MUFG Bank, Ltd., Riyadh Branch ( “MUFG Bank" or “we" or “us" or "our") is a branch of MUFG Bank, Ltd., a company incorporated in Japan. We are regulated by the Saudi Central Bank and are authorised and regulated as a financial institution in the Kingdom of Saudi Arabia.

This privacy notice informs you about how we collect, use, store, disclose, transfer and otherwise process your Personal Data for the effective running of our business before, during and after your working relationship with us and about your rights in relation to your Personal Data. For convenience, in this privacy notice we refer to you or the organisation you represent, or the organisation with whom you are otherwise associated, as the “Company".

This privacy notice is relevant to you if you are an individual associated with a Company that has a past, existing, or prospective relationship with MUFG Bank; or an individual whose personal data is given to MUFG Bank by the Company or which we otherwise receive, in the course of our dealings with the Company. If you or the Company (as the case may be) are providing us with personal data about other individuals, such as other employees, officers or other personnel within the Company, please inform them of the purpose for which you are providing us their personal data and ensure they are aware of this privacy notice and that you have valid legal grounds to share their personal data with us under the applicable law, including their valid consent where appropriate.

This privacy notice does not form part of any other contract to provide services, although we may require to process your Personal Data in order to perform our obligations or exercise our rights under that contract.

Unless otherwise stated herein, terms defined in this privacy notice are as defined under the KSA Data Protection Policy that is applicable to MUFG Bank Ltd. Riyadh Branch.

We may provide you with other privacy notices on specific occasions prior to or during the collection of your Personal Data.

Date of the Last Update:

This privacy notice was last updated on 13th September 2024. Should you wish to review the update history please contact the Data Protection Officer.

1. IDENTITY OF THE DATA CONTROLLER

MUFG Bank Ltd. Riyadh Branch is a Data Controller which collects, uses and is responsible for processing your Personal Data and Sensitive Personal Data in manual and electronic format.

Contact Details:

If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, you can contact us using the details below:

Entity Name: MUFG Bank, Ltd., Riyadh Branch

Address: 5th Floor, Building RD-01, Al-Raidah Digital City, P.O. Box 66822, Riyadh 11586, Kingdom of Saudi Arabia.

Phone Number: +966-11-835-3900

Email: dataprotection@sa.mufg.jp

License or Commercial Register: 1010610711

Data Protection Officer Details: Email: dataprotection@sa.mufg.jp


2. WHAT PERSONAL DATA IS COLLECTED?

To the extent permitted by law, we may collect and process the following personal data about you:

  • Account Data: - Such as your name, address, email address and telephone number; information about your business relationships; information about your professional role and background; and identification documentation for verification and authorization purposes.
  • Data Obtained from third parties: - Such as data from other sources for e.g.
    • Your colleagues or other business contacts who may give us personal data about you, such as your contact details or details of your role in the Company.
    • If we need to conduct anti-money-laundering or similar background checks involving you, this may require more extensive personal data about you – for example, a copy of your passport, and
    • We sometimes collect personal data from third party data providers, international sanctions lists, the internet or other publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations
  • Data obtained from our systems:
    • If you exchange emails, telephone conversations or other electronic communications with us and our employees, our information technology systems may record details of those communications, including their content.
    • If you visit our websites they will collect some information about you and your visit, including the internet protocol (IP) address used to connect your device to the internet and some other information such as your browser type and the pages on our site that you visit.
  • Cookies and Location Data:
    • Our websites may also download "cookies" to your device as described in our separate cookie statements on our websites if applicable.
    • Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises.
  • Other Data:
    • Other data that may be provided by you or your Company and its representatives.

If you or others, such as your Company, do not provide the personal data we require for our verification and authorization purposes, or to fulfil your Company's business relationship with us, we may no longer be able to provide you with access to MUFG information and systems, and may not be able to progress our business relationship with the Company.

If you or the Company (as the case may be) do not provide personal data that we request, we may not be able to provide (or continue providing) or we may not be able to receive (or to continue to receive) (as applicable) relevant services or otherwise do business with you or the Company.

If you or the Company (as the case may be) are providing us with personal data about other individuals, such as other employees, officers or other personnel within the Company, please inform them of the purpose for which you are providing us their personal data and ensure they are aware of this privacy notice and that you have valid legal grounds to share their personal data with us under the applicable law, including their valid consent where appropriate.


