Privacy Notice

Privacy Notice

Last Updated Date: 26th September 2022


This Privacy Notice explains who we are, how we as part of our business as Ahli United Bank, K.S.C.P collect, share and use personal data about you, and how you can exercise your privacy rights. The details on what personal data will be processed and which method will be used depend significantly on the services applied for or agreed upon.

About Us

Ahli United Bank K.S.C.P. (AUB) is part of the Ahli United Bank Group (AUB Group) with its headquarters in the Kingdom of Bahrain and operations in Bahrain, Egypt, Iraq, Kuwait, Libya, the United Arab Emirates, the Sultanate of Oman and the United Kingdom. This privacy notice will explain how AUB, an entity operating in the State of Kuwait uses the Personal Data collected from you, when you use our Banking Services at any of our bank branches, offices, ATMs; use our website, mobile applications, social media channels or when you connect with us through other channels to initiate or manage your relationship with AUB.

AUB recognizes its privileged position in receiving information that may contain Personal Data from you to offer financial products, Banking Services, promote offerings and to serve you as a Customer or any other manner associated with AUB. AUB is committed to protecting the privacy of individuals whose Personal Data we collect, store and / or process in a way that is consistent with the principles set out in the applicable data protection laws.

AUB is the Data Controller of the Personal Data information that you submit to us. As a Data Controller, we are responsible for deciding how we use your Personal Data. For business efficiency and to provide seamless services across geographies, we may designate any of our entities or third parties to process your Personal Data for and on behalf of us.


Unless there is something in the subject matter or context inconsistent therewith, each of the words and phrases used herein will have the following meaning (singular includes plural and vice versa):


  • Ahli United Bank K.S.C.P. may be referred to herein as “AUB”, “AUB Kuwait”, “we” “us”, ‘our’ “Bank”, “Company” or “Organization”.
  • Banking Services – The banking services offered by the Bank to the Customer in respect of a bank account, banking products and/or ancillary services that the Bank provides, procures or makes it available for the Customer.
  • Customer – Any customer of the Bank who has elected to use Banking Services by accepting the terms and conditions of the Bank and / or by duly execute account opening forms and/or agreement with the Bank in order to avail Banking Services. A Customer may be a body corporate, a partnership, a sole proprietorship, or any other form of incorporated or unincorporated organization or individual which is authorized to avail any Banking Services, open and / or operate an account with the Bank.
  • Data Processing – any operation or activity carried out on Personal Data electronically or non-electronically, through automated or non-automated means, including but not limited to collecting, recording, organizing classifying into groups, storing, sharing, reviewing, adapting, altering, modifying, transferring, archiving, destroying the Personal Data. E.g. – Submitting personal details using account opening form, authorizing to perform a credit score inquiry, job application process, etc.
  • Data Subject - A natural person whose Personal Data is administered in the Data Processing by AUB, Third Party or Vendors contracted by AUB. “Data Subject” or others disclosing their Personal Data for any reason whatsoever may be referred to herein as ‘you’ or ‘your’.
  • Data Privacy Policy – Policy of the bank related to Data privacy which sets out guidelines on the subject.
  • Employee – Staff and outsourced staff of AUB including external consultants and contractors.
  • Personal Data – Any information relating to a Data Subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject.
  • Sensitive Personal Data – Any data that could potentially identify a specific individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade union, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Hereafter ‘Personal Data’ and Sensitive Personal Data’ are jointly referred as ‘Personal Data’.
  • Third Party – Any external party designated by the Bank in relation to the provision of Banking Services to the Customer which may process the Customer’s Personal Data on behalf of the Bank.
  • Vendor – Data Processors contracted by AUB.


What data is collected?

To serve you, we collect relevant information in different intervals depending on the nature of business, context and purpose. The Personal Data that we may directly or through our Vendors or Third Party service providers collect about you broadly falls into the following categories:

Category of Data

Purpose of Processing

Name and contact details such as physical

address, Mobile/telephone number and

email ids

For the purpose of processing Banking Services and to offer and / or provide those products and services to you and to communicate with you in connection with such Banking Services.

