Introduction

SICO BSC (c) and/ or its subsidiaries ("we", "us", and "ours" or “SICO”) is committed to maintaining the confidentiality, integrity and security of information collected from customers, in accordance to applicable privacy laws. For the purposes of applicable privacy law in Bahrain, we are the “Data Manager” in respect of any personal information which we obtain from you.

This Privacy Notice defines who we are, how we collect, share and process your personal information through all means including our corporate offices, subsidiaries, affiliates and website. This notice also covers any additional personal information that SICO may collect from you and process during other interactions either directly with SICO or through its data processors. 

In addition, this notice provides information on how you can exercise your privacy rights under applicable privacy law.

This notice should be read in conjunction with other privacy notices and product/ service terms and conditions we may provide on specific occasions when we are collecting or processing your Personal Data.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the end of this Privacy Notice.

Definitions

Data or Personal Data

Any information of any form related to an identifiable individual/legal entity, or an individual/legal entity who can be identified, directly or indirectly, particularly through his/her personal ID number, or one or more of his/her physical, physiological, intellectual, cultural or economic characteristics or social identity.

To determine whether an individual/legal entity can be identified, all the means used by, or that may be available to, the Data Manager or any other person, shall be taken in consideration.

Personal data that we collect may include name, ID and passport numbers, date of birth, email and address. Personal data and supporting documentation required is available in our application forms.

Personal data that we collect may also include legal entity information such as name, business address, details of incorporation, proof of existence, FATCA & CRS status, structure of legal entity and information regarding key persons and/or stakeholders.

Sensitive Personal Data

Any personal information that reveals, directly or indirectly, the individual/legal entity's race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to his/her health or sexual life.

Sensitive personal data we collect may include CCTV footage at our premises, audio and video call recordings and chats.

Data Manager

The person who decides, solely or in association with others, the purposes and means of processing of certain personal data. In the events where such purposes and means are prescribed by Law, the Data Manager shall be the person who is responsible for the processing.

Data Processor

The person who processes the data for and on behalf of the Data Manager, not including whoever works for the Data Manager or Data Processor.

Processing

Any operation or set of operations carried out on personal data by automated or non-automated means, such as collecting, recording, organising, classifying in groups, storing, modifying, amending, retrieving, using or revealing such data by broadcasting, publishing, transmitting, making them available to others, integrating, blocking, deleting or destroying them.

Direct Marketing

Any communication, by any means, through which a marketing or advertising material is directed to a specific person.

Who we are and what we do?

SICO is a leading regional asset manager, broker, market maker and investment bank. SICO operates under a wholesale banking license from the Central Bank of Bahrain and also oversees three wholly owned subsidiaries: an Abu Dhabi-based brokerage firm, SICO Financial Brokerage and a specialised regional custody house, SICO Fund Services Company (SFS), and a Saudi-based asset management provider, SICO Financial Saudi Company.

Headquartered in the Kingdom of Bahrain with a growing regional and international presence, SICO as a trusted regional bank, offering a comprehensive suite of financial solutions including asset management, brokerage, investment banking, and market making backed by a robust and experienced research team that provides regional insight and analysis of more than 90 percent of the GCC’s major equities.

For more information about SICO, please visit our website https://www.sicobank.com/

What personal information does SICO collect?

The personal information that we may collect about you broadly falls into the following categories:

Information requested and collected by us

As a part of our legitimate business use, we collect and process the following categories of personal information about our past, existing and prospective customers for the purpose of providing our services:

Data class

Data elements

Identifiers

Name, email id, CPR/ID/CR no., passport no.

Contact information

Address, phone, fax and mobile numbers

Financial information

Account/IBAN number, Bank statement, Salary Certificate/Slip, Wealth, Source of Income, Shareholder details

KYC Documentation

Board member details, Signatory authority details, CPR/ CR copy, passport copy, Domicile, MOA/AOA

Usage information

Frequency and type of access, Service/s subscription

Cookies, log files and web beacons

IP address, location, device type, device id, browser type

Sensitive personal information

Physical and biometric information (identifiers)

Photograph

CCTV (in SICO’s Premises)

Video recording

Live calls and chat records

Call recording, Video recording, chat logs

Other Sensitive information

PEP

 

We collect personal information (under few of data classes mentioned above) of authorized signatories, point of contact and/ or nominee for our customers.

Personal data collected and processed by us is restricted to the minimum information required by us to provide our services or as required by the regulators.  The consequence of not providing mandatory information could result in our inability to provide the service requested by you.

