Data Privacy Notice
Emirates Islamic Bank PJSC, Emirates Islamic primarily refers to all the Personal Data that is collected and used about Emirates Islamic Customers for the purposes of the Consumer Protection Regulations and Standards and the UAE Personal Data Protection Law.
Emirates Islamic is registered in Head Office (DHCC), Dubai Healthcare City, Building #16, Executive Building, Dubai, United Arab Emirates.
This Data Privacy Notice describes the Personal Data Emirates Islamic collect, how it is used and shared, and your choices regarding this data. Emirates Islamic is the Data Controller for the Personal Data collected in connection with the use of Emirates Islamic Services.
This Data Privacy Notice applies to all Customers of EI Services, including Customers of EI’s mobile application, websites, and other banking Services (collectively, the “Services”) and through other interactions and communications you may have with us. This Notice specifically applies to:
Emirates Islamic is committed to providing you with exceptional banking Services and want you to have confidence in the way EI use your Personal Data. EI is committed to protecting your privacy and your Personal Data.
Further this Notice explains the various measures EI have in place to protect the security of your Personal Data and minimise the potential for its unauthorised use, disclosure, and destruction.
Emirates Islamic may act as a ‘Data Controller’ or a ‘Data Processor' in relation to your Personal Data.
Who is a Data Controller? Emirates Islamic will act as a Data Controller when processing your Personal Data. A Data Controller is an entity who solely, or jointly with others, determines the purposes (“why”) and means (“how”) of Personal Data Processing. In most cases, Emirates Islamic will act as the Data Controller when Processing your Personal Data – this means Emirates Islamic will decide on how to collect, process, and use Personal Data in this role.
Who is a Data Processor? Emirates Islamic will act as a Data Processor when Processing your Personal Data on behalf of another Group entity. In these cases, Emirates Islamic will perform the Processing of the Personal Data under the specific instructions from the Group entities acting as the Controller.
When Emirates Islamic collects Personal Data, Emirates Islamic provides a safe, secure, and confidential environment in all our delivery Channels to ensure that your Personal Data remains private and used for the purposes for which it is obtained and held.
Emirates Islamic has a legal obligation to keep your data confidential, however, Emirates Islamic may disclose your data to a third party where:
Personal Data and Processing have very specific meanings under the UAE Applicable Laws. It is important that you understand these terms.
Personal Data as per the Applicable Laws means, any data which relates to a living individual who can be identified directly or indirectly from that data. The definition includes a wide range of personal identifiers that constitute Personal Data, including but not limited to:
Processing means any action taken on Personal Data, e.g. viewing, collecting, using, storing, sharing, , printing, copying, archiving etc.
Processing activity means any task that involves doing anything with Personal Data.
EI collects Personal Data directly from you as our Customer or Prospective Customer. EI collects information you provide directly to us through your access or use of EI Products and Services. For example, when you apply for a product or Service on our website(s), by telephone or when you enter an EI premises and share/provide Personal Data with one of EI’s employees.
Emirates Islamic may collect Personal Data about you from other sources such as, but not limited to the following:
Personal Data includes information that EI collect and process about you depending on the products or Services you obtain or receive.
The below is a non-exhaustive list which highlights some, but not all, examples of categories of Personal Data EI collect about you:
| Category | Description | Example | Lawful Basis |
|---|---|---|---|
| Account Management | Used to administer your account with EI. Used to identify you when you sign-in to your account. Used to provide you with Services, and to fulfil your requests for certain products and Services, such as issuance of Debit and Credit cards and Personal finance services (Auto finance & home finance). |
To enable EI to process your data for the sole purpose of administering your relationship with the Bank. | Consent |
| Account Opening | Used for the setup and management of Customer accounts, including meeting the regulatory requirements such as KYC (Know Your Customer) process. | To enable Customers to create an Account, log in to your instance on the EI App, or verify their credentials. | Consent |
| Analytics | Used to collect data about how Customers use the EI App or how it performs. Used to understand how you use and interact with our Services and the people or things you’re connected to and interested in. |
To see how many Customers are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements. | Consent |
