We are Emirates NBD Bank PJSC, part of the Emirates NBD Group. Our most important asset is you and your trust. We are committed to providing you with exceptional banking services and want you to have trust and confidence in the way we use your personal data. Emirates NBD is committed to protecting your privacy and your Personal Data.

Further this Notice explains the various measures we have in place to protect the security of your Personal Data and minimise the potential for its unauthorised use, disclosure, and destruction.

This Privacy Notice describes how Emirates NBD Group may process your personal data including the data that you provide when you access and use:

  • our websites,
  • our apps (including any of our mobile banking and apps), or
  • any of our other channels for banking services, lifestyle related valued added offers, information and promotions (together, our Channels).

This Data Privacy Notice explains what information we collect, why we collect it, who we share it with, how long we keep it for, and what rights you have in relation to that information. If you give us information about other people (such as your family or joint account holders) you confirm that they understand the information in this Data Privacy Notice about how we use it.

Your data privacy journey with us

We are the data controller in relation to your personal data. If you have any questions about how we use your information, you can contact us by using the Contact Us information at the end of this Privacy Notice.

Data Controller: A data controller is an entity who solely, or jointly with others, determines the purposes (“why”) and means (“how”) of Personal Data Processing. In most cases, we will act as the Controller when Processing your Personal Data – this means we will decide on how to collect, process, and use Personal Data in this role.

Data Processor: A Processor is an entity who processes Personal Data on behalf of another entity, i.e., the Controller, and does so solely on the basis of instructions provided by the Controller.

In some cases, ENBD will act as the Processor when Processing your Personal Data on behalf of another ENBD Group entity. In these cases, ENBD will perform the Processing of the Personal Data under the specific instructions from the ENBD Group entity acting as the Controller.

Data Processing: Processing means any action taken on a set of Personal Data, for example viewing, collecting, using, storing, sharing, manipulating, printing, copying, archiving etc.

CONFIDENTIALITY OF PERSONAL DATA

When we collect personal data, we provide a safe, secure, and confidential environment in all of our delivery Channels to ensure that your personal data remains private and used for the purposes for which it is held.

We have a legal obligation to keep your data confidential, however, we may disclose your data to a third party where:

  • we are legally obliged to do so; the disclosure of your data is imposed by a legal authority; or
  • in circumstances where the disclosure is made with your express consent or through a representative nominated by you.

INFORMATION THAT YOU PROVIDE TO US

We collect data directly from you as our customer or prospective customer. We collect information you provide directly to us through your access or use of ENBD Products and Services. For example, when you apply for a product or service on our website(s), by telephone or when you enter an ENBD premises and engage with one of our employees.

INFORMATION WE COLLECT ABOUT YOU FROM OTHER SOURCES

The Bank may collect information about you from other sources such as but not limited to:

  • Representative(s) of a corporate client;
  • Legal representatives (power of attorney) of a client;
  • People appointed to act on your behalf;
  • Other Emirates NBD Groups;
  • Your employer;
  • Credit Bureaus or credit reporting agencies;
  • Digital identity solutions;
  • Government databases;
  • Law enforcement officials;
  • Co-borrowers / guarantors;
  • Criminal records checks from organisations authorised to provide this data;
  • Beneficiaries of your payment transactions;
  • Nominated contact person by an existing account holder;
  • Third party providers and partners to help us improve the personal data we hold and to provide more relevant and interesting products and services to you; and Reference contacts provided in the application form by you.

INFORMATION WE MAY COLLECT ABOUT OTHER INDIVIDUALS

In certain circumstances, we may be provided information from you about individuals who do not have a direct relationship with us. This may happen, for instance, when you provide us with information about:

  • Representative(s) of a corporate client;
  • Shareholder(s)/Director(s) of a corporate client;
  • Legal representatives (power of attorney) of a client;
  • Ultimate beneficial owners;
  • Successors and right holders;
  • Co-borrowers / guarantors;
  • Employers of our customers;
  • Beneficiaries of your payment transactions;
  • Landlords; and
  • Reference contacts provided in the application form by our (prospective) customer.

We refrain from collecting other types of data than the categories mentioned in this policy, furthermore, personal data collected by our organisation are used only for the stated and explicitly listed purposes within this data privacy notice.

