Privacy Policy - Doha Bank Kuwait

Effective from: December 2025

Doha Bank is committed to protecting your data and your privacy. Our goal is to maintain your trust and confidence in relation to the Personal Data we hold about you.

Please read this Privacy Notice carefully to understand our policies and practices regarding how we handle your Personal Data.

Overview

This Privacy Notice (“Notice”) outlines how Doha Bank (“We, Us, Our”) and its affiliates and subsidiaries collects, uses and secures your Personal Data when you apply for or use any of our products or services, or otherwise interact with us based on the relationship you have with us. It also tells you how you can access and update your Personal Data, and make certain choices about how your Personal Data is used.

Personal Data means any information that identifies you, either directly or indirectly. It also includes personal data of a special or sensitive nature as defined by applicable Privacy Laws and Regulations.

This Notice supplements our terms and conditions, and any other policies and notices we may provide in specific instances when we collect or process your Personal Data, and is not intended to override them.

Scope

The following areas are covered in this Notice. Download Full Privacy Notice (pdf) here or read it below.

Sources of Personal Data
Personal Data that We Collect About You
How We Use Your Personal Data and the Lawful Reasons We Rely On
Special Nature or Sensitive Personal Data
Personal Data Relating to Children or Minors
Information Disclosure
How We Protect Your Personal Data
Transfer of Your Personal Data across Country Borders
Retention of Your Personal Data
Marketing and Surveys
Use of Cookies
Your Rights and How You Can Exercise Them
Contact Us
Changes to the Notice

1. Sources of Personal Data

We collect information in a variety of contexts, based on our relationship or how we interact with you. This Notice applies to all Personal Data that is collected or received through the various sources.

For example, we may collect information:

Directly from you. This includes information you give us when you apply or register for our products and services on physical or electronic forms, use our online banking services or mobile apps, communicate with us (via phone calls, emails, text and other electronic messages), respond to surveys, provide feedback, or enter contests or promotions.
Automatically when you use our Online and Mobile Banking Services. We may collect Device Data, Online / Mobile Activity Data, and other information automatically when you interact with us online. This data may be collected through cookies, server logs or other similar technologies.

We may also collect information from other sources such as:

From your authorized representative(s) or other individuals acting on your behalf, such as a legal guardian or power of attorney,
From third-party data sources to support activities such as fraud prevention, identity verification, background checks, etc.
Market research (if feedback is not provided on an anonymous basis),
From our co-branded card or business partners,
From publicly available data sources including social media, to the extent that you manifestly choose to make your profile publicly visible,
Through our closed-circuit television (“CCTV”) cameras when you visit our premises and branches, and
Data received when we acquire other companies. For clarity, when we acquire a company, their privacy policy and notices apply until such time as Doha Bank’s privacy practices are implemented.

Where you disclose Personal Data to us or our service providers on behalf of another person, you confirm that you have informed the individual and have obtained authorization from that individual to share their Personal Data for use in accordance with this Privacy Notice.

2. Personal Data that We Collect About You

We may process different kinds of Personal Data about you, which we have grouped as follows:

When you sign up for or use a financial product or service, we may collect:

Information Type	Information Included
Contact or identity data	such as your name, mailing address, email address, phone number, date of birth, government-issued identifier (e.g., Identification Card, tax ID number, driver’s license, or other government ID), citizenship, username and password, profile picture, and other information that directly identifies you.
Account-related data	such as account number, credit / debit card number, account history, account balances, loan details, vehicle or property information, information about beneficiaries and joint account holders, business-related information (e.g., business name, address, revenue, and industry type), and other information related to your Doha Bank accounts, applications, or prequalification inquiries.
Transaction data	such as credit / debit card purchases, payment or transaction history, transaction details when you transfer money to or from your Doha Bank accounts, and third-party billing information or statements.
Credit report information	such as your credit score, credit history, and other information that we receive from credit reporting agencies.
Demographic data	such as gender, marital status, age, household size/composition, education level, income, occupation, and employment status.

