Privacy Policy
We're committed to safeguarding your privacy and personal information
Introduction
First Abu Dhabi Bank PJSC and its affiliates (“FAB”) are committed to providing the highest level of protection regarding the processing of their customers’ personal data based on applicable data protection laws and regulations.
This policy describes how First Abu Dhabi Bank PJSC as head office in the United Arab Emirates (UAE) and its concerned affiliate(s) FAB UK branch – when you are dealing with a local FAB affiliate - may collect, use, store, disclose or otherwise process your personal data including personal data provided when using our websites (“FAB Websites”).
The information we collect about you and from where
Personal data comprises all the details that FAB collects and processes directly or indirectly about you as individual client or representative of a corporate client, for instance information about your identity and contact details (such as name, email id, contact number), your transactions, your financial information, interactions or dealings with FAB, including information received from third parties (credit reference and fraud prevention agencies, public sources of information, e.g. voters roll) and information collected through use of FAB Websites, cookies or other similar tools and our electronic banking services.
The use of the FAB Websites and any products and services supplied are subject to our Terms and conditions.
Controllers contact details
First Abu Dhabi Bank PJSC, UK Brach (FAB UK), registered in England and Wales (Company No. FC009142), with its registered office at 45 Cannon Street, London EC4M 5SB and First Abu Dhabi Bank PJSC as head office in the United Arab Emirates (FAB UAE) are Joint Data Controllers for the personal information we process, unless otherwise stated. This is because FAB UK carries out part of data processing operations together with FAB UAE, so when you see the terms “we”, “us”, “FAB” or “our” in this Privacy Notice, this is who we are referring to.
As per the Joint Controller agreement between FAB UK and FAB UAE, FAB UK shall remain in charge of your information and collection of Consent (where required) and of the management of any request to exercise your rights or of any complaints logged. For further information on Joint Data Controller arrangements between FAB UK and FAB UAE, please contact DPOUK@bankfab.com
FAB UAE also acts as a service provider for FAB UK, in particular for the provision of IT services. This is where FAB UAE acts in a capacity of a Data Processor to FAB UK, this means they only process any data as per the documented instructions from FAB UK.
If you have any questions regarding this privacy policy or the protection of your personal data, would like the privacy information to be provided orally, would like more information about the way in which we use your personal information, wish to complain or would like to withdraw consent to any processing we do on your data based on consent, or to exercise your data protection rights, please contact FAB’s Data Protection Office at the following:Data Protection Office
First Abu Dhabi Bank
45 Cannon St
London
EC4M 5SB
Email: DPOUK@bankfab.com
Processing Personal Data
FAB may process your Personal Data as an individual client or a representative of a corporate client for the following purposes:
FAB may process your Personal Data as an individual client or a representative of a corporate client for the following purposes:
- Processing applications for products and services, including assessing customer suitability and performing necessary checks and risk assessments (e.g., in case of credit request).
- Providing products and services (including electronic banking services), including effecting payments, transactions and completing instructions or requests.
- Monitoring and improving our website and its content.
- Establishing and managing banking relationships and accounts.
- Conducting market research and surveys with the aim of improving our products and services.
- Sending you information about our products and services for marketing purposes and promotions.
- Preventing, detecting, investigating and prosecuting crimes (including but not limited to money laundering, terrorism, fraud and other financial crimes) in any jurisdiction, identity verification, government sanctions screening and due diligence checks.
- Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement or court order, as well as any contractual obligation pursuant to agreements between any member of the FAB group and any authority, regulator or enforcement agency or body or any request coming from said entities.
- Establishing, exercising or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings.
- Monitoring: To the extent permitted by law, FAB may record and monitor your communications with us to ensure compliance with our legal and regulatory obligations and our internal policies. This may include the recording of telephone conversations.
- Surveillance of premises.
FAB processes your personal data for the performance of the banking contract(s) concluded with you as an individual client, compliance with applicable legal or regulatory obligations or FAB legitimate interests to provide you with adequate and qualitative products and services and to prevent against any excessive risk.
Personal data requested by FAB are usually necessary. If it is not provided, FAB will be unable to comply with its legal or regulatory obligations or to provide you with the requested products and services.
Your personal data processed by FAB will only be shared with/accessible by a limited list of recipients on a need to know basis or where required by law, in both FAB PJSC and the local FAB affiliate(s) concerned, thus:
- Employees of the business line(s) concerned by the products and services provided;
- Employees of the marketing department, where it is lawful to do so;
- Employees of the legal and compliance department(s) concerned;
- Employees of the accounting department(s) concerned;
- Employees of the IT department(s) concerned;
- Employees of selected service providers and suppliers who support FAB in the provision of adequate and qualitative products and services. We have data protection compliant contracts in place with our suppliers and service providers. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely, retain it for the period we instruct, and implement the organisational and technological measures required to protect your data.
- In some circumstances we are legally obliged to share information. For example, under a court order. Under any circumstance, we will only share your information if we have a lawful reason to do so.
