INTRODUCTION

Emirates NBD Bank PJSC , (referred to as “we”, “us”, “our” or “ENBD” in this Data Privacy Notice) primarily refers to all the Personal Data that is collected and used about ENBD Customers for the purposes of the Consumer Protection Regulations and Standards and the UAE Personal Data Protection Law. Emirates NBD Bank PJSC is part of the Emirates NBD Group.

ENBD is registered in Baniyas Road, Deira, P.O. Box: 777, Dubai, UAE

This Data Privacy Notice, herein referred to as the "Notice", describes the types of Personal Data ENBD collects, how this data is used, stored and shared, and your choices regarding this data. ENBD is the Data Controller for the Personal Data collected in connection with the use of ENBD Services.

SCOPE

This Notice applies to all Customers of ENBD Services, including Customers of ENBD’s mobile application, websites, branches, call centres, Automated Teller Machines, Cash Deposit Machines, Interactive Teller Machines, and any other banking Services (collectively, the “Services”) and through other interactions and communications you may have with us. This Notice specifically applies to:

  • Consumers/Customers;
  • Personal Data collected/received by ENBD through and in connection with the various Services provided.

ENBD is committed to providing you with exceptional banking Services and want you to have confidence in the way ENBD use your Personal Data. Emirates NBD is committed to protecting your privacy and your Personal Data.

Further this Notice explains the various measures ENBD have in place to protect the security of your Personal Data and minimise the potential for its unauthorised use, disclosure, and destruction.

YOUR DATA PRIVACY JOURNEY WITH US

ENBD may act as a "Data Controller" or a “Data Processor” in relation to your Personal Data.

Who is a Data Controller? ENBD will act as a Data Controller when processing your Personal Data. A Data Controller is an entity who solely, or jointly with others, determines the purposes (“why”) and means (“how”) of Personal Data Processing. In most cases, ENBD will act as the Data Controller when Processing your Personal Data – this means ENBD will decide on how to collect, process, and use Personal Data in this role.

Who is a Data Processor? In some other cases, ENBD will act as a Data Processor when Processing your Personal Data on behalf of another ENBD Group entity. In these cases, ENBD will perform the Processing of the Personal Data under the specific instructions from the ENBD Group entity acting as the Controller.

If you have any questions about how ENBD use your Personal Data, you can contact us by using the “Contact Us” information at the end of this Notice.

CONFIDENTIALITY OF PERSONAL DATA

When ENBD collects Personal Data, ENBD provides a safe, secure, and confidential environment in all our delivery channels to ensure that your Personal Data remains private and used for the purposes for which it is obtained and held.

ENBD has a legal obligation to keep your data confidential, however, ENBD may disclose your data to a third party where:

  • ENBD is legally obliged to do so. In circumstances where the disclosure of your data is imposed by a legal and/or regulatory authority, including but not limited to courts.
  • In circumstances where the disclosure is made with your express consent or through a representative nominated by you.

Personal Data and Processing have specific meanings under the UAE Applicable Laws. It is important that you understand these terms.

What is Personal Data?

Personal Data as per the Applicable Laws means, any data which relates to a living individual who can be identified directly or indirectly from that data. The definition includes a wide range of personal identifiers that constitute Personal Data, including but not limited to:

  • Identification information (e.g., name, date of birth, government-issued ID)
  • Contact information (e.g., address, email address, phone number)
  • Financial information (e.g., account numbers, transaction history, credit score reports)
  • Employment information (e.g., occupation, employer)

Demographic information (e.g., gender, marital status)

What is Processing?

Processing means any action taken on Personal Data, e.g. viewing, collecting, using, storing, sharing, manipulating, printing, copying, archiving etc.

Personal Data That You Provide To Us

ENBD collects Personal Data directly from you as our Customer or Prospective Customer. ENBD collects information you provide directly to us through your access or use of ENBD Products and Services. For example, when you apply for a product or Service on our website(s), by telephone or when you enter an ENBD premises and share/provide Personal Date with one of ENBD’s employees.

Personal Data ENBD Collects About You From Other Sources

ENBD may collect Personal Data about you from other sources such as, but not limited to the following:

  • Representative(s) of a corporate client.
  • Legal representatives (power of attorney) of a client.
  • People appointed to act on your behalf.
  • Joint Account holder.
  • Other Emirates NBD Group entities, including their Branches, Subsidiaries, etc.
  • Other Financial Institutions.
  • Your employer.
  • Al Etihad Credit Bureau (“AECB") and other government authorized Credit Information Agencies.
  • Digital identity solutions.
  • Government databases.
  • Law enforcement officials.
  • Regulatory bodies such as CBUAE, etc.
  • Co-borrowers/guarantors.
  • Criminal records check from organisations authorised to provide this data.
  • Beneficiaries of your payment transactions.
  • Nominated contact person by an existing account holder.
  • Third party providers and partners to help us improve the Personal Data ENBD hold and to provide more relevant and interesting products and Services to you.
  • Reference contacts provided in the application form by you.
  • Publicly available sources.

Personal Data ENBD May Collect About Other Individuals

In certain circumstances, ENBD may be provided Personal Data by you about individuals who do not have a direct relationship with us. This may happen, for instance, when you provide us with Personal Data about:

  • Beneficiaries of your payment transactions.
  • Guarantors.
  • Employers of ENBD Customers.
  • Landlords.
  • Legal representatives (power of attorney) of a client.
  • Next of Kin.
  • Reference contacts provided in the application Representative(s) of a corporate client.
  • Shareholder(s)/Director(s) of a corporate client.
  • Spouses.
  • Successors and right holders.
  • Reference contacts requested at the time of availing Services from the Bank.
  • Ultimate beneficial owners.
  • Form by an ENBD (prospective) Customer.
  • Contact persons details.

