INFORMATION

This section was last updated on October 3, 2019.

This Privacy Notice (the “Notice”) governs how Citi collects, uses, and discloses personal information from and about users of Citi websites and apps that link to this Notice (collectively, the “Services”). We advise you to read the Notice in its entirety, including the jurisdiction-specific provisions in the appendix to this Notice, which will apply to users in certain jurisdictions.

Please note that if you are a Citi customer, additional privacy notices may apply to you as a customer of a particular Citi business, and this Notice does not replace or revise any other privacy notice that may be applicable to personal information collected or used by Citi through that customer relationship with Citi.

Personal Information Collected Through the Services

Citi collects and uses certain personal information in order to operate and provide you with access to the Services. This includes information that you provide to us and information that we collect automatically when you visit or interact with the Services.

Information That You Provide to Us

We collect personal information that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; the identity of your current employer and other biographical information; submissions to our Ethics Hotline; feedback on our websites or mobile apps; online preferences, such as Citi News alerts selections; and business information, such as your company name, your role, and industry.

Information That We Collect About Your Use of the Services

We collect information about your use of the Services and about the device you use to access the Services, including: the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider and type of mobile device.

We (and our service providers) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, please see “Your Choices” below.

Advertising and Analytics Services Provided by Others

We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

How Personal Information Is Used

We use the information we collect to provide, maintain, and improve the Services. We also use the information we collect to:

• Send you technical notices, updates, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
• Receive and respond to your submissions on the Services such as submissions on Citi News, Site Feedback, and the Ethics Hotline;
• Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfill the incentive offer);
• Communicate with you about products, services, and events offered by Citi and others, and provide news and information we think will be of interest to you (see “Your Choices” below for information about how to opt out of these communications at any time);
• Monitor and analyze trends, usage, and activities in connection with our Services;
• Develop new products and services and enhance current products and services;
• Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of Citi and others; and
• Carry out any other purpose described to you at the time the information was collected.

How Personal Information Is Shared

We may share your personal information as follows or as otherwise described in this Notice:

• To support certain Citi entities’ use of information in accordance with this Notice (a list of Citi entities who may access your personal information can be found at http://www.sec.gov/Archives/edgar/data/831001/000083100115000043/citi-exhibit2101x12312014.htm);
• With third parties that host, maintain, manage, or provide other services to us in relation to the Services;
• To cooperate with public and government authorities and law enforcement, to respond to a request, or to provide information we believe is important;
• For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against fraud, crime, illegal activity, anti-money laundering, or anti-terrorism, and for risk management purposes; and
• In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

We may also share aggregated or de-identified information that cannot reasonably be used to identify you.

Children

Our Services are not designed for children and do not knowingly collect personal data from children. If you have reason to believe that a child has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

The Services may contain links to other websites. Please note that Citi is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal information collected by the Services.

Security

We seek to use reasonable physical, electronic, and procedural measures to safeguard personal information within our organization against loss, theft, and unauthorized use, disclosure, or modification. Unfortunately, however, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee its security.

Your Choices

Marketing Emails and Citi News Alerts

If you no longer want to receive marketing-related emails from us or Citi News Alerts, you may opt out by following the instructions contained within each such email or through the communications center in your account profile. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails or Citi News Alerts, we may still send you administrative messages, from which you cannot opt out.

Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Changes to This Notice

From time to time, we may revise this Notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.

Contact Us

If you have any other questions concerning this Notice, you may submit them using our Contact Us form.

Appendix

Supplemental provisions regarding individuals in the EEA

If you are in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.

Legal Basis for Processing

If you are in the EEA, when we process your personal data we will only do so in the following situations:

• We need to use your personal data to perform our responsibilities under our contract with you (e.g., to facilitate your participation in voluntary polls and surveys).
• We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services.
• We find such processing is necessary to comply with our legal obligations.
• We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.

Data Subject Requests

You may have certain rights with respect to the personal information which Citi holds about you, including the right to access or correct (and sometimes, object to or delete) the information. If you would like to request to review, correct, update, suppress, restrict or delete personal information that you have provided to us, object to the processing of personal Information, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law) you may contact our GDPR Data Protection Officer by mail at Citigroup Centre, Canada Square, Canary Wharf, London, E14 5LB. We will respond to your request consistent with applicable law.

