Privacy Policy

About BIBD Privacy Policy   

As our valued customer, Bank Islam Brunei Darussalam Berhad (“we”, “us”, “our” or “BIBD”) is committed to ensuring that all your personal banking information with us is kept protected at all times in compliance with the Islamic Banking Act (Chapter 168). This Privacy Policy (“Policy”) sets out the basis which we may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Order 2025 (“PDPO”).  

Who does this Policy apply to? 

This Policy applies to customers, users, visitors and individuals whose personal data is collected, used or processed by BIBD in the course of providing banking services in Brunei Darussalam, whether through our branches, website, mobile applications or digital platforms.

What is Personal Data and what types of Personal Data do we collect?

Personal Data” refers to any data about an individual who can be identified from that data or from that data and other information, and which is in our possession or under our control. We may collect the following types of Personal Data, including but not limited to: 

 (a) Identification data (e.g., Name, IC/Passport Number); 

(b) Contact Information (e.g., Email, Phone Number, Mailing address);  

(c) Financial and Transaction Data (e.g., Account Numbers, Balances, Payments, Transfers); 

(d) Employment and Income Details; 

(e) Location and Device Data (e.g., IP address, browser type, geolocation);  

(f) Information submitted through digital forms or website interactions (e.g., feedback and enquiries);  

(g) Cookies and usage data from our website or apps; and  

(h) Online behaviour, analytics data and data preferences collected through third-party technologies and embedded tools. 

How do we collect your Personal Data?

We may collect your Personal Data through any of the following methods, including but not limited to: 

(a) Application forms (physical or online); 

(b) Your use of our banking products and services; 

(c) Emails, phone calls, chats or correspondences;  

(d) Our website, mobile apps, website, social media and/or any other communication channels; 

(e) Third parties (e.g. employers,  security providers, guarantors, credit bureaus);  

(f) Relevant governmental authorities and/or law enforcement agencies; 

(g) Cookies and analytic tools;  

(h) Recordings of Closed Circuit Televisions (CCTVs) installed at BIBD premises; 

(i) Participation in customer surveys or promotions; 

(j) Embedded third-party tools, plugins or advertisement that interact with your device; and  

(k) From such other sources in respect of which you have given your consent to them disclosing information relating to you and/or where they are not otherwise restricted. 

Why do we collect your Personal Data? 

We collect and use your Personal Data for any or all of the following purposes, including but not limited to: 

 (a) Keeping you informed of any new services or products offered by us as well as to inform you of any developments in our services or products consistent with our continuous efforts in enhancing our customer service; 

(b) Performing obligations in the course of or in connection with our provision of the goods and/or services requested by you; 

(c) Verifying your identity and to assess your eligibility; 

(d) Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you; 

(e) Managing your relationship with us; 

(f) Processing payment or credit transactions; 

(g) Complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;  

(h) Any other purposes for which you have provided the information; 

(i) Transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Brunei Darussalam or abroad, for the aforementioned purposes; and 

(j) Any other incidental business purposes related to or in connection with the above. 

 Please be assured that we will ask for your consent before using your personal information for a purpose other than those that are set out in this Privacy Policy and in the privacy terms in your agreement(s) with BIBD. 

Where is your Personal Data disclosed to? 

We may disclose your Personal Data for any or all of the following purposes, including but not limited to: 

 (a) Where such disclosure is required for performing obligations in the course of or in connection with our provision of the products and/or services requested by you; or  

 (b) Where such disclosure is required by the regulator or any law enforcement agencies or for any purposes which necessitate the disclosure of your Personal Data to any of BIBD’s subsidiaries in any collaborative efforts; or 

 (c) To third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above-mentioned purposes.  We disclose only the Personal Data that is necessary for the third party to deliver the services and we have a contract in place that requires them to keep your information secure and not to use it for their own or commercial purposes. 

 (d) Where such disclosure is required to respond to a data access request under the PDPO 2025 or to notify you of a breach where applicable; or  

 (e) For any other purpose that is required or permitted by any law, regulations, guidelines and/or the order of any court and/or relevant regulatory authorities. 

Do we need your consent?

We will seek your consent where required. In some cases, your consent is not needed if: 

(a) It is necessary for legal or regulatory compliance; 

(b) It is required to fulfil a contract with you; 

(c) You have been notified and you continue using our services (deemed consent by notification); and  

(d) It is necessary for our legitimate interests and does not override your rights. 

 We will inform you when we rely on deemed consent or legitimate interest and will assess the impact on your rights. 

Who do we share your Personal Data with? 

We may share your Personal Data with, including but not limited to:

(a) Any entities within the BIBD Group, whether in or outside of Brunei Darussalam;

(b) Companies and persons that act as BIBD’s appointed service providers, agents, contractors, affiliates, valuers and/or professional adviser (including their sub-agents, sub-contractors, affiliates, service providers);

(c) Regulatory bodies, law enforcement or government agencies;

(d) Credit bureaus, financial institutions or professional advisors; and

(e) Other parties when required by law or necessary for the services we provide.

We ensure that all third parties receiving your Personal Data are contractually bound to protect it.

Do we transfer your Personal Data overseas?

We generally do not transfer your Personal Data to countries outside of Brunei Darussalam. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPO.

How long do we retain your Personal Data?

We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected in accordance with our data retention policy standards and as required by applicable laws and regulations. We will cease to retain your Personal Data or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected and is no longer necessary for legal or business purposes.

What security measures do we use to protect your Personal Data?

To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we implement appropriate administrative, physical and technical measures such as minimised collection of Personal Data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of One-time Password (“OTP”), Two-factor Authentication (“2FA”) and Multi-factor authentication (“MFA”) to secure access, and security review and testing performed regularly.

You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

We will promptly notify you in the event of any breach of your Personal Data which might expose you to serious risk.

Do we use cookies or tracking technologies?

Yes, our website uses cookies and similar tools to enhance your experience, remember your preferences, analyse site traffic and personalise content. Cookies are small text-files which may be downloaded and stored on your browser or device. These files allow the server of the website to read certain information when you browse.

Cookies may also be set by third-party services embedded in our website. You may control or disable cookies through your browser settings. For more information, please refer to our Cookies Policy.

What are your data protection rights under the PDPO?

You have the right to:

(a) Access the personal data we hold about you;

(b) Request correction of inaccurate or incomplete data;

(c) Request deletion of your Personal Data;

(d) Withdraw your consent (where consent was required); or

(e) Withdraw your consent from direct marketing.

All requests may be submitted in writing via email to our Data Protection Officer at the contact details provided below.

How can you contact our Data Protection Officer?

You may contact our Data Protection Officer if you have any enquiries or feedback on our Online Privacy Policy, or if you wish to make any requests, in the following manner:

Address:
Data Protection Officer
Lot 159, Jalan Pemancha
Bandar Seri Begawan, BS8711
Brunei Darussalam

Email Address: dpo@bibd.com.bn

Changes to Policy 

 This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your Personal Data by us. We may revise this Policy from time to time at our sole discretion without any prior written notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated. Any amendments to this Policy will be announced on our website and/or any other modes of communication as shall be determined by the Bank. If the updates materially affect how we process your Personal Data, we will notify you if such changes require additional consent from you. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Effective date:  28 November 2025 
Last updated:  28 November 2025

 

About BIBD

Personal Banking

Business Banking

International

Securities and Asset Management

Help & Support

Connect with us

Instagram Facebook-square Youtube Linkedin

Copyright © 2023 Bank Islam Brunei Darussalam Berhad. All Rights Reserved

Privacy Policy | Terms of Use

Chat with us
BIBD
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.