Contact Us

Privacy Notice & Cookie Policy

Privacy Notice

Overview

This Privacy Notice explains how British Arab Commercial Bank plc (referred to in this policy as BACB, we or us) collects and uses personal information about you.

We take our data protection obligations seriously and it is important to us that you understand how we use your personal data. This Privacy Notice sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else that we think it is important for you to know.

This Privacy Notice covers, among other things, the following:

The table at the end of this policy provides an overview of the data that we collect, the purposes for which we use that data, the lawful basis which permits us to use your personal data and the rights that you have in relation to your personal data.

From time to time we may change the way we use your personal data. Where we believe you may not reasonably expect such a change we will contact you by email to notify you of the change.

Contact details

BACB's contact details are as follows:

Address: BACB, 8-10 Mansion House Place, London EC4N 8BJ, UK
Telephone: +44 20 7648 7777

Email: enquiries@bacb.co.uk

We have appointed a Data Protection Officer whom you can contact using the following details:

DPO@bacb.co.uk

What is personal data?

Personal data is any information that tells us something about you and from which you can be identified. This could include information such as name, contact details or date of birth. It may also include information about your financial affairs and transactions.

Whose personal data do we collect?

We collect information about our customers and individuals to whom we offer or provide our products and services and about individuals who are connected to our corporate customers, such as employees, directors, shareholders and payees, and contacts at our business suppliers (each referred to as you). This notice explains how we use this information in order to conduct our business.

How do we collect personal data?

We may collect personal data about you from various sources including:

  • from you when you contact us directly during our business relationship with you
  • from a corporate customer with which you are connected when they contact us about their business relationship with us
  • from joint account holders
  • from credit reference agencies who may search the Electoral Register
  • from fraud prevention agencies
  • from introducers
  • from trading platforms or businesses if you are connected to one of our corporate customers
  • from your employer if you are one of our business supplier contacts
  • CCTV within and around our offices

What information do we collect?

We may collect the following categories of information about you:

  • Personal contact details such as name, title, address, telephone number and email addresses
  • Gender
  • Date and place of birth
  • Nationality
  • Tax residence status
  • Details of public positions currently or previously held
  • Source of funds and bank account information
  • Bankruptcy information
  • Identity documents such as a copy of your passport or identity card and utility bills
  • Marital status
  • Details of your financial transactions (including account balances)
  • Images captured by CCTV

How do we use your information?

We use your information for the purposes set out below.

If you are an individual retail or other individual customer:

  • When considering your account application or other application for our products and services, we will make searches about you, including at credit reference agencies and other agencies and databases, to help us verify your identity and to prevent and detect crime and money laundering. This is to ensure that we are taking instructions from the correct person and enables us to comply with our anti-money laundering requirements and the FCA rules. This is not a credit check and will leave a different footprint on your electronic record from that left by a credit check
  • We will use your personal data to process and store your account application or other application for our products and services, understand your requirements, manage your accounts and deposits, give you statements, provide our services and products, and to prevent and detect fraud, money laundering and other crimes. We will also use your personal data to comply with our anti-money laundering requirements and to comply with our obligations to, and the requests of, any governmental, banking, taxation or other regulatory authority or similar body
  • We may use your personal data to inform you by post, telephone, SMS or email about other similar products and services which may be of interest to you if you have opted in to receive such communications or if we are otherwise entitled to. If you no longer want us to contact you about such products and services, you may opt out by contacting DPO@bacb.co.uk
  • We will also use your personal data for business management and planning purposes, including accounting, auditing and compliance with statutory record keeping requirements and to deal with legal disputes

If you are connected to one of our corporate customers:

  • When considering an account application or other application for our products and services for a corporate customer, we will make searches about directors and shareholders, including at credit reference agencies and other agencies and databases, to help us verify your identity and to prevent and detect crime and money laundering. This enables us to comply with our anti-money laundering requirements and the FCA rules. This is not a credit check and will leave a different footprint on your electronic record from that left by a credit check
  • We will use your information to help us administer our relationship with the corporate customer, for example by processing payment instructions for the corporate customer
  • We will also use your personal data to comply with our anti-money laundering requirements and to comply with our obligations to, and the requests of, any governmental, banking, taxation or other regulatory authority or similar body
  • We may use your personal data to inform you by post, telephone, SMS or email about other similar products and services which may be of interest to you if you have opted in to receive such communications or if we are otherwise entitled to. If you no longer want us to contact you about such products and services, you may opt out by contacting DPO@bacb.co.uk

If you are a contact at one of our business suppliers:

  • We will use your information to help us administer our relationship with the business supplier

If you are visiting one of our offices:

The information we collect and process will be used in order to improve the security of our offices and ensure the safety of our staff, and to record and evidence the dates and times individuals enter and leave our premises. We may also use this information as part of our control and assessment of our business operations and to enforce and uphold our working practices, standards, policies and procedures, or to prevent or investigate fraud or some other crime.

What is the lawful basis that permits us to use your information?

