This notice describes how we use your personal information.
This notice was updated on 27 July 2023 to inform you of our new registered address.
Introduction
Bank of London and The Middle East plc (BLME, we, us, our) is committed to safeguarding the privacy of the personal data we collect and process. BLME is a member of the Boubyan Bank Group.
This Privacy Notice forms part of our commitment to be open and fair with all individuals whose personal data we process and to provide details around how we process such personal data and what we do with it.
For example, as part of the/our customer on-boarding process we will collect your personal data such as your name, address, telephone number, email address, employment details, financial information and Passport details in order to verify your identity and, in some cases, assess your credit-worthiness for the product for which you have applied. We do this as part of our legal obligations as a regulated provider of financial services and also to safeguard our business and our customers from fraud and other criminal activity.
If you have any questions, please contact the BLME Data Protection Officer at dpo@blme.com.
If we change anything important about this notice (the information we collect, how we use it or why we use it) we will highlight those changes at the top of the notice.
Who we are
We are Bank of London and The Middle East plc.
Your personal data is collected by:
· Bank of London and The Middle East plc which is a company registered in England & Wales with its company registered number as 05897786 and registered office address at 20 Churchill Place, Canary Wharf, London, E14 5HJ;
· Bank of London and The Middle East plc (DIFC Branch) which is a branch office registered in the Dubai International Financial Centre (the “DIFC”) with its DIFC registered number as 1317 and registered office address at Office 2904, Level 29, Al Fattan Currency House, DIFC, Dubai, UAE, PO Box 506557; and
· for shareholders only, Bank of London and The Middle East Holdings ltd which is a company registered in England & Wales with its company registered number as 08503102 and registered office address at 20 Churchill Place, Canary Wharf, London, E14 5HJ.
In the UK, Bank of London and The Middle East plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Bank of London and The Middle East plc appears on the FCA Register under firm reference number 464292.
In the DIFC, Bank of London and The Middle East plc is authorised by the DIFC and regulated by the Dubai Financial Services Authority. Bank of London and The Middle East appears on the DFSA Register under firm reference number F0003552.
Scope
The scope of this Privacy Notice covers applicant’s, customer’s (includes authorised representatives), shareholder’s and other individual’s personal data in respect of the following:
1. Collecting personal data
2. Retaining personal data
3. Information we share
4. Where your information will be held
5. Your rights
6. Right to object
7. Direct marketing
8. Analysis and advertising
9. Cookies
10. Security
11. Links to third party websites
12. Children
13. Changes to this Privacy Notice
14. How to contact us
1 Collecting Personal Data
Before we provide services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identify. We will collect, store and use your personal data to allow access to our website, to facilitate your applications for products or services through our website or in person, to allow you to manage the product or service you have with us (including by submitting instructions online), to onboard you as an authorised representative of our customer and for the purposes set out in more detail in this section. Where we refer to ‘customer’, this includes individuals acting on behalf of our customers, for example authorised representatives.
The personal data you provide, we collect from you, or we receive from third parties will be used to prevent fraud and money laundering, and to verify your identity. Details of the personal data that will be processed include, for example, name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address. We may also collect behavioural personal data from you, if you apply for any of our investment products, to understand your risk profile. Certain types of personal data are more sensitive than others. "Special category personal data" about you includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion. We may collect and receive special category personal data about you.
