NBF Privacy Notice

At National Bank of Fujairah (“NBF” or “we” or “us”), we recognize that privacy is important to our customers, as we are committed to protecting your personal data and privacy rights. This privacy notice (the “Privacy Notice”) outlines our comprehensive data privacy program and how we manage personal information.

NBF defines personal data as any information that identifies or can be used in combination with other information to identify an individual. This includes, but is not limited to your name, nationality, addresses, telephone number, email address, and other specific demographic details (“Personal Data”).

This Privacy Notice describes how NBF, as the data controller, collects, uses, shares, and stores your information in compliance with all applicable laws and regulations. It applies to all Personal Data processed by our employees, contractors and partners working on behalf of NBF, as well as all legal entities and subsidiaries of NBF in the countries^[1] where we operate, including those where data privacy laws may not yet be fully developed.

To safeguard your privacy, NBF has implemented systems and controls to ensure that all Personal Data is managed confidentially and appropriately and used only as described in this notice. We provide regular training and awareness sessions for our employees regarding their responsibilities and obligations when accessing and managing Personal Data, as well as reporting any security or policy breaches. All employees are accountable for protecting Personal Data in all processes and are required to acknowledge their understanding of and commitment to this Privacy Notice.

Collection of Personal Data by governmental institutions and authorities will be conducted only based on specific legal requirements.

In all cases, this Privacy Notice includes all necessary restrictions to comply with legal requirements. Please note that we may revise this Privacy Notice from time to time, to reflect any new or amended legal or regulatory requirements.

Depending on the nature of the changes, we will inform you through written communication, either by email or through our website.

1. PRINCIPLES OF DATA PROTECTION

As the controller of your Personal Data, adhere to, and rights that you have in relation to your data (as data subject). These principles ensure that your Personal Data is:

1. processed lawfully, fairly and in a transparent way.
2. collected only for specified, explicit and legitimate purposes.
3. adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
4. accurate, and where necessary, kept up to date.
5. not kept in a form that allows identification of data subjects for longer than is necessary; and
6. processed securely, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing, and accidental loss, destruction, or damage.

Please refer to the “What are your Rights” section below for further information.

2. WHERE WE COLLECT PERSONAL DATA

We collect Personal Data about you from:

1. the Account Opening form, Debit, Credit Card application forms and other documents you provide, whether electronically or in writing.
2. when you request or use products, goods, or services (e.g., using your account or card to make transactions, ATM operators, or use concierge services or booking travel).
3. checks conducted with credit information and fraud prevention agencies, including personal and business records (if applicable).
4. Information you provide through your communication with us and your use of account and card services (e.g., your date of birth for identity verification during service calls).
5. participation in research, surveys, competitions, or marketing offers; and
6. third party sources, such as marketing lists obtained lawfully from business partners.

   3. WHAT PERSONAL DATA WE COLLECT

The types of Personal Data we capture and depend on your interactions with our website, the NBF App, or your application status as a customer. Examples of the Personal Data we collect may include:

1. full name and personal details, including contact information (e.g., home address and address history, email address, home, and mobile telephone numbers).
2. any documents/IDs indicating nationality, visa status, date of birth and/or age (e.g., to ensure eligibility for a product or service).
3. financial details (e.g., salary, employment information, and other income).
4. billing information necessary to maintain your account with us.
5. identification documents provided during your application (e.g., identity card, proof of address and any other information required to verify your identity or eligibility for an account with us).
6. details of any correspondence or communication between us.
7. your account credentials for setting up and maintaining your account with us.
8. records of products and services you have obtained or applied for, how you use them, and the relevant technology used to access or manage them (e.g., mobile phone location data, IP address, MAC address).
9. images and/or recordings of you have taken during your account application or shown on your identity documentation or through our front office CCTV for security reasons.
10. information from credit agencies or fraud prevention agencies, electoral role, court records of debt judgements and bankruptcies, and other publicly available sources. This may also include information on any financial associates you may have if you apply for a product or service with us.
11. family, lifestyle, or social circumstances relevant to the product or service you apply for (e.g., the number of dependents).
12. education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us; and
13. Personal Data about other individuals as required. When providing the personal data of others, you must have their consent to share their information with us, and you should inform them of this Privacy Notice and any related data protection statement in advance.
14. WHY WE COLLECT PERSONAL DATA

