Privacy Policy

nDigital Privacy Statement

nDigital Holdings SPC (“nDigital” or “we” or “us” or “our”) is committed to maintaining the confidentiality,
integrity, and security of any information about our customers/ users (“you” or “your”). This Privacy Policy
explains how and why we collect, store, and use your personal information (“Personal Data”) collected in
connection with your use of our services including our website, mobile application or other digital channel
operated by us (each a “Channel”).



As both a controller and processor of Personal Data we respect the confidentiality and privacy of the
individuals that use our Channels. This Privacy Policy describes what Personal Data we collect, how we
use and share that information, and what choices are available to you about our use of the information.


We will collect your Personal Data when you use:

  • websites linked to our services including our website at;
  • mobile applications linked to our services directly or via Channels;
  • when you register with us as a Business-to-Business (B2B) customer; or
  • any of the services you can get access to through mobile applications or websites or other digital

When we say ‘Personal Data’, we mean information which can be used to personally identify you (for
example, a combination of your name and address and identification documents).

THIS POLICY CONTAINS IMPORTANT INFORMATION and explains what information we collect, how
we use it, and your rights if you want to change how we use your Personal Data. Therefore, it is important
for you to know your rights.

If you have concerns about how we use your Personal Data, you can contact us at


We collect information about you from various sources and by various methods which may include
information that you submit to us manually or information that we collect automatically. The Personal Data
we collect about you includes information that we collect when we setup, administer, and manage our
relationship with customers and users of our Channels. This information is used by us for different reasons in connection with the products and services you obtain from us and the Channels you use. For
example, if you contact us via the Channel and submit your information to us, we will collect the
information you provide; or, if you use the Channel we will track and monitor your visits and activities
using cookies or other automated techniques.
The table below explains what Personal Data we collect and use.

Information you give us

We collect information you provide when you:

  • fill in any forms;
  • correspond with us;
  • register to use a Channel;
  • open an account or use any of our services;
  • take part in online discussions, surveys or promotions;
  • speak with a member of our customer support team; or
  • contact us for other reasons.

We will collect the following information:

  • Personal details like full name, address, date of birth, place
    of birth;
  • Contact details like email address, phone number, fax
    number, mailing address, residential address;
  • Information about your identity, such as a copy of your ID
    document, biometric data and video and or selfie images;
  • Information about your right to live in a particular country
    and your tax residency and tax identification number;
  • Financial details, such as your employment status,
    employment information, details of source of income and
    source of wealth, information on monthly income;
  • Details of your bank account, including the account
    number and IBAN;
  • Information relating to transactions (such as type, dates,
    amounts, currencies, payer and payee details).

Information we get from external sources

We collect Personal Data from third parties, such as
Information & eGovernment Authority (IGA), credit-reference
agencies, financial or credit institutions, official registers, and

We also screen data against fraud prevention agencies and
KYC (Know Your Customer) and AML (Anti Money
Laundering) service providers to fulfil our legal duties;

If you are a B2B customer, we will need to confirm your
identity as part of our KYC process. We will ask you to provide
documents, and will also collect information from third parties,
such as commercial registers, private company information
databases for this purpose.

Information from social media

Occasionally, we will use publicly available information about
you from selected social media websites or apps to carry out
enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to
or collected by us when we conduct general searches on you
(for example, to comply with our anti-money laundering or
sanctions screening obligations).

If you are a B2B customer, we may collect information about
you if you make it publicly available on social media websites
or apps. We only do this as part of our B2B KYC checks. For
example, if you have not yet set up a website for your
business, we may need to look at information available on
social media websites or apps to make sure your business is

Information from publicly available

We collect information and contact details from publicly
available sources, such as official public records, like Sijilat or
UK Companies’ House, media stories, online registers or
directories, and websites for enhanced due diligence checks,
security searches, and KYC purposes for B2B customers.

Please note that the above list is not exhaustive, and that nDigital may also collect and process
Personal Data to the extent this is useful or necessary for the provision of our services, and to comply
with regulatory requirements.

Personal Data may be retained by us for the duration of a customer’s business dealings and beyond, in
accordance with our legal and regulatory obligations, including but not limited to our record retention


Bahrain’s Personal Data Protection Law (PDPL) states that we must have a lawful basis for using your
Personal Data (See also Section 10 below). At least one of the following must apply: contractual or legal
duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain
which one we rely on to use your data in a certain way.

Keeping to our contracts and agreements with you or to enter into a contract with you for
products, services and promotions.

