Privacy Notice – Bahrain 

This privacy notice explains explain in a simple and transparent way personal data HDFC Bank, Ltd. (Bahrain Branch) (“HDFC Bank" or “we") collect about you, how we’ll use that data, who we’ll share it with, the circumstances when we’ll share it and what steps we’ll take to make sure it stays private and secure. 

Data Manager 

HDFC Bank, Ltd. (Bahrain Branch) is manager and responsible for your personal data. If you have any questions about or requests relating to this privacy notice, please contact the Bank using the details set out below. 

Our full details are: HDFC Bank, Ltd. (Bahrain Branch) 

Postal address: Bahrain Financial Harbour  
West tower, 49th floor  
Building no 1459, Road no 4626,  
Manama, Kingdom of Bahrain  
Email :  

About this Privacy Notice 

Effective Date: 18th September, 2023 

Changes to the privacy notice and your duty to inform us of changes 

Data protection laws are constantly evolving, and it is very important that the personal data we hold about you, if any, is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

How we collect your data 

  • From the information you provide to us when you meet us; 
  • When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication; 
  • When you complete (or we complete on your behalf) client on-boarding or application or other forms; 
  • From your agents, advisers, intermediaries, and custodians of your assets; 
  • Automated technologies or interactions. As you interact with our website. We collect this personal data by using cookies, server logs and other similar technologies. 

What information we collect 

We’ll only collect your information in line with relevant regulations and law. The information we collect may include: 

i.) Your Full legal name and any other names used and contact information such as your Full permanent address (i.e. the residential address) [Driving licence or, Telephone bill (not older than 2months) or, Electricity bill (not older than 2 months), Any other utility bills (not older than 2 months), Bank account statement/credit card statement (not older than 2 months), Lease deed/Rent agreement copy, Letter from any recognized public /Government authority (In original), Copy of any other document issued by the Government authorities which contains your address, A “home visit report” from the official of the bank],  business address, email address and telephone number/fax number; 

ii.) Biographical information which may confirm your identity including your date and place of birth, nationality, tax identification number and your passport number (if the customer is a passport holder), national identity card details [CPR or Iqama number (for residents of Bahrain or GCC states)], country of domicile and/or your nationality; Visa/Work permit/Residence Card, Social Security Number and W9 form (US Residents) 

iii.) Information relating to your financial situation such as employer’s name and address (if self-employed, the nature of the self-employment), type of account, and nature and volume of anticipated business dealings with the conventional bank licensee, income proof (three months’ statement of the bank account to which salary is credited, contract of employment giving salary details/salary slip issued by the employer along with any other bank statement for three months, income tax returns), expenditure, assets and liabilities, sources of wealth, signature as well as your bank account details; 

iv.) Technical Data about your equipment, browsing actions and patterns 

The personal data mentioned above is an indicative list only and not exhaustive. 

We usually collect your personal data directly from you. However, sometimes we may need to collect personal data about you from third parties for the purposes described below. The circumstances in which we may need to do this include, for example, where we need information from a third party to assist us to process an application (such as to verify the information you have provided or to assess your circumstances) or to assist us to locate or communicate with you. 

How we’ll use your personal data 

We’ll only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we: 

i.) Performance of a contract with you. 

We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. 

In this respect, we use your personal data for the following: 

  • To register you as a new customer 
  • Undertaking actions, taking up references and making such other enquiries as we deem necessary, for the purposes of verifying your identity; 
  • To prepare a proposal for you regarding the services we offer; 
  • To deal with any complaints or feedback you may have; 
  • To process and deliver your order including manage payments, fees and charges 
  • To provide you with the services as set out in our Agreement with you or as otherwise agreed with you from time to time; 

In this respect, we may share your personal data with or transfer it to the following: 

  • Third parties whom we engage to assist in delivering the services to you (including any agent, introducer, depository, administrator, stock exchange, clearing or settlement system, account controller or other participant in the relevant system, counterparties, dealers, custodians, intermediaries and others where disclosure is intended for the purpose of effecting transactions in connection with a client agreement or establishing a relationship with a view to such transactions); 
  • Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers; 
  • Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you; 
  • Our data storage providers. 
  • With Bank’s offices in India to process your application 

ii.) Legitimate interests 

We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person. 

