ZAND’s Privacy Notice
Privacy is a fundamental right that protects the ‘Personal Autonomy’ and ‘Freedom’ of our customers
1. Welcome to Zand Bank’s Privacy Policy
This notice takes you through the ‘Privacy Policy’ of Zand Bank PJSC and include its subsidiaries and affiliates (“Bank”) which will assist you in familiarising yourself with how we collect, process and protect your personal data. We take your privacy very seriously and hence we have implemented all required measures to secure your Personal Data and limit them to only required processing.
Please read this Privacy Policy summary carefully as it contains important information on who we are, and how and why we collect, store, use and share any information relating to you.
As a Bank, we require your data, which we collect and process to provide you banking services (“Customer Data”). Among this Customer Data, some data is identified as Personal Data which is specific or related to you (“Personal Data”); that can be identified to you directly or indirectly by linking your Data.
2. What are the types of Personal Data we collect to provide you our services?
The table provides you an insight on the types and forms of data we collect or process about you including but not limited to the following.
| Types of Personal Information | Description |
|---|---|
| Financial | Your financial position, status and history with us or other entities. |
| Contact | Your name and how to contact you. |
| Locational (Static) | Your registered address with us and location for service/card delivery. |
| Socio-Demographic | This includes details about your work, nationality, education, income and net worth. |
| Engagement | Includes financial and non-financial transactions/events related to the use of our digital assets and underlying products. |
| Contractual | Details about the products or services we provide to you within your relationship with us. |
| Locational (Dynamic) | Location data generated by our mobile app and website. Location data related to the usage of our card. |
| Technical | Static and dynamic information related to the devices and technology you use to access the Bank’s services and products. |
| Communications | What we learn about you from letters and emails you write to us, and conversations between us across all channels. |
| Documentary data | Copies of documents submitted to us as part of the initial onboarding and any subsequent product and/or service request. |
| Consents | Consents and permissions related to the configuration of preferences that influence how we provide our services and products as well as consents to obtain 3rd party data related to the approval process of onboarding and/or product and services requests (e.g. AECB credit score). |
| National Identifier | Your Emirates ID or passport copy. The Social Security Number or any other form of Tax Identification Number for US customers. |
We collect and use this Personal Data for the purposes described in section 7 below(Why we collect and use your personal data)
3. How is your Personal Data collected?
We collect Personal Data from you:
- directly, when you enter or send us information, such registering with us, contact us (including via email), send us feedback, acquire products or services via our Site, post material to our Site and complete customer surveys or participate in competitions via our Site; and
- indirectly, such as your browsing activity while on our Site; we will usually collect information indirectly using the technologies explained in section 6 below(Cookies and other tracking technologies)
We also collect Personal Data about you from other sources as described in the table in Section 2 above(What are the types of ‘Personal Data’ we collect to provide you our services).
3.1 Consent
The Bank collects and processes your Personal Data for the following purposes:
- Execution of the banking contract(s) concluded with you as an individual client or a representative of a corporate client
- Compliance with applicable legal or regulatory obligations
- To provide you with adequate and qualitative products and services; and
- To prevent against any excessive risk.
We process your Personal Data based on your consent. Personal Data requested is usually necessary for the provision of a service or product to you or for your use of our websites and applications. If you do not provide Personal Data we ask for where it is required, it may prevent us from providing our products and services to you, and we may be unable to comply with our legal or regulatory obligations.
For any task for which a consent was provided, you have the right to withdraw the consent for future processing at any time, unless the information already consented is required for our business operations related to the provisions of products and services to you, or as detailed in the list of exclusions provided in the UAE federal law. Please Contact us for the withdrawal of the consents.
4. Personal Data usage for Marketing and Promotional activities
We may also use your Personal Data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your Personal Data for marketing purposes (see section 7, Why we collect and use your personal data). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
5. Who we share your personal data with
We may share Personal Data with third parties, such as:
- External Auditors, e.g. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations.
- Professional Advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations.
- Law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.
- Other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised, but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations; or
- Third party service providers act as ‘Data Processors’ who use some parts of your confidential information (including Personal Data) to analyse such information in accordance with a service provider’s service functionality, develop and test services and new products to improve the functionality of the services designed for fraud detection and prevention, and produce anonymised and/or aggregated statistical reports and research.