Your personal data may be shared with some third parties as is set out in more detail below. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
|
|
What personal data we collect |
How we use your personal data |
Why we use your personal data |
|
1 |
Information that you give to us as part of the customer on-boarding process for products and services whether online, in-person or over the telephone including:
· Your contact details including: your name, address, email address
· Your bank account details and financial information · Your employment details · Your date of birth · Your national insurance number · Your gender · Your marital status · Your Passport details · Your signature · Your behavioural personal data |
We use this information to:
· Process your application · On-board you as a customer and to help us ensure that our customers are genuine, to check whether our customers are politically exposed persons or are on sanctions lists, and to guard against money laundering, terrorist financing, fraud and other criminal activities · Conduct anti-money laundering, financial and credit checks (which may be renewed from time to time) · Verify our customers' credit histories · Conduct internal risk assessments to determine whether we can provide you with our products or services · Conduct financial personality assessment and knowledge and experience assessment where investing in our funds offering · Perform continual monitoring of your account(s) for fraud and crime prevention and detection purposes · Provide, manage and administer our products and services to you, including opening and managing your account · Manage our relationship with you · Make payment to you or take payment from you · To communicate with you regarding your account and our services · Better understand how our customers use products and services from us and other organisations · To provide advice or guidance about our products and services · Send you direct marketing about products and services we think you might be interested in and personalised offers or information which are based on the products and services you receive · Collect debts · Make necessary disclosures in response to requests, which we are legally required to comply with, to law enforcement or a regulatory authority, body or agency or in the defence of legal claims. · |
We use your personal data:
· As it is necessary for the performance of our contract with you. For example, we must use your contact details and payment details to create your account and to manage your finances / assets · To meet our legal obligations in respect of Anti-Money Laundering laws and "Know your Customer" requirements. For example, if we suspect money laundering or terrorist financing, we must make a disclosure to the relevant authority · On the basis that we have a legitimate interest in preventing fraud and money laundering, to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested · As it is in our legitimate interests to better understand the needs and concerns of our customers so that we may improve the products and services we offer and the way in which we provide our existing products and services as well as developing new products and services · Where we have collected your consent for direct electronic marketing you can withdraw your consent at any time by clicking on the unsubscribe link in any of our marketing emails or by contacting the BLME Data Protection Officer · To assess your suitability for investing in our fund offering · To understand your level of experience and knowledge for assessing our ability to offer you investment products · To appropriately categorise you before we can provide you with our investment products.
|
|
2 |
Information that is given to us by you as an organisation as part of the customer on-boarding process, whether online, in person or over the telephone including: · your contact details including: your name, address, email address · your position at the organisations, including details of your start date and the role held · Details of other positions held by you concurrently or in the past · Details of any previous disqualifications from acting as an officer or director of a Company |
We use this information to: · To help us ensure that our customers are genuine, to check whether our customers are politically exposed persons or are on sanctions lists, and to guard against money laundering, terrorist financing, fraud and other criminal activities · Conduct anti-money laundering, financial and credit checks (which may be renewed from time to time) |
We use your personal data: · To meet our legal obligations in respect of Anti-Money Laundering laws and "Know your Customer" requirements |
|
3 |
Information when you communicate with us whether in person, through our website or via email, over the telephone, through social media or via any other medium, including:
· Your contact details (which can include your email address or social media account details, depending on how you choose to communicate with us) · The details of your communications with us (including when you sent it, when we received it and where you sent it from, such as our website, post, telephone, email or social media) The details of our messages to you (including information that you may post on our social media platforms) |
We use this information to:
· Answer any issues or concerns · Monitor customer communications for quality and training purposes · Develop new services which are based on the information you provide · Improve our services based on the information and feedback you provide and the information and feedback provided by others · Personalise our service to you to take account of the information and feedback you have provided · Make necessary disclosures in response to requests which we are legally required to comply with, to law enforcement or a regulatory authority, body or agency or in the defence of legal claims.