Information that you provide voluntarily

We collect personal data that you provide voluntarily through our website, for example, when completing online forms to contact us, subscribing to a newsletter, using one of our online benchmark tools, subscribing to receive marketing communications from us, participating in surveys or registering for events that we are organising. The information we collect about you may include: 

§ Name

§ Company or organisation

§ Company information (as per our KYC forms)

§ Contact information, including email address and telephone numbers

§ Demographic information, such as industry, country, preferences and interests

§ Other information relevant to client surveys or similar research

§ Information pertinent to fulfilling our services to you

§  Any other personal data that you voluntarily provide to us.Information provided by you on behalf of a wholly or partially incompetent data owner shall be considered within the limits of the law if you are the legal guardian, executor or custodian

Information that we collect automatically

When you visit our Website or login into online banking portal, we may collect certain information automatically from your device.

Specifically, the information we collect automatically may include information like:

§ your IP address

§ user id

§ transaction details made on our portal

§ device type

§ unique device identification numbers

§ browser-type

§ broad geographic location (e.g. country or city-level location) and

§  other technical information

We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookies Notice, which is available on our website under “Privacy Notices” section.

Information that we obtain from third party sources

From time to time, we may receive personal information about you from third party sources (including credit reference agencies, World Checking services, other banks who provide references on you), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

The types of information we collect from third parties may include:

§ Criminal records and proceedings checks, immigration status checks and World Checking searches

§ Account and loans information

§ Information to check creditworthiness such as financial history, income and outgoings, credit history and court judgements

§ CCTV footage, if you visit any of our premises

§ Net worth assessments

§ Information about claims and proceedings (or potential claims and proceedings) by or against you

Purposes of collecting and processing your personal data

The purpose of collecting your personal data:

§ To provide investment banking, asset management and other SICO services to you

§ To administer and manage your account(s) and our relationship with you

§ To analyse, develop and improve the quality and relevance our services

§ To protect our business interests and to develop our business strategies

§ For billing, accounting and tax purposes

§ To meet our contractual, legal and regulatory obligations

§ To prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes.

§ To establish, exercise or defend our legal rights

§ For assessment, testing (including systems tests) and analysis (including credit and/ or behavior scoring), statistical, market and product analysis and market research.

§ To share your information with our group companies, partners and service providers to perform the agreement we have with you

§ To recover any debts owing to us

§ For marketing and business development

§ To monitor, record and analyse any communications between you and us

§ To handle enquiries and complaints

§ To contact you, by post, phone, text, email and other digital methods. This may be:

           to help you manage your accounts

           to meet our regulatory obligations

           to provide you statements and other information about products and services you hold with us

Legal basis for processing personal information

We rely upon the following legitimate bases to process your personal data:

§ Explicit consent from you

§ Compliance with a legal or regulatory obligation

§ To perform our obligations under a contractual arrangement with you

§ Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights).

Our legal basis for collecting and processing the personal information described above will depend on the personal information concerned and the specific context in which we collect it. Given the fact that the only personal information collected about you on our website is that which you send to us or which is collected automatically via cookies, and given that you are able to disable cookies if you wish and are deemed to consent to their use if you proceed on our website without disabling them, we regard any information collected as obtained with your consent.

Our Cookie Notice is also on this website and describes what cookies we use and why. When you first go our website https://www.sicobank.com/ there will be a pop-up banner directing you to the Cookie Notice. If you continue to use the website you will be deemed to accept our use of cookies.

Marketing

We will provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.

We may use your Identity, Contact details, Service usage patterns and Profile data to identify potential services which may be of interest to you. 

Opt-in

We will provide you an option to opt-in to our marketing activities (including newsletters, promotions, new service update, etc.) at the time of registering for the services.  Existing customers who are already registered in our systems, will continue to receive our marketing communications unless they opt-out.

Third-party marketing

We will request your express consent before we share your Personal Data with any company outside SICO for marketing purposes.

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

You may still receive messages for a short period of time until updated marketing preferences are set.

Change of purpose

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

If you have questions about or need further information concerning the specific legal basis on which we collect and use your personal information, please contact us using the contact details provided under “How to contact us” section.

If we need to use your Personal Data for an unrelated purpose, we will notify you to explain the legal basis which allows us to do so or, where required by law, to seek your consent.

Who does SICO share my personal information with?

We will only disclose your personal data to our group companies and third-parties outside of SICO:

§ When explicitly requested by you

§ To perform our obligations under a contractual arrangement with you

§ As required by a court order; or

§ Any other legal or regulatory requirement

We may disclose your personal information to the following categories of recipients:

§ Our group companies

§ Professional advisors, such as law firms, tax advisors or auditors

§ Insurers

§ Tax and customs and excise authorities

§ Providers of identity verification services

§ Credit reference agencies

§ Regulatory and other professional bodies

§ The courts, government departments and law enforcement agencies

§ Emergency services, to protect your vital interests or those of any other person

§ A potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business

§ Any other person with your consent to the disclosure

§ Other third-party services providers and partners, for purposes that are described in this Privacy Notice.