Under data protection legislation we are only permitted to use your personal data if we have a lawful basis for doing so as set out in the data protection legislation. We rely on the following lawful bases to use your information for business-related purposes:

  • Contractual requirement - Where it is necessary to enter into or perform our contract with you or a corporate customer or a business supplier with which you are connected, for example, we need information identifying you in order to open and administer an account
  • Legal obligation - Where we need to comply with a legal obligation, for example where we are obliged to verify your identity to comply with anti-money laundering regulations
  • Legitimate interest - Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, for example, when we carry out checks for fraud, money laundering and crime prevention purposes, to maintain CCTV and security arrangements at the bank’s offices, or when we contact you for marketing purposes

In more limited circumstances we may also rely on the following lawful bases:

  • Vital interest - We may process or share information about you with other parties where necessary to protect your or another person’s life.
  • Substantial Public Interest - Where it is needed in the public interest or for official purposes, such as where the processing of data is to meet regulatory requirements relating to unlawful acts and dishonesty or preventing fraud.

The table at the end of this Privacy Policy provides more detail about the information that we use, the lawful basis that we rely on in each case and your rights.

Some information is classified as “special category” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:

  • In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent
  • If you voluntarily provide us with information that constitutes special data, for example, if you inform us about health issues to help us manage our relationship with you
  • We will use information about your political opinions and those of your immediate family and close associates if they are relevant to establishing your status as a “Politically Exposed Person” for the purposes of anti-bribery laws

What happens if you do not provide information that we request?

We need some information so that we can comply with our legal obligations. For example, we need information from you so that we can comply with our regulatory requirements to verify your identity before we can offer our services to a new customer. We also need some information to perform our contract with you, for example, we need your contact and financial details to administer your account.

Where information is needed for these purposes and you do not provide it, we will not be able to provide services to you. We will explain when this is the case at the point where we collect information from you.

How do we share your information?

We share your personal data in the following ways:

  • use of external consultants and professional advisors
  • licensed credit reference and/or fraud prevention agencies to help make decisions during an application for our products and services and on an ongoing basis. This information will be used to decide whether to continue to make products and services available to you. Our enquiries or searches (and the results of each of them) may be recorded and such agencies may supply us with financial information about you
  • contractors who provide a service to us or are acting as our agents, on the understanding that they will keep the personal data and other confidential information about you confidential and secure. This will include our online platform provider and may include suppliers who provide us with IT systems and support services, auditors and companies that assist us with regulatory reporting
  • other third parties where we are required or requested by any governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange, or pursuant to any applicable law, regulation or court order
  • if we sell any part of our business and/or integrate it with another organisation your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs, the new owners of the business will only be permitted to use your information in the same or similar way as set out in this Privacy Notice
  • if you are connected to a corporate customer, we may share you information with your employer, with other corporate customers part of the same corporate group, with trading platforms and with introducers
  • to any person to (or through) whom we may assign or transfer, or with whom we may enter into any arrangement (such as a sub-participation, securitisation or credit insurance) by reference to, the rights, obligations and/or payments under any agreement or document (including without limitation any loan, facility, instrument or transaction) which you, or any corporate customer with which you are connected, has/have entered into with us

Where we share your personal data with third parties we ensure that we have appropriate measures in place to safeguard your personal data and to ensure that it is solely used for legitimate purposes in line with this Privacy Notice.

Information about third parties

Where you provide us with the personal data or confidential information of a third party, you must ensure that you provide them with a copy of this Privacy Notice so that they understand how their personal data will be used by BACB. You must also check that they are happy for you to provide us with their personal data. This will include where you provide information about another individual in your household or a joint account holder (if you are an individual retail or other individual customer), where information is provided about directors, shareholders and other employees (where our customer is a corporate customer), where information is provided about persons to whom payments are to be made and where information is provided about key contacts within our business suppliers.

How do we keep your information secure?

We enforce a policy of privacy by design on all Bank systems and services and implement a number of technical and organisational measures to keep your personal data secure. These include restricting data access to those whose roles requires it, firewalls, mobile device management, anti-malware, anti-phishing, web-security and back-up measures and information security training for our staff.

Where is your information stored/ processed?

We may disclose your information to service providers, representative offices of the Bank, and other third parties where necessary in connection with the purposes described in this Privacy Notice. Where the recipient is based in a country outside of the United Kingdom, we will put in place appropriate safeguards to ensure that your personal data remains adequately protected.

The table below illustrates the international transfers currently in place:

Type of International Transfer

Safeguards

Transfers to our Representative Offices from our UK office will only be undertaken where required to deliver a service for those who hold a relationship, either directly or through a corporate customer of ours, with the branch. We have Representative Offices in Cote D’ivoire, Libya and Algeria.

Same entity as BACB, the Representative Offices are covered by BACB policies and controls.

Transfers to external consultants where BACB requires local expertise. These will be dependant on the nature of the issue and will only be instructed where appropriate for a transaction or issue ongoing.