The legal basis for processing or analyzing your personal data will depend on our intended purpose. Generally, we use your personal data for:

1. fulfilling our obligations under the contract with you for the relevant card account, insurance policy or service, including necessary steps before entering these contracts.
2. our legitimate interests, including good governance, risk management, and managing and auditing our business operations.
3. compliance with legal and regulatory requirements and related disclosures, such as activities related to the prevention, detection, and investigation of crimes, or reporting to credit bureaus/agencies; and
4. sending you marketing communications when we have obtained your explicit consent.

Specifically, we use your Personal Data to:

1. deliver products and services, including communicating with you about your accounts, products, and services, as well as updates on new features and benefits.
2. process your application (using both automated processes and manual reviews), including identity verification, and conducting credit, fraud prevention and anti-money laundering checks.
3. provide and improve our services and features, including monitoring and recording your telephone calls with us or our service providers to ensure consistent service levels (including staff training) and account operations.
4. prevent potentially illegal activities and enforce our terms and conditions. We also use various automated processes, manual reviews, and technological systems to detect and address unusual activity.
5. occasionally contacts you with marketing-related announcements, from which you can opt out, except for essential updates and important notifications.
6. with your consent, communicate promotions and offers relevant to products and services that may interest you or are similar to your existing NBF products and services, and to serve you personalized advertising.
7. improve our products and services and conduct research and analysis, including the use of artificial intelligence. We will inform you if providing some personal data is optional, including if we seek your consent to process it. In all other cases, failure to provide the requested personal data may hinder our ability to process or respond to your application, query, or service.
8. HOW WE PROTECT YOUR PERSONAL DATA

NBF implements reasonable commercial, technical, and organizational security measures to protect your personal data against theft, loss, or misuse.

Your data will be stored securely in an operating environment that is not accessible without authorization. We use encryption techniques to ensure the confidentiality and integrity of your personal data and have set up strong technical protocols to secure access to physical locations and virtual systems where personal data is stored. We have established incident and risk response plans to manage, contain and minimize any issues arising from unexpected events, including internal and external breaches. You will be promptly notified of any data breach affecting your personal Data that may pose a risk to your financial and personal security or could cause reputational harm. As part of our policy, we will conduct a thorough investigation of all breaches. Depending on the outcome of the investigation, we will ensure that all affected customers are appropriately compensated. We will also notify the relevant authorities in accordance with applicable laws and regulations.

For business continuity and disaster recovery purposes, NBF may store data in a location outside the jurisdictions in which we normally operate (for more information, please refer to the “Cross-border Data Transfer” section below). We also require our service providers to safeguard your Personal Data and to use it only for the purposes we specify (more information, can be found in the “Third Parties” section below).

6. THIRD PARTIES

We do not share your Personal Data with anyone except as described below. Your Personal Data will only be shared with your consent or as required or permitted by applicable which may include sharing with:

1. credit information agencies and similar institutions to report or inquire about your financial circumstances, and to report any debts you owe us.
2. regulatory authorities, courts, and governmental agencies, to comply with legal orders, legal or regulatory requirements, and law enforcement requests.
3. collection agencies and external legal counsel to recover debts on your account.
4. our service providers, third parties, or other banks and card issuers.
5. companies within the NBF Group of Companies including but not limited to NBF Financial Services FZC and NBF Markets (Cayman) Ltd.
6. business partners, including co-brand partners (“Business Partner”), to provide, deliver, offer, customize, or develop products and services for you, jointly or separately. We will not share your contact information with Business Partners for independent market purposes without your consent. However, we may send you offers on their behalf with your consent. If you accept an offer from a Business Partner and become their customer, they may send you communications independently. You will need to review their privacy statement and inform them separately if you wish to decline future communications.
7. any party you approve, including loyalty partners connected to your account (if applicable), and any partners relevant to your benefits program with whom you choose to enroll.

