Demystify BaaS in the Middle East with our CEO, Andrew Sims, nDigital
Our Group CEO, Andrew Sims, was delighted to feature in the latest episode of Dave and Dharmesh Demystify Podcast with Fintech Futures providing a great perspective on fintech and developments in Bahrain and Middle East.
Get in touch to find out how your business can join in the success of the nDigital portfolio.
Copyright @ 2022 nDigital Holdings SPC. All rights reserved.
Copyright @ 2022 nDigital Holdings SPC. All rights reserved.
Anti-Money Laundering, Combating the Financing of Terrorism (AML/CFT) and Sanctions Policy Statement
This statement represents a certification by nDigital Holding SPC (herein after referred as “Company”, “nDigital”) to its customers, partners, third parties regarding compliance with Anti Money Laundering and Combating Terrorist Financing (hereinafter collectively referred to as “AML/CFT”) regulations. nDigital is strongly committed to prevent the use of its products and services for money laundering or terrorist financing. Accordingly, the Company complies fully with all applicable anti-money laundering and terrorist financing laws and regulations in the jurisdictions in which it does business and standards relating to combating money laundering.
Our procedures comply with applicable laws and regulations as well as the Financial Crime Regulation of the Central Bank of Bahrain (FC Module). We also monitor and adhere to other major international anti-money laundering recommendations and programs such as the Financial Action Task Force (FATF), the United Nations and European Union sanctions and the Office of Foreign Assets Control (OFAC) in addition to applicable local and international sanctions in our operating jurisdictions.
Accordingly, nDigital takes all reasonable and appropriate steps to prevent persons engaged in money laundering or the financing of terrorists or terrorist operations, from utilizing nDigital’s products and services.
AML/CFT COMPLIANCE PROGRAMME
Key components of the AML/CFT Compliance program are enshrined within the Company’s integrated management system (IMS) which is certified to the ISO 9001 Quality Management System (QMS) and the ISO 27001 Information Security Management System (ISMS). The components are as follows:
Board of Directors approved Policy and Procedures;
AML/CFT Risk Assessment, System, Process and Controls;
Ongoing AML/CFT training; and
nDigital complies with local and international regulations on AML/CFT and Sanctions requirements and prohibits doing business with:
Companies incorporated in or trading in a prohibited country;
Individuals residing in a prohibited country; and
Allowing transactions to occur in a prohibited country.
nDigital’ key principles of the policy are:
nDigital has implemented a risk-based approach using policy, procedures, processes, system, and controls to identify, manage and mitigate money laundering and terrorism financing risk and customer identification and verification procedures in line with the legal and regulatory requirements;
nDigital will carry out the necessary procedures to determine and verify the identity of the Ultimate Beneficial Owner and necessary Customer Due Diligence (CDD) and/or Enhanced Due Diligence (EDD) measures for customers flagged as High, Medium, and Low risk;
nDigital has implemented Know Your Employee (KYE) program containing detailed screening, monitoring and Due Diligence requirements;
nDigital will monitor customer transactions to identify unusual activity and will report such activity to the competent authority and has implemented technology system to comply with the sanctions compliance requirements relating to customers, linked persons, and counterparties in case of transactions;
nDigital does not onboard customers who are PEPs as part of their digital individual customer onboarding process, as per restrictions set by the Central Bank of Bahrain;
nDigital does not accept/ open anonymous accounts or accounts in fictitious names and does not accept/ establish correspondent banking relationships with shell banks;
nDigital will comply with all legal and regulatory requirements relating to cross border transfers;
nDigital will arrange ongoing training of employees with regard to AML/CFT issues and their responsibilities; and
nDigital will maintain and comply with the legal and regulatory requirements relating to record retention period.
In providing this information, nDigital does not undertake any responsibility or liability with respect to AML/CFT compliance measures that your institution may be required to take under applicable legal and regulatory requirements.
nDigital Privacy Statement
nDigital Holdings SPC (“nDigital” or "we" or "us" or “our”) is committed to maintaining the confidentiality,
explains how and why we collect, store, and use your personal information (“Personal Data”) collected in
connection with your use of our services including our website, mobile application or other digital channel
operated by us (each a “Channel”).
As both a controller and processor of Personal Data we respect the confidentiality and privacy of the
use and share that information, and what choices are available to you about our use of the information.