Personal Data you may provide in


For the purpose of corresponding with you in connection with an enquiry, providing service or complaint.


For the purpose of verifying we are legally permitted to provide you with Banking Services.

Data such as copies of

passports, driving licenses, or

other government-issued IDs,

passport numbers, signatures, tax

identification number, National Identification Number/Civil Id

For the purpose of identifying and to prevent fraud in connection with accounts and to comply with anti-money laundering and fraud management requirements.

Sensitive details like health information, disability status

For the purpose of processing Banking Services and to provide those products and services to you tailored to your preferences

AML check and world checking searches

For the purpose of complying with anti-money laundering, fraud management and other account opening and maintenance requirements.

Bank account, Finances, Credit / Debit card data, Financial transaction data

For the purpose of providing / offering our products and services to you, for internal analysis, risk management, reporting, detection and prevention of fraud.

Data to check creditworthiness such as financial history, income and outgoings, credit history.

For the purpose assessing creditworthiness for credit facilities applied or for which you propose to stand guarantor, for internal analysis, risk management, reporting, detection and prevention of fraud.

Closed-circuit Television (CCTV) footage

If you visit our premises or any of our cash machines, we may record CCTV footage for security purposes.

Net worth assessments

To assess whether you are a high net worth individual as defined in applicable regulations, so that we can, if you wish, obtain from you a declaration to that effect, which will exempt us from having to comply with certain regulatory steps when offering certain products.

Data about claims and proceedings (or potential claims and proceedings) by or against you

To identify, exercise and defend contractual and other legal rights.

Device generated details – IP Addresses, Device Identifiers, other unique identifiers collected using cookies and other technologies from the computers, mobile devices

For provide digital applications customized to your requirements

The above listed information is collected from you when you express interest to avail our services or when you intend to provide services for us. These details are collected and processed throughout your legal association with us and the details are safeguarded in an appropriate manner beyond your association with us. These details may be collected at the time of account opening, finance inquiry; while you perform financial transactions using our services; during employment interviews, employee onboarding, employment, vendor onboarding; when you interact using our website, internet portals, mobile applications or social media channels, etc.
Similar or select few details from the above list is collected from you, of your nominees, family members, emergency contacts to carry out regulatory requirements or to fulfill business interests or to protect your interests. E.g. – Designation of nominee for your bank account, co-applicant for bank account or credit services, emergency contacts or family members information, etc.
We also use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data. We treat the combined data as Personal Data which will be used in accordance with AUB’s Data Privacy Policy.
If we ask you to provide any other Personal Data not described above, then the Personal Data we will ask you to provide, and the reasons why we ask you to provide the Personal Data, will be made clear to you at the point we collect your Personal Data.
However, we may also use your Personal Data for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific, historical research purposes, regulatory purposes or statistical purposes) if and where this is permitted by applicable laws.

How is your Personal Data collected?
Data is primarily collected from three main sources – directly from you, from the devices you use to interact with us and avail services, and data which is generated and enriched with the use of third parties. Representative scenarios are outlined below:

Data collected directly from you
You may give us your identity, contact, financial data and transaction data by filling in forms or by corresponding with us by post, phone and email or otherwise. This includes sharing of Personal Data for the following purposes but not limited to:

  • Data using paper forms – while account opening, depositing/withdrawing money, inquiry and application for financial services, when you sign up to offers, news or a contest or filling up a complain form on our website, etc.
  • Internet portals – when you carry out financial transactions, fill out job application forms, etc.
  • Online application forms – when you register online including setting up passwords and preferred usernames, contact details, account details or apply for any of our products or services.
  • Social Media Channels – when you engage with us on social media platforms such as but not limited to Facebook, Twitter, Instagram, YouTube, LinkedIn.
  • Branch visits and inquiries, emails, contact center, chat service and message boards on social media - When you communicate with us in person or via any of our electronic channels to manage your banking relationship with AUB.
  • Voluntarily complete a customer survey or provide feedback on any of our internet forms, message boards or via email.


Data collected from the devices

  •  Computers and Mobile Devices – IP (Internet Protocol) Addresses, browser type, referring/exit pages, operating system, date/time stamps, Device and session identifiers using cookies and other technologies, etc.