Personal Data includes information that ENBD collect and process about you depending on the products or Services you obtain or receive.

The below is a non-exhaustive list which highlights some, but not all, examples of categories of Personal Data ENBD collect about you:

Category Description Example Lawful Basis
Account Management

Used to administer your account with ENBD.

Used to identify you when you sign-in to your account.

Used to provide you with Services, and to fulfil your requests for certain products and Services, such as issuance of Debit and Credit cards, Personal finance services (Auto finance, home finance, etc.), etc.

To enable ENBD to process your data for the sole purpose of administering your relationship with the Bank. Consent
Account Opening

Used for the setup and management of Customer accounts, including meeting the regulatory requirements such as KYC (Know Your Customer) process.

To enable Customers to create an Account, log in to your instance on the ENBD App, or verify their credentials. Consent
Analytics

Used to collect data about how Customers use the ENBD App or how it performs.

Used to understand how you use and interact with our Services and the people or things you’re connected to and interested in.

To see how many Customers are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements. Consent
App Functionality

Used for Features that are Available in the App.

Used to improve the design and functionality of ENBD channels for a better Customer experience.

To enable app features, or to authenticate Customer. Consent
Decline Onboarding

If your application is declined, ENBD will store your Personal Data in accordance with the ENBD record retention procedures and to comply with ENBD legal and regulatory obligations.

To keep track of the reasons for the declining of Onboarding to be used as reference, if and when the Customer approaches the Bank again. Consent
Developer Communications

Used to send news or notifications about the app or the developer.

Sending a push notification to inform Customers about an important security update. Consent
Financial Mediations / Debt Recovery

Used to authorise debt Service partners to carry out collection activities on ENBD behalf.

Used to recover debt and exercise other rights ENBD have under any agreement with ENBD Customers as well as to protect ENBD against harm to ENBD rights and interests in property.

Partners of ENBD engage with Customers who have defaulted, to settle their liabilities with ENBD. Consent
Fraud Prevention, Security and Compliance

Used for fraud prevention, security, or compliance with laws.

Used to prevent and detect fraud, money laundering and other crimes such as identity theft.

Monitoring failed login attempts, geolocations, device information (e.g., model number, OS information), IP address, etc., to identify possible fraudulent activity. Consent
General Correspondence

Personal Data you give to us by filling in any of ENBD forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.

To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning ENBD website or apps. Consent
Personalised Commercial and Promotional Communications (Marketing)

To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and Services than the ones previously contracted or acquired from ENBD.

This also includes for the purpose of conducting market research and accompanying statistical analysis to better understand our Customer base and the markets in which we operate.

ENBD sends Customers a promotional email or SMS relating to a Product or Service on offer. Consent
Regulatory Requests

To handle requests and instructions from regulators, law enforcement Agencies, etc. that require specific information about individuals.

To meet the legal and regulatory obligations ENBD has, as a Licenced Financial Institution, governed by the CBUAE. Consent
Satisfaction Surveys

To contact you for your opinions about ENBD Services including through surveys and other market research.

Sending Customer satisfaction surveys. Consent
Service Communications

Used to keep Customers informed of the products and Services they are availing of.

Used to tell you about important updates and changes to ENBD channels, including to ENBD Notice and other Policies and Terms.

Sending Customers reminders to update their Personal Data in the App such as their mobile number and home address. Consent
Video Protection (CCTV)

Used at ENBD premises and ATMs for security purposes.

To protect ENBD Customers, employees, visitors, and its premises. Legitimate Interest

ENBD only discloses your Personal Data outside of ENBD in limited circumstances. Third parties for the purpose of this section would mean any entity separate from ENBD, such as third party service providers, business partners, regulatory authorities, credit agencies, etc. If ENBD does share the Personal Data outside of ENBD, we will put in place appropriate controls and data sharing/processing agreements that require recipients to protect your Personal Data, unless ENBD is legally obliged to share that Personal Data. All contractors or recipients that work for ENBD will be contractually obligated to follow ENBD instructions. ENBD does not sell your Personal Data to third parties.

ENBD may disclose your Personal Data to ENBD third-party Service providers, agents, and subcontractors (Suppliers) for the purposes of providing Services to us or directly to you on ENBD’s behalf within and outside the UAE.

When ENBD uses Suppliers, ENBD only discloses to them the Personal Data that is necessary to provide their Services and only where ENBD has a contract in place which requires them to keep your Personal Data secure and not to use it other than in accordance with ENBD’s specific instructions.

ENBD take steps to ensure that any third-party service providers who handle your Personal Data comply with the Applicable Laws and protect your Personal Data to the same extent that ENBD does. ENBD will aim to anonymise your Personal Data or use aggregated non-specific data sets where possible. Find below the supporting Schedule with a list of categories of third parties with whom ENBD may share your data.

All sharing of Personal Data with third parties shall be based on the consent from you, unless obliged to do so, to comply with the Applicable laws and other legal and regulatory requirements.

Category of Third Party Description of Service Provided Lawful Basis of Processing
Account Holders

ENBD may share your Personal Data with any joint account holders, guarantors, trustees or beneficiaries assigned by you at the onset or during the course of receiving ENBD products/Services.

Consent
Affiliates

ENBD may share your Personal Data with companies within the Emirates NBD Group who may support us in any of the purposes set out in this Notice to improve and enhance the Customer experience.