For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

Data Retention

We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services);
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Data Controller

Except as otherwise specified on any subsections within sites or apps that comprise the Services, such as the Careers, Alumni, or Citi Consumer Banking subsections, your personal information will be controlled by Citigroup Technology Inc. of 388 Greenwich Street, New York, NY 10013, USA and/or the Citi entity which operates the Services you are accessing (and/or if you are Citigroup personnel, the Citi entity which employs you or contracts with you). A list of certain Citi entities can be found at: http://www.sec.gov/Archives/edgar/data/831001/000083100115000043/citi-exhibit2101x12312014.htm. If you would like additional information regarding the applicable Citi entity or entities, please contact us.

Data Transfer

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers.

Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here).

Complaints

You may lodge a complaint with a data protection authority for your country or region where an alleged infringement of applicable data protection law has occurred. A list of data protection authorities is available here.

Supplemental provision applicable to users registering from the UAE

Your use of the Services signifies that you agree to waive your material privacy rights under the laws of the UAE. You also agree not to hold Citi liable for any publicity, any publication of news, or comments pertaining to the secrets of your or any other person's private or family lives on the Services. Your use of the Services signifies your consent to allowing Citi to disclose any information that you may consider a secret to anybody at any time. You agree not to hold Citi liable for any disclosure of such information that you may think to be a secret to anyone. Please do not use the Services if you disagree with any part of this Notice.

Supplemental provision applicable to users registering from Korea

Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank Korea Inc. nor other subsidiaries and affiliates in Korea (“Citi Korea”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Korea is solely responsible for the use of your personal information within Korea, when it is used by Citi Korea, under the applicable Korean laws including; Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and other relevant Korean laws. Your personal information and the Submitted material can be shared with Citi Korea but Citi Korea will not collect and use such personal information and material for any marketing purpose without your prior consent. When Citi Korea obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable Korean laws.

Supplemental provision applicable to users registering from the Kingdom of Bahrain

Your Data Protection Rights – Bahrain

If you normally reside in the Kingdom of Bahrain or have a workplace there, you have the following rights in relation to your personal information under the Law No. 30 of 2018 promulgating the Personal Data Protection Law (“PDPL”):

• The right to be notified of the processing
• The right to access your personal information on request. You can ask us to provide a copy of the personal information we hold about you
• The right to rectification, blocking or erasure. You have the right to ask us to have personal information we hold about you removed or any inaccurate personal information about you corrected
• The right to object to processing for direct marketing purposes.
• The right to object to processing that causes harm to you or others.
• The right to object to processing based on automated processing.

If applicable, you also have a right to make a complaint to the Personal Data Protection Authority in the Kingdom of Bahrain.

You can withdraw consent granted to Citi for the processing of your personal information at any time.

Please note that the withdrawal only applies going forwards, it does not have retrospective effect. Processing that was carried out before the withdrawal was notified is not affected by it.

Further Information on your Rights of Objection in Bahrain

Right to Object to Data Processing for Direct Marketing Purposes

Citi may process your personal information in order to conduct direct marketing. You have the right to object to the processing of your personal information for the purpose of this type of marketing at any time.

If you object to processing for the purpose of direct marketing, we will no longer process your personal information for this purpose.

Right to Object to Data Processing that Causes Harm or Distress

You have the right to object to the processing of your personal information for a specific purpose or in a specified manner, in either of the following two instances:

• if the processing for such purpose or in that manner causes substantial and unwarranted harm or distress to you or others; or
• if there are reasonable grounds to believe it is likely that the processing for such purpose or in that manner will cause substantial and unwarranted harm or distress to you or others.

The right to object does apply where you have agreed to the processing or where the processing is necessary for one of the grounds for lawful processing stipulated in the applicable law.

If you submit an objection, you will need to give reasons and evidence to support the objection.

If you object processing by us for a specific purpose or in a specified manner, we may not be able to provide Services and maintain a business relationship.

Right to Object to Decisions Made Based on Automated Processing

In instances where a decision is taken by Citi based only on automated processing of your personal information to evaluate you (e.g. in terms of your performance at work; your financial position; your qualification for borrowing; your behavior or your trustworthiness) you have the right to request that another evaluation method be adopted that does rely on automated processing.

Individual Right of Objection

On grounds relating to your particular situation, you shall have the right of objection to processing of your personal information at any time, in line with Article 4 paragraph 5 of the PDPL (data processing based on balancing interests).

If you submit an objection, we will no longer process your personal information unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defence of interests.

Please note, that in such cases we will not be able to provide Services and maintain a business relationship.