| App Functionality | Used for Features that are Available in the App. Used to improve the design and functionality of EI Channels for a better Customer experience. |
To enable app features, or to authenticate Customer. | Consent |
| Decline Onboarding | If your application is declined, EI will store your Personal Data in accordance with the EI record retention procedures and to comply with EI legal and regulatory obligations. | To keep track of the reasons for the declining of Onboarding to be used as reference, if and when the Customer approaches the Bank again. | Consent |
| Developer Communications | Used to send news or notifications about the app or the developer. | Sending a push notification to inform Customers about an important security update. | Consent |
| Financial Mediations / Payment Recovery | Used to authorise payment recovery Service partners to carry out collection activities on EI behalf. Used for payment recovery and exercise other rights EI have under any agreement with EI Customers as well as to protect EI against harm to EI rights and interests in property. |
Partners of EI engage with Customers who have defaulted, to settle their liabilities with EI. | Consent |
| Fraud Prevention, Security and Compliance | Used for fraud prevention, security, or compliance with laws. Used to prevent and detect fraud, money laundering and other crimes such as identity theft. |
Monitoring failed login attempts, geolocations, device information (e.g., model number, OS information), IP address, etc., to identify possible fraudulent activity. | Legal Obligation |
| General Correspondence | Personal Data you give to us by filling in any of EI forms or by communicating with us, whether face-to-face, by phone, email, online, mobile, any other digital means or otherwise. | To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning EI website or apps. | Consent |
| Personalised Commercial and Promotional Communications (Marketing) | To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and Services than the ones previously contracted or acquired from EI. This also includes for the purpose of conducting market research and accompanying statistical analysis to better understand our Customer base and the markets in which we operate. |
EI sends Customers a promotional email or SMS relating to a Product or Service on offer. | Consent |
| Regulatory Requests | To handle requests and instructions from regulators, law enforcement Agencies, etc. that specific information about individuals. | To meet the legal and regulatory obligations EI has, as a Licenced Financial Institution, governed by the CBUAE. | Legal Obligation |
| Satisfaction Surveys | To contact you for your opinions about EI Services including through surveys and other market research. | Sending Customer satisfaction surveys through digital channels (Ex: Emails) or conducting phone interviews. | Consent is confirmed via phone call before beginning with a survey. If a Customer opts out from receiving a marketing call, EI will place the Customer on the Do Not Contact (‘DNC') list and will not call that Customer nor send a digital survey. |
| Service Communications | Used to keep Customers informed of the products and Services they are availing of. Used to tell you about important updates and changes to EI Channels, including to EI Data Privacy Notice and other Policies and Terms. |
Sending Customers reminders to update their Personal Data in the App such as their mobile number and home address. | Consent |
| Video Protection (CCTV) | Used at EI premises and ATMs for security purposes. | To protect EI Customers, employees, visitors, and its premises. | Legitimate Interest |
EI only discloses your Personal Data outside of EI in limited circumstances. If EI does share the Personal Data outside of EI, we will put in place appropriate controls and data sharing/processing agreements that require recipients to protect your Personal Data, unless EI is legally required to share that Personal Data. All contractors or recipients that work for EI will be contractually obliged to follow EI instructions. EI does not sell your Personal Data to third parties.
EI may disclose your Personal Data to EI third-party Service providers, agents, and subcontractors (Suppliers) for the purposes of providing Services to us or directly to you on EI’s behalf within and outside the UAE.
When EI uses Suppliers, EI only discloses to them the Personal Data that is necessary to provide their Services and only where EI has a contract in place which requires them to keep your Personal Data secure and not to use it other than in accordance with EI’s specific instructions.
EI take steps to ensure that any third-party service providers who handle your Personal Data comply with the Applicable Laws and protect your Personal Data to the same extent that EI does. EI will aim to anonymise your Personal Data or use aggregated non-specific data sets where possible. Find below the supporting schedule with a list of categories of third parties with whom EI may share your data.
All sharing of Personal Data with third parties shall be post obtaining explicit consent from you, unless required to do so, in compliance with the Applicable laws and other legal and regulatory requirements.