When you browse our website or use our mobile apps, we may also collect:

Information Type	Information Included
Device data	such as your device type, internet protocol address, general location (e.g., city, state, or country), precise location (e.g., latitude / longitude to find a nearby Doha Bank branch or ATM)
Online / mobile activity data	such as login data, search history, information about how you use and interact with our Online Services or advertising (including content viewed, links clicked, and features used), when and how often you use our Online Services, the webpage from which you clicked a link to come to our Online Services (e.g., the referrer website address (URL). Access to various device features on your permission such as Camera; Telephone; Files / Media / Storage permission; Other Permissions such as view Network / Wi-Fi connections; view Google service configuration; use fingerprint/biometric hardware; upload of user’s installed application information.

Information Type

Information Included

Device data

such as your device type, internet protocol address, general location (e.g., city, state, or country), precise location (e.g., latitude / longitude to find a nearby Doha Bank branch or ATM)

Online / mobile activity data

such as login data, search history, information about how you use and interact with our Online Services or advertising (including content viewed, links clicked, and features used), when and how often you use our Online Services, the webpage from which you clicked a link to come to our Online Services (e.g., the referrer website address (URL).

Access to various device features on your permission such as Camera; Telephone; Files / Media / Storage permission; Other Permissions such as view Network / Wi-Fi connections; view Google service configuration; use fingerprint/biometric hardware; upload of user’s installed application information.

When you interact with us, we may collect:

Information Type	Information Included
Surveillance data	such as your images, voice and other similar information or surveillance footage by CCTV cameras on our premises, branches and/or ATMs.
Marketing data	such as your marketing preferences, information about products or services we think you might like, and inferences based on your interactions with us or our partners (e.g., Online / Mobile Activity Data used for targeted advertising).
Communications data	such as your communication preferences and details or the content of your communications with us (e.g., chat messages).
Survey and research data	such as your responses to questionnaires, surveys, requests for feedback, and research activities.

If you inquire about or apply for a job at Doha Bank, we may also collect:

Information Type	Information Included
Employment application data	such as identification and contact information, professional, employment-related, and education history collected through the Online Services about job applicants, employees, associates, contractors, or other members of the Doha Bank workforce.

3. How We Use Your Personal Data and the Lawful Reasons We Rely On

We use your Personal Data to provide you with our products and services, meet applicable legal and regulatory obligations, maintain our relationship with you, and to effectively manage and improve our operations.

Each use is supported by a valid reason under the applicable Privacy Law (“Lawful Basis”), such as:

Contractual obligation: Processing the Personal Data is necessary to enter or fulfil contractual obligations;
Legal obligation: Processing the Personal Data is necessary to comply with an applicable legal or regulatory obligation;
Legitimate interests: Processing the Personal Data is necessary to support our business operations and maintain trusted relationships;
Consent: Where you have given us your express authorization, for example, for direct marketing activities.

We will use your Personal Data only for the purposes stated in this Notice or for reasons communicated during collection of the data. If we need to use your data for an unrelated purpose, we will notify you and seek your consent where required.

If you choose not to provide certain Personal Data or not to allow its use, we may be unable to provide specific products or services. We will inform you when this is the case.

The different ways we use your Personal Data and the lawful reasons for the same are listed below. Please note that not all the uses below will be relevant to every individual. In some cases, more than one lawful reason will apply.