Data Transfer outside of Bahrain

Your personal information may be transferred outside of the Kingdom of Bahrain and stored and processed in another country where Citi has facilities or in which we engage service providers.

Some of these countries may not have laws that provide the same level of data protection as the laws of Kingdom of Bahrain and are not recognized by the Personal Data Protection Authority as providing an adequate level of protection.

We only transfer personal information to these countries as permitted under applicable laws (e.g. with your consent or when the transfer is necessary for the Services we provide you) or with the authorisation of the Personal Data Protection Authority when we have provided sufficient guarantees regarding the protection of privacy.

Data Controller - Bahrain

Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank, N.A., Bahrain Branch nor other subsidiaries and affiliates in Bahrain (“Citi Bahrain”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Bahrain is solely responsible for the use of your personal information within the Kingdom of Bahrain, when it is used by Citi Bahrain, under the applicable laws of the Kingdom including the PDPL. Your personal information and the Submitted material can be shared with Citi Bahrain and use such personal information and material for any marketing purpose without your prior consent. When Citi Bahrain obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable laws of the Kingdom of Bahrain

If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”) as of January 1, 2020. For more information about what this means to you, please click here.

To access your rights under CCPA, please call U.S. +1 833-971-1191 or click here CCPA non-US Request to print a form and mail to us.

Information about cookies

Cookies facilitate certain features that can make the surfing experience more convenient and valuable for Web users.

A "cookie" is a small piece of information which a web server can store on your web browser. This is useful for having your browser remember some specific information which the web server can later retrieve. As you browse the web, some cookies are "set" on your Web browser. When you quit your browser, some cookies are stored in your computer's memory in a cookie file, while some expire, or disappear. All cookies have expiration dates. The cookie is set on a particular browser on a particular computer, so when you use a different computer, the cookie will not exist.

Cookies are used, for example, when a browser stores your password to a particular site so that you do not have to input it every time you visit. Cookies are also used to store preferences you express for information that is then aggregated and presented to you. Instances where cookies are most commonly used include:

Ordering Online: Online ordering systems can use cookies that remember what a person wants to buy. Cookies enable users to keep browsing and adding to their "shopping cart". They can even end a browser session, come back, and still have the same items in their cart from the last session, if they choose to.

Registering Online: If you decide to register for an informational site, such as a newspaper, periodical or an interest group site, or even a chat group or on-line community, so that you can use it on a regular basis, you will likely be asked to supply some information about yourself. Often cookies are used so that you do not have to identify yourself every time you re-enter the site.

Site Personalization: Cookies allow users to indicate what types of information they are interested in receiving when they visit a particular site. Users can then view only what they are interested in and not waste time with news or information of no interest to them.

Web Site Tracking: Tracking allows site owners to find out what pages visitors link to, and interpret or infer what is interesting to them. This helps the owners of sites to keep their content fresh and relevant.

Targeted Marketing: Cookies can be used to build a profile of where on a particular site you visit. This information is then used to target advertising that might be of interest to you. Some sites use cookies to "remember" which advertisements were sent to you, so that you do not see the same ones again.

Security: Cookies cannot be used to obtain data from your hard drive, get your e-mail address or steal sensitive or personal information about you. The only way that any private information could be part of your cookie file would be if you personally gave that information to a Web server. Also, each cookie can only be read by the server that set it, so strange servers cannot view or steal the information in a cookie that you have previously accepted.

Note also that computer viruses are not passed through the setting or use of cookies.

If you, as a visitor, want to disallow cookies you can do so on your Web browser.

This notice sets out how we handle personal data as part of our business as Ahli United Bank B.S.C, and how we protect the privacy of the individuals whose data we process.

About Us

Ahli United Bank B.S.C. (AUB Bank) is part of the Ahli United Bank Group (Ahli United Bank Group) with its head office in the Kingdom of Bahrain operates in Bahrain, Egypt, Iraq, Kuwait, Libya, the United Arab Emirates, the Sultanate of Oman, and the United Kingdom. This privacy notice shall explain how shall Ahli United Bank, an entity operating in the Kingdom of Bahrain use the personal data collected from you when you use our services through any of our bank branches, offices, ATMs; our website, mobile applications, social media channels, or when you connect with us through other channels to start or manage your relationship with Ahli United Bank.

