Privacy policy
Privacy Notice
Reflect is a digital mobile banking app that provides a modern and fresh banking experience, streamlining day-to-day banking needs that is powered by Arab Bank. It is located in Arab Bank’s headquarters in Amman Jordan. Address: 8 Shaker Bin Zaid St. Shmeisani, Amman 11195 Jordan.
Your privacy and the security of your Personal Data is very important to us. At Reflect, hereinafter referred to as (“us”, “we”, or “our”), we ensure that Personal Data you provided to us is always treated as private and confidential, afforded the highest level of security, and is processed in accordance with Arab Bank Privacy and Data Protection Policy and applicable regulatory requirements on Personal Data Protection. This includes Personal Data Protection Law 24/2023 and the Central Bank of Jordan Decision on Personal Data Processing by Entities Subject to its Supervision of 2025. This Privacy Notice, hereinafter referred to as “Notice”, aims to provide you with information on how we will use your Personal Data, what steps we will take to ensure it stays private and secure and what Personal Data we collect and process about you as well as your data privacy rights and how you can exercise them.
How we collect your data
We collect your data through one of the following methods:
– Directly: we obtain Personal Data directly from you in order to receive a service from or transacting with us, including without limitation, enter a business relationship, log a complaint, or for other purposes depending on the requested services or agreed upon.
– Indirectly: we may obtain Personal Data about you indirectly from a variety of sources, including: Cookies, device ID’s, social media, public sources, business partners, and recruitment services to better understand and serve you, satisfy a legal obligation, or in pursuance of another legitimate interest.
How we use your Personal Data We collect your Personal Data for various reasons in relation to our services, products or interacting with us, and for other business purposes, including, but not limited to: – – to provide and manage your account(s) and our relationship with you.
– to give you statements and other information about your account or our relationship.
– to handle enquiries and complaints.
– to provide our services to you.
– to conduct assessment, testing, and analysis for statistical purposes or other analysis for market research purposes.
– to evaluate, develop, and improve our services to you and other customers.
– to protect our business interests and to develop our business strategies.
– to contact you, by post, phone, text, email and other digital methods.
– to collect any debts owing to us.
– to meet our regulatory compliance and reporting obligations in relation to protecting against financial crime.
– to assess any application, you make.
– to monitor, record, and analyze any communications between you and us.
– to share your Personal Data with governmental authorities, credit reference agencies, fraud prevention agencies, and overseas regulators and authorities.
– to share your Personal Data with service providers and external auditors as clarified in section below (Who has access to your Personal Data and to whom it may be disclosed).
– recruitment and vetting agencies for prospective job applicants.
– for purpose of litigation, consultation, legal advice or documentation of transactions.
On what legal grounds do we process your Personal Data
We rely on the following lawful reasons when we process your Personal Data:
– Contractual obligation: we process your Personal data as necessary for the entry and/or implementation of a contract with you, or for the conclusion of a contract at your request such as where you submit a request for an Instant loan.
–As necessary to comply with a legal requirement from a regulatory or judicial authority: we process your Personal Data to comply with laws and regulations we are subject to, this includes anti-money laundering, regulatory compliance, and fraud prevention laws and regulations. For example, our collection of Know Your Customer data including your income details, your work address, and residential address is needed under Anti-Money Laundering regulations that we are subject to.
-Legitimate interests: we process your Personal Data as necessary to fulfil a legitimate interest such as Processing Personal Data as necessary to protect against cyber risks, enhance our products and services, and profiling activities intended to ensure more customized and personalized products and services tailored to your needs. We ensure the legitimate interest perceived does not affect individuals’ rights and interests and does not override them.
– Consent: Where none of the above basis apply, we shall process you Personal Data based on your consent. You can submit a request to withdraw such consent – please refer to section below (What are your rights and how you can exercise them).
Which Personal Data do we collect and process
The Personal Data we collect includes data provided by you at the start of our relationship or at any time thereafter such as:
– Personal details such as name, date of birth, email, nationality, marital status, and gender and contact information.
– Current residential address and permanent residential address, and proof of address documents.
– Data about your identity including documents, details of ID cards, details of passports.
-Employer, employment status, job title, full name, email, address and telephone number(s) used for work purposes.
-Financial data: income and source of income, source of wealth, average account financial activity, and engagement data.
