Privacy Policy

CrediMax B.S.C has created this privacy statement in order to demonstrate our firm commitment to your privacy. The following discloses our information gathering and dissemination practices for CrediMax B.S.C official website: www.credimax.com.bh Our Internet Banking Service might requires you to provide your contact details i.e. email address and demographic information if applicable. Your contact information is used to notify you about new products available, special offers or to communicate other CrediMax news. You may opt-out of receiving future mailings by calling our customer services call centre or sending us email on credimax@credimax.com.bh. Your data collected at our website is used for marketing purposes only and will NEVER be sold on an individual basis.

Cookies

Our website may use browser cookies to maintain information about your site session; most notably, the 'state' of your current web session. Cookies help us identify you; this in-turn makes your experience at www.credimax.com.bh smoother and more enjoyable. These cookies contain absolutely no personal and confidential information.

Choice/Opt-Out

Our website provides you the opportunity to opt-out of receiving communications from CrediMax B.S.C. by calling our customer services call centre or sending us an email on credimax@credimax.com.bh

Security

Our website has a security measures in place to protect the loss, misuse and alteration of the information under our control. All information you send to CrediMax B.S.C or via our mother company "BBK" via their Internet Banking such as your Customer ID and ePIN and other transaction details are encrypted using the Secure Socket Layer (SSL) Certificate. The security of your information is a vital role; therefore, multiple types of additional security measures have been put in place for your protection. These measures include frequent professional evaluations of both external and internal security structures, detection of uncharacteristic customer behavior and monitoring and quickly blocking attempts by fraudsters to obtain Customer IDs, passwords and ePINs.

Contact

For any further inquiry about this privacy statement, the practices of CrediMax B.S.C website, or your dealings with this website, please do not hesitate to contact us:

Address: CrediMax B.S.C, P.O. Box 5350, Manama – Kingdom of Bahrain
- credimax@credimax.com.bh
- +973 - 17117117
- +973 - 17214193

Code of Practice

Data Privacy Statement

Data Privacy Statement

Introduction

CrediMax B.S.C.(c) (CrediMax) is committed to maintaining the confidentiality, integrity, and security of personal and sensitive information collected from customers, in accordance to applicable laws. This privacy statement defines CrediMax procedures to process personal and sensitive personal data collected and processed by CrediMax through all means including requests for new services and products via CrediMax’s various channels (including but not limited to branches, website and mobile applications). CrediMax recognizes the importance of data privacy, and treats your data in accordance to applicable data protection regulations. This statement should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing personal data. This privacy statement has been developed in line with the provisions of Bahrain’s Personal Data Protection Law (30/2018). This privacy statement shall be updated from time to time so you may wish to check it each time you submit Personal Data on our websites and applications. This privacy statement explains how we collect, use, store and share the personal data you provide us when requesting CrediMax’s services through any of the Company’s various channels. By accessing and using our electronic services and mobile applications, you agree to the terms and conditions of this privacy statement.

Definitions

Data or Personal Data:

Any information of any form related to an identifiable individual, or an individual who can be identified, directly or indirectly, particularly through his/her personal ID number, or one or more of his/her physical, physiological, intellectual, cultural or economic characteristics or social identity. To determine whether an individual can be identified, all the means used by, or that may be available to, the Data Controller or any other person, shall be taken in consideration.

Sensitive Personal Data:

Any personal information that reveals, directly or indirectly, the individual’s gender, race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to his/her health or marital status.

Data Controller:

The person who decides, solely or in association with others, the purposes and means of processing of certain personal data. In the events where such purposes and means are prescribed by Law, the Data Controller shall be the person who is responsible for the processing.

Data Processor:

The person who processes the data for and on behalf of the Data Controller, not including whoever works for the Data Controller or Data Processor.

Data Protection Officer:

The person who’s in charge of data privacy matters at the organization and support compliance with the requirements of data privacy laws by providing internal guidance and monitoring as well as external interaction and liaison.

Processing:

Any operation or set of operations carried out on personal data by automated or non-automated means, such as collecting, recording, organizing, classifying in groups, storing, modifying, amending, retrieving, using or revealing such data by broadcasting, publishing, transmitting, making them available to others, integrating, blocking, deleting or destroying them.

Direct Marketing:

Any communication, by any means, through which a marketing or advertising material is directed to a specific person

What kind of Information does CrediMax collect?