2. WHY DO I NEED TO READ THIS POLICY?
We will collect your Personal Data when you use:
websites linked to our services including our website at www.ndigitalventures.com;
mobile applications linked to our services directly or via Channels;
when you register with us as a Business-to-Business (B2B) customer; or
any of the services you can get access to through mobile applications or websites or other digital
When we say ‘Personal Data’, we mean information which can be used to personally identify you (for
example, a combination of your name and address and identification documents).
THIS POLICY CONTAINS IMPORTANT INFORMATION and explains what information we collect, how
we use it, and your rights if you want to change how we use your Personal Data. Therefore, it is important
for you to know your rights.
If you have concerns about how we use your Personal Data, you can contact us at
3. INFORMATION WE COLLECT
We collect information about you from various sources and by various methods which may include
information that you submit to us manually or information that we collect automatically. The Personal Data
we collect about you includes information that we collect when we setup, administer, and manage our
relationship with customers and users of our Channels. This information is used by us for different reasons in connection with the products and services you obtain from us and the Channels you use. For
example, if you contact us via the Channel and submit your information to us, we will collect the
information you provide; or, if you use the Channel we will track and monitor your visits and activities
using cookies or other automated techniques.
The table below explains what Personal Data we collect and use.
Information you give us
We collect information you provide when you:
fill in any forms;
correspond with us;
register to use a Channel;
open an account or use any of our services;
take part in online discussions, surveys or promotions;
speak with a member of our customer support team; or
contact us for other reasons.
We will collect the following information:
Personal details like full name, address, date of birth, place
Information about your identity, such as a copy of your ID
document, biometric data and video and or selfie images;
Information about your right to live in a particular country
and your tax residency and tax identification number;
Financial details, such as your employment status,
employment information, details of source of income and
source of wealth, information on monthly income;
Details of your bank account, including the account
number and IBAN;
Information relating to transactions (such as type, dates,
amounts, currencies, payer and payee details).
Information we get from external sources
We collect Personal Data from third parties, such as
Information & eGovernment Authority (IGA), credit-reference
agencies, financial or credit institutions, official registers, and
We also screen data against fraud prevention agencies and
KYC (Know Your Customer) and AML (Anti Money
Laundering) service providers to fulfil our legal duties;
If you are a B2B customer, we will need to confirm your
identity as part of our KYC process. We will ask you to provide
documents, and will also collect information from third parties,
such as commercial registers, private company information
databases for this purpose.
Information from social media
Occasionally, we will use publicly available information about
you from selected social media websites or apps to carry out
enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to
or collected by us when we conduct general searches on you
(for example, to comply with our anti-money laundering or
sanctions screening obligations).
If you are a B2B customer, we may collect information about
you if you make it publicly available on social media websites
or apps. We only do this as part of our B2B KYC checks. For
example, if you have not yet set up a website for your
business, we may need to look at information available on
social media websites or apps to make sure your business is
Information from publicly available
We collect information and contact details from publicly
available sources, such as official public records, like Sijilat or
UK Companies’ House, media stories, online registers or
directories, and websites for enhanced due diligence checks,
security searches, and KYC purposes for B2B customers.
Please note that the above list is not exhaustive, and that nDigital may also collect and process
Personal Data to the extent this is useful or necessary for the provision of our services, and to comply
with regulatory requirements.
Personal Data may be retained by us for the duration of a customer’s business dealings and beyond, in
accordance with our legal and regulatory obligations, including but not limited to our record retention
4. OUR REASONS FOR USING YOUR INFORMATION
Bahrain’s Personal Data Protection Law (PDPL) states that we must have a lawful basis for using your
Personal Data (See also Section 10 below). At least one of the following must apply: contractual or legal
duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain
which one we rely on to use your data in a certain way.
Keeping to our contracts and agreements with you or to enter into a contract with you for
products, services and promotions.
We use details about you to:
consider your application.
provide the services we agreed to in line with our terms and conditions.
contact you about your account and other services you use if you get in touch, or we need to
tell you about something.
to provide information about products and services we provide and promotions that we or our
affiliates and partners may offer.
exercise our rights under contracts we have entered into with you.
investigate and resolve complaints and other issues.