– Data about your tax status such as overseas tax-identification number, FATCA forms, etc.
– Details of transactions done by you or by any of your connected persons including dates, amounts, currencies, and payer and payee details.
– Sound and visual images including CCTV footage.
– Digital identifiers (IP address, email).
– Cookies (please refer to our Cookie Notice).
– Risk rating information, e.g., credit risk rating and data about your ability to manage credit.
– Recruitment information and qualifications for prospective job applicants.
– Due diligence data, e.g., data required to comply with financial crime regulations (anti-money laundering, anti-terrorism financing, etc.) and data we need to fulfil regulatory obligations such as Suspicious Activity Reporting.
– Other individuals’ information, such as family and household members, emergency contacts, and/or guardians, which include their signatures, addresses and relationship with you.
– Legal dispute, complaints, and grievance information.
– Agreements, contracts, billing and commissions information.
– Security Information.
– Data about your geographic location and ATMs used
Marketing
We may send you marketing messages about our products and services. You have the right to opt-in or out of receiving marketing messages. You can object to receiving marketing messages / marketing communications from Reflect at any time by sending an email to noreply@marketing.reflectapp.com or communicating with Reflect Care center via WhatsApp on +962792777027.
If you have subscribed to one or more of our services, communications, or mailing lists, you may unsubscribe by following the instructions included in any email that you receive or by contacting “noreply@marketing.reflectapp.com” at any time.
How we protect and safeguard your Personal Data
We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We aim to ensure that access to your Personal Data is limited only to those who need to access it, and those individuals who have access to the Personal Data are required to maintain the confidentiality of such Personal Data. For further information, please refer to Arab Bank Security Statement (https://www.arabbank.com.jo/footernavigation/security-statement).
When using the reflect mobile application, you remain responsible for keeping your user ID and password confidential.
Who has access to your Personal Data and to whom it may be disclosed
We keep your Personal Data confidential. However, in order to service your needs to the best of our ability, we may share your Personal Data with other parties bound via contractual agreements to safeguard your Personal Data and only process it under our strict instructions. We may also transfer your Personal Data to other Arab Bank Group members and third-party organizations outside of the Hashemite Kingdom of Jordan when we have a business reason to engage Arab Bank Group members or third-party organizations. Each organization is required to safeguard Personal Data in accordance with our contractual obligations.
In essence, we may share the Personal Data about you and your dealings with us, with:
– Arab Bank group members for legitimate business purposes such as data backup processes or for insurance purposes.
– Correspondent banks such as, as part of funds transfers, trade services, and other services and products you may request from the us.
– Entities involved in cards and digital payments processing including entities outside Jordan such as VISA and AFS.
– Other Third – Party Service Providers including cloud service providers for legitimate business purposes and in line with applicable laws and regulations.
– External Auditors which need to conduct audits of us as per applicable laws and regulations and may request sample data for validation and testing purposes.
– Regulatory authorities, governmental bodies, financial crime prevention agencies, and tax authorities.
– Courier and postal services as necessary to make deliveries such as for requested credit/debit cards.
– Credit reference organizations.
– Law firms, lawyers, or professional advisors where we need to revert to such legal advisors.
– Debit collection firms when we revert to such service providers for the collection of outstanding debts.
– Other parties with which you have agreed to share your Personal Data with.
Please refer to Privacy and Data Protection Office at the group level at Privacy.Office@Arabbank.com.jo for further details and contact details of such third parties as well as their respective Privacy Notices (where applicable).
How long do we keep your Personal Data
We retain your Personal Data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations, which we are subject to. This includes regulatory requirements for record retention applicable to banks, for example, customer identification Personal Data such as your ID, personal and work details, need to be retained for 5 years as of the termination of the relationship. Sometimes we may need to keep your information for longer. The reasons for this include:
• where we need the information to meet regulatory or legal requirements.
• to help detect or prevent fraud and financial crime.
• to answer requests from regulators.
We will dispose of your Personal Data in a secure manner when we no longer need it for the above reasons. Please refer to Privacy and Data Protection Office at the group level at Privacy.Office@Arabbank.com.jo for further details on our records retention practices. Reflect will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or where we are legally obligated to retain this data for longer time periods.