  • Use of Cookies – Identification of the individuals, personalizing online content, maintaining and managing preferences, website or application traffic and performance monitoring using Google Analytics, etc.
  • Use of ATMs and Cash Deposit Machines – location, time of transaction, CCTV footage, etc.

Data generated or enriched with the use of third parties

We may receive aggregated personal data about you from various third parties as set out below:

  • Civil ID Reader Information – name, address, nationality, gender, photograph - using the government provided services for identification and authentication purposes.
  • Credit Score and Credit Report - to provide credit facilities using the services of credit bureaus.
  • IP Address and device information - aggregated data collection and monitoring to protect our assets and monitor performance of our services.
  • Analytics providers such as but not limited to Google, Facebook, LinkedIn;
  • Social media platforms such as but not limited to Facebook, Twitter, Instagram, YouTube and LinkedIn;
  • Advertising networks and search information providers.

How will your Personal Data be used?
Personal Data collected from you will be used to perform a number of activities that support our mission to deliver banking and financial services. Collected data will be used and processed:

  • To enter into or carry out an agreement we have with you. E.g., Service contract with Customers/vendors, employment contract, etc.
  • To meet regulatory/legal requirements. E.g., Know Your Customer (KYC) processes, anti-money laundering checks, credit reference bureau mandates, etc.
  • To carry out a specific task in the public interest. E.g., to detect or prevent a crime.
  • To pursue our legitimate interests. E.g., For upselling, cross-selling of our products and services, new product launches, to remind and recover money on overdue payments, etc.
  • To communicate our products and services with you. Marketing services shall be based on your consent with provisions for you to choose the communications, promotions that you would like to participate in.

    Other reasons we use your information for:

    - Deliver our products and services;
    - carry out your instructions. E.g. to fulfil a payment request, make changes in your profile;
    - carry out checks in relation to your creditworthiness;
    - manage our relationship with you, including (unless you tell us otherwise) telling you about products and services we think may be relevant for you;
    - understand how you use your accounts and services;
    - support our banking operations;
    - ensure security and business continuity;
    - manage risk;
    - provide Online Banking, mobile apps and other online platforms;
    - market our products and services through traditional and online advertising;
    - improve our products and services, by analyzing how you use them;
    - analyze data for better understanding of your choices and preferences so we can provide you with the best advice and offer tailored services;
    - protect our legal rights and comply with our legal obligations;
    - undertake system or product development and planning;
    - for audit and administrative purposes;
    - for availing or for providing insurance services.

We will only use your Personal Data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact details provided.

If AUB wish to use your Personal Data for a new purpose, not covered by this notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior explicit consent to the new processing.

Lawful basis for processing Personal Data
The following section describe the various purposes for which AUB collect and process your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the purposes listed below will be relevant to every individual.

AUB’s legal basis for collecting and processing the Personal Data will depend on the personal data concerned and the specific context in which we collect and process Personal Data.

However, we collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in the legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In certain cases, we may also have a legal obligation to collect Personal Data from you or from third parties. These purposes include, but not limited to:

a. the prevention, detection, investigation and prosecution of crime in any jurisdiction (including, without limitation, money laundering, terrorism, fraud and other financial crime);

b. identity verification, government sanctions screening and due diligence checks;

c. to comply with local or foreign law, regulations, directives, judgments or court orders, government sanctions, reporting requirements under financial transactions legislation, and demands of any authority, regulator, enforcement agency, or exchange body.

We may otherwise need the Personal Data to protect your vital interests or those of another Data Subject.

How will your Personal Data be stored?
While information is the cornerstone of our ability to provide superior service, our most important asset is our customers' trust. Keeping Customer information secure, and using it only as our customers, is a top priority for all of us at AUB.

