Live more, Bank less

DBS DIFC Branch Data Privacy NoticeThis is a Privacy Notice (“Notice”) issued to comply with the Dubai International Financial Centre ("DIFC") Data Protection Law (DIFC Law No. 5 of 2020 – the "DIFC Data Protection Law"). In this Notice, “DBS” or “we” or “us” or “our” means DBS Bank Ltd. (DIFC Branch) and “you” or “your” means any natural person reading this notice, including as a customer or visitor to our website, or as any natural person whose personal data has been or will be given to us in connection with a customer relationship or otherwise. Such persons could include, but are not limited to, a visitor to our website, any account holder, any authorised person on a customer account, anyone who does banking or deals with us on behalf of a customer, chief financial officers of a customer, any customer's authorised signatories, holders of powers of attorney on behalf of a customer, or a customer's directors, board members, chairpersons or other officers, partners, beneficial owners, employees, members, trustees, guarantors, agents of representatives, family members or next of kin, or any individual connected with your business, or any recipient of a designated payment from a customer.This Notice covers any banking and investment products and/or services that customers have with us, such as, but not limited to, deposits, foreign exchange derivatives, loans, trade finance related services and payment services. It also applies to anyone who uses our website or whose personal data we have obtained or are controllers of.It applies to any personal data we hold about you or individuals connected to your business or whose personal data we have obtained or are controllers of. Personal data (which we also describe in this Notice as "information") means any information that relates to an identified or identifiable living individual. Different pieces of information, which collected can lead to the identification of a particular person, also constitute personal data.This Notice explains:

who we are;

what information we collect and where we collect it

how we will use the information;

who we share it with;

how long we keep the information;

what safeguards we have in place when transferring the information outside of the DIFC

your rights as an individual;

your obligations; and

how to contact us and / or submit a complaint.

If you are a customer, prospective customer, or are an authorised person in relation to any customer, you should read this Notice in conjunction with the banking terms and conditions for the banking product and/or service which you or the relevant customer has or will have with us, as those terms and conditions may include sections relating to the use and disclosure of personal data.It is important that you, as a customer or authorised person in relation to any customer, or as someone who is authorised to give us any personal data concerning any other natural persons, or are aware that such personal data may supplied on your behalf or on behalf of the relevant customer, should ensure that any individuals whose personal data you, or anyone else on your or a customer's behalf, supply to us at any time, are made aware of this Notice before their information is provided to us, and also that any such natural person whose data was supplied to us before 1 October 2020 is made aware of this Notice. For both purposes, you should at least consider all persons named in the first paragraph of this notice.If you, or anyone else on your behalf or on behalf of a customer, has provided or provides information concerning an individual connected to your business to us, you or they must first ensure that you or they (as applicable) have the authority to do so.WHO WE AREWe are DBS Bank Ltd. (DIFC Branch), a foreign recognised company (branch) registered in the DIFC and licensed and regulated by the DFSA, having its registered address at Suite No. 608-610, 6th Floor, Building 5, Gate Precinct, PO Box 506538, DIFC, Dubai.THE INFORMATION WE COLLECT AND WHERE WE COLLECT IT We collect information about you and individuals connected to your business in accordance with relevant regulations and laws from a range of sources, such as directly from you and individuals connected to your business, third parties we work with (e.g. companies that introduce you to us, fraud prevention agencies, regulators, trade bodies, government and law enforcement agencies) and from publicly available sources. Below are some examples of the information we collect:

personal details, such as name, date and place of birth;

contact details, such as address, email address, position in company, landline and mobile numbers;

information concerning identity, such as photo ID, passport information, driving licence and nationality;

your financial information and information about your relationship with us;

information we use to identify and authenticate you and the individuals connected to your business;

information included in customer documentation;

risk rating information;

investigations data, such as due diligence checks, sanctions and anti-money laundering checks, company searches and external intelligence reports;

records of correspondence and other communications between you, your representatives and us;

information that we need to support our regulatory obligations, such as information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities; and

other information about you and individuals connected to your business that you have provided to us.

