Cookies Disclaimer
Strictly Necessary Cookies Always Active
INTRODUCTION
BLC Bank S.A.L (hereafter “us”, “we”, or “our”) website & electronic banking channels use cookies to enhance your online experience. Our cookies’ disclaimer is a document that provides information about what cookies are, types of cookies used, how we use them, what user data we track, and for what purpose.
For further information on how we use, store and keep your personal data secure, check our Privacy Notice.
WHAT IS A COOKIE?
When you visit our website & electronic banking channels, a small text file, a cookie is downloaded on your computer or on other device used for browsing (tablet, smart phone, and portable smart device …etc.)
Other technologies might also be used for the same purpose as cookies e.g. web beacons, pixel tags ...etc. This disclaimer also covers such technologies and refers to them as “cookie”.
Cookies play an important part of the web experience today; they are used to keep you logged in to the site, remember your preferences and to track your browsing activity across the web in order to improve your experience.
WHAT DO WE USE COOKIES FOR?
- To enable our website to function properly. For instance, we use cookies to identify broken links or other existing technical issues within the website.
- To analyze the use and the performance of the website in order to provide a high quality experience by making sure that the website content and layout are relevant to you. For instance, we use cookies to track the most popular pages that meet your needs and interests.
- To optimize the webpages you visit and to personalize the content across all our digital pages. For instance, we use cookies to ensure that relevant webpages are displayed based on your preferences and location, making your next visit much easier.
- To keep you connected to our electronic banking solutions throughout your session, from the time you login till the time you logout or until your session expires depending on which comes first.
WHICH COOKIES DO WE USE?
Cookies we use are either session cookies or permanent cookies.
- Session cookies: Session cookies are temporary cookies that last for the length of your visit to our website. They delete themselves when you close your browser.
- Permanent cookies: Permanent cookies stay on your device when you close your browser.They can track your online preferences. They remember and implement those preferences the next time you visit our site.
WHO HAS ACCESS TO YOUR INFORMATION?
It is important to note that your personal data is held solely by us and is not shared over the website or with any third-party.
We do not and never will use cookies that hold unencrypted personal information allowing a third party to identify or contact you.
SOCIAL MEDIA THIRD PARTY COOKIES
To enrich our website & electronic banking channels content, we include links to third party or other social media websites such as Facebook, Twitter, YouTube, Instagram, LinkedIn, and Pinterest. As a result, when you visit a page with content embedded, you may be presented with cookies from these websites. BLC Bank has no control or liability over these cookies set, so you should check the relevant third party's cookie policy for more information.
HOW TO REFUSE/DELETE COOKIES
Web browsers are generally setup to accept cookies. Nonetheless, you can setup your browser to reject cookies or to alert you when a cookie is placed on your computer. You should know that blocking cookies has a negative impact upon the usability of most websites including ours and will prevent you from accessing our internet banking solutions; the vast majority of cookies are completely harmless and only exist to improve your online experience.
To manage your cookies settings according to your preferences, please refer to your browser’s help for detailed instructions.
CONTACT US
If you have any questions regarding this Cookies disclaimer, you may contact us using the information below:
- Call Center: 24/7 at 1510 (inside Lebanon) or 00961387000 (from outside Lebanon)
- Email address: [email protected]
Privacy Notice
INTRODUCTION
BLC Bank S.A.L (hereafter “BLC” “we” “us” “our”) is committed to protect and respect the privacy & rights of every Individual (hereafter “you”). We are dedicated to ensure the confidentiality and privacy of data entrusted to us and seek to be transparent when we collect and use your personal data.We comply also with the Lebanese banking secrecy Law and therefore, maintain confidentiality regarding our customer’s data, which have been entrusted or made accessible to us with respect to the business and /or contractual relationship. In this Privacy Notice, we describe our policies and practices regarding your personal data and the way we process them; However and for further details you may refer to our "Data Protection Policy".
We will protect and use your personal data in the most appropriate way as indicated by this “Privacy Notice” and in accordance with the provisions of Law 81/2018 , BDL basic circular no # 146/2018, and EU General Data Protection Regulation 679/2016 (“GDPR”).
DEFINITIONS
This section aims to provide definitions for terms/expressions that have particular meaning:
- Personal data: Refer to any data that identifies or may identify you, either directly or indirectly, such as your name, contact details, digital images, identification data (e.g. identity card/passport number) and authentication data (e.g. your signature) etc.