In some cases, we have a legal responsibility to collect and store your Personal Data (for example,
under anti-money laundering laws we must hold certain information about our customers). We:
confirm your identity when you sign up or get in touch.
check your record at immigration and fraud prevention agencies.
prevent illegal activities like money laundering, tax evasion and fraud.
keep records of information we hold about you in line with legal requirements.
adhere to banking laws and regulations (these mean we sometimes need to share customer
details with regulators, tax authorities, law enforcement or other third parties).
compare information we hold about your account with your tax residency information to make
sure we do not have a reason to doubt it.
We sometimes collect and use your Personal Data , or share it with other organisations, because
we have a legitimate reason to use it and this is reasonable when balanced against your right to
privacy. For example, we might share information with credit bureaus and fraud prevention
agencies so we can benefit from up-to-date information when we make decisions about accounts.
This helps us make responsible decisions and fight financial crime.
We will ask for your consent to:
tell you about our products and services, and those of our partners by email or push
notification if we think they are of interest to you. You can unsubscribe from these by email or
via the Channels.
share information about you with companies we work with when we need your permission.
you do not have to share information about yourself if you do not want to. But if you do not,
you may not be able to use some (or any) of our services.
you make withdraw your consent at any time by providing 10 working day prior notice to the
following email address: firstname.lastname@example.org. Please note that the withdrawal of
consent may limit or prevent you access to or availability of services. Please also refer to
section 12 and 14 for further information.
5. HOW WE USE THE INFORMATION WE COLLECT
We may use the information we collect about you to:
Provide, administer and communicate with you about products, services and promotions that we or
our affiliates and partners may offer.
Operate, analyse and improve our business including: developing new products and services;
managing and improving our communications; measuring and validating the success of our
promotional and marketing activity, producing data reports and analysis, and performing
accounting and finance related activities.
Enforce our terms and conditions and comply with legal and regulatory requirements, including
industry standards and our internal policies.
To set up, maintain, and administer the contractual relationship.
To check your identity (as part of our KYC process) and decide whether or not to approve your
To enable you to manage the customer account with us and to assist you to transact with us.
To keep records of communications in order to evidence what has been discussed, keep a record
of your instructions, and to prevent or detect crime.
To record customer account activities where we have reason to believe that fraud or other crimes
are being committed or where we suspect non-compliance with anti-money laundering regulations
to which we are subject.
To test the performance of our products, services, and internal processes to ensure that your
Personal Data is only collected as needed and is held and processed securely.
To comply with our regulatory obligations under any applicable regulatory regimes.
If we intend to use information collected about you in other ways that are not listed above, we will notify
you at the time we collect the data or before we use it if it is already in our possession.
WHO WE SHARE YOUR DATA WITH?
We share your Personal Data only with companies that provide services to us. By companies we mean
those that help us provide services you use and need to process details about you for this reason. We
share as little information as we can and encrypt and/or make it impossible for you to be identified by the
recipient where possible.
Our affiliates; banking, financial-services, distribution and promotional partners; and payment
networks, including Visa and Mastercard.
Know Your Customer (KYC) service providers that help us with identity verification or fraud checks.
Cloud computing power and storage providers like Amazon Web Services (AWS) and Microsoft
Credit reference/ Fraud prevention agencies.
Law enforcement and other external parties, i.e. regulator, external auditor.
7. DISCLOSURE OF INFORMATION
We do not sell or otherwise share Personal Data we collect about you with third parties, except as
described here or unless we notify you of our intention to do so at the time the data is collected or such
later date, and obtain your consent.
We may share information in any way necessary to comply with regulatory requirements, industry
standards and our internal policies. This may include sharing the Personal Data we collect with regulators
and external auditors.
We also may share the information with service providers who perform services on our behalf or with
clients that we provide services to as a data processor. We do not authorise service providers to use or
disclose the information except as necessary to perform certain services on our behalf, and if our clients
use or disclose data it will be as described here unless you are notified otherwise, and your consent is
obtained. We require service providers and clients to safeguard the privacy and security of Personal Data
and to meet the same standards of security and ethics as we do.
