Privacy Policy

Last Updated: January 27, 2026

1. Introduction

Faratech Islamic Bank ("we," "us," "our," or "Faratech") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital banking services, website, and mobile application.

By accessing or using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

• Personal Identification Information: Name, date of birth, national identification number, passport details, and other government-issued identification
• Contact Information: Email address, phone number, postal address, and physical address
• Financial Information: Bank account details, transaction history, income information, and financial statements
• Account Information: Username, password, security questions, and authentication credentials
• Application Information: Information provided in account opening forms, loan applications, investment applications, and other service requests
• Communication Records: Correspondence with our customer service team, feedback, and survey responses
• Biometric Data: Fingerprint, facial recognition, or other biometric identifiers (with your explicit consent)

2.2 Information We Collect Automatically

When you use our services, we automatically collect certain information, including:

• Device Information: Device type, operating system, unique device identifiers, mobile network information, and device settings
• Usage Information: Pages visited, features used, time spent on pages, click patterns, and navigation paths
• Location Information: IP address, approximate location based on IP, and precise location (with your permission)
• Technical Information: Browser type, browser language, access times, and referring website addresses
• Transaction Information: Transaction amounts, dates, times, merchant information, and transaction patterns

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Credit Bureaus: Credit reports, credit scores, and credit history
• Identity Verification Services: Identity verification and authentication data
• Government Agencies: Regulatory compliance information and verification data
• Business Partners: Referral information and joint service offerings
• Social Media Platforms: Information you choose to share through social media integrations

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• To create and manage your accounts
• To process transactions and payments
• To provide Sharia-compliant banking products and services
• To facilitate Zakat calculations and distributions
• To manage investment portfolios and profit-sharing arrangements
• To deliver customer support and respond to inquiries

3.2 Legal and Regulatory Compliance

• To comply with applicable laws, regulations, and banking standards
• To meet anti-money laundering (AML) and know-your-customer (KYC) requirements
• To comply with Sharia governance and Islamic banking regulations
• To respond to legal processes, court orders, and government requests
• To prevent fraud, money laundering, and other illegal activities

3.3 Business Operations

• To improve our services and develop new products
• To conduct research and analytics
• To personalize your experience
• To send you important account updates and notifications
• To communicate about products, services, and promotions (with your consent)

3.4 Security and Fraud Prevention

• To authenticate your identity
• To detect and prevent fraud, unauthorized access, and security threats
• To protect the rights, property, and safety of Faratech, our customers, and others
• To enforce our terms and conditions

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual Necessity: To fulfill our contractual obligations to provide banking services
• Legal Obligation: To comply with applicable laws and regulations
• Legitimate Interests: To operate our business, prevent fraud, and improve our services
• Consent: Where you have provided explicit consent for specific processing activities
• Vital Interests: To protect your or another person's vital interests

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

• Payment processors and financial service providers
• Cloud storage and hosting providers
• Identity verification and authentication services
• Customer support and communication services
• Analytics and marketing service providers (with appropriate safeguards)

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect the safety of our users or the public

5.4 Sharia Compliance

We may share information with our Sharia Advisory Board and external Sharia auditors to ensure compliance with Islamic banking principles, subject to confidentiality obligations.

5.5 With Your Consent

We may share your information with third parties when you have provided explicit consent for such sharing.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by relevant data protection authorities
• Adequacy decisions by regulatory bodies
• Binding corporate rules and other approved transfer mechanisms

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data encryption in transit and at rest
• Access Controls: Limited access to personal data on a need-to-know basis
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Security audits and assessments
• Employee Training: Regular training on data protection and security practices
• Incident Response: Procedures for responding to security incidents

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Maintain business records as required by law

Retention periods may vary based on the type of information and applicable legal requirements. Financial records are typically retained for a minimum of 7 years as required by banking regulations.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format
• Request information about how we process your data

9.2 Correction and Deletion

• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)
• Object to processing of your personal information

9.3 Restriction and Objection

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Withdraw consent where processing is based on consent

9.4 Marketing Communications

• Opt-out of marketing communications at any time
• Unsubscribe from email newsletters and promotional messages
• Manage your communication preferences in your account settings

9.5 Exercising Your Rights

To exercise your rights, please contact us at:

Email: privacy@faratech.africa
Address: Faratech Islamic Bank, Dakar, Senegal
Phone: +221 800 FARATECH

We will respond to your request within 30 days, or as required by applicable law.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Provide personalized content and advertisements
• Improve our services and user experience

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our services.

For more information about our use of cookies, please see our Cookie Policy.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information.

12. Sharia Compliance and Ethical Data Use

As an Islamic bank, we are committed to:

• Using your data in ways that comply with Islamic ethical principles
• Not using your data to support prohibited (haram) activities
• Ensuring transparency in how we use your information
• Respecting your privacy as a fundamental right

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification
• Displaying a prominent notice in our mobile application

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer
Faratech Islamic Bank
Dakar, Senegal
Email: privacy@faratech.africa
Phone: +221 800 FARATECH

15. Regulatory Information

Faratech Islamic Bank operates under the supervision of relevant banking and financial services regulators in Senegal and West and Central Africa. We comply with:

• Data protection laws applicable in Senegal
• General Data Protection Regulation (GDPR) for EU residents
• Regional banking and financial services regulations
• Islamic banking and Sharia governance requirements

16. Complaints

If you believe we have not handled your personal information in accordance with this Privacy Policy or applicable law, you have the right to lodge a complaint with:

• Our Data Protection Officer at privacy@faratech.africa
• The relevant data protection authority in your jurisdiction
• Banking regulatory authorities in Senegal

---

This Privacy Policy is effective as of January 27, 2026, and applies to all users of Faratech Islamic Bank services.