Purpose	Lawful Reason
Delivery of products or services
Application for products or services (e.g., to prequalify for a loan, apply for a credit card, or to open an account or other financial product) Account opening and onboarding (e.g. collecting the required documents, verifying your identity, evaluating your eligibility for such products or services, conducting credit checks with one or more credit reference agencies (CRAs), setting up accounts and profiles including mobile and internet banking) Processing transactions and operation of accounts (e.g. deposits, withdrawals, transfers, loan disbursements, payments, treasury activities and investments) To enable use of financial planning tools, with the option to save your data for future access depending on your preferences and settings	To perform pre-contractual steps for requested services To perform our contractual obligations to you To comply with our legal and regulatory obligations It is in our legitimate interests to provide quality products and services to you You have provided your consent as a parent or legal guardian for the processing of your child’s data
Customer relationship management
Notifying you about account activities and transactions Responding to inquiries and complaints To communicate important updates about our products, services, online platforms, and related terms, policies, or administrative matters Collecting feedback through surveys, market research, customer satisfaction forms Conducting promotional campaigns, loyalty programs, contests Providing personalized offerings and experiences To develop and carry out marketing activities, including targeted marketing	To perform our contractual obligations to you To comply with our legal and regulatory obligations It is in our legitimate interests to: Communicate with you about your products and services Collect your feedback to improve services Provide you with standardized high-quality customer experience Keep you informed about our offerings and what suits you best You have provided your consent for direct/targeted marketing
To manage our operations
Development and management of our brands, products and services Customer due diligence, verification and authentication of your identity at account opening or when transacting Confirming the accuracy of the data you have given us Monitoring and detection of unusual or suspicious activities on accounts or in transactions Anti-Money Laundering (AML) screening Fraud and crime investigation, mitigation and reporting Recovery of debts owed To manage fees, charges and interest due on customer accounts To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, risk management, corporate governance, regulatory reporting, audit, business continuity Recruitment and management of our personnel Third-party engagements Vendor evaluation, onboarding and monitoring To manage how we work with other entities that provide services to us and our customers Provision of security at the workplace and in our premises	To perform our contractual obligations To comply with our legal and regulatory obligations It is in our legitimate interests to: Maintain high quality of product and service delivery Ensure financial stability and sound management Refine our operational controls to ensure efficient performance of processing activities to achieve the business objectives Maintain your security and that of the Bank and its assets Prevent fraud Monitor service delivery and manage our commercial relationships Manage legal claims and defend the Bank in disputes
Business development management
Responding to business inquiries and proposals Assessing new products and services Testing new technologies, upgrades and enhancements to the existing technologies (applications and systems) To develop new ways to meet our customers’ needs and to grow our business To perform activities such as data analysis, usage trends to determine the effectiveness of our campaigns and as input into improving products and services	To conduct pre-contractual discussions To comply with our legal and regulatory obligations It is in our legitimate interest to: Improve efficiency of our operations Keep refining our products and services Develop new products and services

4. Special Nature or Sensitive Personal Data

We may collect Special Nature or Sensitive Personal Data about you, such as information about race, health, physical or psychological condition, religion, marital relations, criminal offences, and data concerning children.

We will only process such data for clearly identified and lawful purposes, and after obtaining the required authorization.

5. Personal Data Relating to Children or Minors

We recognize the importance of protecting privacy where children or minors are involved. We do not knowingly collect Personal Data from children or minors. If we become aware that such data has been collected unintentionally, we will promptly remove it from our records.

In cases where Personal Data about a child or minor is required, for example, to provide banking products or services, or to participate in promotional awards or other activities, we only collect data that is strictly necessary. Such data is collected only from the parent or legal guardian who holds parental or legal responsibility for the child, and with their explicit consent as required by applicable Privacy Law.

As a parent or legal guardian, you have the right to request that we exercise your child’s rights in relation to the child’s Personal Data that we hold. This includes access to the Personal Data we hold about the child and what we use it for, requesting deletion, removal or suspension of processing. More information on these rights is covered in the section on ‘YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM’.

6. Information Disclosure

We may disclose your Personal Data to our trusted third parties providing services to us or performing services on our behalf, and with other agencies where required for legal or regulatory purposes.

