MUFG Bank, Ltd., Riyadh Branch ( “MUFG Bank" or “we" or “us" or "our") is a branch of MUFG Bank, Ltd., a company incorporated in Japan. We are regulated by the Saudi Central Bank and are authorised and regulated as a financial institution in the Kingdom of Saudi Arabia.
This privacy notice informs you about how we collect, use, store, disclose, transfer and otherwise process your Personal Data for the effective running of our business before, during and after your working relationship with us and about your rights in relation to your Personal Data. For convenience, in this privacy notice, references to “you" shall include your dependents, beneficiaries and or other family members where relevant.
This notice is relevant to you if you are, or are applying to be, or were formerly, an employee, consultant, contractor, worker, assignee, secondee, trainee, apprentice, work experience student, director or officer of ours, whether on a temporary or permanent basis. This notice is also relevant to any of your dependents, family members, or beneficiaries whose personal information you have provided to us, and who we require you to share this notice with.
By providing us with any Personal Data or Sensitive Personal Data of any other person, such as your dependents, beneficiaries, and or other family members, you are confirming that you have obtained their prior consent to do so and that you have informed your dependents, beneficiaries, and or other family members (as relevant) of the contents of this privacy notice, including the purpose for which such data has been obtained and how it will be processed.
This privacy notice does not form part of any contract of employment or other contract to provide services, although we may require to process your Personal Data in order to perform our obligations or exercise our rights under that contract.
Unless otherwise stated herein, terms defined in this privacy notice are as defined under the KSA Data Protection Policy that is applicable to MUFG Bank Ltd. Riyadh Branch.
We may provide you with other privacy notices on specific occasions prior to or during the collection of your Personal Data. A copy of the KSA Data Protection Policy is available internally and on the shared drive.
Date of the Last Update:
This privacy notice was last updated on 13 th September 2024. Should you wish to review the update history please contact the Data Protection Officer.
1. Identity of Data Controller
MUFG Bank Ltd. Riyadh Branch is a Data Controller which collects, uses and is responsible for processing your Personal Data and Sensitive Personal Data in manual and electronic format.
Contact Details:
If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, you can contact us using the details below:
Entity Name: | MUFG Bank, Ltd., Riyadh Branch |
Address: | 5th Floor, Building RD-01, Al-Raidah Digital City P.O. Box 66822, Riyadh 11586 Kingdom of Saudi Arabia |
Phone Number | +966-11-835-3900 |
License or Commercial Register | 1010610711 |
Data Protection Officer Details | Email: dataprotection@sa.mufg.jp |
2. What Personal Data Is Collected?
To the extent permitted by applicable law, we may collect and process your Personal Data which shall include, without limitation, the following:
- Personal details: your title, name, e-mail address, telephone details, home address and contact details, date and place of birth, gender, marital status and family details (which may include details of your dependents, beneficiaries or other family members), emergency contact information, outside business interests, personal account dealings, images of you and /or your dependents, beneficiaries or other family members as may be relevant (i.e. photos);
- Background: your application letters, resume/CV, work references, educational background, professional qualifications, membership of professional associations, employment history, areas of expertise, other skills, information you provide about your personal life, interview feedback, credit check and criminal record check (where authorised by applicable local law);
- Right to work/immigration: your and those of your dependents and other family members' citizenship/nationality, passport/ identity card number/resident permit details / work permit information;
- Role: your position, title, role, job grade, division, department, location, managers, reports, staff identification number, employment status and type, terms of employment including benefits information, employment contract, start date, termination date, length of service, and reason for leaving;
- Pay and benefits: details of salary and benefits; performance appraisals and salary reviews, benefits, benefits selections, details of your beneficiaries, dependents and next of kin, tax/social security identification numbers (if applicable), contributions to social, healthcare and pensions funds, and bank account details;
- Performance and conduct: facts and opinions regarding your performance, performance and talent ratings, development plans, promotions, training records, regulatory certifications, correspondence regarding your conduct and activities, performance improvement plans, records of disciplinary and grievance procedures and related correspondence; and
- Work schedule and absences: working time records and other management records, building access, overtime, records relating to holiday, sickness leave and other absence records.
Since the preliminary steps of our contractual relationship, much of the Personal Data we collect about you will have been given to us by you directly, but it may also come from other internal sources, such as your manager and colleagues, or in some cases, external sources, such as referees, background check providers and recruitment agencies or from publicly available sources.
