Privacy Notice | BACB

Privacy Notice

Overview

This Privacy Notice explains how British Arab Commercial Bank plc (referred to in this policy as BACB, we or us) collects and uses personal information about you.

We take our data protection obligations seriously and it is important to us that you understand how we use your personal data. This Privacy Notice sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else that we think it is important for you to know.

This Privacy Policy covers, among other things, the following:

The table at the end of this policy provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your personal data and the rights that you have in relation to your personal data.
From time to time we may change the way we use your personal data.  Where we believe you may not reasonably expect such a change we will contact you by email to notify you of the change.

Contact details

BACB's contact details are as follows:

Address: BACB, 8-10 Mansion House Place, London EC4N 8BJ, UK
Telephone: +44 20 7648 7777

We have appointed a Data Protection Officer whom you can contact using the following details:

DPO@bacb.co.uk

What is personal data?

Personal data is any information that tells us something about you and from which you can be identified. This could include information such as name, contact details or date of birth. It may also include information about your financial affairs and transactions.

Whose personal data do we collect?

We collect information about our customers and individuals to whom we offer or provide our products and services and about individuals who are connected to our corporate customers, such as employees, directors, shareholders and payees, and contacts at our business suppliers (each referred to as you).  This notice explains how we use this information in order to conduct our business.

How do we collect personal data?

We may collect personal data about you from various sources including:

  • from you when you contact us directly during our business relationship with you
  • from a corporate customer with which you are connected when they contact us about their business relationship with us
  • from joint account holders
  • from credit reference agencies who may search the Electoral Register
  • fraud prevention agencies
  • from introducers
  • from trading platforms or businesses if you are connected to one of our corporate customers
  • from your employer if you are one of our supplier contacts

What information do we collect?

We may collect the following categories of information about you:

  • Personal contact details such as name, title, address, telephone number and email addresses
  • Gender
  • Date and place of birth
  • Nationality
  • Tax residence status
  • Details of public positions held
  • Source of funds and bank account information
  • Bankruptcy information
  • Identity documents such as a copy of your passport or identity card and utility bills
  • Marital status
  • Details of your financial transactions (including account balances)

How do we use your information?

We use your information for the purposes set out below.

If you are an individual retail or other individual customer:

  • When considering your account application, we will make searches about you, including at credit reference agencies and other agencies and databases, to help us verify your identity and to prevent and detect crime and money laundering.  This is to ensure that we are taking instructions from the correct person and enables us to comply with our anti-money laundering requirements and the FCA rules.  This is not a credit check and will leave a different footprint on your electronic record from that left by a credit check
  • We will use your personal data to process and store your account application, understand your requirements, manage your accounts and deposits, give you statements, provide our services and products, and to prevent and detect fraud, money laundering and other crimes.  We will also use your personal data to comply with our anti-money laundering requirements and to comply with our obligations to, and the requests of, any governmental, banking, taxation or other regulatory authority or similar body
  • We may use your personal data to inform you by post, telephone, SMS or email about other similar products and services which may be of interest to you if you have opted in to receive such communications or if we are otherwise entitled to.  If you no longer want us to contact you about such products and services, you may opt out by contacting DPO@bacb.co.uk
  • We will also use your personal data for business management and planning purposes, including accounting, auditing and compliance with statutory record keeping requirements and to deal with legal disputes

If you are connected to one of our corporate customers:

  • When considering the account application for a customer, we will make searches about directors and shareholders, including at credit reference agencies and other agencies and databases, to help us verify your identity and to prevent and detect crime and money laundering.  This enables us to comply with our anti-money laundering requirements and the FCA rules.  This is not a credit check and will leave a different footprint on your electronic record from that left by a credit check
  • We will use your information to help us administer our relationship with the corporate customer, for example by processing payment instructions for the corporate customer
  • We will also use your personal data to comply with our anti-money laundering requirements and to comply with our obligations to, and the requests of, any governmental, banking, taxation or other regulatory authority or similar body
  • We may use your personal data to inform you by post, telephone, SMS or email about other similar products and services which may be of interest to you if you have opted in to receive such communications or if we are otherwise entitled to.  If you no longer want us to contact you about such products and services, you may opt out by contacting DPO@bacb.co.uk

If you are a contact at one of our business suppliers:

  • We will use your information to help us administer our relationship with the supplier

What is the legal basis that permits us to use your information?

