Privacy
- Current Version Number: v1.0
- Release Date: 11/03/2021
1. FAQ’s
- Why are we able to process your information?
- To provide you with educational services or as per law of land, applicable business regulation of Bahrain.
- What purpose are we processing your information for?
- Communication, employment, contractual obligation and regulatory requirements.
- Do you have to provide your information to us?
- All the information which you provide is based on consent and free-will. Where we collect information, it is limited to the purposes described above.
- Are there other recipients of your personal information?
- Yes, we do share your information (only if required) with other educational institutions, your employer, government agencies and anyone who is authorised as per the law of Bahrain.
- Who are your third parties:
- Any person other than:
- Data subject;
- DPO;
- Data processor;
- Data protection guardian; and
- Any person, under the direct authority of the DPO or data processor, authorized to process data for the benefit of the DPO or data processor.
- Do we intend to transfer your information to another country?
- Since our educational programmes are affiliated to universities, which operate from multiple countries and we also use cloud-based platforms for ease of delivery, we do transfer data including personal data outside of Bahrain. However as per the PDPL such countries either have similar or more comprehensive data protection laws.
- How long do we store your data for?
- We store data as per contract + 3 years, or as per the law. For example, we store CCTV recordings only for 90 days.
2. Controller’s Contact Details
Bahrain institute of Banking Finance (BIBF) is the controller for the personal information we process.
There are many ways you can contact us: phone, e-mail, and post.
BIBF office:
Building 1456, Road 4034,
Manama, 340
Kingdom of Bahrain
PO Box 20525
Contact Helpline:
Email:
3. BIBF Privacy Statement (External Notice) Objective
Your privacy is important to us and BIBF respects your rights to data privacy. This privacy statement explains how BIBF process your personal data and for what purpose and how you can exercise your data privacy rights.
BIBF offers a wide range of training and educational programs in the areas of Accounting and Finance, Academic Studies, Executive Development, Banking, Leadership and Management, Insurance, Islamic Finance, and Information Technology resulting in a complete business solution.
BIBF covers a wide spectrum of subject matter, with over 400 different courses offered to the financial and corporate market; tailor-made training solutions based on organizational requirements; specialized program taught by leading market specialists; and professional qualifications and degree program in partnership with major international organizations.
During such interactions we do collect various data elements including, but not limited to, personal data.
4. Our Relationship
We (BIBF) may interact with you as a data controller to provide our services to you (data subject) including, but not limited to:
- Offering a career-linked, comprehensive range of professional development programmes that have a life-long professional impact.
- Leveraging best-in-class global alliances and strategic partnerships.
- Ensuring a stimulating learning environment through high calibre faculty, practitioners & staff, innovative delivery, and cutting-edge infrastructure.
- Contributing unique industry knowledge and skills through our centres of excellence with the aim of earning the respect of our peers and inspiring the trust of our stakeholders.
- Maximise our contribution in strengthening our nation’s position as a regional financial hub.
5. Personal Data We Collect
BIBF collects data directly through the interactions with you via online forms, E-platforms or when you visit BIBF. Data we collect depends on the context of interaction with you and the choices you make according to your privacy settings. BIBF did not collect your data from third parties unless such information (data) is shared by your employee or parents for enrolling to our program(s). We require your personal data to communicate our service offering and brochures.
Data we collect can include the following:
- Personal Data: Your first and last name, email address, postal address, phone number, CPR number/passport number for the security purpose and other similar contact data.
- Sensitive Personal Data: We collect sensitive personal data such as medical reports from a health provider if required and a passport copy.
- Demographic Data: Data such as gender and nationality.
- Financial Data: We collect financial data such as Card Numbers and Bank account Numbers.
- Transaction Data: Details about payments to and from you and other details of products and services you have obtained from us.
6. How We Use Personal Data
BIBF will only use your personal data under the obligation of PDPL “Bahrain Personal Data Protection Law”, or similar applicable privacy laws when dealing with a foreign institution. We use personal data to provide you with information, material, and services you have requested, such as course materials or brochures or prospectus. Details you provide at BIBF will not be used for marketing purposes unless you have been notified for further processing and provided consent for the new purpose. If you do not want the processing of personal data in the regards, then you can opt-out of the new purpose.
Please refer to the table below:
Purpose/Activity | Type of data | Lawful basis for processing |
To manage our relationship with you which will include: | A) IDENTITY | a) Performance of a contract with you |
|
B) CONTACT | b) Necessary to comply with a legal obligation |
|
C) PROFILE | c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
|
d) Your consent | |
To administer and protect our business applications and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | A) IDENTITY | a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or a group restructuring exercise) |
B) CONTACT | b) Necessary to comply with a legal obligation | |
C) TECHNICAL | ||
To use data analytics gathered from our website to improve our website, products/services, marketing, customer relationships and experiences | A) TECHNICAL | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant) |
B) USAGE | ||
C) AGGREGATED DATA | ||
To make suggestions and recommendations to you about existing or upcoming programs or services that may be of interest to you | A) IDENTITY | Necessary for our legitimate interests (to develop our products/services) |
B) CONTACT | ||
C) TECHNICAL | ||
D) USAGE | ||
E) PROFILE | ||
F) AGGREGATED DATA | ||
To power our security measures and services in order to protect your personal data, services integrity and our business | A) IDENTITY | Necessary for our legitimate interest so you can safely access our website and we can seamlessly deliver our services. |
B) TECHNICAL | ||
C) USAGE |
7. Reasons We May Share Personal Data
We share your personal data with your consent or to provide any product you have requested or authorized. We share your personal data with third parties when you tell us to do so or such information is need for other linked services. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. These companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
We also share personal data with the educational institutions in different countries and for the legal basis as per the law of land of Bahrain such as Ministry of Interior, Ministry of transportation and telecommunication.
8. How to Control and Access Your Personal Data
You can control your personal data that BIBF has obtained and always have choices about the collection and use of data. You can access your data protection rights by contacting BIBF. You have various data subject rights which are listed below:
- You have a right to ask for a copy of the information we hold on you at any time.
- Choose whether you wish to receive promotional emails, SMS messages, telephone calls, and postal mail from BIBF.
- You can request access to, erasure of and updates to your personal data by contacting BIBF.
- You can also object to or restrict the use of personal data for direct marketing purposes, when we are performing a task in public interest or pursuing our legitimate interest.
9. Browser Based Controls
When you are using browser, to browse our websites or to avail our services or to communicate with BIBF – you can control your personal data based on your settings.
Cookie controls: You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement. We may use cookies to determine whether your browser can accept a particular type of software, or to stop pop-up boxes appearing each time you visit our site. We may use cookies for other purposes in the future, as our site develops, and this statement will be amended to reflect any such changes.
We use cookies to process information that helps us to secure our website, as well as detect fraud and abuse.
10. Your Rights in Connection With Personal Data
Under circumstances where we use your personal data, by PDPL law you have the right to:
- Request access: To your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request rectification: Of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. We may need to verify the accuracy of any new data you provide to us.
- Request erasure: Of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing: Of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which means we can continue to process your personal data.
- Request the restriction of processing: Of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to withdraw consent at any time: Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Right to lodge a complaint with the Authority: In case you consider that the processing of your personal data infringes any of your rights or provisions related to the laws and regulations in scope.
11. Time Limit to Respond
We try to respond to all legitimate requests within 20 business days. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. If you wish to exercise any of the rights set out above, please contact us through the listed contact information above.