But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing in line with the purposes outlined in Article 4 of Law No. 30 of 2019 on the issuance of the Personal Data Protection Law (the “Applicable Privacy Law"). Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it.
Secondly, if we want to collect and use your information for other purposes other than what is stated herein, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We tend to need permission when what is proposed is more intrusive (for example, sharing your contact details with other organizations so they can market their own products and services to you).
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within our ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks, to block SPAM or to provide you with better customer experience).
This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.
1. Accessing and updating your information
You can request to update the information we hold about you by sending an email to firstname.lastname@example.org. Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.
We’ll always try to help you with your request, but we can refuse if we believe doing so would involve infringement and abuse of your use of your rights, prejudice any intellectual property rights or trade secrets of us and/or a third party or the law prevents us. And even though we have to complete your request free of charge, we are allowed to reject requests if they’re repetitive or you don’t have the right to ask for or the information or the requests made are excessive. If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.
2. What kinds of personal information do we collect and how do we use it?
The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information below.
3. To provide you with products and services
We’ll use your personal information to provide you with products and services. This applies when you register for or buy a product or service from us. Or if you register for an online account with us or download and register on one of our apps.
This means we’ll:
- record details about the products and services you use or order from us
- send you product or service-information messages
- update you on when we’ll deliver, connect or install your products and services
- let you create and log in to the online accounts we run
- charge you and make sure your payment reaches us
- share your information with third parties that we work with in order to resell a service we provide to you through a third party, relationship management, sending bills;
- service activation/fulfilment /delivery; or
- customer service
If we do this, we still control your personal information and we have strict controls in place to make sure it’s properly protected (Please refer to Section 12 form more details); and
We use the following to provide products and services and manage your account:
- Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as the security questions and answers we have on your account)
- Your payment(s) and financial information including Your credit or debit card information, information about Your bank account and other banking and cards information in relation to the e-wallets, digital banking mediums in addition to the automated payments (if opted for by You). You may opt out from the automated payment scheme any time by calling us on 124.
- Your communications with us, including emails, webchats and phone calls. We’ll also keep records of any settings or communication preferences you choose
- Information from cookies placed on your connected devices that we need so we can provide a service (please refer to section 6 for more details).
- We use this information to carry out our contract (or to prepare a contract) and provide products or services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.
- If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable customer, but only if you give your permission or if we have to for legal or regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information, so we don’t repeatedly ask you about it. We will also record the details of a Power of Attorney we have been asked to log against your account.
4. Because it is in our interests as a business to use your information
We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
- identify, qualify your eligibility for products, pricing of financial risk, and to let you know at the right time about products and services that could interest you
- create aggregated and anonymised information for further use
- detect and prevent SPAM and fraud; and
- secure and protect our network
5. To market to you and to identify products and services that interest you
We’ll use your personal information to send you direct marketing and to better identify products and services that interest you. We do that if you’re one of our customers or if you’ve been in touch with us another way (such as entering a prize promotion or competition).
This means we’ll:
- create a profile about you to better understand you as a customer and tailor the communications we send you;
- tell you about other products and services you might be interested in and that you qualify for;
- recommend better ways to manage what you spend with us, like suggesting a more suitable product based on what you use;
- try to identify and advise you at the right time about products and services you’re interested in and;
- show you more relevant online advertising and work with other well-known brands to make theirs more suitable too.
We use the following for marketing and to identify and qualify the products and services you’re eligible to and interested in:
- Your contact details. This includes your name, gender, address, phone number, date of birth and email address
- Your telecom usage, behavior and locations
- Your spend, payments and financial information
- Information from cookies and tags placed on your connected devices
- Information from other organisations such as aggregated demographic data, data brokers, our partners and publicly available sources
- Details of the products and services you’ve bought and how you use them – [including your call, browser (including IP address), and TV records]
- CCTV footage and Audio recordings in our shops, buildings and call center
We’ll send you information (about the products and services we provide) by phone, post, email, text message, online banner advertising or a notice using our apps or on your TV. We also use the information we have about you to personalise these messages wherever we can as we believe it is important to make them relevant to you. We do this because we have a legitimate business interest in keeping you up to date with our products and services, making them relevant to you and making sure you manage your spending with us. We also check that you accept that we send you marketing messages by text or email before we do so. You also have the option to opt out by using the unified number 88444
We’ll only use your telecom usage and behavior, browser and some TV records (such as programmes you watch on channels we provide that are produced by other organisations) to better personalise our offers to you.
By signing our terms and conditions you agree we will market to you other organisations’ products and services to you.
If you no longer want to receive a marketing activities from us, you will need to calling us on 124 to submit your request along with your proof of identity, and we will attend your request in due course. We will notify you, with any of the following:
- With our acceptance to your request and to discontinue marketing;
- With our partial response to your request (indicating the cause and the extent of our response).
