Last Updated: November 1st, 2023
Disclaimer:
All information provided by you in the platform will be
accessible to
Potential.com company.
Reference to ‘We’ or ‘our’ or ‘us’ used in this Privacy Notice includes Bank Muscat and other
Bank Muscat overseas registered offices and branches. Whenever we’ve said ‘you’ or ‘your’, this
means you, customer or visitor, including any authorized person on your account including; joint
account holders, anyone who does your banking or deals with us for you (e.g. trustees, attorneys
or executors), beneficiaries, and other people in your organization (including authorized
signatories, partners, members and trustees). By 'your information' or ‘your data’ or
‘your personal data’ we mean any information about you that you or third parties provide to us.
The Provisions of this Privacy Notice
The terms mentioned here set out our Privacy Notice in respect of personal information provided
by customers or visitors explains how we collect, process and share personal data. If you are
also a customer of the Bank, the privacy of the personal information provided by you as a
visitor will also be governed by our privacy norms applicable to personal information of
customers. In particular, the personal information provided by you as a visitor may be used for
purposes other than those provided in the terms and conditions governing your account. Our
business has been built on trust between our customers and ourselves. We have a duty to
safeguard and keep confidential any information relating to our customers or financial affairs.
Whether it is provided to us in person at one of our branches or registered offices in the
Sultanate of Oman or overseas, over the phone, when using an ATM or while visiting the Bank’s
website, online banking platforms, and mobile banking application. We will strive at all times
to ensure that the information is kept confidential and secure. We are committed to keeping your
personal information private in accordance with the applicable data protection laws.
Principles of personal data processing
Bank Muscat respects the privacy of its customers and recognizes the need for appropriate
privacy, protection and management of Personal Data. In this respect, Bank Muscat is guided by
the following principles in Processing Personal Data:
- Lawfulness, fairness, and transparency: Personal Data is processed lawfully, fairly, and in
a transparent manner.
- Purpose limitation: Personal Data shall be collected for specified, explicit and legitimate
purposes consistent with Bank Muscat official activities.
- Data minimization: The Processing of Personal data shall always be adequate, relevant and
limited to what is necessary in relation to the purposes for which they are collected and/or
further processed.
- Accuracy: Personal Data stored by the bank shall be accurate and, where necessary, kept
up-to-date; every reasonable step must be taken to ensure that Personal Data that are
inaccurate, are erased or rectified without delay.
- Storage limitation: Personal Data shall be kept or stored for no longer than is reasonably
necessary for the purposes for which they are processed and in line with applicable laws and
regulations that govern banking activities.
- Integrity and confidentiality: Personal Data shall be processed in a manner that ensures
appropriate security of the Personal Data, including protection against unauthorized or
unlawful processing and against accidental loss, destruction or damage, using appropriate
technical or organizational measures.
Collection your information
Bank Muscat is a data controller or its equivalent under applicable privacy laws where it decides
how and why personal data is used. We will collect, store, use and share personal data where
applicable and in accordance with the governing laws, we will use best endeavors to assist any
3rd party whom process customer data on our behalf in complying with your privacy rights. Other
than personal data obtained from you directly, we may also obtain your personal data from
external partners we deal with or are connected with, social media, forms, websites, mobile and
internet banking and from such other sources where you have given your implicit or explicit
consent for the disclosure of information relating to you, and/or where otherwise lawfully
permitted or required. Occasionally we may collect personal information from visitors who
voluntarily submit personal information to us. We may use such information for the purposes of
sending such visitors details of our banking products or services and other marketing materials
which we think may be of interest to such visitors, or invite such visitors to participate in
market research and surveys and other similar activities.
Processing your information
Where we act as a data controller or its equivalent in our capacity of providing services to a
customer, we will only use personal data in accordance with specific written instructions from
our customers. A customer's personal data is classified as confidential and can only be
disclosed where legally compelled to do so. Your personal data will not be used for any purposes
other than those which are directly related to the purposes for which your data is being used at
the time of collection. Our collection of personal data from customers is for the purposes
relating to the provision of financial services or related products. To the extent permitted by
law, we will be using your data for the following reasons without limitation;
- Verify your identity to register you as a customer
- Improve our business and provide services to you
- Process payments made through our Services
- Comply with legal and regulatory obligations
- Market and advertise the services to you after an explicit consent from you
- Risk control, financial crime detection, and prevention
- Respond to court orders, establish or exercise our legal rights, or defend ourselves against
legal claims
- Improve the functionality of our services-based from feedback we receive from you
- Monitor trends and personalize your experience
Types of Personal Data collection
We collect, process, store, share customer personal and sensitive data as per the applicable
laws. This may include, without limitation, your name, username, signature, email addresses,
phone numbers, addresses, KYC/identity documents (for example: ID card, passports), CCTV
footage, voice, biometric data, communications with us, device and location data, etc. We also
use your financial data which includes but not limited to, information about your bank account
details, financial information, payment credentials, transaction data, loan details such as
amounts, lending history, and repayments, credit history and income details, etc. It is your
obligation to ensure the data provided to the bank is accurate and up-to-date and true. We will
provide you with the ability to access and correct your information either by visiting a branch
or through our digital channels.