Further, Ahli United Bank puts the security and confidentiality of your personal information at the top of its priorities as it strives to keep your personal and account information safe and secure. We have put in place procedures to deal with any suspected personal data breach. We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Specific measures we use include the following but not limited to:

  • Data Privacy policies and procedures
  • Physical access control systems
  • Physical security presence (Security guards in the premises)
  • Logical access controls (such as passwords and encryption)
  • Perimeter security systems (such as firewalls, intrusion prevention systems, intrusion detection systems)
  • Regular data privacy training for all staff (but not limited to employees - full time or part time)
  • Vulnerability management

In the event that we are required by law to inform you of any unauthorized access to your Personal Data we may notify you electronically, in writing, or if permitted by law, by telephone. We will also notify any applicable regulator of a data breach where we are legally required to do so.

Your Personal Data collected in physical format (forms. Hard copies) is securely stored at storage facilities identified and managed by us.

How long will your Personal Data be stored?
We retain Personal Data we process where we have legitimate interest, performance of the contract, vital interest of data subject or of another natural person, performance of a task carried out in the public interest or in the exercise of official authority vested or for the purposes of satisfying any legal, accounting, or other regulatory reporting requirements or with your consent.

When any of the above requirement cease to exist, we will either delete or anonymize or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and prevent it from any further processing until deletion is possible.

We will store and retain your Personal Data for the duration of your contract with us and as required by the applicable laws and regulations. Once this duration has expired, we retain the Personal Data to meet our legitimate interests.

With whom will your Personal Data be shared and transferred?

Any personal information that we seek from you would only be aimed at providing superior service and would always be kept confidential. Keeping customer information secure and using it only as our customers would want us to, is a top priority for all of us at AUB. We may however be required to disclose your personal information to Government , Judicial bodies and/ or our regulators to whom the Bank is under an obligation to make disclosures under the requirements of any applicable law binding on the Bank or any of its branches, when the situation so demands.

Here then, is our promise to each of our individual Customers:

  • Access to Customer Personal Date is permitted on to those Employees who have a valid business reason for knowing such information. We will not reveal Customer Personal Data or information to any external organization or unauthorized parties unless we have previously informed the Customer in disclosures or agreements, and have been expressly authorized by the Customer, or are required by applicable law.
  • We will always maintain control over the confidentiality of our Customer Personal Data. Customer Personal Data shall not be shared with any external organization unless the same is necessary to enable AUB to provide you services or to support compiling your transactions and credit reports. Also, this may be required as per banking norms and terms and conditions applicable to such information as agreed to with Bank. These external organizations other than duly appointed Third Party are not permitted to access, use or retain any Customer Personal Data unless the Customer has explicitly expressed interest in their products or services.
  • Whenever we hire Third Party organizations to provide support services, we will procure their conformity to our privacy standards, Data Processing Agreement (DPA) and Non-Disclosure Agreement (NDA). Constant and regular audits will be conducted to ensure their compliance.

We may disclose your Personal Data to the following categories of recipients:
  a. to our Vendors/Third Parties who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Privacy Notice. If you wish to know more about our Vendors/Third Parties, please feel free to contact us.

  b. to any law enforcement body, regulatory, government agency, court, our affiliates/branches or other third party where we believe disclosure is necessary
   (1) as a matter of applicable laws or regulations;

   (2) to exercise, establish or defend our legal rights or obligations;

   (3) to protect your vital interests or those of any other person;

   (4) as per legitimate interest;

   (5) processing is required for performance of task carried out in public interest

   (6) processing is required for performance of contract.

  c. to any other person with your consent.


In all these cases, appropriate contractual measures are implemented before sharing or transferring the Personal Data; complying with the applicable laws and regulations. The purpose of sharing your Personal Data is to deliver seamless banking experience across geographies, ensuring business and operational efficiency; and to ensure the availability of Personal Data as part of our business continuity strategies.

We require all Vendors/Third Parties to respect the security of your Personal Data and to treat it in accordance with the AUB Data Privacy policy and applicable laws. We do not allow Vendors/Third Parties to use your Personal Data for their own purposes and only permit them to process your Personal Data for the specified purposes and in accordance with our instructions/ guidelines mentioned in the contracts.

