Data Privacy Notice

INTRODUCTION

Branch of Emirates NBD Bank – KSA, (referred to as “we”, “us”, “our” or “ENBD KSA” in this Data Privacy Notice) primarily refers to all the Personal Data that is collected and used about ENBD KSA Customers for the purposes of the Personal Data Protection Law. Branch of Emirates NBD Bank – KSA is part of the Emirates NBD Group.

ENBD KSA is registered in Kingdom of Saudi Arabia with a commercial registration number 1010191741 dated 12/10/1424H – unified number 7001460414, tax registration number 300000609300003, having its registered national address at Building number 8152 King Fahad Road, Al Muhammadiyah District Unit 1 - Riyadh 12363-4380, Kingdom of Saudi Arabia, with Telephone number +966 11 282 5555, Website: www.emiratesnbd.com.sa, Licensed, Regulated and Supervised by the Saudi Central Bank by virtue of License number 1/150 dated 23/1/1423 H.

This Data Privacy Notice describes the Personal Data ENBD KSA collect, how it is used and shared, and your choices regarding this data. ENBD KSA is the Data Controller for the Personal Data collected in connection with the use of ENBD KSA Services.

SCOPE

This Data Privacy Notice applies to all Customers of ENBD KSA Services, including Customers of ENBD KSA's mobile application, websites, and other banking Services (collectively, the “Services”) and through other interactions and communications you may have with us. This Notice specifically applies to:

Customers.
Prospective Customer.
Users of the ENBD applications.
This notice also governs ENBD KSA’s other collection of Personal Data in connection with its Services.

ENBD KSA are committed to providing you with exceptional banking Services and want you to have confidence in the way ENBD KSA use your Personal Data. Emirates NBD is committed to protecting your privacy and your Personal Data.

Further this Notice explains the various measures ENBD KSA have in place to protect the security of your Personal Data and minimise the potential for its unauthorised use, disclosure, and destruction.

YOUR DATA PRIVACY JOURNEY WITH US

ENBD KSA may act as a ‘Data Controller’ or a ‘Data Processor' in relation to your Personal Data.

What is a Data Controller? ENBD KSA will act as a Data Controller when processing your Personal Data. A Data Controller is an entity who solely, or jointly with others, determines the purposes (“why”) and means (“how”) of Personal Data Processing. In most cases, ENBD KSA will act as the Data Controller when Processing your Personal Data – this means ENBD KSA will decide on how to collect, process, and use Personal Data in this role.

What is a Data Processor? ENBD KSA will act as a Data Processor when Processing your Personal Data on behalf of another Emirates NBD Group entity. In these cases, ENBD KSA will perform the Processing of the Personal Data under the specific instructions from the ENBD KSA Group entity acting as the Controller.

If you have any questions about how ENBD use your Personal Data, you can contact us by using the “Contact Us” information at the end of this Notice.

CONFIDENTIALITY OF PERSONAL DATA

When ENBD KSA collects Personal Data, ENBD KSA provides a safe, secure, and confidential environment in all our delivery Channels to ensure that your Personal Data remains private and used for the purposes for which it is obtained and held.

ENBD KSA has a legal obligation to keep your data confidential, however, ENBD KSA may disclose your data to a third party where:

ENBD KSA is legally obliged to do so. In circumstances where the disclosure of your data is imposed by a legal and/or regulatory authority, including but not limited to courts.
In circumstances where the disclosure is made with your express consent or through a representative nominated by you.
Any other reasons stipulated by the KSA Data Protection Law.

UNDERSTANDING PERSONAL DATA AND PROCESSING

Personal Data and Processing have very specific meanings under KSA Applicable Laws. It is important that you understand these terms.

What is Personal Data?

Personal Data as per the Applicable Laws means, any data which relates to a living individual who can be identified directly or indirectly from that data. The definition includes a wide range of personal identifiers that constitute Personal Data, including but not limited to:

Identification information (e.g., name, date of birth, government-issued ID).
Contact information (e.g., address, email address, phone number).
Financial information (e.g., account numbers, transaction history, credit score reports).
Employment information (e.g., occupation, employer).
Demographic information (e.g., gender, marital status).

What is Processing?

Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing, and destroying data.

PERSONAL DATA ENBD KSA COLLECTS ABOUT YOU

Personal Data That You Provide To Us

ENBD KSA collects Personal Data directly from you as our Customer or Prospective Customer. ENBD KSA collects information you provide directly to us through your access or use of ENBD KSA Products and Services. For example, when you apply for a product or Service on our website(s), by telephone or when you enter an ENBD KSA premises and share/provide Personal Data with one of ENBD KSA’s employees.

Personal Data ENBD KSA Collects About You From Other Sources

ENBD KSA may collect Personal Data about you from other sources such as, but not limited to the following:

Beneficiaries of your payment transactions.
Co-borrowers / guarantors.
Credit Bureaus or credit reporting agencies.
Criminal records check from organisations authorised to provide this data.
Digital identity solutions.
Government databases.
Joint Account Holder.
Law enforcement officials.
Legal representatives (power of attorney) of a client.
Nominated contact person by an existing account holder.
Other Emirates NBD Group entities, including their Branches, Subsidiaries, etc.
People appointed to act on your behalf.
Publicly available sources.
Regulatory bodies such as SAMA.
Reference contacts provided in the application form by you.
Representative(s) of a corporate client.
Third party providers and partners to help us improve the Personal Data ENBD KSA hold and to provide more relevant and interesting products and Services to you.
Your employer.

Personal Data ENBD KSA May Collect About Other Individuals

In certain circumstances, ENBD KSA may be provided Personal Data from you about individuals who do not have a direct relationship with us. This may happen, for instance, when you provide us with Personal Data about:

Beneficiaries of your payment transactions.
Co-borrowers / guarantors.
Employers of ENBD KSA Customers.
Form by an ENBD KSA Prospective Customer.
Landlords.
Legal representatives (power of attorney) of a client.
Next of Kin.
Reference contacts provided in the application Representative(s) of a corporate client.
Shareholder(s)/Director(s) of a corporate client.
Spouses.
Successors and right holders.
Ultimate beneficial owners.