|
We use your personal data:
· As it is necessary for the performance of our contract with you. · To meet our legal obligation to communicate with you regarding certain matters concerning your finances · As it is in our legitimate interests to better understand the needs and concerns of our customers so that we may improve the products and services we offer and the way in which we provide our existing products and services as well as developing new products and services |
|
4 |
Information that we collect through your use of our website including: · Device information such as operating system, unique device identifiers, the mobile network system · Hardware and browser settings · Date and time of requests · The requests you make · The pages you visit and search engine terms you use · IP addresses |
We use this information to: · Provide and adapt our services to take account of the technical capabilities of our users · Develop new services based on the information being collected, the behaviours of our users and the technical capabilities of our users · Improve our services to better suit the behaviours and technical capabilities of the users of our service · Identify issues with the website and users’ experiences of it · Manage and administer our IT systems · Monitor the way our website is used (including locations it is accessed from, devices it is accessed from, understanding peak usage times and analysing what functionality and information is most and least accessed) |
We use your personal data: · As it is in our legitimate interests to understand and assess the number of visitors, where the visitors have come from, page views and devices used in order to optimise our website to ensure that we are delivering it in a way that is helpful to our users and provides relevant, engaging and helpful information. · As it is in our legitimate interests to ensure that our websites, network and information technology are secure and are being used in an appropriate manner. |
|
5 |
Information that we collect from third party partners and corporate customers which includes: · Fraud prevention agencies · KYC (Know Your Customer)/ KYB (Know Your Business) Providers · Financial Crime Prevention Providers · Compliance Providers · Payment processing companies · Your other financial services provider(s) · Your professional advisors · Other entities in our group · Publicly available sources such as the electoral roll |
We use this information to:
· On-board you as a customer and to help us ensure that our customers are genuine, to check whether our customers are politically exposed persons or are on sanctions lists, and to guard against money laundering, terrorist financing, fraud and other criminal activities · Conduct anti-money laundering, financial and credit checks (which may be renewed from time to time) · Verify our customers' credit histories · Perform continual monitoring of your account(s) for fraud and crime prevention and detection purposes · Conduct internal risk assessments to determine whether we can provide you with our products or services · Provide, manage and administer our products and services to you, including opening and managing your account · Manage and administer our IT systems · Make payment to you or take payment from you
|
We use your personal data:
· As it is necessary for the performance of our contract with you. For example, we will use your account details provided by your other financial services providers to transfer amounts in accordance with your instructions · To meet our legal obligations in respect of Anti-Money Laundering laws and "Know your Customer" requirements. For example, if we suspect money laundering or terrorist financing, we must make a disclosure to the relevant authority · As it is in our legitimate interest and your legitimate interest that we protect you against fraud or criminal activity which might negatively impact your account or the products and services which we are providing. |
|
6 |
Information we collect incidentally from other sources such as public sources, or from individuals representing organisations, including:
· Information available in the media · Information presented on our social media or wider social media platforms including Facebook, Twitter and LinkedIn · Information collected by security systems · Contact details of individuals working for organisations · Other personal information regarding such individuals |
We use this information to:
· Maintain market awareness · Build and maintain social media branding · Provide security to our premises · On-board you as a customer and to help us ensure that our customers are genuine, to check whether our customers are politically exposed persons or are on sanctions lists, and to guard against money laundering, terrorist financing, fraud and other criminal activities · Build relationships with other organisations · Provide marketing communications to these individuals · Improve our services and develop new services based on the preferences and behaviours of these individuals |
We use your personal data:
· As it is in our legitimate interest to remain aware of updated market practice to ensure that we are offering a service which is competitive and meets the expectations of our customers · As it is in our legitimate interest to enhance our brand awareness and reputation which will help us to become more successful and to offer a greater variety of products and services to our customers. · As it is in our legitimate interest to monitor the areas around and within our premises to safeguard our employees, customers and members of the public against wrongdoing or criminal activity. · To meet our legal obligations in respect of Anti-Money Laundering laws and "Know your Customer" requirements. For example, if we suspect money laundering or terrorist financing, we must make a disclosure to the relevant authority. |
|
7 |
Shareholder and investor data. We collect and process personal data relating to our shareholders and investors which includes:
Your contact details including: your name, address, email address, identity document |
We use this information to: · Maintain an accurate record of our past and current shareholders · Communicate with our shareholders |
We use your personal data: · To meet our legal obligations in respect of corporate law |
2 Collecting Special Categories of Personal Data
We have identified here the types of special categories of personal data and criminal data we may collect or receive, how we will use it and why we will use it.