Processing Sensitive Personal Data
Sensitive Personal Data is defined as any data that, directly or indirectly, indicates the individual’s origin, race, political opinions, religious beliefs, financial status, health, physical or mental condition, genetic data, biometric data, or criminal record. Biometric data refers to unique characteristics, either physical (like fingerprints, DNA, iris patterns) or behavioral (like voice patterns), that are processed by specific technologies to uniquely identify or verify an individual. We ensure there is a lawful basis for Processing of Sensitive Personal Data. For example:
- Biometric Data: selfie photos are considered biometric data when used to identify or validate the identify of an individual. As such, we process your selfie photo (biometric data) as part of authentication when you use our digital apps.
- Health Data: we process your health data as part of procedures for granting loans and financial facilities. However, this is conducted following your consent including on the sharing of this data with the insurance company.
- Financial Status data: we process financial status data which is in alignment with Know Your Customer Regulations that we are subject to.
What Are Your Rights And How You Can Exercise Them
Pursuant to Personal Data Protection Regulatory requirements, you may exercise the following rights concerning your Personal Data:
- Right to access your personal Data within the custody of Reflect
- Right to be notified of processing.
- Right to withdraw prior consent you have provided for the processing of your personal Data
- Right to rectify, modify, or update your personal Data
- Right to limit processing for a specified purpose.
- Right to erase your personal Data or to restrict the processing of your Personal Data
- Right to object to processing and profiling if they are not necessary to achieve or outweigh the purposes for which the personal Data was collected, or if they are discriminatory, unfair, or violate the law.
- Right to Personal Data portability in some circumstances, where you have provided Personal Data to us, you can ask us to transmit that Personal Data (in a structured, commonly used, and machine-readable format) directly to another company if technically feasible.
- Right to be notified of inaccurate disclosure and breaches or your personal Data. Note that in the event of a serious breach of your Personal Data security and safety that could cause significant harm to you, we shall notify you within (24) hours from the discovery of the breach and provide you with necessary measures to avoid any consequences resulting from the breach.
Please note that we shall act promptly on received requests, replies are to be provided within (15) Business days from the date of receipt. Please note that our fulfillment to your requests may be subject to limitations, in certain circumstances, in accordance with the Law. For example, a request to erase your Personal Data in our custody may not apply where we are required to retain this data under regulatory requirements on data retention. To submit a request to exercise any of these rights, please send an email to Privacy.Office@Arabbank.com.jo
Contact information
Arab Bank’s headquarters, 8 Shaker Bin Zaid St. Shmeisani, Amman 11195 Jordan
For More Information
Should you have any questions regarding this Notice or want to learn more about our security practices, please read Arab Bank Security Statement (https://www.arabbank.com.jo/footernavigation/security-statement ), or contact the Privacy and Data Protection Office at the group level at: Privacy.Office@Arabbank.com.jo
Complaints:
If you have any complaints on Personal Data Processing conducted by us, please share your concerns withPrivacy.Office@Arabbank.com.jo. Please note the we shall act promptly on received matters; replies are to be provided within (10) days from the date of receipt.
You also have the right to share your concerns to the Personal Data Protection Council established per the Personal Data Protection Regulatory Requirements. Click to view the Personal Data Protection Council contact details.
Key Definitions:
Personal Data: any information relating to an identified / identifiable individual, whether it relates to his or her private, professional, or public life such as the Identification Document number or address.
Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated Processing of Personal Data evaluating the personal aspects relating to a natural person, in particular to analyze or predict aspects concerning by way of example the individual’s economic situation, personal preferences or interests, behavior, location or movements.
Sensitive Personal Data: any data or information that directly or indirectly indicates the individual’s origin, race, political opinions, religious beliefs, financial status, health, physical or mental condition, genetic data, biometric data, or criminal record.
Jurisdiction and Applicable Law
The Hashemite Kingdom of Jordan courts will have exclusive jurisdiction over any claim arising from, or related to, this Website or Services offered through our Website or through the reflect mobile application. Any dispute or claim arising out of or in connection with this Website or the reflect mobile application shall be governed by and construed in accordance with the Laws of the Hashemite Kingdom of Jordan.
Changes to this Notice
We reserve the right to update this Notice to reflect changes to our practices in alignment with the Personal Data Protection laws and regulations. Any updates will become effective immediately after posting the updated Notice on our website.
Revision History
| Privacy Notice Posted | July 2021 |
| Privacy Notice Updated | September 2024 |
| Privacy Notice Updated | December 2025 |