Ahli United Bank recognizes its privileged position in receiving your information for purpose of offering financial products, banking services, promoting offerings, and serving you as a customer or any other individual associated with Ahli United Bank. Ahli United Bank is committed to protecting the individual privacy of whose data we process in a way that shall consistent with the principles set out in the applicable data protection laws.

Ahli United Bank is the data controller of the personal information you have submitted to us. Which means we are responsible for deciding how we shall hold and use your personal data. For business efficiency and the provision of seamless services across geographies, we may authorize one of our entities or third- parties to processing the data on our behalf.

Definitions

• Ahli United Bank B.S.C. or the Ahli United Bank Group shall herein refer to as "Ahli United Bank", "Ahli United Bank Bahrain", "us", "Bank", "Company" or "Organization".
• Banking Services: shall mean the banking services offered by the Bank to the Customer(s), including bank account, all banking products, and/or ancillary services the Bank shall provide, procure or make available for the Customer(s).
• Customer: shall refer to Bank customer(s) opts-in to use the Banking Services in accepting the terms and conditions of the Bank, and duly completed and executed the Account Opening Application Forms and/or agreement with the Bank in order to avail Banking Services. A Customer(s) may be a body corporate, a partnership, a sole proprietorship, or any other form of incorporated or unincorporated organization(s) or an individual(s) authorized to manage an account or enter into any form of business with the Bank.
• Entities: shall refer to individual business units, branches, partners, subsidiaries, and affiliates of Ahli United Bank Group operate in the Kingdom of Bahrain with cross-border operations in Egypt, Iraq, Kuwait, Libya, the United Arab Emirates, Oman and the United Kingdom and any other country where Ahli United Bank’s banking service shall be provided to customers, including insurance services provided through Al Hilal Life, Bahrain.
• Personal Data: shall comprise all data that can be used to personally identify you or any information which can be, directly or indirectly, used to identify an individual, including but not limited to, name, email address, phone number, national ID/CPR, etc. in accordance with the applicable data protection laws.
• Sensitive Personal Data: shall refer to any information concerning the racial and ethnic origin, political or philosophical opinions, membership of a trade union, health or sexual orientation, criminal record, religious belief, etc.
• Data Processing: shall refer to any operation or activity performed on personal data electronically or non-electronically, whether or not by automated means, including but not limited to, collecting, recording, organizing, structuring, storing, sharing, reviewing, adapting, altering, modifying, transferring, archiving, destroying data. For example, submitting personal details using an account opening application form, a credit score inquiry authorization, job application process, etc.
• Third-Party: shall refer to an external party/ parties authorized by the Bank to provide Banking Services to the Customer to process the Customer’s Personal Data on the bank's behalf.

What data to be collected?

In order to serve you better, we shall collect relevant information in different intervals depending on the nature of the business, context, and purpose:

• Personal Details, such as name, gender, date of birth, photograph, social status, etc.
• Contact Details, such as an address, email address, phone number, social media handles,
• Proof of Identity, such as a Smart ID/CPR ID, passport, driving license, etc.
• Financial details, such as, bank account, beneficiary account , credit score, etc.
• Collateral details, such as asset details, bank statements, proof of income, previous employment records, etc.
• Sensitive details, such as religious belief, health information, medical history, insurance details, criminal records, fraud prevention verifications, etc.
• Market research, promotions and campaign details, such as information and opinions expressed as part of market research, social media handle names, etc.
• Device generated details, such as internet protocol address (IP) addresses, device identifiers, other unique identifiers collected using cookies and other technologies from the computers, mobile devices.

The information listed above that you have made available to us when you express your interest in avail services provided by us or when you intend to provide us with services. These details are collected and processed throughout your legal association with us. The details are protected in an appropriate manner beyond your association with us. These details shall be collected when you open an account g, inquire about a loan make financial transactions using our services, during employment interviews, employee onboarding, employment, vendor onboarding visit our website, internet portals, mobile applications or social media channels, etc.

Similar or select few details from the list above that you, your nominees, family members, or emergency contacts have made available to carry out regulatory requirements, to fulfil business interests, or to protect your interests. For example, naming a nominee or co-applicant for your bank account, credit services, emergency contacts, or family members information, etc.

How is your data collected?