Consent
Analytics Providers

ENBD may share your Personal Data with analytics providers that assist us in the optimisation of ENBD website and apps including by measuring the performance of ENBD online campaigns and analysing visitor activity.

Consent
Asset Purchasers

ENBD may share your Personal Data with any third party that purchases, or to which ENBD transfer, all or substantially all of ENBD assets and business. Should such a sale or transfer occur, ENBD will engage best efforts to try to ensure that the entity to which ENBD transfer your Personal Data uses it in a manner that is consistent with this Notice.

Consent
Business Partners

ENBD may share your Personal Data with ENBD business partners, together with whom ENBD provide Services such as hotels, restaurants, airline partners (whose logo may appear on a credit card ENBD provide) and Service providers or agents who provide Services on their behalf.

Business partners may also include any entity (including its professional advisors and authorised representatives), who provide funding to ENBD or members of the ENBD Group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business.

Business Partners may also include any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with ENBD.

Consent
Courts, Regulators, and Government Authorities

ENBD may share your Personal Data with these parties where ENBD believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect ENBD rights or the rights of any third party.

To investigate or address claims or disputes relating to the use of ENBD’s Services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement.

To perform the role of collaborators, where Services require their involvement.

Consent
Credit Information Agencies

ENBD may share your Personal Data with government-authorised Credit Information Agencies and fraud prevention agencies to comply with ENBD’s legal and regulatory obligations.

Consent
Debt Collection Agencies

ENBD may share your Personal Data with any entity used for the recovery or collection of receivables to the bank from delinquent or defaulted Customers.

Consent
Postal Services and Couriers

ENBD may share your Personal Data with any entity used for the purpose of postal and courier services.

Consent
Fund Managers

ENBD may share your Personal Data with fund managers who provide asset management Services to you and any brokers who introduce you to us or deal with us for you.

Consent
Guarantors

ENBD may share your Personal Data with any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with ENBD.

This type of processing is necessary for the fulfilment of our contract with you, for example to enable us to recover any sums we have advanced under our agreement with you.

Consent
Insurance Providers

ENBD may share your Personal Data with insurance providers, including underwriters, brokers and associated parties.

Consent
Intermediaries/Brokers through whom you are our Customers

ENBD may share your Personal Data with third-parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help ENBD to resolve any complaint made by you and/or any dispute between you and ENBD.

This type of processing allows us to ensure that the intermediary or broker is fulfilling the terms of their contract with us and for us to fulfil our legal and regulatory obligations.

Consent
IT Service Providers

System based processing of personal details as part of organisational/ operational requirements. E.g. cloud hosting Services; application development and support Services; IT Infrastructure Services; email Services; communication Services providers, call recording Services. Help maintain the safety, security, and integrity of ENBD Services and Customer.

Consent
Law Enforcement Agencies & Authorities

To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences.

Legal Obligation
Legal/Professional Advisors

The provision of business consulting, audit and legal Services including access to and analysis of Personal Data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice.

Consent
Payment Processing Services

ENBD may share your Personal Data with providers of payment-processing Services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements.

Consent
Representatives

ENBD may share your Personal Data with anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney or Letter of Authorisation.

Consent
Social Media Agencies

ENBD may share your Personal Data with social media companies so they can display messages to you about ENBD products and Services or make sure you do not get irrelevant messages.

Consent
Other Third Parties

Provide, maintain, and improve ENBD Services, including, for example, to facilitate payments, send receipts, provide products and Services you request (and send related information), develop new features, provide User support to Customer, develop safety features, authenticate Customer, and send product updates and administrative messages.

Perform internal administration and operations, including, for example, to prevent fraud and abuse of ENBD Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends.

Send you communications ENBD think will be of interest to you, including information about products, Services, promotions, news, and events of ENBD, where permissible and according to local applicable laws.

Notify you about changes to ENBD terms, Services or policies and other communications that aren’t for the purpose of marketing the Services or products of ENBD or its partners.

Consent

The way ENBD analyses Personal Data relating to ENBD Services may involve profiling or other automated methods to make decisions about you that relate to the following:

  • Credit and affordability checks (including credit limits) - ENBD will consider several factors including information about your income, expenses and how well you have kept up on payments in the past.
  • Various checks from a Compliance standpoint.
  • Monitoring your account for fraud and other financial crime - ENBD will assess your transactions to identify any that are unusual.
  • Assessments required by regulators and appropriate authorities - certain details in your information may suggest that you are likely to become financially vulnerable and ENBD may need to help you.

ENBD needs your Personal Data to provide you with the Services or products requested by you. ENBD also needs to capture expressed consent to be able to process the Personal Data for fulfilling ENBD’s contractual and legal obligations.

If you do not provide us with the requested Personal Data and the consent to process your Personal Data, ENBD may have to decline your request for our Product(s) and/or Service(s), or if ENBD is already providing you with the product(s) and Service(s), ENBD may need to suspend or stop providing you with the product(s) or Service(s), which can lead to closure of your banking relationship with us, subject to compliance with ENBD’s legal obligations to retain data.

It is voluntary for you to provide us your Personal Data or consent for direct sales or marketing purposes.

ENBD makes it clear on the ENBD physical application forms, during your onboarding digitally and on all communications received from the Bank as to what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*). ENBD requests your consent to process such data for direct sales and marketing purposes. It further gives you an option to choose what are the channels through which you desire to be contacted.

You can choose to stop receiving further marketing communications at any time by:

  • Calling ENBD Customer Call Centre on +600 54 0000
  • Sending a text message saying “NOOFFERS” to 4456 to stop receiving messages by email and sms.
  • Sending a text message saying "NOCALLS” to 4456 to stop receiving direct sales calls.
  • Changing ENBD marketing preferences in your ENBD Application account.
  • Visiting emiratesnbd.com/commspreference.