As part of our legitimate business use and regulatory requirements, CrediMax may collect the following information about past, existing and prospective clients (individuals and legal entities) for the purpose of providing our services. In addition, CrediMax may collect some of the following information about CrediMax third party service providers, guests visiting CrediMax facilities, online channels and social media users as relevant. This information includes (and is not limited to):

In certain cases, CrediMax may collect Sensitive Personal Data about you for the purpose of providing you with our products and services.

CrediMax will ensure not to collect this information without your consent unless it is allowed under applicable data privacy laws:

How does CrediMax collect my Personal Data?

In order to properly provide our services and to adhere to regulatory requirements, CrediMax collects Personal Data about you from the following sources:

• Directly from you (through application forms of various services)
• If you contact us, we may keep a record of the correspondence
• CrediMax websites and mobile applications
• Correspondence with CrediMax
• Events, surveys, and marketing campaigns
• BBK Group Companies, including; branches, subsidiaries, associates and other affiliates, as required for Group wide oversight
• Government Authorities and Regulators
• Data processors, ancillary service providers, contractors, vendors and any other third parties

Personal Data collected by CrediMax is restricted to the minimum information required to provide our services or as required by regulators. The consequences of not providing the requested information when CrediMax rely solely on a contractual or legal obligation may result in our inability to provide services requested by you.

When you visit CrediMax websites and mobile applications, we may collect certain information automatically from your device such as:

• Your IP address
• Device type
• Unique device identification number (such as MAC address)
• Browser type, broad geographic location (on a country or city level)

How does CrediMax safeguard the Personal Data collected?

As the Data Controller, we have a responsibility to apply technical and organizational measures capable of protecting the data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access, or any other form of processing. We have instituted adequate measures for providing an appropriate level of security aligned to the nature of the data being collected and processed, and the risks that may arise from this processing. Our various security measures include but are not limited to data encryption, either at rest or in-transit, strong authentication, accessing monitoring, and rigorous access controls either from network or application level. Data is shared within CrediMax and its third parties (including employees, group companies, contractors, agents, etc.) on a need to know basis and under strict confidentiality arrangements. Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats. We have implemented suitable measures to identify, monitor and report any breaches to personal data in line with the requirements of the law. CrediMax limits access to personal information to those working with CrediMax and BBK’s Group Companies, regulators, government authorities, vendors, consultants, external auditors and appointed experts, employees, contractors, business partners or agents who require such access in connection with providing products or services to you or for other legitimate business purposes or as required to comply with the relevant laws and regulations.

How does CrediMax process collected Personal Data?

We may process your Personal Data for:

1. Providing our products or services to you (as an individual and/or legal entity)
2. Administering and maintaining our contractual relationship
3. Conducting due diligence on all customers and future customers, credit reference checks, and to fulfil Know Your Customer (KYC) requirements
4. Complying with legal and regulatory requirements and reporting
5. AML, CFT and fraud-prevention purposes
6. Enhancement of our products and services
7. Research, analysis and statistical purposes including the use of data analytics
8. Marketing of our current and/or upcoming products/services. This may include sending Marketing SMS and Emails.
9. Record keeping
10. Audit and quality control
11. Implement physical security measures at our premises, for example using CCTV.
12. Credit reporting

To which third-parties does CrediMax disclose Personal Data?

CrediMax only discloses data to third parties when explicitly requested by you, when required as per legal/regulatory requirement, have a public or vital interest to do so such as fraud prevention and financial crime, to perform contractual obligations, or when CrediMax have a legitimate business reason to do so. Third-party recipients of data may include:

1. Government authorities and regulators
2. BBK Group Companies, branches, subsidiaries, associates and other affiliated companies
3. Financial Institutions (Such as corresponding banks)
4. Credit reference agencies
5. Courts, police and law enforcements
6. Consultants, Advisors, auditors and law firms (when required and when associated with CrediMax)
7. Data processors, ancillary service providers contractors, agents, business partners and other vendors associated with CrediMax in which CrediMax have a legitimate reason for sharing the Data such as: provide support with managing the internal operations, manage risk, identity verification, or assessing your suitability for products and services.
8. Call center and customer service provider
9. Cloud service providers

Is my Data transferred out of Bahrain?

We may need to transfer data outside Bahrain for the purposes specified on this privacy statement and for providing uninterrupted services to you (such as data availability, remittance, internal operation and validation and availability of electronic services and mobile applications). This may include sharing your personal data with:

• Card schemes companies (Visa, MasterCard, etc.).
• Bank of Bahrain and Kuwait subsidiaries, affiliated companies, contractors and subcontractors in countries with adequate or inadequate level of security measures for the purposes specified within this statement.

