Privacy Notice (Dubai)
Privacy Policy for Customers, Vendors and Suppliers
1. INTRODUCTION
On 1 July 2020 the Data Protection Law (the "DP Law") came into force in Dubai International Financial Centre ("DIFC") (DIFC Law No. 5 of 2020). As part of our implementation we are obliged to provide our customers, vendors and suppliers (together "you"; "your") with a privacy policy. This is aimed at notifying you about the personal data that Japan Bank for International Cooperation ("JBIC"; "we"; "us"; "our") holds relating to you, how you can expect your personal data to be used and for what purposes.
JBIC is a data controller. This means that we are responsible for determining the purposes and means of processing personal data about you.
It is important that you read this privacy policy, together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
2. DATA PROTECTION PRINCIPLES
We will comply with the DP Law. This says that the personal data we hold about you must be:
- (a) Used lawfully, fairly and in a transparent way;
- (b) Processed only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- (c) Relevant to the purposes we have told you about and limited only to those purposes;
- (d) Accurate and kept up to date;
- (e) Processed in accordance with the application of data subject rights under the DP Law;
- (f) Kept only as long as necessary for the purposes we have told you about; and
- (g) Kept securely, using appropriate technical or organisational measures.
3. DEFINITIONS
3.1. "Personal data" means any data relating to an identified or Identifiable Natural Person.
3.2. An "Identifiable Natural Person" is a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity.
3.3. "Process" and "Processing" (and other variants) are any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored Personal Data with the aim of limiting processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on personal data by:
- (a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or
- (b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security.
4. THE KIND OF INFORMATION WE HOLD ABOUT YOU
The personal data we collect about you is limited. We collect only information about your personnel (name, company name, department, title, photographs, company address, work email addresses, telephone numbers, fax numbers, educational background, work history, qualifications, bank account number, information about transactions and payment between you and us).
5. HOW YOUR PERSONAL DATA IS COLLECTED
We may collect personal data about you in a number of different ways including, but not limited to the following:
- in the course of our contracts with you; and/or
- from business cards.
6. HOW WE WILL USE YOUR PERSONAL DATA
6.1. Purpose of processing personal data
We will only use your personal data in accordance with the DP Law. Most commonly, we will use your personal data in the following circumstances:
- (a) Where we need to in performing the contract we have entered into with you.
- (b) Where we need to comply with any legal obligations.
- (c) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data where we need to protect your vital interests (or someone else's vital interests).
6.2. Situations in which we will use your personal data
We may use your information for the following purposes:
| Purposes | Legal basis for processing | ||
|---|---|---|---|
| Allows us to perform our contract with you |
Enables us to comply with legal obligations |
Pursue legitimate interests of our own or those of third parties |
|
| Entering into the contract with you | ● | Business management and operations | |
| Performing the contract we are about to enter into or have entered into with you | ● | ● | |
| Maintaining and developing our relationship with you | ● | Business management and operations | |
| Facilitating our internal business operations including accounting, billing, collections, and payments | ● | ● | Business management and operations |
| Fulfilling our legal and regulatory obligations | ● | ||
| For internal sharing of information necessary for our business | ● | Ensuring corporate governance to comply with obligations under laws, regulations and norms; and Business management and operations |
|
We may process your personal data for direct marketing purposes. In such circumstances, we will inform you before your personal data is disclosed for the first time for the purposes of direct marketing. You have the right to object to processing your personal data for marketing purposes and we will provide you with the means to exercise any objections in the marketing material we send you.
Visitors to our offices
When attending our offices, you may be asked to provide identification documents to clear our security checks. We will retain details of these identification documents in accordance with this privacy policy.
7. SHARING YOUR PERSONAL DATA
We may share your personal data:
- with other JBIC affiliated entities on a confidential basis for the performance of our contracts and/or in compliance with our legislative and regulatory requirements;
- with third parties for auditing and accounting purposes;
- with regulators, courts and law enforcement agencies as necessary; and
- in other circumstances where we have your express consent to do so.
8. DATA SECURITY
We take the security of personal data seriously. We have internal policies and controls in place to protect your personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties. We will take all reasonable steps to ensure that the information that we hold about you is kept confidential and secure. In addition to personal data being kept electronically, we may also store physical documents on file.
Where we engage with third parties to process personal data on our behalf, such parties do so on the basis of a written contract under which they are obliged to implement appropriate technical and organisational measures to ensure the security of the personal data.
9. TRANSFERRING DATA ABROAD.
We may transfer your personal data that we collect about you from DIFC to our head office in Japan or other representative offices outside the DIFC, in order to perform the activities and our contract with you.
In the circumstances where we transfer your personal data that we collect about you from DIFC to a jurisdiction that lacks an adequate level of protection for personal data, we will adopt appropriate safeguards in accordance with the DP Law which may include, without limitation, the use of standard contract clauses approved by the DIFC Data Protection Commissioner.
10. RETENTION OF YOUR PERSONAL DATA
We will retain your personal data only for as long as is reasonably necessary in the circumstances and in compliance with our legislative and regulatory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. YOUR RIGHTS
In accordance with the DP Law in the DIFC in which we operate, you have the right to:
- request access to the personal data which we hold about you;
- request correction of your personal data;
- request the transfer of your personal data to another party;
- request to withdraw consent, where consent is the basis for processing your personal data;
- non-discrimination where you exercise any of your rights under this privacy policy;
- object to the processing of personal data at any time on reasonable grounds relating to the individual's situation;
- request the restriction of processing; and
- request the erasure of your personal data if we are no longer under a legal obligation to process such data.
12. COOKIES
Our website uses cookies (small data files which are downloaded to your computer) so that we can recognise that your computer has visited the site before. We do not use cookies to identify you, just to improve your experience of the site. On the cookie banner which appears on our website or on Cookie Settings, you can select accepting or rejecting our use of cookies except those essential for the website and third parties’ (JBIC’s analytics partners’) operation of the website. You can also change the settings on your web browser so that it will not automatically download cookies. However, if you disable cookies, some functions may be restricted when you use the content or services provided by JBIC. More information relating to our use of cookies can be found in our Cookie Policy, accessible here – https://www.jbic.go.jp/en/cookie-policy.html
13. STATUS OF THIS PRIVACY POLICY
We review this privacy policy regularly and may revise it or any part of it from time to time to reflect changes in the DP Law, other applicable law, information security and technology practices or in the way in which we process your personal data.
14.CONTACT INFORMATION
If you have any questions about this privacy policy, wish to exercise any of your rights under or relating to this privacy policy or want to submit a written complaint to us about how we handle your personal data, please contact us by telephone at (+971) (0) 4363 7091 or by email at JBICDubai_Compliance@jbic.go.jp.
You also have the right to submit a complaint to the DIFC Data Protection Commissioner in relation to how we process your personal data.