Privacy Notice
Your privacy and the security of your personal data is very important to us. At Oman Arab Bank, hereinafter referred to as the “Bank”, we ensure that personal data you provided to us is always treated as private and confidential, afforded the highest level of security, and is processed in accordance with the local laws and regulations. This Privacy Notice, hereinafter referred to as “Notice”, aims to provide you with information on how we will use your personal data, what steps we will take to ensure it stays private and secured. In addition this note will inform you what personal data we collect and process about you as well as your data privacy rights and how you can exercise them.
How we collect your data
The Bank collects your data through one of the following methods:
– Directly: we obtain personal information directly from you in order to receive a service from the Bank or transacting with the Bank, including not limited to, log a complaint, enter a business relationship, or for other purposes depending on the services requested for or agreed upon.
– Indirectly: we may obtain personal information about you indirectly from a variety of sources, including: your broker, intermediaries, the Banks’s Affiliates; Cookies, device ID’s, social media, public sources, business partners, and recruitment services to better understand and serve you, satisfy a legal obligation, or in pursuance of another legitimate interest.
How we use your information
We collect your personal information for various reasons in relation to our services, products or interacting with us, and for other business purposes, including, but not limited to:
– to provide and manage your account(s) and our relationship with you.
– to give you statements and other information about your account or our relationship.
– to handle enquiries and complaints.
– to provide our services to you.
– to conduct assessment, testing, and analysis for statistical purposes or other analysis for market research purposes.
– to evaluate, develop, and improve our services to you and other customers.
– to protect our business interests and to develop our business strategies.
– to contact you, by post, phone, text, email and other digital methods.
– to collect any debts owing to us.
– to meet our regulatory compliance and reporting obligations in relation to protecting against financial crime.
– to assess any application you make.
– to monitor, record, and analyze any communications between you and us.
– to share your information with the Central Bank of Oman. Financial institutions, internal revenue services of united stated of America and any third parties such as local private credit bureau and other as deemed appropriate by the bank.
– to share your information with our partners and service providers and external auditors.
– recruitment and vetting agencies for prospective job applicants.
– client prospecting, marketing and selling agencies.
– in certain instances, Oman Arab Bank as Data Manager may be processing your personal data jointly with another Data Manager. In such situations, the Bank will continue to be your point of contact in relation to any requests or inquiries concerning your personal data.
– for purpose of litigation, consultation, legal advices or documentation of transactions.
On what legal grounds do we process your data
We rely on the following lawful reasons when we collect and process your personal information to operate our business, transacting with you, provide our products and services:
– Contractual obligation: we process your information if necessary for the entry and/or implementation of a contract with you, or for the conclusion of a contract at your request.
-Legitimate interests: we rely on legitimate interests based on our evaluation that the processing is fair, reasonable, and balanced.
– Legal obligations and public interests: we process personal information to comply with a legal obligation, to meet regulatory and public interest obligations or mandates.
– Consent: We will only process your personal information with your explicit written consent except for reasons permitted under the Law.
Which personal data do we collect and process
The personal data we collect includes data provided by you at the start of our relationship or at any time thereafter such as:
– Personal details such as name, date of birth, email, nationality, marital status, and gender and contact information.
– Current residential address and permanent residential address, and proof of address documents.
– Biometric data like (signature, finger print etc..).
– Insurance Information.
– Data about your identity including documents, details of ID cards, details of passports.
-Employer, employment status, job title, full name, email, address and telephone number(s) used for work purposes.
-Financial data: income and source of income, source of wealth, average account financial activity, and engagement data.
– Data about your tax status such overseas tax-identification number, FATCA forms, etc.
– Details of transactions done by you or by any of your connected persons including dates, amounts, currencies, and payer and payee details.
– Sound and visual images including CCTV footage.
– Digital identifiers (IP address, email).
– Cookies (please refer to our cookies policy)
– Risk rating information, e.g. credit risk rating and data about your ability to manage credit.
– Recruitment information and qualifications for prospective job applicants.
– Due diligence data, e.g. data required to comply with financial crime regulations (anti-money laundering, combating Finance of terrorism, etc.
– Other people’s information, such as witnesses, family and household members, emergency contacts, and guardians, which include their signatures, addresses and relationship with you.
– Legal dispute, complaints, and grievance information.
– Agreements, contracts, billing and commissions information.
– Security Information.
– Data about your geographic location, ATMs used, and branches you visit.