- Third party service providers who help us analyse certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyse visitor activity.
- We may permit these service providers to use cookies and other technologies to perform these services for us. Our third-party service providers are required to comply fully with this privacy policy.
6. Cookies and other tracking technologies
Cookies are pieces of information which are stored directly on your device. The Bank ensures high standards both in principle and technology on the usage of cookies for better customer experience. Cookies allow us to collect information such as browser type, time spent on our site, the pages visited, your preference for language, and overall helps us to understand your mode of access to the Bank’s websites. We use this information for security purposes, to facilitate navigation, to display information more effectively, to personalize/customize your experience while visiting the Bank’s websites, and to recognize your device to allow your use of our online products and services. We collect statistical information about the usage of the website in order to continually improve the design and functionality, to monitor responses to our advertisements and content. We also utilize cookies for our online advertising purposes.
You may set up your web browser to block cookies. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies, you may not be able to use certain features and functions of our website.
We also use analytics programs such as Google Analytics for web analytics purposes to manage and improve our website, mobile apps and/or our services. Accordingly, your Personal Data may be collected for reports such as impression reporting, demographic reporting, interest reporting and to assist with tailoring our online advertising to provide you with a better experience.
Please read our Cookie policy for more information.
7. Why we collect and use your personal data
The table below explains the need for the collection and processing of your Personal Data, and reason for the same.
| What for we use your ‘Personal Data’ | Our Reasoning |
|---|---|
| To create and manage your account with us For providing products and/or services to you. | We are able to create, develop, operate, deliver and improve our services, personalized content, and make suggestions for you by using your Personal Data. Also, we understand how you use and interact with our services and the people or things you’re connected to and interested in on and off our Services. When we have location Personal Data, we use it to tailor our Services for you and others, like helping you to check-in and find local events or offers in your area. We also conduct surveys and research, test features in development, and analyse the Personal Data we have to evaluate and improve products and services, develop new products or features, and conduct audits and troubleshooting activities. |
| Conducting checks to identify you and verify your identity | To comply with our legal and regulatory obligations. To help prevent and detect fraud against you or us. To enforce legal rights or defend or undertake legal proceedings. |
| Customise our site and its content to your particular preferences based on your selected preferences or on your usage of our site. | Your preferences as set in the browser configurations as gathered by the separate cookies tool on our Site—see Cookies and other tracking technologies |
| Retaining and evaluating information on your recent visits to our Site and how you move around different sections of our website for analytics purposes. | Your consent as gathered by the separate cookies tool on our Site—see Cookies and other tracking technologies This helps us to understand how people use our site so that we can make it more intuitive or to check our site is working as intended. |
| Communications with you not related to marketing, including about changes to our terms or policies or changes to the services or other important notices. | Depending on the circumstances: To comply with our legal and regulatory obligations In other cases, for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you in the most efficient manner. |
| Protecting the security of systems and data | To comply with our legal and regulatory obligations. We may also use your Personal Data to ensure the security of systems and data To protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us. |
| Statistical analysis to help us manage our business, e.g. In relation to our financial performance, customer base, product range or other efficiency measures. | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the most efficient manner. |
| Updating and enhancing customer records. | Depending on the circumstances: To perform our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations; or Where neither of the above apply, for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products. |
| Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business. | To comply with our legal and regulatory obligations. |
| Marketing our services to existing and former customers. | For our legitimate interests or those of a third party, i.e. To promote our business to existing and former customers. See the section on How and why we use your personal data for Marketing and Promotional activities |
| External audits and quality checks, e.g. For the audit of our accounts. | For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards. |
| To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary. | Depending on the circumstances: To comply with our legal and regulatory obligations In other cases, for our legitimate interests or those of a third party, i.e. to protect, realise or grow the value in our business and assets. |
Is it mandatory for you to share your Personal Data with us?
To ensure your online security and to provide you the best possible services, we require your Personal Data to suggest and offer products and services which suit you the most. Furthermore, it is also mandatory to validate regulatory and compliance checks before the provision of banking services which is a major requirement for us requesting your personal data.