USE OF YOUR PESONAL DATA

Personal Data includes information that ENBD KSA collect and process about you depending on the products or Services you obtain or receive.

The below is a non-exhaustive list which highlights some, but not all, examples of categories of Personal Data ENBD KSA collect about you:

Category	Description	Example	Lawful Basis
Account Management	Used to administer your account with ENBD KSA. Used to identify you when you sign-in to your account. Used to provide you with Services, and to fulfil your requests for certain products and Services.	To enable ENBD KSA to process your data for the sole purpose of administering your relationship with the Bank.	Performance of a Contract
Account Opening	Used for the setup and management of Customer accounts, including meeting the regulatory requirements such as KYC (Know Your Customer) process.	To enable Customers to create an Account, log in to your instance on the ENBD KSA App, or verify their credentials.	Performance of a Contract
Analytics	Used to collect data about how Customers use the ENBD KSA App or how it performs. Used to understand how you use and interact with our Services and the people or things you’re connected to and interested in.	To see how many Customers are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements.	Consent
App Functionality	Used for Features that are Available in the App. Used to improve the design and functionality of ENBD KSA channels for a better Customer experience.	To enable app features, or to authenticate Customer.	Legitimate Interest
Decline Onboarding	If your application is declined, ENBD KSA will store your Personal Data in accordance with the ENBD KSA record retention procedures and to comply with ENBD KSA legal and regulatory obligations.	To keep track of the reasons for the declining of Onboarding to be used as reference, if and when the Customer approaches the Bank again.	Legitimate Interest
Developer Communications	Used to send news or notifications about the app or the developer.	Sending a push notification to inform Customers about an important security update.	Performance of a Contract Legitimate Interest
Financial Mediations / Debt Recovery	Used to authorise debt Service partners to carry out collection activities on ENBD KSA behalf. Used to recover debt and exercise other rights ENBD KSA have under any agreement with ENBD KSA Customers as well as to protect ENBD KSA against harm to ENBD KSA rights and interests in property	Partners of ENBD KSA engage with Customers who have defaulted, to settle their liabilities with ENBD KSA.	Performance of a Contract Legitimate Interest
Fraud Prevention, Security and Compliance	Used for fraud prevention, security, or compliance with laws. Used to prevent and detect fraud, money laundering and other crimes such as identity theft.	Monitoring failed login attempts, geolocations, device information (e.g., model number, OS information), IP address, etc., to identify possible fraudulent activity.	Legal Obligation Legitimate Interest
General Correspondence	Personal Data you give to us by filling in any of ENBD KSA forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.	To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning ENBD KSA website or apps.	Performance of a Contract
Personalised Commercial and Promotional Communications (Marketing)	To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and Services than the ones previously contracted or acquired from ENBD KSA. This also includes for the purpose of conducting market research and accompanying statistical analysis to better understand our Customer base and the markets in which we operate.	ENBD KSA sends Customers a promotional email or SMS relating to a Product or Service on offer.	Consent
Regulatory Requests	To handle requests and instructions from regulators, law enforcement Agencies, etc. that require specific information about individuals.	To meet the legal and regulatory obligations ENBD KSA has, as a Licenced Financial Institution, governed by SAMA.	Legal Obligation
Satisfaction Surveys	To contact you for your opinions about ENBD KSA Services including through surveys and other market research.	Sending Customer satisfaction surveys.	Consent
Service Communications	Used to keep Customers informed of the products and Services they are availing of. Used to tell you about important updates and changes to ENBD KSA channels, including to ENBD KSA Notice and other Policies and Terms.	Sending Customers reminders to update their Personal Data in the App such as their mobile number and home address.	Performance of a Contract
Video Protection (CCTV)	Used at ENBD KSA premises and ATMs for security purposes.	To protect ENBD KSA Customers, employees, visitors, and its premises.	Legitimate Interest

ENBD KSA, will only process Health, Credit Data or carry out Automated processing where it has obtained your explicit consent.

There may also be circumstances whereby ENBD KSA may need to process your Personal Data to serve your actual interest. In these circumstances, ENBD KSA will retain evidence that such interests exist and that it is not possible to contact or communicate with you.

DISCLOSURE OF YOUR PERSONAL DATA BY US

ENBD KSA only discloses your Personal Data outside of ENBD KSA in limited circumstances. If ENBD KSA does share the Personal Data outside of ENBD KSA, we will put in place appropriate controls and data sharing/processing agreements that require recipients to protect your Personal Data, unless ENBD KSA is legally required to share that Personal Data as set out in article (4) CONFIDENTIALITY OF PERSONAL DATA. All contractors or recipients that work for ENBD KSA will be obliged to follow ENBD KSA instructions. ENBD KSA does not sell your Personal Data to third parties.

ENBD KSA may disclose your Personal Data to ENBD KSA third-party Service providers, agents, and subcontractors (Suppliers) for the purposes of providing Services to us or directly to you on ENBD KSA’s behalf.

When ENBD KSA uses Suppliers, ENBD KSA only discloses to them the Personal Data that is necessary to provide their Services and only where ENBD KSA has a contract in place which requires them to keep your Personal Data secure and not to use it other than in accordance with ENBD KSA’s specific instructions.

ENBD KSA take steps to ensure that any third-party service providers who handle your Personal Data comply with the Applicable Laws and protect your Personal Data to the same extent that ENBD KSA does. ENBD KSA will aim to anonymise your Personal Data or use aggregated non-specific data sets where possible. Find below the supporting Schedule with a list of categories of third parties with whom ENBD KSA may share your data.

