Privacy Notice

 

1.    Introduction

The General Data Protection Regulation (“GDPR”) Privacy Policy is a public statement of how More Capital SAL (“We”, “Us”, “Our”, “the Institution”) applies data protection principles to processing data. This Privacy Policy sets out our current policies and demonstrates our commitment to the privacy of our customers and aims to address their concerns on how their personal information is handled within the Institution. Our privacy policy may change at any time in the future. If we do make substantial changes to the policy, you will be notified accordingly.

The Institution is committed to protecting the privacy of its customers and to handling their data in an open and transparent manner. The personal data that we collect, and process depends on the product or service requested and agreed upon by the customer in each case.

This Privacy Policy:

  • Outlines the measures established to protect the privacy of our customers under the General Data Protection Regulation (“GDPR”);
  • Provides an overview of how we collect and process customers’ personal data and outlines customers’ rights under the local data protection law and the GDPR;
  • Is directed to Data Subjects (Natural Persons) who are either current or potential customers, or are authorized representatives and/ or agents or beneficial owners of legal entities or of natural persons which/who are our currentor potential customers;
  • Is directed to Data Subjects who had such a business relationship with us in the past;
  • Contains information about when we share personal data with different members of our team and/ or other third parties (for example, our service providers or suppliers).

In this Privacy Policy, customers’ data is sometimes referred to as “Personal Data” or “Personal Information”. We may also sometimes collectively refer to handling, collecting, protecting and storing personal data or any such action as “Processing” such personal data.

For the purposes of this Policy, personal data shall mean any information relating to the customer which identifies or may identify him/ her, and which includes, for example, the name, address, identification number, etc.

2.    About Us

More Capital SAL was established in 2010 as a Lebanese Financial Institution licensed and regulated by the Central Bank of Lebanon (“Banque du Liban” or “BDL”) and was listed on the list of Lebanese Financial Institutions under number 58.

The Institution is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about our customers. We are required under data protection legislation to notify our customers of the information contained in this privacy policy.

3.    Purpose for Collecting Personal Data

We collect, process, and use different types of Personal Data which we lawfully receive from a range of sources, amongst which are:

  • Our customers (potential and current) in person or via their representative or via our alternative channels of communication such our website or mobile channels, in the context of our business relationship, in order to offer them even better products and services, and to best adapt our business processes to our customers’ needs;
  • Other entities within the institution or other third parties e.g. credit reference agencies, public authorities, companies that process card payments, etc.;
  • Publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the Internet) which we lawfully obtain, and are permitted to process.

If you are a prospective customer, a counterparty in a transaction of a customer (e.g. account or payment authorization), a prospective security provider (e.g. a guarantor for a credit facility), an authorized representative/ agent or beneficial owner of a legal entity or of a natural person which/ who is a prospective customer, and in the context of providing you with our financial products and services, we are required to collect the relevant personal data based on the lawful basis of processing we are adopting.

Examples of the Personal Data we may collect include (but is not limited to):

  • Name, address, contact details (telephone, email), identification data, birth date, place of birth (city and country), marital status, employment details, if you hold/ held a prominent public function (for Politically Exposed Persons), FATCA/ CRS info, authentication data (e.g. signature);
  • Current income and expenses, employment history, property ownership and personal debts, number of dependent children, personal investments and investment income, banking relationship details, tax residence and tax ID, credit reference agency data, own and/ or third-party security (e.g. if an existing personal guarantor), employment position (e.g. as per corporate certificates of directors/ shareholders), economic and financial background and credit reference agency data, order data (e.g. payment and transfer orders) and personal data arising from the performance of our contractual obligations, financial info (as expected annual credit/ debit turnover, nature of transactions, source of income, source of assets), information on any third-party beneficiaries;
  • Specific information which we may request includes: knowledge and experience with shares, funds and interest rate/ currency products, investment strategy and scope, personal investment portfolio, personal objectives;
  • Any other proof or supporting document/ information that we may deem required as part of the financial relationship, such as cash flows and balance sheets and business management information as well as collateral information, property documentation, land registry reports and sale agreements.

When we agree to provide products and services to you or the legal entity you represent or beneficially own, then additional personal data may be collected and processed.

4.    Children Data Privacy

We understand the importance of protecting children’s privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardians’ consent or unless otherwise permitted under law. We do not provide any online services to children.

5.    Obligation to Provide Your Personal Data

In order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations.

We are furthermore obligated to collect such personal data given the provisions of the money laundering law which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative/agent or beneficial owner.

You must, therefore, provide us at least with your identity card/ passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligation as mentioned above.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/ agent or beneficial owner of a legal entity.

6.    Processing of Personal Data

As a Financial Institution, we are subject to various legal obligations and statutory requirements to collect, profile, process and use your data, including but not limited to the Business of Credit Institutions Laws, the Anti-Money Laundering & Counter-Financing of Terrorism Law, the Directives issued by Banque du Liban, the Banking Control Commission of Lebanon, the Special Investigation Commission, Capital Markets Authority, and any other applicable laws and regulations.

