Policies

PRIVACY POLICY

1. Commitment to Protect Your Privacy


BBAC s.a.l. (referred to in this document as “The Bank”, “We”, “Our”, “Us”) is committed to comply with the national and international data protection regulations as the Bank is aware of the importance of safeguarding the privacy, confidentiality and trust of the Data Subject’s (referred to in this document as “Data Subject”, “You”, “Your”, “Yours”) by keeping their personal data, which they entrusted the Bank with, secure against theft damage or any misuse either knowingly or unknowingly.

Data Subjects may be us, our personnel or potential personnel (work candidates), customers or potential customers, suppliers or potential suppliers, payment remitters or payment beneficiaries, or other persons.

Personal data as defined under the applied data protection regulations, including the LAW number 81 issued on 18/10/2018 by the Lebanese Parliament notably its section V and the European Union General Data Protection Regulation (GDPR) (EU) 2016/679 (hereinafter referred to as the “GDPR”) and their related terms and conditions and mandatory implementation and any subsequent amendments, is any information, whether processed manually or in electronic format, relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifying identifier such as name, identity number, location data, on-line identity card, or one or more factors relevant to physical, physiological, genetic, psychological, economic, cultural or social identity of that individual.

The purpose of this Privacy Policy is to inform you about:

  • The purpose for which your personal data is collected;
  • The personal information we may process on you;
  • How your personal data is processed (used or shared) in the course of our banking operations;
  • Your rights with respect to our Privacy Policy;
  • The process by which you can communicate your requests or complaint with respect to the processing of your personal data;
  • Why certain non-personal information are collected automatically.

Data processing includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

BBAC is the controller of your personal data and you can reach us on the contact details stated under the “CONTACT US” menu on our home page.

Our Data Privacy Policy applies to all BBAC local and foreign branches as well as representatives offices.

2. Collection of Personal Data

In order to address your request, the Bank has to collect and process information about direct and indirect parties with whom we work, including information about customers, potential customers, personnel, suppliers, and third party service providers.

The collected information is not only limited to the Bank’s customers. The Bank may need to collect and process information on:

  • Potential parties that we may deal with, such as potential customers, potential suppliers and third party service providers, and potential candidates applying for a job at BBAC, or any other party making a transaction with us.
  • Parties associated with our customers or potential customers, such as their family members, customers, suppliers, etc.;
  • Parties related to our employees or potential employees such as their family members.


The Bank may be required by law to collect, record, use and store information in order to comply with the regulatory requirements. For more information about the collection of online information, please refer to our “Cookies disclaimer”. We treat any information collected in a private and confidential manner.


3. Automatic Collection of Non-Personal Information

When you access the Bank’s website, we may automatically collect statistical information that is not personally identifiable, such as the type of Internet browser and computer operating system used, name of the domain you used to access the website, number of visits, average time spent and pages viewed.

We may use this information and share it with our providers, such as ISPs, web hosting, website developers and designers, to measure the use of the website and improve its performance or content.

4. Online Access

You can use the Bank’s website without revealing any information about yourself. If for any reasons we ask for your personal data online, it will only be in response to your request for using one of our online provided services or products.

Through your online access to the Bank’s website, we may collect and process the following data about you:

  • Information that you provide by filling in forms on the Bank’s website;
  • Any up-to-date data information concerning your personal details that you may wish to communicate through the Bank’s website;
  • Details of your visits to the Bank’s website, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access;
  • Any information you communicate to us when reporting a problem with the Bank’s website or when submitting an online claim;
  • When we ask you to complete an online survey or a question that is used for research purposes, in case you agree to respond.

5. Principals of Data Processing

When processing your data, we will do so in line with the above mentioned laws and regulations and by abiding by the following principles:

  • We will only collect and use your information where we have lawful grounds and legitimate business reasons to do so. Accordingly, we will process your personal information:
    • To fulfill a contractual agreement with you;
    • To comply with a legal obligation;
    • For our legitimate interest;
    • Where we believe that your information is in the public interest;
    • To establish, exercise or defend our legal rights;
    • Where you agree to it.
  •  We will collect information from different places including:
    • Directly from you;
    • From third parties acting on your behalf, such as procurators, lawyers, or other authorized intermediaries;
    • From public information;
    • From other organization that maintain information retrieved from public records.


    • We will use the collected information for the purpose it was gathered for and we will inform you prior to utilizing any of the collected data in case we were planning to use it for something else in order to obtain your relevant permission. In this respect, the Bank will collect on you:
      • Personal details such as your name, gender, date and place of birth;
      • Contact details including your address, phone number and e-mail;
      • Identity information including ID or passport information, tax identification or social security number when required;
      • Family information including information about your parents, spouses and children;
      • Work Information including work address and phone number, current and previous job details;
      • Financial information such us your source of income and annual income;
      • Account information including information about the beneficial right owner of the account or other parties that are directly or indirectly associated with the account and its activities;
      • Other information that you may give us when filling specific forms of communicating with us, whether face to face or by phone, e-mail, mobile or online banking applications or when answering to any of our market research enquiries;
      • Other information that we may need on you or any other third party in order to provide you with a specific product or service, including but not limited to, health information or family information in order to provide you with a health insurance;
      • Information that you have asked or allowed us to collect on you from other sources, such as other banks or third parties that you have dealt or still dealing with.