COOKIES AND RELATED TECHNOLOGIES A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the web site.You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, do note that if you enable blocking of cookies and pixel tags, it may limit certain features and functions in your use of our web sites.OTHER WEB SITES Our web sites may contain links to other websites which are not maintained by DBS. This privacy policy only applies to the websites or apps of DBS. When visiting these third party web sites, you should read their privacy policies which will apply to your use of such websites.HOW WE USE THE INFORMATION We process your personal data only where we have a lawful basis under the DIFC Data Protection Law. Such lawful basis consist of:

your consent;

the need to process your information to fulfil a contract we have with you;

the need to comply with a legal obligation;

protection of your vital interests or of another natural person;

where the processing is necessary for the performance of a task carried out in the public interest, as permitted under the DIFC Data Protection Law;

the need to pursue our legitimate interests.

We may process your personal data for the following purposes:

Developing and providing banking facilities, products or services (whether made available by us or through us), including but not limited to:

executing investments, banking, commercial or other transactions and requests, including processing, settlement, clearing or reporting on these transactions;
carrying out research, planning and statistical analysis; or
analytics for the purposes of developing or improving our products, services, security, service quality, advertising or customisation strategies;

assessing and processing applications, instructions or requests from you or our customers;

communicating with you, including providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions;

managing our infrastructure, business operations and complying with internal policies and procedures;

responding to queries or feedback;

addressing or investigating any complaints, claims or disputes;

verifying your identity for the purposes of providing banking facilities, products or services;

conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;

complying with all applicable laws, regulations, rules, directives, orders, instructions, guidance and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;

monitoring products and services provided by or made available through us;

complying with obligations and requirements imposed by us from time to time by any credit bureau or credit information sharing services of which we are a member or subscriber;

creating and maintaining credit and risk related models;

financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;

enabling any actual or proposed assignee or transferee, participant or sub-participant of DBS’s rights or obligations to evaluate any proposed transaction;

enforcing obligations owed to us

in connection with performance of duties when seeking consultancy or professional advice, including legal advice; and/or

administering benefits or entitlements in connection with our banking relationship with you, including the administration of loyalty, rewards programmes, lucky draws, and/or sending gifts and awards.

In addition to the above purposes, we may also use personal data for purposes set out in the terms and conditions that govern our relationship with you or our customer.We may use automated systems to help us make decisions including technology that helps us to identify the level of risk involved in our relationship, for example monitoring your account activity. Where a decision is based solely on automated processing, including profiling, and produces legal effects or similarly significant consequences, data subjects are entitled to object to such decision and to request human intervention and a manual review, subject to the applicable exceptions under the DIFC Data Protection Law.USE OF PERSONAL DATA FOR MARKETING PURPOSES We may use your personal data to offer you products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. In doing so, we will comply with the DIFC Data Protection Law and other applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (GDPR).In respect of sending telemarketing messages to your telephone number via short message service, telephone calls (voice or video), facsimile and other mobile messaging services, please be assured that we shall only do so if

You have provided your clear and unambiguous consent in writing or other recorded form for us to do so;

you have not indicated to us in our ongoing relationship that you do not wish to receive telemarketing messages sent to your telephone number.

We may, as part of our ongoing relationship with you, send marketing messages to you. You may at any time request that we stop contacting you for marketing purposes via selected or all modes.To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “How to contact us” section below).Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.WHO WE SHARE THE INFORMATION WITH We share your information and information relating to individuals connected to your business with DBS Group and others where it is lawful to do so. "DBS Group" means DBS Bank Ltd., its related corporations, affiliates and branches. Below are some examples of people we share information with:

third party service providers, such as our correspondent banks in order to provide you with products or services you have requested;

fraud prevention and enforcement agencies;

regulators, tax authorities, DFSA, and other DIFC authorities;

professional advisers in connection with litigation or asserting or defending legal rights and interests;

credit reference agencies;

people who give guarantees or other security for any amounts you owe us;

people you make payments to and receive payments from;

your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you trade through us;

other financial institutions, lenders and holders of security over any property or assets you charge to us, other tax authorities, trade associations, payment service providers and debt recovery agents;

any brokers who introduce you to us or deal with us for you;

any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them;

law enforcement, government, courts, dispute resolution bodies, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;

other parties involved in any disputes;

anyone who provides instructions or operates any of your accounts, products or services on your behalf;

anybody else that we have been instructed to share your information with by you;

insurers and their underwriters;

where we have a legitimate business reason for doing so (e.g. to manage risk and verify identity);

where we have asked you or the individuals connected to your business for your permission to share it, and you (or they) have agreed; and

third parties connected with business transfers: We may transfer your personal information to third parties in connection with a reorganisation, restructuring,

merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice.TRANSFER OF YOUR INFORMATION OUTSIDE THE DIFC Your information and information relating to individuals connected to your business may be transferred to and/or stored in locations outside of the DIFC, including countries that may not have the same level of protection for personal information provided that we ensure that appropriate safeguards are in place.We will only transfer personal data internationally where:

The country or international organisation to which the data is transferred has been determined by the Commissioner to ensure an adequate level of protection; or

Appropriate safeguards are in place, which may include:

Use of standard data protection clauses approved by the DIFC Commissioner (a copy of which can be obtained by contacting us);
Other safeguards permitted under DIFC Data Protection Law.

In other specific situations, we may rely on other transfer conditions permitted by the DIFC Data Protection Law including as set out in Article 27(3)(b).

SELLING PERSONAL DATA We wish to emphasise that we do not sell personal data to any third parties and we shall remain fully compliant with any duty or obligation of confidentiality imposed upon us under applicable agreements and/or terms and conditions that govern our relationship with you.HOW LONG WE KEEP PERSONAL DATA Your personal data will be kept only for so long as is necessary for the purposes for which it was collected.YOUR RIGHTS AS AN INDIVIDUAL RELATING TO THE INFORMATION The law provides you with certain rights relating to your personal data. These rights include:

the right to access information we hold about you and to obtain information about how we process it;

the right to request that we rectify your information if it is inaccurate or incomplete;

the right to request that we erase your information although we may continue to retain your information if we are entitled or required to retain it pursuant to the DIFC Data Protection Law;

the right to request restriction of our processing of your personal data in certain circumstances;

where processing is based on your consent, the right to withdraw your consent at any time;

the right to object to our processing of your personal data in certain circumstances, including where we rely on legitimate interests, in which case we may continue processing where we demonstrate compelling legitimate grounds;

the right to receive certain information you have provided to us in a structured, commonly used and machine-readable format where the Processing is (a) based on the data subject's consent or the performance of a contract; and (b) carried out by automated means;

the right to object at any time to the processing of your personal data for direct marketing purposes, in which case we will cease such processing;

right to object to automated decision-making and request manual review.

You and individuals connected to your business can exercise your or their rights at any time by contacting us using the details set out in ‘HOW TO CONTACT US AND / OR SUBMIT A COMPLAINT”. You must supply sufficient information to allow us to confirm your identity, whether we are processing your information, and whether what you are asking us to do is a request with which we must comply under the DIFC Data Protection Law. You and individuals connected to your business are not required to pay any charge for exercising such rights and, if you make a request, we have one month to respond to you.YOUR OBLIGATIONS RELATING TO THE INFORMATION YOU GIVE US If you become aware that any individual whose information has been provided to us has raised concerns or exercised their rights in relation to such data, you should inform us without undue delay so that we may assess and address the matter in accordance with the DIFC Data Protection Law.HOW DO WE PROTECT YOUR PERSONAL INFORMATION We have implemented technical and organisational security measures to safeguard the personal information in our custody and control in accordance with the DIFC Data Protection Law. Such measures include but not limited to limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Notice as well as other administrative, technical and physical safeguards in accordance with the DIFC Data Protection Law.HOW TO CONTACT US AND / OR SUBMIT A COMPLAINT If you would like to contact us about any issue concerning data protection (including submission of a complaint), you can contact us as follows:

By email to privacyae@dbs.com;

By sending a letter, addressed to the Data Protection Officer, to our full address above;

By calling us on +97143641800 and asking to speak to the Data Protection Officer.

We are the controller of the personal data we process about you and about individuals connected to your business.You have the right to complain to the DIFC Data Commissioner at: commissioner@dp.difc.aeAMENDMENTS AND UPDATES We may amend this Privacy Notice from time to time to ensure that this policy is consistent with any developments to the way DBS uses your personal data or any changes to the laws and regulations applicable to DBS. We will make available the updated policy on our web site (https://www.dbs.ae.com).Where changes are material or significantly affect the way in which we process personal data, we will take reasonable steps to notify you, including by direct communication where appropriate.All communications, transactions and dealings with us shall be subject to the latest version of this notice in force at the time. Please review this Privacy Notice at regular intervals so that you are informed of all applicable changes.

DBS UAE

Find a branch near you

Awards