ENBD operates channels, pages and accounts on some social media sites to inform, assist and engage with customers.

ENBD is not responsible for any information posted on those sites other than information Emirates NBD has posted ourselves. ENBD does not endorse the social media sites themselves or any information posted on them by third parties.

ENBD collects Personal Data about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using ENBD cookie preference centre on the ENBD website and app.

  • Technical information, such as your IP address and device ID.
  • Information about your visit, such as your URL and website interaction.
  • Location data, with your approval, used to show you the location of the nearest branch or ATM based on your IP address, coordinates or a unique device code.
  • Networks and connections, when you interact with us and the people and groups that you are connected to (for example, through social media).

ENBD is a global organisation, and your Personal Data may be stored or processed in any country where ENBD has facilities or in which ENBD engages Service providers and subcontractors. ENBD has put in place appropriate safeguards in accordance with applicable legal and data protection requirements to ensure that your data is adequately protected.

Personal Data and Processing have specific meanings under the UAE Applicable Laws. It is important that you understand these terms.

What is Personal Data?

Personal Data as per the Applicable Laws means, any data which relates to a living individual who can be identified directly or indirectly from that data. The definition includes a wide range of personal identifiers that constitute Personal Data, including but not limited to:

  • Identification information (e.g., name, date of birth, government-issued ID)
  • Contact information (e.g., address, email address, phone number)
  • Financial information (e.g., account numbers, transaction history, credit score reports)
  • Employment information (e.g., occupation, employer)

Demographic information (e.g., gender, marital status)

What is Processing?

Processing means any action taken on Personal Data, e.g. viewing, collecting, using, storing, sharing, manipulating, printing, copying, archiving etc.

Personal Data That You Provide To Us

ENBD collects Personal Data directly from you as our Customer or Prospective Customer. ENBD collects information you provide directly to us through your access or use of ENBD Products and Services. For example, when you apply for a product or Service on our website(s), by telephone or when you enter an ENBD premises and share/provide Personal Date with one of ENBD’s employees.

Personal Data ENBD Collects About You From Other Sources

ENBD may collect Personal Data about you from other sources such as, but not limited to the following:

  • Representative(s) of a corporate client.
  • Legal representatives (power of attorney) of a client.
  • People appointed to act on your behalf.
  • Joint Account holder.
  • Other Emirates NBD Group entities, including their Branches, Subsidiaries, etc.
  • Other Financial Institutions.
  • Your employer.
  • Al Etihad Credit Bureau (“AECB") and other government authorized Credit Information Agencies.
  • Digital identity solutions.
  • Government databases.
  • Law enforcement officials.
  • Regulatory bodies such as CBUAE, etc.
  • Co-borrowers/guarantors.
  • Criminal records check from organisations authorised to provide this data.
  • Beneficiaries of your payment transactions.
  • Nominated contact person by an existing account holder.
  • Third party providers and partners to help us improve the Personal Data ENBD hold and to provide more relevant and interesting products and Services to you.
  • Reference contacts provided in the application form by you.
  • Publicly available sources.

Personal Data ENBD May Collect About Other Individuals

In certain circumstances, ENBD may be provided Personal Data by you about individuals who do not have a direct relationship with us. This may happen, for instance, when you provide us with Personal Data about:

  • Beneficiaries of your payment transactions.
  • Guarantors.
  • Employers of ENBD Customers.
  • Landlords.
  • Legal representatives (power of attorney) of a client.
  • Next of Kin.
  • Reference contacts provided in the application Representative(s) of a corporate client.
  • Shareholder(s)/Director(s) of a corporate client.
  • Spouses.
  • Successors and right holders.
  • Reference contacts requested at the time of availing Services from the Bank.
  • Ultimate beneficial owners.
  • Form by an ENBD (prospective) Customer.
  • Contact persons details.

Personal Data includes information that ENBD collect and process about you depending on the products or Services you obtain or receive.

The below is a non-exhaustive list which highlights some, but not all, examples of categories of Personal Data ENBD collect about you:

Category Description Example Lawful Basis
Account Management

Used to administer your account with ENBD.

Used to identify you when you sign-in to your account.

Used to provide you with Services, and to fulfil your requests for certain products and Services, such as issuance of Debit and Credit cards, Personal finance services (Auto finance, home finance, etc.), etc.

To enable ENBD to process your data for the sole purpose of administering your relationship with the Bank. Consent
Account Opening

Used for the setup and management of Customer accounts, including meeting the regulatory requirements such as KYC (Know Your Customer) process.

To enable Customers to create an Account, log in to your instance on the ENBD App, or verify their credentials. Consent
Analytics

Used to collect data about how Customers use the ENBD App or how it performs.

Used to understand how you use and interact with our Services and the people or things you’re connected to and interested in.

To see how many Customers are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements. Consent
App Functionality

Used for Features that are Available in the App.

Used to improve the design and functionality of ENBD channels for a better Customer experience.

To enable app features, or to authenticate Customer. Consent
Decline Onboarding

If your application is declined, ENBD will store your Personal Data in accordance with the ENBD record retention procedures and to comply with ENBD legal and regulatory obligations.

To keep track of the reasons for the declining of Onboarding to be used as reference, if and when the Customer approaches the Bank again. Consent
Developer Communications

Used to send news or notifications about the app or the developer.

Sending a push notification to inform Customers about an important security update. Consent
Financial Mediations / Debt Recovery

Used to authorise debt Service partners to carry out collection activities on ENBD behalf.

