First National Bank S.A.L. (hereinafter referred to as “the Bank”, “we”, or “our”) commits to enforce adequate security measures at all times to protect the confidentiality and privacy of your personal and financial data and information in line with applicable laws and regulations, as well as to preserve the banking secrecy under the law dated September 3rd
and its subsequent updates.
This Privacy statement describes how we collect and use information you provide through your interaction with any of our e-services and for advertising purposes.
Collection and Usage
For the sound and secure processing of transactions via its electronic services channels, the Bank may collect additional data and personal and sensitive information, while maintaining utmost confidentiality, in line with the two principles: purpose limitation and data minimization. The types of data and information we may acquire include but not limited to the name, title, address, date of birth, gender, family information, contact particulars, financial information, investment objectives and risk tolerance of the customer.
This information may be used but not limited to the below:
- To communicate with you;
- To process your requests and ensure that the financial relationship with you is accurate and up-to-date;
- To verify your identity in order to allow access to your accounts;
- To make transactions and maintain measures aimed at preventing fraud and protecting the security of your account and personal information;
- To respond to your inquiries;
- To send you important information regarding the Bank’s website, changes to Online Banking Privacy Notice and Terms & Conditions, or any other administrative matter;
- To allow you to participate in surveys and promotions;
- For data analysis, audits, developing and enhancing the Bank’s products and services, and developing the Bank’s website;For identifying usage trends and determining the effectiveness of promotional campaigns;
- For risk control, and fraud detection and prevention;
- To comply with laws and regulations;
- To send you marketing communications that may be of interest to you after obtaining your clear and explicit consent;
Such information shall not be disclosed to third parties except in any of the following cases:
Your consent is obtained, or for the purpose of outsourcing operations, in which case the Bank conducts a thorough due diligence on that third party and takes all appropriate steps to ensure that the third party undertakes strict controls to ensure the confidentiality and safeguard of the data and personal information, or
The Bank is compelled to do so, to comply to a judicial or regulatory order under Lebanese applicable laws and regulations
When you use our e-services, we may collect information that does not reveal your explicit identity or does not directly relate to a person, such as but not limited to:
Browser and device information: MAC address, operating system version, internet browser type, IP address…
Cookies which are text files placed on your computer to collect standard internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies to improve your experience of our website.
We use Google Analytics in order to track and obtain details of our Website’s traffic. To stop Google Analytics from collecting your usage data whilst on the Website, please visit tools.google.com
The Bank shall apply appropriate security measures on its systems (such as access permissions, anti-virus software…) to prevent the loss, destruction, falsification, alteration and leakage of your data and personal information. The Bank shall also exert all possible efforts to ensure that external parties who have access to the data maintain strict controls and confidentiality.
The Bank shall implement the following security measures:
- On Electronic Banking Services in general:
- On Mobile Banking Services:
- Encrypted data, whether stored in the e-service application or transmitted to the Bank’s servers, thus making it unreadable as it flows over the internet
- Secure authentication (using login credentials, security PIN, fingerprint, QR code, etc.), which allows you to access the applications using your credentials only and requests you to change your password regularly
- Fraud protection, which requests you to enter security credentials, such as One-Time Password or Transfer PIN, for transfer transactions
- Application time out, which automatically locks the application after a period of inactivity. The customer should authenticate to unlock
- Login ID or customer ID automatic block, which occurs after 3 wrong password or PIN trials
- Remote data wipe, which can be executed remotely by the Bank or by yourself if the phone is lost or stolen. This action wipes the mobile application data as well as the keys used to encrypt said data and information
- Application updates, which provide the latest functionalities and fixes
Personal and sensitive information should be as accurate, complete and up-to-date as necessary for its purposes of use. If you believe your account information is inaccurate, incomplete or not current, please contact our call center on 1244 (for local calls) or 00961-1-963111 (for international calls), or visit any of our branches.
Third Party Sites
Please refer to them to better understand your rights and obligations with regard to such content. In addition, please note that when visiting any of official Bank social media page, you are also subject to the Terms & Conditions of our E-services contract and this policy.
The Bank may provide links to third party websites, such as merchants or service providers. If you follow links to websites not affiliated or controlled by the Bank, you should review their privacy and security policies and their terms and conditions, as they may be different from those of the Bank’s sites.
The Bank is not responsible for and does not guarantee the security or privacy of these websites, including the completeness, accuracy, or reliability of the information published thereon.
Data Protection regulations
The Bank ensures compliance with the Lebanese laws and Regulations with respect to electronic services and the collection and processing of personal data.
Errors and Corrections
The Bank seeks to provide accurate information on and through its e-services, but errors may occur and information may become out of date. The Bank does not guarantee the accuracy, completeness, or timeliness of the information available on or through any of our e-service platforms.
The Bank may change the information available on or through the Website at any time and from time to time without any notice or liability to you or to any other person. Also note that Currency exchange rates and Interest rates posted on our e-services are valid as per their posting date and time mentioned with the post and are listed for informative purposes only.
Complete and up-to-date information about rates, products and services can be obtained by calling the Call Center on 1244
(for local calls) or 00961-1-963111
(for international calls), branches and offices.