When you are in a banking relationship with a FAB office within the European Economic Area (EEA), your personal data may be transferred to FAB PJSC in UAE or any other FAB affiliate FAB UK branch located outside the EEA, for the purposes mentioned in the above section only or to their local service providers for support in the pursuance of such purposes.
We only transfer your information to organisations in other countries based outside the European Economic Area (EEA) provided that they protect it in accordance with applicable laws and where:
- The UK Government has decided that the country or the organisation we are sharing your information with will protect your information adequately
- The transfer has been authorised by the relevant data protection authority
- We have entered into a contract with the organisation with which we are sharing your information based on standard contractual clauses or terms approved by the European Commission/UK's Information Commissioner, to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses, please contact us
Retention of Personal Information
Your personal data processed by FAB are kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed in line with legal, regulatory or statutory obligations.
At the expiry of such periods, your personal data will be deleted or archived in a secure manner to comply with legal retention obligations or in accordance with applicable statutory limitation periods. Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable legal or regulatory requirements.
Retention periods may be changed from time to time based on business or legal and regulatory requirements. We may, by exception, retain information for longer, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators.
Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. You are not required to pay any charge for exercising your rights unless your request is clearly manifestly unfounded or excessive. We have one month to respond to you. If your request is complex or you make more than one, the response time may be extended to a maximum of three calendar months, starting from the day after receipt. We shall inform you of any such extension or requirement of fee within one month of receipt of the request, together with the reasons.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
Your data protection rights are highlighted below. You can submit a request verbally or in writing, please use the contact us section of this website or email DPOUK@bankfab.com
Right of Access
You have the right to obtain from FAB, confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the supplementary information that helps you to understand how and why we are using your data, and check that we are doing it lawfully.
FAB shall provide a copy of the personal data undergoing processing. For any further copies requested within 3 months of the first request, please note that FAB may charge a reasonable fee based on administrative costs.
Right to Rectification
You shall have the right to obtain from FAB without undue delay the rectification of inaccurate or incomplete personal data concerning you.
Right to Erasure
Except in very specific cases where provided by law, you have the right to obtain from FAB the erasure of personal data concerning you without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation to which FAB is subject;
- the personal data have been collected in relation to the offer of information society services directly to a child.
You have the right to obtain from FAB restriction of processing where one of the following applies:
- you contest the accuracy of your personal data (in such a case, the restriction will be for a period enabling FAB to verify the accuracy of said data); the processing is unlawful;
- FAB no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- you object to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
You have the right to receive or to transmit those data to another controller in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to FAB, without hindrance from FAB, where the processing is based on your consent or on a contract and the processing is carried out by automated means.
You have the right to obtain from FAB restriction of processing where one of the following applies:
- you contest the accuracy of your personal data (in such a case, the restriction will be for a period enabling FAB to verify the accuracy of said data); the processing is unlawful;
- FAB no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- you object to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except in specific cases provided by law.
Right to withdraw consent (Opt-Out)
You can withdraw consent for any processing that we do based on your consent in relation to your personal data. If you withdraw your consent, it will not affect the lawfulness of any processing of your personal data we conducted based on your consent prior to you withdrawing that consent.
Finally, note that you are entitled to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK, concerning FAB’s compliance with the applicable data protection laws and regulation.
Security of your data
The security and confidentiality of your Personal Data is important to us and FAB has invested significant resources to protect the safekeeping and confidentiality of your personal data. When using external service providers acting as processors, we require that they adhere to the same standards as FAB. Regardless of where your personal information is transferred or stored, we take all steps reasonably necessary to ensure that personal data is kept secure.
Social Media
FAB operates channels, pages and accounts on some social media sites to inform, assist and engage with customers. FAB monitors and records comments and posts made on these channels about FAB in order to improve its products and services.
Please note that you must not communicate to FAB through such social media sites the following information:
- confidential personal data, including any information regarding your financial situation, bank account details, transactions, etc.
- sensitive personal data including (i) special categories of personal data meaning any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and (ii) other sensitive personal data such as criminal convictions and offences and national identification number ;
- excessive, inappropriate, offensive or insulting information towards individuals.
FAB is not responsible for any information posted on those sites other than the information posted by its employees on its behalf. FAB is only responsible for its own use of the personal data received through such sites.
Your use of our website
Cookies - We use 'cookies' to monitor how people use our site. A cookie is a piece of information that is stored on your computer's hard drive and it records how you have used a website. This helps us to understand how our customers use our website so we can develop and improve the site. For more information about our use of cookies please refer to our Cookie Policy.
Other websites – this policy does not apply to third-party websites where our online advertisements are displayed, nor to linked third-party websites which we do not operate or control. Where we provide links to websites of other organisations, this Privacy Policy does not cover how that organisation processes personal information. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites. We encourage you to read the Privacy Policies on the other websites you visit.
Changes to this Privacy Policy
FAB may in its absolute discretion update this policy from time to time. We keep our Privacy Policy under regular review to make sure it is up to date and accurate. This Privacy Policy was last updated in June 2021. Any significant changes to our Privacy Policy will be communicated to the affected individuals using the most suitable channel including e-mails or post.