Used to recover debt and exercise other rights ENBD have under any agreement with ENBD Customers as well as to protect ENBD against harm to ENBD rights and interests in property.

Partners of ENBD engage with Customers who have defaulted, to settle their liabilities with ENBD. Consent
Fraud Prevention, Security and Compliance

Used for fraud prevention, security, or compliance with laws.

Used to prevent and detect fraud, money laundering and other crimes such as identity theft.

Monitoring failed login attempts, geolocations, device information (e.g., model number, OS information), IP address, etc., to identify possible fraudulent activity. Consent
General Correspondence

Personal Data you give to us by filling in any of ENBD forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.

To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning ENBD website or apps. Consent
Personalised Commercial and Promotional Communications (Marketing)

To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and Services than the ones previously contracted or acquired from ENBD.

This also includes for the purpose of conducting market research and accompanying statistical analysis to better understand our Customer base and the markets in which we operate.

ENBD sends Customers a promotional email or SMS relating to a Product or Service on offer. Consent
Regulatory Requests

To handle requests and instructions from regulators, law enforcement Agencies, etc. that require specific information about individuals.

To meet the legal and regulatory obligations ENBD has, as a Licenced Financial Institution, governed by the CBUAE. Consent
Satisfaction Surveys

To contact you for your opinions about ENBD Services including through surveys and other market research.

Sending Customer satisfaction surveys. Consent
Service Communications

Used to keep Customers informed of the products and Services they are availing of.

Used to tell you about important updates and changes to ENBD channels, including to ENBD Notice and other Policies and Terms.

Sending Customers reminders to update their Personal Data in the App such as their mobile number and home address. Consent
Video Protection (CCTV)

Used at ENBD premises and ATMs for security purposes.

To protect ENBD Customers, employees, visitors, and its premises. Legitimate Interest

ENBD only discloses your Personal Data outside of ENBD in limited circumstances. Third parties for the purpose of this section would mean any entity separate from ENBD, such as third party service providers, business partners, regulatory authorities, credit agencies, etc. If ENBD does share the Personal Data outside of ENBD, we will put in place appropriate controls and data sharing/processing agreements that require recipients to protect your Personal Data, unless ENBD is legally obliged to share that Personal Data. All contractors or recipients that work for ENBD will be contractually obligated to follow ENBD instructions. ENBD does not sell your Personal Data to third parties.

ENBD may disclose your Personal Data to ENBD third-party Service providers, agents, and subcontractors (Suppliers) for the purposes of providing Services to us or directly to you on ENBD’s behalf within and outside the UAE.

When ENBD uses Suppliers, ENBD only discloses to them the Personal Data that is necessary to provide their Services and only where ENBD has a contract in place which requires them to keep your Personal Data secure and not to use it other than in accordance with ENBD’s specific instructions.

ENBD take steps to ensure that any third-party service providers who handle your Personal Data comply with the Applicable Laws and protect your Personal Data to the same extent that ENBD does. ENBD will aim to anonymise your Personal Data or use aggregated non-specific data sets where possible. Find below the supporting Schedule with a list of categories of third parties with whom ENBD may share your data.

All sharing of Personal Data with third parties shall be based on the consent from you, unless obliged to do so, to comply with the Applicable laws and other legal and regulatory requirements.

Category of Third Party Description of Service Provided Lawful Basis of Processing
Account Holders

ENBD may share your Personal Data with any joint account holders, guarantors, trustees or beneficiaries assigned by you at the onset or during the course of receiving ENBD products/Services.

Consent
Affiliates

ENBD may share your Personal Data with companies within the Emirates NBD Group who may support us in any of the purposes set out in this Notice to improve and enhance the Customer experience.

Consent
Analytics Providers

ENBD may share your Personal Data with analytics providers that assist us in the optimisation of ENBD website and apps including by measuring the performance of ENBD online campaigns and analysing visitor activity.

Consent
Asset Purchasers

ENBD may share your Personal Data with any third party that purchases, or to which ENBD transfer, all or substantially all of ENBD assets and business. Should such a sale or transfer occur, ENBD will engage best efforts to try to ensure that the entity to which ENBD transfer your Personal Data uses it in a manner that is consistent with this Notice.

Consent
Business Partners

ENBD may share your Personal Data with ENBD business partners, together with whom ENBD provide Services such as hotels, restaurants, airline partners (whose logo may appear on a credit card ENBD provide) and Service providers or agents who provide Services on their behalf.

Business partners may also include any entity (including its professional advisors and authorised representatives), who provide funding to ENBD or members of the ENBD Group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business.

Business Partners may also include any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with ENBD.

Consent
Courts, Regulators, and Government Authorities

ENBD may share your Personal Data with these parties where ENBD believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect ENBD rights or the rights of any third party.

To investigate or address claims or disputes relating to the use of ENBD’s Services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement.

To perform the role of collaborators, where Services require their involvement.

Consent
Credit Information Agencies

ENBD may share your Personal Data with government-authorised Credit Information Agencies and fraud prevention agencies to comply with ENBD’s legal and regulatory obligations.

Consent
Debt Collection Agencies

ENBD may share your Personal Data with any entity used for the recovery or collection of receivables to the bank from delinquent or defaulted Customers.

Consent
Postal Services and Couriers

ENBD may share your Personal Data with any entity used for the purpose of postal and courier services.

Consent
Fund Managers

ENBD may share your Personal Data with fund managers who provide asset management Services to you and any brokers who introduce you to us or deal with us for you.

