Terms & Privacy

Built on family values, we see every customer as one of our own and respect protecting your privacy. We want you to understand how we use your personal information to give you the solutions and services you need. If you have any questions, speak to us through our app, over the phone by calling + (962) 6 560 0444, or email our data protection officer (DPO) at dpo@bankaletihad.com.

If we change the way we process and use your personal information, we’ll let you know right away by email and by updating our website.

We gather and process personal information throughout our journey together to keep your account safe and secure. Here’s what we hold about you:

• Information you submit through our app, website or at any of our branches. This may include:
  – Your name, address, date of birth, contact details
  – A photo of you; whether passport photo or selfie on the app!
  – Your education and employment history
• Your account details and transaction history with us
• Information about your financial status, like your personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history, and needs and goals
• Information on how you use your phone and what you give us permission to access on it
  – Your IP address or operating system
  – Your smart device’s information
  – Your geolocation coordinates
  – Your security authentication
  – Your mobile network
  – Web site visits
  – Spending behaviour
  – Biometric data like your physical, physiological, or behavioural characteristics (For example, we use voice recognition or similar technologies to help us prevent fraud and money laundering)
• Information from social networks or online accounts, this means your online profile and social media activity

Besides the information you share with us, we gather and hold personal information about you, your business, and transactions from:

• When you sign a contract
• When you open an account with us, and apply for a product or service
• When we are required by law to collect and process certain personal information about you
• Where it is in our legitimate interests do so as an organisation, without harming your interests, fundamental rights, and freedom
• To keep our services up and running, manage our business and financial affairs, and to protect our customers, employees and property. This may include processing your information to:
  • Give you the best products and services
  • Make responsible decisions, perform data analysis, data matching, and profiling
• Other parties who provide services to you or us
• Channels you use to bank with us such as ATMs, online banking, and our mobile app
• Public sources such as the press and online search engines

We respect your privacy and will only share your personal information in the following circumstances:

• When you’ve given us consent.
• It’s needed for our services and offerings
• When required by law or regulation, including requests from law enforcement agencies, judicial bodies, government authorities, tax authorities, or regulatory bodies.
• To recover funds that were mistakenly credited to your account, including sharing information with other banks or relevant third parties.
• With third parties providing services on our behalf or that offer you benefits, including market analysis and benchmarking organizations, correspondent banks, agents, sub-contractors, insurance services, credit cards, or cybersecurity services.
• With external auditors, legal advisors, or law firms performing audit or legal functions on our behalf.
• With debt collection, credit reference, or fraud prevention agencies, particularly when information is incorrect or fraud is suspected.
• It’s required for a proposed sale, reorganization, transfer, financial arrangement, asset disposal, or other transaction relating to our business and/or assets held by our business.
• It’s through an anonymous form as part of statistics or other aggregated data shared with third parties
• When permitted by law or necessary to protect the legitimate interests of the Bank or a third party.

Your personal data may be transferred to, stored, and processed in countries outside Jordan where our service providers or group companies operate. When we transfer your personal data to other countries, we ensure that appropriate safeguards are in place to protect your privacy rights and to comply with Jordanian Data Protection Laws.

We’ll make sure that your account and personal information are always safe and secure, especially with third parties that act on our behalf.

We use technical, physical, and organizational measures to protect your personal data from unauthorized access, misuse, loss, or changes while it is stored, processed, or transmitted. Our systems are regularly updated and tested, and only authorized staff who need the information to provide our services can access it.

We’re always investing in new technologies to protect your money against fraud. We also want you to be safe and alert when it comes to scams and tricks.

We will keep your data for as long as you bank with us, and for 10 years after that required by the law.

The saved records we hold about you helps us serve you better. We’ll be able to get back to you with answers to your questions or complaints, provide you with the services you need, and protect you against fraud.

Holding your data is in compliance with legal and regulatory requirements. They’re kept as evidence for our business activities and help us demonstrate that we’re meeting our responsibilities.