3. HOW DO WE COLLECT YOU PERSONAL DATA AND WHAT IS THE PURPOSE FOR THE COLLECTION?

We may collect the personal data about you from the following sources:

  • Personal data that you give us: This is personal data about you that you or the Company give to us either directly or through electronic means including emails or other electronic communication such as telephone conversation, or other electronic communication with us and our employees. Our information technology systems may record details of those communications, including their content
  • Personal data that our systems collect about you: If you visit our websites they will collect some information about you and your visit, including the internet protocol (IP) address used to connect your device to the internet and some other information such as your browser type and the pages on our site that you visit. Our websites may also download "cookies" to your device as described in our separate cookie statements on our websites if applicable. Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises.
  • Other personal data: We may also collect some personal data from other sources such as (a) your colleagues or other business contacts who may give us personal data about you, such as your contact details or details of your role in the Company. If we need to conduct anti-money-laundering or similar background checks involving you, this may require more extensive personal data about you for example, a copy of your passport, and (b) we sometimes collect personal data from third party data providers, international sanctions lists, the internet or other publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.

4. LEGAL BASIS FOR COLLECTING NEW DATA:

In accordance with the Personal Data Protection Law, the legal basis on which we rely in processing your personal data is:

  • Legitimate Interest: We process your personal data, as necessary to pursue our legitimate and lawful business and other interests, for the following purposes and in accordance with any restrictions under the applicable law:
    • Providing our products and services to the Company, including to ensure that agreements with, and instructions from, the Company are authorized and validly executed;
    • Receiving goods or services from the Company, including to ensure that agreements with the Company provide a “relationship manager" point of contact, and ensuring that such agreement with the Company is authorized and validly executed; managing and improving our systems and processes, including through monitoring and managing their usage;
    • Complying with, or directly or indirectly facilitating compliance with, the requirements in any jurisdiction of any exchange, trading facility, trading system, organized market, clearing house, settlement system, exchange or other infrastructure provider to facilitate clearing and settlement (a “ Market");
    • Protecting the security and integrity of our premises, information technology systems and information;
    • Investigating and responding to complaints and other incidents affecting our or the Company's businesses; and
    • Enforcing and defending our legal rights and those of the Company, its employees, officers and affiliates, including potential legal claims or disputes.
  • Contractual Necessity: We process your personal data, as necessary to comply with contractual requirements and fulfil the obligations for e.g.
    • Managing our relationship with the Company;
      Assessing and managing the risks facing our businesses, including detecting and preventing fraud and other financial crimes;
    • Protecting the security and integrity of our premises, information technology systems and information;
    • Investigating and responding to complaints and other incidents affecting our or the Company's businesses; and
    • Enforcing and defending our legal rights and those of the Company, its employees, officers and affiliates, including potential legal claims or disputes.
  • Explicit Consent: We process your personal data, subject to consent where required, to undertake business development activities (including marketing of our products and services to the Company). We will not send marketing communications to you in your personal capacity). You can withdraw your consent at any time without affecting processing operations carried out based on other legal bases. To this end, you can contact the Data Protection of MUFG Bank.
  • Regulatory and/ or Statutory obligation: We also process your personal data to comply with law and regulation and as necessary to pursue our legitimate and lawful interests in directly or indirectly facilitating compliance with the requirements of the law, co-operating with our regulators and other authorities, complying with applicable foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our business and the integrity of the financial markets. This involves processing your personal data for the following purposes:
    • Carrying out know-your-client (“KYC"), anti-money laundering, anti-terrorism, anti-market-abuse, anti-bribery and corruption, anti-fraud/other financial crime and sanctions compliance activities, including identity checks and background screening:
    • Monitoring transactions and reporting on them to competent authorities;
    • Keeping records of communications with the Company, including recording telephone, emails and instant messaging; and
    • Responding to enquires from, and otherwise co-operating with, regulatory, tax, law enforcement and other governmental agencies or authorities, Markets, brokers or other intermediaries or counterparties and courts.

Personal data collected by us for the sole purpose of preventing money laundering and terrorist financing may not be processed in a manner incompatible with these purposes unless we have obtained the individual's express consent or we are otherwise permitted by law.


5. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

  • We will disclose personal data about you, to the extent permitted by the applicable law, where reasonably necessary for the various purposes set out above, to:
    • Other members of the worldwide MUFG group of companies. Details of the MUFG group may be found at https://www.mufg.jp/english/profile/biz_and_network/network/index.html;
    • Your colleagues representing the Company;
    • Counterparty financial institutions, Markets and other persons from whom we receive, or to whom we make payments, or with whom we conduct other transactions;
    • Our legal, accounting and other professional advisors such as insurers and auditors, so that they can advise us;
      service providers who hold or process your personal data on our behalf, under strict conditions of confidentiality and security;
    • Persons who take over our business and assets, or relevant parts of them;
    • Regulatory, tax, law enforcement or other governmental agencies or authorities, courts or litigation counterparties, in any country or territory; and
    • Other persons where we are required by law or regulation to disclose.
  • These disclosures may involve transferring your personal data abroad. You should be aware that this may include transfers to countries outside of the jurisdiction in which you and/or we are located, which do not have similarly strict data privacy laws and which, where applicable, will not be recognized by the competent authority as affording a similar level of protection to personal data. In those cases, to the extent permitted by the applicable law, we will put in place appropriate safeguards, , in accordance with the requirements of applicable data protection laws.

6. HOW DO WE STORE YOUR DATA?

Your Personal Data is stored securely either in physical format predominantly at our offices or data retention facilities in Saudi Arabia or electronically and where it is stored outside of Saudi Arabia there are adequate security safeguards and protections in place.

We retain personal data only for as long as reasonably necessary for the purposes described above or as long as required by law or regulation or to resolve potential legal claims or disputes. We will destroy your personal data as soon as the purpose for which that personal data was collected is no longer being served by the retention of such personal data and the retention is no longer necessary or otherwise permitted or required under the applicable law or otherwise for any judicial process.

7. YOUR RIGHTS REGARDING PROCESSING OF YOUR PERSONAL DATA

Under the Personal Data Protection Law, you have the following rights which primarily depend on the purpose of Personal Data collection and processing:

  • Right to be Informed: You are entitled to be informed about how we collect your personal data, legal basis for collection and processing, how such data is processed, stored, destroyed and to whom it will be disclosed. You can access all details through the data protection policy or contact us using the information contained in this privacy notice. You are entitled to object to our use of your personal data for direct marketing purposes at any time. in certain circumstances, you are entitled to object to the processing of your Personal Data or restrict the processing of your Personal Data;
  • Right of Access to your Personal Data: you are entitled to
    • Access the personal data that we hold about you and to obtain information about the legal basis and the purposes of processing
    • Request access to your personal data, in a readable and clear format, if technically feasible
  • Right to Request Correction of your Personal Data: you are entitled to request correction of your personal data that you believe is inaccurate, incorrect or incomplete. Such data will be reviewed and updated as soon as reasonably possible.
  • Right to Withdraw your Consent for Processing of Personal Data: you are entitled to withdraw your consent to the processing of your personal data at any time unless there are legal basis that require otherwise.
  • Right to Request Destruction of Personal Data: You are entitled to request the destruction of your Personal Data held by us if the relevant personal data is no longer necessary to achieve the purpose for which it was collected.
  • Right to Submit a Complaint: You are entitled to submit any complaint related to applying the provisions of the Personal Data Protection Law to us and/or to the Competent authority (as detailed below).
  • 8. PROTECTION OF YOUR PERSONAL DATA

    We have implemented technical, operational and organizational measures designed to protect Personal Data from loss, misuse, unauthorized alteration or destruction and periodically review such measures to ensure they are up to date and suitable to ensure adequate protection of your Personal Data.

    Where required by applicable law, we will notify you promptly in the event of any breach of your Personal Data which might expose your privacy rights and freedom to serious risk.

    9. COMPLAINTS

    Data Protection Officer Details:

    Name: MUFG Data Privacy Officer- Riyadh Branch

    Address:
    MUFG Bank, Ltd., Riyadh Branch
    5th Floor, Building RD-01,
    Al-Raidah Digital City,
    P.O. Box 66822, Riyadh 11586, Kingdom of Saudi Arabia.

    Email: DataProtection@sa.mufg.jp

    If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can contact the Data Protection Officer (as detailed in this Privacy Notice) and /or also file a complaint with the Competent Authority whose details are listed below:

    SDAIA Details:
    (Dmo@sdaia.gov.sa)
    Kingdom of Saudi Arabia Riyadh
    Website: sdaia.gov.sa
    National Data Governance Platform (dgp.sdaia.gov.sa).

    We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.

    10. CHANGES

    We may change this privacy notice from time to time and will inform you accordingly, including by email where required.