Privacy Policy

Mizrahi-Tefahot Bank Ltd. respects your privacy and deems protection thereof to be of significant importance

Dear customer,

Mizrahi Tefahot Bank Ltd. respects your privacy and deems protection thereof to be of significant importance. The Bank makes considerable efforts in order to protect the information provided by you, and takes many measures to protect your privacy and secure the information. It is important to us that you understand what information about you is held by us in the framework of the banking services that the Bank provides you, what we will do with such information and with whom we may share it. We shall describe all of the aforesaid herein so that you will be able to decide whether you wish to receive banking services from us. The document is written in the masculine gender for convenience purposes only, but is intended for all genders. This policy also applies to persons who are not yet actual customers but have contacted us to for banking services.

Part of our services, or the Bank’s apps and websites, may be subject to additional or different provisions. Please pay attention to the updates and notices posted there.

Who are we and how do you contact us?

Mizrahi Tefahot Bank Ltd. (the “Bank”) holds a license to engage in banking in Israel. You can always contact the Protection of Privacy Officer at the Bank with any question pertaining to this privacy policy or the manner in which we use

information about you, in one of the following ways:

The Protection of Privacy Officer

Mizrahi Tefahot Bank Ltd. – Head Management

13 Abba Hillel Silver St., Lod 7129463

Fax: 076-8622945

E-mail: privacy@umtb.co.il

What is the significance of provision of the information?

Provision of the information is dependent on your free will and consent and is not required by law. However, without the requested information, we will not be able to provide you with any banking services, since the law requires the Bank to inquire into and document certain data as a condition to the provision of the service.

What information will we request from you?

We shall receive information that you provide us at your own initiative, and information that shall be collected about you when you use the Bank’s services or you request to use the same.

From time to time, such as, for example, when you contact us for the first time to receive banking services, you will be required to provide information that includes, inter alia, your personal details (name, occupation, address and I.D. number and your contact details), your income and printouts from other banks where you banked in the past, and other relevant information;
From time to time you may provide our bankers with other personal information, such as information about your marital status or health;
We may from time to time request information about your family members, including their occupation as well as identifying and authenticating details that are required, inter alia, from the credit card company that you chose or your loyalty program (such as mother’s maiden name);
We shall from time to time require information that that is requested to be collected by laws and other statutes, such as those concerning AML/CFT, in order to understand your sources of finance and the holders of the rights in the money;
When you request to receive banking services from us, such as credit facilities, loans or mortgages, we shall request additional information from you that we will need, such as economic information (pay slips, information about assets), your reports to Income Tax in the years preceding the application, etc.;
For purposes of identification and prevention of fraud, we may collect biometric data such as facial images and voice characteristics;
In addition, upon use of the Bank’s services we shall collect – Information on all of the transactions that you perform vis-à-vis the Bank;

Information on your transactions via various channels – at the branch, by telephone, ATMs, the website, apps, text messages channel, and all of the other channels through which you are in touch with the Bank. Such information may include the pages you have viewed, the sources from which you reached the Bank’s website, how long you spend on the website or apps, your location, pattern of use, etc.

From What other sources does the information come ?

Aside from information that you provide us directly or that is collected by us from the transactions that you perform at the Bank and in its systems, we shall receive, from time to time, information from other sources, including:

Information from open sources such as the Population Register, the Registrar of Companies in Israel or legal databases;
Any information that is available about you on the internet, including in search engines, on social media and on legal websites, as well as on economic and other databases that the Bank uses, including through external suppliers;
Attachments that are received at the Bank from third parties, such as from the Execution Office. However, we shall not use this information without your explicit, separate consent;
Credit data that is available to the Bank by law and includes information on repaid or delinquent loans, dishonored checks, etc. However, we will not apply for a credit report on you without your explicit, separate consent;
Other information that is received at the Bank and is required by us in order to provide the banking services and achieve the purposes of this privacy policy;
A specification of the transactions on bank charge cards in your possession.
Data cleansing service providers with whom the Bank engages.

