1. About the Commercial Bank, Qatar (the Controller)
The Controller is The Commercial Bank (P.S.Q.C.), a publicly listed company incorporated in the State of Qatar with commercial registration number 150 and registered address at Commercial Bank Plaza, 380 Al Markhiya Street, Al Dafna PO Box 3232. Call Centre: +974 4449 0000, Official Website: www.cbq.qa. Commercial Bank operates as a bank in the State of Qatar.
2. About this Notice
As Commercial Bank (we, our, or us includes Commercial Bank and other Commercial Bank Group Companies), we and other Commercial Bank Group Companies may collect various data about you (both in electronic and physical formats), including your name, address, date of birth and email. This privacy notice (the Notice) explains how we and other Commercial Bank Group Companies will use the data that is collected, who we might share it with, and the steps we will take to ensure it stays secure. We would like to assure you that one of our main priorities is the privacy of our customers.
This Notice applies to our websites, online banking, our mobile applications (CBQ Mobile App), hard copy forms/applications, or documents submitted by you through e-mail, our branded social media sites or pages, and other online, mobile, or retail services that are linked to, from, or in reference to this Notice as well as any other interactions you may have with our digital advertising campaigns (collectively the Sites/Services).
This Notice explains how we collect, share, use, and protect data when you visit or use the Sites/Services. By using these Sites/Services, you agree to this Notice. However, our CBQ Mobile App, social media, or other services, sites, pages, or materials may include additional terms about the privacy or use of your data. Please review the Notice for the specific Site/Service you are using.
3. Personal information we collect
Personal data is any data:
- That identifies or can be used to identify you or members of your household who hold an account with us.
- That relates to, describes, and is capable of being associated with, or could reasonably be linked (directly or indirectly) with you.
- That can be used to authenticate you or provide access to an account.
- That relates to you and that might be sensitive (such as personal medical or health data, details of children, marital status, account number, and account value).
*Personal data also includes personal data of a special nature (as that is defined by the Qatar Personal Data Privacy Protection Law (Law no. 13 of 2016 (the “Privacy Law”)).
We collect the following categories of personal data from the following sources:
- Your browser or device.
- Commercial Bank apps.
- Third Party Sources such as government departments including but not limited to Qatar Credit Bureau.
We collect from your personal
data that identifies you as an individual or relates to identifying data about
you, including identifiers such as your name, address, phone number, and
e-mail. Depending on the services you
request, we may collect additional personal data such as: alias, gender, age,
QID, date of birth, information from a birth certificate or death certificate,
relationship status, information that appears on your Passport/Visa, your
citizenship and military status, Tax ID, bank account and/or payment card
information, information about your education, employment and employment
history, property, current salary, criminal offenses, credit history, credit
score, dependent/beneficiary name(s), biometric information, and other personal
Certain data is collected from you by internet browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, and internet browser type and version.
When you download and use one of our apps, we may collect your cookie ID, device IP address, email address, search history, and geolocation data.
We may also collect and/or track your app usage data by accessing our Commercial Bank servers which include the date and time you logged into one of our apps and the information/files that have been checked or downloaded.
We may also record and keep a track of conversations you have had with us through phone calls, face to face meetings, letters, emails, and/or any other kind of messaging medium to check your instructions to us, assess, analyze and improve our service, train our people or prevent and detect fraud and other crimes.
For security reasons, we use closed circuit television (“CCTV") in and around our branches and offices for security purposes and we may collect photos or videos of you or record your voice through CCTV. For security reasons, we may collect the precise physical location of your device by using relevant sources including but not limited to satellite, cell phone tower, or wireless local area network signals as well as through the use of beacons in our branches. We also may use your device's physical location to provide you with personalized location-based services and content. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device's location, but if you choose to deny such uses and/or sharing, we may not be able to provide you with the applicable personalized services and content.
4. The purposes and permitted reasons for processing
First and foremost, we set out below the permitted reasons for collection and legitimate interests (how we intend to use and process your data) which do not require us to obtain your explicit consent:
- Lawful Basis – where there is a legal obligation or a contractual obligation:
- Complying with applicable laws and regulations.
- Reviewing and processing applications for our services.
- Performing audits.
- Providing customer service including account maintenance and processing applications and transactions.
- Complying with legal obligations to compile information.
- Verifying requests made pursuant to this Notice.
- Carrying out a task in favor of public interest.
- Protecting the vital interest of individuals.
- Legitimate Interests:
- Improving our sites/services.
- Performing research and business analytics and identifying usage trends.
- Engaging in fraud monitoring and prevention.
- Protecting our business and our customers against illegal activity.
