Privacy Policy

Dear Customer,

 

The Bank prioritizes the necessary privacy and security of your personal data, and deals with it within the confidentiality protocols of data privacy and banking. This policy is a notice of the privacy of personal data collected and processed by the Commercial Bank of Jordan (referred to as: "we", "us", "the bank " or "the Commercial Bank of Jordan").

We are committed to protecting the privacy and managing your personal data clearly and transparently and we understand the importance of the personal data we have accessed.

This Data Privacy Policy provides an overview of how and why the Jordan Commercial Bank Jordan Commercial collects and processes your Personal Data and informs you of your rights under the Jordanian Personal Data Protection Law  No. 24 of 2023, the regulations and instructions issued thereunder and the relevant Central Bank orders hereinafter referred to as the “Law.”

This policy is directed at current or potential customers, visitors to the Bank, related parties or visitors to the website and any applications and channels of the Bank who are of good standing status.

• Data Sensitivity / Confidentiality: Defined as any data or information related to you through which you can be identified directly or indirectly, regardless of its source or form, including information related to your identity, family status or location, as well as any data or information that directly or indirectly indicates your origin, race, religion or health status (physical, mental, genetical if any) or biometric fingerprints) or your criminal record or any information or data that the Council determines to be sensitive.
• Data Processing (Processing): It is defined as one or more operations conducted in any form or means with the aim of collecting, recording, copying, saving, storing, organizing, revising, using, sending, distributing, publishing, linking to other data, making available, transferring, displaying, anonymizing, coding, erasing, restricting, erasing, modifying, characterizing or disclosing it by any means whatsoever.

 

Commercial Bank of Jordan is a public limited company registered in the Hashemite Kingdom of Jordan under registration number "113" and is located in Amman, 384, King Abdullah II Street, 11191 Al-Rawnaq District.

Please read the following carefully to understand our policies, practices and procedures relating to your personal data and how they are processed.

 

How we collect your personal data:

We obtain your personal data mainly through one of the following means:

• Personal data is collected directly when you visit a branch of Commercial Bank of Jordan or when you access and use our website and applications of the bank or when you communicate with us through our call center or e-mail with any inquiries or complaints or in the event that you want to apply for a job through our site or you get a certain service from the bank or any dealings and contact with the bank or for any other reason.
• Personal data is collected indirectly when you use or access me from the Bank's platforms, including but not limited το cookies, device profiles, banking application, and social media of the Bank, or government and official agencies authorized to provide the Bank with data (such as: the Civil Status and Passports Department, the Companies Control Department, the Directorate of Public Security, including the Directorate of Residence and Borders, the Cybercrime Unit, the Criminal Investigation Department, the Ministry of Labor, the Ministry of Industry and Trade, the Ministry of Social Development, the Registrar of Cooperative Associations and Institutions, the Greater Amman Municipality or any of the other municipalities, the Ministry of Digital Economy and Entrepreneurship, the Ministry of Investment, the Free Zones and Development Zones Group, the Aqaba Special Economic Zone Authority, the entities licensed or legally authorized to disclose data, including lists of prohibitions and sanctions issued by international authorities, competent and regulatory bodies legally authorized to do so , public service providers (Utilities),competent authorities issuing official documents proving data and information obtained from the customer and their clients for the purposes of verifying the authenticity of these documents , and any other entities approved by the Central Bank.
• Through other parties, related to or related to you (such as your authorized family member, your legal representative, your agent, your representative, acting on your behalf, the employer.)
• Personal data collected from publicly available sources, such as the Internet, the press and social media platforms, public, regulatory and/or supervisory bodies, lists and databases maintained by other entities including international organizations

 

Types of Personal Data we Collect:

The personal data we may collect or obtain may vary depending on the service we may provide to you and (may include) identity, personal profile, financial data, technical data or Information, usage data, contact data such as:

• Personal data: such as full name (in Arabic and English), date of birth, place of birth, marital status, nationality.
• Residence: Current residence address, residency status and permanent address (local/ abroad), and proof of address documents.

Contact details: billing address, delivery address, mailing address, email address, phone numbers, contact list.