Category of Third Party	Description of Service Provided	Lawful Basis of Processing
Account Holders	ENBD KSA may share your Personal Data with any joint account holders, guarantors, trustees, or beneficiaries assigned by you at the onset or during the course of receiving ENBD KSA products/Services.	Consent
Affiliates	ENBD KSA may share your Personal Data with companies within the Emirates NBD Group who may support us in any of the purposes set out in this Data Privacy Notice to improve and enhance the Customer experience.	Legitimate Interest Legal Obligation
Analytics Providers	ENBD KSA may share your Personal Data with analytics providers that assist us in the optimisation of ENBD KSA website and apps including by measuring the performance of ENBD KSA online campaigns and analysing visitor activity.	Consent
Asset Custodian	ENBD KSA may share your Personal Data with the custodian service providers upon their request.	Consent
Asset Purchasers	ENBD KSA may share your Personal Data with any third party that purchases, or to which ENBD KSA transfer, all or substantially all of ENBD KSA assets and business. Should such a sale or transfer occur, ENBD KSA will engage best efforts to try to ensure that the entity to which ENBD KSA transfer your Personal Data uses it in a manner that is consistent with this Data Privacy Notice.	Legitimate Interest
Business Partners	ENBD KSA may share your Personal Data with ENBD KSA business partners, together with whom ENBD KSA provide Services such as hotels, restaurants, airline partners (whose logo may appear on a credit card ENBD KSA provide) and Service providers or agents who provide Services on their behalf. Business partners may also include any entity (including its professional advisors and authorised representatives), who provide funding to ENBD KSA or members of Emirates NBD Group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business. Business Partners may also include any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with ENBD KSA.	Consent
Courts, Regulators, and Government Authorities	ENBD KSA may share your Personal Data with these parties where ENBD KSA believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect ENBD KSA rights or the rights of any third party. To investigate or address claims or disputes relating to the use of ENBD KSA’s Services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement. To perform the role of collaborators, where Services require their involvement.	Legal Obligation
Credit Information Agencies	ENBD KSA may share your Personal Data with government-authorised Credit Information Agencies and fraud prevention agencies to comply with ENBD KSA’s legal and regulatory obligations.	Legal Obligation
Debt Collection Agencies	ENBD KSA may share your Personal Data with any entity used for the recovery or collection of receivables to the bank from delinquent or defaulted Customers.	Legitimate Interest
Fund Managers	ENBD KSA may share your Personal Data with fund managers who provide asset management Services to you and any brokers who introduce you to us or deal with us for you.	Legitimate Interest
Guarantors	ENBD KSA may share your Personal Data with any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with ENBD KSA. This type of processing is necessary for the fulfilment of our contract with you, for example to enable us to recover any sums we have advanced under our agreement with you.	Legitimate Interest
Insurance Providers	ENBD KSA may share your Personal Data with insurance providers, including underwriters, brokers, and associated parties.	Legal Obligation Legitimate Interest
Intermediaries/Brokers through whom you are our Customers	ENBD KSA may share your Personal Data with third-parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help ENBD KSA to resolve any complaint made by you and/or any dispute between you and ENBD KSA. This type of processing allows us to ensure that the intermediary or broker is fulfilling the terms of their contract with us and for us to fulfil our legal and regulatory obligations.	Legitimate Interest
IT Service Providers	System based processing of personal details as part of organisational/ operational requirements. e.g. cloud hosting Services; application development and support Services; IT Infrastructure Services; communication service providers, email Services; call recording Services. Help maintain the safety, security, and integrity of ENBD KSA Services and Customer.	Legitimate Interest
Law Enforcement Agencies & Authorities	To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences.	Legal Obligation
Legal/Professional Advisors	The provision of business consulting, audit and legal Services including access to and analysis of Personal Data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice.	Legitimate Interest
Other Uses	Provide, maintain, and improve ENBD KSA Services, including, for example, to facilitate payments, send receipts, provide products and Services you request (and send related information), develop new features, provide User support to Customer, develop safety features, authenticate Customer, and send product updates and administrative messages. Perform internal administration and operations, including, for example, to prevent fraud and abuse of ENBD KSA Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends. Send you communications ENBD KSA think will be of interest to you, including information about products, Services, promotions, news, and events of ENBD KSA, where permissible and according to local applicable laws. Notify you about changes to ENBD KSA terms, Services or policies and other communications that aren’t for the purpose of marketing the Services or products of ENBD KSA or its partners.	Legitimate Interest Consent
Payment Processing Services	ENBD KSA may share your Personal Data with providers of payment-processing Services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements.	Consent Legal Obligation
Postal Services and Couriers	ENBD KSA may share your Personal Data with any entity used for the purpose of postal and courier services.	Legitimate Interest
Representatives	ENBD KSA may share your Personal Data with anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney or Letter of Authorisation.	Consent
Social Media Agencies	ENBD KSA may share your Personal Data with social media companies so they can display messages to you about ENBD KSA products and Services or make sure you do not get irrelevant messages.	Consent

We may disclose your Personal Data in accordance with KSA PDPL in the following cases:

You consent to the disclosure.
Your Personal Data has been collected from a publicly available source.
The entity requesting disclosure is a public entity, and the collection or processing of your Personal Data is required for public interest or security purposes, or to implement another Law, or to fulfil judicial requirements.
The disclosure is necessary to protect public health, public safety, or to protect the lives or health of specific individuals.
The disclosure will only involve subsequent processing in a form that makes it impossible to directly or indirectly identify you.
The disclosure is necessary to achieve our legitimate interests (in this case no Sensitive Data (e.g. Health Data, Credit Data) will be processed).

PROCESSING FOR ANOTHER PURPOSE

Where ENBD KSA collects Personal Data from a source other than the Data Subject and processes Personal Data for purposes other than the ones for which they have been collected, it shall only do so where:

It has obtained your consent.
The Personal Data is publicly available or was collected from a publicly available source.
We are not collecting or processing of personal data may harm you or affect your vital interests.
Personal data collection or processing is necessary to protect public health, public safety, or to protect the life or health of specific individuals.
The Personal Data is not to be recorded or stored in a form that makes it possible to identify you directly or indirectly.
Where processing is necessary for the purpose of legitimate interest of ENBD KSA, provided that no sensitive data is to be processed.

CHILDREN’S DATA

ENBD KSA websites, mobile, apps and any other digital means are intended for use only by persons who are at least 18 years of age and above and people of determination. If you are under the age of 18, your parent or guardian must consent on your behalf where ENBD KSA asks for consent in relation to the use of your Personal Data.

LEGAL GUARDIAN

In case ENBD KSA processes Personal Data of an individual that lacks full or partial legal capacity, obtaining the consent of the legal guardian shall be conditioned upon taking appropriate measure to verify guardianship validity over the individual.