In addition to Personal Data provided by you, we may also obtain personal information from other sources such as, for example:
- Data obtained from our systems: our information technology systems, which record emails, telephone conversations and other electronic communications and web usage on work systems and devices; and
- Cookies and Location Data: closed circuit TV systems and building access controls, which may record your attendance at our premises.
Please note that in some cases we are required by law or as a consequence of a contractual relationship we have with you to collect certain Personal Data about you and of your dependents, beneficiaries and other family members (as may be relevant), and your failure to provide such Personal Data may prevent or delay the fulfilment of these obligations.
We may also collect other information relating, for example, to your health, which may amount to Sensitive Personal Data. Sensitive Personal Data may include information concerning the race or ethnic origin, political opinion, religious or other beliefs, physical or mental health of you and your dependents and other family members (as may be relevant), [biometric data - such as fingerprints, a voice recording or use of facial recognition technology], information relating to your parentage, as well as security information and criminal convictions and offenses. Purposes for which we process Sensitive Personal Data may include where the processing is necessary for us to exercise rights or carry out obligations in connection with an employment agreement with you (for example, processing health information for statutory sick pay purposes, making reasonable adjustments for disabilities, as well as for complying with our legal obligations, such as those related to health and safety, as well as for administering health and life insurance policies (and processing pay/ benefit information to insurance providers for the purposes of procuring such insurance), for completing necessary background checks, and equal opportunities monitoring where required by local law or, otherwise, subject to your consent).
3. How Do We Collect Your Personal Data and What Is The Purpose For The Collection?
We may collect the personal data about you from the following sources:
- Personal data that you give us: This is personal data about you that you give to us either directly or through electronic means including emails or other electronic communication such as telephone conversation, or other electronic communication with us and our employees. Our information technology systems may record details of those communications, including their content
- Personal data that our systems collect about you: If you visit our websites they will collect some information about you and your visit, including the internet protocol (IP) address used to connect your device to the internet and some other information such as your browser type and the pages on our site that you visit. Our websites may also download "cookies" to your device as described in our separate cookie statements on our websites if applicable. Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises.
- Other personal data: We may also collect some personal data from other sources such as (a) your colleagues or other business contacts who may give us personal data about you, such as your contact details or details of your role. If we need to conduct background checks involving you, this may require more extensive personal data about you, and (b) we sometimes collect personal data from third party data providers, the internet or other publicly available sources for background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
We process your Personal and Sensitive Personal Data for a variety of purposes pursuant to our contractual relationship with you and otherwise to the extent permitted by applicable law or, in some cases, subject to your consent. Such purposes may include:
- To manage our contractual relationship with you: We process Personal Data for management of work and employees, performing any contract we have with you and for administering, managing and exercising rights and obligations in relation to our relationship with you. This includes, but is not limited to, performing background checks and interviews as part of our recruitment process, assessing qualifications or suitability for a particular role or task, applying for work permits and confirming rights to work, immigration processes and requirements, assessing training and development needs, assessment of employees' performance and salary reviews and determining performance requirements, managing absences, determining remuneration, administration of payroll and finance administering payroll and benefits including making required income tax and social security deductions (if applicable), administration and improvement of employee benefits such as leave entitlement, processing work-related claims (for example expenses claims and insurance claims), investigating and managing grievances and disciplinary matters, resolving disputes, providing references, and varying or terminating our relationship.
- To comply with laws and regulation: We process your Personal Data for the purpose of complying with applicable laws and regulation, record keeping and achieving compliance with the requirements of the law, co-operating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting the integrity of the financial markets. This includes, but is not limited to, maintaining insider lists, personal account dealings, outside business interests, gifts and entertainment records, managing conflicts of interest, administering and keeping records of training, monitoring compliance with laws and internal policies including through monitoring telephone calls, email and other messaging and web usage, investigating, recording and reporting breaches or potential breaches of laws and internal policies and procedures including suspicious transactions or activities, making available and administering whistleblowing schemes, providing regulatory certifications and references, making registrations with regulatory bodies or other authorities, making conduct-related remuneration adjustments, and complying with information requirements and requests from regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries or counterparties and courts.
- To ensure our systems and premises are secure: To the extent permitted by the Personal Data Protection Law, we process your Personal Data for our legitimate interests in ensuring administration of IT and communication systems, network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, testing our cyber resilience and ensuring compliance with our information security policies. This includes, but is not limited to, monitoring of emails, messaging and web usage, and undertaking phishing tests. We also process Personal Data obtained through closed circuit TV systems and building access controls to ensure the security and safety of our premises.