In this respect, we use your personal data for the following: 

  • For marketing to you. In this respect, see the separate section on Marketing below; 
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you 
  • To make suggestions and recommendations to you about goods or services that may be of interest to you; 
  • With internal Bank departments and bank affiliates 
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences 
  • For the administration and management of our business, including recovering money you owe to us; 
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 
  • Seeking advice on our rights and obligations, such as where we require our own legal advice. 

In this respect we will share your personal data with the following: 

  • Our advisers or agents where it is necessary for us to obtain their advice or assistance; 

iii.) Legal obligations 

We also process your personal data for our compliance with a legal obligation which we are under. 

In this respect, we will use your personal data for the following: 

  • Meeting legal and regulatory requirements, such as for the prevention of money-laundering, terrorism, fraud, tax evasion, bribery and corruption or other crimes. Various local and international laws may expressly require us to collect/and or disclose your personal data, or we may need to do so in order to be able to comply with other obligations under those laws. Such laws include – Decree Law No. (4) Of 2001 with respect to the Prevention and Prohibition of the Laundering of Money “Bahrain/US Inter-Governmental Agreement” (regarding FATCA) and other taxation laws (for example, to comply with reporting obligations or information requests); 
  • As required by regulatory, monetary, tax or fiscal authorities or any competent court or legal authority. 

In this respect, we will share your personal data with the following: 

Our advisers where it is necessary for us to obtain their advice or assistance; 

  • Our auditors where it is necessary as part of their auditing functions; 
  • With third parties who assist us in conducting background checks; 
  • With relevant regulatory, monetary, tax or fiscal authority or law enforcement agencies where we are required to do so. 


We will send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters, and invitations to events or functions which we believe might be of interest to you. 

We will communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels. 

If you object to receiving marketing from us at any time, kindly contact us. 

Transfer and processing of your personal data 

When sharing your personal data with third parties as set out in this Privacy Notice, some of the recipients may be located outside Bahrain. Your personal data will only be transferred outside Bahrain on one of the following bases:  

  • You have explicitly consented to the proposed transfer. 
  • The jurisdiction where we send the personal data is providing an adequate level of protection for personal data; 
  • The Bahrain Data Protection Commissioner has granted a permit or written authorisation for the transfer or the set of transfers and we apply adequate safeguards with respect to the protection of this personal data; 
  • The transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken in response to your request; 
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and a third party; 
  • The transfer is necessary or legally required on grounds important in the interests of the Bahrain, or for the establishment, exercise or defence of legal claims; 
  • The transfer is necessary in order to protect your vital interests; 
  • The transfer is necessary to uphold our legitimate interests recognised in the international financial markets, provided that such is pursued in accordance with international financial standards and except where such interests are overridden by your legitimate interests of relating to your particular situation; 
  • The transfer is necessary to comply with any regulatory requirements, auditing, accounting, anti-money laundering or counter terrorist financing obligations or the prevention or detection of any crime that apply to us. 

How long we’ll keep your information 

HDFC Bank is incorporated and regulated in India, its overseas branches are regulated by host country regulations and subsidiaries are governed under applicable laws. As such, your personal data is stored on secure systems within HDFC Bank premises within India and with providers of secure information storage in India. 

We keep your information in line with our data retention policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly. 

Your rights 

We respect your rights as a customer to determine how your personal data is used. These rights include the right to: 

  • Obtain access to, and copies of, the personal data that we hold about you; 
  • Require us not to send you marketing communications. 
  • Require us to correct, obscure or erase your personal data; 
  • Object to decisions made on the basis of automatic processing 

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. 

How we keep your information secure 

HDFC Bank is ISO 27001:13 compliant. We seek to use reasonable organizational, technical and administrative measures to protect Personal data within our organization. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. 

More details about your information 

If you’d like further information on anything we’ve said in this notice, or to contact our privacy team ( where applicable, please contact your usual HDFC Bank’s representative, or use the Customer Support option on the HDFC Bank’s homepage, which sets out our contact details in applicable jurisdictions. This Privacy Notice may be updated from time to time and the most recent version can be found at