Privacy Notice

Privacy Notice


Your privacy and the protection of your personal information and data are important to us. Here at Al-Nisr Al-Arabi Insurance Company (the "Company") or “we”, we assure you that the Personal Data you provide to us is treated as private and confidential, with the highest levels of security, and processed in accordance with the Personal Data Protection Law in Jordan, Law No. 24 of 2023, and Central Bank of Jordan (CBJ) Decision on Data Processing for entities under its controls and supervision, hereafter referred to as the “Personal Data Protection Regulatory Requirements”.  

This privacy notice, hereinafter referred to as the "Notice", aims to provide you with information on how we use your Personal Data, the steps we take to ensure its confidentiality and security, what Personal Data we collect, process, and what your rights are regarding the privacy of your data and how you can exercise them.


 How We Collect Your Data

The Company collects your data through one of the following methods:

  • Directly: We obtain Personal Data directly from you through the Company's authorized direct sales channels, so you can access a service from the Company or engage with the Company, including but not limited to: filing a complaint, entering into an employment relationship, or for other purposes based on the required or agreed-upon services.
  • Indirectly: We may obtain Personal Data about you indirectly from multiple sources, including; website usage tracking files "Cookies", device profiling files, social media, public sources, business partners, and recruitment services, in order to better serve you or to fulfill a legal obligation such as a request for clarifications from the court, or for other legitimate interests according to relevant laws.

 

How We Use Your Data

We collect your Personal Data for various reasons related to our services, products, or interactions with you, including but not limited to:

  • To provide and manage your account and our relationship with you.
  • To provide you with information and other details about insurance documents or your relationship with us.
  • To handle inquiries and complaints.
  • To deliver our services to you.
  • To conduct evaluation, testing, and analysis for statistical purposes or other market research purposes.
  • To assess, develop, and improve the services we provide to you and other clients.
  • To protect our business interests and develop our business strategies.
  • To communicate with you, by mail, phone, text messages, email, and other digital means.
  • To collect any due installments.
  • To comply with regulatory requirements and reporting obligations related to financial crime prevention.
  • To assess any applications submitted.
  • To monitor, record, and analyze any communications between you and us.
  • To share your data with the Central Bank, Tax Department, or any relevant government or official entities.
  • To share your data with our partners, service providers, and external auditors.
  • To recruitment and auditing agencies regarding prospective job applicants.
  • For litigation purposes, legal consultations, notifications, or transaction documentation.

 

Legal Basis for Processing Your Personal Data

- As necessary to comply with a legal requirement from a regulatory or judicial authority

We process your Personal Data to comply with laws and regulations applicable to us, including anti-money laundering laws and regulations, compliance monitoring instructions, and anti-fraud regulations. For example, collecting “Know Your Customer” (KYC) data — including income details, work address, and residential address — is required under anti-money laundering regulations applicable to the Company.

- Contractual obligation: 

We process your Personal Data when it is necessary to enter into a contract with you, to perform an existing contract, or to take steps at your request prior to entering into a contract.
For example, when you apply for an insurance policy, we need to process your Personal Data to assess your application, determine policy terms, and issue the insurance coverage.

- Legitimate interests

We process your Personal Data as necessary to fulfil a legitimate interest such as Processing Personal Data as necessary to protect against cyber risks, enhance the company’s products and services, and profiling activities intended to ensure more customized and personalized products and services. In line with Central Bank of Jordan Regulation on Personal Data Protection, where the company uses the legitimate interest as a basis of Processing, the company ensures the legitimate interest perceived does not affect individuals’ rights and interests and does not override them. 

- Consent: 

Where none of the above basis apply, we shall process your Personal Data based on your consent. You can submit a request to withdraw such consent – please refer to section below (What are your rights and how you can exercise them).

 

What Personal Data We Collect and Process

The Personal Data we collect includes information provided by you during the contractual relationship between our company and you or at any time thereafter, such as:

  • Personal details, such as name, date of birth, email address, nationality, marital status, gender, and contact information.
  • Current residential address and permanent residence address, along with proof of address documents.
  • Identity data, including documents and details of identity cards and passport details.
  • Employment details, including employer, job status, job title, full name, email address, address, personal phone number, and work phone number.
  • Financial data: income and source of income.
  • Tax status data such as tax identification number, FATCA regulatory compliance forms for foreign accounts, to comply with FATCA requirements by using accounts opened in foreign financial institutions outside the United States.
  • Details of insurance and financial transactions conducted by you or any associated persons, including dates, amounts, currencies, payment details, and beneficiaries.
  • Audiovisual recordings, including CCTV captured images.
  • Digital identifiers (IP address, email).
  • Website usage tracking files "Cookies" (please refer to our cookie notice).
  • Data required to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) requirements and other regulatory obligations, and data needed by the company to fulfill regulatory reporting obligations such as reporting suspicious activities to relevant authorities.
  • Information about other individuals, such as witnesses, family members, emergency contacts, and guardians, including their signatures, addresses, and relationship to you.
  • Information about legal disputes and complaints related to you.
  • Information about agreements and contracts entered into with our company, invoices, and commissions.

Data Storage and Hosting Locations

Al-Nisr Al-arabi Insurance Company stores and processes Personal Data using secure infrastructure located in two countries: Europe and the United Arab Emirates. This is necessary for alignment with disaster recovery and business continuity requirements. All storage methods and hosting arrangements are subject to application of technical and organizational safeguards. Data is retained only for the periods necessary to fulfill the purposes for which it was collected or as required by law, after which it is securely deleted, for more information on data retention practices please refer to section (How long do we keep your Personal Data).

 

For How Long Do We Retain Your Personal Data?

We retain your Personal Data to provide our services, stay in touch with you, and comply with laws, regulations, and professional obligations applicable to us. This includes regulatory requirements for record retention applicable to the insurance sector, for example, customer identification Personal Data such as your ID, personal and work details, need to be retained for 5 years. Sometimes we may need to keep your information for longer. The reasons for this include: 

  • where we need the information to meet regulatory or legal requirements
  • to help detect or prevent fraud and financial crime
  • to answer requests from regulators

We will securely dispose of your Personal Data when we no longer need it for the above justifications. Please refer to Compliance and Legislations Enforcement Department at privacy.office@al-nisr.com for further details on our records retention practices. 


Processing Sensitive Personal Data

Personal Data Protection Regulatory Requirements define Sensitive Personal Data as any data or that directly or indirectly indicates the individual’s origin, race, political opinions, religious beliefs, financial status, health, physical or mental condition, genetic data, biometric data, or criminal record. Biometric data refers to unique characteristics, either physical (like fingerprints, DNA, iris patterns) or behavioral (like voice patterns), that are processed by specific technologies to uniquely identify or verify an individual.  Al Nisr ensures there is a lawful basis for Processing of Sensitive Personal Data. For example: 

 

  • Health Data: The Company collects and processes your health data as part of underwriting procedures for insurance applications — such as health and life insurance — and only after obtaining your prior explicit consent. This includes sharing such data with reinsurers and the health insurance management company (NatHealth).
    Health data is also processed as part of the insurance claims review and verification process prior to disbursing benefits to eligible claimants.
  • Financial Status data: The Company collects and processes financial status information of individual clients as part of due diligence procedures, as well as for representatives of corporate clients (e.g., authorized signatories and general managers), and in line with Know Your Customer (KYC) obligations. The Company also collects additional financial information, such as bank account numbers and IBANs, for clients or premium payers, to process premium payments.

 

Additionally, the Company collects financial information of personal guarantors for corporate clients as part of credit evaluation procedures. This data is provided directly by the guarantor

 

Marketing

Al Nisr may send you marketing messages about our products and services. You can object to your personal data being used for marketing purposes at any time by emailing Privacy.Office@al-nisr.com.

 

How Do We Protect Your Personal Data?

We will take reasonable technical and organizational measures to prevent the loss, misuse, or alteration of your Personal Data. We aim to ensure that access to your Personal Data is restricted only to those authorized to do so and committed to maintaining its confidentiality.

If you use online services provided by the company, you remain responsible for maintaining the confidentiality of your username and password.


Data Sharing and Transfer of data outside the Hashemite Kingdom of Jordan

We keep your Personal Data confidential. However, in order to service your needs to the best of our ability, we may share your Personal Data with other parties bound via contractual agreements to safeguard your Personal Data and only process it under our strict instructions. We may also transfer your Personal Data to other Arab Bank Group members and third-party organizations (e.g. service providers) outside of the Hashemite Kingdom of Jordan when we have a business reason to engage Arab Bank Group members or third-party organizations. Each organization is required to safeguard Personal Data in accordance with our contractual obligations.