- To manage our workforce and conduct our business: We process your Personal Data for our legitimate interests in managing our workforce and resources, conducting our business, planning for the future and protecting our rights. This includes, but is not limited to, for the purposes of promotions, talent and succession planning, managing staff absences, staff transfers, secondments and assignments, compiling staff directories, investigating and managing staff grievances, disciplinary matters and terminations, making business travel arrangements, administering corporate credit cards, conducting business with our clients and counterparties, processing of expenses, administering our insurance, budgeting, accounting and auditing, managing and reporting our financial and non-financial performance, equal opportunities monitoring, performing workforce analysis and planning, undertaking staff surveys, managing mergers, acquisitions, disposals and business reorganizations, assessing and managing the risks facing our business, managing and improving our systems, processes and productivity, protecting the health and safety of staff and others, facilitating staff communication in an emergency, arranging events, seminars and CSR activities, including staff profiles in our publications, business continuity planning, handling complaints and enforcing and defending our legal rights and those of our clients, staff and affiliates.
If you provide us with Personal Data (including Sensitive Personal Data) about others, such as your dependents, beneficiaries, other family members (as the case may be) and emergency contacts, please inform them of the purpose for which you are providing the Personal Data and relevant information from this notice. We will assume, unless otherwise notified to us in writing, that by providing the information as detailed herein, you have obtained consent from those of your dependents, beneficiaries, and other family members (as the case may be) for the collection and processing by us of Personal Data (including Sensitive Personal Data) as may be applicable to them.
4. Legal Basis for Collecting and Processing Your Personal Data
The legitimate and lawful basis for processing your Personal and Sensitive Personal Data is the performance of our employment contract, as well as where the processing is necessary to comply with a legal or other regulatory obligation, including applicable foreign laws, that applies to us, or, when Sensitive Personal Data (as defined under the Personal Data Protection Law) are not involved, for our legitimate interests or the legitimate interests of third parties. We will inform you in case we need to process your Personal Data for a purpose different than the ones mentioned above and seek your consent, if needed.
5. To Whom Do We Disclose Your Personal Data?
We disclose Personal Data about you, and those of your dependents, beneficiaries, other family members (as the case may be), where reasonably necessary for the various purposes set out above, to a number of categories of recipients. In compliance with the various purposes set out above for which your data have been collected, in accordance generally with the Personal Data Protection Law and our KSA Data Protection Policy, we would like to inform you that your Personal and Sensitive Personal Data may be shared with, and processed by, the following recipients:
- our staff (including but not limited to Human Resources, Immigration, Finance, Compliance, Audit & Risk, Legal, Systems Departments, Management, Corporate Services), agents and third-party service providers who provide services to us and process Personal Data on our behalf. Third-party external consultants or service providers include payroll processors, benefits administration providers (including pension administration, insurance and occupational health and safety service providers, including health, retirement and pension insurance companies or authorities, employment and recruitment agencies, background check providers, training providers, cloud providers of our HR databases, archive service providers, business travel agencies, travel security service providers, corporate credit card providers and providers of emergency staff notification systems);
- other members of the worldwide MUFG group of companies, including for managing staff transfers, secondments and assignments, administering whistleblowing schemes, complying with requests from regulatory authorities, complying with internal policies and procedures, performing workforce analysis and planning, budgeting, accounting and auditing. Details of the MUFG group may be found at - https://www.mufg.jp/english/profile/biz_and_network/network/index.html;
- our auditors and our legal, accounting and other professional advisors; regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries, and courts, including, without limitation, the Saudi Arabian Monetary Authority, the Saudi Arabian General Investment Authority, Ministry of Labour, Immigration and Naturalisation Departments, and other relevant government or regulatory departments and institutions and law enforcement authorities;
- clients, counterparties and other persons from whom we receive, or to whom we make payments or with whom we conduct transactions; and
- persons who take over our business and assets, or relevant parts of them.
6. International Data Transfers
Because we operate as part of a global business, the recipients mentioned above may be located outside the country in which you are based, which may not have similarly strict data privacy laws and which are not recognised by the competent authorities as having equivalent standards for the protection of Personal Data. Where the recipients are located in countries where data protection laws may not provide an equivalent level of protection to the laws of the country in which you are based, to protect your Personal Data and to the extent required by the applicable law, we will put in place appropriate safeguards that are recognised by the law. These may include standard contractual clauses recognised or adopted by the competent regulatory authorities or binding corporate rules. For further information on this topic, including the locations to which we transfer your information, please contact us using the details provided below.
