Last Updated: November 1st, 2023

Disclaimer:

All information provided by you in the platform will be accessible to Potential.com company.

Reference to ‘We’ or ‘our’ or ‘us’ used in this Privacy Notice includes Bank Muscat and other Bank Muscat overseas registered offices and branches. Whenever we’ve said ‘you’ or ‘your’, this means you, customer or visitor, including any authorized person on your account including; joint account holders, anyone who does your banking or deals with us for you (e.g. trustees, attorneys or executors), beneficiaries, and other people in your organization (including authorized signatories, partners, members and trustees). By 'your information' or ‘your data’ or ‘your personal data’ we mean any information about you that you or third parties provide to us.

The Provisions of this Privacy Notice

The terms mentioned here set out our Privacy Notice in respect of personal information provided by customers or visitors explains how we collect, process and share personal data. If you are also a customer of the Bank, the privacy of the personal information provided by you as a visitor will also be governed by our privacy norms applicable to personal information of customers. In particular, the personal information provided by you as a visitor may be used for purposes other than those provided in the terms and conditions governing your account. Our business has been built on trust between our customers and ourselves. We have a duty to safeguard and keep confidential any information relating to our customers or financial affairs. Whether it is provided to us in person at one of our branches or registered offices in the Sultanate of Oman or overseas, over the phone, when using an ATM or while visiting the Bank’s website, online banking platforms, and mobile banking application. We will strive at all times to ensure that the information is kept confidential and secure. We are committed to keeping your personal information private in accordance with the applicable data protection laws.

Principles of personal data processing

Bank Muscat respects the privacy of its customers and recognizes the need for appropriate privacy, protection and management of Personal Data. In this respect, Bank Muscat is guided by the following principles in Processing Personal Data:

• Lawfulness, fairness, and transparency: Personal Data is processed lawfully, fairly, and in a transparent manner.
• Purpose limitation: Personal Data shall be collected for specified, explicit and legitimate purposes consistent with Bank Muscat official activities.
• Data minimization: The Processing of Personal data shall always be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and/or further processed.
• Accuracy: Personal Data stored by the bank shall be accurate and, where necessary, kept up-to-date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, are erased or rectified without delay.
• Storage limitation: Personal Data shall be kept or stored for no longer than is reasonably necessary for the purposes for which they are processed and in line with applicable laws and regulations that govern banking activities.
• Integrity and confidentiality: Personal Data shall be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Collection your information

Bank Muscat is a data controller or its equivalent under applicable privacy laws where it decides how and why personal data is used. We will collect, store, use and share personal data where applicable and in accordance with the governing laws, we will use best endeavors to assist any 3rd party whom process customer data on our behalf in complying with your privacy rights. Other than personal data obtained from you directly, we may also obtain your personal data from external partners we deal with or are connected with, social media, forms, websites, mobile and internet banking and from such other sources where you have given your implicit or explicit consent for the disclosure of information relating to you, and/or where otherwise lawfully permitted or required. Occasionally we may collect personal information from visitors who voluntarily submit personal information to us. We may use such information for the purposes of sending such visitors details of our banking products or services and other marketing materials which we think may be of interest to such visitors, or invite such visitors to participate in market research and surveys and other similar activities.

Processing your information

Where we act as a data controller or its equivalent in our capacity of providing services to a customer, we will only use personal data in accordance with specific written instructions from our customers. A customer's personal data is classified as confidential and can only be disclosed where legally compelled to do so. Your personal data will not be used for any purposes other than those which are directly related to the purposes for which your data is being used at the time of collection. Our collection of personal data from customers is for the purposes relating to the provision of financial services or related products. To the extent permitted by law, we will be using your data for the following reasons without limitation;

1. Verify your identity to register you as a customer
2. Improve our business and provide services to you
3. Process payments made through our Services
4. Comply with legal and regulatory obligations
5. Market and advertise the services to you after an explicit consent from you
6. Risk control, financial crime detection, and prevention
7. Respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims
8. Improve the functionality of our services-based from feedback we receive from you
9. Monitor trends and personalize your experience

Types of Personal Data collection

We collect, process, store, share customer personal and sensitive data as per the applicable laws. This may include, without limitation, your name, username, signature, email addresses, phone numbers, addresses, KYC/identity documents (for example: ID card, passports), CCTV footage, voice, biometric data, communications with us, device and location data, etc. We also use your financial data which includes but not limited to, information about your bank account details, financial information, payment credentials, transaction data, loan details such as amounts, lending history, and repayments, credit history and income details, etc. It is your obligation to ensure the data provided to the bank is accurate and up-to-date and true. We will provide you with the ability to access and correct your information either by visiting a branch or through our digital channels.

