Listen to page
Capital Bank

Capital Bank OF Jordan

Get it On Play Store

View
You are on PERSONAL BANKING
عربي
Get The App
Personal Privacy Policy

Privacy Policy

Quick Links
ATMs
IBAN
Ways to bank
Customer Support
Calculators
Product Finder
October 2025

At Capital Bank, we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how Capital Bank (“we”, “us”, or “the Bank”) collects, uses, discloses, and safeguards your personal data when you visit our website, use our online services, or interact with us digitally.

By using our website or services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect different types of information to deliver and improve our services, manage our relationship with you, and comply with legal obligations, including:

1.1 Personal Data You Provide Directly

Capital Bank collects personal data that you provide when interacting with us or requesting services through various channels such as online or paper forms, mobile applications, call centers, or branches.

This may include, but is not limited to:

  • Identity data: Full name, date of birth, national ID, passport number, nationality, gender
  • Contact details: Mailing address, email address, phone number
  • Financial and banking data: Account numbers, transaction history, income sources, credit history, and payment card details (note: full card numbers are typically not stored via the website and are handled under strict security controls)
  • Login credentials: Usernames, passwords, and security questions, secured using appropriate encryption technologies
  • Family-related information (when required): Such as marital status or dependents, for specific products or regulatory requirements
  • Other information: Any additional data you provide through surveys, feedback, complaints, or customer support interactions

1.2 Data Collected Indirectly

We may collect personal data automatically when you interact with our website or digital channels, using cookies and similar technologies or analytics tools.

This may include, but is not limited to:

  • Device information: IP address, device type, operating system, browser type, language settings, device identifiers
  • Usage data: Pages visited, time spent, links clicked, referring URLs, and interaction patterns
  • Technical data: System logs, performance data, and network-related information
  • Approximate location data: Derived from IP address for security and analytical purposes

This data is used to:

  • Enhance user experience and personalize content
  • Analyze website and service performance
  • Strengthen security and detect suspicious or fraudulent activity

Where required by law, we obtain your consent, especially for non-essential cookies, and provide tools for managing your preferences.

1.3 Information from Third Parties

We may obtain personal data from third parties to meet legal and regulatory requirements and enhance fraud prevention measures, including:

  • Credit bureaus and credit reporting agencies: to obtain credit information and financial history.
  • Identity verification service providers: to validate personal data and confirm identity.
  • Fraud prevention and financial crime detection entities: to strengthen security controls.
  • Employers or relevant contractual parties (where required): such as for verifying income or employment details.
  • Legal representatives or authorized agents: where an application is submitted on behalf of the data subject.

All such data is processed in accordance with applicable laws and the principle of data minimization.

1.4 Publicly Available Sources

We may collect personal data from publicly available sources such as public records or databases, within legal limits, for purposes including identity verification, compliance, and risk management.

This data is used in line with data protection principles, such as transparency, proportionality, and purpose limitation, while ensuring that it does not adversely affect the data subject’s rights or legitimate interests.

 

2. How We Use Your Information (Purpose & Legal Basis)

We process your personal data for specific, legitimate purposes, based on one or more legal grounds:

  • Provision of banking services and execution of transactions:
    To process requests, manage accounts, and carry out various banking operations.
    Legal basis: Performance of a contract with the data subject
  • Identity verification and account security:
    To verify the customer’s identity, prevent unauthorized access, and ensure the security of services.
    Legal basis: Performance of a contract / Legal obligation
  • Customer communication:
    To send notifications related to accounts or services and respond to inquiries.
    Legal basis: Performance of a contract / Legitimate interest
  • Improvement of services and products:
    To analyze service usage, develop products, and enhance user experience.
    Legal basis: Legitimate interest, provided this does not override the data subject’s rights
  • Compliance with legal and regulatory requirements:
    To comply with applicable laws and instructions issued by regulatory authorities, such as the Central Bank of Jordan.
    Legal basis: Legal obligation
  • Detection of financial crime, and prevention of fraud and money laundering:
    To carry out compliance procedures, combat financial crime, and protect the financial system.
    Legal basis: Legal obligation / Regulatory requirements
  • Analytics, research, and internal administrative purposes:
    To improve operational efficiency and support internal decision-making.
    Legal basis: Legitimate interest
  • Security and premises protection purposes:
    To protect the Bank’s assets, ensure the safety of employees and customers, and monitor activities within branches and facilities through surveillance systems such as CCTV and other security measures.
    Legal basis: Legitimate interest of the Bank / Compliance with regulatory requirements