How will we use the information?

We use the information:

To manage your bank accounts, to decide which banking services we will provide you with, and to provide you with our services in practice and to communicate with you;
To assess the risks involved in your activities with the Bank – for example, when providing you with credit;
To offer you products and services which we believe may suit you. We shall send such offers to you from time to time via the various channels at the Bank, which serve you – in letters, via telephone, text messages, WhatsApp, e-mail, via the Bank’s website or via the apps or other applications of ours. However, we shall not send you such offers via text messages or e-mail without your explicit, separate consent.
To refine, improve and enhance the level of service and content that we offer our customers. The information that we use for this purpose will mainly be aggregate or statistical information which does not identify you personally;
For identification purposes as well as for the prevention of fraud, information security and risk management;
To enforce the contractual engagement between you and the Bank, including to investigate disputes with you, if any;
To fulfill the requirements of any law, regulation or other act of legislation that apply to the Bank. For example, we are required to provide the guarantors for your accounts and your loans information on your status and details regarding the credit agreement;
To assist the competent courts and authorities or any third party, insofar as shall be required of us by law;
For purposes of research, service quality control, etc.;
For any other purpose permitted by law.

With whom will we share the information?

Generally, we keep the information about you confidential. However, we shall be entitled to transfer the information to other entities in the following cases:

To subsidiaries of the Bank that are integrated in its services (for example the Bank’s IT company which manages its databases) or to those whose services you shall explicitly request, such as an insurance agency operated by us;
In a joint account or in an account in which there is a power of attorney, we shall transfer to your partners or your authorized representatives all of the information about you, and of course all of the information pertaining to such account, including a specification of charges on means of payment, such as credit cards;
In an account in which there are guarantors, we shall transfer to them information about you and of course information pertaining to such account (including information on repayment of credit for a loan guaranteed by them, and details on the credit agreement they have signed), insofar as the information is relevant to them as guarantors;
When you, any of your partners in the bank account or your authorized representatives or authorized signatories in the account perform a transaction in the account which requires the cooperation of another bank or financial institution, we shall transfer to such bank or financial institution the information about you that is required for the performance of the transaction;
The Bank may, at any time, disclose information about you to any entity to which the Bank is considering assigning or transferring or sharing its rights or risks vis-à-vis you, subject to the information recipient’s signing of an NDA in the Bank's standard language, unless it is subject to a professional and/or statutory or contractual duty of secrecy;
If we receive a judicial order or demand by a competent authority instructing us to deliver your details or the information about you to such competent authority or to any other third party;
To third parties that the Bank uses to provide you with its services, including providers of computer services and apps, printing houses, archive service providers, survey institutes, digital media management providers and more. They shall be entitled to hold, store and use the information for purposes of providing the services thereby, all subject to the Bank’s instructions;
To anyone to whom, according to the law, including foreign law, we are obligated to provide information about you;
To any entity assisting or representing the Bank in any dispute, argument, claim, lawsuit, demand or legal proceedings, if any, between you and us;
If we organize the Bank’s activity in a different framework, change the Bank’s legal structure, merge with another entity, or consolidate the Bank’s activity with the activity of a third party, we shall transfer the information about you, and of course all of the information pertaining to such account, to such entity, provided that it assumes the provisions of this privacy policy;
To third parties, whether in or outside of Israel, including correspondents, custodians, authorities, stock exchanges and clearing houses that shall be used by us for the provision of the Bank’s services or for performing your instructions, or operating the services, at their demand. Note that any such third party shall treat the information according to its own policies and may provide information about you to companies in its group, external consultants, foreign regulatory authorities and other third parties, in or outside of Israel. We do not control the policies thereof or bear responsibility therefor;
If the disclosure of information about you is intended to protect a vital public interest or a vital interest of the Bank or for purposes of conducting a legal proceeding.
In the event of death, access to your account and all information stored thereon shall be granted to your legal heirs or administrators in accordance with the provisions of the law.