How Do We Protect your information?
In order to keep your information private and safe, we will ensure all privacy principles are
adhered to in accordance with the applicable laws and regulations which includes:
- We will safeguard, according to strict standards of security and confidentiality, any
information our customers share with us.
- Transparency and fairness are at the core of our organization and how we operate, we will
explain to you in the clearest way possible what information we collect, how and why we use
your personal data and what rights you have in relation to this Privacy Notice.
- We maintain physical, electronic, and procedural safeguards in connection with the
collection, processing, discourse and secure retention and storage of personal data.
- Your personal data will be protected against unauthorized or accidental access, processing
or erasure;
- We will limit the collection and use of customer information to the minimum we require to
deliver superior service to our customers, which includes advising our customers about our
products, services and other opportunities, and to administer our business.
- We will take every effort to keep customer information complete, up-to-date, and accurate.
We will tell our customers how and where to conveniently access their account information
(except when we're prohibited by law) and how to notify us about errors which we will
promptly correct.
- We will continuously assess ourselves to ensure that customer privacy is respected. We will
conduct our business in a manner that fulfills our promise in all jurisdictions in which we
do business.
Third Party Access to Personal Data
- The personal information collected from you may be transferred to, stored, processed or
otherwise administered by third party agents working for Bank Muscat. We will ensure at all
times that the information is kept confidential and secure.
- For purposes of credit reporting, verification and risk management, we will exchange
information about our customers with reputable reference sources and clearinghouse services.
- We will not use or share - internally or externally - personally identifiable medical
information for any purpose other than the underwriting or administration of a
customer's policy, claim or account, or as disclosed to the customer when the
information is collected, or to which the customer consents to in writing.
- We will permit only authorized employees, who are trained in the proper handling of customer
information, to have access to that information. Employees who violate our Privacy Policy
will be subject to our existing disciplinary procedures.
- We will not disclose customer information to any 3rd party unless we have a written consent
from the customer, except when required by law.
- In case of any tie products with external partners, we shall inform you of any personal data
being shared or accessed via 3rd party for the purpose of providing you with the required
service or products.
- We will always maintain control over the confidentiality of our customer information. We
may, however, facilitate relevant offers from reputable companies. These companies are not
permitted to retain any customer information unless the customer has specifically expressed
interest in their products or services.
Non-Personal Data Collection
In addition to the information you choose to leave when requested by Bank Muscat, your visit to
this site will record non-Personal (Browser, ISP, OS, Clickstream information) and Profiling
Information (age, gender). Such information will be used to prepare aggregate information about
the number of visitors to the site and general statistics on usage patterns.
Cookies Management
Cookies are text files containing small amounts of information, which your computer or mobile
device downloads when you visit a website. When you return to websites – or visit websites that
use the same cookies they recognize these cookies and therefore your browsing device. We are
collecting the Personal Information by using Website Cookies Tool specifically in the following
four types of Cookies:
- Strictly Necessary Cookies
- Functional Cookies
- Analytics/Targeting Cookies
- Performance Cookies
Managing your cookie preferences
You can manage your cookie preferences by using our cookie preference tool. You can access this
tool at any time by clicking on the cookie icon at the bottom left of our homepage. The tool
will display the four types of cookies we use on our website and explain what each type of
cookie does and how it affects your experience on our website. You can select the type of
cookies you want to allow on our website by checking or unchecking the boxes next to each cookie
type. You can also change your preferences at any time by using the same tool. By default, we
set All Cookies on your device. If you want to deny or allow any types of cookies, you will need
to give us your consent by using our cookie preference tool. You can also revoke your consent at
any time by using the same tool. Please note that if you disable some types of cookies, it may
affect your experience on our website and some features may not work as intended.
QR Code Usage
The application uses QR codes for certain features and functionality. When you use these
features, the camera on your device may access and scan the QR code. This information is used
solely for the purpose of providing you with the requested service and is not shared with any
third parties, except as required by law. We do not retain any images or information obtained
through the use of QR codes unless required by law.
Your rights
We understand the importance of your ability to exercise your privacy rights at any point, if you
have any questions about your data privacy at Bank Muscat or would like to exercise your rights,
please contact us at
dpo@bankmuscat.com.
Changes to the Privacy Notice
We may amend this Privacy Notice from time to time and the updated version shall apply and
supersede any and all previous versions, including but not limited to, leaflets or hard copy
versions. Please check our website for information on our most up-to-date practices.
Legal statement about this Privacy Notice
This Privacy Notice is not designed to form a legally binding contract between Bank Muscat and
visitors of our website or online services.