Your Personal Data may be transferred to, and processed in, countries other than the country in which you reside, or your Personal Data was collected. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Notice. These include implementing the standard contractual clauses for transfers of Personal Data to our Vendors/Third Parties and joint controllers processing Personal Data, which require all the Vendors/Third Parties and joint Controllers to protect Personal Data they process in accordance with European Union General Data Protection Regulation (EU GDPR) and DIFC Data Protection Law (Law No. 5 of 2020), as applicable.

We will conduct our business in accordance to our Data Privacy Policy in as many jurisdictions in which we conduct our business and operate.

For our private and corporate banking customers, AUB K.S.C.P (P.O. Box: 71, Safat, 12168, Safat, Kuwait) has executed specific joint controller agreement with AUB B.S.C (Currency Tower 2, Dubai International Financial Centre, Dubai, 507055, United Arab Emirates) pursuant to Article 23 of DIFC Data Protection Law (Law No. 5 of 2020), the key content of which is available on demand at the premises of AUB K.S.C.P or AUB B.S.C. The Data Subject’s rights under applicable law may be exercised in respect of and against each of the Joint Controllers.

How we secure and maintain confidentiality of your Personal Data?
We use various measures to keep your Personal Data safe and secure which may include encryption and other forms of security. We require our staff and Third Parties who carry out any work on our behalf to comply with appropriate compliance standards, including obligations to protect Personal Data and to apply appropriate data protection measures for the use and transfer of information.

How will your Personal Data be used for marketing?
We may send you information about products and services of ours that we think you might benefit from or be interested in. If you have agreed to receive marketing communications at this stage, you may opt out of such communications. You have the right to stop receiving marketing communications at any point of time.

If you no longer wish to be contacted for marketing purposes, you may unsubscribe or opt-out from such campaigns by writing to us at or by navigating to our email communications preferences center.

What are your Personal Data protection rights?
We would like to make sure you are fully aware of rights over your Personal Data. Every individual whose Personal Data we process is entitled to the following rights in addition to the right to be informed which is what this notice aims to do.

  • The right to access - You have the right to request us for copies of your Personal Data which is in our records.
  • The right to rectification - You have the right to request correction of any Personal Data or information which you believe is inaccurate. You also have the right to request us to complete information which you believe is incomplete.
  • The right to erasure — You have the right to request erasure of your Personal Data which is in our records, subject to certain conditions, to continue providing you with services considering legal, commercial and regulatory requirements of undertaking such services.
  • The right to restrict processing - You have the right to request restriction of processing your Personal Data - subject to certain conditions of providing uninterrupted banking services; legal, commercial and regulatory requirements.
  • The right to object to processing - You have the right to object to processing of your Personal Data, specifically if it is based on automated processing or to opt-out of processing for direct marketing purposes - subject to certain conditions pertaining to our ability to continue providing you with services in light of legal, commercial and regulatory requirements.
  • The right to data portability - You have the right to request transfer of your Personal Data to another organization, or directly to you - subject to certain conditions and feasibility of portability of data.
  • Right to opt-out or withdraw consent- In the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us on the email address provided below or by visiting any of our bank branches. Once we have received your consent withdrawal request, we will no longer process your Personal Data for the purpose or purposes you had originally agreed to, unless we have another legal basis for doing so.
  • You have the option to subscribe or opt-in to receive newsletters, new alerts and marketing content. If you have subscribed to any of these services, you can opt-out or unsubscribe to such communications by writing to: or by submitting your request at any of the bank branches.

Data accuracy and authenticity – Your responsibilities
As the owner of your data, it is your duty to ensure that the Personal Data and information provided by you to us is accurate, up-to-date and authentic.
You may exercise this duty and communicate your requirements with us directly at our email

Privacy notices of other websites
Website of AUB contains links to portals of other entities and other third-party websites. This privacy notice applies only to the website, applications, portals and channels of AUB K.S.C.P, so if you click on a link to another portal or website, you should read other portal or website’s privacy notice.


How to contact us?
If you have any questions about this privacy notice, the data we hold on you, or you would like to exercise one of your data protection rights, you may reach out to us.
Email us at:
Address: Ahli United Bank K.S.C.P,
Joint Banking Complex
Mubarak Al Kabeer Street
P.O. Box 71,
Safat, 12168
State of Kuwait

Back to Top