We use details about you to:

  • consider your application.
  • provide the services we agreed to in line with our terms and conditions.
  • contact you about your account and other services you use if you get in touch, or we need to
    tell you about something.
  • to provide information about products and services we provide and promotions that we or our
    affiliates and partners may offer.
  • exercise our rights under contracts we have entered into with you.
  • investigate and resolve complaints and other issues.

Legal obligations

In some cases, we have a legal responsibility to collect and store your Personal Data (for example,
under anti-money laundering laws we must hold certain information about our customers). We:

  • confirm your identity when you sign up or get in touch.
  • check your record at immigration and fraud prevention agencies.
  • prevent illegal activities like money laundering, tax evasion and fraud.
  • keep records of information we hold about you in line with legal requirements.
  • adhere to banking laws and regulations (these mean we sometimes need to share customer
    details with regulators, tax authorities, law enforcement or other third parties).
  • compare information we hold about your account with your tax residency information to make
    sure we do not have a reason to doubt it.

Legitimate interests

We sometimes collect and use your Personal Data , or share it with other organisations, because
we have a legitimate reason to use it and this is reasonable when balanced against your right to
privacy. For example, we might share information with credit bureaus and fraud prevention
agencies so we can benefit from up-to-date information when we make decisions about accounts.
This helps us make responsible decisions and fight financial crime.


We will ask for your consent to:

  • tell you about our products and services, and those of our partners by email or push
    notification if we think they are of interest to you. You can unsubscribe from these by email or
    via the Channels.
  • share information about you with companies we work with when we need your permission.
  • you do not have to share information about yourself if you do not want to. But if you do not,
    you may not be able to use some (or any) of our services.
  • you make withdraw your consent at any time by providing 10 working day prior notice to the
    following email address: Please note that the withdrawal of
    consent may limit or prevent you access to or availability of services. Please also refer to
    section 12 and 14 for further information.


We may use the information we collect about you to:

  • Provide, administer and communicate with you about products, services and promotions that we or
    our affiliates and partners may offer.
  • Operate, analyse and improve our business including: developing new products and services;
    managing and improving our communications; measuring and validating the success of our
    promotional and marketing activity, producing data reports and analysis, and performing
    accounting and finance related activities.
  • Enforce our terms and conditions and comply with legal and regulatory requirements, including
    industry standards and our internal policies.
  • To set up, maintain, and administer the contractual relationship.
  • To check your identity (as part of our KYC process) and decide whether or not to approve your
  • To enable you to manage the customer account with us and to assist you to transact with us.
  • To keep records of communications in order to evidence what has been discussed, keep a record
    of your instructions, and to prevent or detect crime.
  • To record customer account activities where we have reason to believe that fraud or other crimes
    are being committed or where we suspect non-compliance with anti-money laundering regulations
    to which we are subject.
  • To test the performance of our products, services, and internal processes to ensure that your
    Personal Data is only collected as needed and is held and processed securely.
  • To comply with our regulatory obligations under any applicable regulatory regimes.

If we intend to use information collected about you in other ways that are not listed above, we will notify
you at the time we collect the data or before we use it if it is already in our possession.


We share your Personal Data only with companies that provide services to us. By companies we mean
those that help us provide services you use and need to process details about you for this reason. We
share as little information as we can and encrypt and/or make it impossible for you to be identified by the
recipient where possible.

  • Our affiliates; banking, financial-services, distribution and promotional partners; and payment
    networks, including Visa and Mastercard.
  • Know Your Customer (KYC) service providers that help us with identity verification or fraud checks.
  • Cloud computing power and storage providers like Amazon Web Services (AWS) and Microsoft
  • Credit reference/ Fraud prevention agencies.
  • Law enforcement and other external parties, i.e. regulator, external auditor.


We do not sell or otherwise share Personal Data we collect about you with third parties, except as
described here or unless we notify you of our intention to do so at the time the data is collected or such
later date, and obtain your consent.

We may share information in any way necessary to comply with regulatory requirements, industry
standards and our internal policies. This may include sharing the Personal Data we collect with regulators
and external auditors.

We also may share the information with service providers who perform services on our behalf or with
clients that we provide services to as a data processor. We do not authorise service providers to use or
disclose the information except as necessary to perform certain services on our behalf, and if our clients
use or disclose data it will be as described here unless you are notified otherwise, and your consent is
obtained. We require service providers and clients to safeguard the privacy and security of Personal Data
and to meet the same standards of security and ethics as we do.

If we are required to do so by law or legal process, we may disclose information about you to law
enforcement authorities or other government officials, or when we believe disclosure is necessary to
prevent financial loss, or in connection with investigations related to actual or suspected fraudulent or
illegal activity.

