This Notice aims to provide information regarding the Bank's policy concerning processing of concerned persons’ personal data.
As the privacy and the security of the concerned persons personal data is very important to us, at Arab Bank plc Morocco, hereinafter referred to as the “Bank”, we ensure that personal data that we collect is always treated as private and confidential, afforded the highest level of security, and is processed in accordance with Morocco’s Law Number 09.08 on the Protection of Individuals with Regard to the Processing of Personal Data, hereafter referred to as the “Law”. This Privacy Notice, hereinafter referred to as “Notice”, also aims to provide our customers or any individual that provided his/her personal data, hereafter referred to as “Concerned Persons” with information on how we will use their personal data, what steps we will take to ensure it stays private and secure and what personal data we collect and process about our customers as well as their data privacy rights and how to exercise them.
How we collect Concerned Persons data
The Bank collects Concerned Persons data through one of the following methods:
- Directly: we obtain personal information directly from Concerned Persons in order to receive a service from the Bank or transacting with the Bank, including without limitation, log a complaint, enter a business relationship, or for other purposes depending on the services requested for or agreed upon.
- Indirectly: we may obtain personal information about Concerned Persons indirectly from a variety of sources, including: brokers, intermediaries, the Banks’s Affiliates; Cookies, device ID's, social media, public sources, business partners, and recruitment services to understand Concerned Persons needs and serve them better , satisfy a legal obligation, or in pursuance of another legitimate interest.
How we use Personal information
We collect personal information for various reasons in relation to our services, products or interacting with us, and for other business purposes, including but not limited:
- to provide and manage customers account(s) and the bank relationship with it customers.
- to give our customer’s statements and other information about their account or our relationship.
- to handle enquiries and complaints.
- to provide our services.
- to conduct assessment, testing, and analysis for statistical purposes or other analysis to meet Concerned Persons needs.
- to evaluate, develop, and improve our services.
- to develop our business strategies to better serve our customers
- to contact our customers, by post, phone, text, email and other digital methods.
- to collect any debts owing to us.
- to meet our regulatory compliance and reporting obligations in relation to protecting against financial crime.
- to assess any application we receive from our customers.
- to monitor, record, and analyze any communications between the Concerned Persons and the bank after getting the required approvals from the Moroccan Data Protection Authority ( CNDP ) and per approved purposes.
- to share customers information with the Central Bank of Morocco and governmental authorities and other competent authorities in accordance with the laws and regulatory controls applied in Morocco.
- for purpose of litigation, consultation, legal advices or documentation of transactions.
On what legal grounds do we process Concerned Persons data
We rely on the following lawful reasons when we collect and process Concerned Persons personal information to operate our business, transacting with them, and to provide our products and services:
- Legal obligations and public interests: we process personal information to comply with a legal obligation, to meet regulatory and public interest obligations or mandates.
- Contractual obligation: we process customer’s information if necessary for the entry and/or implementation of a contract with the customer, or for the conclusion of a contract at his/her request.
-Legitimate interests: we rely on legitimate interests based on our evaluation that the processing is fair, reasonable, and balanced.
- Consent: We will only process Concerned Persons personal information after obtaining their explicit written consent except for reasons permitted under the Law.
Which personal data do we collect and process
The personal data we collect includes data provided by the customer at the start of our relationship or at any time thereafter such as:
- Personal details such as name, date of birth, email, nationality, marital status, and gender and contact information.
- Current residential address and permanent residential address, and proof of address documents.
- Data about our customer’s identity including documents, details of ID cards, details of passports.
-Employer, employment status, job title, full name, email, address and telephone number(s) used for work purposes.
-Financial data: income and source of income, source of wealth, average account financial activity, and engagement data.
- Data about customer tax status such overseas tax-identification number, FATCA forms, etc.
- Details of transactions done by our customers or by any of the connected persons to them including dates, amounts, currencies, and payer and payee details.
- Sound and visual images including CCTV footage for security and protection reasons
- Digital identifiers (IP address, email).
- Cookies (please refer to our Cookie Notice).
- Risk rating information, e.g. credit risk rating and data about individual ability to manage credit.
- Recruitment information and qualifications for prospective job applicants.
- Other people’s information, such as witnesses, family and household members, emergency contacts, and guardians, which include their signatures, addresses and relationship with our customers
- Legal dispute, complaints, and grievance information.
- Agreements, contracts, billing and commissions information.
- Security Information.
- Data about customer’s geographic location, ATMs used, and branches they visit.
How long do we keep customer’s personal data
We retain personal information to provide our services during the period of our relation and as necessary to comply with applicable laws, regulations, and professional obligations, which we are subject to. We will dispose of customer’s personal information in a secure manner following the ending of the legal period for keeping such data.
How we protect and safeguard personal data
We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of personal information. We aim to ensure that access to personal information is limited only to those who need to access it, and those individuals who have access to the information are required to maintain the confidentiality of such information.
If customers are using online services from the Bank, the customer him/her self remain responsible for keeping his/her user ID and password confidential.
Who has access to customer’s personal data and to whom it is disclosed
We keep our customer’s personal information confidential. However, in order to service customer’s needs to the best of our ability, we may share their personal information with other parties bound via contractual agreements to safeguard customers information and only process it under our strict instructions.
We may share the information about our customer’s and their dealings with us, to the extent allowed by law, with:
-Arab Bank Head Offices - Jordan
- External Auditors.
- Regulatory authorities, governmental bodies, financial crime prevention agencies, and tax authorities.
- Third Party Service Providers.
- Agents acting on behalf of the Bank.
- Courier and postal services.
- Law firms, lawyers, or professional advisors.
- Other parties with which our customers have agreed to share their information with.
Transfer of data outside Morocco
In accordance with the Law and applicable laws, we may transfer our customer personal information to Arab Bank Head Office – Jordan, as well as third party organizations outside Morocco when we have a business reason to engage these organizations following Moroccan Data Protection Authority approval. Each organization is required to safeguard personal information in accordance with our contractual obligations and the Law.
What are Concerned Persons rights and how they can exercise them
Right to access - Concerned Persons have the right to obtain confirmation from the Bank that personal data relating to them are being processed or not, as well as information relating to the purposes of processing, the categories of data they are intended for and the addressees to whom the personal data has been delivered. They also have the right to know the logic that governs each automated processing of personal data relating to them.
Right to rectification - Concerned Persons have the right to update, rectify, erase or close access to personal data whose processing is not in accordance with the law, in particular due to the incomplete or incorrect nature of that data.
Right to object - Concerned Persons have the right to object on legitimate grounds to the processing of their data. They have the right to object to the use of data related to them for the purposes of induction (promotion), especially commercial ones.
Please note that our fulfillment to Concerned Persons requests may be subject to limitations, in certain circumstances, in accordance with the Law.
To submit a request to exercise any of these rights, please send an email to PDP-Privacy@arabbank.ma
Arab Bank plc – Morocco branch
174 Boulevard Mohamed V Casablanca Maroc
For More Information
Should you have any questions regarding this Notice or want to learn more about our security practices, please read our Security Statement section, or contact us at: PDP-Privacy@arabbank.ma
Changes to the this Notice
We reserve the right to update this Notice to reflect changes to our information practices in alignment with the Law. Any updates will become effective immediately after posting the updated Notice on our website.