- Processing: Refer to actions such as the collection, retention, use, disclosure, transfer, deletion or destruction of your personal data.
- Individual: Refer to employees, representatives, shareholders, BOD members of BLC, prospective, current and former customers, authorized signatories, beneficial owners, guarantors, advisers, contractors, service providers, partners, committee members, customers, payers, payees and security providers or any other natural persons whose personal information have or will be lawfully obtained by BLC Bank in the normal course of its business.
- Data Protection officer: Refer to the officer whose responsibility is to ensure that BLC is protecting individuals' personal data according to current legislation.
WHAT PERSONAL DATA WE PROCESS
In order to address your request, we have to collect and process data about you.We will ask you to provide us with personal data, when you intend to enter into a business and/or contractual relationship with us, as well as during the course of this relationship.
Moreover, during the course of our relationship, you must disclose any changes to your personal data without undue delay.
The type of personal data we process depends on the services and products requested or agreed upon in each case.
SOURCES OF PERSONAL DATA
We lawfully obtain data from:
- Individuals: Either directly from you or from your authorized representatives/agents(if applicable), or via other communication channels.
- Third parties: Including previous employers, other banks, credit reference agencies and Risk solution companies that enable us to manually screen potential customers and perform enhanced due diligence.
- Public sources: Including press, media , internet, Commercial Register, Land Registry , Banking and Liquidation registries, lists and databases maintained by other entities including international organizations.
WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
We collect and further process your personal data in compliance with the applicable data protection legal framework, for the following reasons:
- Fulfillment of contractual obligations: To perform our contractual/Business obligations.
- Compliance with Legal obligations: To comply with the legal obligations as well as the requirements of supervisory and regulatory authorities.
- Safeguarding legitimate interests To pursue our legitimate interests. Data are processed under this ground for reasons pertaining to business activities provided that those interests do not override your fundamental rights and freedoms.
- Based on your consent: To process your personal data for specific purposes other than the ones described above. The lawfulness of such processing is based on your consent.
WHO RECEIVES YOUR PERSONAL DATA
- Units and/or persons that are authorized to process your data within BLC Bank.
- “Fransabank” as a Mother company, where it is necessary for our legitimate interests to do so or in order to comply with our obligations under the law.
- Regulatory bodies to whom BLC is required to transfer data under the obligations of national Law and regulations.
- Third parties to whom BLC is required to transfer data under the obligations of International treaties and/or binding agreements.
- Third parties involved in or in connection with potential or actual litigation, arbitration or other legal process with BLC.
- Service providers that deal with BLC under the duty to keep the personal data confidential.
- Banks, agents, Financial Institutions, that process your personal data on our behalf are under the obligation to comply with the same personal data protection standards and safeguards as we do
- Credit related companies or agencies, which have dealings with BLC.
RETENTION PERIOD
- We retain your personal data for the purposes they were initially collected, in accordance with the law and relevant regulations.
- We may need to retain your data for a period longer than 10 years after the termination of our relationship in order to comply with regulatory or legal requirements.
- We may need to store your Personal data for a period exceeding 10 years to satisfy our legitimate purposes.
- Records can be held on a variety of media (physical or electronic) and formats.
AUTOMATED DECISION MAKING (INCLUDING PROFILING)
We may process some of your data by automatic means, in order to evaluate certain personal aspects (profiling), in the following cases:
- We carry out data evaluations (including on payment transactions) in the context of our anti-money laundering, anti-terrorism financing and anti-fraud measures.
- We employ credit scoring to assess your creditworthiness, so that we can evaluate whether customers will meet their contractual payment obligations and to make fair and responsible decisions regarding the provision of our services and products, especially in the context of providing banking facilities, including loans and overdrafts.
DIRECT MARKETING
We only use your personal data for direct marketing purposes if:
- You have given us your explicit consent to do so, in which case you may revoke such consent at any time.
- Where we believe that such processing is necessary for pursuing our legitimate interests.
YOUR PERSONAL DATA RIGHTS
We respect the rights you have under the personal data legal framework, namely the following:
- The right to access your Personal Data or be provided with a copy of the data being held about you.
- The right to request the correction of any inaccuracies in your Personal Data.
- The right to request the erasure of your Personal Data, particularly where the continued processing of the data is no longer necessary.
- The right to object to the processing of your Personal Data, particularly where there are no longer sufficient legitimate grounds for us to continue processing the data.
- The right to data portability, which means to receive a copy of the personal data that you have provided to us and to transmit those data to another organization and/or to request that we transmit such data directly to another organization.