7. Third Party Requests
We will not share your Personal Data with any third parties unless we are entitled to do so, based on our legitimate interests, it is necessary to comply with the law or to perform a contract with you, or otherwise, without your prior consent (which you are free to withhold in accordance with your data protection rights).
Where we are entitled to share your Personal Data as with third parties (for example: service providers, contractors and subcontractors for purposes related to the performance of our contractual relationship), we will disclose only Personal Data that are necessary for the purpose, ensuring that adequate protection of your Personal Data is in place.
8. Mandatory Disclosure Of Your Personal Data And Sensitive Personal Data
Disclosure of your Personal Data and Sensitive Personal Data to statutory bodies, judicial bodies and any other governmental authorities or departments in the Kingdom of Saudi Arabia will take place only if required by law, judicial body or government authority and in accordance with their requirements.
9. How Do We Store Your Personal Data?
Your Personal Data is stored securely either in physical format predominantly at our offices, or data retention facilities in Saudi Arabia or electronically and where it is stored outside of Saudi Arabia there are adequate security safeguards and protections in place.
We will hold your Personal Data for the duration of the contractual relationship or for as long as reasonably necessary for the purposes described above in relation to which your data have been collected and processed or for as long as is necessary to comply with our legal obligations or as long as required by law or to resolve potential legal claims or disputes.
10. Your Rights Regarding Processing Of Your Personal Data
In line with the Personal Data Protection Law, you may have the following rights:
- Right to be Informed: You are entitled to be informed about how we collect your personal data, legal basis for collection and processing, how such data is processed, stored, destroyed and to whom it will be disclosed. You can access all details through the data protection policy or contact us using the information contained in this privacy notice. You are entitled to object to our use of your personal data for direct marketing purposes at any time. in certain circumstances, you are entitled to object to the processing of your Personal Data or restrict the processing of your Personal Data;
- Right of Access to your Personal Data: you are entitled to
- access the personal data that we hold about you and to obtain information about the legal basis and the purposes of processing.
- request access to your personal data, in a readable and clear format, if technically feasible.
- Right to Request Correction of your Personal Data: you are entitled to request correction of your personal data that you believe is inaccurate, incorrect or incomplete. Such data will be reviewed and updated as soon as reasonably possible.
- Right to Withdraw your Consent for Processing of Personal Data: you are entitled to withdraw your consent to the processing of your personal data at any time unless there are legal basis that require otherwise.
- Right to Request Destruction of Personal Data: You are entitled to request the destruction of your Personal Data held by us if the relevant personal data is no longer necessary to achieve the purpose for which it was collected.
- Right to Submit a Complaint: You are entitled to submit any complaint related to applying the provisions of the Personal Data Protection Law to us and/or to the Competent authority (as detailed below).
Unless otherwise stipulated by the law, you will not be required to pay any fees in return for exercising these rights. In case of submitting a request for exercising the right, you will receive a response within [insert] days of the receipt of your request in writing.
For further details regarding the processing of your personal data and how to exercise your rights, or to update or correct your Personal Data if it changes or if any Personal Data we hold about you is inaccurate, you can contact the Data Protection using the details in Section 13 below.
11. Protection Of Your Personal Data
We have implemented technical, operational and organizational measures designed to protect Personal Data from loss, misuse, unauthorized alteration or destruction and periodically review such measures to ensure they are up to date and suitable to ensure adequate protection of your Personal Data.
Where required by applicable law, we will notify you promptly in the event of any breach of your Personal Data which might expose your privacy rights and freedom to serious risk.
12. Complaints
Any complaints related to alleged breaches of Personal Data Protection Law can be raised with our Data Protection Officer at:
MUFG Data Privacy Officer- Riyadh Branch
MUFG Bank, Ltd., Riyadh Branch
5th Floor, Building RD-01, Al-Raidah Digital City,
P.O. Box 66822, Riyadh 11586, Kingdom of Saudi Arabia.
Email: DataProtection@sa.mufg.jp
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can contact the Data Protection Officer (as detailed in this Privacy Notice) and /or also file a complaint with the Competent Authority whose details are listed below:
SDAIA Details:
(Dmo@sdaia.gov.sa)
Kingdom of Saudi Arabia
Riyadh
Website: sdaia.gov.sa
National Data Governance Platform (dgp.sdaia.gov.sa).
We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.
13. Additional Information
Please be informed that, if you are requested to provide us with your consent and you are unable to do so, this may result in us being unable to process your data for certain purposes, which could mean that you are unable to receive certain services or benefits.
14. Changes
We may change this privacy notice from time to time and will inform you accordingly, including by email where required.