|
|
What special categories of personal data we collect |
How we use your special category personal data |
Why we use your special category personal data |
|
1 |
Special Categories of Information and Criminal Data that you give us or that we receive from you, your organisation or from third parties:
· Passport details which may disclose details of your racial or ethnic origin (and nationality) · Buying and / or applying for certain products and /or services that imply specific religious beliefs (such as placing a Wakala Deposit) · Information relating to criminal activity that is provided to us from third party organisations providing screening services · Other special categories of personal data which you provide to us whether in person, by telephone, in writing, by email or by some other form of communication |
We use this information to:
· Process your application · On-board you as a customer and to help us ensure that our customers are genuine, to check whether our customers are politically exposed persons or are on sanctions lists, and to guard against money laundering, terrorist financing, fraud and other criminal activities · To make Suspicious Activity Reports which include detailed information about transactions that are or appear to be suspicious to the relevant authorities or regulators · Conduct anti-money laundering, financial and credit checks (which may be renewed from time to time) · Conduct internal risk assessments to determine whether we can provide you with our products or services · Perform continual monitoring of your account(s) for fraud and crime prevention and detection purposes · Provide, manage and administer our products and services to you, including opening and managing your account · Respond to your questions, queries and / or complaints · For the purpose of providing Financial Services Compensation Scheme with a list of our depositors in case of BLME being unable to continue |
We use your special categories of personal data:
· Where you have manifestly made this information public · Where the processing is necessary in connection with legal claims · Where we have collected your explicit consent for a particular processing purpose · Where the processing is in the substantial public interest. For example, we process special categories of personal data in connection with our background checks, Suspicious Activity Reports and sanction screening in order to prevent or detect unlawful acts |
1. Consequences of processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us by using the “Contact Us” section below.
3 Retaining Personal and Special Category Personal Data
We will keep your information for as long as you are a BLME customer and for a period of time after you stop being a customer of ours.
When you stop being a BLME customer, we will retain your personal data for a period of up to six years. We retain your personal data in this way to enable us to respond to any queries or complaints which you may have in the future and to maintain records in line with our legal obligations to do so.
In certain circumstances we may also retain your personal data for longer than 10 years if this is necessary in connection with a legal, regulatory or contractual obligation.
We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
In all cases, we will continue to protect your personal data in accordance with the terms of this Privacy Notice. We will also routinely refresh our information to ensure we keep it up-to-date.
4 Information we share
There are certain circumstances where we transfer your personal data to other parties.
· Your personal data may be shared and processed by other companies within our group, for example, where they provide services to us, for marketing purposes, for entering into a contract with you for the provision of our products or services or to perform obligations under that contract and for internal reporting. When you open an account with us and you already have an account within the Boubyan Bank group, we may request your KYC documentation from that group company to assist in the account opening process or ongoing maintenance of your account.
· We share your information with certain contractors or service providers. They may process your personal data for us, for example, if we use a marketing agency. Other service providers include advertising agencies, IT suppliers, risk profiling/assessment tools, database providers, backup and disaster recovery specialists, email providers and outsourced call centres.
Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your personal data, will only be provided in connection with the performance of their function. They will not be permitted to use your personal data for any purposes other than those outlined in this Privacy Notice.
· We also share your information with certain third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you or for one of the other purposes set out in this Privacy Notice. These include, our professional advisors (including lawyers, accountants and auditors), UK Financial Services Compensation Scheme, HM Revenue & Customs, credit reference agencies, anti-fraud databases and agencies, screening agencies, organisations that introduce you to us, third parties associated or linked with your business, organisations that we introduce you to and Independent Financial Advisors.
· If you have a debit card with us, we will share your personal data (including your transaction information) with the Card Issuer and Service Provider, the Card Scheme and Card Processor Providers who assist us in providing this service to you.
· Your personal data may be transferred to other third-party organisations in certain scenarios:
· If we discuss selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
· If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
· If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example, the Police; or
· If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
· We do not sell, rent or trade any of your personal data.
· We will not, without your consent, disclose or supply your personal data to any third party for the purpose of their or any other third party's direct marketing.
· Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
5 Where your information will be held
Your information may be transferred outside the UK or to a jurisdiction outside the DIFC.
Personal data we collect, is predominantly stored in the UK and some personal data relating to the products and services provided by our DIFC Branch is stored in the DIFC. Your personal data may be stored and processed in and transferred between any of the countries in which we operate (which includes the UK and Dubai), in order to enable us to use the information in accordance with this Privacy Notice.
We will only transfer data to jurisdictions outside the scope of the UK or the DIFC where the appropriate safeguards set out in the UK GDPR and / or DIFC Data Protection Law (as applicable) are in place.