Data is primarily collected in three ways: directly from you, from the devices you use to access the services, interact with us, and avail services, and data generated and enriched by third-parties. Representative scenarios are outlined below:

Data collected directly from you

• Data collection from paper forms when you open an account, deposit /withdraw money, inquire and apply for financial services, etc.
• Internet portals – When you make financial transactions, fill out job application forms, etc.
• Online application forms – When you register online or place an order for any of our products or services.
• Social Media Channels – When you engage with us as part of our campaigns, promotions, etc.
• Branch visits and inquiries, emails, contact centre, and message boards on social media - When you face-to-face communicate with us \ or via any of our electronic channels to manage your banking relationship with Ahli United Bank.
• When you complete voluntarily a customer survey or provide feedback on any of our internet forms, message boards, or email.

Data collected from the devices

• Computers and Mobile Devices, such as IP addresses, device and session identifiers in cookies and other technologies, etc.
• Use of Cookies – such as identifying individuals, personalizing online content, maintaining and managing preferences, website or application traffic, and performance monitoring using Google Analytics, etc.
• Use of ATMs and cash deposit machines, such as location, time of the transactions, CCTV footage, etc.

Data generated or enriched by third- parties

• CPR/National ID Reader Information, such as name, address, nationality, gender, photograph - using the government- provided services for identification and authentication purposes.
• Credit score and credit report to provide credit facilities using the services of credit bureaus.
• IP Address and device information, such as collecting and monitoring aggregated data to protect our assets and monitor the performance of our services.

How will your data be used?

Personal data collected from you will be used to carry out several activities that shall support our mission to delivering banking and financial related services. Collected data will be used and processed:

• To enter into or carry out an agreement we have with you. For example, customers/vendors service contract and employment contract, etc.
• To meet regulatory/ legal requirements. For example, Know Your Customer (KYC) processes, anti-money laundering checks, mandated credit reference bureau , etc.
• To carry out a specific task in the public interest. For example, detecting or preventing a crime.
• To pursue our legitimate interests. For example, upselling, cross-selling of our products and services, new product launches, overdue money reminder, and recovery, etc.
• To communicate with you about our products and services. Marketing services shall be based on your consent with provisions of communications, and promotions you shall opt-in to participate therein.

We shall use your information for other reasons listed below:

• To deliver our products and services;
• To carry out your instructions. For example, fulfilling a payment request, make changes in your profile;
• To carry out checks in relation to your creditworthiness;
• To manage our relationship with you, including (unless you inform us otherwise) displaying products and services tailored to your interests;
• To understand how you use your accounts and services;
• To support our banking operations;
• To ensure security and business continuity;
• To manage risks;
• To provide Online Banking, mobile apps, and other online platforms;
• To market our products and services using traditional and online advertising;
• To improve our products and services, by analysing how you use them;
• To analyse data for a better understanding of your choices and preferences, and to tailor our best advice and services to you;
• To protect our legal rights and comply with our legal obligations;
• To undertake system or product development and planning;
• For audit and administrative purposes;
• For availing or providing insurance services.

How will your data be stored?

Your data is securely and safely stored in storage facilities identified and managed either by us or by authorized third- parties operate within the countries we operate in, or third countries. When we authorize a third-party to store your data, we conduct due diligence, make a risk assessment, and ensure that such third-parties and overseas (cross-borders) storage facilities comply with our internal policies and applicable data protection laws.

We will hold and retain your data as long as the term of your contract with us is valid and as the same is required by the applicable laws and regulations. If this term ends, we shall retain the data to meet our legitimate interests.

How will your data be shared and transferred?

We may share your data with other entities of Ahli United Bank Group and concerned third- parties that operate within the country we operate in or to third countries. In all these cases, appropriate contractual measures shall be carried out before sharing or transferring the data in compliance with the applicable laws and regulations.

The purpose of sharing your data is to deliver a seamless banking experience across geographies, ensure business and operational efficiency, and ensure data availability as part of our business continuity strategies.

When your data is transferred to third countries, international organizations, we shall implement strict measures to protect your data. In some countries, where the laws mandate us or our third- parties to share the data with regulators or to apply different levels of security, we ensure that the data is shared on a need basis with an appropriate level of security. Your data is required to be shared overseas to fulfil the contractual obligations, legal obligations, and for our legitimate business interests.

How do we secure and maintain the confidentiality of your data?

We implement various measures to keep your information safeguarded and secured including encryption and other forms of security. We shall bind our staff and third- parties who carry out any work on our behalf to comply with appropriate compliance standards, including obligations to protect any information and to apply appropriate data protection measures for the use and transfer of information.

How will your data going to be used for marketing?

We shall send you information about our products and services that we think you may benefit from or may be of interest to you. . You may opt-in to receive marketing communications at this stage. You can exercise your right to discontinue marketing communications to you at any of time.

