DBS DIFC Branch Data Privacy Notice
This is a Privacy Notice (“Notice”) issued to comply with the Dubai International Financial Centre ("DIFC") Data Protection Law (DIFC Law No. 5 of 2020 – the "DIFC Data Protection Law"). In this Notice, “DBS” or “we” or “us” or “our” means DBS Bank Ltd. (DIFC Branch) and “you” or “your” means any natural person reading this notice, including as a customer or visitor to our website, or as any natural person whose personal data has been or will be given to us in connection with a customer relationship or otherwise. Such persons could include, but are not limited to, a visitor to our website, any account holder, any authorised person on a customer account, anyone who does banking or deals with us on behalf of a customer, chief financial officers of a customer, any customer's authorised signatories, holders of powers of attorney on behalf of a customer, or a customer's directors, board members, chairpersons or other officers, partners, beneficial owners, employees, members, trustees, guarantors, agents of representatives, family members or next of kin, or any individual connected with your business, or any recipient of a designated payment from a customer.
This Notice covers any banking and investment products and/or services that customers have with us, such as, but not limited to, deposits, foreign exchange derivatives, loans, trade finance related services and payment services. It also applies to anyone who uses our website or whose personal data we have obtained or are controllers of.
It applies to any personal data we hold about you or individuals connected to your business or whose personal data we have obtained or are controllers of. Personal data (which we also describe in this Notice as "information") means any information that relates to an identified or identifiable living individual. Different pieces of information, which collected can lead to the identification of a particular person, also constitute personal data.
This Notice explains:
▪ who we are;
▪ what information we collect and where we collect it
▪ how we will use the information;
▪ who we share it with;
▪ how long we keep the information;
▪ what safeguards we have in place when transferring the information outside of the DIFC
▪ your rights as an individual;
▪ your obligations; and
▪ how to contact us and / or submit a complaint.
If you are a customer, prospective customer, or are an authorised person in relation to any customer, you should read this Notice in conjunction with the banking terms and conditions for the banking product and/or service which you or the relevant customer has or will have with us, as those terms and conditions may include sections relating to the use and disclosure of personal data.
It is important that you, as a customer or authorised person in relation to any customer, or as someone who is authorised to give us any personal data concerning any other natural persons, or are aware that such personal data may supplied on your behalf or on behalf of the relevant customer, should ensure that any individuals whose personal data you, or anyone else on your or a customer's behalf, supply to us at any time, are made aware of this Notice before their information is provided to us, and also that any such natural person whose data was supplied to us before 1 October 2020 is made aware of this Notice. For both purposes, you should at least consider all persons named in the first paragraph of this notice.
If you, or anyone else on your behalf or on behalf of a customer, has provided or provides information concerning an individual connected to your business to us, you or they must first ensure that you or they (as applicable) have the authority to do so.
WHO WE ARE
We are DBS Bank Ltd. (DIFC Branch), a foreign recognised company (branch) registered in the DIFC and licensed and regulated by the DFSA, having its registered address at Suite No. 608-610, 6th Floor, Building 5, Gate Precinct, PO Box 506538, DIFC, Dubai.
THE INFORMATION WE COLLECT AND WHERE WE COLLECT IT
We collect information about you and individuals connected to your business in accordance with relevant regulations and laws from a range of sources, such as directly from you and individuals connected to your business, third parties we work with (e.g. companies that introduce you to us, fraud prevention agencies, regulators, trade bodies, government and law enforcement agencies) and from publicly available sources. Below are some examples of the information we collect:
▪ personal details, such as name, date and place of birth;
▪ contact details, such as address, email address, position in company, landline and mobile numbers;
▪ information concerning identity, such as photo ID, passport information, driving licence and nationality;
▪ your financial information and information about your relationship with us;
▪ information we use to identify and authenticate you and the individuals connected to your business;
▪ information included in customer documentation;
▪ risk rating information;
▪ investigations data, such as due diligence checks, sanctions and anti-money laundering checks, company searches and external intelligence reports;
▪ records of correspondence and other communications between you, your representatives and us;
▪ information that we need to support our regulatory obligations, such as information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities; and
▪ other information about you and individuals connected to your business that you have provided to us.
