Privacy Policy

Introduction:

Jordan Islamic Bank is fully committed to safeguarding your personal data in strict compliance with the provisions of the Jordanian Personal Data Protection Law No. 24 of 2023 and the regulations issued by the Central Bank of Jordan. This Policy establishes the manner in which your personal data is collected, processed, and protected when you interact with the Bank and utilize its channels, including digital channels, and it specifies your legal rights with respect to such data.

Personal / Sensitive Data:

Personal data refers to any information related to you that can directly or indirectly identify you, regardless of its source or format, including information about your identity, family status, or location, as well as any data that may indicate your origin, race, religion, health status (physical, mental, genetic) – if any – or your biometric data.

Data Processing:

Processing means any operation or set of operations performed on personal data, whether manually or automatically, including collection, recording, copying, storing, organizing, refining, exploiting, using, sending, distributing, publishing, linking to other data, making available, transferring, displaying, anonymizing, encoding, destroying, restricting, erasing, modifying, describing, or disclosing it by any means.

Controller:

Any natural or legal person, inside or outside the Kingdom, to whom the data is entrusted.

Processor:

Any natural or legal person authorized to process personal data.

Scope of the Policy:

This Policy applies to all personal data collected or processed by the Bank directly (through branches or electronic channels such as the banking app, website, online banking, or call center) or indirectly through authorized third parties.

Personal Data Collected by the Bank:

The Bank collects only the minimum personal data necessary, which varies depending on the purpose of processing. Examples include, but are not limited to:
- Identification data: full name, national ID number, date of birth, nationality, gender, marital status, contact information, email, phone number, biometric data, health status, etc.
- Identity documents: ID card, passport, or any other official documents.
- Addresses: current and permanent residence addresses, and any other related addresses with supporting documents.
- Employment data: job title, employer name, position, employment status, employer contact details, and supporting documents.
- Financial and tax data: income, sources of wealth, account and financing details, liabilities and guarantees, account activity, tax information (e.g., tax identification number, FATCA forms), and other related necessary information.
- Transaction details: all financial operations conducted by you or through an associated party, including dates, amounts, currencies, transaction purpose, and beneficiaries.
- Digital identifiers and location data: IP address, email, location data, ATMs used, and visited branches.
- Tracking files and multimedia: cookies.
- Images, videos, and audio recordings.
- Risk classification data: e.g., credit risk classification and information about your ability to manage obtained credit.
- Due diligence data: data required in agreements, contracts, and invoices to ensure compliance with anti-money laundering regulations and other regulatory obligations.
- Related individuals’ data: family members, agents, guardians, or witnesses.
- Product and service details: products or services you inquire about or purchase.

Legal Basis for Processing:

The Bank processes personal data based on one of the legal grounds stipulated in Article 4 of the Jordanian Personal Data Protection Law:
- Explicit consent: where prior consent is required.
- Contractual necessity: processing necessary to provide the requested services and products.
- Legal or regulatory obligation: compliance with laws, regulations, instructions, and regulatory requirements.
- Legitimate interests: processing related to the Bank’s operations, provided it does not conflict with your fundamental rights and freedoms.
- Vital interests protection: processing necessary to preserve your life or safety.

Cookies:

We use cookies to enhance your browsing experience. Some are necessary for the website to function and do not require your consent, while others are non-essential and activated only after obtaining your consent. You may refuse or delete non-essential cookies through your browser settings.

External Links Responsibility:

Our website may contain links to other websites not managed by the Bank. The Bank is not responsible for the content, privacy policies, or practices of those sites.

How We Use Your Data:

The Bank processes your personal data for legitimate purposes related to banking and commercial dealings, providing requested services and products, fulfilling regulatory obligations, and other operational purposes. These include, but are not limited to:
- Enabling access to banking products and services.
- Managing your accounts and banking relationship.
- Providing information related to your accounts or services.
- Marketing banking products and services suitable for you (with your prior explicit consent).
- Evaluating, developing, and improving services provided to you.
- Handling inquiries and complaints.
- Communicating via mail, phone, SMS, email, or other digital means.
- Providing electronic banking services.
- Monitoring, recording, and analyzing communications to protect your financial interests.
- Assessing applications submitted to the Bank.
- Sharing data with government authorities, regulatory bodies, credit reference agencies, and other relevant external entities.
- Sharing data with Bank partners, service providers, and external auditors.
- Compliance with anti-money laundering and counter-terrorism financing requirements.
- Preventing fraud and financial crimes.
- Implementing cybersecurity and technical security controls.
- Verifying the accuracy and sufficiency of data from other parties involved in transactions with the Bank.
- Security-related purposes.
- Recovering any outstanding debts, legal actions, or obtaining legal advice.