If any of the information disclosure objectives specified above applies, the Bank shall take reasonable measures to limit the information disclosed solely to what it deems necessary to fulfill such purpose.

Transfer of information outside of Israel

Generally, we shall keep your personal information in the Bank’s databases in Israel, but the information may also be kept with suppliers outside of Israel. Your consent to this policy also constitutes consent to keeping the information at such suppliers overseas, and to the transfer thereof outside of Israel, insofar as necessary.

Artificial intelligence

We may use, from time to time, artificial intelligence systems for fulfillment of the purposes set out in this privacy policy. Such systems may be operated directly by the Bank or through companies in Israel and overseas that provide services to the Bank. We will make sure to use systems that maintain a high level of confidentiality, that have been approved by the Bank’s Information Security Division, and we are obligated not to use your personal information for the general training of the system, unless we have first taken customary measures to conceal your identity.

In order to use artificial intelligence, we may process through it the personal information you have provided to us, that has accumulated with us, or that we collected in accordance with this policy. However, it is important to note that most artificial intelligence systems do not make decisions about you; they are mainly used as decision-support systems, and their recommendations are subject to human review before being accepted or rejected.

How long will we keep the information?

We keep the information about you so long as your accounts are managed at the Bank. Thereafter we shall keep the information about you for at least seven (7) additional years. We may keep the information or part thereof for a longer period of time if we so require according to legal provisions that bind us, or if we believe that the same is required to protect legitimate interests of the Bank. Information that we anonymize may be added and retained by us indefinitely, provided that it cannot be used to identify you.

Your right to inspect and amend the information

Pursuant to the Protection of Privacy Law 5741-1981, you are entitled to inspect information about you that is held in the Bank’s digital databases. If you have inspected the information and found that it is incorrect, incomplete, unclear or not up-to-date, you may contact us requesting the amendment or deletion of the information.

The right to delete information

If the information we hold about you originated from databases in the European Economic Area (or is stored together with such information) and use thereof is not for the protection of national security or law enforcement, the following special provisions shall apply to such information:

Deletion of information. You may request that we delete this personal information about you if one of the following applies:

The information was created, received, accumulated, or collected in violation of any law, or its continued use is contrary to the provisions of the law.
The information is no longer needed for the purposes for which it was created, received, accumulated, or collected.

We may refrain from deletion if we find that the information is required for one of the following:

Exercise of freedom of expression, including the public’s right to know;
Fulfillment of a legal obligation or the exercise of powers under the law;
Protection of a public interest, including for archiving purposes, scientific research, or statistical research;
Conduct of legal proceedings or collection of debts;
Prevention of fraud, theft, or other actions that may affect the accuracy or reliability of the information;
Fulfillment of obligations arising from an international agreement to which the Government of Israel is a party.

Right to opt out of direct marketing

The bank may send you various promotions from time to time, including offers for banking services as well as products and services from third parties. You may request at any time that the Bank cease such communications by sending a notice to privacy@umtb.co.il

General

This policy supplements the privacy policy on the Bank’s websites and apps. This document does not derogate from the validity of written agreements that you have given to the Bank in the past.

You may request of the Bank, at any time – by contacting your banker at the branch – that information not be collected about you for purposes of customized communication for marketing purposes, and that no bank information processing shall be carried out for these purposes.

Annex pursuant to the California Privacy Rights Act, the Texas Data Privacy and Security Act, the Nebraska Data Privacy Act and the Rhode Island Data Transparency and Privacy Protection Act

Mizrahi Tefahot Bank is providing the following Privacy Notice pursuant to the California Privacy Rights Act, the Texas Data Privacy and Security Act, the Nebraska Data Privacy Act and the Rhode Island Data Transparency and Privacy Protection Act.

This notice applies only to Mizrahi Tefahot Bank clients residing in the States of California, Texas, Nebraska or Rhode Island, in the United States.

