nDigital Holdings SPC (“nDigital” or “we” or “us” or “our”) is committed to maintaining the confidentiality,
integrity, and security of any information about our customers/ users (“you” or “your”). This Privacy Policy
explains how and why we collect, store, and use your personal information (“Personal Data”) collected in
connection with your use of our services including our website, mobile application or other digital channel
operated by us (each a “Channel”).
BY USING OR OPENING AN ACCOUNT OR SIGNING UP TO nDIGITAL PRODUCTS AND SERVICES, YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY, AS IT MAY BE AMENDED FROM TIME TO TIME.
1. INTRODUCTION
As both a controller and processor of Personal Data we respect the confidentiality and privacy of the
individuals that use our Channels. This Privacy Policy describes what Personal Data we collect, how we
use and share that information, and what choices are available to you about our use of the information.
2. WHY DO I NEED TO READ THIS POLICY?
We will collect your Personal Data when you use:
When we say ‘Personal Data’, we mean information which can be used to personally identify you (for
example, a combination of your name and address and identification documents).
THIS POLICY CONTAINS IMPORTANT INFORMATION and explains what information we collect, how
we use it, and your rights if you want to change how we use your Personal Data. Therefore, it is important
for you to know your rights.
If you have concerns about how we use your Personal Data, you can contact us at
privacy@ndigitalventures.com
3. INFORMATION WE COLLECT
We collect information about you from various sources and by various methods which may include
information that you submit to us manually or information that we collect automatically. The Personal Data
we collect about you includes information that we collect when we setup, administer, and manage our
relationship with customers and users of our Channels. This information is used by us for different reasons in connection with the products and services you obtain from us and the Channels you use. For
example, if you contact us via the Channel and submit your information to us, we will collect the
information you provide; or, if you use the Channel we will track and monitor your visits and activities
using cookies or other automated techniques.
The table below explains what Personal Data we collect and use.
Information you give us
We collect information you provide when you:
We will collect the following information:
Information we get from external sources
We collect Personal Data from third parties, such as
Information & eGovernment Authority (IGA), credit-reference
agencies, financial or credit institutions, official registers, and
databases;
We also screen data against fraud prevention agencies and
KYC (Know Your Customer) and AML (Anti Money
Laundering) service providers to fulfil our legal duties;
If you are a B2B customer, we will need to confirm your
identity as part of our KYC process. We will ask you to provide
documents, and will also collect information from third parties,
such as commercial registers, private company information
databases for this purpose.
Information from social media
Occasionally, we will use publicly available information about
you from selected social media websites or apps to carry out
enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to
or collected by us when we conduct general searches on you
(for example, to comply with our anti-money laundering or
sanctions screening obligations).
If you are a B2B customer, we may collect information about
you if you make it publicly available on social media websites
or apps. We only do this as part of our B2B KYC checks. For
example, if you have not yet set up a website for your
business, we may need to look at information available on
social media websites or apps to make sure your business is
legitimate.
Information from publicly available
sources
We collect information and contact details from publicly
available sources, such as official public records, like Sijilat or
UK Companies’ House, media stories, online registers or
directories, and websites for enhanced due diligence checks,
security searches, and KYC purposes for B2B customers.
Please note that the above list is not exhaustive, and that nDigital may also collect and process
Personal Data to the extent this is useful or necessary for the provision of our services, and to comply
with regulatory requirements.
Personal Data may be retained by us for the duration of a customer’s business dealings and beyond, in
accordance with our legal and regulatory obligations, including but not limited to our record retention
policy.
4. OUR REASONS FOR USING YOUR INFORMATION
Bahrain’s Personal Data Protection Law (PDPL) states that we must have a lawful basis for using your
Personal Data (See also Section 10 below). At least one of the following must apply: contractual or legal
duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain
which one we rely on to use your data in a certain way.
Keeping to our contracts and agreements with you or to enter into a contract with you for
products, services and promotions.
We use details about you to:
Legal obligations
In some cases, we have a legal responsibility to collect and store your Personal Data (for example,
under anti-money laundering laws we must hold certain information about our customers). We:
Legitimate interests
We sometimes collect and use your Personal Data , or share it with other organisations, because
we have a legitimate reason to use it and this is reasonable when balanced against your right to
privacy. For example, we might share information with credit bureaus and fraud prevention
agencies so we can benefit from up-to-date information when we make decisions about accounts.
This helps us make responsible decisions and fight financial crime.
Consent
We will ask for your consent to:
5. HOW WE USE THE INFORMATION WE COLLECT
We may use the information we collect about you to:
If we intend to use information collected about you in other ways that are not listed above, we will notify
you at the time we collect the data or before we use it if it is already in our possession.
WHO WE SHARE YOUR DATA WITH?
We share your Personal Data only with companies that provide services to us. By companies we mean
those that help us provide services you use and need to process details about you for this reason. We
share as little information as we can and encrypt and/or make it impossible for you to be identified by the
recipient where possible.
7. DISCLOSURE OF INFORMATION
We do not sell or otherwise share Personal Data we collect about you with third parties, except as
described here or unless we notify you of our intention to do so at the time the data is collected or such
later date, and obtain your consent.
We may share information in any way necessary to comply with regulatory requirements, industry
standards and our internal policies. This may include sharing the Personal Data we collect with regulators
and external auditors.
We also may share the information with service providers who perform services on our behalf or with
clients that we provide services to as a data processor. We do not authorise service providers to use or
disclose the information except as necessary to perform certain services on our behalf, and if our clients
use or disclose data it will be as described here unless you are notified otherwise, and your consent is
obtained. We require service providers and clients to safeguard the privacy and security of Personal Data
and to meet the same standards of security and ethics as we do.