In all cases, CrediMax will apply safeguards to ensure protection of your personal data when transferred outside Bahrain. These measures may include for instance, contractual confidentiality and data protection agreements to ensure protection of data. When CrediMax transfer Personal Data outside Bahrain, CrediMax will ensure adherence to the legal and regulatory obligations. Bahrain’s personal data protection law sets out the circumstances under which Personal Data can be transferred outside of Bahrain.

What are my rights?

Under the provisions of the applicable laws, you are provided with the following rights in relation to the processing of your Personal Data. To exercise your rights under the Law, you will be requested to provide a valid proof of identity, in order for CrediMax to fulfil its responsibility of verifying your identity before processing your request. You may exercise any of these rights free of charge.

Right to enquire

You have the right to request and obtain information on the Personal Data which CrediMax holds and processes, and the purpose for which it is maintained by CrediMax.

Right to object You have the right to object to processing of your Personal Data under the following instances:

• If the processing for Data causes substantial and unwarranted harm or distress to yourself or others.
• If there are reasonable grounds as a result of which it is likely that the processing will cause substantial and unwarranted harm or distress to yourself or others.
• You have the right to request that another method be used to evaluate you when a decision has been taken solely based on automated processing of your personal data. This right applies to evaluations of (i) your financial position; (ii) the level of your efficiency for borrowing; (iii) your behaviour or (iv) your trustworthiness. In such a situation you may request that another method be adopted, for example a staff member reviewing your application for eligibility of a product when we have rejected to provide the product to you during your interaction with our digital channels.

However, the Personal Data Protection Law stipulates that under certain circumstances, CrediMax may have legitimate reasons to perform the processing of Data even when you have an objection. In this case, CrediMax shall continue to process your Data or reject providing you with the product or service you have asked for to satisfy these legitimate interests, including but not limited to: completion of a contract to which you are a party, implementation of an obligation prescribed by Law, protection of your vital interests, defending a legal claim, fraud prevention and anti-money laundering purposes, or exercising the legitimate interests of CrediMax or any third party involved.

You also have the right to object to being contacted by us for direct marketing purposes. On receipt of such objection, we will ensure that you are removed from our relevant marketing databases, as applicable. You have the option to opt-in or opt-out from receiving marketing communications, and update your communication and direct marketing preferences through our various contact channels.

Right to Demand Rectification, Blocking or Erasure

You may submit an application to request to rectify, block or erase your Personal Data, as the case may be, if the processing thereof is done in contravention of the provisions of the law, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.

Right to withdraw consent

At any time, subsequent to providing consent, you have the right to withdraw the consent provided. Withdrawal of consent will be applicable to future use of the Personal Data and will not in any way impact legitimate use of the personal information prior to the withdrawal of the consent.

Right to object to decisions based on solely automated processing

You have the right to request that another method be used to evaluate you when a decision has been taken solely based on automated processing of your personal data. This right applies to evaluations of (i) your financial position; (ii) the level of your efficiency for borrowing; (iii) your behaviour or (iv) your trustworthiness. In such a situation you may request that another method be adopted including a human intervention, for example a staff member reviewing your application for eligibility of a product or service and we will carry this out free of charge. We may further reject your request if we have determined that you pose a risk from compliance, fraud, or operational perspective.

Right to complain

You may submit a complaint to Bahrain’s Personal Data Protection Authority, if you have reason to believe that any violation of the provisions of the privacy laws has occurred or that we are processing Personal Data in contravention to its provisions. For more information on the procedures to submit a compliant to the Personal Data Protection Authority, you may refer to the Authority’s website. If you believe there has been a breach of privacy regarding your personal data, please contact us on complaints@credimax.com.bh

Will CrediMax use my data for direct marketing?

CrediMax may use your identity, contact information and profile data to directly market products and/ or services that may be of interest to you. You have the option to opt-in or opt-out from receiving marketing communications, and update your communication and direct marketing preferences through our various contact channels. Please note that in case of opting out from receiving marketing materials, CrediMax will continue to use your contact details to send you important notifications, such as changes to our Terms and Conditions, transactional notifications, and any other notification required when CrediMax have a lawful basis to do so.

Data Privacy Team For any questions or clarification on this privacy statement, feel free to contact our Data Privacy team on DataPrivacy@credimax.com.bh