Infinios Financial Services B.S.C (c) (“Infinios” or “we” or “us” or “our”) is committed to maintaining the confidentiality, integrity, and security of any information about our customers/users (“you” or “your”). This Personal Data Protection Statement (“Statement”) explains how and why we collect, store, and use your personal information (“Personal Data”) collected in connection with your use of our services including our website, mobile application or other digital channel operated by us (each a “Channel”).
BY USING OR OPENING AN ACCOUNT OR SIGNING UP TO INFINIOS PRODUCTS AND SERVICES, YOU AGREE TO BE BOUND BY THIS STATEMENT, AS IT MAY BE AMENDED FROM TIME TO TIME.
1. INTRODUCTION
As both a controller and processor of Personal Data we respect the confidentiality and privacy of the individuals that use our Channels. This Statement describes what Personal Data we collect, how we use and share that information, and what choices are available to you about our use of the information.
2. WHY DO I NEED TO READ THIS STATEMENT?
We will collect your Personal Data when you use:
When we say ‘Personal Data’, we mean information which can be used to personally identify you (for example, a combination of your name and address and identification documents).
THIS STATEMENT CONTAINS IMPORTANT INFORMATION and explains what information we collect, how we use it, and your rights if you want to change how we use your Personal Data. Therefore, it is important for you to know your rights.
If you have concerns about how we use your Personal Data, you can contact us at privacy@infinios.com
3. INFORMATION WE COLLECT
We collect information about you from various sources and by various methods which may include information that you submit to us manually or information that we collect automatically. The Personal Data we collect about you includes information that we collect when we setup, administer, and manage our relationship with customers and users of our Channels. This information is used by us for different reasons in connection with the products and services you obtain from us and the Channels you use. For example, if you contact us via the Channel and submit your information to us, we will collect the information you provide; or, if you use the Channel, we will track and monitor your visits and activities using cookies or other automated techniques.
The table below explains what Personal Data we collect and use.
| Type of Personal Data | Details |
| Information you give us | We collect information you provide when you: 1. fill in any forms; 2. correspond with us; 3. register to use a Channel; 4. open an account or use any of our services; 5. take part in online discussions, surveys or promotions; 6. speak with a member of our customer support team; or 7. contact us for other reasons. We will collect the following information: 1. Personal details like full name, address, date of birth, place of birth; 2. Contact details like mail address, phone number, fax number, mailing address, residential address; 3. Information about your identity, such as a copy of your ID document, biometric data and video and or selfie images; 4. Information about your right to live in a particular country and your tax residency and tax identification number; 5. Financial details, such as your employment status, employment information, details of source of income and source of wealth, information on monthly income; 6. Details of your bank account, including the account number and IBAN; 7. Information relating to transactions (such as type, dates, amounts, currencies, payer and payee details). |
| Information we get from external sources | We collect Personal Data from third parties, such as Information & eGovernment Authority (IGA), credit-reference agencies, financial or credit institutions, official registers, and databases; We also screen data against fraud prevention agencies and KYC (Know Your Customer) and AML (Anti Money Laundering) service providers to fulfil our legal duties; If you are a B2B customer, we will need to confirm your identity as part of our KYC process. We will ask you to provide documents, and will also collect information from third parties, such as commercial registers, private company information databases for this purpose. |
| Information from social media | Occasionally, we will use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to or collected by us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations). If you are a B2B customer, we may collect information about you if you make it publicly available on social media websites or apps. We only do this as part of our B2B KYC checks. For example, if you have not yet set up a website for your business, we may need to look at information available on social media websites or apps to make sure your business is legitimate. |
| Information from publicly available sources | We collect information and contact details from publicly available sources, such as official public records, like Sijilat or UK Companies’ House, media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes for B2B customers. |
Please note that the above list is not exhaustive, and that Infinios may also collect and process Personal Data to the extent that is useful or necessary for the provision of our services, and to comply with regulatory requirements.
Personal Data may be retained by us for the duration of a customer’s business dealings and beyond, in accordance with our legal and regulatory obligations, including but not limited to our record retention policy.
4. OUR REASONS FOR USING YOUR INFORMATION
Bahrain’s Personal Data Protection Law (PDPL) states that we must have a lawful basis for using your Personal Data (See also Section 10 below). At least one of the following must apply: identity verification, contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.
Information obtained from you:
We use details about you to:
In some cases, we have a legal responsibility to collect and store your Personal Data (for example, under anti-money laundering laws we must hold certain information about our customers). We:
We sometimes collect and use your Personal Data or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy. For example, we might share information with credit bureaus and fraud prevention agencies so we can benefit from up-to-date information when we make decisions about accounts. This helps us make responsible decisions and fight financial crime.
We will ask for your consent to:
5. HOW WE USE THE INFORMATION WE COLLECT
We may use the information we collect about you to:
If we intend to use information collected about you in other ways that are not listed above, we will notify you at the time we collect the data or before we use it if it is already in our possession.
6. WHO WE SHARE YOUR DATA WITH?
We share your Personal Data only with companies that provide services to us. By companies we mean those that help us provide services you use and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible.
7. DISCLOSURE OF INFORMATION
We do not sell or otherwise share Personal Data we collect about you with third parties, except as described here or unless we notify you of our intention to do so at the time the data is collected or such later date, and obtain your consent.
We may share information in any way necessary to comply with regulatory requirements, industry standards and our internal policies. This may include sharing the Personal Data we collect with regulators and external auditors.
