clear, specific and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of his Personal Data. |
| Financial Consumer Protection Principles and Rules (FCPP) | Means Banking Consumer Protection Principles of the Central Bank of the Kingdom of Saudi Arabia, Circular No. (351000109203) dated 21/08/1435H. |
| Consumer(s) | Means a Customer for the purpose of KSA Central Bank Consumer Protection Regulation. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain services and/or products from ADCB, with or without charge, to satisfy their personal need or others’ needs. |
| Controller(s) | Means, as per the FCPP, a natural or legal person, public authority, agency, or other body that has the authority over the Processing of Personal Data. This entity is the focus of most obligations under privacy and Applicable Law. It controls the use of Personal Data by determining the purposes for its use and the manner in which the data will be processed specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity.
Means, as per the KSA Data Protection Law, the establishment or the natural person who is in the possession of the Personal Data and who, by virtue of its activity, alone or jointly with other persons or establishments determines the means, methods, criteria and purposes of the Processing of such Personal Data. |
| Customer(s) | Means anyone who uses, participates in, purchases or subscribes to any ADCB Offering. |
| Data Breach(es) | Means, as per the FCPP, any unauthorised or accidental loss, misuse, modification, access, disclosure or destruction of Personal Data.
Means, as per the KSA Data Protection Law a breach of information security and Personal Data through unauthorised or unlawful access thereto, including replication, transmission, distribution, exchange, transfer, communication or Processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed. |
| Data Protection | Means the protection of Personal Data. |
| Data Protection Officer or DPO | Means any natural or legal person appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof. |
| Data Protection Regulator | Means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law, for example the KSA Central Bank, as per the FCPP and SDAIA, as per the KSA Data Protection Law. |
| Data Subject(s) | Means, as per the FCPP, any individual, who can be identified (either directly or indirectly) through one or more elements of Personal Data that are collected, used, shared, or otherwise processed as part of ADCB’s operations.
Means, as per the KSA Data Protection Law, the natural person to whom Personal Data relates or his representative or legal guardian. |
| Data Subject Right(s) | Means the set of rights afforded to individuals located in KSA, as per Applicable Law, who request information about the Personal Data collected or stored by ADCB and to exert choice or control over how that data is used by ADCB in accordance with Applicable Law. |
| Employee(s) | Means full time staff of ADCB. |
| Express Consent | Means an indication that the Data Subject has given an active, clear and unambiguous agreement for their Personal Data to be used in a specific way, including, for example by signing a document, sending an email. |
| Know Your Customer or KYC | Means mandatory requirements to ensure updated information about ADCB’s Customers, to perform identity verification and prevention of illegal transactions through the business relationship with ADCB such as money-laundering, identity theft. |
| Personal Data | Means any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his name, voice, image, identification number, contact numbers, license numbers, bank accounts, online identifier, geographical location, or one or more physical, physiological, economic, cultural or social characteristics. Personal Data includes Sensitive Personal Data and Biometric Data. |
| Processing | Means any operation or set of operations performed upon Personal Data using any electronic means including the Processing or other means, including collection, storage, recording, organisation, adaptation or alteration, communication, modification, retrieval, exchange, sharing, use, description, disclosure by broadcasting, transmission, dissemination, or otherwise making available, formatting, merging, restriction, blocking, erasure, destruction or creation of a model of Personal Data. |
| Processor(s) | Means an establishment or a natural person who processes Personal Data for the benefit or on behalf of the Controller and under his supervision and instructions, in line with personal data protection law. |
| Recipient(s) | Means the entity to whom Personal Data is transferred.
Target sectors to which Personal Data is transferred include, but is not limited to:
|
| Sensitive Personal Data | Means any data that directly or indirectly reveals a natural person’s family, ethnic origin, political or philosophical views, religious beliefs, criminal record, Biometric Data, location data or any data related to such person’s health and consisting of his physical, psychological, mental, cognitive, genetic or sexual status, including any information related to the provision of healthcare services to him which reveal his health condition, and data that indicate that one, or both, of an individual’s parents are unknown. As per the personal data protection law. |
| KSA | Means the Kingdom of Saudi Arabia. |
| KSA Personal Data Protection Law | Means Royal decree No. (M/19) Regarding the Protection of Personal Data amended by Royal decree (M/148). |