In the event we sell or transfer all or a portion of our business or assets the Personal Data that we collect
will be transferred to whoever we sell or transfer our business to. In such an event, we will direct the
transferee to use the Personal Data we have collected in a manner that is consistent with this Privacy
Policy. Following such a sale or transfer, you may contact the entity to which we transferred your
Personal Data with any enquiries concerning the use of any Personal Data that they hold.


You have certain rights regarding the Personal Data we maintain about you. Accordingly, we offer you
certain choices about what Personal Data we collect from you, how we maintain the accuracy of that
information, how we use that information, and how we communicate with you.

You may choose not to provide any Personal Data to us at all by not using the Channel or not submitting
information to us.

You may withdraw any consent you have provided to us, or object at any time on legitimate grounds, to
us holding or using your Personal Data. If you choose to do so we will observe your choice going forward,
and where necessary will withdraw our services in order to meet your request.

You have the right to be provided with access to the Personal Data we maintain about you, and to update
or correct inaccuracies. The right to access Personal Data may be limited in some circumstances by law
or regulatory requirements that we must comply with.

You have the right to inform us should there be any change in your Personal Data, such as your contact
or residential address or employment details, etc. Please inform us without delay.

To request a copy of the information that we hold about you, update your information, update your
preferences or consent on how we use your information, or to ask us to remove your information, please
contact us as specified below.


We maintain administrative, technical and physical controls to protect the Personal Data we hold against
accidental or unauthorised destruction, loss, alteration, access, disclosure or use. This includes the use of
encryption and cyber security techniques on Channels, data servers, and databases.


Bahrain enacted Law No. 30 of 2018 with respect to Personal Data Protection (Data Protection Law) on
July 12, 2018 which came in effect August 1, 2019. Like the General Data Protection Regulation (GDPR),
the PDPL imposes obligation of how businesses manage data, including ensuring that Personal Data is
processed fairly that data owners are notified when their Personal Data is collected and processed, that
collected Personal Data is stored securely and that data owners can exercise tier rights directly with the

nDigital Holdings is a data manager within the meaning of the PDPL and undertakes to hold any
Personal Data provided by customers in confidence and in accordance with legislation.

Customers have the right to lodge a complaint with the local data protection regulator if they are
dissatisfied with the manner in which their Personal Data is used by us. For more information in respect of
this PDPL or the way in which we use customers’ Personal Data, please contact us as specified below.


We will make reasonable efforts to maintain the accuracy of your information for as long as it is being
used by us as set out in this Privacy Policy providing that you keep us up to date. It is your responsibility
to notify us of any changes to your information or contact details as described in paragraph 8 so that we
can continue to provide you with the best possible service.


Upon your request and provided that you do not have an outstanding balance due on your account, we
will close your account as soon as reasonably possible, based on your account activity and in accordance
with applicable product terms and conditions and Laws and Regulations. We do retain Personal Data
from closed accounts to comply with law, prevent fraud, collect any amounts due/ owed, resolve disputes,
troubleshoot problems, assist with any investigations, and take other actions otherwise permitted by law.


We follow generally accepted physical, electronic, and procedural safeguards consistent with the
Personal Data we process and maintain. We use various security measures to protect the information we
collect including encryption, firewalls, and access controls and the security measures that we deploy are
compliance with multiple international security standards including the Payment Card Industry Data
Security Standards (PCI-DSS) and the ISO Information Security Management System (ISO27001). We
also limit access to this information to authorized employees and providers who need to know that


Your information may be retained by us on server computers that maybe located globally in accordance
with applicable laws/ rules. Your information will be kept for a period of 10 years or as may be required
under applicable law. The actual length of time we will retain your Personal Data is also affected by: (1)
your use of the Channel; and (2) any legal or regulatory requirements we are subject to.


Should we make any changes to this Privacy Policy in the future we will provide you with an opportunity
to review the updated Privacy Policy on the applicable Channel and an opportunity to “opt-out” should you
wish to do so. Please check the Channel from time to time to ensure that you are aware of our current
privacy policy, understand and have accepted this Privacy Policy, and understand and have accepted the
Terms and Conditions of use relating to the Channel.


We regularly review our compliance with this Privacy Policy. If we receive a formal written complaint from
you, we will contact you directly to address any of your concerns. We will cooperate with the appropriate
governmental authorities to resolve any complaints regarding the collection, use, transfer or disclosure of
information that cannot be amicably resolved between you and us. The products and services provided
by NDIGITAL are governed by the laws of the Kingdom of Bahrain. Any dispute, controversy or claim
arising out of or relating to this Policy or the breach, termination or validity thereof shall be finally settled
accordingly to the Law.


If, at any time, you have questions, concerns or comments about this Privacy Policy, please feel free to
contact us at, or call our Compliance department on +973 1720 3000.