Personal data includes information that we collect and process about you depending on the products or services you obtain or receive. The below is a non-exhaustive list which highlights some, but not all, examples of categories of information we collect about you:

Category Description
Account Opening

Identity & Contact Information: We process your Personal Data in order to consider and process your application for an account with us. This Processing is necessary in order for us to take regulatory steps at your request before we enter into an agreement with you and is also necessary for deciding whether or not we can offer you the product you have applied for. This type of Processing is required in order for you to enter into an agreement with us.


Education and Employment Related Data: We also process your data to administer your account with the Bank.


Identity Verification: Personal Data is also required as part of regulatory financial crime protection, including Know Your Customer (“KYC”) process mandated for account opening.
For our electronic services we require at least two forms of evidence to verify your identity which may include your registered mobile number, registered email address, facial recognition, fingerprint, recording of your voice and a video call.
Financial Information: Your financial information, such as credit applications and reports, trade licence number and investment details may also be required for processing during the account opening process.
Administer Your Account Administer Your Account with the Bank: We process your data for the sole purpose of administering your account with the Bank.
Decline Onboarding If your application is declined, we will store your personal information in accordance with our record retention procedures and to comply with our legal obligations.
General Correspondence Information you give to us by filling in any of our forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.
Financial Mediations At Emirates NBD, we authorise debt service partners to carry out collection activities on our behalf. These partners engage with customers who have defaulted, to settle their liabilities with the bank.
Marketing The Bank may process your data for marketing relating purposes to provide you with relevant information regarding the products and services which may be of interest to you.
You will always have the ability to withdraw your consent at any time.
Service Communications The Bank from time to time, will reach out to you via different communication channels to keep you informed of the products and services you are a party to. This will not be a marketing communication and will simply be a communication relating to the products and services you are availing of.
Video Protection (CCTV) The bank deploys surveillance at our premises and ATMs for security purposes.

Information from online activities:

We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using our cookie preference centre on our website.

For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy, which is available on our website.

You must keep your personal data up-to-date – please tell us promptly about any changes, for example, if you have a new address.

We automatically collect the following when you use our website or apps:

  • Technical information, such as your IP address and device ID.
  • Information about your visit, such as your URL and website interaction.
  • Location data, with your approval, used to show you the location of the nearest branch or ATM based on your IP address, coordinates or a unique device code.
  • Networks and connections, when you interact with us and the people and groups that you are connected to (for example, through social media).

Find out more

The Bank is committed to collect used data through lawful and transparent means, furthermore, where required, we will ask for the express consent of the data subject. We may use the categories of personal data explained in the previous section as follows:

How we use your personal data Legal Basis
To create your Emirates NBD bank account.
To identify you when you sign-in to your account.
To provide you with our services, and to fulfil your requests for certain products and services.		 Consent
To tell you about important updates and changes to our Channels, including to our Privacy Notice and other policies and terms. Consent
We use your biometric data for online identity verification. Consent
To understand how you use and interact with our services and the people or things you're connected to and interested in.
To administer and improve the design and functionality of our Channels for a better customer experience.
To conduct profiling and automated decision-making to help us provide you with relevant information, suggestions and recommendations for products.		 Consent
To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning our website or apps. Consent
To contact you for your opinions about our services including through surveys and other market research. Consent
To prevent and detect fraud, money laundering and other crimes (such as identity theft). Consent &
Legal Obligation
To recover debt and exercise other rights we have under any agreement with you as well as to protect ourselves against harm to our rights and interests in property. Consent
To help you to check-in and find local events or offers in your area. Consent
To comply with laws and regulations that apply to us and to co-operate with regulators and law enforcement organisations. Consent &
Legal Obligation
To personalise the marketing messages, we send to you so that they are more relevant and interesting.

When we advertise our products and services on the internet, we may share your information with our advertising partners where we think you may be interested in our offers. When we use social media for marketing purposes your information will be shared with any such platforms so that they can check if you hold an account with them. They may use your information to send our advertisements to you.		 Consent
To enhance your consumer experience, we may share your personal data for direct marketing purposes. Consent

IS IT OBLIGATORY OR VOLUNTARY FOR ME TO PROVIDE MY PERSONAL DATA?

We need your personal data to provide you with the services or products requested by you. We also need to capture expressed consent to be able to process the personal data for fulfilling our contractual and legal obligations.

If you do not provide us with the requested personal data and consent to our methods of processing, we may have to decline your request for our services, or if we are already providing you with the product(s) and service(s) or, we may need to suspend or stop providing you with the product(s) or service(s) which can lead to account(s) closure subject to compliance with our legal obligations to retain data.