    • We will update our records when you inform us that your details have changed or require amendment and we will continue to review and assess the quality of our information, yet it is your responsibility to make sure that you give us accurate and up to date information and in case you provide information for another person on your account or associated with your account, you will need to tell them about the terms stated in our Privacy Notice


    • We will be transparent in our dealings with you, and we will tell you about how we will collect and use your information. For instance, BBAC will use your information to:
      • Provide you with the products/services that you have requested;
      • Abide by the applied laws and regulations;
      • Protect the Bank’s interest against any abuse or misuse of our services and products which include but not limited to:
      • Confirm your identity and address;
      • Understand how you use your accounts, the transactions you process through us, and their legitimacy;
      • Identify and investigate unusual transactions processed on your accounts.
      • Carry out your instructions;
      • Improve our products and services;
      • Advertise our products and services to you and others;
      • Offer you other services that we believe may benefit you unless you ask us not to.


      BBAC will invest all its effort to protect your information by:

    • Providing regular and on-going trainings for our staff on their privacy obligations;
    • Implementing the most appropriate physical and technological security measures to protect your information regardless of where it is held.

    • 6. Transmission/ Disclosure of Personal Data

      In order to fulfill your request and the Bank’s contractual agreement with respect to specific products or services, we may need to transmit your personal data to other countries or process your data by disclosing information with third party service providers or with Our supervisory authorities or law enforcement agencies without your prior consent in order to comply with legislative and regulatory requirements; including fighting money laundering, terrorism financing laws; and all related predicate offenses.
      Furthermore, and in order to ensure compliance with the applied regulations and to protect the Bank’s interest, we may share your personal information with third parties. Including but not limited to our external auditors, legal advisor, or financial or business consultant, or agencies that we deal with in order to perform background check and market enquiries related to parties we deal with (whether customers, suppliers, consultant, advisors, or third party service providers). For instance when you request to open an account with BBAC or apply for a new product and service, including credit facilities, we may perform credit and identity checks with other parties, such as other banks, credit agencies, information provider agencies or parties that you have informed us that you deal with.
      When transmitting data to third countries or third parties, we commit:

    • To ensure that the third party has appropriate security measures in place and will contractually require them to comply with our Privacy Principles;
    • To ensure that suitable safeguards are in place before personal information is transferred to other countries.

    • 7. Your Rights

    Under the Privacy Policy, you have the right to ask the Bank about:


    • The Bank’s obligation to protect your personal data;
    • The lawful conditions we rely on to process your data;
    • The type of personal data we are collecting;
    • The purpose for collecting your personal data;
    • Other sources from where we could gather data on you;
    • The need and purpose to disclose your data to third parties in order to meet our regulatory or contractual requirement and the consequences for not providing the data;
    • The countries we may send your data to and the need to do so as well as the applied security measures;
    • The applied method to request the Bank to:
      • Use your personal data for specific circumstances;
      • Rectify inaccurate personal data held about you;
      • Erase your personal data in certain circumstances, if in compliance with the applied laws;
      • Provide you with a copy of your personal data in a commonly used electronic format so that you can transfer them to other businesses;
      • Not to make automated decisions about you based on your personal data that produce significant legal effects;
      • Restrict the use of your personal data for specific circumstances.


      You also have the right to be informed about:

    • The need to process your data for other purposes;
    • Any personal data breach without undue delay, where that breach is likely to result in a high risk to your rights and freedoms.

    • 8. Possible Constraints Associated with Your Request

      Refusing to provide us with your personal information may drastically affect our ability to assist you with our banking services and it may deny you the right to benefit from specific products or services.
      Furthermore, it should be noted that your request to rectify, erase, stop an automated decision or restrict the use of your personal data, may have an implication with respect to some or all of the services and products that you are benefiting from and that it is the Bank’s right to unilaterally suspend or terminate the business relationship and any or all of the services/products you are benefiting from as a result of any legal or operational implication that may result due to your request.

      9. Retention Policy

      The Bank will abide by its information retention policies with respect to your personal information and will ensure that it is securely disposed of at the end of the appropriate retention period as described below:

    • Information processed on parties who maintained a direct or indirect business relationship with the Bank or made any transaction with the Bank / Information processed on the Bank’s personnel / Information processed on the Bank’s suppliers and third party service providers: We will keep the information as long as the relationship is active and for 10 years after the date of terminating the business relationship.
    • Potential customers who did not maintain any direct or indirect banking relationship with the Bank: We will keep the information for 5 years (6 months for Cyprus Branch only as per the applied).
    • Candidates who applied for a job at the Bank: We will keep the information for 1 year if not hired (6 months for Cyprus Branch as per the applied regulations).


    Where our retention policy in violation with the laws and regulations applied in the jurisdictions where the Bank is operating or where the data was processed, the Bank shall retain the collected information for the period specified in the regulations applied in that jurisdiction.


      10. Privacy Policy Amendment

      We constantly review our policies and attempt to keep them up-to-date.
      Accordingly, we may change this Privacy Policy from time to time as the need arises. Any changes we may make to our Privacy Policy in the future will be posted on this page.

      11. Third Party Sites

      The Bank’s website contains links to other websites that may be of interest to our website visitors, for example: payment provider, advertising, LinkedIn, Facebook, YouTube, etc. Please be notified that we are not responsible for the privacy practices of other websites. We encourage you to be aware and read the privacy statements of each website that collects your personally identifiable information.

      12. Cookies

      For the purpose of enhancing your experience when browsing the Bank’s website, sometimes, we may use cookies to distinguish you from other users. Please refer to our “Cookies Disclaimer” for more details with respect to the cookies that we use and their purpose.

      13. Contact us

      For any request concerning the applied Data Protection Policy, please contact our assigned Data Protection Officer on the following e-mail: BBAC_DPO@bbac.com.lb
      You can also reach us on the contact details stated under the “Contact Us” menu on our homepage.

      14. Privacy Notice Consent Form

      For further details about the purpose for collecting and processing your personal data, please refer to your nearest BBAC branch and request a copy of our detailed Privacy Notice/Consent Form.