• Identity data such as personal ID or passport, residence ID, work permit, any official document related to proof of identity.
• Work Details such as the employer, job status, job position, contact details, communication with the employer and supporting documents.
• Banking and financial data such as income, source of income, source of wealth and financial activity of the account.
• Data about your tax status such as your tax number and foreign tax identification number, Act Compliance Tax Account Foreign (“FATCA”) forms, or information necessary for the Common Standard Reporting (CRS) process and other necessary information.
• Data of individuals related to you such as family members, agents, guardians, witnesses, spouse's personal information, number of dependents, parents' personal information, family book information and birth certificate (for minors' accounts) and emergency contacts, their signatures, addresses and relationship with you.
• Technical data: Internet Protocol (IP) address, your login data, browser type and version, stored information, malicious applications installed on your devices, time zone and location, types and versions of Internet access browsers, operating system and platform, and other technologies on the device you use to access the website. In addition, we collect specific device information such as device ID and model for analytics purposes and to support you in resolving any issues related to the use of the Apps.
• Details of the transactions you or any of your associates have made including dates, amounts, currencies, and payer and beneficiary details.
• Biometric data: fingerprint, voice pattern or facial recognition that can be used for identification and purposes.
• Health data: For example, prepare some insurance contracts and this data is processed on a need-to-know basis only.
• Video data: including television, audio-visual and photographic imagery.
• Risk rating information: e.g. credit risk rating and data about your ability to manage credit obtained.
• Due diligence data: For example, data required to ensure compliance with financial crime requirements (anti-money laundering, countering the financing of terrorism, and other requirements) and data necessary to meet regulatory obligations.
• Employment information: In case you want to apply for a job through our website.
• Dispute Information: Legal Complaints and Legal Grievance.
• Agreement Information: Contracts, Invoices and Commission.

Purpose of processing and scope of use of your data:

The Bank processes your data (personal/sensitive personal) for various reasons related to the mechanism of banking and commercial dealings with you or your access to any of the banking services or products or for the purposes of control and supervision prescribed from time to time by the Central Bank of Jordan or other legitimate service matters, including but not limited to :

• To access banking products and services.
• To manage your accounts and relationship with the bank.
• To provide you with any other information and data about your account.
• To market banking products, services and offers that you may be interested in.
• To evaluate, develop and improve the services provided to you.
• To handle inquiries and complaints received through you.
• To communicate with you by mail, phone, text message, email and other digital means available to you.
• To provide electronic banking services.
• To monitor, record and analyze any communications between you and the Bank, and to protect your financial interests.
• To evaluate your applications submitted to the Bank.
• To share data with authorities, government and tax authorities, tax countries, credit reference and inquiry agencies, regulatory bodies, external authorities, correspondent banks and external judicial authorities for the data of the law and the agreements in force in the Kingdom.
• To share your data with the Bank's partners, service providers and external auditors.
• To comply with regulatory requirements and reporting obligations in relation to Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT).
• For the purpose of taking the necessary measures to combat fraud and financial crimes.
• For the purpose of taking precautionary security and technical measures related to cybersecurity.
• For the purposes of verifying the validity and sufficiency of the data of third parties related to your dealings with the Bank.
• For security purposes related to you.
• To collect any outstanding debts in addition to the purposes of litigation and to request legal advice.

Cases permitted by law and/or other legislation and/or orders of the Central Bank of Jordan:

• Your explicit consent when needed.
• Execution of contracts signed with you.
• Manage the bank's relationship with you.
• Legal and supervisory obligations (such as instructions of the Central Bank, supervisory authorities, judicial requirements or regulatory authorities.)
• For financial purposes related to the bank such as (television photography or video monitoring.)
• to maintain a vital interest for you.
• Legitimate interest of the bank )such as: developing and providing products and services, marketing products and services and providing offers that you may be interested in, keeping our records up to date, recovering debts, raising the Vocational and Technical Standards, enabling you to complete transactions, communication and communication between you and the bank.

 

Disclosure of Your Personal Data

We may share your personal data outside of Jordan Commercial Bank under certain circumstances, when we do so, we require that those third parties have the appropriate physical, technical and organizational measures in place to protect your personal data.

