PROCCO FINANCIAL SERVICES W.L.L.

 DATA PRIVACY NOTICE

A. Introduction 

1.    This Data Privacy Notice defines procedures adopted by Procco Financial Services W.L.L (“Procco” or “The Company”) in respect of maintaining the confidentiality, integrity and security of all personal data collected and stored by us through all channels and means including our Company and websites.

2.    This Data Privacy Notice also covers any additional personal information that we may collect from customers and process, during or through other interactions, either directly with Procco or through our data processors.

3.    We take the protection of your personal and sensitive data seriously, and treats your data in accordance to applicable data protection regulations.

4.    This privacy notice should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing Personal Data.

This privacy notice has been developed in line with the provisions of the Bahrain Personal Data Protection Law (No. 30 of 2018) (“PDPL”) which came to effect on 1 August 2019

B. Information Requested and Collected by Us:

 

1.    As part of our legitimate business use, and for the purpose of providing our services, we must collect and process the following categories of personal data about our customers.

Data Class Personal Data
Personally Identifiable Information CPR, Passport copies
Contact information Mobile number, Email ID
Financial information Bank details and salary slips
CCTV in Company premises When you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
Customer support Customer care call, chat & email records are maintained for quality assurance

2.    Personal data collected and processed by us is restricted to the minimum information that we require in order to provide services to our customers, or to comply with any regulatory provisions or directions as may apply. Not having this information could result in our inability to provide the services requested by our customers or could affect the quality of those services.

C. Information That You Provide Voluntarily:

 

1.    We collect personal data that you provide voluntarily through our website: for example, when completing online forms to contact us or subscribing to a newsletter. Personal data we collect may include: 

a.    Name

b.    Job title, level, job function or role

c.    Company or organization

d.    Contact information, including email address and telephone numbers

e.    Demographic information, such as industry, country, appointment requirements

f.     Information pertinent to fulfilling our services to you

g.    Any other personal data that you voluntarily provide to us.

h.    We do not intentionally collect sensitive personal data. 

2.    Information provided by you on behalf of a wholly or partially incompetent data owner shall be considered within the limits of the law if you are the legal guardian, executor or custodian.

D. Information That We Collect Automatically

 

1.    When you visit our website, we collect certain personal data automatically through cookies from your device such as: 

a.    Your IP addresses

b.    Device type

c.    Browser type, broad geographic location (on a country or city level)

d.    Other technical information.

e.    We also collect information about how your device has interacted with our site, including webpages accessed and links clicked. Collecting this information enables us to better understand visitors who come to our website, such as where they come from and what content on our website is of interest to them. We use this information for internal analytics and to improve the quality and relevance of our website for our visitors.

2.    Please note that Procco is not responsible for any personal data that may be collected and processed by any third party (i.e. any party other than Procco) as a result of any person accessing any third party plugin or website though Procco’s website.

 

E. Our Use of Your Personal Data:

 

1.    We may process your personal data for any or all of the following purposes: 

a.    To provide financial and loyalty card services to you;

b.    To administer our relationship and maintain contractual relations;

c.    To comply with our legal and regulatory obligations;

d.    To establish, exercise or defend legal rights;

e.    For historical and statistical purposes;

f.     For credit check and fraud prevention purposes;

g.    For research, analytics and enhancement of Procco Financial services

F. Legitimate Bases for Processing Personal Data of a Customer of Procco:

 

1.    We rely upon the following legitimate bases to process your personal data: 

a.    Explicit consent from you;

b.    Compliance with a legal or regulatory obligation;

c.    To perform our obligations under a contractual arrangement with you;

d.    Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights).

G. Marketing:

 

We do not provide any personal information to any third parties for marketing or promotion purposes.