We may keep your information for a longer period of time, particularly if it’s an order from the court or an investigation by law enforcement agencies or our regulators. This is to make sure that we’re able to produce records as evidence, whenever they’re needed.

You have a number of rights over personal data that we hold about you. You have the right to:

• Ask us to stop processing your personal information if you don’t agree with the way we’re using it. We’ll stop processing your information unless it overrides with our legal obligations (Just to let you know that if we stop processing your information, we may no longer be able to operate your account and provide you with our products and services)
• Make us correct your personal information if it’s inaccurate
• Access the personal data we hold about you, or get a copy of it
• Withdraw consent you’ve given us for your personal information at any time
• If we’re processing your personal data based on your consent or to fulfill a contract, you can request a copy in a machine-readable format to transfer it to another provider
• If we’re processing your personal data based on your consent or legitimate interest, you can ask us to erase it, subject to local laws
• You have the right to be notified if a data breach puts your rights or freedoms at high risk
• You can request that we temporarily stop using your information if you believe it is being used unlawfully
• In certain cases, you can ask us not to make decisions about you using automated processing or profiling

Bank Al-Etihad provides multiple secure channels to enable data subjects to exercise their rights or submit inquiries related to personal data processing. Requests may be submitted exclusively through one of the following channels:

• Bank Branches: By visiting any Bank AlEtihad branch and submitting the request through authorized bank staff.
• Call Center: By contacting Bank AlEtihad Call Center at +(962) 6 560 0444 , where the request will be recorded and processed.
• Call Center Email: By sending an email to info@bankaletihad.com , which serves as an official intake channel for data subject requests.

Upon receipt of a valid request, Bank AlEtihad will:

• Verify the identity of the requester to ensure data security and confidentiality.
• Register and track the request internally.
• Provide a response within a maximum of fifteen (15) calendar days from the date of receipt, in accordance with applicable data protection laws.

Upon receipt of a complaint, Bank AlEtihad will:

• Handle submitted complaints in accordance with the Regulatory Requirements for Personal Data Protection. A response to a complaint shall be provided within ten (10) calendar days, calculated from the day following the date of its submission.

In certain cases, we may be unable to fully comply with a request where doing so would conflict with legal obligations, regulatory requirements, or banking secrecy laws. In such cases, the data subject will be informed of the reason for refusal or limitation, as permitted by law.

We regularly review our privacy policy and update it as our services and use of personal data change over time. If we want to use your personal data in a way that hasn’t been identified before, we’ll contact you to explain this and, if required, ask for your consent.

When you use our website to browse our products and services or view the information we share, we use cookies, and some third parties do as well. Cookies help the website work properly, collect useful information about visitors, and improve your overall experience.

Some cookies are required for our website to work. Because they are essential, we don’t ask for your consent to place them on your computer. These cookies are listed below.

 

Cookie name	Purpose	More information
AWSALB	Load balancing – ensures that requests from the same user are routed to the same backend server so that the website remains stable and responsive.	First-party technical cookie created by Amazon Web Services (Application Load Balancer). It is strictly necessary for the operation of the website and does not store personally identifying information.
AWSALBCORS	Works together with AWSALB to maintain load balancing where cross-origin resource sharing (CORS) is used.	First-party technical cookie created by Amazon Web Services (Application Load Balancer). It is strictly necessary to route traffic correctly and does not store personally identifying information

Some third parties also place cookies on your computer, with your consent. These are listed below.