• Branches of the bank within the Hashemite Kingdom of Jordan.
• Any person you appoint to be related to your banking relationship with the bank, whether under an agency, mandate, guardianship, as your legal representative, a person who guarantees your financial obligations (the guarantor), a party to a joint account, or an authorized representative of legal persons.
• External auditors, correspondent banks in and out of Jordan, clearing or settlement systems. Other financial institutions, local and international tax authorities, as needed, credit reference and inquiry centers, or payment service providers.
• law firms, lawyers, or legal advisors.
• Real estate asset assessment companies.
• Agents on behalf of the Bank.
• Internal and external supervisory and regulatory authorities, government authorities and bodies, law enforcement authorities, and the settlement of local and external disputes, as the case may be.
• Postal services and services entrusted to bank card service providers issued and managed.
• Insurance or financing companies associated with the bank.
• Providers of technical and advisory services.
• Parties who carry out any operations on their accounts under a judicial agency or a duly authorized authority or in accordance with a legal decision (guardianship) or operations that you are authorized to carry out on their accounts.
• Other parties you have agreed to share your data with.
• Any parties or entities with which the Bank deals and to which the provisions of the clause "Purpose of processing and scope of data use."

We will not share any of your personal data for purposes other than those described in this data privacy statement, and we will not sell your personal data to anyone.

 

Data usage matrix

The table below, defined by the data use matrix, shows some cases and examples of data use:

Data Disclosure	Legal basis for processing (including legitimate interest)	Datatype	Purpose/Activity
Internal (branches and departments of the bank), technical service providers External (Third Party) and Regulatory Authorities	Execution of a contract with the client, legitimate interest	Identity data (identification), banking and financial data	for your access to banking products and services.
Internal (branches and departments of the bank), Regulatory and Governmental Entities	Execution of a contract, legitimate interest	Identity data (identification), Banking & Finance, Transaction Details	To manage your accounts and relationship with the bank.
you or your legal representative or legal actors on your behalf	Legitimate interest, contractual obligation	Contact details, identification data, Proof of Identity	To provide you with any information and data Other about your account.
Disclosure is made only with the consent of the client	Your explicit consent, legitimate interest	Contact details, identification data, Proof of identity, technical data, digital identifiers and tracking files	To market banking products, services and offers that you may be interested in.
External Technical Services and Systems Providers (Third Party)	Legitimate interest to improve services	technical data such as protocol address Internet (IP), your login data, browser type, etc., Digital Identifiers, Tracking Files	To evaluate, develop and improve the services provided to you.
Technology and Service Providers External or regulatory authorities and internal (branches and departments of the bank)	Legitimate interest, legal obligation	Contact details, identification data) Proof of Identity	To handle inquiries and complaints received through you.
Internal branches and departments of the bank,	Legitimate interest, your consent	Contact details, identification data, Proof of Identity	To communicate with you, by phone and messages text, email and other digital means available to you.

External Technical Services and Systems Providers (Third Party)	Execution of a contract, legitimate interest	Contact details, identification data) Proof of identity, technical data, digital identifiers and tracking files	For the purpose of providing all electronic banking services provided to you.
Civil, government and internal entities (branches and departments of the bank), Regulators	Legitimate interest, security purposes	Digital Identifiers, Video Monitoring, Including TV footage, Audio, Visual, photographic Data	To monitor, record and analyze any communication between you and the Bank, and to protect your financial interests.
Tax Authorities, Regulatory and Governmental Authorities	Execution of a contract, legal obligation	Identity data (identification), Banking and finance, contact details, residency, nature of work, data of individuals. Relevant to you, tax	To evaluate your applications submitted to the Bank.
Governmental, Tax, Judicial and Regulatory Authorities	Legal obligation, domestic and international legislation	All types of data and only as needed	To share data with authorities Governmental and tax authorities, taxing countries, credit reference and inquiry agencies, regulatory bodies, external authorities, correspondent banks and external judicial authorities in a manner that does not conflict with laws and legislation. and agreements in force in the Kingdom.
Auditors, External Service Providers (Third Party)	Legitimate interest, data protection agreements	All types of data and only as needed	To share your data with a third party such as: External Service Providers and Auditors .
Civil, Regulatory and Governmental Entities	It is a legal obligation.	Identity data (identification), banking, financial, tax statements, transaction details, all kinds of Necessary data	Complying with regulatory requirements and reporting obligations in relation to Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) ..
Judicial and Supervisory Authorities & Gov. Affair Department	Legitimate interest, legal obligation	Financial data, transaction details	For the purpose of taking the necessary measures to combat financial crime.
Cyber security Teams, External Tech Service Providers and Systems (Third Party)	Legitimate interest, security purposes	technical data) such as protocol address Internet (IP), your login data, browser type, etc. (, IDs Digital Identifiers, Tracking Files	For the purpose of taking precautionary security and technical measures related to cybersecurity.
Related parties to the customer	Legitimate interest, legal obligation	Identity data (identification), banking and financial	For the purpose of verifying the validity and adequacy of the data of other related parties your dealings with the bank.
The financial institutions	Legitimate interest, security purposes	Identity data, digital identifiers, Video surveillance, trackers, biometrics	For security purposes related to you.
Lawyers, Collectors, Jurisdictions	Legitimate interest, legal obligation	Identity data (identification), banking and financial	To collect any outstanding debts In addition to legal purposes and judicial and seek legal advice.

