Website Privacy Policy
This Privacy Policy explains the information we collect from you when you use our website. As a data controller, we are legally required to inform you about our identity, the reasons and methods for collecting your data, and your rights regarding your data.
In this policy, “We,” “Us,” or “Our” refers to Capital Invest, a subsidiary of Capital Bank, and any affiliated entity operating under the Capital Bank Group that you may interact with, directly or indirectly, through our website.
“You” or “Your” means the end user and/or customer of Capital Invest, any individual or legal entity, who accesses our website, receives information about Capital Invest’s products/services and marketing activities, or engages in other activities through our website.
Forany inquiries regarding this policy, please contact us via email or submit a request through the “Contact Us” form on our website.
Identity and Contact Details of the Controller and Data Protection Officer
Capital Invest is the Data Controller responsible for collecting, using, and processing your personal data in both manual and electronic formats. For any queries, comments, or requests regarding the processing of your personal data, please contact us at:
Email: DPO@capitalbank.jo
For matters specifically related to data protection, you can also reach out to our Data Protection Officer at the same contact details provided above
Data We Collect
We collect personal data and information from you when you submit an enquiry through our website, including your name, contact details (such as your telephone number and email address), and any information you choose to provide in your enquiry request. This enables us to respond to your enquiry, provide you with relevant information about our products and services, and follow up with you where necessary to ensure your request has been handled appropriately. We process this information based on our legitimate interest in responding to enquiries, improving our customer experience, and providing accurate and timely information.
In addition, to enhance our online services and better understand how users interact with our website, we use tracking technologies such as Facebook Pixel. This allows us to collect certain technical and usage-related data, including your IP address and browser information, page activity, referral links, and interactions such as button clicks and visited pages. Facebook Pixel may also collect pixel-specific identifiers, such as the Pixel ID and related cookies, as well as optional values such as custom events, page types, and form field names (e.g., email or address fields).
We store and process your enquiry information securely and do not use the data you provide to make any automated decisions that may significantly affect you.
Legal Basis for Processing
We will only use your personal data where we have your consent or another lawful basis for doing so. The lawful basis for processing your Personal Data (and any Sensitive Data, where applicable) includes the performance of our contractual relationship with you and its related obligations, including any preliminary steps required prior to establishing such relationship. We may also process your data where necessary to comply with legal and regulatory requirements, or where we have a legitimate interest in improving our services and protecting our operations.
The reasons we use your data include:
• Delivering our products and services and providing you with requested services.
• Verifying your identity and ensuring account and transaction security.
• Communicating with you regarding your accounts, enquiries, and our services.
• Improving our products, services, and customer experience.
• Complying with applicable legal and regulatory obligations and requirements.
• Performing internal administrative purposes, data analysis, and research.
• Collecting any outstanding amounts owed to us.
• Assessing and evaluating any application or request you submit.
• Monitoring, recording, and analyzing communications between you and us.
• Sharing your data with government authorities, credit reference agencies, fraud prevention agencies, operational and regulatory bodies, foreign authorities, and external auditors where required or permitted.
• Processing personal data relating to job applicants for recruitment purposes.
• Handling legal matters, including litigation, obtaining legal advice, issuing notices, and documenting transactions.
If we need to process your personal data for a purpose different from those mentioned above, we will inform you and seek your consent where required.
The following matrix explains how personal data is used:
| Legal Basis | Purpose of Processing | Type of Data |
| Cases permitted by law, Contract performance, Legal and regulatory obligation | Account management, communication, service delivery, compliance with regulatory requirements | Personal identity details (name, date of birth, email address, nationality, marital status, gender, contact information) |
| Cases permitted by law, Legal and regulatory obligation | Providing special services when required, compliance with legal requirements | Health details (physical, psychological, genetic) |
| Legal and regulatory obligation, Contract performance | Account management, compliance with regulatory requirements | Addresses and supporting proof documents |
| Legal and regulatory obligation | Identity verification, compliance with regulatory requirements, anti-money laundering | Identity verification documents (ID card, passport) |
| Cases permitted by law, Contract performance, Legal and regulatory obligation | Assessing margin account applications, account management | Employment and employer details |
| Legal and regulatory obligation | Compliance with regulatory requirements | Work and employer information |
| Legal and regulatory obligation, Legitimate interest | Account management, risk assessment, compliance with regulatory requirements | Financial details (income, source of wealth, financial activity) |
| Legal and regulatory obligation | Compliance with international tax requirements | Tax status data (Tax Identification Number, FATCA), and withholding tax under Chapter 3 of the U.S. tax regulations |
| Legal and regulatory obligation | Account management, fraud prevention, compliance with regulatory requirements | Financial transaction details |
| Legitimate interest, Legal obligation | Cybersecurity, provision of electronic services | Digital identifiers (IP address, email address) |
| Legitimate interest, Legal obligation | Service improvement, fraud prevention | Geolocation data |
| Explicit consent, Cases permitted by law | Enhancing user experience, electronic services | Cookies |
| Legal obligation, Legitimate interest | Security, identity verification | Audio, visual, and photographic images |
| Legitimate interest | Credit assessment, risk management | Risk classification information |
| Legal and regulatory obligation, Cases permitted by law | Compliance with regulatory requirements | Due diligence data |
| Explicit consent, Legal obligation | Account management, compliance with regulatory requirements | Data of individuals related to you |
Recipients of Data
We may share your personal data with third parties only when necessary, for the purposes described in this Privacy Policy, and in accordance with applicable legal requirements. Such third parties may include:
• Service Providers: Intermediaries involved in executing financial transactions, including correspondent banks and licensed or authorized electronic funds transfer entities that are legally permitted to obtain such data. Personal data may be shared and processed to the extent necessary to perform such transactions and to comply with applicable legislative and regulatory requirements.
