Privacy Statement

Introduction

Your privacy is important to us and we want to assure you that the Personal Data we collect about you will be treated with care. This Privacy Policy will inform you about how we look after your Personal Data when you visit NFH website or NFH mobile application and tell you about your privacy rights and how the law protects you.

"NFH", "We", “Us” or “Our” in this Privacy Policy refers to National Finance House ("NFH") Group, including its branches and subsidiaries.

When you request information or sign up for our products and services or when you enter into any commercial transactions with NFH, you may be required to provide us with your personal data. In doing so, you consent to its use by NFH in accordance with this Privacy Policy. Your personal data may have otherwise been provided to NFH by a third party for products or services that these third parties have sought from NFH on pursuant to commercial transaction entered into with us. In this context, the term "You" or "Your" in this Privacy Policy extends to any individual whose personal data has been provided to NFH.

What types of personal data do we collect?

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together follows:

  • Identity Data includes first name, middle name, last name, maiden name, username or similar identifier, marital status, title, date of birth, gender, passport number and client number.

  • Contact Data includes home address, email address and telephone numbers.

  • Financial Data includes bank account and payment details.

  • Transaction Data includes details about payments from you and other details of services or facilities you have taken from us.

  • Technical Data includes internet protocol (IP) address, your login data, data about your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data includes your username and password, NFH client number, service preferences, feedback and survey responses.

  • Usage Data includes information about how you use this website and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and third parties (i.e. any external partners) and your preferences when receiving communications.

How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

We obtain your personal data in various ways, such as:

  • When you enter into any commercial transactions with the NFH including but not limited to Vehicle Financing and Insurance.

  • When we obtain any data and information from third parties (e.g. credit bureau agencies, governmental and regulatory bodies, employers, joint account holders, guarantors, legal representatives, spouses, parents, guardians, dependents and/or companies/partnership that you hold directorships, shareholdings or partnership in).

  • When you sign up for or use any service we provide or when you register an account at NFH websites or NFH mobile Application.

  • When you contact us through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance and security purposes.

  • We may obtain your personal data when you participate in customer surveys or when you sign up for any of our promotions.

  • From video recordings from our security surveillance cameras and audio recordings.

  • From publicly available sources.

How We Use Your Personal Data

We will only use your Personal Data as permitted by law. Most commonly, we will rely on the following types of lawful basis to process your Personal Data:

  • Legitimate Interests:the interests of NFH in conducting and managing our business in order to give you the highest standard of service. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests.

We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your express consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract: processing your Personal Data is necessary for the performance of the contract of carriage to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation: processing your Personal Data may be necessary for compliance with a legal or regulatory obligation to which we are subject.

Consent: in certain circumstances, we may ask for your express consent to collect, process or transfer your Personal Data, for example in relation to opting into receiving our newsletter or other direct marketing. You have the right to withdraw your consent at any time simply by contacting us.

Cookies:NFH website uses cookies that are text files containing small amounts of information {this does not include personal sensitive information} which are downloaded to your device when you visit a website in order to provide a personalized browsing experience. Cookies do lots of different jobs, like allowing users to navigate between pages efficiently, remembering their preferences, and generally improving their browsing experience. These cookies collect information analytics about how users use a website, for instance often visited pages. All information collected by third party cookies is aggregated and therefore anonymous. You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Change of purpose:We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unrelated purpose, we will notify you to explain the legal basis which allows us to do so or, where required by law, to seek your consent.

To whom do we disclose your personal data?

Your personal data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services and subject at all times to any laws applicable to financial institutions, we may need to disclose your personal data to:

  • Other Entities within NFH Group;

  • Governmental and regulatory bodies such as the Central Bank of Bahrain, Financial Intelligence Directorate, and Ministry of Industry Commerce & Tourism;

  • Credit bureau agency;

  • Professional, legal and audit firms,

  • Any insurer, reinsurer and insurance broker;

  • Any other person to whom disclosure is permitted or required by any statutory provision or law; and

  • Any service provider including third party service providers, sales and telemarketing agencies, strategic business partners or otherwise, under conditions of confidentiality imposed on such service providers, for the purpose of data processing or providing any service on behalf of NFH or in connection with such outsourcing arrangements NFH may have with any third party where certain functions were outsourced to the third party.

The disclosure of your data may involve the transfer of your personal data to places outside of THE Kingdom of Bahrain, and by providing us your personal data you agree to such a transfer where it is required to provide you the services you have requested, and for the performance of any contractual obligations you have with NFH including for retention purposes.

How Do We Protect Your Data?

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an un-authorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we retain your Personal Data

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from un-authorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What Is Your Legal Rights?

Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Data:

  • Request access to your Personal Data (commonly known as a "data owner access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes (and you will always be able to opt-out via the “unsubscribe” link on an email from us). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following situations: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to information which was originally collected electronically and which you either consented to us using or was used to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required
You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee (taking into account the administrative costs of providing the information) if we consider your request to be unfounded, repetitive or excessive. Alternatively, in these circumstances, we may refuse to comply with your request but we will provide you with a full explanation of this at the time.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
We will respond to all legitimate requests within two weeks. If your request is particularly complex, or you have made a number of requests, it may take us up to one calendar month to respond (instead of the two weeks mentioned earlier), but we will notify you of this and keep you updated.

Marketing

We aim to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.

Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this “marketing”).

Third-party marketing
We will request your express consent before we share your Personal Data with any company outside the Group for marketing purposes.

Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Changes to This Privacy Policy

Please note that we may update this Privacy Policy from time to time. If there are material changes to this Privacy Policy, we will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do periodically review this Privacy Policy to stay informed on how we are protecting your information.

This Privacy Policy was last updated on 13/10/2019.

How May You Contact Us?

It is important that the Personal Data we hold about you is accurate and up-to-date. It is your obligation to keep us informed if your Personal Data changes during your relationship with us. If you have provided NFH with personal data of a third party, please ensure that you have obtained the third party's consent in relation to the processing and disclosure of their personal data and that this Privacy Policy is brought to the attention of any such third party

You may request to access or update personal information that we hold about you by contacting our Data Protection Officer at dpo@nfh.com.bh. We may exercise our right to deny access to or correction of particular information in certain situations where permitted by law. If we deny your request we will provide in writing the reason why it was denied.

NFH is committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently. You have the right to make a complaint at any time to the Data Protection Authority (DPA), We would, however, appreciate the chance to deal with your concerns before you approach the DPA so please contact us in the first instance using the contact details below.

Contact Details:

Data Protection Officer
P.O. Box 21774
Manama, Kingdom of Bahrain
Email: dpo@nfh.com.bh

Marketing Consent Withdrawal for exisitng customers