- Servicing your account and marketing it to you, including advertisements and other communications tailored to you through our sites/services, third-party sites, and offline services (please see the Online Marketing section for more information on our online advertising practices).
- Tailoring marketing communications from our subsidiaries and affiliates as well as from selected third parties.
- Tracking responses to our e-mails and advertisements and measuring the success of our marketing campaigns.
- Managing our business effectively.
- Developing new products and services.
- Authenticating you so that you can access the sites/services and conduct account transactions.
- Recognizing you, your device, or your browser when you use the sites/services so that we can facilitate navigation, display information more effectively, store your preferences, personalize your experience, and enhance the use of the sites/services.
- Requesting your feedback.
- Facilitating social sharing functionality where needed.
- Reviewing statistical information about use of the sites/services to improve their design and functionality, to understand how they are used, to assist us with resolving questions about the sites, and to ensure that our sites/services function properly.
Secondly, we may also collect and process information when we have your consent.
5. Data Sharing
We do not rent or sell your personal data to any third parties for any purpose. However, we may share your personal data for the following business or lawful purposes:
- With our subsidiaries and affiliates to the extent permissible under applicable law.
- With third parties, to permit them to send you marketing communications on our behalf. and for them to Cconduct data analysis for financial products and services offering.
- With collection agencies to assist in collecting debt.
- With tax authorities where required by law or regulation to provide such information.
- With our service providers, who provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, processing your transactions, e-mail delivery, auditing, and other services.
- With a third party, in the event of any proposed reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
- As required by law or regulation.
- To protect our rights, privacy, safety, or property, and/or that of our subsidiaries and affiliates and you as well.
5.1 Online Marketing
We may, directly or through third parties, advertise products and services intended to be of interest to you on our sites/services section and on third party sites or apps. We and our third-party contractors may use the online technologies to make inferences and predictions about your characteristics, interests and preferences based on your online interests and activities across other sites. We may also use technologies to associate and recognize your various mobile and desktop devices in order to deliver ads and other content in a consistent manner across the devices you use. Information we collect using the technologies described above may also be associated or linked with your personal data, such as the email or postal address you have provided directly to us or by third parties. If you opt out of interest-based advertising, you will not receive such customized ads on the sites/services or in other platforms.
When you request to opt out of direct marketing it may take us a short period of time to update our existing systems and records to reflect your request, during which time you may continue to receive marketing messages. Even after you opt out of direct marketing communication, we will continue sending important communication wherever required by law.
6. Details of Any Automated Decision-Making, Including Profiling
When offering our banking services, such as mortgages, credit cards, or personal loans, automated processes may be utilized to make decisions concerning you. This involves employing technology to assess the risk associated with customer or account activity, particularly for credit, fraud, or financial crime considerations. You have the right to receive specific details regarding the decision-making process, and you may also be entitled to request human intervention in the decision-making process.
7. How We Protect Your Personal Data
We protect your personal data in compliance with Qatar Data Privacy Law, relevant Qatar Central Bank data security circulars and the Qatar National Cyber Security Framework. We conduct external audits on our information security and data privacy policies and controls regularly. We maintain appropriate administrative, technical, and physical measures to protect the personal data we have about you against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession including appropriate encryption and de-identification techniques. We also take measures to destroy or permanently de-identify personal data when there is no longer a business need to keep the data (except when required by law). We delete data fifteen years maximum after closing an account as required by applicable laws. We are committed to implement leading data protection standards.
The third-party and service providers with whom your data is shared are obliged to comply with our policies.
8. What are the rights you have regarding your personal data?
- You have the right to request that we disclose to you the following:
- the categories of personal data that we have collected about you,
- the categories of sources from which we have collected personal data about you,
- the business or commercial purpose for collecting your personal data, and
- the categories of personal data that we have shared about you and the categories of third parties to whom the personal data was shared.
- You have the right to request a portable copy of your personal information.
- You have the right to request that we delete personal information collected from you, if the data was collected based on explicit consent from you.
- You have the right to object to us processing your personal data, including direct marketing information if it is not for lawful purposes or in relation to legitimate interest.
- You have the right to request that we update your personal information collected from you, including rectification of any errors.
- You have the right to be notified in case of policy change in a timely manner.
- You have the right to be notified in case of a breach in a timely manner.
- You have the right to make a complaint to us using the information mentioned in item 9.
- You have the right to make a complaint to the National Data Protection Office at firstname.lastname@example.org.
9. Contact information for the persons responsible for data privacy
Please contact us on 4449 0000 or send an email to us securely using the write to us option in your CBQ Mobile App or Internet Banking.