- The right to appeal any automated decision making or profiling.
- The right to withdraw any consent you may have provided.
- The right to fill a complaint to the Data Protection Officer in case of unlawful processing of your Personal Data.
You can exercise any of your rights by referring to any of our branches or by contacting our Data Protection Officer using the details set out in paragraph 15.
It is important to note that the rights set out above are not unconditional and the specific circumstances of the processing being undertaken by BLC determines if these rights may be exercised. Further data concerning these rights and their application can be obtained from the Data Protection Officer.
DATA SECURITY
The Bank commits to take the appropriate and reasonable administrative and technical measures for the safety of the data and their protection from accidental or unlawful loss, misuse, forbidden transmission or access and of any other form of unlawful processing. Although we are fully committed to protect your personal data, security cannot be absolutely guaranteed against threats. In the event that we become aware of a data breach, which may cause you a disadvantage, we will notify you accordingly without undue delay. Moreover you are responsible for protecting and maintaining protection of any identification, authentication and other security measures regarding our services and products (e.g. PIN numbers, usernames and passwords, mobile devices, card numbers and account numbers), as described in the relevant contracts and/or terms and conditions.
CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice may be updated from time to time and without prior notice, in order to reflect our current practices and/or in accordance with any changes in the applicable legal framework. You will always be able to find the most recent version on BLC website and application.
Any visit you make to the site or application where the notice is published subsequent to its update is considered as your approval to the updated version.
COOKIES
We may sometimes use cookies to enhance your experience when browsing the Bank’s website, or using its electronic banking applications. Please refer to our “Cookies Disclaimer” for more details with respect to the cookies that we use and their purpose.
LINKS TO SOCIAL MEDIA & OTHER WEBSITES
BLC website may contain links to third party websites as well as social media platforms e.g. Facebook, Instagram and LinkedIn. This Privacy Notice applies solely to the data collected by our website and nonetheless, we are not legally responsible for the personal data you might post on these other websites or social media platforms since they are subject to their own terms and conditions and privacy policy and BLC holds no responsibility whatsoever should the confidentiality of such data be breached.
Please make sure you carefully read the terms & conditions related to these websites/platforms before submitting your personal data.
CONTACT US
For any matters arising out of and/or in connection with this Privacy Statement, you can contact our Data Protection Officer (DPO) on the following address:
- Tel : 961 1 387000
- Email: [email protected]
Data Protection Policy
INTRODUCTION
BLC is committed to conduct its activities in compliance with Banking Secrecy Law and Data Protection obligations. BLC is aiming to protect the Individuals’ personal data by enforcing a Data Protection Policy that provides the highest level of privacy and security regarding collection and use of data.
This policy describes how the Bank may collect, use, protect and disclose Individuals’ personal information. Personal information comprises all the details BLC holds or collects directly or indirectly about Individuals , their transactions, financial information, interactions or dealings with BLC, including information received from third parties and information collected through the use of BLC website and electronic banking services.
LEGAL & REGULATORY FRAMEWORK
The main legal basis establishing data protection requirements at BLC Bank is the provisions of national law no# 81/2018 , General Data Protection Regulation (GDPR), and BDL circular no # 146/2018 that intend to:
- Protect individuals from having their personal data misused or mishandled and assure to them that their personal information is being securely protected.
- Establish individuals’ rights by creating responsibilities for businesses by setting guidelines for the way to handle and store their personal data.
- Give individuals control over their personal data.
- Improve the level of compliance by introducing significant penalties on organizations that fail to meet their regulatory obligations.
BLC will ensure that the data collected, are effectively protected in order to fulfill individuals’ reasonable expectations of privacy by complying with the applicable laws and regulations.
PURPOSE & SCOPE
The purpose of this policy is to set out the principles of data protection that BLC Bank shall follow and to provide a managed framework for fulfilling BLC Bank business needs, accountability and legal responsibilities.
This policy applies to the personal data of individuals, being current and former employees, representatives, shareholders, BOD members, prospective, current and former customers, authorized signatories, beneficial owners, guarantors, advisers, contractors, service providers, partners, payers, payees and security providers. It applies also to personal data gathered in respect of onboarding customers at the outset of any business relationship and after its conclusion.
This policy covers all personal data processed regardless of the mean on which that personal data is stored.
GENERAL DATA PROTECTION PRINCIPLES
BLC will be guided by data protection Principles relating to processing of personal data.