| Category of Third Party | Description of Service Provided | Lawful Basis of Processing |
|---|---|---|
| Account Holders | EI may share your Personal Data with any joint account holders, legal guardians, executors, guarantors, trustees, or beneficiaries assigned by you at the onset or during the course of receiving EI products/Services. | Consent |
| Affiliates | EI may share your Personal Data with other companies who may support us in any of the purposes set out in this Data Privacy Notice to improve and enhance the Customer experience. | Consent |
| Analytics Providers | EI may share your Personal Data with analytics providers that assist us in the optimisation of EI website and apps including by measuring the performance of EI online campaigns and analysing visitor activity. | Consent |
| Asset Custodian | EI may share your Personal Data with the custodian service providers upon their request. | Consent |
| Asset Purchasers | EI may share your Personal Data with any third party that purchases, or to which EI transfer, all or substantially all of EI assets and business. Should such a sale or transfer occur, EI will ensure that the entity to which EI transfer your Personal Data uses it in a manner that is consistent with this Data Privacy Notice. | Consent |
| Business Partners | EI may share your Personal Data with EI business partners, together with whom EI provide Services such as hotels, restaurants, airline partners (whose logo may appear on a credit card EI provide) and Service providers or agents who provide Services on their behalf. Business partners may also include any entity (including its professional advisors and authorised representatives), who provide funding to EI or any entity that provides us with payment recovery or equity finance and any potential purchasers of any part of our business. Business Partners may also include any party to a transaction acquiring an interest in, or assuming risk in, or in connection with, your banking relationship with EI. |
Consent |
| Courts, Regulators, and Government Authorities | EI may share your Personal Data with these parties where EI believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect EI rights or the rights of any third party. To investigate or address claims or disputes relating to the use of EI’s Services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement. To perform the role of collaborators, where Services require their involvement. |
Consent Legal Obligation |
| Credit Information Agencies | EI may share your Personal Data with government-authorised Credit Information Agencies and fraud prevention agencies to comply with EI’s legal and regulatory obligations. | Consent |
| Payment Recovery Agencies | EI may share your Personal Data with any entity used for the recovery or collection of receivables to the bank from delinquent or defaulted Customers. | Consent |
| Fund Managers | EI may share your Personal Data with fund managers who provide asset management Services to you and any brokers who introduce you to us or deal with us for you. | Consent |
| Guarantors | EI may share your Personal Data with any person or entity that is to provide, or has provided, any security of guarantee (and their professional advisors) in respect of your agreement with EI. This type of processing is necessary for the fulfilment of our contract with you, for example to enable us to recover any sums we have advanced under our agreement with you. |
Consent |
| Insurance Providers | EI may share your Personal Data with insurance providers, including underwriters, brokers and associated parties. | Consent |
| Intermediaries/Brokers through whom you are our Customers | EI may share your Personal Data with third-parties who have introduced you to us (e.g. an intermediary or broker) in order for them to manage their records about you, to ensure that the type of business that they refer to us is appropriate and to help EI to resolve any complaint made by you and/or any dispute between you and EI. This type of processing allows us to ensure that the intermediary or broker is fulfilling the terms of their contract with us and for us to fulfil our legal and regulatory obligations. |
Consent |
| IT Service Providers | System based processing of personal details as part of organisational/ operational requirements. E.g. cloud hosting Services; application development and support Services; IT Infrastructure Services; email Services; communication service providers, call recording Services. Help maintain the safety, security, and integrity of EI Services and Customer. | Consent |
| Law Enforcement Agencies & Authorities | To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences. | Consent Legal Obligation |
| Legal/Professional Advisors | The provision of business consulting, audit and legal Services including access to and analysis of Personal Data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice. | Consent |
| Other Third Parties | Provide, maintain, and improve EI Services, including, for example, to facilitate payments, send receipts, provide products and Services you request (and send related information), develop new features, provide User support to Customer, develop safety features, authenticate Customer, and send product updates and administrative messages. Perform internal administration and operations, including, for example, to prevent fraud and abuse of EI Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends. Send you communications EI think will be of interest to you, including information about products, Services, promotions, news, and events of EI, where permissible and according to local applicable laws. Notify you about changes to EI terms, Services or policies and other communications that aren’t for the purpose of marketing the Services or products of EI or its partners. |
Consent |
| Payment Processing Services | EI may share your Personal Data with providers of payment-processing Services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements. | Consent |
| Postal Services and Couriers | EI may share your Personal Data with any entity used for the purpose of postal and courier services. | Consent |
| Representatives | EI may share your Personal Data with anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney or Letter of Authorisation. | Consent |
| Social Media Agencies | EI may share your Personal Data with social media companies so they can display messages to you about EI products and Services or make sure you do not get irrelevant messages. | Consent |
The way EI analyses Personal Data relating to EI Services may involve profiling or other automated methods to make decisions about you that relate to the following:
You may have a right to certain information about how EI make these decisions. You may also have a right to request human intervention in case it pertains to a fully automated process and to challenge the decision. Refer the “How to Contact Us” section for further details on reaching out to us with your request.
EI needs your Personal Data to provide you with the Services or products requested by you. EI also needs to capture expressed consent to be able to process the Personal Data for fulfilling EI’s contractual and legal obligations.
If you do not provide us with the requested Personal Data and the consent to process your Personal Data, EI may have to decline your request for our Product(s) and/or Service(s), or if EI is already providing you with the product(s) and Service(s), EI may need to suspend or stop providing you with the product(s) or Service(s), which can lead to closure of your banking relationship with us, subject to compliance with EI’s legal obligations to retain data.
It is voluntary for you to provide us your Personal Data or consent for direct sales or marketing purposes.
EI makes it clear on the EI physical application forms, during your onboarding digitally and on all communications received from the Bank as to what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*). EI requests your consent to process such data for direct sales and marketing purposes. It further, gives you an option to choose what are the channels through which you desire to be contacted.
You can choose to stop receiving further marketing communications at any time by:
EI operates channels, pages, and accounts on Group EI approved social media sites to inform, assist and engage with customers.
EI is not responsible for any information posted on those sites other than information EI has posted. EI does not endorse the social media sites themselves or any information posted on them by third parties.