In essence, we may share the Personal Data about you and your dealings with us, to the extent allowed by Personal Data Protection Regulatory Requirements, with: 

  • The Arab Bank Head Office for legitimate purposes and in compliance with the law, such as centralized compliance requirements with the Head Office.
  • Third-Party Service Providers including cloud service providers for legitimate business purposes and in line with applicable laws and regulations.
  • External Auditors which need to conduct audits of the company per applicable laws and regulations and may request sample company data for validation and testing purposes.
  • Regulatory bodies, government entities, and official entities, including those specialized in combating financial crimes and tax authorities.
  • Insurance Service Providers acting on behalf of the company.
  • Courier and postal services as necessary to make deliveries
  • Law firms, lawyers, or professional advisors where we need to revert to such legal advisors
  • Other parties with whom you have consented to share your data.

Please refer to Compliance and Legislations Enforcement Department at privacy.office@al-nisr.com for further details and contact details of such third parties as well as their respective Privacy Notices (where applicable). 

 

What are your rights and how can you exercise them?

You may exercise the following rights concerning your Personal Data:

  • Right to access your Personal Data within the custody of the Company
  • Right to be notified of processing
  • Right to withdraw prior consent you have provided for the Processing of your Personal Data
  • Right to rectify, modify, or update your Personal Data
  • Right to limit processing for a specified purpose
  • Right to erase your Personal Data or to restrict the Processing of your Personal Data
  • Right to object to Processing and Profiling if they are not necessary to achieve or outweigh the purposes for which the Personal Data was collected, or if they are discriminatory, unfair, or violate the law.
  • Right to Personal Data portability in some circumstances, where you have provided personal information to us, you can ask us to transmit that personal information (in a structured, commonly used, and machine-readable format) directly to another company if technically feasible
  • Right to be notified of inaccurate disclosure and breaches on your Personal Data. Note that in the event of a serious breach of your Personal Data security and safety that could cause significant harm to you, the Company shall notify you within (24) hours from the discovery of the breach and provide you with necessary measures to avoid any consequences resulting from the breach. This is in compliance with the Law.

Please note the company shall act promptly on received requests while noting per Personal Data Protection Regulatory Requirements, replies are to be provided within (15) Business days from the date of receipt. Please note that our fulfillment to your requests may be subject to limitations, in certain circumstances, in accordance with the Law. For example, a request to erase your Personal Data in the custody of the company may not apply where we are required to retain this data under regulatory requirements on data retention. 

 

To submit a request to exercise any of these rights, please send an email to privacy.office@al-nisr.com

 

 

Contact Information:

Al-Nisr Arab Insurance Company

Jordan, Shmeisani, Issam Al-Ajlouni Street, P.O. Box: 9194, Postal Code: 11191, Amman, Jordan

 

For More Information:

If you have any questions regarding this notice or would like to know more about our security practices, please contact us at privacy.office@al-nisr.com


Complaints:

If you have any complaints on Personal Data processing conducted by the company, please share your concerns with privacy.office@al-nisr.com. Please note the company shall act promptly on received requests while noting per Personal Data Protection Regulatory Requirements, replies are to be provided within (10) days from the date of receipt.  

You also have the right to share your concerns to the Personal Data Protection Council established per the Law. Click the link to view the Personal Data Protection Council contact details: https://www.modee.gov.jo/EN/Pages/Contact_Us_pdp_En  

 

Amendments to the Notice:

We reserve the right to update this notice to reflect changes in our practices in accordance with the law, regulations, and applicable instructions. Any updates will become effective immediately upon the publication of the updated notice on our website.

 

Key Definitions:

Processing: Any operation or set of operations performed in any way or means for the purpose of collecting, recording, copying, storing, organizing, modifying, using, transmitting, distributing, disclosing, linking to other data, making available, or otherwise making available, or otherwise processing, or concealing, encoding, erasing, restricting, or deleting, modifying, describing, or disclosing, by any means.

Personal Data: Any information related to an identified individual or an individual who can be identified, whether it pertains to their private, professional, or public life — such as an ID number, address, phone number, email, or any other data that can be used to identify the person.

Sensitive Personal Data: any data or information that directly or indirectly indicates the individual’s origin, race, political opinions, religious beliefs, financial status, health, physical or mental condition, genetic data, biometric data, or criminal record. 


Revision History 

  • Privacy Notice Posted | July, 2024
  • Privacy Notice Updated | June, 2025
  • Privacy Notice Updated | Dec, 2025  
  • Privacy Notice Updated | March 2026