This notice is intended to add to, rather than restrict, the provisions of the Bank’s general terms and conditions. In the event of a discrepancy between this Privacy Notice and the general terms and conditions, the provisions of this Privacy Notice prevail, only with respect to residents of the States of California, Texas, Nebraska and Rhode Island.

The information we collect, and the purposes of collection

Categories of personal information we collect and their sources

Below are the categories of personal information we collect, and the source of that information, according to the categories listed in the Californian Law. These are also the categories of information we have collected over the last 12 months.

We keep the personal information specified below for a period of up to 20 years after closure of the bank account to which such information pertains. Thereafter, we shall see to it that the information is not accessed, other than in extraordinary events such as legal claims.
Furthermore, we neither use nor share sensitive information for purposes that exceed those which are permitted by the regulations of the Californian Law.

Categories of personal information	Details of the personal information that was collected	Sources of information
Identifiers	Name, e-mail address, telephone, I.D. number, U.S. Social Security number and passport number. Access details to consumers’ accounts, financial accounts, payment card or credit card number together with any security or access code, password or approvals which are required to enable access to the account.	1. Directly from you, as the owner of the account. 2. From persons who make deposits to your account. 3. From your device, when you enter our website or app. 4. Information available on search engines, social media and websites, economic and other databases which the Bank uses, among others, for the prevention of money laundering and financing of terror. 5. Information from open sources such as publicly available governmental registers.
Additional information about you	An alias you use. Your tax residency, residential address and citizenship. Specimen signature. Years of education and degrees. Your medical condition.
Protected classifications under California law or federal law	Family status, gender, age, physical disability, mental disability.
Commercial information	Records of personal property, products or services that you purchased or considered purchasing, purchase history – with respect to financial products. Information about life insurance policies.
Biometric information	Your voiceprint.
Visual information	Your photograph.
Internet or other electronic network activity information	Information regarding transactions you performed on the user interface of your account on the website or App, the length of your stay on such interfaces, information regarding internet pages you’ve watched and the sources from which you reached the Bank’s website.
Professional or employment-related information	Information regarding the occupation of the consumer and their family members.
Sensitive information	U.S. Social Security number and passport number. Access details to consumers’ accounts, financial accounts, payment card or credit card number together with any security or access code, password or approvals which are required to enable access to the account. Your voiceprint. Your medical condition.

Business purposes for the collection of personal information

Categories of personal information	Business purposes
Business purposes	1. Provision of services, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments and providing financing. 2. Debugging to identify and repair errors that impair existing intended functionality. 3. Helping to ensure security and integrity (of processes, information, and transactions). 4. Undertaking activities to verify or maintain the quality or safety of our services and improving our services.

Categories of personal information

Business purposes

1. Provision of services, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments and providing financing.
2. Debugging to identify and repair errors that impair existing intended functionality.
3. Helping to ensure security and integrity (of processes, information, and transactions).
4. Undertaking activities to verify or maintain the quality or safety of our services and improving our services.

Disclosing information to others

We do not sell your personal information, nor do we share it for the purpose of online targeted advertising. Furthermore, we do not knowingly sell the personal information of a person under 16 years of age, nor do we knowingly share it for the purpose of targeted online advertising.
Below are the categories of personal information that we disclose to others, with details on the purposes of such disclosure, according to the categories listed in the Californian Law. These are also the categories of information we have disclosed over the last 12 months.

Categories of personal information	Categories of entities we give the information to, and why
Identifiers Additional information about you Protected classifications under California law or federal law Commercial information Biometric information Visual information Internet or other electronic network activity information Professional or occupational information Sensitive information	External professional consultants, such as risk consultants or financial consultants, for the purpose of managing your bank account and our risk management. Entities to whom we are obligated to disclose information pursuant to a judicial order (e.g., a discovery order) or by law (e.g., tax and money laundering laws that require us to file reports). Entities that need the information in order to execute or manage a transaction related to your account. For example, providing information to a transferee bank in a bank transfer you performed, or providing information to a guarantor regarding loans or credit you took. To other companies in the Bank’s group, for the purpose of managing your bank account and our risk management. To another company with which the Bank merges, which acquires the Bank’s activity, or which is involved in restructuring of the Bank, to enable the merger, acquisition or restructuring. To external advisors such as attorneys, accountants, regulators and State agencies, for the purpose of handling suspected violation of the law.