- Rejection of your request and the reason therefore.
- If you’re opted out of a marketing activity, you may still receive service-related messages (e.g. billing, add-on/service activation, credit limit, expiry of term(s) etc..)
What are cookies?
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our service.
Cookies themselves don't hold personal information. They only have a unique alphanumeric identifier that sits on your browser. And in many cases, we won’t be able to link the information we collect by using a cookie back to you. They can, however, enable us to link that information back to you and your personal information, for example, when you log in, or choose to register for a service.
Cookies we use
- Session Cookies. We use Session Cookies to ensure that you are recognised when you move from page to page within our website and that any information you have entered is remembered.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
How can I control cookies?
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
For example, to make a purchase online or sign up to services like mobile application, software and/or online content, you may have cookies enabled on your internet browser. You may choose not to enable cookies, you’ll still be able to browse our website, but it will restrict some of the functionality of our website and what you can do.
7. Collection of aggregated and anonymised information
We’ll use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:
- make sure our network is working properly and continuously improve and develop our network and products and services for our customers
- run management and corporate reporting, research and analytics, and to improve the business; and
- provide other organisations with aggregated and anonymous reports
- We use the following to generate aggregated and anonymized information.
- Your gender, address and date of birth
- Information about what you buy from us, how you ordered it and how you pay for it, for example, broadband ordered online and paid for on a monthly basis
- Information from cookies and tags placed on your computer
- Information from other organisations who provide aggregated demographic information, data brokers, our partners and publicly available sources
- Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address), and TV records.
We have a legitimate interest in generating insights that will help us operate our network and business or would be useful to other organisations.
8. To develop our business and build a better understanding of what our customers want
This means we’ll:
- maintain, develop and test our network (including managing the traffic on our network), products and services, to provide you with a better service
- train our people and suppliers to provide you with products and services (but we make the information anonymous beforehand wherever possible)
- create a profile about you to better understand you as our customer; and
- run surveys and market research about our products
- We use the following information to do this.
- Your contact details
- Your telecom usage, behavior and locations
- Your spend, payments and financial information
- Your communications with us, including emails, webchats and phone calls (and any recordings made)
- Information from cookies placed on your connected devices
- make and defend claims to protect our business interests
- Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address and static IP address, if it applies), and TV records.
If we use this information for market research, training, testing, development purposes, defend or bring claims or to create a profile about you, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our customers’ needs.
We create a profile about you based on what you have ordered from us and how you use our products and services. This helps us tailor the offers we share with you.
9. To run credit and fraud prevention checks
Before we provide you with a product or service (including upgrades or renewals), or sometimes when you use our products and services, we’ll use your personal information and usage together with information we have collected from credit reference agencies, or fraud prevention agencies. We use this information to manage our credit risk and prevent and detect fraud and money laundering. We’ll also use these organisations to confirm your identity. When they get a search from us, a 'footprint' goes on your file which other organisations might see. We might also share the information with other organisations. We do this because it’s in our, and the organisations’, legitimate interests to prevent fraud and money laundering, and to check identities, to protect our business and to keep to laws that apply to us.
Details of the personal information that will be used include your name, address, date of birth, contact details, financial information, employment details and device identifiers, including IP address and other relevant details.
If you give us false or inaccurate information or default on payment which we identify as fraudulent, we may eventually pass that on to fraud prevention agencies. We might also share it with law enforcement agencies, as may the agencies we have shared the information with.
If we, a credit reference or eventual fraud prevention agency, decide that you are a credit, fraud or money laundering risk, we may refuse to provide the services or financing you have asked for, or we may stop providing existing services to you.
The credit reference and eventual fraud prevention agencies will keep a record of any fraud or money laundering risk and this may result in other organisations refusing to provide services, financing or employment to you. If you have any questions about this, please get in touch with us using the contact details found in the 'How to contact us and further details' section below.
We may send credit reference and eventual fraud prevention agencies information about applications, and they keep that information. We might also give them details of your accounts and bills, including how you manage them. This includes telling them about your account balances, what you pay us and if you miss a payment (going back in the past, too). So, if you don't pay your bills on time, credit reference agencies will record that. They, or a fraud prevention agency, might tell others doing similar checks – including organisations trying to trace you or recover money you owe them.
Whenever credit reference and fraud prevention agencies transfer your personal information outside of the Kingdom of Bahrain, they place contractual responsibilities on the organisation receiving it to protect your information to the standard required in the Kingdom of Bahrain. They may also make the organisation receiving the information commit to the conditions aimed at sharing information securely.