    3. Mobile Banking Services

    Our mobile banking services are designed to provide secure and convenient access to your accounts. When using our mobile app, we may collect:

  • Device information: We collect information about your mobile device, such as the model, operating system, and unique device identifiers, to authenticate your device and protect your account.
  • Location data: We may use your device’s location to provide location-based services and for fraud prevention purposes.
  • Biometric data: Subject to your explicit consent, which is obtained separately through the mobile application interface, we may use biometric authentication (such as fingerprint or facial recognition) to enable secure login and transaction authorization.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience, analyze traffic, and personalize content and advertisements. You can manage your cookie preferences through your browser settings or our cookie consent tool.

Purpose  Description  Mandatory/Optional
Cross-site request forgery (CSRF) protection Used to prevent malicious attacks Mandatory
Analytics purposes Used by Google Analytics to distinguish between users Optional
Created by Sitecore Stores the current website language context Mandatory 
Created by Sitecore Stores the current website language context Mandatory

5. How We Share Your Information

The Bank may share your personal data with third parties where necessary, in line with the specified purposes and appropriate legal basis. Such sharing may occur on a one-time or ongoing basis.

This may include:

  • Service providers
    Purpose: Service operation
    Legal basis: Contract performance / Legitimate interest
    Nature of disclosure: Ongoing
  • Group companies
    Purpose: Operational and service management
    Legal basis: Legitimate interest
    Nature of disclosure: Ongoing
  • Regulatory authorities
    Purpose: Compliance
    Legal basis: Legal obligation
    Nature of disclosure: Upon request
  • Credit bureaus
    Purpose: Credit assessment
    Legal basis: Legal obligation
    Nature of disclosure: Ongoing
  • Advisors
    Purpose: Audit and advisory services
    Legal basis: Legitimate interest
    Nature of disclosure: As needed

 

6. International Data Transfers

Personal data may be transferred outside the Hashemite Kingdom of Jordan for operational or technical purposes. Such transfers are carried out subject to appropriate safeguards, including:

  • Ensuring an adequate level of data protection
  • Entering into legally binding agreements
  • Applying security measures such as encryption
  • Compliance with Jordanian data protection laws

In all cases, the Bank ensures that an adequate level of protection is maintained when transferring personal data outside Jordan by:

  • Verifying that the receiving country ensures an adequate level of data protection, or applying appropriate contractual safeguards
  • Entering into legally binding agreements (such as data processing or data transfer agreements) with recipients
  • Applying appropriate technical and organizational measures (including encryption and access controls)
  • Complying with the Jordanian Personal Data Protection Law of 2023 and relevant regulatory instructions

Such transfers may occur for purposes including, but not limited to, operating banking systems, providing technical support, data hosting, or managing services within the Bank’s group.

 

7. Data Security

We implement strict security measures, including technical and physical safeguards, to protect your personal data from unauthorized access, loss, misuse, or alteration. These measures align with international security standards and the requirements of the Central Bank.

Security protocols are regularly reviewed and updated to ensure ongoing compliance.

8. Data Retention

Retention and Disposal of Personal Data
Capital Bank retains personal data only for as long as necessary to fulfill the purposes for which it was collected, and to comply with legal and regulatory requirements, including those issued by the Central Bank of Jordan.

In particular, certain customer data may be retained for a minimum of ten (10) years following the end of the banking relationship, or longer if required by applicable laws or regulations.

Data Storage Locations
Personal data may be stored inside or outside the Hashemite Kingdom of Jordan using secure systems and infrastructure, including data centers or cloud services, with appropriate security and regulatory safeguards in place.