It is voluntary for you to provide us your data or consent for sales or marketing purposes.

We make it clear on our application forms what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*).

You can object to further marketing at any time by:

  • Calling our customer call centre on +971 600 54 0000 or texting STOP to 4456;
  • changing your marketing preferences in your account; or
  • sending us an email at [email protected].

Further details of how we will use your information can be found below.

Automated processing

The way we analyse personal data relating to our services may involve profiling or other automated methods to make decisions about you that relate to the following:

  • Credit and affordability checks (including credit limits) – we will consider a number of factors including information about your income, expenses and how well you have kept up on payments in the past.
  • Anti-money laundering, sanctions checks and screening 'politically exposed' people.
  • Monitoring your account for fraud and other financial crime – we will assess your transactions to identify any that are unusual.
  • Assessments required by regulators and appropriate authorities – certain details in your information may suggest that you are likely to become financially vulnerable and we may need to help you.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention in case it pertains to a full automated process and to challenge the decision.

We may share your personal data with:

  • companies within the Emirates NBD Group who may support us in any of the purposes set out in this Privacy Notice;
  • any joint account holders, guarantors, trustees or beneficiaries assigned by you at the onset or during the course of receiving our products/services;
  • anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney;
  • people you make payments to and receive payments from to the extent required for us to meet the contractual and legal requirements;
  • providers of payment-processing services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements;
  • government-authorised Credit Information Agencies and fraud prevention agencies to comply with our legal and regulatory obligations;

Please be advised about the possible limitations of accessing future financial products and/or services based on your records provided to these agencies.

  • any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you;
  • independent third-party service providers and agents (including their sub-contractors) such as collection agents or providers who may deliver a gift or provide a gesture of goodwill;
  • our business partners, together with whom we provide services such as hotels, restaurants, airline partners (whose logo may appear on a credit card we provide) and service providers or agents who provide services on their behalf;
  • insurance providers, including underwriters, brokers and associated parties;
  • analytics providers that assist us in the optimisation of our website and apps including by measuring the performance of our online campaigns and analysing visitor activity;
  • social media companies so they can display messages to you about our products and services or make sure you do not get irrelevant messages;
  • any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover including the transfer of any of our rights or duties under our agreement with you;
  • law enforcement authorities, government bodies (including Al Etihad Credit Bureau), courts, dispute resolution bodies, regulators, auditors and any party appointed by our regulators to carry out investigations or audits of our activities; and
  • where required to do so by court order or where we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation

We take responsibility to protect your personal data. Through due diligence, when engaging with third parties, we ascertain that they either align closely with our Data Privacy Notice or have established comparable standards of protection within their own operations to ensure the utmost safety of your information.

We are headquartered in Dubai in the United Arab Emirates (UAE). We may transfer your personal data to other countries where we (or other companies within the Emirates NBD Group) or our service providers maintain operations.

When we do this, we'll ensure it has an appropriate level of protection and that the transfer is lawful and appropriate consent has been obtained from you/your authorised signatory/anyone who represents you legally. This includes relying on adequacy decisions issued by the relevant data protection authority and using standard contractual clauses for transfers of personal data. You can obtain more details of the protection given to your information when it is transferred by contacting us using the details below.

The security and confidentiality of your personal data is important to us!

We use a range of measures to keep your personal data secure and protected against unlawful processing and analysis, unauthorised access, accidental loss, destruction, and damage. When we use external service providers, we require them to provide the same standards of data protection as we do.

The Bank deploys a wide range of security measures to ensure the security, confidentiality and integrity of your data. This includes but is not limited to the following:

  • Asset Security
  • Application Security
  • Access Controls
  • Network Security
  • Communication Security
  • Physical Security
  • Organisational Security

Please contact our Customer Service Helpdesk on +971 600 54 0000 in case you receive fraudulent emails or require any assistance using our online banking services.

Children’s data

Protecting the safety of children when they use the Internet is important to us. Our websites and apps are intended for use only by persons who are at least 18 years of age. If you are under the age of 18, your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.

What Happens if There Is a Personal Data Breach?

Whilst we take measures to secure your Personal Data, risks to data security do exist, and there is always a possibility of unauthorised use, disclosure, modification and/or destruction of your Personal Data. In the event of a Personal Data Breach, we will notify you about it and its likely consequences, measures taken by us to mitigate the increased risk and avenues available to you to mitigate the risk as a result of the Personal Data Breach.