- LAWFULNESS &FAIRNESS
BLC will only process Personal Data fairly and lawfully and for specified purposes. These restrictions are not intended to prevent processing but to ensure that BLC processes Personal Data for legitimate purposes.
- TRANSPARENCY
BLC must provide detailed, specific information to data subjects about what happens to their Personal Data. This information will be provided through appropriate privacy notices that must be concise, transparent, intelligible, easy accessible and in clear and plain Language to allow the data subjects to easily understand the status of their Personal Data.
- INDIVIDUAL CONSENT
Explicit consent will be obtained in situations where serious data protection risk emerges, hence, where a high level of individual control over personal data is deemed appropriate. The consent must be freely given, specific, and includes an unambiguous indication whether a clear statement or affirmative action from the data subject to process his/her personal data.
When BLC processes personal data that are necessary to conduct a service requested by a customer, under the agreed terms and conditions the processing is considered legitimate and no further consent is needed.
Written consent shall be presented in an understandable and easily accessible form, using clear and plain language.
Data subjects shall be able to withdraw their consents to processing based on the Bank’s internal procedure. BLC shall maintain a record of all consents obtained to demonstrate compliance.
- PURPOSE LIMITATION
Personal Data will be collected only for specified, explicit and legitimate purposes. It will not be further processed in a manner incompatible with those purposes unless the data subject is informed of the new purpose followed by his written consent.
- DATA MINIMIZATION
BLC shall make sure that the processed Personal Data is adequate and relevant to the purpose for which it is intended to be processed and will not accumulate Personal Data that is not relevant for those purposes. BLC shall draft a retention policy to ensure that when Personal Data is no longer needed for specified purposes, it is securely destroyed or anonymised.
- ACCURACY OF DATA
It is the responsibility of the data subject to provide accurate and updated personal data to BLC. BLC will take all reasonable steps to check the accuracy of any personal data at the point of collection and follow the procedure for reviewing the data at regular intervals thereafter. Incorrect or misleading data will be corrected or deleted as appropriate.
- STORAGE LIMITATION
Personal Data will be retained for as long as reasonably necessary and/or as required or permitted by Law .BLC will take the reasonable steps to destroy or erase all personal data that is no longer required by national laws and regulations.
- SECURITY OF DATA
BLC Bank shall take the reasonable necessary measures to protect the personal data it processes and to prevent its distortion, alteration, damage or unauthorized access through the implementation of a robust security program including but not limited to policies, controls, monitoring methods, recovery techniques, training and awareness.
Personal data shall be protected against unauthorized access using appropriate organizational, operational and technical measures. BLC will perform regular controls to ensure the effectiveness of these measures.
PROCESSING PERSONAL DATA
Personal data may or will be collected, stored, used processed, transferred or disclosed in or outside Lebanon for the following purposes:
- To perform contractual agreements with customers, suppliers and employees.
- To manage the business relationship with the customers & suppliers.
- To conduct marketing research and surveys that aim to improve BLC products and services.
- To perform internal audit and compliance control.
- To fulfill examiners’ demands in the course of external audit missions carried out at the Bank.
- To prevent, detect, investigate and prosecute crimes including without limitation money laundering, terrorism financing, fraud and other financial crime, identity verification, government sanctions screening and due diligence checks.
- To comply with local & applicable foreign laws, rules, regulations, decisions, judgments or court orders.
- To comply with agreements between BLC and any public authorities.
- To comply with BLC Bank policies and Code of Conduct.
- To monitor and record calls and electronic communications with data subjects for quality, training, investigation, complaints and crime/ fraud prevention.
- To defend BLC Bank’s rights, participating in potential or actual litigation, arbitration or other legal process.
- To seek professional advice, including in connection with any legal proceedings for obtaining legal advice.
- Other purposes for which data subject has given his or her expressed consent.
PROCESSING SENSITIVE DATA
BLC will only process sensitive personal data where it is strictly necessary to be carried out for a specific purpose. BLC will take special care when processing sensitive personal data because it represents a greater intrusion in individual privacy than when processing non sensitive data, in particular in ensuring the necessity of the Processing and security of the Sensitive Personal Data. Access to a data subject personal Data is limited to authorized persons whose status, duties and responsibilities specifically require or justify access to such data.
REPORTING A PERSONAL DATA BREACH
BLC shall put in place a procedure to be followed by all employees to deal with any suspected personal data breaches. The suspicious case will be reported immediately to the DPO for further investigation and conclusion. A log of personal data breaches will be maintained and submitted periodically to Senior Management.