We also may share the information with service providers who perform services on our behalf or with clients that we provide services to as a data processor. We do not authorize service providers to use or disclose the information except as necessary to perform certain services on our behalf, and if our clients use or disclose data it will be as described here unless you are notified otherwise, and your consent is obtained. We require service providers and clients to safeguard the privacy and security of Personal Data and to meet the same standards of security and ethics as we do.
If we are required to do so by law or legal process, we may disclose information about you to law enforcement authorities or other government officials, or when we believe disclosure is necessary to prevent financial loss, or in connection with investigations related to actual or suspected fraudulent or illegal activity.
In the event we sell or transfer all or a portion of our business or assets the Personal Data that we collect will be transferred to whoever we sell or transfer our business to. In such an event, we will direct the transferee to use the Personal Data we have collected in a manner that is consistent with this Statement. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Data with any enquiries concerning the use of any Personal Data that they hold.
8. YOUR RIGHTS AND CHOICES
You have certain rights regarding the Personal Data we maintain about you. Accordingly, we offer you certain choices about what Personal Data we collect from you, how we maintain the accuracy of that information, how we use that information, and how we communicate with you.
You may choose not to provide any Personal Data to us at all by not using the Channel or not submitting information to us.
You may withdraw any consent you have provided to us, or object at any time on legitimate grounds, to us holding or using your Personal Data. If you choose to do so we will observe your choice going forward, and where necessary will withdraw our services in order to meet your request.
You have the right to be provided with access to the Personal Data we maintain about you, and to update or correct inaccuracies. The right to access Personal Data may be limited in some circumstances by law or regulatory requirements that we must comply with.
You have the right to inform us should there be any change in your Personal Data, such as your contact or residential address or employment details, etc. Please inform us without delay.
To request a copy of the information that we hold about you, update your information, update your preferences or consent on how we use your information, or to ask us to remove your information, please contact us as specified below.
9. HOW WE PROTECT PERSONAL DATA
We maintain administrative, technical and physical controls to protect the Personal Data we hold against accidental or unauthorized destruction, loss, alteration, access, disclosure or use. This includes the use of encryption and cyber security techniques on Channels, data servers, and databases.
10. BAHRAIN’S PERSONAL DATA PROTECTION LAW (PDPL)
Bahrain enacted Law No. 30 of 2018 with respect to Personal Data Protection (Data Protection Law) on July 12, 2018 which came in effect August 1, 2019. Like the General Data Protection Regulation (GDPR), the PDPL imposes obligation of how businesses manage data, including ensuring that Personal Data is processed fairly that data owners are notified when their Personal Data is collected and processed, that collected Personal Data is stored securely and that data owners can exercise tier rights directly with the Business.
Infinios is a data manager within the meaning of the PDPL and undertakes to hold any Personal Data provided by customers in confidence and in accordance with legislation.
Customers have the right to lodge a complaint with the local data protection regulator if they are dissatisfied with the manner in which their Personal Data is used by us. For more information in respect of this PDPL or the way in which we use customers’ Personal Data, please contact us as specified below.
11. KEEPING YOUR PERSONAL DATA ACCURATE
We will make reasonable efforts to maintain the accuracy of your information for as long as it is being used by us as set out in this Statement providing that you keep us up to date. It is your responsibility to notify us of any changes to your information or contact details as described in paragraph 8 so that we can continue to provide you with the best possible service.
12. CLOSING AN ACCOUNT
Upon your request and provided that you do not have an outstanding balance due on your account, we will close your account as soon as reasonably possible, based on your account activity and in accordance with applicable product terms and conditions and Laws and Regulations. We do retain Personal Data from closed accounts to comply with law, prevent fraud, collect any amounts due/ owed, resolve disputes, troubleshoot problems, assist with any investigations, and take other actions otherwise permitted by law.
13. SECURITY
We follow generally accepted physical, electronic, and procedural safeguards consistent with the Personal Data we process and maintain. We use various security measures to protect the information we collect including encryption, firewalls, and access controls and the security measures that we deploy are compliance with multiple international security standards including the Payment Card Industry Data Security Standards (PCI-DSS) and the ISO Information Security Management System (ISO27001). We also limit access to this information to authorized employees and providers who need to know that information.
14. RETENTION
Your information may be retained by us on server computers that maybe located globally in accordance with applicable laws/ rules. Your information will be kept for a period of 10 years or as may be required under applicable law. The actual length of time we will retain your Personal Data is also affected by: (1) your use of the Channel; and (2) any legal or regulatory requirements we are subject to.
15. CHANGE OF PERSONAL DATA PROTECTION STATEMENT
Should we make any changes to this Statement in the future we will provide you with an opportunity to review the updated Statement on the applicable Channel and an opportunity to “opt-out” should you wish to do so. Please check the Channel from time to time to ensure that you are aware of our current Statement, understand and have accepted this Statement, and understand and have accepted the Terms and Conditions of use relating to the Channel.
16. HOW TO MAKE A COMPLAINT
We regularly review our compliance with this Statement. If we receive a formal written complaint from you, we will contact you directly to address any of your concerns. We will cooperate with the appropriate governmental authorities to resolve any complaints regarding the collection, use, transfer or disclosure of information that cannot be amicably resolved between you and us. The products and services provided by Infinios are governed by the laws of the Kingdom of Bahrain. Any dispute, controversy or claim arising out of or relating to this Statement, or the breach, termination or validity thereof shall be finally settled accordingly to the Law.
17. CONTACT US
If, at any time, you have questions, concerns or comments about this Statement, please feel free to contact us at privacy@infinios.com, or call our Compliance department on +973 1720 3000.