Data Disposal Methods
Once the purpose of processing has been fulfilled or the retention period has expired, the Bank securely disposes of personal data using appropriate methods, including:

  • Secure deletion of electronic data from systems and databases
  • Destruction of storage media in accordance with approved procedures
  • Anonymization, such that it can no longer be linked to its owner (data subject)
  • Secure archiving where limited retention is required

All disposal processes are carried out in accordance with internal controls to ensure that data cannot be recovered or reused.

9. Your Rights (Data Subject Rights)

Under the Jordanian Personal Data Protection Law (JPDPL) and other applicable laws, you have certain rights regarding your personal data, including:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure (right to be forgotten): Request deletion of your personal data under certain conditions and in accordance with Central Bank regulations
  • Right to restriction: Request restriction of processing
  • Right to object: Object to processing (e.g., for direct marketing purposes)
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to withdraw consent: Where processing is based on consent

Limitations on Exercising Rights
The Bank may not be able to fully or partially fulfill certain requests where doing so would:

  • Conflict with applicable laws or regulatory requirements
  • Affect the integrity of identity-related or beneficial ownership information
  • Impact the accuracy of credit reporting
  • Conflict with AML/CFT obligations
  • Compromise the security or integrity of banking operations

In such cases, the data subject will be informed of the reasons for refusal or limitation, as permitted by law.

Requests, Complaints, and Objections

Capital Bank provides secure and dedicated channels for submitting requests, complaints, or objections regarding personal data processing:

  • Branches: By visiting any branch
  • Contact Center: Where requests are logged and processed
  • Email: info@capitalbank.jo

Handling Requests
Upon receiving a valid request, the Bank will:

  • Verify the requester’s identity
  • Record and track the request
  • Refer it to the relevant department (Data Protection / Compliance)
  • Respond within no more than fifteen (15) calendar days

Follow-up and Escalation
Data subjects may follow up through the same channels and escalate complaints if unsatisfied. All cases are handled in line with internal procedures and regulatory requirements.

The Bank may use your personal data for direct marketing purposes in accordance with applicable laws.

10. Marketing

Marketing Activities May Include:

  • Sending offers and new banking services
  • Providing information about existing products
  • Communicating promotional campaigns or programs

Communication Channels:

  • SMS
  • Email
  • Mobile applications
  • Phone calls (where applicable)

Legal Basis:

The Bank undertakes its marketing activities based on one of the following legal grounds:

  • Explicit consent
  • Or legitimate interest, within legal limits and without overriding your rights

Right to Object / Opt-Out:

You may at any time:

  • Object to the use of your data for marketing
  • Opt out of marketing communications

Through:

  • Unsubscribe options in messages
  • Updating preferences on e-channels
  • Contacting the Bank through official channels

Marketing Controls:

The Bank is committed to:

  • Not sending marketing communications without a valid legal basis
  • Respecting customer preferences
  • Not using sensitive data for marketing without explicit consent
  • Ensuring all communications are clear and not misleading

 

11. Data Breach Notification

In the event of a personal data breach, you will be notified promptly if the breach is likely to pose a significant risk to your rights and freedoms.

The notification will be prepared in coordination with relevant departments, including IT, cybersecurity, and legal, to ensure accuracy and compliance.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Any significant updates will be communicated by publishing the revised policy on our website with an updated date.

We encourage you to review this policy periodically.

 

 

13. Contact Us

Capital Bank has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with data protection requirements and handling inquiries and complaints.

You may contact the DPO at:
DPO@capitalbank.jo

For any inquiries regarding this Privacy Policy, data processing practices, or to exercise your rights.

When you use our services, we or also third parties process certain personal data of yours through cookies and similar technologies (“Cookies “). Some of these are essential for our services to work (Essential Cookies). Performance Cookies are used to measure/optimize the content and performance of our services, and Marketing Cookies help us personalize/market our services and display relevant ads. You can find out more about the Privacy Policy.