Consent
Guarantors

ENBD may share your Personal Data with any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with ENBD.

This type of processing is necessary for the fulfilment of our contract with you, for example to enable us to recover any sums we have advanced under our agreement with you.

Consent
Insurance Providers

ENBD may share your Personal Data with insurance providers, including underwriters, brokers and associated parties.

Consent
Intermediaries/Brokers through whom you are our Customers

ENBD may share your Personal Data with third-parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help ENBD to resolve any complaint made by you and/or any dispute between you and ENBD.

This type of processing allows us to ensure that the intermediary or broker is fulfilling the terms of their contract with us and for us to fulfil our legal and regulatory obligations.

Consent
IT Service Providers

System based processing of personal details as part of organisational/ operational requirements. E.g. cloud hosting Services; application development and support Services; IT Infrastructure Services; email Services; communication Services providers, call recording Services. Help maintain the safety, security, and integrity of ENBD Services and Customer.

Consent
Law Enforcement Agencies & Authorities

To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences.

Legal Obligation
Legal/Professional Advisors

The provision of business consulting, audit and legal Services including access to and analysis of Personal Data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice.

Consent
Payment Processing Services

ENBD may share your Personal Data with providers of payment-processing Services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements.

Consent
Representatives

ENBD may share your Personal Data with anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney or Letter of Authorisation.

Consent
Social Media Agencies

ENBD may share your Personal Data with social media companies so they can display messages to you about ENBD products and Services or make sure you do not get irrelevant messages.

Consent
Other Third Parties

Provide, maintain, and improve ENBD Services, including, for example, to facilitate payments, send receipts, provide products and Services you request (and send related information), develop new features, provide User support to Customer, develop safety features, authenticate Customer, and send product updates and administrative messages.

Perform internal administration and operations, including, for example, to prevent fraud and abuse of ENBD Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends.

Send you communications ENBD think will be of interest to you, including information about products, Services, promotions, news, and events of ENBD, where permissible and according to local applicable laws.

Notify you about changes to ENBD terms, Services or policies and other communications that aren’t for the purpose of marketing the Services or products of ENBD or its partners.

Consent

The way ENBD analyses Personal Data relating to ENBD Services may involve profiling or other automated methods to make decisions about you that relate to the following:

  • Credit and affordability checks (including credit limits) - ENBD will consider several factors including information about your income, expenses and how well you have kept up on payments in the past.
  • Various checks from a Compliance standpoint.
  • Monitoring your account for fraud and other financial crime - ENBD will assess your transactions to identify any that are unusual.
  • Assessments required by regulators and appropriate authorities - certain details in your information may suggest that you are likely to become financially vulnerable and ENBD may need to help you.

ENBD needs your Personal Data to provide you with the Services or products requested by you. ENBD also needs to capture expressed consent to be able to process the Personal Data for fulfilling ENBD’s contractual and legal obligations.

If you do not provide us with the requested Personal Data and the consent to process your Personal Data, ENBD may have to decline your request for our Product(s) and/or Service(s), or if ENBD is already providing you with the product(s) and Service(s), ENBD may need to suspend or stop providing you with the product(s) or Service(s), which can lead to closure of your banking relationship with us, subject to compliance with ENBD’s legal obligations to retain data.

It is voluntary for you to provide us your Personal Data or consent for direct sales or marketing purposes.

ENBD makes it clear on the ENBD physical application forms, during your onboarding digitally and on all communications received from the Bank as to what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*). ENBD requests your consent to process such data for direct sales and marketing purposes. It further gives you an option to choose what are the channels through which you desire to be contacted.

You can choose to stop receiving further marketing communications at any time by:

  • Calling ENBD Customer Call Centre on +600 54 0000
  • Sending a text message saying “NOOFFERS” to 4456 to stop receiving messages by email and sms.
  • Sending a text message saying "NOCALLS” to 4456 to stop receiving direct sales calls.
  • Changing ENBD marketing preferences in your ENBD Application account.
  • Visiting emiratesnbd.com/commspreference.

ENBD operates channels, pages and accounts on some social media sites to inform, assist and engage with customers.

ENBD is not responsible for any information posted on those sites other than information Emirates NBD has posted ourselves. ENBD does not endorse the social media sites themselves or any information posted on them by third parties.

ENBD collects Personal Data about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using ENBD cookie preference centre on the ENBD website and app.

  • Technical information, such as your IP address and device ID.
  • Information about your visit, such as your URL and website interaction.
  • Location data, with your approval, used to show you the location of the nearest branch or ATM based on your IP address, coordinates or a unique device code.
  • Networks and connections, when you interact with us and the people and groups that you are connected to (for example, through social media).

ENBD is a global organisation, and your Personal Data may be stored or processed in any country where ENBD has facilities or in which ENBD engages Service providers and subcontractors. ENBD has put in place appropriate safeguards in accordance with applicable legal and data protection requirements to ensure that your data is adequately protected.

