We make sure all the information we collect and process through our service channels is protected.
We’re Wio [WIO Bank PJSC] (“Wio”, “us”, “we”, and “our”). We’re committed to safeguarding the privacy of the Personal Data that is provided to us or collected by us while providing our Services as defined in our Standard Terms to you.
What Personal Data do we collect and where do we get it?
We process Personal Data that we get from you (our customers) during our business relationship. To be able to provide our best services, we also process Personal Data that we get with permission from:
Publicly accessible sources and other external sources (like the press or the internet).
Legitimately transferred to us by our affiliates.
Third parties (like a credit ratings agency and other commercial information providers that give data on, for example, beneficial owners).
To create and maintain a business relationship, we collect and process Personal Data relating to customers and any other person(s) involved in the business relationship depending on each case. The other person(s) would be different from the customer, and each a “related party”, such as:
Person(s) holding a power of attorney
By Personal Data, we mean:
Personal information of a customer or related party (such as name, address and other contact details, date and place of birth, and nationality).
Identification data and authentication data (such as sample signature).
Order data (such as payment instructions).
Data from the fulfilment of our contractual obligations (such as data in payment transactions).
Information about a customer’s or related party’s financial situation such as creditworthiness data, scoring/rating data, origin of assets, source of wealth).
Marketing and sales data.
Documentation data (such as file notes or meeting minutes from a consultation.)
Other data similar to the above.
What are the purposes and the legal bases for processing your data?
We process Personal Data in line with the privacy and data protection laws in the UAE. Such as, the Central Bank Consumer Protection Regulations including the Consumer Protection Standards (Circular No. 8 of 2020.)
We use your Personal Data to carry out our operations and provide banking, financial products, and services to you and make sure we do not breach any contracts. We may use your Personal Data for market research (including providing hyper-personalized and contextual products), analysis, and developing statistics.
a. Based on your express consent
If you have granted us your express consent and agreed to process your Personal Data in relation to providing our banking and financial products and services to you, this processing becomes legal because of your consent.
The withdrawal takes effect within 30 days of receiving your request to withdraw. Withdrawal of consent does not affect the legality of data processed before the withdrawal.
b. To comply with a contract
We process personal data to provide banking and financial services according to our contracts with our customers. We can also carry out pre-contractual measures as part of a request from you, such as:
To open an account
For online service
For granting a card or a credit
Customer service during the contract period
Possible establishment, exercise, or defence of legal claims and collection procedure
Consulting with credit rating agencies to investigate creditworthiness and credit risks
c. Necessary for compliance with Applicable Law
We need to collect and process personal data to comply with legal obligations we have as a bank under the laws, such as to assess creditworthiness and to prevent money laundering and terrorist financing.
We are a digital-only bank. We’re authorized and regulated by the UAE’s Central Bank for the conduct of financial services in and from the UAE. The purposes of processing include:
Here are some instances:
Assessment of creditworthiness
Identity and age checks
Fraud and money laundering prevention
Reporting obligations under financial regulation
Measuring and managing risks within the Wio Group
Here are some instances:
For knowing your customer requirements
For preventing, detecting, and investigating money laundering, terrorist financing, and fraud
For sanctions screening
For bookkeeping regulations
For reporting to tax authorities, police authorities, enforcements authorities, supervisory authorities
For risk management obligations such as credit performance and quality, capital adequacy, and insurance risks
For payment service requirements and obligations
For other obligations related to service or product specific legislations, such as: securities, funds, collateral, insurance, or mortgage legislation
For preventions and investigation of crimes
For measures to protect the rights of an owner of premises to keep out trespassers and to provide site security and video surveillance (like access controls)
Who receives your Personal Data and confidentiality requirements?
We’re under a duty of confidentiality to our customers and to prospective customers. We’re obliged to maintain confidentiality on all customer-related matters and assessments of which we acquire knowledge. We maintain banking confidentiality and comply with the Central Bank Consumer Protection Standards.
We keep track of where your Personal Data goes. Here’s who we share the data with and why:
The WIO Group
We’ll share your Personal Data with other entities in the WIO Group, when needed, to fulfil our contractual and legal obligations. We’ll transfer your Personal Data for:
Any connections to services offered by other members of the WIO Group.
Any Service offered by other members of the WIO Group you might be interested in.
Risk control due to statutory or regulatory obligation.
