PRIVACY POLICY
PRIVACY POLICY
Gulf International Bank B.S.C. (“GIB”, “we”, “our” or “us”) is committed to protecting and respecting your privacy. This privacy notice (“Privacy Notice”): (i) sets out the basis on which any Personal Data (as defined below) we collect from you, or that you provide to us, will be processed, collected, stored and shared by us; and (ii) should be read together with all of GIB’s relevant agreements and terms and conditions. Please read the following carefully to understand our practices regarding your Personal Data (as defined below) and how we will treat it.
The data controller is Gulf International Bank B.S.C., a Bahraini Shareholding Company registered in the Kingdom of Bahrain with Commercial Registration number 4660, licensed by the Central Bank of Bahrain to operate as a bank in the Kingdom of Bahrain, whose principal address is at Al-Dowali Building, 3 Palace Avenue, P.O. Box 1017, Manama, Kingdom of Bahrain.
Safeguarding your Personal Data is our main concern. We maintain physical, electronic and procedural safeguards that comply with applicable laws and regulations to secure your information from unauthorised access and use, accidental or unlawful alteration and destruction, and other unlawful or unauthorised forms of processing. We engage in the continuous training of our employees in the proper management of Personal Data.
At GIB, we take data privacy very seriously and provide our customers with all necessary data security to protect such Personal Data from unauthorised access. We require any third parties who carry out work on our behalf to comply with appropriate compliance standards to protect your information. This Privacy Notice further explains the measures we have in place to protect the security of your Personal Data and to minimise the risk of its unauthorised use, disclosure, or destruction.
DEFINITIONS
PERSONAL DATA:
Any data – of whatever source or form – that would lead to the identification of an individual specifically or make it possible to identify them directly or indirectly, including name, personal identification number, addresses, contact numbers, licence numbers, records, personal property, bank account and credit card numbers, fixed or moving images of the individual, and other data of personal nature.
SENSITIVE DATA (categories of special nature):
Any Personal Data that includes a reference to an individual's ethnic or tribal origin, or religious, intellectual, or political belief, or indicates their membership in non-governmental associations or institutions, as well as criminal and security data, biometric data, genetic data, credit data, health data, location data, and data that indicates that both parents of an individual or one of them is unknown.
THE INFORMATION WE COLLECT
We will only collect your information in line with applicable laws and regulations , and we limit the collection and use of Personal Data to the extent necessary to deliver our products and services to our customers, as well as to administer our business operations.
In addition, the type of data collected may vary depending on your capacity – whether you are acting in a personal capacity, on behalf of another individual, or as a representative of an entity.
What Kind of Personal Data Do We Collect?
The Personal Data we may collect from you includes the following categories of information:
1. Identifying Information:
• Full name
• National ID or residency number
• Date of birth
• Gender
• Nationality
• Assessment of whether you are a Politically Exposed Person (“PEP”)
• Employer name/occupation
• Education level
• Disability status and type (if applicable)
2. Contact Information:
• Mobile phone number
• Email address
• Mailing address
• National address
3. Basic Financial Information (where applicable):
• Bank account number
• Your credit history, as reported by credit bureaus
• Credit or current card number (if voluntarily submitted through specific forms)
• Details of paid compensation
4. Technical Usage Data:
• Internet Protocol (IP) address
• Device type and operating system
• Browser type
• Browsing activity on the Bank’s website
• Cookies and similar tracking technologies
5. Digital Banking Information:
• Access to online banking or mobile applications
• User preferences and interaction data on our digital platforms
6. Documentation:
• Copy of ID, Family Card, or passport (for validation purposes if you are a representative of the customer, or for employment purposes)
• Power of Attorney
• Death certificates
• Medical reports (for risk assessment purposes if you are a customer, for medical insurance purposes if you are a staff member, or to confirm your fitness to work with us upon onboarding)
• Court rulings issued by the competent authorities
• Commercial papers governed by the relevant laws and regulations
• Proof of income letter
• Proof of residency letter
• Salary certificate
• Salary assignment letter
• Bank statement letter
• Tax exemption certificate
• Title deeds
• Permit letter for construction
• Real estate site map
• Personal guarantee letters
7. Additional Information if You Apply for a Job with Us
In addition to the above, if you are applying for a job opportunity with us, we may collect the following information:
• Name, date of birth, address, email address, contact number, CV, passport and/or visa and residence permit, education and qualifications
8. Information You Voluntarily Provide (non-compulsory):
• Any Personal Data contained in responses submitted through online forms (e.g., Contact Us, complaints)