Categories of personal information

Categories of entities we give the information to, and why

Identifiers
Additional information about you
Protected classifications under California law or federal law
Commercial information
Biometric information
Visual information
Internet or other electronic network activity information Professional or occupational information
Sensitive information

External professional consultants, such as risk consultants or financial consultants, for the purpose of managing your bank account and our risk management.

Entities to whom we are obligated to disclose information pursuant to a judicial order (e.g., a discovery order) or by law (e.g., tax and money laundering laws that require us to file reports).

Entities that need the information in order to execute or manage a transaction related to your account. For example, providing information to a transferee bank in a bank transfer you performed, or providing information to a guarantor regarding loans or credit you took.

To other companies in the Bank’s group, for the purpose of managing your bank account and our risk management.

To another company with which the Bank merges, which acquires the Bank’s activity, or which is involved in restructuring of the Bank, to enable the merger, acquisition or restructuring.

To external advisors such as attorneys, accountants, regulators and State agencies, for the purpose of handling suspected violation of the law.

Below are your rights under the Californian Law

The right to know
You have the right to know the following information, which we will provide to you after we receive a request from you and verify your identity:

The categories of personal information we collected about you
The categories of sources from which the personal information was collected
The purposes for which we collect the personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we collected about you

The right to delete
Although the Californian Law provides, in some cases, for the deletion of your personal information, we do not delete the information because we are a banking institution that is required to keep your information in order to comply with our duties under law and to handle legal disputes.

The right to correct inaccurate personal information
Once we receive a request from you to correct your data, and verify your identity, we will examine the veracity of the corrected information provided by you, consider your request to correct, and inform you of our decision.
To establish the veracity of the personal information as per your request, we will consider all the circumstances pertaining to the personal information the correction of which is requested. We may also require you to provide documentation in support of your request to correct the personal information.

We may deny your request to correct your personal information in the following cases:

If we believe in good faith, based on reasons which are documented in writing, that your request is a fraudulent or is an abuse of the right to correct
If we conclude that the existing personal information is likely to be accurate, based on all the circumstances at issue
If it is contrary to Federal or State law
Due to other exceptions to the Californian Law
Due to discrepancy in the required documentation
If the correction of the information turns out to be impossible or involves disproportionate effort

We will provide you with a detailed explanation including sufficient facts, to enable you to meaningfully understand why we cannot fulfil your request to correct your personal information.

The right to non-discrimination as a result of exercising your rights under the Californian Law
You have the right to not be discriminated by us for exercising the rights granted to you under the Californian Law. If you exercise your rights under Californian Law we cannot:

Deny you service
Charge different prices or fees for services, also through discounts, benefits, or fines
Provide you a different level or quality of services
Propose that you receive different prices or tariffs for services

Please note that we may charge a different fee or provide a different level or quality of services, if the difference is reasonably related to the value we gain from your personal information.

The right to appoint a representative to file requests under the Californian Law on your behalf.

You may appoint an authorized agent to file requests under the Californian Law on your behalf. To this end, you must provide your authorized agent with written approval to do so. The authorized agent will have to present us with proof, attesting that you authorized them to act on your behalf. Furthermore, we will require verification of your identity, as explained below.

Filing requests under the Californian Law

Should you wish to exercise your rights under the Californian Law as specified above, please contact us through the following channels:

File a form of consumer requests which is available on our website
Call us, toll free: 18335823417
To verify your identity, we will ask you to provide additional information, through a verification process in which you will be asked to provide us with two items of information known to you and to us.

You may appeal our decision to deny your request by filling out this form