A list of our current group companies, current service providers and partners is available in Appendix at the end of this notice;

Does SICO transfer my personal data outside Bahrain?

Your personal information may be transferred to, and processed outside Bahrain. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). SICO will only disclose your personal information to group companies and third parties that have agreed in writing to provide privacy protection in line with this privacy notice.

We may need to transfer this data outside Bahrain for providing uninterrupted services to you (e.g., core banking through our group companies and affiliates overseas).  We minimise the personal information that is transferred outside Bahrain. 

Our group companies and third-party service providers and partners operate in the countries listed in Appendix at the end of this notice. This means that when we collect your personal information, we may process it in any of these countries.

How does SICO keep my personal information secure?

As the Data Manager we have a responsibility to apply technical and organizational measures capable of protecting the data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access, or any other form of processing.

We have instituted adequate measures for providing an appropriate level of security aligned to the nature of the data being processed, and the risks that may arise from this processing. Our various security measures include encryption, firewalls and access controls. Data is shared within SICO (including employees, vendors, agents, etc.) on a need to know basis and under strict confidentiality arrangements.

Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats.  We have implemented suitable measures to identify, monitor and report any breaches to personal data in line with the requirements of the law.

How long my personal data is retained?

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, regulatory, tax or accounting requirements).

Retention periods are set in accordance with local regulatory and professional retention requirements to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archival purposes.

When we have no ongoing legitimate business need to process your personal information, we will either dispose, delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely encrypt and store your personal information and isolate it from any further processing until deletion is possible. The only exception to “Not processing” backup archives may be where it becomes necessary to retrieve that archived information.

What are my data protection rights?

Under the provisions of the law, you are provided with the following rights in relation to the processing of your personal data. To exercise your rights under the law, you may be required to authenticate yourself with adequate proof of identity.

§ Right to enquire: You have the right to request and obtain information on the personal data that we hold and the purpose for which it is maintained by us.

§ Right to object: You have the right to object to being contacted by us for direct marketing purposes.  On receipt of such objection, we will ensure that you are removed from the relevant our marketing databases, as applicable.

To opt-out from receiving direct marketing communications, please contact us through any of the channels mentioned in “How to contact us” section.

You can also have the right to object a decision, which involves you and is taken based only on automated processing of your personal data.

§ Right to Demand Rectification, Blocking or Erasure: You may submit an application to request to rectify, block or erase your personal data, as the case may be, if the processing thereof is done in contravention of the provisions of the law, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.

§ Right to withdraw consent: At any time, subsequent to providing consent, you have the right to withdraw the consent provided.  Withdrawal of consent will be applicable to future use of the personal data and will not in any way impact legitimate use of the personal information prior to the withdrawal of the consent.

Withdrawal of consent to process certain mandatory personal data related to services provided by SICO, may result in our inability to continue the provision of those services or discontinuation of existing services that was contracted earlier, where such information needs to be shared and having direct implication on the consent withdrawal.

§ Right to complain: You may submit a complaint to the Authority, if you have reason to believe that any violation of the provisions of this privacy law has occurred or that we are processing personal data in contravention of its provisions.

What are my responsibilities?

We are required by law to confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights) prior to processing any requests from you, to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

It is important that the Personal Data we hold about you is accurate and up-to-date. It is your obligation to keep us informed if your Personal Data changes during your relationship with us. Please contact Customers Relations unit to update your personal data whenever required.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the footer of this Privacy Notice.

How to contact us

If you have any questions or concerns about our use of your personal information or you want to use your data protection rights, please contact us through any of the following channels.

         By sending your request to Data protection officer at: dpo@sicobank.com

         By submitting your request in-person at our office: BMB Building, Diplomatic Area, Manama, Kingdom of Bahrain

          By posting your request to: PO Box: 1331 Manama, Kingdom of Bahrain

Appendix

List of the categories of vendors and third parties who may be passed personal data by SICO.

Disclosure outside Bahrain:

Vendor/Third Party

Location

SICO subsidiaries

UAE or other location, where a new subsidiary will be formed in future

Equity Brokers (Asset Management)

MENA

Regulators

Multiple countries

Legal advisors

Multiple countries

Auditors

External counterparties (Stock exchange or brokerage firms)

Saudi Arabia, Qatar, Muscat and Kuwait

SICO Subsidiary and DFM

UAE

Correspondent banks

GCC, Europe & USA

Clearing services provider

UK

Cloud IT infrastructure provider

AWS


Disclosure within Bahrain:

Vendor/Third Party

Central bank - CBB

Trustee, custodians, share registrars

Listing agents

Receiving banks and investors

Bahrain clear

Bahrain bourse

Advisors – Custodian, Due diligence, Allotment, Tax, Legal

Auditors