AUTOMATED PROCESSING

The way ENBD KSA analyses Personal Data relating to ENBD KSA Services may involve profiling or other automated methods to make decisions about you that relate to the following:

Credit and affordability checks (including credit limits) – ENBD KSA will consider several factors including information about your income, expenses and how well you have kept up on payments in the past.
Anti-money laundering, combatting the financing of terrorism, sanctions checks, KYC validations (including through national identity systems) and screening ‘politically exposed’ people.
Monitoring your account for fraud and other financial crime – ENBD KSA will assess your transactions to identify any that are unusual.
Assessments required by regulators and appropriate authorities – certain details in your information may suggest that you are likely to become financially vulnerable and ENBD KSA may need to help you.
Identifying customers for specific campaigns and offers.

You may have a right to certain information about how ENBD KSA make these decisions. You may also have a right to request human intervention in case it pertains to a fully automated process and to challenge the decision. Refer the “How to Contact Us” section for further details on reaching out to us with your request.

OFFICIAL COPIES

ENBD KSA shall not copy official documents where you are identifiable, except where it is required by law, or when ENBD KSA is requested by a competent public authority or regulator, such as the Saudi Central Bank (SAMA), to copy such documents pursuant to the applicable laws and regulations. ENBD KSA shall also provide the necessary protection for such documents and destroy them once the purpose for which they were obtained has ended unless there is a legal requirement to keep them.

IS IT OBLIGATORY OR VOLUNTARY FOR ME TO PROVIDE MY PERSONAL DATA?

ENBD KSA requires your Personal Data to offer you the Services or products you're interested in. We also need your explicit consent to process your Personal Data, as it helps us fulfil our contractual and legal obligations.

If you choose not to provide us with the requested Personal Data, it may affect our ability to fulfil your request, and ENBD KSA may have to decline your request for our Product(s) and/or Service(s), in case you're already receiving our products and services, not providing the required data may result in the temporary suspension or discontinuation of those offerings. However, please note that we'll always ensure compliance with our legal obligations regarding data retention.

UNDERSTANDING PERSONAL DATA AND PROCESSING

Personal Data and Processing have very specific meanings under KSA Applicable Laws. It is important that you understand these terms.

What is Personal Data?

Identification information (e.g., name, date of birth, government-issued ID).
Contact information (e.g., address, email address, phone number).
Financial information (e.g., account numbers, transaction history, credit score reports).
Employment information (e.g., occupation, employer).
Demographic information (e.g., gender, marital status).

What is Processing?

PERSONAL DATA ENBD KSA COLLECTS ABOUT YOU

Personal Data That You Provide To Us

Personal Data ENBD KSA Collects About You From Other Sources

ENBD KSA may collect Personal Data about you from other sources such as, but not limited to the following:

Beneficiaries of your payment transactions.
Co-borrowers / guarantors.
Credit Bureaus or credit reporting agencies.
Criminal records check from organisations authorised to provide this data.
Digital identity solutions.
Government databases.
Joint Account Holder.
Law enforcement officials.
Legal representatives (power of attorney) of a client.
Nominated contact person by an existing account holder.
Other Emirates NBD Group entities, including their Branches, Subsidiaries, etc.
People appointed to act on your behalf.
Publicly available sources.
Regulatory bodies such as SAMA.
Reference contacts provided in the application form by you.
Representative(s) of a corporate client.
Third party providers and partners to help us improve the Personal Data ENBD KSA hold and to provide more relevant and interesting products and Services to you.
Your employer.

Personal Data ENBD KSA May Collect About Other Individuals

Beneficiaries of your payment transactions.
Co-borrowers / guarantors.
Employers of ENBD KSA Customers.
Form by an ENBD KSA Prospective Customer.
Landlords.
Legal representatives (power of attorney) of a client.
Next of Kin.
Reference contacts provided in the application Representative(s) of a corporate client.
Shareholder(s)/Director(s) of a corporate client.
Spouses.
Successors and right holders.
Ultimate beneficial owners.

USE OF YOUR PESONAL DATA

Personal Data includes information that ENBD KSA collect and process about you depending on the products or Services you obtain or receive.

The below is a non-exhaustive list which highlights some, but not all, examples of categories of Personal Data ENBD KSA collect about you:

Category	Description	Example	Lawful Basis
Account Management	Used to administer your account with ENBD KSA. Used to identify you when you sign-in to your account. Used to provide you with Services, and to fulfil your requests for certain products and Services.	To enable ENBD KSA to process your data for the sole purpose of administering your relationship with the Bank.	Performance of a Contract
Account Opening	Used for the setup and management of Customer accounts, including meeting the regulatory requirements such as KYC (Know Your Customer) process.	To enable Customers to create an Account, log in to your instance on the ENBD KSA App, or verify their credentials.	Performance of a Contract
Analytics	Used to collect data about how Customers use the ENBD KSA App or how it performs. Used to understand how you use and interact with our Services and the people or things you’re connected to and interested in.	To see how many Customers are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements.	Consent
App Functionality	Used for Features that are Available in the App. Used to improve the design and functionality of ENBD KSA channels for a better Customer experience.	To enable app features, or to authenticate Customer.	Legitimate Interest
Decline Onboarding	If your application is declined, ENBD KSA will store your Personal Data in accordance with the ENBD KSA record retention procedures and to comply with ENBD KSA legal and regulatory obligations.	To keep track of the reasons for the declining of Onboarding to be used as reference, if and when the Customer approaches the Bank again.	Legitimate Interest
Developer Communications	Used to send news or notifications about the app or the developer.	Sending a push notification to inform Customers about an important security update.	Performance of a Contract Legitimate Interest
Financial Mediations / Debt Recovery	Used to authorise debt Service partners to carry out collection activities on ENBD KSA behalf. Used to recover debt and exercise other rights ENBD KSA have under any agreement with ENBD KSA Customers as well as to protect ENBD KSA against harm to ENBD KSA rights and interests in property	Partners of ENBD KSA engage with Customers who have defaulted, to settle their liabilities with ENBD KSA.	Performance of a Contract Legitimate Interest
Fraud Prevention, Security and Compliance	Used for fraud prevention, security, or compliance with laws. Used to prevent and detect fraud, money laundering and other crimes such as identity theft.	Monitoring failed login attempts, geolocations, device information (e.g., model number, OS information), IP address, etc., to identify possible fraudulent activity.	Legal Obligation Legitimate Interest
General Correspondence	Personal Data you give to us by filling in any of ENBD KSA forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.	To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning ENBD KSA website or apps.	Performance of a Contract
Personalised Commercial and Promotional Communications (Marketing)	To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and Services than the ones previously contracted or acquired from ENBD KSA. This also includes for the purpose of conducting market research and accompanying statistical analysis to better understand our Customer base and the markets in which we operate.	ENBD KSA sends Customers a promotional email or SMS relating to a Product or Service on offer.	Consent
Regulatory Requests	To handle requests and instructions from regulators, law enforcement Agencies, etc. that require specific information about individuals.	To meet the legal and regulatory obligations ENBD KSA has, as a Licenced Financial Institution, governed by SAMA.	Legal Obligation
Satisfaction Surveys	To contact you for your opinions about ENBD KSA Services including through surveys and other market research.	Sending Customer satisfaction surveys.	Consent
Service Communications	Used to keep Customers informed of the products and Services they are availing of. Used to tell you about important updates and changes to ENBD KSA channels, including to ENBD KSA Notice and other Policies and Terms.	Sending Customers reminders to update their Personal Data in the App such as their mobile number and home address.	Performance of a Contract
Video Protection (CCTV)	Used at ENBD KSA premises and ATMs for security purposes.	To protect ENBD KSA Customers, employees, visitors, and its premises.	Legitimate Interest