You have certain rights in respect of your Personal Data, and ENBD have processes to enable you to exercise these rights. Your rights are as follows:

  • Opt Out/Unsubscribe: You can request to be removed from the ENBD marketing mailing list, from the unsubscribe button in the email itself. We have other channels to request removal as well, such as calling the customer care centre and sending SMS to the designated number communicated to you as part of the marketing content.
  • Right to Access (also known as a ‘Subject Access Request’): You have the right to obtain confirmation on how and why ENBD processes your Personal Data and receive a copy of your Personal Data held by us, where technically feasible.
  • Right to Rectification: You have the right to request for your Personal Data to be amended or rectified where it is inaccurate (for example, if you change your address or mobile number) and to have incomplete Personal Data completed. For rectification with respect to credit information, this shall be carried out by the Bank within 7 complete business days from the date of notification by you.
  • Right to Erasure (also known as 'the Right to be Forgotten'): You have the right to deletion of your Personal Data in the following cases:
    • The Personal Data are no longer necessary in relation to the purposes for which they were collected and processed.
    • Where our lawful basis for processing your information is consent and you then withdraw your consent. However, please note that the lawfulness of any previous processing carried out based on your valid consent earlier shall not be affected.
    • Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by ENBD, you object to our processing, and ENBD do not have overriding legitimate grounds.
    • You object to our processing for direct marketing purposes and advanced analytics.
    • Your Personal Data has been unlawfully processed.
    • Your Personal Data must be erased to comply with a legal obligation to which ENBD is subject.
  • Right to Object and/or Restrict: You have the right to object and/or restrict to our processing of your Personal Data in the following cases:
    • Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us.
    • Our processing for direct marketing purposes and advanced analytics.
  • Right to Data Portability: You have the right to request for your personal information to be prepared and arranged and sent to another organisation (or ask us to do so if technically feasible).
  • Right to Withdraw Consent: Where ENBD process Personal Data based on consent, individuals have a right to withdraw their consent at any time. To do so, please use the contact details below in the “How to Contact Us” section.
  • Right to Lodge a Complaint with a Supervisory Authority: ENBD sincerely hope that you will never need to, but if you do want to complain about our use of Personal Data, please use the contact details set out below.

CBUAE (as under the CPR and CPS)

Telephone: 800 (CBUAE)22823

Website: CBUAE | Filing a Banking-Related Complaint (centralbank.ae)

 

Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where ENBD is required or permitted by law or technical infeasibility to do so. ENBD will always be clear and communicate this to you if these instances arise.

Also note, for the purpose of upholding the security, confidentiality, and integrity of your Personal Data, ENBD may verify your identity before allowing you to access your Personal Data.

The Security of your Personal Data is important to us. We make every effort to ensure that your Personal Data is secure on our system. ENBD maintains physical, technical, and organisational safeguards to secure your personal data from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Moreover, access to your personal data is limited to those employees, agents, contractors, other third parties, etc. who have a responsibility towards your personal data and only on a need-to-know basis. The aforementioned will only process your personal data on ENBD’s instructions, and they are subject to a duty of confidentiality.

Additional safeguards that Emirates NBD use to safeguard your personal data include:

  • Applying physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.
  • Protecting the security of your personal data during transmission by using encryption protocols and software.
  • Utilising computer safeguards such as firewalls, antivirus and other security technologies to keep the personal data secure.
  • Regularly monitoring Emirates NBD systems for possible vulnerabilities and attacks and carrying out penetration testing to identify ways to further strengthen our security.

ENBD evaluates these measures on a regular basis to ensure the security of the processing.

Your ENBD profile is password-protected so that only you and authorised ENBD employees have access to your account information. While we at Emirates NBD, will do our best to ensure the security and protection of your personal data, the security of your personal data will depend in part on the security of the device that you use to communicate with us, and the security measures you use to protect your personal information, user ID and passwords.

To ensure that your personal data is kept safe at all times, we urge you to take appropriate measures to protect your personal information, user ID and passwords, and any other information that is necessary to use our channels.

If you have any further questions on this issue, refer to the ENBD General Terms of Conditions

Please contact the ENBD Customer Service Helpdesk on 600 540000, or reach out to us at customersupport@EmiratesNBD.com, in case you receive fraudulent emails or require any assistance with regards to our online banking Services.

Whilst ENBD takes measures to secure your Personal Data, risks to data security do exist, and there is always a possibility of unauthorised use, disclosure, modification and/or destruction of your Personal Data. In the event of a Personal Data Breach, ENBD will notify you, without delay, about it and its likely consequences, measures taken by us to mitigate the increased risk and avenues available to you to mitigate the risk as a result of the Personal Data Breach.

For reporting Personal Data Breaches or further information on how ENBD responds to and handle Personal Data Breaches, please contact us at DPO@EmiratesNBD.com.

The ENBD website and apps may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own Data Privacy Notices. Please check these Notices before you submit any Personal Data to these websites. ENBD is not responsible for the Data Privacy Notices, content of such sites or any Personal Data collected by such sites.

ENBD has appointed a Data Protection Officer ("DPO") to oversee compliance with this Notice. The DPO can be contacted on DPO@EmiratesNBD.com.

ENBD will keep your Personal Data for as long as ENBD has a relationship with you and for meeting our legal, accounting, or reporting requirements. Once the ENBD relationship with you has come to an end, ENBD will retain your Personal Data for a period that enables us to:

  • Maintain business records for analysis and/or audit purposes.
  • Comply with record retention requirements under the law.
  • Defend or bring any existing or potential legal claims.

ENBD will delete/store with limited access and appropriate safeguards your Personal Data when it is no longer required for these purposes.

In some circumstances you can ask us to delete your data. For further information, please see the "What are your Rights" section.

If you have questions or concerns regarding the way in which your Personal Data is being used, please contact the ENBD Data Privacy Office by emailing DPO@EmiratesNBD.com.

If you would like to lodge a complaint to your local supervisory authority, please get in touch and ENBD will provide you with instructions and contact details to your local supervisory authority.

ENBD is committed to working with you to obtain a fair resolution to any complaint or concern you may have. If, however, you believe that ENBD have not been able to assist with your complaint or concern you have the right to make a complaint to the competent data protection authority.