These include:

Our affiliates and subsidiaries, including for our Group-wide operations.
Third parties under agreements that require them to protect your Personal Data to the standards provided under applicable Privacy Law. We require all third parties to keep the data confidential and restrict its disclosure, and only use it for agreed purposes including:
- Delivering services related to our products and services;
- Supporting our internal operations e.g. fraud investigation, debt recovery and skip tracing activities;
- Carrying out our business functions e.g. Information Technology (IT) operations.
- Facilitating transactions with financial institutions and merchants.
- Providing emergency or disaster response services at our premises in case of an emergency.
- Emergency and disaster response providers in case of emergency at our premises.
Your authorized representatives, as designated by you, your agents or your affiliated entities, in connection with the relationship you have with us or the products and services we provide.
Partners who provide us with professional advice: These include legal consultants, insurers, auditors, and legal advisors, including in connection with prospective or actual legal proceedings to establish, exercise or defend our legal rights.
Government authorities, credit bureaus and statutory bodies: If the government, judicial, security, investigatory, regulatory authorities, statutory bodies or financial institutions seek your Personal Data, we may be required to disclose it for:
- Prevention, detection, investigation and prosecution of crime in any jurisdiction (including, without limitation, money laundering, terrorism, fraud and other financial crime);
- Identity verification, government sanctions screening and due diligence checks;
- To comply with local or foreign law, regulations, directives, judgments or court orders, government sanctions or embargoes, reporting requirements under financial transactions legislation, and demands of any authority, regulator, tribunal, enforcement agency, or exchange body; and
- Any purpose permitted by Law.

Please note, we do not rent or sell your Personal Data to any third parties for any purpose.

7. How We Protect Your Personal Data

The security of Personal Data including data of special nature is a priority for Doha Bank. We take all reasonable steps to prevent the loss, misuse and unauthorized access, alteration or disclosure of the information under our control by implementing appropriate physical, logical and administrative safeguards.

People who can access your Personal Data. Your Personal Data is accessed only by authorized staff, agents or third parties, on a need to know basis, and for specific identified purposes. Our personnel are required to comply with strict data safeguards including agreeing to confidentiality obligations. When we contract with third parties, we require that they have appropriate security, confidentiality and privacy measures in place to ensure that Personal Data is handled safely.
Measures taken in operating environments. We handle and store your Personal Data in secure environments. We have put in place appropriate internal policies and security standards to ensure the confidentiality, integrity and availability of Personal Data. We continue to review our security controls and related policies and procedures to ensure that your information remains secure.

Please note, however, that these protections do not apply to information you choose to share in public areas, such as third-party social networks. Moreover, while we take reasonable steps to protect Personal Data during transmission, no method of internet is completely secure, and we cannot guarantee absolute security when you transmit your Personal Data to us over the internet or similar connection.

You are responsible for complying with any security requirements we inform you of, such as keeping your passwords, PINs and other login information private and not sharing them. Please reach out to us immediately if you suspect there is unauthorized access or use of your details.

8. Transfer of Your Personal Data across Country Borders

We may sometimes need to transfer your Personal Data outside the country’s borders when dealing with our international partners to provide services to you, such as cloud service providers, or as part of our Group obligations and operations. Any transfer or transmission of your Personal Data to, and/or storage at a location outside country borders will be in accordance with applicable Privacy Law.

We will only share or store the data outside borders where necessary, with appropriate and adequate safeguards in place, and with parties who are bound to protect your Personal Data with the same level of care and security as required under applicable Privacy Law.

9. Retention of Your Personal Data

Depending on the relationship you have with us, we will retain your Personal Data for as long it is needed to fulfil the purposes it was collected for, and for any additional period that is required to meet our legal, regulatory or legitimate business requirements. For example, where it is relevant to a complaint, to protect our legal right, or if we reasonably believe there is a prospect of legal action in connection with our relationship with you.

During this retention period, your data will continue to be stored securely and in accordance with applicable Privacy Law and this Notice.

10. Marketing and Surveys

We may use your Personal Data to:

Keep you updated about our products and services;
Share information about our discounts, offers, rewards, promotional campaigns, events, lucky draws that may be relevant and beneficial to you;
Invite you to participate in market research or surveys, to provide your feedback with the aim of improving our offerings and customer experience.