 

 

 

Cookie name	Purpose	More information
__Secure-1PAPISID __Secure-1PSID __Secure-1PSIDCC __Secure-1PSIDTS __Secure-ENID	Used by Google to provide security, prevent fraudulent use of login credentials and, in some cases, to personalise content and advertising.	These are secure cookies set by Google on domains such as google.com. They help protect user accounts and may also be used to deliver personalised ads.
_fbp	Used by Meta (Facebook) to deliver advertising to users who have previously visited the website and to measure the effectiveness of advertising campaigns.	Third-party marketing cookie set via the Meta Pixel. It stores a unique identifier that allows Facebook to recognise users across websites that use Facebook services.
AEC	Helps ensure that requests within a browsing session are made by the user, not by malicious sites, and protects against abuse.	Security cookie set by Google to prevent malicious sites from acting on behalf of a user without their knowledge. It helps protect against attacks such as cross-site request forgery.
AEC	Helps ensure that requests within a browsing session are made by the user, not by malicious sites, and protects against abuse.	Security cookie set by Google to prevent malicious sites from acting on behalf of a user without their knowledge. It helps protect against attacks such as cross-site request forgery.
AMP_ba62b82db2 AMP_MKTG_ba62b82db2	Stores a unique anonymous identifier for the user or session to help analyse how the website and embedded services are used over time.	Analytics cookie set by our monitoring/analytics provider. It helps understand usage patterns and performance of the site. It does not store personally identifying information.
__Secure-3PAPISID __Secure-3PSID __Secure-3PSIDCC __Secure-3PSIDTS	Used by Google to provide security, prevent fraudulent use of login credentials and, in some cases, to personalise content and advertising.	These are secure cookies set by Google on domains such as google.com. They help protect user accounts and may also be used to deliver personalised ads.
_ga _ga_ENHQDG5ZYZ	Used to distinguish unique users and understand how visitors use the website, so we can measure and improve performance.	Analytics cookie provided by Google Analytics. It collects aggregated statistics such as pages visited and interactions with the site.
_gcl_au	Used to store and track ad click information so that we can measure conversions from our advertising campaigns.	Marketing cookie provided by Google Ads / Google Tag. It helps attribute conversions to ad campaigns.
APISID	Used by Google to authenticate users, protect user data and prevent fraudulent use of login credentials.	Security cookies set by Google. They help verify the user, protect login sessions and guard against malicious activity.
ar_debug	Used by Google DoubleClick for testing and debugging advertisement delivery.	Technical cookie used by DoubleClick when debugging ads. It is generally only present in test or troubleshooting scenarios.
HSID	Used by Google to authenticate users, protect user data and prevent fraudulent use of login credentials.	Security cookies set by Google. They help verify the user, protect login sessions and guard against malicious activity.
IDE	Used by Google DoubleClick to register and report the user’s actions after viewing or clicking an ad, in order to measure ad effectiveness and deliver targeted advertising.	Third-party marketing cookie set by DoubleClick (a Google service). It helps build an anonymous profile of user interests so that more relevant ads can be shown.
NID OTZ SAPISID	Used by Google to remember user preferences and, in some cases, to deliver more relevant search results and advertising.	Preference and advertising cookies set by Google. They may store information such as your preferred language or an anonymous identifier used to tailor content and ads.
sentry-sc	Used to associate browser sessions with error and performance reports so that we can detect, debug and fix technical issues on the website.	Functional cookie set by Sentry, our error-monitoring provider. It helps improve the stability and security of the website and is not used for advertising purposes.
SEARCH_SAMESITE	Used by Google to enforce SameSite behaviour for cookies and reduce the risk of cross-site request forgery (CSRF) attacks.	Security cookie from Google that helps ensure cookies are only sent in appropriate contexts and improves protection against CSRF-type attacks.
session	Used to associate browser sessions with error and performance reports so that we can detect, debug and fix technical issues on the website.	Functional cookie set by Sentry, our error-monitoring provider. It helps improve the stability and security of the website and is not used for advertising purposes.
SID SIDCC SSID	Used by Google to authenticate users, protect user data and prevent fraudulent use of login credentials.	Security cookies set by Google. They help verify the user, protect login sessions and guard against malicious activity.
UULE	Used by Google to remember user preferences and, in some cases, to deliver more relevant search results and advertising.	Preference and advertising cookies set by Google. They may store information such as your preferred language or an anonymous identifier used to tailor content and ads.