If we are required to do so by law or legal process, we may disclose information about you to law
enforcement authorities or other government officials, or when we believe disclosure is necessary to
prevent financial loss, or in connection with investigations related to actual or suspected fraudulent or
In the event we sell or transfer all or a portion of our business or assets the Personal Data that we collect
will be transferred to whoever we sell or transfer our business to. In such an event, we will direct the
transferee to use the Personal Data we have collected in a manner that is consistent with this Privacy
Policy. Following such a sale or transfer, you may contact the entity to which we transferred your
Personal Data with any enquiries concerning the use of any Personal Data that they hold.
8. YOUR RIGHTS AND CHOICES
You have certain rights regarding the Personal Data we maintain about you. Accordingly, we offer you
certain choices about what Personal Data we collect from you, how we maintain the accuracy of that
information, how we use that information, and how we communicate with you.
You may choose not to provide any Personal Data to us at all by not using the Channel or not submitting
information to us.
You may withdraw any consent you have provided to us, or object at any time on legitimate grounds, to
us holding or using your Personal Data. If you choose to do so we will observe your choice going forward,
and where necessary will withdraw our services in order to meet your request.
You have the right to be provided with access to the Personal Data we maintain about you, and to update
or correct inaccuracies. The right to access Personal Data may be limited in some circumstances by law
or regulatory requirements that we must comply with.
You have the right to inform us should there be any change in your Personal Data, such as your contact
or residential address or employment details, etc. Please inform us without delay.
To request a copy of the information that we hold about you, update your information, update your
preferences or consent on how we use your information, or to ask us to remove your information, please
contact us as specified below.
9. HOW WE PROTECT PERSONAL DATA
We maintain administrative, technical and physical controls to protect the Personal Data we hold against
accidental or unauthorised destruction, loss, alteration, access, disclosure or use. This includes the use of
encryption and cyber security techniques on Channels, data servers, and databases.
10. BAHRAIN’S PERSONAL DATA PROTECTION LAW (PDPL)
Bahrain enacted Law No. 30 of 2018 with respect to Personal Data Protection (Data Protection Law) on
July 12, 2018 which came in effect August 1, 2019. Like the General Data Protection Regulation (GDPR),
the PDPL imposes obligation of how businesses manage data, including ensuring that Personal Data is
processed fairly that data owners are notified when their Personal Data is collected and processed, that
collected Personal Data is stored securely and that data owners can exercise tier rights directly with the
nDigital Holdings is a data manager within the meaning of the PDPL and undertakes to hold any
Personal Data provided by customers in confidence and in accordance with legislation.
Customers have the right to lodge a complaint with the local data protection regulator if they are
dissatisfied with the manner in which their Personal Data is used by us. For more information in respect of
this PDPL or the way in which we use customers’ Personal Data, please contact us as specified below.
11. KEEPING YOUR PERSONAL DATA ACCURATE
We will make reasonable efforts to maintain the accuracy of your information for as long as it is being
to notify us of any changes to your information or contact details as described in paragraph 8 so that we
can continue to provide you with the best possible service.
12. CLOSING AN ACCOUNT
Upon your request and provided that you do not have an outstanding balance due on your account, we
will close your account as soon as reasonably possible, based on your account activity and in accordance
with applicable product terms and conditions and Laws and Regulations. We do retain Personal Data
from closed accounts to comply with law, prevent fraud, collect any amounts due/ owed, resolve disputes,
troubleshoot problems, assist with any investigations, and take other actions otherwise permitted by law.
We follow generally accepted physical, electronic, and procedural safeguards consistent with the
Personal Data we process and maintain. We use various security measures to protect the information we
collect including encryption, firewalls, and access controls and the security measures that we deploy are
compliance with multiple international security standards including the Payment Card Industry Data
Security Standards (PCI-DSS) and the ISO Information Security Management System (ISO27001). We
also limit access to this information to authorized employees and providers who need to know that
Your information may be retained by us on server computers that maybe located globally in accordance
with applicable laws/ rules. Your information will be kept for a period of 10 years or as may be required
under applicable law. The actual length of time we will retain your Personal Data is also affected by: (1)
your use of the Channel; and (2) any legal or regulatory requirements we are subject to.
wish to do so. Please check the Channel from time to time to ensure that you are aware of our current
Terms and Conditions of use relating to the Channel.