If we are required to do so by law or legal process, we may disclose information about you to law
enforcement authorities or other government officials, or when we believe disclosure is necessary to
prevent financial loss, or in connection with investigations related to actual or suspected fraudulent or
illegal activity.
In the event we sell or transfer all or a portion of our business or assets the Personal Data that we collect
will be transferred to whoever we sell or transfer our business to. In such an event, we will direct the
transferee to use the Personal Data we have collected in a manner that is consistent with this Privacy
Policy. Following such a sale or transfer, you may contact the entity to which we transferred your
Personal Data with any enquiries concerning the use of any Personal Data that they hold.
8. YOUR RIGHTS AND CHOICES
You have certain rights regarding the Personal Data we maintain about you. Accordingly, we offer you
certain choices about what Personal Data we collect from you, how we maintain the accuracy of that
information, how we use that information, and how we communicate with you.
You may choose not to provide any Personal Data to us at all by not using the Channel or not submitting
information to us.
You may withdraw any consent you have provided to us, or object at any time on legitimate grounds, to
us holding or using your Personal Data. If you choose to do so we will observe your choice going forward,
and where necessary will withdraw our services in order to meet your request.
You have the right to be provided with access to the Personal Data we maintain about you, and to update
or correct inaccuracies. The right to access Personal Data may be limited in some circumstances by law
or regulatory requirements that we must comply with.
You have the right to inform us should there be any change in your Personal Data, such as your contact
or residential address or employment details, etc. Please inform us without delay.
To request a copy of the information that we hold about you, update your information, update your
preferences or consent on how we use your information, or to ask us to remove your information, please
contact us as specified below.
9. HOW WE PROTECT PERSONAL DATA
We maintain administrative, technical and physical controls to protect the Personal Data we hold against
accidental or unauthorised destruction, loss, alteration, access, disclosure or use. This includes the use of
encryption and cyber security techniques on Channels, data servers, and databases.
10. BAHRAIN’S PERSONAL DATA PROTECTION LAW (PDPL)
Bahrain enacted Law No. 30 of 2018 with respect to Personal Data Protection (Data Protection Law) on
July 12, 2018 which came in effect August 1, 2019. Like the General Data Protection Regulation (GDPR),
the PDPL imposes obligation of how businesses manage data, including ensuring that Personal Data is
processed fairly that data owners are notified when their Personal Data is collected and processed, that
collected Personal Data is stored securely and that data owners can exercise tier rights directly with the
Business.
nDigital Holdings is a data manager within the meaning of the PDPL and undertakes to hold any
Personal Data provided by customers in confidence and in accordance with legislation.
Customers have the right to lodge a complaint with the local data protection regulator if they are
dissatisfied with the manner in which their Personal Data is used by us. For more information in respect of
this PDPL or the way in which we use customers’ Personal Data, please contact us as specified below.
11. KEEPING YOUR PERSONAL DATA ACCURATE
We will make reasonable efforts to maintain the accuracy of your information for as long as it is being
used by us as set out in this Privacy Policy providing that you keep us up to date. It is your responsibility
to notify us of any changes to your information or contact details as described in paragraph 8 so that we
can continue to provide you with the best possible service.
12. CLOSING AN ACCOUNT
Upon your request and provided that you do not have an outstanding balance due on your account, we
will close your account as soon as reasonably possible, based on your account activity and in accordance
with applicable product terms and conditions and Laws and Regulations. We do retain Personal Data
from closed accounts to comply with law, prevent fraud, collect any amounts due/ owed, resolve disputes,
troubleshoot problems, assist with any investigations, and take other actions otherwise permitted by law.
13. SECURITY
We follow generally accepted physical, electronic, and procedural safeguards consistent with the
Personal Data we process and maintain. We use various security measures to protect the information we
collect including encryption, firewalls, and access controls and the security measures that we deploy are
compliance with multiple international security standards including the Payment Card Industry Data
Security Standards (PCI-DSS) and the ISO Information Security Management System (ISO27001). We
also limit access to this information to authorized employees and providers who need to know that
information.
14. RETENTION
Your information may be retained by us on server computers that maybe located globally in accordance
with applicable laws/ rules. Your information will be kept for a period of 10 years or as may be required
under applicable law. The actual length of time we will retain your Personal Data is also affected by: (1)
your use of the Channel; and (2) any legal or regulatory requirements we are subject to.
15. CHANGE OF PRIVACY POLICY
Should we make any changes to this Privacy Policy in the future we will provide you with an opportunity
to review the updated Privacy Policy on the applicable Channel and an opportunity to “opt-out” should you
wish to do so. Please check the Channel from time to time to ensure that you are aware of our current
privacy policy, understand and have accepted this Privacy Policy, and understand and have accepted the
Terms and Conditions of use relating to the Channel.
16. HOW TO MAKE A COMPLAINT
We regularly review our compliance with this Privacy Policy. If we receive a formal written complaint from
you, we will contact you directly to address any of your concerns. We will cooperate with the appropriate
governmental authorities to resolve any complaints regarding the collection, use, transfer or disclosure of
information that cannot be amicably resolved between you and us. The products and services provided
by NDIGITAL are governed by the laws of the Kingdom of Bahrain. Any dispute, controversy or claim
arising out of or relating to this Policy or the breach, termination or validity thereof shall be finally settled
accordingly to the Law.
17. CONTACT US
If, at any time, you have questions, concerns or comments about this Privacy Policy, please feel free to
contact us at privacy@ndigitalventures.com, or call our Compliance department on +973 1720 3000.