BLME
Boubyan Bank
Nomo

BLME
Boubyan Bank

Privacy Notice

Last published 21 Sept 2021

1. Who we are

We are Bank of London & The Middle East PLC (“__we__”, “__our__”, “__us__”, “BLME”) and we own and operate NOMO.

We’re registered in the UK and our registered address is at Cannon Place, 78 Cannon Street, London, United Kingdom, EC4N 6HL. Our company registration number is 05897786. We are also registered with the UK data protection authority (the Information Commissioner’s Office or “__ICO__”) under number Z9829862. BLME is a member of the Boubyan Bank Group.

This notice applies when you download and use our App or Website and it sets out who we are, and how and why we use your personal data. We would recommend that you read through this notice carefully so that you fully understand our data protection practices. This notice, our Cookie Notice, Website and App Terms and Conditions of Use, the Current Account Terms and Conditions and Fixed Term Deposit Account Terms and Conditions, outline how we provide services to you through our App and Website.

If you have any questions about this notice or our use of your data, please contact us using the details set out below.

2. What personal data do we use?

We may collect, use, store and transfer different kinds of personal data about you. This information:

  • May be provided by you to register on our Early Access List or when using our App to open your account – for example, when you register for the Early Access List you will need to provide us with your email address and can choose to provide your phone number. When onboarding via the App we will ask you for basic information such as your name, address, date of birth, contact details and country of residence. We will ask you to provide details such as your personal wealth, tax status, assets, income, expenditure, source of wealth, your intended use of the account and other financial information. We will also collect your identity documents and visual images and a short video of yourself or audio file. You will also need to confirm whether you are a current customer of the Boubyan Bank Group.

  • May be provided by you when you contact us – the personal data we may collect here include your email address and any information you provide in the email (if you contact us by email) or your phone number and any information you provide on the call (if you call us).

  • __May be collected or created when you use our App or Website__– this includes any unique identifiers (such as your IP address), type of device, location data, language and login details, and any information you provide when engaging with the App or Website. Also, information we learn about you through our relationship with you and the way you operate your account.

  • May be collected or created when you use our App and the services offered on it – this includes details about any payments to and from your account, your saving activities and any financial products that you apply for using our App. It also includes your login details and any information you provide when engaging with the App.

  • May be obtained from the technology you use to access our App or Website – this includes login details, details of your phone network, your IP address, location data, device identification numbers and any other unique identifiers.

  • May be collected using cookies – cookies are pieces of information stored directly on your device. Most browsers allow individuals to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. Please refer to www.aboutcookies.org or www.allaboutcookies.org for more information. Declining cookies may cause certain parts of the Website to cease working. Information about the cookies we use and their purposes can be found in our Cookie Notice.

  • May be collected from other parties – for example, we obtain data from credit reference agencies, companies providing fraud prevention and ‘KYC’ (know your client) and AML (anti-money laundering) checks (we will also need to share data with these types of agencies). For more information about data we collect from and share with credit reference agencies, see ‘Other parties who we share your data with’ below.

  • May be collected from public sources – for example, we may review information available on public and government registers or information you have made public on social media, such as Facebook, Twitter or LinkedIn.

We may also collect, use and share aggregated data (for example, statistical or demographic data) for any purpose. Aggregated data could be based on a subset of your personal data but is not considered personal data in law because it will not directly or indirectly reveal your identity (because it’s combined with the data of other people – none of whom are identifiable). For example, we may aggregate your usage data to calculate how many people are using a particular part of our App or Website.

However, if we combine or connect aggregated data with your personal data so that it directly or indirectly identifies you, we treat the combined data as personal data which will be used in accordance with this notice.

3. Why do we use your data?

We only process your personal data when the law allows us to do so. Data protection laws require that we have a “lawful basis” for processing your personal data. The lawful bases include processing for a contract, to comply with law, legitimate interest, vital interest, substantial public interest, or consent. We have explained below what lawful bases we rely on to use your personal data.

  • Contractual requirement – we use your personal data to fulfil a contract that we have with you or in order to enter into a contract with you (for example, to provide online banking services to you). This includes using details about you to: (i) consider whether we can provide services to you; (ii) provide the services that we say we will provide in our terms; (iii) exercise our rights under a contract with you; (iv) resolve complaints and other disputes; and (v) contact you.