16. HOW TO MAKE A COMPLAINT
you, we will contact you directly to address any of your concerns. We will cooperate with the appropriate
governmental authorities to resolve any complaints regarding the collection, use, transfer or disclosure of
information that cannot be amicably resolved between you and us. The products and services provided
by NDIGITAL are governed by the laws of the Kingdom of Bahrain. Any dispute, controversy or claim
arising out of or relating to this Policy or the breach, termination or validity thereof shall be finally settled
accordingly to the Law.
17. CONTACT US
contact us at email@example.com, or call our Compliance department on +973 1720 3000.
Terms and Conditions
This website (“Website”) relates to the products and services of nDigital Holdings SPC (“we” or “us” or “our”), access to and use of the Website is provided us on the following terms:
1. By using the Website you agree to be bound by these terms, which shall take effect immediately on your access. If you do not agree to be bound by all of the terms please do not access or use the Website.
2. We may change these terms from time to time and so you should check the terms page on the Website regularly. Your continued use of the Website will be deemed acceptance of the updated or amended terms. If you do not agree to the changes, you should cease accessing or using the Website.
3. You agree to use the Website only for lawful purposes, and in a way that does not infringe the rights of, restrict or inhibit anyone else’s use and enjoyment of the Website. Prohibited behavior includes any activity that might disrupt the performance or accessibility of the Website; or the posting of inaccurate, misleading or offensive content to the Website.
4. All copyright, trade marks, design rights, patents and other intellectual property rights (registered or unregistered) in and on the Website and all content located on the site shall remain vested in us, and where applicable third parties. You may not copy, reproduce, republish, disassemble, decompile, reverse engineer, download, post, broadcast, transmit, make available to the public, or otherwise use the Website content in any way except for your own personal, non-commercial use. You also agree not to adapt, alter or create derivative works from any of the Website content except for your own personal, non-commercial use. Any use of the Website content other than normal browsing activity requires our prior written permission.
5. The names, images and logos identifying us or third parties and their products and services are subject to copyright, design rights and trademarks belonging to us and/or third parties. Nothing contained in these terms shall be construed as conferring any license or right to use any trademark, design right or copyright of ours or any applicable third party.
6. We are not responsible for the availability or content of any third party sites that are accessible through the Website. Any links to third party websites from the Website do not amount to any endorsement of that site by us and any use of that site by you is at your own risk.
7. The Website content, including information, names, images, pictures, logos and icons regarding or relating to us, our products and services or third party products and services is provided ‘as is’ and on an ‘as available’ basis. To the extent permitted by law, we exclude all representations and warranties (whether express or implied by law), including the implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy. We do not guarantee the timeliness, completeness or performance of the website or any of the content. While we try to ensure that all content provided by us is correct at the time of publication no responsibility is accepted by or on behalf of us for any errors, omissions or inaccurate content on the website.
8. Nothing in these terms limits or excludes our liability for death or personal injury caused by our proven negligence. Subject to the foregoing, we shall not be liable for any of the following losses or damage (whether such damage or losses were foreseen, foreseeable, known or otherwise): (a) loss of data; (b) loss of revenue or profits actual or anticipated; (c) loss of business actual or anticipated; (d) loss of opportunity actual or anticipated; (e) loss of goodwill or injury to reputation; (f) losses suffered by third parties; or (g) any indirect, consequential, special or exemplary damages arising from the use of the Website regardless of the form of action.
9. We do not warrant that functions available on the Website will be uninterrupted or error free, that defects will be corrected, or that the Website or the server that makes it available are free of viruses or bugs. You acknowledge that it is your responsibility to implement sufficient procedures and virus checks (including anti-virus and other security checks) to satisfy your particular requirements for the accuracy and validity of data input and output.
10. If any of these terms are determined to be illegal, invalid or otherwise unenforceable by reason of the laws of any country in which these terms are intended to be effective, then to the extent and within the jurisdiction in which that term is illegal, invalid or unenforceable, it shall be severed and deleted from these terms and the remaining terms shall survive and continue to be binding and enforceable.
11. Our failure or delay to exercise or enforce any right in these terms does not waive our right to enforce that right.
12. These terms shall be governed by and interpreted in accordance with the laws of the Kingdom of Bahrain. The Courts of Manama, Kingdom of Bahrain shall have exclusive jurisdiction over any disputes in connection with these terms or access and use of the Website.