ENBD KSA, will only process Health, Credit Data or carry out Automated processing where it has obtained your explicit consent.

DISCLOSURE OF YOUR PERSONAL DATA BY US

Category of Third Party	Description of Service Provided	Lawful Basis of Processing
Account Holders	ENBD KSA may share your Personal Data with any joint account holders, guarantors, trustees, or beneficiaries assigned by you at the onset or during the course of receiving ENBD KSA products/Services.	Consent
Affiliates	ENBD KSA may share your Personal Data with companies within the Emirates NBD Group who may support us in any of the purposes set out in this Data Privacy Notice to improve and enhance the Customer experience.	Legitimate Interest Legal Obligation
Analytics Providers	ENBD KSA may share your Personal Data with analytics providers that assist us in the optimisation of ENBD KSA website and apps including by measuring the performance of ENBD KSA online campaigns and analysing visitor activity.	Consent
Asset Custodian	ENBD KSA may share your Personal Data with the custodian service providers upon their request.	Consent
Asset Purchasers	ENBD KSA may share your Personal Data with any third party that purchases, or to which ENBD KSA transfer, all or substantially all of ENBD KSA assets and business. Should such a sale or transfer occur, ENBD KSA will engage best efforts to try to ensure that the entity to which ENBD KSA transfer your Personal Data uses it in a manner that is consistent with this Data Privacy Notice.	Legitimate Interest
Business Partners	ENBD KSA may share your Personal Data with ENBD KSA business partners, together with whom ENBD KSA provide Services such as hotels, restaurants, airline partners (whose logo may appear on a credit card ENBD KSA provide) and Service providers or agents who provide Services on their behalf. Business partners may also include any entity (including its professional advisors and authorised representatives), who provide funding to ENBD KSA or members of Emirates NBD Group, any entity that provides us with debt or equity finance and any potential purchasers of any part of our business. Business Partners may also include any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with ENBD KSA.	Consent
Courts, Regulators, and Government Authorities	ENBD KSA may share your Personal Data with these parties where ENBD KSA believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect ENBD KSA rights or the rights of any third party. To investigate or address claims or disputes relating to the use of ENBD KSA’s Services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement. To perform the role of collaborators, where Services require their involvement.	Legal Obligation
Credit Information Agencies	ENBD KSA may share your Personal Data with government-authorised Credit Information Agencies and fraud prevention agencies to comply with ENBD KSA’s legal and regulatory obligations.	Legal Obligation
Debt Collection Agencies	ENBD KSA may share your Personal Data with any entity used for the recovery or collection of receivables to the bank from delinquent or defaulted Customers.	Legitimate Interest
Fund Managers	ENBD KSA may share your Personal Data with fund managers who provide asset management Services to you and any brokers who introduce you to us or deal with us for you.	Legitimate Interest
Guarantors	ENBD KSA may share your Personal Data with any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with ENBD KSA. This type of processing is necessary for the fulfilment of our contract with you, for example to enable us to recover any sums we have advanced under our agreement with you.	Legitimate Interest
Insurance Providers	ENBD KSA may share your Personal Data with insurance providers, including underwriters, brokers, and associated parties.	Legal Obligation Legitimate Interest
Intermediaries/Brokers through whom you are our Customers	ENBD KSA may share your Personal Data with third-parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help ENBD KSA to resolve any complaint made by you and/or any dispute between you and ENBD KSA. This type of processing allows us to ensure that the intermediary or broker is fulfilling the terms of their contract with us and for us to fulfil our legal and regulatory obligations.	Legitimate Interest
IT Service Providers	System based processing of personal details as part of organisational/ operational requirements. e.g. cloud hosting Services; application development and support Services; IT Infrastructure Services; communication service providers, email Services; call recording Services. Help maintain the safety, security, and integrity of ENBD KSA Services and Customer.	Legitimate Interest
Law Enforcement Agencies & Authorities	To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences.	Legal Obligation
Legal/Professional Advisors	The provision of business consulting, audit and legal Services including access to and analysis of Personal Data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice.	Legitimate Interest
Other Uses	Provide, maintain, and improve ENBD KSA Services, including, for example, to facilitate payments, send receipts, provide products and Services you request (and send related information), develop new features, provide User support to Customer, develop safety features, authenticate Customer, and send product updates and administrative messages. Perform internal administration and operations, including, for example, to prevent fraud and abuse of ENBD KSA Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends. Send you communications ENBD KSA think will be of interest to you, including information about products, Services, promotions, news, and events of ENBD KSA, where permissible and according to local applicable laws. Notify you about changes to ENBD KSA terms, Services or policies and other communications that aren’t for the purpose of marketing the Services or products of ENBD KSA or its partners.	Legitimate Interest Consent
Payment Processing Services	ENBD KSA may share your Personal Data with providers of payment-processing Services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements.	Consent Legal Obligation
Postal Services and Couriers	ENBD KSA may share your Personal Data with any entity used for the purpose of postal and courier services.	Legitimate Interest
Representatives	ENBD KSA may share your Personal Data with anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney or Letter of Authorisation.	Consent
Social Media Agencies	ENBD KSA may share your Personal Data with social media companies so they can display messages to you about ENBD KSA products and Services or make sure you do not get irrelevant messages.	Consent