Under data protection legislation we are only permitted to use your personal data if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal bases to use your information for business-related purposes:

  • Where it is necessary to enter into or perform our contract with you or a corporate customer or a business supplier with which you are connected, for example, we need information identifying you in order to open and administer an account
  • Where we need to comply with a legal obligation, for example where we are obliged to verify your identity to comply with anti-money laundering regulations
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, for example, when we carry out checks for fraud, money laundering and crime prevention purposes or when we contact you for marketing purposes

In more limited circumstances we may also rely on the following legal bases:

  • Where we need to protect your interests (or someone else's interests)
  • Where it is needed in the public interest or for official purposes

The table at the end of this Privacy Policy provides more detail about the information that we use, the legal basis that we rely on in each case and your rights.

Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:

  • In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent
  • If you voluntarily provide us with information that constitutes special data, for example, if you inform us about health issues to help us manage our relationship with you
  • We will use information about your political opinions and those of your immediate family and close associates if they are relevant to establishing your status as a “Politically Exposed Person” for the purposes of anti-bribery laws

What happens if you do not provide information that we request?

We need some information so that we can comply with our legal obligations. For example, we need information from you so that we can comply with our regulatory requirements to verify your identity before we can offer our services to a new customer. We also need some information to perform our contract with you, for example, we need your contact and financial details to administer your account.

Where information is needed for these purposes and you do not provide it, we will not be able to provide services to you. We will explain when this is the case at the point where we collect information from you.

How do we share your information?

We share your personal data in the following ways:

  • our employees, consultants, and professional advisors
  • licensed credit reference and/or fraud prevention agencies to help make decisions during an application for our products and services and on an ongoing basis.  This information will be used to decide whether to continue to make products and services available to you.  Our enquiries or searches (and the results of each of them) may be recorded and such agencies may supply us with financial information about you
  • contractors who provide a service to us or are acting as our agents, on the understanding that they will keep the personal data and other confidential information about you confidential and secure. This will include our online platform provider and may include suppliers who provide us with IT systems and support services, auditors and companies that assist us with regulatory reporting
  • other third parties where we are required or requested by any governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange, or pursuant to any applicable law, regulation or court order
  • if we sell any part of our business and/or integrate it with another organisation your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs the new owners of the business will only be permitted to use your information in the same or similar way as set out in this privacy notice
  • if you are connected to a corporate customer, we may share you information with your employer, with online trading platforms and with introducers
  • to any person to whom we may potentially transfer our rights under any agreement (including without limitation any loan facility) which you, or any organisation with which you are employed, associated or connected, have/has entered into with us.  If this occurs, the transferee of the relevant agreement will only be permitted to use your information in the same or similar way as set out in this privacy notice.

Where we share your personal data with third parties we ensure that we have appropriate measures in place to safeguard your personal data and to ensure that it is solely used for legitimate purposes in line with this Privacy Notice.

Information about third parties

Where you provide us with the personal data or confidential information of a third party, you must ensure that you provide them with a copy of this Privacy Notice so that they understand how their personal data will be used by BACB. You must also check that they are happy for you to provide us with their personal data. This will include where you provide information about another individual in your household or a joint account holder (if you are an individual retail or other individual customer), where information is provided about directors, shareholders and other employees (where our customer is a corporate customer), where information is provided about persons to whom payments are to be made and where information is provided about key contacts within our business suppliers.

How do we keep your information secure?

We have in place a number of measures to keep your personal data secure. These include firewalls, mobile device management, anti-malware, anti-phishing, web-security and back-up measures and information security training for our staff.

Where is your information stored?

If you are an individual retail or other individual customer we do not transfer any of your personal data outside the UK or the European Economic Area.

If you are connected to a corporate customer we may need to transfer your personal data outside of the UK and the European Economic Area to other offices or representative offices of the Bank, its service providers and other third parties where necessary in connection with the purposes described in this Privacy Notice. Where the recipient is based in a country outside of the European Economic Area, we will put in place appropriate safeguards to ensure that your personal data remains adequately protected, including putting in place standard contractual clauses with the recipient of the data, using Binding Corporate Rules or relying on adequacy decisions published by the European Commission, as appropriate. Details of these adequacy mechanisms can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. If you would like more details about the safeguards we rely on, please contact the DPO.