We will not contact you for these purposes if you have specifically asked us not to do so. You have the right to opt out of receiving such communication at any time, and your choice will apply to future communications. To do so please contact your branch or our Customer Service at, +965 22917222 or e-mail us at hellodoha@dohabank.com.qa.

11. Use of Cookies

The Doha Bank Website uses cookies, which are small pieces of information that are automatically downloaded to your device when you visit a website. Cookies help improve your browsing experience and allow us to understand how our website is used. This information may include your preferences and settings, website usage, for instance, how often you visit pages, number of visitors and their behaviour, targeted advertising, and information for authentication.

You have the option to accept or decline cookies by:

Changing your browser settings to notify you when you when a cookie is sent, so you can choose whether to accept it.
Setting your browser to automatically block cookies.

12. Your Rights and How You Can Exercise Them

Subject to applicable laws and regulations, you may have the right to invoke your rights in relation to your Personal Data being processed by us.

The rights that you can invoke as an individual can be:

#	Individual Rights	Explanation
1	Right of access / Right to obtain	You may request a copy of the personal data processed in relation to you. We may charge a fee for this as permitted by law.
2	Right to rectification	It is important that the Personal Data we hold about you is accurate and current. You may request that we correct your Personal Data. For individual customers, you can choose one of the options below to update your information, Online and Mobile Banking Channels Doha Bank Branches For detailed information, you may visit: https://qa.dohabank.com/customer-information-update/
3	Right to erasure / Right to be Forgotten	You may request deletion of your personal data, for example if we no longer have a valid reason to process it. Please note that, in certain circumstances, we will not be able to delete your Personal Data without deleting your user account. To satisfy our legal or contractual obligations or to comply with regulatory requirements, we may be required to retain some of your Personal Data even after you have requested it to be deleted. In addition to this we may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs or legal obligations. We will communicate what data we will retain and the reason for the same when you raise such a request.
4	Right to object	You may object to how we process your personal data. This does not mean you can decide or choose how we process your personal data other than in relation to marketing. If you have any concerns about how we process your personal data, please discuss this at your branch or with your Relationship Manager. We may not be able to offer you services if you do not want us to process the personal data we consider necessary to process to provide the product or services. You have the right to object to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you, except in specific cases provided by law.
5	Right to be notified of processing	You have the right to be informed about the collection and use of your personal data upon request.
6	Right to be notified of inaccurate disclosures	You have the right to be notified when a third party has been given inaccurate information concerning your personal data.
7	Right to withdraw consent	You have the right to withdraw your consent at any time. Please contact us if you want to do so. Please note, if you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will inform you.
8	Right to protection and lawful processing	You have the right to the protection of your Personal Data. Your data shall be processed only within the framework of transparency, honesty, and respect of human dignity, and acceptable practices according to the applicable laws.

You can submit a request to exercise any of these rights by sending us an e-mail at hellodoha@dohabank.com.qa or calling us at +965 22917222 attaching a copy of your ID or equivalent details (where requested by us and permitted by law).

If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf with your authorization, the request will be rejected. We may also reject a request where the request is deemed excessive or malicious, or if an exemption applies.

Please note that any identification information provided to us will only be processed in accordance with, and to the extent permitted by applicable laws.

We shall provide information on action taken on a request pertaining to the rights above without undue delay and in any event within 30 calendar days of receipt of the request.

13. Contact Us

If you have any questions or comments about our privacy practices, or you wish to exercise your privacy rights, you can always reach out to us via email at hellodoha@dohabank.com.qa.

We will acknowledge and investigate any grievance or complaint about the way we manage your Personal Data as expeditiously as possible.

If you are unhappy about the way in which we handle your request or issue, you have a right to raise a concern with the regulatory or supervisory authority in charge of data protection issues.

14. Changes to the Notice

This Notice is subject to change and may be updated periodically to reflect any amendments in the applicable privacy laws, any change in the way we handle your Personal Data and based on your feedback wherever applicable, any other required changes. The updated Notice will be posted on this website. By continuing to use our website and to interact with us, you are confirming that you have read and understood the latest version of our Privacy Notice.