Sensitive personal data
We typically do not collect sensitive personal data or special categories of personal data about you. When we need to process sensitive personal data, it is with your consent, unless the information obtained is for the defense of legal claims or indirectly for a legitimate purpose in accordance with the Law.
How long do we keep your personal data
We retain personal information to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations, which we are subject to. We will dispose of your personal information in a secure manner when we no longer need it for the above justifications.
How we protect and safeguard your personal data
We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. We aim to ensure that access to your personal information is limited only to those who need to access it, and those individuals who have access to the information are required to maintain the confidentiality of such information.
If you are using online services of the Bank, you remain responsible for keeping your user ID and password confidential.
Who has access to your personal data and to whom it is disclosed
We keep your personal information confidential. However, in order to service your needs to the best of our ability, we may share your personal information with other parties bound via contractual agreements to safeguard your information and only process it under our strict instructions.
We may share the information about you and your dealings with us, to the extent allowed by law, with:
– External Auditors.
– Regulatory authorities, governmental bodies, financial crime prevention agencies, and tax authorities.
– Third Party Service Providers.
– Agents acting on behalf of the Bank.
– Courier and postal services.
– Credit reference organizations.
– Law firms, lawyers, or professional advisors.
– Other parties with which you have agreed to share your information with.
Transfer of data outside the Sultanate of Oman
In accordance with the Law, we may transfer your personal information to third party organizations outside the Sultanate of Oman when we have a business reason to engage these organizations. Each organization is required to safeguard personal information in accordance with our contractual obligations and the Law.
What are your rights and how you can exercise them:
– Right to request notification of processing: you can ask us to verify whether we are processing personal information about you, and if so, provide you with specific details regarding your information and the processing activities.
– Right to personal information portability: in some circumstances, where you have provided personal information to us, you can ask us to transmit that personal information (in a structured, commonly used, and machine-readable format) directly to another company if technically feasible.
– Right to withdraw consent: you can withdraw your consent that you have previously given to one or more specified purposes to process your personal information. This will not affect the lawfulness of any processing carried out before you withdrew your consent. It could mean we are not able to provide certain products or services to you and we will advise you if this is the case.
– Right to lodge a complaint: you have the right to lodge a complaint to the authorities if you believe the processing of your personal information was against the provisions of the Law.
– Right to be informed: you have the right to be informed of certain information at the time of information collection, such as details of the Bank, the purpose of processing, and any other necessary information.
– Right to object to direct marketing including profiling: you can object to our use of your personal information for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
– Right to demand rectification, blocking, or erasure: you have the right to submit an application to rectify, block, or erase your personal information, if the processing is done in contravention of the Law, and in particular if the data is incorrect, incomplete, or not updated, or if the processing is illegal.
Please note that our fulfillment to your requests may be subject to limitations, in certain circumstances, in accordance with the Law.
To submit a request to exercise any of these rights, please send an email to: Privacy.unit@oman-arabbank.com
Contact information
Oman Arab Bank
General Management
P.O. Box 2240, PC: 130 Al-Udhaibah – Sultanate of Oman,
Tel: 24754000, Swift: OMABOMRU, C.R.: 1223518
Website: www.oman-arabbank.com
For More Information
Should you require any clarifications regarding this Notice, please contact us at: Tel 24754000, Fax: 24797736 contactus@oman-arabbank.com
Changes to this Notice
We reserve the right to update this Notice to reflect changes to our information practices in alignment with the Laws and regulations. Any updates will become effective immediately after posting the updated Notice on our website.
Key Definitions:
- Automated Decision Making:is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data.
- Cookies: cookies are data generated by a websiteand saved by your web browser. It aims to remember information about you.
- Data Manager: a person who, either alone or jointly with other persons, determines the purposes or means of processing any particular personal data.
- Personal Data: any information in any form concerning an identified individual, or an individual who can, directly or indirectly, be identified by reference, in particular, to his or her personal identification number, or by reference to one or more factors specific to his or her physical, physiological, intellectual, cultural, economic, or social identity.
- Processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, including collecting, recording, organizing, classifying into groups, storing, adapting, altering, retrieving, using, disclosing by transmission, dissemination, transference or otherwise making available for others, or combining, blocking, erasing or destructing such data.
- Sensitive Personal Data: any personal data revealing – directly or indirectly- an individual’s race, ethnic origin, political or philosophical opinions, religious beliefs, union affiliations, personal criminal record, or any information in relation to his health.