• Uploaded attachments (such as IDs or supporting documents)
• Your consent to receive marketing material via your contact information
HOW WE COLLECT INFORMATION
We collect your Personal Data both directly (through online forms, drop-down lists, option lists, banking forms, etc.) and indirectly (through cookies, automated data collection, website analytics, etc.) in connection with the products or services that we currently provide or may have provided in the past. Specifically, we collect your Personal Data when:
• You provide us with information directly;
• You open an account or perform transactions, such as making deposits or withdrawals from your account, and in relation to your payment history and transaction records;
• You apply for a job opportunity at GIB;
• You act as a third-party representative with us;
• You apply for a loan or use your credit or debit card;
• You seek advice about your investments;
• You seek information from our customer service providers, including providing information related to complaints and disputes;
• Your credit history from credit bureaus is accessed for credit reference checks or other financial due diligence;
• You provide account information, such as personal details (e.g., name, gender, date and place of birth), contact information (e.g., address, email address, mobile number), and employment information;
• You provide identity information (e.g., photo ID, passport details, national ID card, and nationality);
• You use your login credentials for online banking or mobile banking apps. We also collect information about your computer or mobile device, including your IP address, operating system and browser type. This information is used for system administration and our own commercial purposes.
• We conduct necessary investigations, including due diligence checks, anti-money laundering, counter-fraud, and counter-terrorism checks, and obtain information to support our regulatory obligations (e.g., transaction details and detection of any suspicious or unusual activities);
• We may record conversations you have with us – including phone calls, face-to-face meetings, letters, emails, and other forms of contact – for the purposes of verifying your instructions to us and improving our product and service delivery.
• We may collect information about your computer or mobile device, including (where available) your IP address, operating system, and browser type. This information is used for system administration purposes.
• For security and safety reasons, we may use CCTV cameras and surveillance systems on our premises. Recorded footage may be used to monitor and investigate security incidents, prevent fraud, and ensure the safety of our customers, employees, and assets.
HOW WE USE YOUR INFORMATION
• We will only use your information when you have provided your consent or when we are required by law to do so.
• We use the information we collect to provide customers with excellent products and services, to manage our business, and to offer an enriched and enhanced customer experience.
• We make appropriate use of your data to manage transactions, respond to your requests, and provide you with more relevant products and services.
• We use your information to deliver our products and services, carry out your instructions, and provide Online Banking, mobile banking and other online products and services.
• We use this information to detect and prevent financial crimes including fraud, financing for terrorism, and money laundering. This is to ensure security and business continuity.
• We will use your information to meet our compliance obligations, comply with laws and regulations, and share with regulators when absolutely necessary.
• Where we have your consent, we may use Personal Data we have about you, such as your email address, mobile number, and mailing address, to deliver advertising to you directly or on our websites, and provide updates on special deals and offers that might interest you.
• We may send you general announcements or important news about your account.
• We may need to record conversations you have with us, including phone calls, face-to-face meetings, letters, emails, and any other kinds of communication. These recordings may be used to check your instructions to us and improve our product and service delivery.
• We may collect information about your computer (or mobile device), including, where available, your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
WHO WE SHARE YOUR INFORMATION WITH
At GIB, in our efforts to provide you with high-quality products and services, we may need to outsource certain parts of our service delivery. This will always be done in accordance with applicable laws and regulations. We may share your Personal Data with internal parties (e.g., GIB affiliates) and external parties (e.g., regulatory authorities, service providers, and third parties, etc.) to the extent necessary to fulfil the purposes described in this Privacy Notice.
We may also share your information where we have a legal or public duty to do so, when we need to complete regulatory reporting, or when we have requested and received your consent to share it. In certain cases, where permitted by law, this may involve transferring your Personal Data outside the country. Any such transfer will be carried out in compliance with applicable data protection laws. Where we transfer your Personal Data outside the region, we will ensure that appropriate safeguards are in place to maintain the same level of data protection required under the law.
