Data Privacy and Security Policy

Our commitment

Qatar Islamic Bank (“the Bank”, “QIB”) acknowledges that one of its fundamental responsibilities is to ensure that the Bank protects personal information entrusted to the Bank by its customers. QIB is committed to protecting your rights and keeping your personal data safe based on applicable data -privacy laws and data protection regulations.

This Privacy Policy provides transparent measures to handle personal information of its customers. In this Policy we describe the nature of the information that QIB collects through its website, applications, services, and information requests and how this personal information will be collected, processed, used, stored and deleted.

Purpose and scope

The scope of the Data Privacy and Security Policy includes the information stored, communicated, and processed within QIB on all media, applications and system platforms through any communication channel. The objective of this Policy is to provide QIB an approach to managing information risks and directives for the protection of information assets to all units. Access to all Bank policies and ethical guidelines are provided to all QIB employees. In addition, they are provided with ongoing training to reinforce their understanding and implementation of data privacy and security measures.

This Policy applies across all QIB operations, to all employees, contractors, partners working in QIB and/or having access to QIB application and data for business purpose.

What information we collect about you

The Bank collects and uses information about you to provide you with high quality financial products and services. The kind of information QIB collects from customers are the following:

  • Personal identification information given to the Bank during registration, such as full name, passport or personal identification card number and its validity date, nationality, place and date of birth, profession and workplace, gender, marital status, residential and postal addresses, email address, mobile phone number and details of your passport and residence documentation.
  • Information regarding your financial situation such as data regarding your creditworthiness, credit scoring/ratings, tax status and asset and debt information.
  • Information the Bank receives from third parties, (e.g. government, regulatory, or credit agencies).
  • History of customer contact with QIB such as through emails, call center, customer care center.
  • Usage information such as time and duration of usage, data usage, incoming or outgoing phone calls.
  • Information the QIB gets from customer use of services or websites (such as IP address, hardware model and settings, operating system, browser type, and network details, web beacons/pixel tags, cookies, and details of when, where and how the service was used.)
  • From time to time, we may ask you to update the information you have provided to us and to provide other categories of information, including when we introduce new services. For example, some services may require you to adopt other means of authentication, such as fingerprint, voice or biometric identification.

When we ask for your consent

  • We will always obtain your consent before we collect and use your personal information for the first time, unless we or a third party needs the information in order to achieve a legitimate purpose as permitted by the applicable law.
  • We will always ask for your consent before we use your information for marketing purposes.
  • We will ask for your consent, if you request our Bank for corrections to your personal data residing in our system. Your request must be accompanied with proof of accuracy.

How we use your information

Data must only be collected when there is a legitimate business purpose that is aligned with the strategic intent of the Bank. Owner approval has to be obtained when data is requested and collected.

The collected information is used for:

  • to provide and improve our services and to notify you about changes to them;
  • for the purposes of anti-money laundering, terrorist financing and fraud monitoring.

When you access our websites and electronic banking services, we use the information we collect about you to:

  • administer our websites and services, including for troubleshooting and testing purposes;
  • improve the manner in which the services and content are presented to you;
  • enable you to participate in interactive features of our services; and
  • help keep our websites safe and secure.

To achieve these purposes, we may need to organize, alter and adapt your information.

We will not retain your information for longer than necessary to achieve these purposes, unless we are under a duty to retain your information in order to comply with applicable laws and regulations.

When we ask for your consent

We will always obtain your consent before we collect and use your personal information for the first time, unless we or a third party needs the information in order to achieve a legitimate purpose as permitted by law.  We will always ask for your consent before we use your information for marketing purposes.

Where your information is located

Unless prohibited by law, we may store your information on servers and other records within Qatar maintained by QIB.

How we protect your information

We have a legal obligation to take appropriate measures to protect your information against accidental and unlawful loss, destruction, alteration, disclosure, access or use. To the extent required by law, we will inform you if your information is affected by a breach of our security measures.

QIB safeguards the privacy of personal information through adequate security measures as appropriate to the sensitivity of the information. The collected personal information will be used for authorized purposes and will not be processed for other purposes.

As part of the Bank’s efforts to maintain data privacy and security, we use significant technical and administrative security measures to protect any information from loss, misuse, and unauthorized access, and disclosure, the following measures are to be followed:

 

  • Deploying security controls such as identity authentication, regular network risk assessment and updates, stringent monitoring and detection systems;
  • Adopting ISO 27001 certification for information security management and PCI-DSS;
  • Reporting on data breaches in its annual reporting;
  • Conducting regular security assessments to measures its performance in all areas of cybersecurity;
  • Periodically carrying out internal and external audits on its data processing systems;
  • Implementing new solutions in cybersecurity and exploring new technologies related to Cloud , AI, Machine Learning and FinTech;
  • Providing regular training and awareness initiatives for all employees to guarantee a culture of compliance to internal privacy and security regulation;
  • Cybersecurity executive or Information Security Department, who will focus on security issues, and who must possess the knowledge and expertise in preventing data breaches and handling them when they occur;
  • Conducting reviews to this Policy and subordinate procedures and standards at least annually or when major changes occur to the Bank’s or its environment occur to assure their continuing suitability, adequacy and effectiveness;
  • Ensuring that processed data is only shared with authorized users and systems to prevent data misuse. Shared data (both internally and externally) shall not have any linkage to personal identity to the Bank’s customers.

Your rights

You are responsible for ensuring the information you provide us is accurate and up to date. Any changes have to be informed from your side. We require our employees and any third parties performing out any work on our behalf to comply with stringent compliance standards including agreeing to contractual obligations to protect any data.

You can ask us to:

  • Request access to your personal data. You have a right to access the personal data we are keeping about you.
  • Update or correct any inaccurate information.
  • Not to use certain automated decision processes.
  • Delete information as per the applicable privacy laws and protection requirements

Compliance and reporting

Violations or any attempted violations of this Policy shall result in in an internal investigation and may lead to disciplinary action being taken. Further or repetitive non-compliance can be ground for more stringent actions, such as fines, legal prosecution and/or termination, depending on severity.

If an employee recognizes any potential violations of this Policy, they must directly report to their line manager. Employees should use QIB’s confidential whistleblowing portal to report any alleged misconduct in case reporting to their immediate manager is not feasible.

Approvals and review

This Policy has been reviewed and approved by senior management of QIB. This Policy will be periodically reviewed, taking into consideration any organizational, business, or legal changes that may occur.