We may disclose your Personal Data in accordance with KSA PDPL in the following cases:

You consent to the disclosure.
Your Personal Data has been collected from a publicly available source.
The entity requesting disclosure is a public entity, and the collection or processing of your Personal Data is required for public interest or security purposes, or to implement another Law, or to fulfil judicial requirements.
The disclosure is necessary to protect public health, public safety, or to protect the lives or health of specific individuals.
The disclosure will only involve subsequent processing in a form that makes it impossible to directly or indirectly identify you.
The disclosure is necessary to achieve our legitimate interests (in this case no Sensitive Data (e.g. Health Data, Credit Data) will be processed).

PROCESSING FOR ANOTHER PURPOSE

It has obtained your consent.
The Personal Data is publicly available or was collected from a publicly available source.
We are not collecting or processing of personal data may harm you or affect your vital interests.
Personal data collection or processing is necessary to protect public health, public safety, or to protect the life or health of specific individuals.
The Personal Data is not to be recorded or stored in a form that makes it possible to identify you directly or indirectly.
Where processing is necessary for the purpose of legitimate interest of ENBD KSA, provided that no sensitive data is to be processed.

CHILDREN’S DATA

LEGAL GUARDIAN

AUTOMATED PROCESSING

The way ENBD KSA analyses Personal Data relating to ENBD KSA Services may involve profiling or other automated methods to make decisions about you that relate to the following:

Credit and affordability checks (including credit limits) – ENBD KSA will consider several factors including information about your income, expenses and how well you have kept up on payments in the past.
Anti-money laundering, combatting the financing of terrorism, sanctions checks, KYC validations (including through national identity systems) and screening ‘politically exposed’ people.
Monitoring your account for fraud and other financial crime – ENBD KSA will assess your transactions to identify any that are unusual.
Assessments required by regulators and appropriate authorities – certain details in your information may suggest that you are likely to become financially vulnerable and ENBD KSA may need to help you.
Identifying customers for specific campaigns and offers.

OFFICIAL COPIES

IS IT OBLIGATORY OR VOLUNTARY FOR ME TO PROVIDE MY PERSONAL DATA?

SOCIAL MEDIA

ENBD KSA operates channels, pages and accounts on some social media sites to inform, assist and engage with customers.

ENBD KSA is not responsible for any information posted on those sites other than information Emirates NBD has posted. ENBD does not endorse the social media sites themselves or any information posted on them by third parties.

MARKETING

For direct marketing purposes ENBD KSA will require your explicit consent to collect, maintain, process your Personal Data to send you the latest offers on ENBD KSA's banking products.

ENBD KSA makes it clear on the ENBD KSA physical application forms, during your onboarding digitally and on all communications received from the Bank as to what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*). You can object to further marketing at any time by:

Calling ENBD KSA Customer Call Centre Number: 800 754 7777 or +966 11 282 5566.
Changing ENBD KSA marketing preferences in your ENBD KSA Application account.

Further details of how ENBD KSA will use your Personal Data can be found below.

ENBD KSA collects Personal Data about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using ENBD KSA cookie preference center on the ENBD KSA website.

Technical information, such as your IP address and device ID.
Information about your visit, such as your URL and website interaction.
Location data, with your approval, used to show you the location of the nearest branch or ATM based on your IP address, coordinates or a unique device code.
Networks and connections, when you interact with us and the people and groups that you are connected to (for example, through social media).

INTERNATIONAL DATA TRANSFERS

ENBD KSA is part of a global organisation, and your Personal Data may be stored or processed in any country where ENBD has facilities or in which ENBD KSA engages Service providers and subcontractors. ENBD KSA has put in place appropriate safeguards in accordance with applicable legal and data protection requirements to ensure that your data is adequately protected.

WHAT ARE YOUR RIGHTS?

You have certain rights in respect of your Personal Data, and ENBD KSA have processes to enable you to exercise these rights. Your rights are as follows:

Opt Out / Unsubscribe:You can request to be removed from the ENBD KSA marketing mailing list, from the unsubscribe button in the email itself. We have other channels to request removal as well, such as calling the customer care center and sending SMS to the designated number communicated to you as part of the marketing content.
Right to Access (also known as a ‘Subject Access Request’): You have the right to obtain confirmation as to whether ENBD KSA processes Personal Data about you, receive a copy of your Personal Data held by us, and obtain certain other information about how and why ENBD KSA processes your Personal Data. The Personal Data shall be provided in a in a commonly used electronic format and if requested a printed hard copy, if feasible.
Right to Rectification: You have the right to request for your Personal Data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete Personal Data completed.
Right to Erasure (also known as 'the Right to be Forgotten'): You have the right to deletion of your Personal Data in the following cases:
- The Personal Data are no longer necessary in relation to the purposes for which they were collected and processed.
- Where our lawful basis for processing your information is consent and you then withdraw your consent. However, please note that the lawfulness of any previous processing carried out based on your valid consent earlier shall not be affected.
- Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by ENBD KSA, you object to our processing, and ENBD KSA do not have overriding legitimate grounds.
- You object to our processing for direct marketing purposes and advanced analytics.
- Your Personal Data has been unlawfully processed.
- Your Personal Data must be erased to comply with a legal obligation to which ENBD KSA are subject.
Right to Object: You have the right to object and/or restrict to our processing of your Personal Data in the following cases:
- Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us.
- Our processing for direct marketing purposes and advanced analytics.
Right to Data Portability: You have the right to request for your personal information to be prepared and arranged and sent to another organisation (or ask us to do so if technically feasible).
Right to Withdraw Consent: Where ENBD KSA process Personal Data based on consent, individuals have a right to withdraw their consent at any time. In the event of consent withdrawal, ENBD KSA shall cease Processing without undue delay from consent withdrawal request. Consent withdrawal of shall not affect the lawfulness of Processing based on consent before its withdrawal. To do so, please use the contact details below in the “How to Contact Us” section.
Right to Lodge a Complaint with a Supervisory Authority: ENBD sincerely hope that you will never need to, but if you do want to complain about our use of Personal Data, please use the contact details set out below.