For how long do we keep your information?

As a general rule we keep your personal data for the duration of our relationship with you and for a period of 6 years after our relationship ends. However, where we have statutory or regulatory obligations to keep personal data for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.

Your rights in relation to your information

You have a number of rights in relation to your personal data, these include the right to:

  • be informed about how we use your personal data
  • obtain access to your personal data that we hold
  • request that your personal data is corrected if you believe it is incorrect, incomplete or inaccurate
  • request that we erase your personal data in the following circumstances:
    • if BACB is continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected
    • if BACB is relying on consent as the legal basis for processing and you withdraw consent
    • if BACB is relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing
    • if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation)
    • if it is necessary to delete the personal data to comply with a legal obligation
  • ask us to restrict our data processing activities where you consider that:
    • personal data is inaccurate
    • our processing of your personal data is unlawful
    • where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim
    • where you have raised an objection to our use of your personal data
  • request a copy of certain personal data that you have provided to us in a commonly used electronic format (this is known as the right of data portability). This right relates to personal data that you have provided to us that we need in order to perform our agreement with you and personal data where we are relying on consent to process your personal data
  • object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal data
  • not be subject to automated decisions which produce legal effects or similarly significant effects on you

If you would like to exercise any of your rights or find out more, please contact our Data Protection Officer at DPO@bacb.co.uk. The table at the end of this Privacy Policy provides more detail about the information that we use, the legal basis that we rely on in each case and your rights.

Complaints

If you have any complaints about the way we use your personal data please contact our Data Protection Officer at DPO@bacb.co.uk who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in the UK).

Quick check of BACB's use of your personal data

PurposeData usedLegal basisWhich rights apply?*

To make decisions about whether to enter into a contract with you

  • Information identifying you (including personal contact details and identity documents)
  • Source of funds and bank account information
  • Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Contractual necessity

The generally applicable rights plus the right to data portability

To make decisions about whether to enter into a contract with a business with which you are connected

  • Information identifying you (including personal contact details and identity documents)
  • Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Legitimate interests – it is in our legitimate interests to conduct checks on key individuals within the business to determine whether to enter into a contract with the business.

The generally applicable rights plus the right to object

For business management and planning purposes, and accounting and auditing purposes

  • Details of your financial transactions and account balances

 

Legitimate interests – it is in our legitimate interests to use your personal data to assist us with business planning and to conduct audits and for accounting purposes

The generally applicable rights plus the right to object

To comply with statutory record keeping requirements and regulatory requirements

  • Information about your identity that we collect for anti-money laundering purposes
  • Information about your financial transactions with us and our interactions with you

Legal obligation

The generally applicable rights only

For marketing purposes

  • Information identifying you (including personal contact details)
  • Details of your financial transactions and account balances (where you are an individual retail or other individual customer)

Legitimate interests – it is in our legitimate interests to contact you about products and services that we think you might be interested in

The generally applicable rights plus the right to object

Fraud and crime prevention

  • Information identifying you (including identity documents)
  • Source of funds, bank account information and details of your financial transactions (including where you are an individual retail or other individual customer)
  • Identity documents
  • Results of enquiries and searches at licensed credit reference and/or fraud prevention agencies

Legitimate interests – it is in our legitimate interests to take steps to prevent and detect fraud and other crimes

The generally applicable rights plus the right to object

To deal with legal disputes

  • Information identifying you (including personal contact details)
  • Details of your financial transactions and account balances (including where you are an individual retail or other individual customer)

Legitimate interests – it is in our legitimate interests to process your personal data where this is necessary to defend a legal claim or take legal action to protect our position

The generally applicable rights plus the right to object

To make/receive payments and administer an account (including where you are an individual retail or other individual customer)

  • Bank account information
  • Details of your financial transactions and account balances
  • Information identifying you (including personal contact details and identity documents)

Contractual necessity

The generally applicable rights plus the right to data portability

*The following generally applicable rights always apply: right to be informed, right of access, right to rectification, right to erasure, right to restriction and rights in relation to automated decision making. Please see the section Your rights in relation to your information above for more detail of your rights and how to exercise them.

International Expertise learn more about our expertise