Personal Data Protection Consent

With reference to the Personal Data Protection Law No. 24 of 2023 and the Decision of the Central Bank of Jordan No. (2025/831) dated 04/08/2025 concerning the processing of data by entities subject to the supervision and control of the Central Bank of Jordan, issued pursuant to the provisions of Article (6/A/6) of the Personal Data Protection Law for all entities under the supervision of the Central Bank of Jordan; and ensure to achieve alignment between establishing the fundamental principles of personal data protection and the necessity to ensure the continuity, sustainability, and integrity of the operation of entities under the supervision of the Central Bank of Jordan in an efficient and effective manner, serving their clients optimally, while considering the privacy and nature of the work of these entities, and within an approach consistent with regulatory and legislative requirements.

I Irrevocably authorize Jordan Ahli Bank according , hereby authorize the collection, processing, use, and retention of my personal data for the regulatory, operational, and legal purposes outlined below, in accordance with the Personal Data Protection Law and all applicable legislation. This includes, but is not limited to, the following:

First : Customer Consent for Data Processing

I hereby consent to the collection and processing of my personal data by the Bank for the following purposes:

  • Open accounts and provide financial products and services.
  • Compliance with legal and regulatory obligations (including anti-money laundering and counter-terrorism financing).
  • Identity verification and management of the contractual relationship.
  • To be contacted regarding related service or marketing purposes.
  • Retention of data for a period consistent with the required legal and regulatory purposes.

Second: Customer Notification of the Entity’s Right to Process Data Without Prior Consent in Certain Cases

The customer hereby acknowledges that he \ she has been informed of their right to be notified, and that the Bank may process their personal data without obtaining prior consent or providing individual notice in the following cases:

A. Where processing is necessary to achieve any of the following purposes:

  1. Compliance with applicable legislation or implementation of judicial decisions or directives from regulatory authorities.
  2. Fulfillment of the requirements of the Anti-Money Laundering and Counterterrorism Financing Law, including sanctions and watchlists, or upon request from regulatory or law enforcement authorities.
  3. Compliance with regulatory requirements issued by regulatory authorities, particularly to safeguard the stability of the financial system or the public interest.
  4. Prevention and detection of financial fraud.
  5. Ensuring the integrity and security of the Bank’s operations.
  6. Implementing anonymization or pseudonymization processes.
  7. Implementation of cybersecurity measures, including data traffic analysis, threat detection, and response to cyberattacks.
  8. Verification of the accuracy of data relating to parties associated with the customer (such as guarantors, legal representatives, family members, and other related individuals or entities).
  9. Execution of business operations, services, and products provided by the Bank or related to it.
  10. Reinsurance arrangements.
  11. To protect the vital interest of the data subject or for other necessary purposes when it is not possible or feasible to contact the data subject and the Bank can demonstrate the necessity of such action.
  12. To achieve a legitimate interest of the Bank, provided that a proper balance is maintained between the Bank’s interest and the rights of the data subject. A prior legitimacy assessment must be conducted by the entity, which includes the following:
  • Identifying the purpose of the processing.
  • Verifying that the purpose is lawful and not in violation of applicable legislations.
  • Confirming that processing is necessary to achieve the stated purpose.
  • Assessing whether the processing could adversely affect the rights and interests of the data subject.
  • Granting the data subject the right to object if any of the above conditions are not met.

B. Data Sharing with Intermediary Parties

The customer agrees that their personal data may be shared with intermediary parties involved in the execution of banking and financial transactions, such as:

  • Correspondent Banks.
  • Licensed electronic money transfer and payment service providers.

This data may be shared without requiring additional consent, to the extent necessary for the execution of such transactions and to meet legal and regulatory requirements.

Third : Customer Rights Under the Law

The customer acknowledges that they have the following rights, which may be exercised by contacting the [Data Protection Department / Customer Service]:

  • The right to access their personal data.
  • The right to correct or update their data.
  • The right to withdraw consent.
  • The right to object to specific processing activities.
  • The right to file a complaint with the competent data protection authority.

I also acknowledge that I can exercise my rights by submitting a request to the Bank’s Data Protection Officer (DPO) via their email ([email protected]). I am also aware that my request will be reviewed and evaluated by the Data Protection Officer and will be fulfilled provided that there is no conflict with any local \ international laws or regulations, and in consideration of the interests of the Bank \ customer.

I also acknowledge that I can view the privacy policy at any time at the following link:  https://ahli.com/privacy-policy/ and published on the bank’s website.

I attest that this legal document is deemed by me as final, irrevocable.