To collect debt
If you don’t pay your bills, we might ask a debt-recovery agency to collect what you owe. We’ll give them information about you (such as your contact details) and your account (the amount of the debt) and may choose to sell the debt to another organisation to allow us to receive the amount due.
To prevent and detect crime
We’ll use your personal information to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks.
To do that we use the following information, but only where strictly necessary.
- Your contact details and other information to confirm your identity and communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (for example, security questions). We do not store the original copy of your password. Instead we keep it in a form that allows us to authenticate you but does not allow us to work out what your original password is
- Your payment and financial information including Your credit or debit card information, information about Your bank account and other banking and card(s) information.
- Information from credit reference and fraud prevention agencies
- Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records
- CCTV footage and Audio recordings in our shops and buildings
We use this personal information because we have a legitimate interest in protecting our network and business from attacks and to prevent and detect crime and fraud. We also share it with other organisations (such as other communications providers and banks) who have the same legitimate interests. Doing this helps make sure our network works properly and helps protect you from attacks.
If you call the emergency services, we’ll give them information about you and where you are, so they can help. We do this because it is necessary to protect you, or another person, and because it is in our interests to help the emergency services in providing help to you.
10. To meet our legal and regulatory obligations
We might have to release personal information about you to meet our legal and regulatory obligations.
To law enforcement agencies
Under investigatory powers legislation, we might have to share personal information about you to government and law-enforcement agencies, such as the police, to help detect and stop crime, prosecute offenders and protect national security.
They might ask for the following details.
- Your contact details. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us
- Your communications with us, such as calls, emails and webchats
- Your payment and financial information
Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records.
We share your personal information when the law says we have to.
We’ll also share personal information about you where we have to legally share it with another person. That might be when a law says we have to share that information or because of a court order.
In limited circumstances, we may also share your information with other public authorities ( i.e. for historical or statistical purposes and/or for scientific researches) in anonymized form. however, we would need to be satisfied that a request for information is lawful and proportionate.. .
For regulatory reasons
We’ll also use your call, browser (including IP address) and TV records to find the best way of routing your communications through the various parts of our network, equipment and systems as required by our regulator.
If you order a phone service, we’ll ask if you want your details included in our directory services such as our Phone Book. If you do, we’ll publish your details and share that information with other providers of directory services.
Sharing your information
11. Who do we share your personal information with, why and how?
We share your personal information with other service providers (subject to an agreement we signed with them) to process personal information on our behalf or to help us provide services to you in the following cases:
- If You purchased and/or subscribed in Our products and services using a third party or partner organisation, We often need to exchange information with them as part of managing that relationship and Your account – for example, to be able to identify Your order and be able to pay them.
- If We have a contract with a service provider or contractor to provide Us with services or provide a service on our behalf, and they may have access to Your personal information, we don’t authorise them to use or disclose Your personal information except in connection with providing their services.
- If You buy third party products through Your account with Us (such as Charge to Bill for mobile) with Us, the contract for it is with the party selling that product or service. We are only charging the amount directly to Your bill as part of its arrangements with the seller (or with a third party authorised by the seller). As part of this, you’re agreeing that We may pass certain personal information to such parties to complete your purchase
We also use them to:
- provide customer-service, marketing, infrastructure and information-technology services and content services;
- personalise our service and make it work better;
- Billing for the services we provide you;
- process payment transactions;
- carry out fraud and credit checks and collect debts;
- analyse and improve the information we hold (including about your interactions with our services); and
- run surveys
Where we use another organisation, we still control your personal information. When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.
Also, we may need to transfer your information to other companies or service providers in countries outside the Kingdom of Bahrain which are considered to have sufficient laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the Kingdom of Bahrain, or if you use our services and products while visiting countries outside this area.
If we send your information to a country that is not considered to have sufficient laws, we will make sure that your information is properly protected. We will always ensure that there is a proper legal agreement that covers the data transfer and reflect the standards set by law to provide sufficient protection to your information.
If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.
Protecting your information and how long we keep it
12. How do we protect your personal information?
We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.
13. How long do we keep your personal information?
We retain your personal information as long as we have an ongoing legitimate business need to do so provided that we have a legal basis to do so, for example to provide services or products to you, or as required or permitted by applicable laws.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
How to contact us and further details
14. Got a question about how we use your information?
You can get in touch with our data-protection controller by email email@example.com or write to the address below and mark it for its attention.
STC Bahrain – P.O. Box 21529
Manama, Kingdom of Bahrain
If you want to make a complaint on how we have handled your personal information, please contact our data protection controller who will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the TRA. http://www.tra.org.bh/
15. How will we tell you about changes to the policy?
We will notify you of such changes at least 30 days’ in advance.
We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. You have the right to know what information we hold about you.