 

How we store your personal data:

• We may retain your personal data in various formats including:
• Hard copies (e.g., forms you fill out and submit.)
• Digital copies (e.g., paper copies scanned into our )
• Electronic copies (e.g., when we enter information about you directly on our computers and systems.)

 

DATA PROTECTION

We strive to take the various security, technical, organizational and precautionary measures necessary to protect your data including protection against unauthorized or unlawful processing, prevention of breaches of its security and integrity, prevention of loss, misuse, alteration, disclosure, liquidation, destruction or unauthorized access and that parties who have access to your data are required to keep it confidential through various means designated for this purpose.

To provide you with additional information and to improve and expand our procedures regarding your personal data. Measures included:

• Provide ongoing education and training to our staff on privacy awareness especially when handling personal data.
• The existence of regulatory and technical controls and restrictions on the system and controlling access to data, including the access card to the premises of the Jordan Commercial Bank.
• Implement modern technological measures (i.e. firewalls and encryption procedures to prevent decryption by unauthorized individuals and anti-malware operations.)

 

How long will Jordan Commercial Bank hold your personal information:

By providing you with products or services, we create records that contain your information, such as customer account records, lending and credit account records, and records can be kept on a variety of media (physical or electronic) and others.

Record retention periods are determined by the type of record, the nature of the activity, the product or service provided, and applicable local legal or regulatory requirements.

We usually keep customer account records for up to 15 years after the termination of your relationship with the bank, while other records are kept for shorter periods, for example, records of surveillance cameras inside the administration building and branches are kept for 180 days after registration, and data used for marketing purposes is kept  as a maximum of one year.

Retention periods may be changed from time to time based on business, legal or regulatory requirements.

Exceptionally, we may retain your information for longer periods, particularly when we need to prevent or dispose of destruction based on a court order or investigation by our law enforcement agencies or regulators and this is to ensure that the bank will be  able to produce the records as evidence, if needed .

 

Marketing Provisions

• The Bank shall not use / exploit the personal data of customers and customers of the Bank for commercial purposes or sell their data to third parties.
• The Bank processes its customers' data to market the services and products it provides directly to customers, within the limits of the business, services and products provided to the customer under the contract with the Bank or services and products that are similar or similar to them on the basis of legitimate interest, within the following determinants:
• The bank informs the customer in clear, simple and non-misleading language of his right to cancel his subscription to direct marketing channels during the first communication process, explaining how to cancel the subscription.
• Customers can be allowed to unsubscribe from all marketing channels without any financial or contractual consequences, and in simplified ways.
  • Confirm receipt of the cancellation request to the customer and inform him that his data will no longer be used for direct marketing purposes.
• Customer data used for marketing purposes shall be kept for a maximum period of one year, and after the end of the purpose, the data shall be deleted unless there is legal justification for retaining it.

Transfer of your personal data to another country or to an international organization:

Commercial Bank of Jordan is registered and operates as a local bank in the Hashemite Kingdom of Jordan. Your personal data may be transferred to other countries. For example, we may transfer your personal data to a bank in another country in order to execute your payments or transfers, or if the transfer of data is required by law (for example, the reporting obligation under certain legislation, such as the FATCA Act Compliance Tax Account /Foreign Common Reporting Standard (CRS), or if you have given us your consent to do so or to external judicial authorities, as the case may be , and if there are summonses and in accordance with the law.