External recipients of data
We’ll transfer Personal Data about you, with your express consent, while conducting our usual business. We also transfer Personal Data if legal, regulatory, or market practice requirements demand it. For those requirements, we share it with the following external recipients for their respected purposes:
Public authorities and bodies for legal and regulatory reasons, either upon a request or as part of our reporting requirements. These authorities could be:
The Central Bank of the UAE
Other supervisory or licensing authorities
Law enforcement agencies
Other credit and financial institutions or comparable institutions to carry out a business relationship with you. Depending on the contract, but these institutions could be:
Credit rating agencies
Third parties for your transactions, services we provide you, and to ensure that we can meet the requirements of:
These third parties could be:
Third-party custodians, issuers, authorities, and their representatives
Any natural or legal person, public authority, agency, or body when:
You’ve allowed us and given us your consent to transfer Personal Data
You have released us from banking confidentiality
Service providers and agents
We’ll transfer your Personal Data to service providers and authorized agents, appointed by us, for the purposes given, subject to maintaining banking confidentiality. These are companies in the categories of:
Advice and consulting
Sales and marketing
We’ll use organizational and technical safeguards to protect your Personal Data as our role of data controller.
Will your Personal Data be transferred to a third country or an international organization?
We’ll only transfer your Personal Data overseas if the law and your consent allow it, otherwise we’ll hold and store all consumer and transaction data within the UAE as specified by the Central Bank. Additionally, we create a safe and secure backup of all the consumer data and transactions in a separate location for a required period, such as 5 years.
How long will my Personal Data be stored?
We’ll process and store your Personal Data for the period needed to fulfil our contractual, regulatory, and statutory obligations. Please note that our business relationship is a long-term obligation, that is assumed to exist for years.
We’ll delete any data provided that is no longer required to fulfil:
Contractual, regulatory, or statutory obligations.
Obligations to preserve records according to commercial and tax law.
We’ll normally keep your records for a minimum of five (5) years from the date of:
Termination of the business relationship
The closing of a consumer’s account with WIO.
The completion of a casual transaction.
Whichever comes earlier will be the date, unless there’s a particular reason to hold the records for longer, such as legal hold requirements (records to be held for an undefined length of time). We’ll continue to always maintain confidentiality and security measures in relation to your Personal Data, even after the termination of the relationship and until the Personal Data is destroyed.
What data privacy rights do I have?
In relation to your Personal Data, you have:
The right to withdraw consent.
The right of access and correction of Personal Data.
The right to be informed of WIO’s intent to use and/or share Personal Data.
The right to restrict processing.
The right to be notified by the Controller about any correction or erasure of data.
The right to ask questions or complain about the Personal Data, to Wio’s customer support channels (Wio Care). Whenever it applies to a scenario, you also have a right to make a complaint to the Central Bank.
Am I obliged to provide Personal Data?
Within our business relationship, you have to give all Personal Data that’s required for:
Accepting and carrying out a business relationship.
Fulfilling the accompanying contractual obligations.
What we are legally obliged to collect.
Without this Personal Data, we are, in principle, unable to enter into a legal agreement with you to provide banking and financial services.
Especially anti-money laundering regulations, that require a data record to even start a business relationship. We’re required to:
Identify you on based on your identification documents (such as, Emirates ID or Passport).
Collect and put on record name, place and date of birth, nationality, address.
To be able to comply with these statutory obligations, you have to give us the necessary information and documents to follow anti-money laundering regulations. You should also immediately disclose any changes over the course of our relationship. If you don’t provide us with the necessary information and documents, we cannot enter or continue the business relationship you require.
Is there automated decision making?
We may use fully automated decision-making in establishing and carrying out a business relationship (when our programs and computers analyse data and make decisions). If we use this procedure in individual cases, we’ll inform you of this separately, when this is a legal requirement as per applicable law. You have a right to object in instances where a decision is taken by us based only on automated decision-making, where this right is granted under applicable law
Will profiling take place?
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling in many ways, such as for legal and regulatory requirements to combat:
Assess risk and offences that pose a danger to assets
Data assessments (including those on payment transactions) are also carried out for this purpose. At the same time, these measures also serve to protect you.
We mostly use these measures to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored to you as needed, including market and opinion research.
Cookies help websites to remember who you are. Information from cookies may include information about:
Your use of our websites
Information about your computer (such as IP address and browser type)
We collect, process, and analyse traffic data on how our webpages are used. Traffic data is data connected to visitors on the webpage and data handled in communication fields for sending, distributing, or making messages available.
Provide a secure online environment.
Manage our marketing and give a better online experience.
Track our website performance.
Make our website content more relevant to you
The data will not be used to identify individual visitors except for WIO Netbanking customers.
If you would like to instruct your web browser to refuse or delete cookies, you can visit the help pages of your web browser. Please note that if you refuse to accept or delete cookies, you might not be able to use all the features we offer or some of our content might not display properly on our website.
For more information, see cookies on our website wio.io/cookie-policy.
We’re constantly improving and developing our Services, products, and websites. To reflect that, we may change this Policy from time to time. We won’t remove your rights under this Policy or under applicable data protection laws in the jurisdictions we operate. If there are large changes, we’ll provide a more prominent notice, when we’re required by applicable law. Please review this Policy regularly to stay updated on any changes.