• Regulatory and Legal Authorities: Government entities and regulatory bodies (such as the Securities Commission, Amman Stock Exchange, Securities Depository Center, the Central Bank of Jordan, and the Anti-Money Laundering Unit), as well as courts, where required by law or upon a legitimate request.
• Credit Reporting Agencies: For credit assessment and credit reporting purposes, as permitted by applicable laws.
• Professional Advisors: Auditors and legal advisors (including lawyers) for audit, compliance, and legal representation purposes.
• Parent Company (Capital Bank): For the purpose of complying with laws and instructions related to subsidiary companies.
• Sister Company: Under an agreement for marketing the Company’s products through an investment representative at the sister company.
Data Protection
We employ strict security measures, including technological controls and physical security, to protect your personal information from unauthorized access, loss, misuse, or alteration. We regularly review and update our security protocols to meet or exceed industry standards.
Data Retention
We are committed to retaining your personal data only for the period necessary to achieve the purposes for which it was collected, and to comply with applicable legal and regulatory obligations, in accordance with the instructions of the Securities Commission, the Amman Stock Exchange, and the Securities Depository Center, on an ongoing basis throughout the relationship, unless a longer retention period is required by law.
Once your personal data is no longer required, we will securely dispose of it in an appropriate and safe manner.
Data Subject Rights
Under the Jordanian Personal Data Protection Law (PDPL) and other applicable data protection laws, you have certain rights regarding your personal data. These may include:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): Request the deletion of your personal data.
- Right to Restriction of Processing: Request that we limit the way we use your personal data.
- Right to Object to Processing: Object to the processing of your personal data under certain conditions (e.g., for direct marketing).
- Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
Mechanisms for Requests and Complaints
Capital Invest provides secure channels to enable data subjects to exercise their rights or submit inquiries related to personal data processing. Requests may be submitted exclusively through the following:
- Capital Invest: By visiting any Capital Invest branch and submitting the request through authorized staff.
Upon receipt of a valid request, Capital Invest will:
- Verify the identity of the requester to ensure data security and confidentiality.
- Register and track the request internally.
- Provide a response within a maximum of fifteen (15) calendar days from the date of receipt, in accordance with applicable data protection laws.
Upon receipt of a complaint, Capital Invest will:
- Handle submitted complaints in accordance with the Regulatory Requirements for Personal Data Protection. A response to a complaint shall be provided within ten (10) calendar days, calculated from the day following the date of its submission.
In certain cases, we may be unable to fully comply with a request where doing so would conflict with legal obligations or regulatory requirements. In such cases, the data subject will be informed of the reason for refusal or limitation, as permitted by law.
Customer Notification in Case of Data Breach
In the event of a personal data breach, you will be notified immediately if the breach is likely to pose a significant risk to your rights and freedoms. The breach notification will be prepared in coordination with relevant departments, including IT, Cybersecurity, and Legal, to ensure the accuracy and legality of the information provided.
Marketing Provisions
Capital Invest may use customers’ personal data for the purpose of directly marketing its products and services, within the scope of the business relationship established between the customer and Capital Invest. This includes marketing services and products that are related or similar to those already provided to the customer, including services and products offered by companies wholly owned by Capital Invest.
The customer has the right to opt out of direct marketing communications from the first marketing contact received.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a new "Effective Date." We encourage you to review this policy periodically.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your Browse experience, analyze website traffic, and personalize content and advertisements. You can manage your cookie preferences through your browser settings or our website's cookie consent tool.
What is a Cookie?
A “Cookie” is a small piece of software (file) that is installed on your computer, either temporarily or long-term, via your browser (e.g., Internet Explorer™ or Google Chrome™) when you visit a website.
When you return to our website, your browser sends back information from your previous visit. For instance, our website uses cookies to remember your chosen language and country, saving you time and providing a more personalized experience.
|
Cookie Name |
Purpose |
Description |
Mandatory/Optional |
|
CSRF |
Cross-site request forgery |
To prevent attacks |
Mandatory |
|
_gat_gtag, _ga, and _gid |
Analytical purposes |
Used by Google Analytics to distinguish users |
Optional |
|
language |
Used to set the right language into framework and creates a cookie to store the language code |
Stores context language of the current site |
Mandatory |
|
ASP.NET_SessionId |
Session Management |
unique session identifier (Session ID) |
Mandatory |