EI collects Personal Data about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using EI cookie preference centre on the EI website, mobile app and any other digital means.
EI is a part of a global organisation, and your Personal Data may be stored or processed in any country where EI has facilities or in which EI engages Service providers and subcontractors. EI has put in place appropriate safeguards in accordance with applicable legal and data protection requirements to ensure that your data is adequately protected.
In cases where we need to transfer your Personal Data outside the UAE, we will obtain Consent from you.
You have certain rights in respect of your Personal Data, and EI have processes to enable you to exercise these rights. Your rights are as follows:
Central Bank UAE (as per the CPR and CPS)
Telephone: 800 (CBUAE)22823
Website: CBUAE | Filing a Banking-Related Complaint (centralbank.ae)
Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where EI is required or permitted by law or technically feasible to do so. EI will always be clear and communicate this to you if these instances arise.
Also note, for the purpose of upholding the security, confidentiality, and integrity of your Personal Data, EI may verify your identity before allowing you to access your Personal Data.
The Security of your Personal Data is important to us. We make every effort to ensure that your Personal Data is secure on our system. EI has staff dedicated to maintaining the EI security standards as set forth herein. EI implements technical and organisational measures to ensure a level of security appropriate to the risk to the personal information EI processes. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. EI evaluates these measures on a regular basis to ensure the security of the processing.
Your EI profile is password-protected so that only you and authorised EI employees have access to your account information. EI staff will never reach out to you and ask for any personal account information, including your passwords, pin number, one time password or any other secured details to access your data.
EI make every effort to ensure that your Personal Data is secure on its system. EI have staff dedicated to maintaining the EI security standards as set forth herein. EI implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information EI process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. EI evaluate these measures on a regular basis to ensure the security of the processing.
Unfortunately, you would appreciate that, no data transmission over the Internet can be fully guaranteed to be 100% secure. As a result, EI cannot guarantee the security of any Personal Data you transmit to us, and you do so at your own risk. If you have any further questions on this issue, refer to the EI Terms and Conditions.
Please contact the EI Customer Service Helpdesk on 600 599995 in case you receive fraudulent emails or require any assistance with regards to our online banking Services.
Whilst EI takes measures to secure your Personal Data, risks to data security do exist, and there is always a possibility of unauthorised use, disclosure, modification and/or destruction of your Personal Data. In the event of a Personal Data Breach, EI will notify you, without delay, about it and its likely consequences, measures taken by us to mitigate the increased risk and avenues available to you to mitigate the risk as a result of the Personal Data Breach.
For reporting Personal Data Breaches or further information on how EI respond to and handle Personal Data Breaches, please contact us at personaldatabreaches@emiratesislamic.ae.
The EI website, mobile apps and any other digital means may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own Data Privacy Notices. Please check these Notices before you submit any Personal Data to these websites. EI is not responsible for the Data Privacy Notices, content of such sites or any Personal Data collected by such sites.
EI has appointed a Data Protection Officer (“DPO”) to oversee compliance with this Data Privacy Notice. The DPO can be contacted on dpo@emiratesislamic.ae.
EI will keep your Personal Data for as long as EI has a relationship with you and for meeting our legal, accounting, or reporting requirements. Once the EI relationship with you has come to an end, EI will retain your Personal Data for a period that enables us to:
EI will delete/store with limited access and appropriate safeguards your Personal Data when it is no longer required for these purposes. If there is any information that EI is unable, for technical reasons, to delete entirely from EI systems, we will put in place appropriate measures to prevent any further processing or use of the data.
In some circumstances you can ask us to delete your data. For further information, please see the “What are your Rights” section.
If you have questions or concerns regarding the way in which your Personal Data is being used, please contact the Emirates Islamic Data Privacy Office by emailing dpo@emiratesislamic.ae.
If you are unsatisfied with the way your Personal Data is being processed, please raise a complaint by reaching out to dpo@emiratesislamic.ae.
If you would like to lodge a complaint to your local supervisory authority, please get in touch and Emirates Islamic will provide you with instructions and contact details to your local supervisory authority.
If you would like to stop receiving marketing or promotional communications, please refer to section 12 of the Notice for more information.
Emirates Islamic are committed to working with you to obtain a fair resolution to any complaint or concern you may have. If, however, you believe that Emirates Islamic have not been able to assist with your complaint or concern you have the right to make a complaint to the competent data protection authority.
EI may occasionally update this notice. If EI makes significant changes, EI will notify Customer in advance of the changes through the EI apps or through other means, such as email. EI encourages Customers to periodically review this Data Privacy Notice for the latest information on the EI data privacy practices.
Should you wish to contact us to discuss any questions, concerns, and comments you may have regarding your Personal Data that we process, please reach us through our contact details provided in section, “How to Contact Us”, of this Notice.