For reporting Personal Data Breaches or further information on how we respond to and handle Personal Data Breaches, please contact us at [email protected].

External Links

Our website and apps may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy notices, content of such sites or any personal data collected by such sites

We do not keep your personal data for any period longer than is necessary for the purpose for which your personal data was collected, processed, required by law or where we may need it for our legitimate purposes such as maintaining records for analysis or audit purposes, responding to queries or complaints, monitoring fraud, defending or taking legal action and responding to requests from regulators.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements

In some circumstances you can ask us to delete your data. For further information, please see section “Your Rights”. If you opt out from receiving marketing communications or object to any other processing of your personal data, we may keep a record of your objection to ensure that we continue to respect your wishes and do not contact you further.

Your choices and rights

In certain circumstances, you have the right to:

  • Right of Access: ask for a copy of the personal data we hold about you and obtain information about how we process it; ask us to give you (or a third party chosen by you) an electronic copy of the personal data you have given us;
  • Right to Rectification: ask us to correct personal data we hold;
  • Right to Restrict: ask us to restrict how we use your personal data;
  • Right to Erasure: ask us to delete your personal data;
  • Right to Object: to particular ways we are using your personal data, including objections to marketing;
  • Right to Contact Us: with any enquiries or complaints in respect of your personal data; and
  • Right to Withdraw Consent: to the following at any time:
    • the processing of your personal data by us except where your personal data is required for business operation in relation to the product or service you obtain from us; and
    • sharing your personal data with third parties for purposes such as but not limited to marketing or sales.

Please note that a withdrawal of consent by you will not affect the lawfulness of data processing based on the prior consent. Your withdrawal of consent will take effect within 30 calendar days from the day you request us to do so.

If you wish to exercise any of these rights in relation to the personal data, we hold about you or wish to change your preferences at any time, please contact us, using the details below.

We may need to ask you to verify your identity before allowing you to access your personal data.

Any changes we make to our Privacy Notice will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail.

This privacy notice was last updated on 18th August 2023.

INFORMATION THAT YOU PROVIDE TO US

We collect data directly from you as our customer or prospective customer. We collect information you provide directly to us through your access or use of ENBD Products and Services. For example, when you apply for a product or service on our website(s), by telephone or when you enter an ENBD premises and engage with one of our employees.

INFORMATION WE COLLECT ABOUT YOU FROM OTHER SOURCES

The Bank may collect information about you from other sources such as but not limited to:

  • Representative(s) of a corporate client;
  • Legal representatives (power of attorney) of a client;
  • People appointed to act on your behalf;
  • Other Emirates NBD Groups;
  • Your employer;
  • Credit Bureaus or credit reporting agencies;
  • Digital identity solutions;
  • Government databases;
  • Law enforcement officials;
  • Co-borrowers / guarantors;
  • Criminal records checks from organisations authorised to provide this data;
  • Beneficiaries of your payment transactions;
  • Nominated contact person by an existing account holder;
  • Third party providers and partners to help us improve the personal data we hold and to provide more relevant and interesting products and services to you; and Reference contacts provided in the application form by you.

INFORMATION WE MAY COLLECT ABOUT OTHER INDIVIDUALS

In certain circumstances, we may be provided information from you about individuals who do not have a direct relationship with us. This may happen, for instance, when you provide us with information about:

  • Representative(s) of a corporate client;
  • Shareholder(s)/Director(s) of a corporate client;
  • Legal representatives (power of attorney) of a client;
  • Ultimate beneficial owners;
  • Successors and right holders;
  • Co-borrowers / guarantors;
  • Employers of our customers;
  • Beneficiaries of your payment transactions;
  • Landlords; and
  • Reference contacts provided in the application form by our (prospective) customer.

We refrain from collecting other types of data than the categories mentioned in this policy, furthermore, personal data collected by our organisation are used only for the stated and explicitly listed purposes within this data privacy notice.

Personal data includes information that we collect and process about you depending on the products or services you obtain or receive. The below is a non-exhaustive list which highlights some, but not all, examples of categories of information we collect about you:

Category Description
Account Opening

Identity & Contact Information: We process your Personal Data in order to consider and process your application for an account with us. This Processing is necessary in order for us to take regulatory steps at your request before we enter into an agreement with you and is also necessary for deciding whether or not we can offer you the product you have applied for. This type of Processing is required in order for you to enter into an agreement with us.