 

Under the Personal Data Protection Law

You have rights to protect your personal data and may only be processed after obtaining your clear and explicit consent or in cases permitted by law and the request is executed within a period not exceeding 15 days from the day following your delivery of the request. The Bank can extend this period for a similar period and once by informing the customer of the extension and its justifications. You have the following rights regarding your personal data held by Jordan Commercial Bank for you:

●Access request - The right to be informed:

You have the right to know, see and have access to the personal data we hold about you and you have the right to be aware of any breach, infringement, breach to whom, or the integrity of your data.

● Correction request "Data Amendment, Update:"

You have the right to correct inaccurate personal information and to update incomplete personal information.

●Right to object to processing:

You have the right to object to the processing of your personal information when we rely on a legitimate interest (or that of a third party) and there is something that makes you want to object to the processing on this basis.

●Right to request restriction of processing:

You have the right to ask us to suspend the processing of your personal data, and you can exercise your right when one of the following applies to your personal data:

Your personal data is not accurate.

The processing performed is illegal, but you do not wish to delete it.

Your personal data is no longer relevant, but you want us to keep it for use in potential legal claims.

You have already asked us to stop using your personal data, but you are waiting for us to confirm whether we have legitimate reasons to use your data.

●Right to request data transfer:

You have the right to request data transfer to “transfer” your personal data to another party and to request a copy of the personal data relating to you in a structured and commonly used format and to transfer such data to other organizations and you have any right to have your personal data transferred directly by us to the other organizations you will mention.

 

●The right to withdraw consent:

You have the right to withdraw the consent you have given us regarding the processing of your personal data for certain purposes, such as allowing us to promote our products and services only to you.

●The right to be notified of breaches of your personal data:

Note that in the event of a violation of the integrity of your personal data, which may cause you significant harm, the Bank will inform you within (24) hours of discovering the violation, and provide you with the necessary procedures to avoid any consequences that may result from this, and this comes in compliance with the law.

 

Subject to your rights set out above, it will be impossible to respond to your requests and rights if they conflict with the provisions of the legislation in force or the regulatory and supervisory requirements of the regulatory authorities to which the bank belongs, or in cases that may lead to the concealment, modification or deliberate change of information necessary to threaten your identity, the true beneficiary or the validity of your credit report, affect the due diligence requirements, or conflict with the security and integrity of the operations carried out by the bank or put it at risk.

Who you can contact regarding your personal data:

The Bank takes your rights seriously, if you have any queries, additional information and/or complaints regarding the collection, processing and storage of your personal data or if you wish to exercise any of your rights, please do not hesitate to contact the Data Protection Controller and our team and we will be happy to provide you with a response as soon as possible.

Please contact us at: DPO@jcbank.com.jo or by calling our call center number: 065209000+962

Submitting a Complaint

You can complain about any alleged infringement of your data or infringement of your rights in relation to your data through any of the following means:

• Toll free (+962-6520300) from any landline or call (+962-065203132) during official working hours.
• The electronic form for complaints on the bank's website.
• Personally, by visiting the Customer Complaints Unit (Personal Data Protection) in the General Administration Building during official working hours.
• Written at the postal address: Commercial Bank of Jordan - Compliance and Anti-Money Laundering Department – Customer Complaints Management and Handling Department.
• Fax No. (+96265664110)
• Through e-mail: DPO@jcbank.com.jo

 

Complaints handling procedures also include:

1. Provide the complainant with evidence that the complaint is registered under a serial reference number and procedures approved by the bank that enable the complainant to review his complaint.
2. Respond to the complaint within (10) ten days from the day following the date of its submission. If this period expires without taking any action by the official, the complainant has the right to submit the complaint to the unit for consideration without affecting his right to resort to the judiciary.
3. Informing the complainant of the final result of the complaint submitted by him in the manner the bank deems appropriate, provided that it is in simple and easy language and without the use of any specialized and incomprehensible technical phrases.

The bank is obligated not to subject the customer's requests, including any complaints submitted in this regard, to any fees, and not to impose any conditions that hinder the right of the complainant to submit complaints.

You can also submit complaints to any of the competent supervisory authorities.

 

Updates to this Data Privacy Policy:

We may update or amend this Privacy Policy from time to time to take into account changes in our business and legal requirements We will notify you appropriately when we make changes to this Privacy Policy, and we will amend the review date at the top of this page However, we encourage you to review this Policy periodically so that you are always aware of how we process and protect your personal data.

 

Cookies:

Our site uses small files known as cookies to make it work better in order to improve your experience, to learn more about how we use cookies, please read our cookie policy on the website.