1.1. However, to ensure that your personal information is properly protected in line with UK and DIFC data protection law (as applicable), the transfer of this information is governed by an International Data Processing and Transfer Agreement (Intra-Group) or contract
· for transfers outside the UK in accordance with Article 46(2)(c) of the UK GDPR; and
· for transfers outside the DIFC, the DIFC Commissioner of Data Protection in accordance with Article 27(2)(c) of the DIFC Data Protection Law.
If you would like to obtain copies of the regulator-approved Standard Contractual Clauses, please contact our Data Protection Officer at DPO@BLME.com.
Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
6 Your Rights
Your personal data is protected by legal rights which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data. The availability of these rights and the ways in which you can use them are set out below in more detail.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the BLME Data Protection Officer using the contact details set out below.
· Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it.
· Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected.
· Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
· Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
· Transfer: you may request the transfer of certain of your personal information to another party.
· Consent withdrawal: you are entitled to withdraw your consent to the processing of personal data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation.
For more information or to exercise any of your data protection rights, please contact the BLME Data Protection Officer at dpo@blme.com
You also have a right to lodge a complaint with a supervisory authority, in particular:
· In the UK you can contact the ICO on 0303 123 1113 or at www.ico.org.uk); and
· where the DIFC Data Protection Law applies, you can contact the DIFC Commissioner of Data Protection on +971 (0)4362 2222 or at commissioner@dp.difc.ae.
7 Right to object
You have a right to object to us processing your information in certain circumstances.
You have a right to object to our processing of your personal data where this is based on our legitimate interests (or those of a third party). You may challenge our reliance on legitimate interests. However, we may be entitled to continue processing your personal data based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.
8 Direct Marketing
As described above, you can opt-out of receiving direct marketing from us at any time.
We may use the information you give us on our website or when we accept your application to open an account with us for direct marketing purposes to provide updates; newsletters; details of events; or other communications that we think may interest you. We will only do this with your consent (where required by law).
You can opt-out of receiving directing marketing from us at any time. You can do this by clicking on the "unsubscribe" link included at the end of any marketing email we send to you, or by contacting the BLME Data Protection Officer using the details set out below.
9 Analysis and Marketing
We use third party tools to personalise the advertising displayed to you on our website.
For this purpose, we use cookies, web beacons or similar technologies to collect information about your browsing behaviour (see our Cookie Notice for more detailed information) and deliver interests-based ads to you.
10 Cookies
We record the number of visitors to the relevant sections of our website and track movement between the sections by means of ‘cookies’.
Cookies are small data files containing information placed on your computer and are automatically downloaded to your device in order to recognise you as someone that has visited our website previously. We use cookies that identify your browser or device. They collect and store information when you visit our website about how you use it.
For more information about cookies, the types of cookies we use and how we use them please see our Cookie Notice.
11 Security
We are committed to keeping your personal data safe. We have physical, technical and administrative measures in place to prevent unauthorised access, loss, misuse or alteration of your personal data.
We store all personal information on secure servers with relevant access and firewall controls.
All applications processed through our website are encrypted. Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.
Passwords must be kept confidential and not disclosed to a third party. BLME does not ask you for your password.
12 Links to third party website
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers and other group companies and/or social networks as offered to you and supported by your browser. Often links to other websites are provided solely as reference points to information on topics that may be useful to the users of our website.
The personal data that you provide through these websites is not subject to this Privacy Notice and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy policies which will set out how your information is collected and processed when visiting those sites. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of entities through which you chose to share.
13 Children
We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal information to us or apply for our products or services. If you believe we might have any personal information from or about a person under the age of 18, please contact the BLME Data Protection Officer.
14 Changes to this Privacy Notice
This Notice will be changed from time to time.
If we change anything important about this Notice (the personal data we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.
We will also notify you in advance of the changes taking effect so that you understand what impact our changes may have on you.
If you would like to access previous versions of this Privacy Notice please contact the BLME Data Protection Officer.
15 How to contact us
If you have any questions about this Notice please contact our Data Protection Officer at dpo@blme.com.