We are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law. We will only use, disclose, profile and process your Personal Data where we have your Consent, or we have another Lawful reason for using it. These reasons include where we:

  • Need to pursue our legitimate interests;
  • Need to process the information to carry out an agreement we have with you;
  • Need to process the information to comply with a legal obligation;
  • Believe the use of your information is in the public interest, e.g. for the purpose of preventing or detecting crime.

We may use your information to provide you with details about our products and services. We may send you marketing messages by post, email, telephone, text or secure messages, to the extent that you have consented us to do so. You can change your mind on how you receive marketing messages or choose to stop receiving them at any time.

In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within More Capital SAL as well as with others (such as tax authorities, agents, proxy holders and counterparties). Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.

Recipients of personal data may be, for example, Law Enforcement, Government, Courts, Dispute Resolution Bodies, Supervisory and other Regulatory and Public Authorities (e.g. Central Bank of Lebanon, Banking Control Commission of Lebanon, Special Investigation Commission, Capital Markets Authority, the Income Tax Authorities, Criminal Prosecution Authorities), Credit and financial Institutions such as the Valuators and Surveyors, Credit Reference Agencies, External Legal Consultants, Financial and Business advisors, Auditors, Marketing Companies and Market Research Companies, Card Payment Processing Companies, File/ cloud  storage companies, Companies that offer technological expertise, solutions and support, as well as website and advertising agencies.

We recognize the importance of personal information entrusted to us. It is one of our fundamental responsibilities to ensure that we protect the information entrusted to us by our current and prospect clients. Any personal information shared with any third parties as described above shall be shared in accordance with the Banking Secrecy Law and other relevant laws and regulations.

7.    Automated Decision-Making and Profiling

In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, for the purpose of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, in the following cases:

  • Data assessments (including on payment transactions) are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.
  • Credit scoring is used as part of the assessment of your creditworthiness. This calculates whether you or your business will meet your payment obligations pursuant to a contract. This helps us make responsible lending decisions that are fair and informed.

8.    Treatment of your Personal Data for Marketing Activities

We may process your personal data to tell you about products, services and offers that may be of interest to you or your business. The personal data that we process for this purpose consists of information you provide to us and data we collect and/ or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so. You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting us at any time.

9.    Personal Data Retention

We will keep your personal data for as long as we have a business relationship with you (as an individual or in respect to our dealings with a legal entity you are authorized to represent or are beneficial owner) in accordance with our Data Retention Policy. Once our business relationship with you has ended, we may keep your data for up to 10 years in accordance with relevant laws, regulations, and directives.

We may keep your data for longer than 10 years if there is an outstanding or pending litigation or audit/ research being by an official authority of the government in accordance with applicable data protection laws and the GDPR. For prospective customer personal data (or authorized representatives/ agents or beneficial owners of a legal entity prospective customer) we shall keep your personal data for 6 months from the date of notification of the rejection of your application for financial services and/ or facilities or from the date of withdrawal of such application, as per the relevant directives.

10. Data Subject Rights

You have the following rights in terms of your Personal Data held by us:

  • Receive Access to your Personal Data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request Correction (Rectification) of the personal data we hold about you.  This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request Erasure of your Personal Information. This enables you to ask us to erase your personal data (known as the “Right to be Forgotten”) where there is no good reason for us continuing to process it. It is understood that we can erase data only to the extent permitted by applicable laws and regulations (refer to the section on Data Retention above).
  • Object to Processing of your Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object where we are processing your personal data, for direct marketing purposes. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
  • Request the Restriction of Processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:
    • It is not accurate;
    • It has been used unlawfully but you do not wish for us to delete it;
    • It is not relevant any more, but you want us to keep it for use in possible legal claims;
    • You have already asked us to stop using your personal data, but you are waiting us to confirm if we have legitimate grounds to use your data.
  • Request to Receive a Copy of the Personal Data concerning you in a format that is structured and commonly used and transmit such data to other organizations. You also have the right to have your personal data transmitted directly by us to other organizations you name (known as the “Right to Data Portability”).
  • Withdraw the Consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

To exercise any of your rights, refer to the forms presented in the footer of our website and follow the instructions included in those forms, or if you have any other questions about our use of your personal data, please contact our Data Protection Officer (“DPO”) as per the “Data Protection Officer Contact Details” section below.

11. Right to Lodge a Complaint

If you have exercised any or all of your Data Protection Rights and still feel that your concerns about how we use your Personal Data have not been adequately addressed by us, you have the right to complain by contacting our DPO. You also have the right to complain to the Office of the Commissioner for Personal Data Protection and other relevant authorities.

12. Changes to this privacy statement

We may modify or amend this Privacy Policy from time to time. We will notify you appropriately when we make changes. We do however encourage you to review this Policy periodically so as to be always informed about how we are processing and protecting your personal information.

13. Data Protection Officer Contact Details

If you feel that the above is not sufficient or if you have any queries as regards the collection, processing or use of your information we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.

Please contact our DPO:  

3rdFloor, Marfaa 157, Saad Zaghloul Street, Downtown, P.O. Box 11-4621 Beirut, Lebanon

Tel: +961 1 999 160

Email: dp@morecapital.com