How Do We Protect your information?

In order to keep your information private and safe, we will ensure all privacy principles are adhered to in accordance with the applicable laws and regulations which includes:

• We will safeguard, according to strict standards of security and confidentiality, any information our customers share with us.
• Transparency and fairness are at the core of our organization and how we operate, we will explain to you in the clearest way possible what information we collect, how and why we use your personal data and what rights you have in relation to this Privacy Notice.
• We maintain physical, electronic, and procedural safeguards in connection with the collection, processing, discourse and secure retention and storage of personal data.
• Your personal data will be protected against unauthorized or accidental access, processing or erasure;
• We will limit the collection and use of customer information to the minimum we require to deliver superior service to our customers, which includes advising our customers about our products, services and other opportunities, and to administer our business.
• We will take every effort to keep customer information complete, up-to-date, and accurate. We will tell our customers how and where to conveniently access their account information (except when we're prohibited by law) and how to notify us about errors which we will promptly correct.
• We will continuously assess ourselves to ensure that customer privacy is respected. We will conduct our business in a manner that fulfills our promise in all jurisdictions in which we do business.

Third Party Access to Personal Data

• The personal information collected from you may be transferred to, stored, processed or otherwise administered by third party agents working for Bank Muscat. We will ensure at all times that the information is kept confidential and secure.
• For purposes of credit reporting, verification and risk management, we will exchange information about our customers with reputable reference sources and clearinghouse services.
• We will not use or share - internally or externally - personally identifiable medical information for any purpose other than the underwriting or administration of a customer's policy, claim or account, or as disclosed to the customer when the information is collected, or to which the customer consents to in writing.
• We will permit only authorized employees, who are trained in the proper handling of customer information, to have access to that information. Employees who violate our Privacy Policy will be subject to our existing disciplinary procedures.
• We will not disclose customer information to any 3rd party unless we have a written consent from the customer, except when required by law.
• In case of any tie products with external partners, we shall inform you of any personal data being shared or accessed via 3rd party for the purpose of providing you with the required service or products.
• We will always maintain control over the confidentiality of our customer information. We may, however, facilitate relevant offers from reputable companies. These companies are not permitted to retain any customer information unless the customer has specifically expressed interest in their products or services.

Non-Personal Data Collection

In addition to the information you choose to leave when requested by Bank Muscat, your visit to this site will record non-Personal (Browser, ISP, OS, Clickstream information) and Profiling Information (age, gender). Such information will be used to prepare aggregate information about the number of visitors to the site and general statistics on usage patterns.

Cookies Management

Cookies are text files containing small amounts of information, which your computer or mobile device downloads when you visit a website. When you return to websites – or visit websites that use the same cookies they recognize these cookies and therefore your browsing device. We are collecting the Personal Information by using Website Cookies Tool specifically in the following four types of Cookies:

• Strictly Necessary Cookies
• Functional Cookies
• Analytics/Targeting Cookies
• Performance Cookies

Managing your cookie preferences

You can manage your cookie preferences by using our cookie preference tool. You can access this tool at any time by clicking on the cookie icon at the bottom left of our homepage. The tool will display the four types of cookies we use on our website and explain what each type of cookie does and how it affects your experience on our website. You can select the type of cookies you want to allow on our website by checking or unchecking the boxes next to each cookie type. You can also change your preferences at any time by using the same tool. By default, we set All Cookies on your device. If you want to deny or allow any types of cookies, you will need to give us your consent by using our cookie preference tool. You can also revoke your consent at any time by using the same tool. Please note that if you disable some types of cookies, it may affect your experience on our website and some features may not work as intended.

QR Code Usage

The application uses QR codes for certain features and functionality. When you use these features, the camera on your device may access and scan the QR code. This information is used solely for the purpose of providing you with the requested service and is not shared with any third parties, except as required by law. We do not retain any images or information obtained through the use of QR codes unless required by law.

Your rights

We understand the importance of your ability to exercise your privacy rights at any point, if you have any questions about your data privacy at Bank Muscat or would like to exercise your rights, please contact us at dpo@bankmuscat.com.

Changes to the Privacy Notice

We may amend this Privacy Notice from time to time and the updated version shall apply and supersede any and all previous versions, including but not limited to, leaflets or hard copy versions. Please check our website for information on our most up-to-date practices.

Legal statement about this Privacy Notice

This Privacy Notice is not designed to form a legally binding contract between Bank Muscat and visitors of our website or online services.