Under the existing relationship between you and us, we may disclose or share your Personal Data with trusted third parties, on an occasional basis (one-time) or on a periodic and recurring basis, depending on the nature of the service provided or relevant legal and regulatory requirements. This includes, but is not limited to, implementing regular operations such as billing cycles, completing transactions, submitting applications for new banking products or services, conducting periodic reviews for KYC and AML/CTF compliance, and handling complaints, disputes, or enquiries.
For security and safety reasons, we may use CCTV cameras and surveillance systems on our premises. Recorded footage may be used to monitor and investigate security incidents, prevent fraud, and ensure the safety of our customers, employees, and assets.
If you have a joint account with one or more other individuals, please note that we may disclose account information and transaction details to all joint account holders. Each joint account holder is responsible for ensuring they have the necessary authority and consent to provide and access Personal Data related to the joint account.
LEGAL BASIS WE USE
We will collect and use your Personal Data in accordance with the applicable Personal Data Protection Laws and their applicable regulations (collectively referred to as the PDPL), and any other rules or regulations issued thereunder from time to time, or by competent authorities.
Depending on the reason for processing your Personal Data, the legal basis for processing your Personal Data will be one of the following:
• The conclusion and implementation of an agreement: To take the necessary steps to enter into or implement a contract or agreement with you regarding the services or products you request, or to fulfil our obligations under such contract or agreement.
• Compliance with legal and regulatory requirements: To comply with any legal obligations or requirements imposed by competent regulatory authorities, including conducting necessary checks to ensure compliance with legal and regulatory requirements and disclosing information to competent regulatory and supervisory authorities.
• Consent: In specific cases where your consent has been obtained (when required by law), or where the consent of the data owner is required by law, including the requirement to obtain explicit consent for specific types of data under the PDPL.
• Actual interest: In some cases, where it is necessary to perform an action that would achieve an actual interest of the data owner (whether material or moral) and contacting the data owner is impossible or difficult.
• Legitimate interest: If data processing is necessary to achieve the legitimate interest of the Bank without prejudice to any of your rights or interests, and to the extent that the Personal Data is necessary for the purpose for which the data is being processed. This does not include Sensitive Data. Examples of legitimate interest include (but are not limited to) the following, provided they do not conflict with any of your rights under the PDPL:
1- Improving our products, services, and your experience across our channels; promoting new financial and investment products and services that may be of interest to you; and understanding your needs as a customer and your eligibility for products and services.
2- Receiving and processing complaints, requests, or reports submitted by you or third parties.
3- Taking the necessary steps to improve our products, services, and use of technology, and conducting market research.
4- Cooperating in carrying out any request or enquiry submitted by actual or potential public authorities or judicial bodies and providing evidence and support in relation to litigation proceedings.
5- Enabling us to provide you with products and services.
6- Protecting you from fraud by conducting identity and credit checks and conflict of interest procedures.
In order to protect the security of our information and network, we may process your Personal Data to monitor and identify security risks, prevent unauthorised access to our systems, and ensure the integrity and confidentiality of your information and our services. Implementing precautionary measures includes encryption, firewalls, and intrusion detection systems (IDS), as well as conducting security audits to identify and mitigate vulnerabilities.
A cookie is a small file that is placed on your computer’s hard drive or electronic device. Its functions include storing your login and session statuses, recording your user preferences, and analysing web traffic.
Apart from the data that you elect to disclose and share with us, we cannot access your computer or any other information about you through cookies.[GA1]
Although most browsers automatically accept cookies, you can amend your browser settings to disable cookies. This may, however, prevent you from fully experiencing the website as it was intended.
APPLICABILITY
This Privacy Notice is applicable to Personal Data and Sensitive Data, or information collected by us or our affiliates, directly from the customer or through our online portals, mobile apps, and electronic communications, as well as any information collected by our servers from the customer’s browser.
SECURITY PRACTICES AND PROCEDURES
The security of Personal Data is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. We shall take reasonable steps and measures to protect the security of the customer’s Personal Data from misuse, loss, un-authorised access, modification, or disclosure. We maintain our security systems to ensure that the Personal Data of the customer is appropriately protected and follows standard encryption norms for the transmission of information. We ensure that our employees and affiliates respect the confidentiality of any Personal Data held by us.