See section 5 (Who we share your personal data with) for further information on the steps we will take to protect your Personal Data where we need to share it with others.
8. How we keep your personal data secure
We have appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. Also, we have required oversight of our third-party service providers to ensure information remains confidential and secure.
We also have procedures, processes and controls in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Retention of your Personal Data:
The UAE Regulators have provided guidance on the minimum period of retention of the customers Personal Data. The Bank will adhere to this regulatory guidance on the storage of the Personal Data related to all customers. This retention period starts from the end of our business relationship (closing of your account) or completion of the relevant transaction (if we have no business relationship with you).
After the expiry of this mandatory retention period, your Personal Data will either be deleted or securely archived, based on the transactional types and as per legal obligations.
9. What are your Rights under data protection law and how to exercise them?
You can communicate with our Privacy team on all matters regarding the processing of your Personal Data to exercise your rights in accordance with the UAE federal law concerning the protection of Personal data.
The following are the rights with respect to the management of your Personal Data.
a. Right to Receive Information:
As a data subject you have the right to obtain the information such as the types of the Personal Data processed at the Bank, the purpose of processing, details of automated processing if any, and the controls adopted for the security of the storage of Information.
b. Right to request the transfer of Personal Data:
You have the right to request for the transfer of the Personal Data to another controller, provided it is technically and legally feasible.
c. Right to the correction or erasure of the Personal Data:
You, as a customer have the right to request the correction of any inaccurate Personal Data or request to complete the data (Complete Information). Also, you have the right to request for the erasure of the Personal Data held by us for few of the cases as provisioned in the law. It has to be noted that there are limitations to exercise this right as both banking services and legal binding overtakes priority over this right.
d. Right to Restrict or Stop processing:
You have the right to request us to restrict processing under certain conditions as laid out by the law. The Bank will proceed with the processing of your Personal Data in cases as stipulated by the law.
e. Right to processing and automated processing:
You have the right to object to any decisions resulting from automated processing, including profiling, particularly those decisions which have legal impact on or adversely affecting you. As per the law, please be aware that the contract and consents have priority over your right to object to processing and automated processing.
NOTE: Your right to object to the processing of Personal Data concerning you will have impact on the services provided and has limitations as per the federal law. The Bank will no longer process your data except where such personal data is required for business operations related to the products or services offered to you.
Your decision to withdraw your consent to the processing of Personal Data will not affect the lawfulness of the processing based on the prior consent before withdrawing it.
Please Contact us to know more about your rights under data protection law and ways to exercise them.
10. Expected Social Media behaviour from Customers
The Bank operates accounts and pages on social media sites to engage with customers and share updates. As an expected behaviour, we continuously update information and monitor all responses such as comments and posts on the Bank.
We expect the following from you (the customers) with respect to the social media behaviour and usage:
- The only mode of communication with the Bank is provided on the ‘Contact us’ page and this will be the official mode of communication with us.
- Customer shall not share any of their Personal Data, impacting the confidentiality of our business with you, in the social media (both on our pages or on any other social media Platform).
- Even on the Bank’s social media platforms, do not share any confidential personal information such as account information, transaction details etc. in your comments.
- Sensitive Personal Data, which is defined as “Any data which directly or indirectly reveals a natural person's family, ethnic origin, political or philosophical opinions, religious beliefs, criminal record, biometric data, or any data relating to such person's health and physical, psychological, mental, genetic or sexual condition, including information related to the provision of healthcare services to him/her which reveals his/her health status” by the UAE federal law shall never be shared / communicated on the Zand bank’s social media platform.
The Bank will not be responsible for any information posted on those sites other than the information posted by our own authorised staff.
11. Changes to this privacy policy
This Privacy Policy is subject to change due to varying regulatory and compliance requirements. Please review it periodically to update yourself with the latest from our end on privacy implementation. Any changes to this Policy will become effective when we post the revised policy on our site. Your use of this website following these changes means that you accept the revised Policy.
12. How to contact us
If you have questions, comments, concerns or feedback regarding this privacy policy or any other privacy concern, please contact us.