If you no longer wish to be contacted for marketing purposes, you may unsubscribe or opt-out from such campaigns by navigating to our email communications preferences centre or by writing to us at AUBBH.DataProtection@Ahliunited.com.

What are your data protection rights?

We would like to ensure you are fully aware of the rights over your personal data. Every individual whose personal data we process is entitled to the following rights. In addition, the right to be informed as aimed by this notice:

• The right to access - You have the right to request us for copies of your personal data which is in our records.
• The right to rectification - You have the right to request for correct any personal data or information that appears inaccurate. You also have the right to ask us to complete information that appears incomplete.
• The right to erasure — You have the right to request for the erasure of your personal data in our records, subject to certain conditions, to continue providing you with services considering legal, commercial, and regulatory requirements of undertaking such services.
• The right to restrict processing - You have the right to request for restrict processing of your personal data - subject to certain conditions of providing uninterrupted banking services, legal, commercial and regulatory requirements.
• The right to object to processing - You have the right to object to processing your personal data, specifically if it is based on automated processing or to opt-out of processing for direct marketing purposes - subject to certain conditions pertaining to our ability to continue providing you with services in the light of legal, commercial, and regulatory requirements.
• The right to data portability - You have the right to request for transfer of your data to another organization, or directly to you - subject to certain conditions and feasibility of data portability.
• Right to opt-out or withdraw consent- In the circumstances where you may have provided your consent to the collecting, processing and transferring of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at the email address provided below, or visit any of our bank branches. Once we have received your withdrawal of consent request, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
• You have the option to subscribe or opt-in to receive newsletters, and marketing content. If you have subscribed to any of these services, you can opt-out or unsubscribe to such communications by navigating to our email communications preferences centre or by writing to us at AUBBH.DataProtection@Ahliunited.com or by submitting your request at any of our branch offices.

Data accuracy and authenticity – Your responsibility

As the owner of your data, it’s your duty to ensure that the personal data and information you provide to us is accurate, up-to-date, and authentic.

You may exercise this duty and communicate your requirements with us directly at our email AUBBH.DataProtection@Ahliunited.com

Other Website Privacy notices

The website of Ahli United Bank contains links to portals of other entities and other third-party websites. This privacy notice applies only to the website, applications, portals, and channels of Ahli United Bank B.S.C. So, if you click on a link to another portal or website, you shall assume doing so at your own responsibility and you shall read other portal or website privacy notice.

Cookies Notice

What are cookies?

Cookies are text files placed on your computer to collect standard internet log-in information, visitor behaviour, and website traffic information. When you visit our website(s), we shall collect information from you automatically through cookies or similar technology.

For further information, visit www.allaboutcookies.org

How do we use cookies?

We use cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website

What types of cookies do we use?

On our website we shall use the following types of cookies:

• Strictly Necessary Cookies - These cookies are essential to browse the site and use its features, such as accessing secure areas of the site. Without these cookies, the services you have asked for cannot be provided.
• Functionality Cookies - These cookies allow a site to remember choices you make (such as your user's name, language, or the region you are in) and provide more enhanced personal features. These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you have been on the internet outside our site.
• Performance Cookies - These cookies collect information about your visit and use of this website, for instance, which pages you visit the most often, and error messages you notice on our web pages. All information these cookies collect shall be processed anonymously by us and is only used to improve website performance.
  • a. Google Analytics Cookies are used to tracking website traffic and performance. These cookies are used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session, and campaign data for the site's analytics reports. By default, Google Analytics cookies are set to expire after 2 years notwithstanding it is customizable by website owners.
  • b. Google ReCAPTCHA Cookies are used to protect websites from spam and abuse.

How to manage cookies?

You can set your browser to reject cookies, and the website www.allaboutcookies.org shall tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Changes to our privacy and cookies notice

Ahli United Bank shall review this notice on a periodical basis and updates shall be published herein accordingly. You shall be notified of the latest updated version when they are available here.

How to contact us?

Should you have any questions about this privacy notice, the data we hold on you, or you would like to exercise one of your data protection rights, you please contact us at: AUBBH.DataProtection@Ahliunited.com.

Address:

Ahli United Bank B.S.C,
Building 2495, Road 2832,
Al Seef District 428,
P.O. Box 2424,
Manama,
Kingdom of Bahrain

Last Updated Date: 26th Apr 2021