DISCLOSURE AND TRANSFER OF DATA
BLC may disclose and/or transfer a data subject’s Personal Data both inside and outside Lebanon for the purposes highlighted in this policy and allowed or required by applicable laws and regulations to the following:
- FRANSABANK “ Mother Company”
- Third parties to whom BLC is required to transfer data under the obligations of national Law and regulations, such as: BDL, BCC, CMA, SIC & MOF.
- Third parties to whom BLC is required to transfer data under the obligations of International treaties and/or binding agreements.
- Banks, agents, Financial Institutions, contractors or service providers that deal with BLC under the duty to keep the personal data confidential.
- Credit related companies or agencies which have dealings with BLC.
- Third parties involved in or in connection with potential or actual litigation, arbitration or other legal process with BLC.
BLC will reasonably make sure that third parties who receive personal data of a data subject shall treat the personal data with confidence and in accordance with Data protection law and regulations. BLC will not transfer data of the data subject to any third party to be used for direct marketing purposes without obtaining the prior consent of the data subject.
DATA SUBJECTS’ RIGHTS AND REQUESTS
Data subjects have rights when it comes to how BLC handle their personal data. These include rights to:
- Withdraw consent to processing personal data based on the Bank’s internal procedure.
- Request access to their personal data.
- Prevent the use of their personal data for direct marketing purposes.
- Ask the Bank to erase personal data if and when it is no longer necessary. However BLC may deny a request of an individual if the request constitutes an abuse of rights or the request entails a deletion of data required by national Law or regulations.
- Rectify or complete personal data.
- Be notified of any personal data breach.
- File a complaint with the appropriate Legal authority.
- Receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine readable format.
THIRD PARTY AGREEMENTS
BLC must impose direct compliance obligations on data processors by including specific contractual requirements in any agreement with the data processor. BLC will consider the following requirements when dealing with a third party:
- To process personal data based on documented instructions from BLC Management.
- To have appropriate technical and organizational measures to ensure an appropriate level of security.
- To delete or return all the personal data at the sole discretion of BLC at the end of the service provided.
- Delete any existing soft or hard copies of the personal data unless required by national Laws & regulations.
- Avoid involving another processor without the prior authorization of BLC Management.
ROLES & RESPONSIBILITIES
- Board of Directors
- Promote & maintain a culture that respects customer privacy & personal data across BLC & related entities.
- Review & approve the Data Protection Policy.
- Oversee the level of readiness of the Bank for compliance with data protection requirements.
- Senior Management
- Promote and enforce high standards of data protection.
- Ensure that Data Protection Policy is properly and timely implemented.
- Ensure that management and employees are aware of, understand and adhere to data protection standards.
- React promptly and effectively to compliance issues that arise whenever a data protection breach is detected or suspected.
- Data Protection Officer –DPO
The Head of Compliance is appointed as DPO who shall be entrusted with the duty to perform the following tasks:
- Develop and update the Data Protection Compliance Program and ensure its proper implementation.
- Provide advices where requested on data protection obligations.
- Monitor compliance with data protection law and regulations.
- Raise awareness on data protection requirements.
- Ensure coordination between the supervisory authorities and BLC Bank.
- Act as a contact point for data subjects and the supervisory authority.
- Submit periodic reports to BOD Compliance & AML/CFT Committee & Senior Management.
- Coordinate with the Organization Department to align existing and new procedures with data protection regulations.
- Group / Departments Heads
- Ensure that all staff working under their responsibilities adheres to the instructions reflected in this policy.
- Ensure incorporation of data protection requirements & best practices into business processes.
- Information Security Department
- Develop and maintain an information and cyber security program including policies, procedures, controls, as well as awareness activities to ensure data protection commensurate with the level of acceptable risk as established by the Bank’s General Management.
- Address cyber security incidents and ensure that appropriate actions are taken to prevent recurrence.
- Report cyber security incidents involving personal data breaches to the DPO.
- Legal Department
- Amend BLC existing contracts, agreements and terms & conditions to include all data protection requirements.
- Make sure that contracts, agreements, legal forms are aligned with data protection requirements.
- Assist DPO in proper handling of conflictual situations arising from data breach.
- Audit Department
- Perform regular compliance audits to determine the level of compliance of Business & control functions with data protection requirements.
- Inform the DPO about identified potential compliance weaknesses.
- Submit periodic reports to BOD Audit Committee & Senior Management on the effectiveness of implemented security measures.