Privacy Notice

D360 Bank (“the Bank”, “D360”, “We”, “Us” or “Our”) is committed to protecting your privacy and Personal Data and offering the highest data protection standards in line with applicable laws and regulations, including without limitation, the Saudi Personal Data Protection Law (“PDPL”). We ask for your consent when required, for processing of your personal information including collection, use, storage, archiving and sharing of your personal information subject to and inconsistence with the PDPL and applicable laws and other notices you may receive based on your relationship with us.

This Privacy Notice (“Notice”) aims to help you, the Customer, to understand and to keep you informed about what personal data we collect, use, store, share or process through your interaction with us to offer you more personalized products and services, and the legal bases on which we do so. Further, this Notice explains the various measures we have in place to protect the security of your personal data and minimize the potential for its unauthorized use, disclosure or destruction.

This Notice is subject to changes and updates to comply with the most recent local and international laws and regulations and industry best practices. When we change or update the Notice, we will notify you; seek your consent, where applicable; and revise the date at the bottom of this page.

Your Data

We collect and use your Personal Data to the extent necessary to comply with the law and manage risk requirements as well as to achieve a high standard of personalized products and services. We may collect your personal data, including a) information used to identify you such as your name, national ID number or residency card (Iqama), passports, date of birth; b) information used to contact you including national address, email address, phone number; c) information used to provide you products and services such as marital status, employment history, income, educational level; and d) information about your digital activities. We collect your personal data through various channels (e.g., website, mobile devices, phone conversations, email, chats, device IDs, IPs).

In circumstances where we rely on consent as the lawful basis for our processing, we will provide you with full details of the information that we will require and the reason for this. E.g., to provide a service, such as opening a bank account. This will allow you to provide your consent. If you do refuse to provide us with your consent (where applicable) to use and / or share your personal data, due to regulatory restrictions, we may not be able to provide you with the products or services for which your consent is being requested.

Lawful Basis

We will only collect and use your Personal Data for the following lawful purpose:

• processing based on consent;
• processing is in accordance with another law or in implementation of an earlier agreement to which the Personal Data Owner is a party; and
• processing is pursuant to another law or in implementation of a previous agreement to which the Personal Data Subject is a party;
• processing is necessary to achieve a lawful interest of the Controller D360 or any other party, without prejudice to the rights and interests of the Personal Data Subject, and provided that the Personal Data is not Sensitive Personal Data, in accordance with the rules and provisions set out in the Regulations.

Personal Data Share and Transfer

We may share your personal data with internal and external parties (e.g., regulatory authority, service providers, partners, etc.) for processing to the extent necessary to fulfil the purposes described in this Notice. In some circumstances where the law permits, this will involve us transferring your personal data outside the region. Such transfers will be performed in compliance with the law. When we transfer your personal information outside the region, we will take the necessary steps to ensure appropriate safeguards are applied to maintain the same levels of protection as required under the law.

Data Retention

We will retain your personal data only to the extent necessary, or as required by law, to meet the purposes set out in this Notice, for example, to comply with our operational and legal obligation such as maintaining accounts, facilitating client relationship management, responding to legal claims or regulatory requests, etc. We then securely delete personal data as soon as legally permitted.

Data Security

We have put in place appropriate security measures to i) prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed (e.g., access control, network security, communication security etc.); and ii) deal with any suspected personal data breach and will notify you and the competent authority of the breach where we are legally required to do so based on the requirements outlined in the law.

Your Rights

Under certain circumstances, you may have different rights in relation to the personal data we hold about you. Please see the summary of your rights below:

• right to be informed about the personal data and the legal basis and the purpose of processing;
• right to have access to personal data;
• right to request correction, completing or updating personal data;
• right to request destruction; and
• right to withdraw consent.

Purpose for Processing Personal Data

There are several purposes for processing personal data. These purposes are essential for providing banking services to our customers and ensuring the smooth operation of financial institutions, including:

• Account Management: Banks process personal data to open and maintain customer accounts, including collecting and verifying identity information, contact details, and account preferences.
• Transaction Processing: Personal data is used to process various types of financial transactions, including deposits, withdrawals, fund transfers, bill payments, and more.
• Risk Assessment and Credit Scoring: Banks use personal data to assess the creditworthiness of customers seeking loans or credit, helping to determine the, terms, and amounts for loans and credit lines.
• Anti-Money Laundering (AML) and Know Your Customer (KYC) Compliance: Banks collect and process personal data to comply with regulatory requirements, such as verifying the identity of customers and monitoring transactions for suspicious activities to prevent money laundering and fraud.
• Customer Service and Support: Personal data is used to provide customer support, answer inquiries, resolve issues, and communicate important information related to accounts and services.
• Marketing and Communication: Banks may use personal data to inform customers about new products, services, promotions, and other relevant information. Consent is often required for direct marketing activities.
• Account Security and Fraud Prevention: Personal data is used to implement security measures, detect and prevent fraud, and ensure the safety of customer accounts and sensitive financial information.
• Legal and Regulatory Compliance: Banks process personal data to fulfill legal obligations and regulatory requirements imposed by authorities such.
• Reporting and Analytics: Personal data is used to generate reports, analyze customer behavior and preferences, and make informed business decisions to improve services.
• Payment Processing: Personal data is essential for processing payments, managing payment card information, and facilitating electronic and mobile payment methods.
• Electronic Communication: Personal data is used to facilitate electronic communication with customers, including sending account statements, transaction alerts, and important notices.

Social Media

We operate channels, pages and accounts on social media sites (“Social Media”) to be able to assist and engage with you in order to improve our products and services. Do not share any personal data on our social media sites.

Cookies

Cookies may be used in electronic exchanges for the purpose of serving you better. A cookie is an element of data that the electronic service may send to your browser and which may be stored on your computer. Any Cookies which are placed onto your computer are for identification, performance and integrity purposes only and serve no further functions. Our Application may collect information directly from you, for example, when you log in with the Application, we will collect information from you, which may include your username, password, name, device type, device model, device identifier, app version. Also, there are some features from the Application that collect your location data when you grant access to that permission

Marketing

We may use your personal data for general and aggregated marketing purposes to inform you about our products and services and new offers based on the consent provided. You may also receive general message sent to you or by contacting D360 Customer Care.

Quality Assurance

We are committed to delivering the highest quality products and services to our customers. To achieve this, we may use your personal information to monitor and assess the performance of our products, services, and customer interactions, including: a) call monitoring and review: We may record and review customer interactions, such as phone calls or chat conversations, for the purpose of assessing the quality of our customer support and ensuring that our representatives provide accurate and helpful information. b) feedback analysis: We may collect and analyse feedback provided by customers to improve our products, services, and customer experience. This feedback may be used to identify areas of improvement and make necessary adjustments. c) issue resolution: In the event that you raise an issue or concern with our products or services, we may use your personal information to investigate and address the issue promptly. d) training and development: Our employees and representatives may undergo training sessions where interactions are reviewed for educational purposes. These sessions are aimed at enhancing the skills and knowledge of our team to better assist our customers. We understand that your personal information is sensitive, and we take measures to ensure that it is handled securely and confidentially during these quality assurance activities.

Contact us

Keeping your personal data accurate and up to date is very important for us. Please keep us informed of any of the information we hold about your changes during your relationship with us. If you have any questions about the Privacy Notice or require further information, please use our Contact Center.