Disclosure and Sharing of Information:

The Bank will not disclose personal data to third parties except as legally permitted, with your consent, or when necessary to provide the service under security and privacy standards. Disclosure is limited to:
- Legal and regulatory obligations: compliance with requirements from legal, regulatory, supervisory, or judicial authorities.
- Explicit consent: when prior consent is granted to share data.
- Service providers and data processors: trusted parties contractually obligated to maintain confidentiality, such as technical, consulting, legal, or financial service providers.
- Bank partners: including correspondent or agent banks, clearing and settlement systems, payment service providers, insurance and reinsurance companies, external auditors, and debt collection agents.
- Related parties: agents, authorized representatives, joint account holders, or recipients of transfers.
- Corporate transactions: in cases of restructuring, merger, acquisition, or transfer of rights or obligations.
- Law enforcement and regulatory authorities: during investigations or audits.
- Fraud prevention and credit reference agencies: for identity verification, credit checks, and fraud detection.
- Professional entities: law firms, legal or professional advisors.
- Bank branches and subsidiaries, or any other parties as allowed by law.

The Bank confirms its commitment to not share your data except with legally authorized parties or trusted contractors, in accordance with confidentiality and privacy standards.

Data Transfer Outside Jordan:

The Bank may transfer and process personal data outside Jordan if necessary for business purposes. Such transfers are limited to authorized entities and for legitimate banking services. The Bank ensures these entities adhere to contractual agreements that provide adequate protection and confidentiality in line with applicable laws.

Data Protection:

The Bank implements advanced measures to protect personal data against loss, unauthorized access, misuse, modification, or disclosure, including:
- Strong encryption protocols for electronic data.
- Strict access controls.
- Emergency and incident response plans.
- Employee training on privacy and confidentiality obligations, including signed commitments.

Notification of Breach:

- In case of a security breach affecting the confidentiality, integrity, or availability of personal data, the Bank will assess the incident and take immediate corrective measures.
- Affected individuals will be notified in a timely manner via the contact information registered with the Bank.
- The notification provides essential information about the breach and measures taken to protect and mitigate potential impact.

Data Retention:

The Bank retains personal data securely for as long as necessary to achieve the purposes for which it was collected or as required by law, which may extend beyond the end of the banking relationship to:
- Comply with legal and regulatory requirements.
- Assist in fraud and financial crime detection and prevention.
- Respond to regulatory or supervisory requests.

Data will be securely disposed of after it is no longer required.

Minors and Legally Incompetent Individuals:

For individuals without legal capacity, prior consent from a parent, guardian, or judicial approval is required, as determined by the competent data protection authority, if in the best interest of the individual.

Your Legal Rights:

Subject to applicable laws, you may exercise the following rights under the Jordanian Personal Data Protection Law:
- Access your personal data.
- Correct or update inaccurate data.
- Withdraw consent.
- Object to processing.
- Request data transfer to another provider.
- Request deletion of data as permitted by law.
- File a complaint with the Personal Data Protection Council.
- Be notified promptly of any significant breach affecting your personal data.

Requests may be declined if they conflict with laws, regulatory obligations, identity verification requirements, due diligence, or security and operational needs.

Contact Information:

You can contact the Bank for any inquiries or complaints related to your legal rights via:
- Call Center : +96265680001
- Email: Customer.complaints@islamicbank.com.jo
- Online form: www.jordanislamicbank.com/ar/contact-us
- Mail: P.O. Box 926225, Amman 11190, Jordan
- Fax: +96265666326, +96265606144, +96265684755
- Headquarters: Shmisani, Culture Street, Building No. 3, Amman, Jordan
- Data Protection Directorate: +96265805700, Ministry of Digital Economy and Entrepreneurship

Filing Complaints:

Complaints regarding the use of personal data will be handled according to established procedures.

Policy Updates:

This Policy may be updated from time to time. Material changes will be communicated via the Bank’s website or other approved means. Your renewed consent may be requested if necessary.

Effective Date:

This Policy is effective from the date of publication on the Bank’s website and remains in force until amended or replaced.
 27 OCT 2025