We implement encryption techniques and take measures for the secure transfer of Personal Data to third parties. We also have internal procedures for verifying the identity of cross-border processors, third parties, and service providers when transferring data to them.

7. CROSS-BORDER DATA TRANSFER

We process, transfer, and access your Personal Data through our systems in the United Arab Emirates, where our main operational data centre is located. In some cases, your Personal Data may be transferred and stored outside the United Arab Emirates for business continuity and disaster recovery purposes. In such scenarios, we will implement commercially reasonable measures to protect your Personal Data against theft, loss, or misuse, including seeking authorization from competent authorities if required by applicable laws and regulations.

8. HOW LONG WE USE AND RETAIN YOUR PERSONAL DATA

Retention periods are established according to applicable laws and regulations. We retain your Personal Data to establish, exercise or defend our legal rights, and for archival purposes. The default retention period is seven years. If your Account is in default, or if the balance remains unpaid or unsettled, we may retain this information for longer periods, especially if you choose to apply for NBF products in the future. When your Personal Data is no longer necessary for legal or regulatory purposes, to administer your Account or to deliver the requested products and services, we will take reasonable steps to securely destroy or anonymize that information. For more information about our data retention practices, please contact us – refer to the “Query or Complaint” section.

9. WHAT ARE YOUR RIGHTS

Under certain circumstances, you have the following rights under applicable data protection laws regarding your Personal Data:

1. request access to your Personal Data and information about how we process it.
2. request correctios to your Personal Data if it is inaccurate and provide complete and incomplete information. We encourage you to check that all Personal Data we hold is accurate and up to date. You can do this by visiting our website, logging in, and updating your information. Alternatively, you can contact us – refer to the “Queries or Complaints” section.
3. object to the processing of your Personal Data. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information, which may override your request.
4. request a restriction on the processing of your Personal Data.
5. request the erasure of your Personal Data if there is no valid reason for us to continue processing it. However, please note that we may not always be able to comply with your erasure request due to specific legal reasons, which we will inform you about at the time of your request.
6. request that we transfer Personal Data to you or to a third party.
7. be promptly notified of any data breach that may pose a risk to your financial or personal security and/or could cause you reputational harm; and
8. request a manual review of certain automated processing activities that may affect your legality. Please be aware that if we engage in automated decision-making to assess lending risks, this will be conducted based on it being necessary to fulfill our contract with you or take steps to enter that contract. If you object to or restrict the processing of your Personal Data, we may be unable to continue providing the products and services you have with us. In addition, these rights may be limited, in cases where processing is required by law or for other compelling legitimate interests.
9. MARKETING CHOICES

We obtain your informed and expressed consent before using and sharing your Personal Data for direct marketing purposes. If you would like to opt out of receiving marketing communications from the NBF Group of Companies, we recommend that you contact us to update your privacy preferences; please refer to the “Queries or Complaints” section below.

If you choose not to receive marketing communications from us, we will respect your decision. However, please be aware that opting out may affect certain offers related to the products or services you have selected. We may contact you to ensure that the information we gather about your marketing preferences is up to date. Additionally, we will continue to communicate with about servicing your account, fulfilling your requests, or administering any promotions or programs you have elected to participate in.

11.QUERIES OR COMPLAINTS

If you have any questions regarding this Privacy Notice, how your information is handled, or if you wish to make a complaint or exercise your rights, please write to us at DPO Office, Dubai, United Arab Emirates or use the “Make a Request” or “Contact Us” section of your online account. Alternatively, you can reach us at the following e-mail address: dpo@nbf.ae.