Raise your voice
The Bank’s customers can submit any complaint, comment or any issue through the Bank’s website www.fnb.com.lb
or by calling the Call Center on 1244
(for local calls) or 00961-1-963111
(for international calls).
All registered complaints will be directly transferred to the concerned entity at the Head Office; Branch Management and Staff at the concerned branch shall not have access to such complaints.
Policy Update and Changes
The Bank highly recommends you to refer to the attached appendix and read the useful security tips.
Information Security Tips
The following are some of the most highly recommended measures helping you to protect your privacy. Note that the list is by no means exhaustive as new methods are continuously being devised. Accordingly, the bank shall not assume any responsibility of any kind whatsoever resulting from their relevance.
- Be aware of Social Engineering:
- On Electronic Banking Services in general:
- Social engineering is a technique used to manipulate people into performing actions or divulging confidential information by tricking or misleading them to bypass security measures and tools.
- The purpose is to gather confidential information from people through phone, email, regular mail, unsolicited text messages (SMS) or direct contact and use this information in illegal activities such as committing fraud, gaining unauthorized access to systems, etc.
- On Internet Banking Services:
- Avoid keeping the original printed copy of any password or writing it down on any device for accessing the e-banking services or on anything usually kept with or near it
- Do not reveal your password to anyone, and commit to memory rather than writing it down
- Use a complex password, and change it regularly
- Keep up-to-date your anti-virus and malware protections and your operating system. Check regularly for “new security patches” or software updates to prevent vulnerabilities and fix software issues
- Never send emails containing your personal information (account number, login credentials…) since emails are not encrypted and can be intercepted, even at the request of the Bank. We will NEVER request from you any personal information by email, over social media or by text messaging including account numbers, passwords, personal identification information or any other confidential customer information
- Never give out any of your Bank’s account information to a caller, text, or email sender and never write them down or save them on any device
- Make sure your device is set to lock itself automatically after not being used for a specified period of time
- Do not leave the device in question unattended during a valid session
- Do not store personal or other sensitive information (such as your login credentials) on your device. It is also recommended that you regularly delete the browser history, text messages and files from your device
- Immediately contact the Call Center on 1244 (for local calls) or 00961-1-963111 (for international calls), if you suspect having been hacked, or having responded to a fraudulent or phishing email. Fraudulent emails are emails that appear as if originating from FNB.
- Be aware that FNB’s official email address and domain used for communication is “@fnb.com.lb”; any email with a different address should be disregarded and reported to the bank
- Make sure you do not enter your personal details on any unsecured website nor reply to suspicious emails asking for personal information
- Never click on embedded links inside emails originating from unknown or suspicious source
- Always check the identity and security level of the website you are using
- Verify that the website address (URL) is secure: The letter “s” in “https” confirms that the site is fully secure
- Make sure you see the “Security Lock” icon on the webpage next to the URL and click on it to check the website’s identity
- Do not attempt to decompile, reverse-engineer, translate, convert, adapt, alter, modify, enhance, add to, delete or in any way tamper with, or gain access to, any part of e-banking or any internet site or software comprised in it
- On Mobile Banking Services:
- Log out of the application when you are done
- Always verify the Bank’s website name in your browser
- Always check the identity of the website by
- verifying the website address, which starts with “https”
- checking the bottom right of the screen of the login page for the certificate security seal
- inding the green address bar at the top of the webpage and the security lock icon
- Avoid using the “remember password” feature
- Avoid using electronic banking services on public computers
- On ATM and Card Services:
- Use the latest version of the e-services application
- Do not “root” or “jailbreak” your mobile device, to be able to use our mobile application
- Make sure you delete all personal details if and when you sell your smartphone
- Immediately contact the Call Center or visit your branch if your phone was lost or stolen, so that the Bank disables your mobile banking account
- Enable the remote wipe feature on your device, and be ready to wipe it (where applicable) if it is lost or stolen. In case you are not sure how to do so, please seek the Bank’s assistance
- Should you need to report any suspicious email or website or have any questions regarding this notice, please contact us through the Call Center, our official website or social media channels
- Do not under any circumstances reveal your PIN (Personal Identification Number) to anyone
- Do not keep your PIN and card together in the same place
- Protect your PIN. Do not enter your PIN if anyone else can see the keypad. Shield your PIN from onlookers by using your body
- When you arrive at an ATM, make sure nothing is suspicious in the surroundings and nothing makes you feel uncomfortable, if not either use an ATM at another location or come back later
- Have your card and any other document you need ready for use when approaching the ATM
- If someone else is using the ATM when you arrive, give him/her enough space to conduct his/her transaction in privacy
- When you finish your transaction, make sure to have your card and your receipt and leave immediately; do not count your money by the ATM, but in a discrete and safe manner
- Keep your card under your sight every time you use it. Never leave your cards or receipts laying around
- Always check your card bills and statements and make sure that the charges applied are correct
- Never use your card for online purchase on an unsecured website
- If your card is stolen, lost or retained by an ATM, contact the call center immediately on 1244 (for local calls) or00961-1-963111 (for international calls), or CSC’s 24/7 customer service on 00961-1-738800 or 00961-3-738800
- Lower your daily and monthly ATM cash withdrawal limits to the least needed limit possible