COOKIES AND RELATED TECHNOLOGIES
A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the web site.
You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, do note that if you enable blocking of cookies and pixel tags, it may limit certain features and functions in your use of our web sites.
OTHER WEB SITES
HOW WE USE THE INFORMATION
The law says that we are allowed to use information on you and individuals connected to your business if we have a proper reason to do so. These reasons include where we:
▪ have your consent;
▪ need to process the information to fulfil a contract we have with you;
▪ have to comply with a legal obligation;
▪ have a vital interest;
▪ believe the use of information as described is in the public interest;
▪ need to pursue our legitimate interests.
We may use your personal data for business purposes, such as:
- Developing and providing banking facilities, products or services (whether made available by us or through us), including but not limited to:
- executing investments, banking, commercial or other transactions and requests, including processing, settlement, clearing or reporting on these transactions;
- carrying out research, planning and statistical analysis; or
- analytics for the purposes of developing or improving our products, services, security, service quality, advertising or customisation strategies;
- assessing and processing applications, instructions or requests from you or our customers;
- communicating with you, including providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions;
- managing our infrastructure, business operations and complying with internal policies and procedures;
- responding to queries or feedback;
- addressing or investigating any complaints, claims or disputes;
- verifying your identity for the purposes of providing banking facilities, products or services;
- conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;
- complying with all applicable laws, regulations, rules, directives, orders, instructions, guidance and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;
- monitoring products and services provided by or made available through us;
- complying with obligations and requirements imposed by us from time to time by any credit bureau or credit information sharing services of which we are a member or subscriber;
- creating and maintaining credit and risk related models;
- financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;
- enabling any actual or proposed assignee or transferee, participant or sub-participant of DBS’s rights or obligations to evaluate any proposed transaction;
- enforcing obligations owed to us
- in connection with performance of duties when seeking consultancy or professional advice, including legal advice; and/or
- administering benefits or entitlements in connection with our banking relationship with you, including the administration of loyalty, rewards programmes, lucky draws, and/or sending gifts and awards.
In addition to the above purposes, we may also use personal data for purposes set out in the terms and conditions that govern our relationship with you or our customer.
We may use automated systems to help us make decisions and technology that helps us to identify the level of risk involved in our relationship, for example monitoring your account activity.
USE OF PERSONAL DATA FOR MARKETING PURPOSES
We may use your personal data to offer you products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. In doing so, we will comply with the DIFC Data Protection Law and other applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (GDPR).
In respect of sending telemarketing messages to your telephone number via short message service, telephone calls (voice or video), facsimile and other mobile messaging services, please be assured that we shall only do so if
- You have provided your clear and unambiguous consent in writing or other recorded form for us to do so;
- you have not indicated to us in our ongoing relationship that you do not wish to receive telemarketing messages sent to your telephone number.
We may, as part of our ongoing relationship with you, send marketing messages to you. You may at any time request that we stop contacting you for marketing purposes via selected or all modes.
To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “How to contact us” section below).
Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.
WHO WE SHARE THE INFORMATION WITH
We share your information and information relating to individuals connected to your business with DBS Group and others where it is lawful to do so. "DBS Group" means DBS Bank Ltd., its related corporations, affiliates and branches. Below are some examples of people we share information with:
▪ third party service providers, such as our correspondent banks in order to provide you with products or services you have requested;
▪ fraud prevention and enforcement agencies;
▪ regulators, tax authorities, DFSA, and other DIFC authorities;
▪ professional advisers in connection with litigation or asserting or defending legal rights and interests;
▪ credit reference agencies;
▪ people who give guarantees or other security for any amounts you owe us;
▪ people you make payments to and receive payments from;
▪ your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you trade through us;
▪ other financial institutions, lenders and holders of security over any property or assets you charge to us, other tax authorities, trade associations, payment service providers and debt recovery agents;
▪ any brokers who introduce you to us or deal with us for you;
▪ any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them;
▪ law enforcement, government, courts, dispute resolution bodies, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
▪ other parties involved in any disputes;
▪ anyone who provides instructions or operates any of your accounts, products or services on your behalf;
▪ anybody else that we have been instructed to share your information with by you;
▪ insurers and their underwriters;
▪ where we have a legitimate business reason for doing so (e.g. to manage risk and verify identity);
▪ where we have asked you or the individuals connected to your business for your permission to share it, and you (or they) have agreed; and
▪ third parties connected with business transfers: We may transfer your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice.