ENBD may occasionally update this notice. ENBD encourages Customers to periodically review this Notice for the latest information on the ENBD data privacy practices.

Term Definition
Anonymisation Means the process of removing direct personal identifiers that may lead to an individual being identified or re-identifiable.
Anonymous Data Means any information relating to a natural person where the person cannot be identified whether by the Data Controller or by any other person, taking account of all the means reasonably likely to be used either by the Data Controller or by any person to identify that individual.
Applicable Law(s) Means all Applicable Law(s) relating to the Processing of Personal Data, in each case which are in force at the date on which this policy is updated in the UAE including the CBUAE Consumer Protection Regulation and accompanying Standards as amended, as well as the CBUAE Outsourcing Regulations and accompanying Standards.
Authority(ies) Means legal, supervisory, regulatory, governmental, and quasi-governmental bodies including the Central Bank of United Arab Emirates (“CBUAE”), the Securities and Commodities Authority (“SCA”), fraud prevention agencies, etc.
Automated Processing Means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human.
Biometric Data Means Personal Data resulting from specific technical processing relating to the physical, physiological and behavioural characteristics of the Data Subject, which allow the identification or confirm the unique identification of the Data Subject, such as facial recognition images or fingerprint data.
Consent Means the Consent by which the Data Subject authorises ENBD or third parties to process their Personal Data, provided that such Consent is freely given, informed, clear, specific, and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of their Personal Data.
Consumer Protection Regulation and accompanying Standards or CPR and CPS Means the CBUAE Consumer Protection Regulation (“CPR”) (CBUAE Notice No. 444/2021), and accompanying Consumer Protection Standards (“CPS”) (CBUAE Notice No. 1158/2021) that apply to all Licensed Financial Institutions (“LFIs”) licensed by the CBUAE in relation to their activities specified in Article 65 of the Decretal Law No. 14 of 2018.
Consumer(s)/Customer(s) Means a Customer for the purpose of CBUAE Consumer Protection Regulation and the accompanying Standards. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain Services and/or products from ENBD, with or without charge, to satisfy their personal need or others’ needs. A Customer hence includes a Prospective Customer.
Data Breach(es) Means, as per the UAE Data Protection Law (Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data), a breach of information security and Personal Data through unauthorised or unlawful access thereto, including replication, transmission, distribution, exchange, transfer, communication, or Processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed.
Data Controller(s) Means a person or organisation who (alone or with others) determines the purposes and the way any Personal Data are or are to be processed.
Data Processor Means a person or organisation that holds or processes Personal Data on the instructions of the Data Controller, but does not exercise responsibility for, or control over the Personal Data.
Data Protection Officer (DPO) Means any natural or legal person appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures, and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof.
Data Protection Regulator Means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law(s).
Data Subject(s) Means the Consumer to whom the Personal Data relates to.
Data Subject Right(s) Means the set of rights afforded to individuals, as per Applicable Data Protection Law(s), who request information about the Personal Data collected or stored by ENBD and to exert choice or control over how that data is used by ENBD in accordance with Applicable Data Protection Law(s).
Data Transfer(s) Means any movement of data between or within jurisdictions from one party to the other.
Destruction of Personal Data Means Personal Data no longer exists.
ENBD Means Emirates NBD Bank PJSC and any of its branches, subsidiaries, affiliates and authorised agents.
Encryption Means the process of encoding information stored on a device and can add a further layer of security. It is considered an essential security measure where Personal Data is stored on a portable device or transmitted over a public network.
Know Your Customer or KYC Means the mandatory identification and verification of the identity of customers in accordance with Cabinet Resolution no. 58 of 2020 regulating the Beneficial Owner Procedures (the UBO Resolution). Financial Institutions are obliged to identify customers, including the Beneficial Owners, beneficiaries, and controlling persons, whether permanent or walk-in, and whether a natural or legal person or Legal Arrangement, and to verify their identity using documents, data or information obtained from reliable and independent sources.
Lawful Basis Means the legal basis of Processing Personal Data.
Loss of Personal Data Means that the Controller has lost control or access to the Personal Data.
Notice Notice refers to this document, i.e., the ENBD Data Privacy Notice.
Outsourcing Regulations and Standards Means the CBUAE Outsourcing Regulations and Standards (Notice No. 2909/2021).
Personal Data Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an identification number or to one or more factors specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity. Personal Data includes Special/Sensitive Personal Data and Biometric Data.
Processing Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Processor(s) Means an establishment or a natural person who processes Personal Data on behalf of the Controller and under his supervision and instructions.
Profiling Means a form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to the Data Subject.
Pseudonymisation Means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
Services Means all Banking products and services such as account management including financing, card management, etc., provided through all ENBD channels such as application, websites, branches, call centers, Automated Teller Machines, Cash Deposit Machines, Interactive Teller Machines, etc.
Staff Means full time employees and contractors of ENBD.
Supervisory Authority

Means the local data protection regulators who are responsible for overseeing data protection compliance within a given jurisdiction.

Such regulators are responsible for the following:

  • Monitoring and enforcing data protection compliance
  • Prepare key guidance documents
  • Proposing and approving codes of practice
  • Investigate complaints made by data subjects
  • Preparing guidance

The UAE Supervisory Authority as under the PDPL is the Data Office and the CBUAE as under the CPR and CPS.

UAE Data Office Means the UAE Data Office established by virtue of Federal Decree-Law No. 45 of 2021. The Dat Office will act as the federal data regulator in the UAE.
UAE Means the United Arab Emirates.

Update on May 10, 2024

Thank you for your feedback!

How was your experience?

We'd love to know.

1 = Poor, 10 = Excellent