  • Compliance with law – we use your personal data to meet our obligations which we are required to do under law. For example, as a bank, we are required to make sure that we run appropriate KYC and AML checks on all our customers. We collect personal data under this heading to: (i) verify your identity when you register for our services (including by cross checking the details you have provided with immigration, credit check and fraud prevention agencies); (ii) prevent illegal activities like fraud and money laundering; (iii) check your credit history and other details about your financial circumstances so that we can make responsible lending decisions; and (iv) comply with our legal obligations (for example, banking laws). These can include legal record keeping obligations. We may be required to share information with other third parties where we are compelled to do so or we consider this necessary – further details can be found in the “Other parties who we share your data with” section below.

  • Legitimate interests – we may need to use your data for our legitimate interests or those of a third party. These include:

    • Analytics – tracking, analysing and improving the services we provide and the performance of the App and Website, which helps us make our products better and understand how they are used by our customers.
    • Protection – protecting our rights and property as well as those of our staff, customers and the public more generally, and managing our business. We may also need to share information with other bodies (for example, fraud prevention agencies) and take other steps to ensure that we maintain our reputation as a responsible provider of banking services. We may also need to process information to help fight financial crime.
    • Receiving services – we may need to provide information to other third parties in order to receive products and services, which, in turn, allows us to provide the App, Website and services to you (further details on the types of parties we share data with can be found in the “Other parties who we share your data with” section below.
    • Marketing – we may contact you from time to time to tell you about products and services that we think you might be interested in (which may be based on how you use our products and services and other things we know about you). If you do not wish to receive these communications, you can opt out of these at any time by contacting us using the “Contact Us” section of the App or Website.
    • Promotions - We may run promotions, competitions, campaigns and similar activities from time to time to promote our App, Website and other services.
  • Consent – We may sometimes need to ask for your consent to use your data. We will always make clear what data we wish to use and how we wish to use it. In these cases, you don’t have to share information about yourself if you don’t want to. If you choose to give consent, you can withdraw it at any time by contacting us using the “Contact Us” section of the App or Website. However, if you don’t consent (or later withdraw your consent), you may not be able to use some (or any) of our services.

    • Marketing – we may wish to contact you about products and services that we think you might be interested in (which may be based on how you use our products and services and other things we know about you). We will only send you these communications if you agree to receive them. If you no longer wish to receive these communications, you can opt out of these at any time by contacting us using the “Contact Us” section of the App or Website.
    • Promotions – we may run promotions, competitions, campaigns and similar activities from time to time to promote our App, Website and other services.
  • Vital interest – We may share information about you with other parties (e.g. law enforcement) if it is necessary to protect your or another person’s life.

  • Substantial public interest and vital interests – We may need to process ‘special category’ personal data in some cases. Special category personal data is data that can reveal your or another person’s racial or ethnic origin, religious or philosophical beliefs, trade union membership, political opinions, genetic or biometric data, health information, or sex life or sexual orientation. We process this type of data where it is necessary to prevent or detect crime or unlawful acts, or where it is necessary to protect your financial wellbeing (and obtaining your consent would be unreasonable or otherwise impact our ability to help you).

  • Exercising legal rights – We may also need to process special category personal data to establish, defend or conduct legal claim (this includes obtaining legal advice).

Further information on the lawful bases for processing personal data can be found on the ICO website.

4. Who we may share your personal data with?

Your personal data may be shared and processed by other companies within our group, for example, where they provide services to us, for marketing purposes and for internal reporting. When you open an account with us and you already have an account within the Boubyan Bank group, we may request your KYC documentation from that group company to assist in the account opening process or ongoing maintenance of your account.

We may share your personal data with the following parties:

  • Our service providers – for example, we use: (i) ComplyAdvantage and Refinitiv to help us with the KYC and AML checks described above; and (ii) Onfido to help us verify the identity of users and Prefinery to help manage our marketing campaigns. We also use third parties to: (i) make our bank cards and provide card processing services; (ii) monitor transactions; (iii) provide network services; and (iv) help us run the App and Website (including by providing cloud computing and storage services).
  • Verification, fraud prevention and responsible lending – we use credit reference agencies and similar service providers to assess whether we can provide services to you, to fulfil our obligations as a responsible provider of banking services and to comply with laws and prevent fraud. We share certain information about our customers and potential customers with credit rating agencies to: (i) help them maintain accurate registers of individuals’ financial status; (ii) help with the tracing of debts; (iii) understand whether you are eligible for our products and services; and (iv) manage your account with us. The information we may share with credit reference agencies include: (i) your identification information including your name, address and date of birth; (ii) details of the accounts and related transactions; (iii) any product or service applications you’ve made (including any loans or repayments); and (iv) details of the balances of any cards you have with us. You can find further information on the main credit reference agencies in the UK and Kuwait here:
  • Law enforcement and other similar parties – as a bank, we’re under legal obligations to identify and report financial crime (which includes money laundering and tax evasion). We may share your details with official authorities, regulators or other government or law enforcement bodies including the police or courts in any jurisdiction where the law requires us to or if we otherwise think necessary. We may also share information with other banks for similar reasons. We may also have to share your information with other third parties where we are required to do so under law. These other third parties could be in any jurisdiction.
  • Others – we may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.

5. Automated decisions and profiling

When we refer to automated decisions, we mean any decisions relating to you which don’t involve any people (for example, by only using computers).

We use automated decision making to verify your identity and the information you provide in your application, prevent fraud and money laundering, and check whether you are eligible for our products.

We do this by taking information contained in your application or that we have received from third parties (for example, publicly available registers like the Public Authority of Civil information (PACI)) or credit reference agencies and passing this onto third parties who perform fraud prevention, ‘KYC’ (know your client) and ‘AML’ (anti-money laundering) services. These third parties provide us with relevant information about your identity and may include your financial history, credit information, and fraud prevention information.

If these third parties believe you are a fraud or money laundering risk, or if we otherwise believe you have adverse credit, we may reject your application for an account, decide not to offer you a product or change your existing products or services.

Some service providers above may also keep records of your credit history, fraud or money laundering risk on file, which may result in other parties refusing to provide services or financing to you.

We may build profiles about you so that we can better understand your circumstances, behaviours and preferences in relation to marketing and improve the relevance of products and services offered to you. We do this by collecting information you provide to us or our affiliates (or information that we otherwise obtain) and, in some cases, combining this with other information we know about you.

You may have a right to request human intervention and to challenge the decisions made by us on the basis of automated decision making. You can do this by contacting us using the “Contact Us” section below.

6. How long we keep your personal data

How long we hold your personal data for will depend on the circumstances. The retention period we apply will be based on many factors including:

  • The purpose for which we are using the data – we will need to keep the data for as long as is necessary for that purpose; and
  • Legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

7. Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

  • The right to obtain information about the processing of your personal data and access to the personal data which we hold about you.
  • When we are relying on your consent to process your personal data, you have the right to withdraw your consent to our processing of your personal data at any time. Please note that we may still be entitled to process your personal data if we have another basis (other than consent) for doing so.
  • In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.
  • The right to request that we correct your personal data if it is inaccurate or incomplete.
  • The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are required to keep it (for example, under law).
  • The right to object to, and the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled or required to continue processing your personal data and/or to refuse that request.
  • The right to complain to the ICO (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contact us” section below.

You can find out more information about your rights by contacting the ICO, or by searching their website.

8. Where we store or send your data

We may transfer and store the data we collect about you to organisations outside the United Kingdom or outside the European Economic Area (“__EEA__”).

When we do this, we make sure that your data is protected and that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, in the context of personal data transferred outside the United Kingdom or the EEA, the country to which the personal data is transferred may be approved by the ICO or the European Commission, or the recipient may have agreed to model contractual clauses approved by the European Commission or the ICO that oblige them to protect the personal data.

If you’d like a copy of the relevant data protection clauses, please get in touch using the “Contact us” section below.

9. Contact us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, or would like to speak to our Data Protection Officer, please address questions, complaints, comments and requests by email to dpo@blme.com or by post to Data Protection Officer, Bank of London and the Middle East plc, Cannon Place, 78 Cannon Street, London, EC4N 6HL.

If you have a complaint and you are not happy with our response, you can refer your complaint to the ICO. For more details, you can visit their website at ico.org.uk.

10. Changes to this notice

We will post any changes we make to this notice on this page. We will also email you to let you know if we make significant changes to this notice.

Other policies

To visit our policies related to our products, visit this page.