Name: Saudi Data & AI authority (SADAIA).
Address: Digital City, Riyadh, 12382, Kingdom of Saudi Arabia.
Telephone: 8001221111.
Website: https://sdaia.gov.sa/

Upon receiving a request, ENBD KSA will take reasonable measures to act on the rights request under Law within a period not exceeding (30) days and without delay.

Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where ENBD KSA are required or permitted by law to do so. For instance, ENBD KSA may refuse to act on request when it is repetitive, manifestly unfounded, or requires disproportionate efforts. ENBD KSA will always be clear and communicate this to you if these instances arise.

In cases where an individual fully or partially lacks legal capacity, their legal guardian shall exercise their rights on their behalf subject to ENBD KSA verifying guardianship validity over the individual.

Also note, for the purpose of upholding the security, confidentiality, and integrity of your Personal Data, ENBD KSA may verify your identity before allowing you to access your Personal Data.

You may submit a request to exercise your rights by contacting the ENBD KSA Data Privacy Office by emailing ksadpo@emiratesnbd.com.

SECURITY

The Security of your Personal Data is important to us. We make every effort to ensure that your Personal Data is secure on our system. ENBD maintains physical, technical, and organizational safeguards to secure your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss. Moreover, access to your personal data is limited to those employees, agents, contractors, other third parties, etc. who have a responsibility towards your personal data and only on a need-to-know basis. The aforementioned will only process your personal data on ENBD’s instructions, and they are subject to a duty of confidentiality.

Additional safeguards that Emirates NBD use to safeguard your personal data include:

Applying physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.
Protecting the security of your personal data during transmission by using encryption protocols and software.
Utilizing computer safeguards such as firewalls, antivirus and other security technologies to keep the personal data secure.
Regularly monitoring Emirates NBD systems for possible vulnerabilities and attacks and carrying out penetration testing to identify ways to further strengthen our security.

ENBD evaluates these measures on a regular basis to ensure the security of the processing.

Your ENBD profile is password-protected so that only you and authorised ENBD employees have access to your account information. While we at Emirates NBD, will do our best to ensure the security and protection of your personal data, the security of your personal data will depend in part on the security of the device that you use to communicate with us, and the security measures you use to protect your personal information, user ID and passwords.

To ensure that your personal data is kept safe at all times, we urge you to take appropriate measures to protect your personal information, user ID and passwords, and any other information that is necessary to use our channels.

Please contact the ENBD KSA Customer Service Helpdesk / call center on: 800 754 7777 or +966 11 282 5566 in case you receive fraudulent emails or require any assistance with regards to our online banking Services.

WHAT HAPPENS IF THERE IS A PERSONAL DATA BREACH?

Whilst ENBD KSA takes measures to secure your Personal Data, risks to data security do exist, and there is always a possibility of unauthorised use, disclosure, modification and/or destruction of your Personal Data. In the event of a Personal Data Breach, ENBD KSA will notify you about it and its likely consequences, measures taken by us to mitigate the increased risk and avenues available to you to mitigate the risk as a result of the Personal Data Breach.

For reporting Personal Data Breaches or further information on how ENBD KSA respond to and handle Personal Data Breaches, please contact us at ksadpo@emiratesnbd.com.

EXTERNAL LINKS

The ENBD KSA website and apps may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own Data Privacy Notices. Please check these Notices before you submit any Personal Data to these websites. ENBD KSA is not responsible for the Data Privacy Notices, content of such sites or any Personal Data collected by such sites.

DATA PROTECTION OFFICER

ENBD KSA has appointed a Data Protection Officer ("DPO") to oversee compliance with this Data Privacy Notice. The DPO can be contacted on ksadpo@emiratesnbd.com.

HOW LONG DOES ENBD KSA STORE YOUR DATA FOR?

ENBD KSA will keep your Personal Data for as long as ENBD KSA has a relationship with you. Once the ENBD KSA relationship with you has come to an end, ENBD KSA will retain your Personal Data for a period that enables us to:

Maintain business records for analysis and/or audit purpose.
Comply with record retention requirements under the law.
Defend or bring any existing or potential legal claims.

ENBD KSA will delete your Personal Data when it is no longer required for these purposes. If there is any information that ENBD KSA is unable, for technical reasons, to delete entirely from ENBD KSA systems, we will put in place appropriate measures to prevent any further processing or use of the data.

In some circumstances you can ask us to delete your data. For further information, please see the “What are your Rights” section.

HOW TO CONTACT US

If you have questions or concerns regarding the way in which your Personal Data is being used, please contact the ENBD KSA Data Privacy Office by emailing ksadpo@emiratesnbd.com.

If you would like to lodge a complaint to your local supervisory authority, please get in touch and ENBD KSA will provide you with instructions and contact details to your local supervisory authority.

ENBD KSA are committed to working with you to obtain a fair resolution to any complaint or concern you may have. If, however, you believe that ENBD KSA have not been able to assist with your complaint or concern you have the right to make a complaint to the data protection authority of your country.

UPDATES TO THIS NOTICE

ENBD may occasionally update this notice. ENBD encourages Customers to periodically review this Notice for the latest information on the ENBD data privacy practices.