Education and Employment Related Data: We also process your data to administer your account with the Bank.


Identity Verification: Personal Data is also required as part of regulatory financial crime protection, including Know Your Customer (“KYC”) process mandated for account opening.
For our electronic services we require at least two forms of evidence to verify your identity which may include your registered mobile number, registered email address, facial recognition, fingerprint, recording of your voice and a video call.
Financial Information: Your financial information, such as credit applications and reports, trade licence number and investment details may also be required for processing during the account opening process.
Administer Your Account Administer Your Account with the Bank: We process your data for the sole purpose of administering your account with the Bank.
Decline Onboarding If your application is declined, we will store your personal information in accordance with our record retention procedures and to comply with our legal obligations.
General Correspondence Information you give to us by filling in any of our forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.
Financial Mediations At Emirates NBD, we authorise debt service partners to carry out collection activities on our behalf. These partners engage with customers who have defaulted, to settle their liabilities with the bank.
Marketing The Bank may process your data for marketing relating purposes to provide you with relevant information regarding the products and services which may be of interest to you.
You will always have the ability to withdraw your consent at any time.
Service Communications The Bank from time to time, will reach out to you via different communication channels to keep you informed of the products and services you are a party to. This will not be a marketing communication and will simply be a communication relating to the products and services you are availing of.
Video Protection (CCTV) The bank deploys surveillance at our premises and ATMs for security purposes.

Information from online activities:

We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using our cookie preference centre on our website.

For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy, which is available on our website.

You must keep your personal data up-to-date – please tell us promptly about any changes, for example, if you have a new address.

We automatically collect the following when you use our website or apps:

  • Technical information, such as your IP address and device ID.
  • Information about your visit, such as your URL and website interaction.
  • Location data, with your approval, used to show you the location of the nearest branch or ATM based on your IP address, coordinates or a unique device code.
  • Networks and connections, when you interact with us and the people and groups that you are connected to (for example, through social media).

Find out more

The Bank is committed to collect used data through lawful and transparent means, furthermore, where required, we will ask for the express consent of the data subject. We may use the categories of personal data explained in the previous section as follows:

How we use your personal data Legal Basis
To create your Emirates NBD bank account.
To identify you when you sign-in to your account.
To provide you with our services, and to fulfil your requests for certain products and services.		 Consent
To tell you about important updates and changes to our Channels, including to our Privacy Notice and other policies and terms. Consent
We use your biometric data for online identity verification. Consent
To understand how you use and interact with our services and the people or things you're connected to and interested in.
To administer and improve the design and functionality of our Channels for a better customer experience.
To conduct profiling and automated decision-making to help us provide you with relevant information, suggestions and recommendations for products.		 Consent
To contact you if you have asked us to do so including to resolve troubleshooting problems and helping with any issues concerning our website or apps. Consent
To contact you for your opinions about our services including through surveys and other market research. Consent
To prevent and detect fraud, money laundering and other crimes (such as identity theft). Consent &
Legal Obligation
To recover debt and exercise other rights we have under any agreement with you as well as to protect ourselves against harm to our rights and interests in property. Consent
To help you to check-in and find local events or offers in your area. Consent
To comply with laws and regulations that apply to us and to co-operate with regulators and law enforcement organisations. Consent &
Legal Obligation
To personalise the marketing messages, we send to you so that they are more relevant and interesting.

When we advertise our products and services on the internet, we may share your information with our advertising partners where we think you may be interested in our offers. When we use social media for marketing purposes your information will be shared with any such platforms so that they can check if you hold an account with them. They may use your information to send our advertisements to you.		 Consent
To enhance your consumer experience, we may share your personal data for direct marketing purposes. Consent

IS IT OBLIGATORY OR VOLUNTARY FOR ME TO PROVIDE MY PERSONAL DATA?

We need your personal data to provide you with the services or products requested by you. We also need to capture expressed consent to be able to process the personal data for fulfilling our contractual and legal obligations.

If you do not provide us with the requested personal data and consent to our methods of processing, we may have to decline your request for our services, or if we are already providing you with the product(s) and service(s) or, we may need to suspend or stop providing you with the product(s) or service(s) which can lead to account(s) closure subject to compliance with our legal obligations to retain data.

It is voluntary for you to provide us your data or consent for sales or marketing purposes.

We make it clear on our application forms what data is required to be provided by you by marking the mandatory fields with the asterisk symbol (*).