Data protection addendums based on the applicable EU Commission-approved Standard Contractual Clauses or UK International Data Transfer Addendum;

Other suitable mechanisms, including Binding Corporate Rules, approved Certifications or Codes of Conduct;

In exceptional cases, we may rely on statutory derogations for international data transfers.

Transfers to third parties and service providers BACB may contract a third party to undertake processing of Personal Data on our behalf where they offer a technical solution we require.

Data protection addendums based on the applicable EU Commission-approved Standard Contractual Clauses or UK International Data Transfer Addendum;

Other suitable mechanisms, including Binding Corporate Rules, approved Certifications or Codes of Conduct;

In exceptional cases, we may rely on statutory derogations for international data transfers.

If you would like more details about the safeguards, please contact the DPO.

For how long do we keep your information?

As a general rule we keep your personal data for the duration of our relationship with you and for a period of 5 years after our relationship ends. However, where we have statutory or regulatory obligations to keep personal data for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.

Your rights in relation to your information

Under the UK GDPR data subjects have a number of rights that they may exercise in relation to the processing of their personal data. At any time, you have the right:

  • to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
  • to request access to or a copy of any personal data which the Bank holds about you;
  • to rectification of your personal data, if you consider that it is inaccurate;
  • to erasure of your personal data, if you consider that we do not have the right to hold it;
  • to restrict processing of your personal data;
  • to data portability (moving some of your personal data elsewhere) in certain circumstances;
  • to object to your personal data being processed in certain circumstances; and
  • not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.

If you would like to exercise any of your rights or find out more, please contact our Data Protection Officer at DPO@bacb.co.uk. The table at the end of this Privacy Policy provides more detail about the information that we use, the lawful basis that we rely on in each case and your rights.

Complaints

If you have any complaints about the way we use your personal data please contact our Data Protection Officer at DPO@bacb.co.uk who will investigate and try to resolve the issue. If we do not resolve your complaint to your satisfaction then you have the right to complain to the Information Commissioner’s Office, further information on this process is available: https://ico.org.uk/make-a-comp....


Quick check of BACB's use of your personal data

Purpose

Data used

Lawful basis

Which rights apply?*

To make decisions about whether to enter into a contract with you

Information identifying you (including personal contact details and identity documents)

Source of funds and bank account information

Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Contractual necessity – steps required to enter into a contract

Legal obligation - we may be required to maintain a record of data linked to applications and subsequent relationships with the bank.

The generally applicable rights plus the right to data portability

To make decisions about whether to enter into a contract with a business with which you are connected

Information identifying you (including personal contact details and identity documents)

Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Legitimate interests – it is in our legitimate interests to conduct checks on key individuals within the business to determine whether to enter into a contract with the business.

Legal obligation - we may be required to maintain a record of data linked to applications and subsequent relationships with the bank.

The generally applicable rights plus the right to object

For business management and planning purposes, and accounting and auditing purposes

Details of your financial transactions and account balances

Legitimate interests – it is in our legitimate interests to use your personal data to assist us with business planning and to conduct audits and for accounting purposes

The generally applicable rights plus the right to object

To comply with statutory record keeping requirements and regulatory requirements

Information about your identity that we collect for anti-money laundering purposes

Information about your financial transactions with us and our interactions with you

Legal obligation – as a regulated business we are required to process some personal data to meet our regulatory obligations.

The generally applicable rights only

For marketing purposes

Information identifying you (including personal contact details)

Details of your financial transactions and account balances (where you are an individual retail or other individual customer)

Legitimate interests – it is in our legitimate interests to contact you about products and services that we think you might be interested in

Consent – Where you are not a customer of BACB, we will seek consent for marketing.

The generally applicable rights plus the right to object

Fraud and crime prevention

Information identifying you (including identity documents)

Source of funds, bank account information and details of your financial transactions (including where you are an individual retail or other individual customer)

Identity documents

Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Legitimate interests – it is in our legitimate interests to take steps to prevent and detect fraud and other crimes

Legal Obligations – we are legally required to take appropriate steps to prevent the bank being used to facilitate financial crime,

The generally applicable rights plus the right to object

To deal with legal disputes

Information identifying you (including personal contact details)

Details of your financial transactions and account balances (including where you are an individual retail or other individual customer)

Legitimate interests – it is in our legitimate interests to process your personal data where this is necessary to defend a legal claim or take legal action to protect our position

The generally applicable rights plus the right to object

To make/receive payments and administer an account (including where you are an individual retail or other individual customer)

Bank account information

Details of your financial transactions and account balances

Information identifying you (including personal contact details and identity documents)

Contractual necessity – to facilitate payments under the comtract

Legal obligations – we are required to maintain records of transactions for a number of years after a relationship ends.

The generally applicable rights plus the right to data portability

*The following generally applicable rights always apply: right to be informed, right of access, right to rectification, right to erasure, right to restriction and rights in relation to automated decision making. Please see the section Your rights in relation to your information above for more detail of your rights and how to exercise them.

Cookie Policy