GLOSSARY OF TERMS AND DEFINITIONS

Term	Definition
Anonymization	Means the process of removing direct and indirect personal identifiers in a way that permanently makes it impossible to identify the Data Subject.
Anonymous Data	Means any information relating to a natural person where the person cannot be identified whether by the Data Controller or by any other person, taking account of all the means reasonably likely to be used either by the Data Controller or by any person to identify that individual.
Applicable Law(s)	Means all applicable laws and regulations relating to data protection and privacy, the processing of personal data, that apply on which this policy is updated in KSA including without limitation, as amended or replace: Personal Data Protection Law issued by virtue of Royal Decree No. M/19 Dated 09/02/1443H and amended by virtue of Royal Decree No. M/148 Dated 05/09/1444H, its Implementing Regulations and their subsequent replacements or amendments from time to time if any (“PDP Law”). Regulations, Instructions, Circulars, Policies and Standards related to personal data protection issued by the Saudi Data & Artificial Intelligence Authority, the National Data Management Office in KSA or SAMA (“PDP Regulations”). SAMA's Rules on Outsourcing Regulations as well as the SAMA’s Consumer Protection Regulations and accompanying Consumer Protection Standards as amended. In case of any discrepancies or contradictions whatsoever between any provision of the Data Protection Laws, the provisions of PDP Law and PDP Regulations shall prevail.
Authority(ies)	Means legal, supervisory, regulatory, governmental, and quasi-governmental bodies such as Saudi Central Bank ("SAMA"), the Capital Market Authority (“CMA”), and Zakat, tax, and customs authority etc.
Automated Processing	Means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human.
Biometric Data	Means Personal Data resulting from specific technical processing relating to the physical, physiological, and behavioral characteristics of the Data Subject, which allow the identification or confirm the unique identification of the Data Subject, such as facial recognition images.
Consent	Means the Consent by which the Data Subject authorizes ENBD KSA or third parties to process their Personal Data, provided that such Consent is freely given, informed, clear, specific, explicit, and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of their Personal Data, including written or verbal consent or by using electronic methods.
Consumer(s)	Means a Customer for the purpose of SAMA's Financial Consumer Protection Principles and Rules. A natural person who is a beneficiary of products and services provided by ENBD KSA, with or without charge, to satisfy their personal need or others’ needs.
Consumer(s)/Customer(s)	Means a Customer for the purpose of CBUAE Consumer Protection Regulation and the accompanying Standards. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain Services and/or products from ENBD, with or without charge, to satisfy their personal need or others’ needs. A Customer hence includes a Prospective Customer.
Data Breach(es)	Means, as per KSA Personal Data Protection Law, Any incident that leads to the Disclosure, Destruction, or unauthorized access to Personal Data, whether intentional or accidental, and by any means, whether automated or manual.
Data Controller(s)	Any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and/or carries out processing directly or through a Data Processor.
Data Processor	Means Any Public Entity, natural person or private legal person that holds or processes Personal Data on the instructions, for the benefit and on behalf of the Data Controller, but does not exercise responsibility for, or control over the Personal Data.
Data Protection Officer (DPO)	Means any natural appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures, and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof.
Data Protection Regulator	Means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law(s).
Data Rights Request	Means specific rights that individuals may exercise depending on the jurisdiction they are based in and the maturity of their local data protection laws. Such legislation bestows on individuals several rights that they may exercise.
Data Subject Right(s)	Means the set of rights afforded to individuals, as per Applicable Data Protection Law(s), who request information about the Personal Data collected or stored by ENBD KSA and to exert choice or control over how that data is used by ENBD KSA in accordance with Applicable Data Protection Law(s).
Data Subject(s)	Means the individual to whom the Personal Data relates to.
Data Transfer(s)	Means the transfer of data from one jurisdiction to another.
Destruction of Personal Data	Means Personal Data no longer exists.
Emirates NBD Group	Means Emirates NBD Bank (PJSC), a leading provider of a full range of banking and financial services to businesses and consumers throughout the United Arab Emirates, and any of its international branches, subsidiaries, successors, sister or affiliated companies, and assignees.
ENBD KSA	Means Branch of Emirates NBD Bank – KSA, a leading provider of a full range of banking and financial services to businesses and consumers throughout the Kingdom of Saudi Arabia, and any of its branches, successors, sister or affiliated companies, and assignees.
Encryption	Means the process of encoding information stored on a device and can add a further layer of security. It is considered an essential security measure where Personal Data is stored on a portable device or transmitted over a public network.
Know Your Customer or KYC	Means mandatory requirements to ensure updated information about ENBD KSA’s Customers, to perform identity verification and prevention of illegal transactions through the business relationship with ENBD KSA such as money-laundering, identity theft.
KSA	Means Kingdom of Saudi Arabia.
KSA Data Protection Law	Means the provisions of the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443 AH and amended by Royal Decree No. (M/148) dated 5/9/1444 AH. The Implementing Regulation of the Personal Data Protection Law, and Regulation on Personal Data Transfer outside the Kingdom.
Loss of Personal Data	Means that the Controller has lost control or access to the Personal Data.
Personal Data	Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an identification number or to one or more factors specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity.
Processing	Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Processor(s)	Means an establishment or a natural person who processes Personal Data on behalf of the Controller and under his supervision and instructions.
Profiling	Means a form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to the Data Subject.
Pseudonymisation	Means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
Saudi Central Bank or (“SAMA”)	Means the Central Bank of Kingdom of Saudi Arabia.
Special Category Personal Data (Sensitive Personal Data).	Means the Personal Data revealing racial or ethnic origin, or religious, intellectual, or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.
Staff	Means full time employees, insourcing staff, and contractors of ENBD KSA.
Subject Access Request	Means a request to receive a copy of one's data from an organisation in an accessible, readily available, and legible format. Such requests are limited to information that is specific and limited to that one individual.
Supervisory Authority	Means the local data protection regulators who are responsible for overseeing data protection compliance within a given jurisdiction. Such regulators are responsible for the following: Monitoring and enforcing data protection compliance Prepare key guidance documents Proposing and approving codes of practice Investigate complaints made by data subjects Preparing guidance The KSA Supervisory Authority is the Saudi Authority for Data and Artificial Intelligence (“SDAIA”).

Updated on September 11, 2024

How was your experience?