You can object to further marketing at any time by:

  • Calling our customer call centre on +971 600 54 0000 or texting STOP to 4456;
  • changing your marketing preferences in your account; or
  • sending us an email at [email protected].

Further details of how we will use your information can be found below.

Automated processing

The way we analyse personal data relating to our services may involve profiling or other automated methods to make decisions about you that relate to the following:

  • Credit and affordability checks (including credit limits) – we will consider a number of factors including information about your income, expenses and how well you have kept up on payments in the past.
  • Anti-money laundering, sanctions checks and screening 'politically exposed' people.
  • Monitoring your account for fraud and other financial crime – we will assess your transactions to identify any that are unusual.
  • Assessments required by regulators and appropriate authorities – certain details in your information may suggest that you are likely to become financially vulnerable and we may need to help you.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention in case it pertains to a full automated process and to challenge the decision.

We may share your personal data with:

  • companies within the Emirates NBD Group who may support us in any of the purposes set out in this Privacy Notice;
  • any joint account holders, guarantors, trustees or beneficiaries assigned by you at the onset or during the course of receiving our products/services;
  • anyone who provides instructions or operates any of your accounts on your behalf including advisers (such as solicitors and accountants), intermediaries and those under power of attorney;
  • people you make payments to and receive payments from to the extent required for us to meet the contractual and legal requirements;
  • providers of payment-processing services and other businesses that help us process your payments to the extent required for us to meet the contractual and legal requirements;
  • government-authorised Credit Information Agencies and fraud prevention agencies to comply with our legal and regulatory obligations;

Please be advised about the possible limitations of accessing future financial products and/or services based on your records provided to these agencies.

  • any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you;
  • independent third-party service providers and agents (including their sub-contractors) such as collection agents or providers who may deliver a gift or provide a gesture of goodwill;
  • our business partners, together with whom we provide services such as hotels, restaurants, airline partners (whose logo may appear on a credit card we provide) and service providers or agents who provide services on their behalf;
  • insurance providers, including underwriters, brokers and associated parties;
  • analytics providers that assist us in the optimisation of our website and apps including by measuring the performance of our online campaigns and analysing visitor activity;
  • social media companies so they can display messages to you about our products and services or make sure you do not get irrelevant messages;
  • any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover including the transfer of any of our rights or duties under our agreement with you;
  • law enforcement authorities, government bodies (including Al Etihad Credit Bureau), courts, dispute resolution bodies, regulators, auditors and any party appointed by our regulators to carry out investigations or audits of our activities; and
  • where required to do so by court order or where we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation

We take responsibility to protect your personal data. Through due diligence, when engaging with third parties, we ascertain that they either align closely with our Data Privacy Notice or have established comparable standards of protection within their own operations to ensure the utmost safety of your information.

We are headquartered in Dubai in the United Arab Emirates (UAE). We may transfer your personal data to other countries where we (or other companies within the Emirates NBD Group) or our service providers maintain operations.

When we do this, we'll ensure it has an appropriate level of protection and that the transfer is lawful and appropriate consent has been obtained from you/your authorised signatory/anyone who represents you legally. This includes relying on adequacy decisions issued by the relevant data protection authority and using standard contractual clauses for transfers of personal data. You can obtain more details of the protection given to your information when it is transferred by contacting us using the details below.

The security and confidentiality of your personal data is important to us!

We use a range of measures to keep your personal data secure and protected against unlawful processing and analysis, unauthorised access, accidental loss, destruction, and damage. When we use external service providers, we require them to provide the same standards of data protection as we do.

The Bank deploys a wide range of security measures to ensure the security, confidentiality and integrity of your data. This includes but is not limited to the following:

  • Asset Security
  • Application Security
  • Access Controls
  • Network Security
  • Communication Security
  • Physical Security
  • Organisational Security

Please contact our Customer Service Helpdesk on +971 600 54 0000 in case you receive fraudulent emails or require any assistance using our online banking services.

Children’s data

Protecting the safety of children when they use the Internet is important to us. Our websites and apps are intended for use only by persons who are at least 18 years of age. If you are under the age of 18, your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.

What Happens if There Is a Personal Data Breach?

Whilst we take measures to secure your Personal Data, risks to data security do exist, and there is always a possibility of unauthorised use, disclosure, modification and/or destruction of your Personal Data. In the event of a Personal Data Breach, we will notify you about it and its likely consequences, measures taken by us to mitigate the increased risk and avenues available to you to mitigate the risk as a result of the Personal Data Breach.