TRANSFER OF YOUR INFORMATION OUTSIDE THE DIFC
Your information and information relating to individuals connected to your business may be transferred to and stored in locations outside of the DIFC, including countries that may not have the same level of protection for personal information provided that we ensure that appropriate safeguards are in place.
The safeguards may include:
▪ restricting transfer to a country outside of the DIFC with privacy laws that give the same protection as the DIFC;
▪ putting in place a contract with the recipient that includes model contractual clauses approved by the Commissioner under the DIFC Data Protection Law.
In the latter case, you can obtain a copy of the relevant standard clauses from: https://www.difc.ae/business/operating/data-protection/forms-fees/ under the section headed "Data Protection Forms".
SELLING PERSONAL DATA
We wish to emphasise that we do not sell personal data to any third parties and we shall remain fully compliant with any duty or obligation of confidentiality imposed upon us under applicable agreements and/or terms and conditions that govern our relationship with you.
HOW LONG WE KEEP PERSONAL DATA
We will keep personal data and information relating to you and individuals connected to your business in line with our data retention policy and to enable us to comply with our legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise.
YOUR RIGHTS AS AN INDIVIDUAL RELATING TO THE INFORMATION
The law provides you with certain rights relating to your personal data. These rights include:
▪ the right to access information we hold about you and to obtain information about how we process it;
▪ the right to request that we rectify your information if it is inaccurate or incomplete;
▪ the right to request that we erase your information although we may continue to retain your information if we are entitled or required to retain it pursuant to the DIFC Data Protection Law;
▪ the right to object to, to request that we restrict, to withdraw your consent at any time to, our processing of your information in some circumstances. There may be situations where should you object to, or ask us to restrict, or withdraw your consent to our processing of your information but we are entitled to continue processing your information and/or to refuse that request;
▪ the right to object to our use of your information although we may continue to use your information if we have legitimate reason(s) for doing so;
▪ the right to receive certain information you have provided to us in a structured, commonly used and machine-readable format where the Processing is (a) based on the Data Subject's consent or the performance of a contract; and (b) carried out by automated means;
You and individuals connected to your business can exercise your or their rights at any time by contacting us using the details set out in ‘HOW TO CONTACT US AND / OR SUBMIT A COMPLAINT”. You must supply sufficient information to allow us to confirm your identity, whether we are processing your information, and whether what you are asking us to do is a request with which we must comply under the DIFC Data Protection Law. You and individuals connected to your business are not required to pay any charge for exercising such rights and, if you make a request, we have one month to respond to you.
YOUR OBLIGATIONS RELATING TO THE INFORMATION YOU GIVE US
You are responsible for making sure the information you give us, information which is provided by individuals connected to your business, or information which is otherwise provided on your behalf is accurate and up-to-date, and you must tell us if anything changes as soon as possible, and inform us at the same time of the updated information.
You must tell us if you become aware that any individual whose information you have provided us has objected to their information being collected, processed, used or disclosed.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION
We have implemented technical and organisational security measures to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Notice as well as other administrative, technical and physical safeguards.
HOW TO CONTACT US AND / OR SUBMIT A COMPLAINT
If you would like to contact us about any issue concerning data protection (including submission of a complaint), you can contact us as follows:
- By email to email@example.com;
- By sending a letter, addressed to the Data Protection Officer, to our full address above;
- By calling us on +97143641800 and asking to speak to the Data Protection Officer.
We are the controller of your personal data and any individuals who are connected to your business.
You also have the right to complain to the DIFC Data Commissioner at: firstname.lastname@example.org.
AMENDMENTS AND UPDATES
We may amend this Privacy Notice from time to time to ensure that this policy is consistent with any developments to the way DBS uses your personal data or any changes to the laws and regulations applicable to DBS. We will make available the updated policy on our web site (www.dbs.com/ae). All communications, transactions and dealings with us shall be subject to the latest version of this notice in force at the time. Please review this Privacy Notice at regular intervals so that you are informed of all applicable changes.