H. Data Disclosure:

 

1.    We will only disclose your personal data to third-parties outside of Procco in the following circumstances: 

  1. When explicitly requested by you;

  2. To perform our obligations under a contractual arrangement with you; or

  3. As compelled by a court order or by any other legal or regulatory requirement.

2.    Third-party recipients of personal data may include: 

  1. Professional advisors such as law firms, tax advisors or auditors

  2. Insurers and Third Party Administrators

  3. Tax and customs and excise authorities

  4. National Bureau of Taxation

  5. Providers of identity verification services

  6. Credit reference agencies

  7. The courts, police and law enforcement agencies

  8. Government departments and agencies

  9. Emergency services

3.    This website may include links to third-party websites, plug-ins and applications which are not maintained or controlled by Procco. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you look at other websites, we encourage you to read the Privacy Policy of every website you visit.

I. Data Retention:

 

1.    Once registered, your personal data will be stored with us in both physical and digital formats. 

2.    Our policy is to retain personal data only for as long as it is needed. Retention periods are set in accordance with local regulatory and professional retention requirements to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archival purposes. 

3.    For historical statistical analysis, we may need to retain information for significant periods of time after suitably anonymizing the information.

J. Transfer of Data Outside Bahrain:

 

Bahrain’s Personal Data Protection Law 2018 sets out the circumstances under which personal data may be transferred outside of Bahrain. Except in the circumstances described in Section H above (“Data Disclosure”), where you have explicitly consented to your personal data being disclosed to any third party or parties, we will only disclose your personal data to such third party or parties where they have undertaken, in advance and in writing, to maintain the confidentiality, integrity and security of the personal data concerned, in accordance with applicable laws.

 

K. Our Data Security Measures:

 

1.    Our Data Managers are responsible for ensuring the application of technical and organizational measures that may arise from this processing. Our various security measures include encryption, firewalls and access controls. 

2.    Data is shared within Procco (including Applications Review, Operations, Compliance, Human Resources and Administration, Finance, Call Center, Information Technology, etc.) on a need to know basis and under strict confidentiality arrangements. 

3.    Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats.  We have implemented suitable measures to identify, monitor and report any breaches to data protection authority of Kingdom of Bahrain.

L. Your Legal Rights:

 

1.    Under the provisions of the law, you are provided with the following rights in relation to the processing of your personal data. To exercise your rights under the law, you may be required to authenticate yourself with adequate proof of identity.

  1. Right to enquire - You have the right to request and obtain information on your personal data that we hold and the purpose for which it is maintained by us

  2. Right to object - You have the right to object for collection, storage or retention of your personal data that we process.

  3. Right to Demand rectification- You have the right to request to rectify, block or erase your personal data, as the case may be, if the processing thereof is done in contravention of the provisions of the law, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.

  4. Right to withdraw consent- At any time, subsequent to providing consent, you have the right to withdraw the consent provided. Withdrawal of consent will be applicable to future use of the personal data and will not in any way impact legitimate use of the personal information prior to the withdrawal of the consent. Withdrawal of consent to process certain mandatory personal data related to services provided by Procco may result in our inability to continue the provision of those services.

  5. Right to Complain- You may submit a complaint to the Authority, if you have reason to believe that any violation of the provisions of this privacy law has occurred or that we are processing personal data in contravention of its provisions.

M. Your Responsibilities:

 

1.    We are required by law to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) prior to processing any requests from you, to ensure that your personal data is not disclosed to any person who has no right to receive it. 

2.    We may also contact you to ask you for further information in relation to your request to speed up our response.

3.    It is important that the Personal Data we hold about you is accurate and up-to-date. It is your obligation to keep us informed if your Personal Data changes during your relationship with us, by visiting our Company or by contacting our customer care services.

N. Complaints and Objections:

 

1.    We take your privacy seriously.  If you believe that there has been an alleged breach of privacy of your personal data, please reach out to us on any of the undermentioned channels: 

a.    Through our Customer Services team (Call Center) at our Company; or

b.    email : DPO@Procco.com

2.    We appreciate the chance to deal with your concerns and are committed to resolving them in an efficient and timely manner.