For reporting Personal Data Breaches or further information on how we respond to and handle Personal Data Breaches, please contact us at [email protected].

External Links

Our website and apps may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy notices, content of such sites or any personal data collected by such sites

We do not keep your personal data for any period longer than is necessary for the purpose for which your personal data was collected, processed, required by law or where we may need it for our legitimate purposes such as maintaining records for analysis or audit purposes, responding to queries or complaints, monitoring fraud, defending or taking legal action and responding to requests from regulators.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements

In some circumstances you can ask us to delete your data. For further information, please see section “Your Rights”. If you opt out from receiving marketing communications or object to any other processing of your personal data, we may keep a record of your objection to ensure that we continue to respect your wishes and do not contact you further.

Your choices and rights

In certain circumstances, you have the right to:

  • Right of Access: ask for a copy of the personal data we hold about you and obtain information about how we process it; ask us to give you (or a third party chosen by you) an electronic copy of the personal data you have given us;
  • Right to Rectification: ask us to correct personal data we hold;
  • Right to Restrict: ask us to restrict how we use your personal data;
  • Right to Erasure: ask us to delete your personal data;
  • Right to Object: to particular ways we are using your personal data, including objections to marketing;
  • Right to Contact Us: with any enquiries or complaints in respect of your personal data; and
  • Right to Withdraw Consent: to the following at any time:
    • the processing of your personal data by us except where your personal data is required for business operation in relation to the product or service you obtain from us; and
    • sharing your personal data with third parties for purposes such as but not limited to marketing or sales.

Please note that a withdrawal of consent by you will not affect the lawfulness of data processing based on the prior consent. Your withdrawal of consent will take effect within 30 calendar days from the day you request us to do so.

If you wish to exercise any of these rights in relation to the personal data, we hold about you or wish to change your preferences at any time, please contact us, using the details below.

We may need to ask you to verify your identity before allowing you to access your personal data.

Any changes we make to our Privacy Notice will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail.

This privacy notice was last updated on 18th August 2023.

If have any questions about this Privacy Notice, please contact us:

  • By email at: [email protected]
  • By writing to us:
    FAO Group Data Protection Officer
    Emirates NBD Bank PJSC
    P.O. BOX 777, Dubai, United Arab Emirates
  • By phoning our Customer Service Helpdesk: +971 600 54 0000
Term Definition
ENBD means Emirates NBD Bank PJSC and any of its branches, successors, and assignees.
Authority(ies) means legal, supervisory, regulatory, governmental, and quasi-governmental bodies such as the UAE Central Bank, the Securities and Commodities Authority (“SCA”), fraud prevention agencies, tax authorities etc.
Automated Processing means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human.
Applicable Law(s) means all Applicable Law(s) relating to the Processing of Personal Data and privacy, in each case which are in force at the date on which this policy is updated in the UAE including the UAE Data Protection Law as well as the UAE Central Bank Consumer Protection Regulation and accompanying Consumer Protection Standards as amended.
Biometric Data means any Personal Data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of the Data Subject, which allow the identification or confirm the unique identification of the Data Subject, such as facial images or fingerprints.
Central Bank of the United Arab Emirates or UAE Central Bank means the Central Bank of the United Arab Emirates.
Consent means the Consent by which the Data Subject authorises ENBD or third parties to process their Personal Data, provided that such Consent is clear, specific and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of their Personal Data.
Consumer Protection Regulation or CPR means the Consumer Protection Regulation (CPR) of the Central Bank of the United Arab Emirates and accompanying Consumer Protection Standards that apply to all Licenced Financial Institutions licenced by the Central Bank in relation to their activities specified in Article 65 of the Decretal Law No. 14 of 2018.
Consumer Protection Standards or CPS means the Consumer Protection Standards (CPS) of the Central Bank of the United Arab Emirates that accompany the Consumer Protection Regulation and apply to all Licenced Financial Institutions licenced by the Central Bank in relation to their activities specified in Article 65 of the Decretal Law No. 14 of 2018.
Consumer(s) means a Customer for the purpose of UAE Central Bank Consumer Protection Regulation and the accompanying Consumer Protection Standards. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain services and/or products from ENBD, with or without charge, to satisfy their personal need or others’ needs.
Controller(s) means, as per the CPS, a natural or legal person, public authority, agency, or other body that has the authority over the Processing of Personal Data. This entity is the focus of most obligations under privacy and Applicable Law(s). It controls the use of Personal Data by determining the purposes for its use and the manner in which the data will be processed specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity.
means, as per the UAE Data Protection Law, the establishment or the natural person who is in the possession of the Personal Data and who, by virtue of its activity, alone or jointly with other persons or establishments determines the means, methods, criteria and purposes of the Processing of such Personal Data.
Data Breach(es) means, as per the UAE Data Protection Law, a breach of information security and Personal Data through unauthorised or unlawful access thereto, including replication, transmission, distribution, exchange, transfer, communication or Processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed.
Data Protection means the protection of Personal Data.
Data Protection Officer or DPO means any natural or legal person appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof.
Data Protection Regulator means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law(s), for example the UAE Central Bank, as per the CPS and The Emirates Data Office (“The Office”), as per the UAE Data Protection Law.
Data Subject(s) means, as per the UAE Data Protection Law, the natural person to whom Personal Data relates.
Data Subject Right(s) means the set of rights afforded to individuals located in UAE, as per Applicable Law(s), who request information about the Personal Data collected or stored by ENBD and to exert choice or control over how that data is used by ENBD in accordance with Applicable Law(s).
Destruction of Personal Data means Personal Data no longer exists.
Express(ed) Consent means an indication that the Data Subject has given an active, clear and unambiguous agreement for their Personal Data to be used in a specific way, including, for example by signing a document, sending an email.
Know Your Customer or KYC means mandatory requirements to ensure updated information about ENBD’s Customers, to perform identity verification and prevention of illegal transactions through the business relationship with ENBD such as money-laundering, identity theft.
Personal Data means any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his name, voice, image, identification number, online identifier, geographical location, or one or more physical, physiological, economic, cultural, or social characteristics. Personal Data includes Sensitive Personal Data and Biometric Data.
Processing means any operation or set of operations performed upon Personal Data using any electronic means including the Processing or other means, including collection, storage, recording, organisation, adaptation or alteration, communication, modification, retrieval, exchange, sharing, use, description, disclosure by broadcasting, transmission, dissemination, or otherwise making available, formatting, merging, restriction, blocking, erasure, destruction, or creation of a model of Personal Data.
Processor(s) means an establishment or a natural person who processes Personal Data on behalf of the Controller and under his supervision and instructions.
Profiling means a form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to the Data Subject.
Staff means full time staff and contractors of ENBD.
UAE means the United Arab Emirates.

Technical information may include:

  • mobile number;
  • Internet protocol address;
  • login information;
  • browser type and version;
  • browser plug-in types and versions;
  • Device IDs;
  • Google ID;
  • time zone setting;
  • operating system and platform;
  • hardware version;
  • device settings (like language and time zone);
  • file & software names and types;
  • battery & signal strength; and
  • your mobile operator or ISP.

Information about your visit may include:

  • full Uniform Resource Locators;
  • clickstream to, through and from our site (including date and time);
  • page response times & download errors;
  • page interaction information (such as scrolling, clicks, frequency and length of visits, types of content viewed or engaged with, and mouse-overs); and
  • methods used to browse away from the page.

We may also collect any phone number you use to call our customer service team (including call metadata such as the date, time and length of a call) or the social media handle you use to connect with our customer service team. We may record calls for training and performance purposes to establish clear records and for legal reasons.

Location data will include specific geographic locations (such as GPS, Bluetooth and WiFi signals) which we use to provide location services (if you ask or permit us to) so that we can deliver content, advertising and other services that are dependent on knowing where you are. Location data may be collected in combination with your device ID so that we can recognise your mobile browser or device.

See our Cookie Policy for more information on our use of cookies and device identifiers.

Thank you for your feedback!

How was your experience?

We'd love to know.

1 = Poor, 10 = Excellent
Website Settings
Emirates NBD Arabic : العربية
Emirates NBD on Social
You are currently browsing

Personal Banking

Personal Banking
Other segments

About us

About us

Product Documents

Product Documents

Helpful links

Helpful links

Customer support

Customer support

Download our apps

Download our Mobile App

Bank securely anytime and from anywhere

Download our More App
Download our more App

More fun, more rewards

Copyright © 2024

Emirates NBD Bank (P.J.S.C.) is licensed by the Central Bank of the UAE, Baniyas Road, Deira, P.O. Box: 777, Dubai, UAE

Footer Settings