RETENTION OF PERSONAL DATA
At GIB, we retain your Personal Data only for as long as mandated by regulators for the purposes set out in this Privacy Notice. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies, which is subject to the instructions provided by the competent authority and/or other applicable rules and regulations.
1. Data Storage:
• Personal Data is stored in secure environments that utilise advanced technologies to prevent unauthorised access, modification, or loss.
• Data is stored in our data centres located within the Kingdom of Saudi Arabia, Kingdom of Bahrain, the UAE, the UK, and Oman, or with a cloud service provider (CSP), or at any approved locations that comply with applicable data protection regulations while ensuring data sovereignty is maintained.
• In cases where cross-border data transfers are necessary, they are carried out in accordance with legal requirements governing international data transfers, while ensuring that appropriate safeguards are in place to protect the data.[GA2]
2. Data Disposal:
• We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations.
• Once the purpose is fulfilled or the retention period expires, Personal Data is securely disposed of using approved technical methods that ensure it cannot be recovered or accessed again. Where information is subject to specific legal retention requirements, it will be archived accordingly. These methods include:
- Secure deletion from electronic systems (to the extent technically possible).
- Physical destruction of storage media such as hard drives or portable devices.
- Documented disposal processes to ensure transparency and accountability.
COLLECTION OF MINORS DATA
If you are under the age of 18, or if you reside elsewhere and have not yet reached the age of majority in your jurisdiction, we are not permitted to contract with you directly. Where required by local legislation, by agreeing to this Privacy Notice, your guardian acknowledges and consents to its terms on your behalf. If we seek your consent to process your Personal Data for a specific purpose under this Privacy Notice, such consent must be granted by your guardian on your behalf.
PRIVACY NOTICE CHANGES
The effective date of this notice is provided above. Any updates or changes to the notice will be posted on this website with the new revision date, which will be the effective date of the changes. Your continued use of this website constitutes your acceptance of any changes to this notice.
DATA SUBJECT RIGHTS QUERIES
You may have certain rights relating to your Personal Data depending on the country in which you access our Bahraini website. In some cases, depending on applicable legislation these rights may include: the right to be informed – this right allows you to receive information from us about what Personal Data we collect and what we do with it. The purpose of this notice is to fulfil this right.
YOUR RIGHTS - LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
Your data protection rights include the following:
• The right to be informed about the processing of your Personal Data;
• The right to have your Personal Data corrected if deemed inaccurate and to have incomplete Personal Data completed;
• The right to request access to your Personal Data;
• The right to object to the processing of your Personal Data;
• The right to restrict the processing of your Personal Data;
• The right to have your Personal Data erased (the right to be forgotten);
• The right to request access to your Personal Data and to obtain information about how we process it;
• The right to move, copy or transfer your Personal Data (data portability);
• The right not to be subject to a decision based solely on automated processing, including profiling;
• The right to withdraw your consent at any time (e.g. no longer be included in our marketing campaigns);
• Right to non-discrimination; and
• Right to complaint.
NOTE: These rights are neither absolute nor applicable in all circumstances. You are entitled to any other additional rights granted by applicable laws and regulations.
DISCLAIMER
This Privacy Notice is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it impose any obligations on us in respect of any other party or on behalf of any party. When you log in to third-party websites, you are not subject to or governed by this Privacy Notice. We are not responsible for the content of those websites, and we do not represent third parties. Therefore, we recommend you review the privacy and security policies of any third-party websites you access.
We also emphasise the importance of protecting your login credentials and notifying us immediately of any unauthorised access or use of your accounts with us.
CONTACT US
If you have any questions, concerns or complaints regarding our compliance with this Privacy Notice, or if you wish to exercise your rights, please contact us. We will attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible, and in any event, within the timescales provided by applicable data protection laws or regulations.
If you have any questions or comments regarding the processing of your Personal Data, our privacy practices or if you would like us to update information or preferences you provided to us, please contact the Data Privacy/Protection Team (Data Management Office) through the following email: email: 
| 
|