Privacy Policy

Mizrahi-Tefahot Bank Ltd. respects your privacy and deems protection thereof to be of significant importance

Dear customer,
Mizrahi Tefahot Bank Ltd. respects your privacy and deems protection thereof to be of significant importance. The Bank makes considerable efforts in order to protect the information provided by you, and takes many measures to protect your privacy and secure the information. It is important to us that you understand what information about you is collected by us in the framework of the banking services that you use or in connection therewith, what we will do with this information and with whom we may share it. We shall describe all of the aforesaid herein in order that you will be able to decide whether you wish to receive banking services from us. The document is written in the masculine gender for the sake of convenience only, but is intended for all genders.

The privacy policy specified herein applies to you if you are an individual.

Who are we and how do you contact us?

Mizrahi Tefahot Bank Ltd. (the “Bank”) holds a license to engage in banking in Israel. You can always contact the Protection of Privacy Officer at the Bank with any question pertaining to this privacy policy or the manner in which we use information about you, in one of the following ways:
The Protection of Privacy Officer
Mizrahi Tefahot Bank Ltd. – Head Management

13 Abba Hillel Silver St., Lod 7129463

Fax: 076-8622945

E-mail: privacy@umtb.co.il

What is the significance of provision of the information?

Provision of the information is dependent on your free consent and wish and is not required by law. However, without the requested information, we may not be able to provide you with the banking services for which you approached us, since the law requires the Bank to inquire into and document certain data as a condition to the opening and management of an account.

What information will we request from you?

We shall receive from you information that you deliver to us at your own initiative, and information that shall be collected about you when you use the Bank’s services or you request to use the same. Such information will be kept by us as the banker deems essential to one or more of the purposes specified below:

From time to time, such as, for example, when you approach us for the first time to receive banking services, you will be asked to provide information that includes, inter alia, your personal details (name, occupation, address and I.D. number and your contact details), your income and printouts from other banks where you banked in the past, and other relevant information;
From time to time you may provide our bankers with other personal information, such as, for example, information about your marital status or health;
From time to time we shall request information about your family members, including their occupation as well as identifying and authenticating details that are required, inter alia, from the credit card company that you have chosen or your loyalty program (such as mother’s maiden name);
From time to time we shall require information that statutes and other laws, such as those concerning prevention of money laundering and terror financing, require us to collect, in order to understand your sources of finance and the holders of the rights in the money;
From time to time, when you request additional banking services from us, such as credit facilities, loans or mortgages, we shall request additional information from you that we shall require, such as, for example, economic information (pay slips, information about assets), your reports to Income Tax in the years preceding the application, and more;
For purposes of identification and prevention of fraud, we sometimes collect biometric information such as facial images and voice characteristics;

In addition, upon use of the Bank’s services we shall collect:

Information on the transactions that you perform vis-à-vis the Bank – from the transactions in your account to guaranties that you have given for liabilities of others or you have received from them;
Information on your transactions via various channels – at the branch, by telephone, ATMs, the website, apps, SMS channel, and all of the other channels that provide you interfaces with the Bank. Such information may include the pages you have viewed, the sources from which you reached the Bank’s website, how long you spend on the website or apps, your location, etc.

What are other sources of information?

Aside from information that you deliver to us directly or that is collected by us from the transactions that you perform at the Bank and in its systems, we shall receive, from time to time, information from other sources, including:

Information from open sources such as the Population Registry or the Registrar of Companies in Israel;
Information that is available on search engines, on social networks and on websites, on economic and other databases that the Bank uses inter alia for the prevention of money laundering and terror financing;
Attachments that are received at the Bank from third parties, such as from the Execution Office, although we shall not use this information unless we receive separate consent from you;
Credit data that is available to the Bank pursuant to law and includes information on repaid or delinquent loans, dishonored checks, etc. – however, we will not apply for a credit report on you unless we receive from you separate consent thereto;
Other information that may be received from time to time at the Bank and is required by us in our opinion in order to provide the banking services and to achieve the purposes of this privacy policy;
A specification of the transactions on bank charge cards in your possession.

How will we use the information?

We use the information:

To manage your bank accounts, to decide which banking services we will provide you with (for example to decide whether to provide you with loans that you have requested), to provide you with our services in practice and to communicate with you;
To offer you products and services which we believe may suit you. We shall send such offers to you from time to time via various channels through which we have an interface with you – in letters, via telephone, SMS, WhatsApp, e-mail, via the Bank’s website or via the apps or other applications of ours. However, we shall not send you such offers via SMS or e-mail unless we receive from you separate consent thereto.
To improve and enrich the services and content that we offer our customers. The information that we use for this purpose will mainly be aggregate or statistical information which does not identify you personally;
For identification purposes as well as for the prevention of fraud, information security and risk management;
To enforce the contractual engagement between you and the Bank, including to investigate disputes with you, if any;
To fulfill the requirements of any law, regulation or other act of legislation that apply to the Bank. For example, according to law we are required to deliver to guarantors for your accounts and your loans information on your status and details regarding the credit agreement;
To assist competent courts and authorities or any third party, insofar as shall be required of us by law;
For purposes of research, service quality control, etc.;
For any other purpose permitted by law.

With whom will we share the information?

We keep the information about you confidential. Generally, it will not be transferred from us to other entities other than in the following cases:

To subsidiaries of the Bank that are integrated in its services (for example the Bank’s IT company which manages its databases) or to those whose services you shall explicitly request, such as an insurance agency operated by us;
In a joint account or in an account in which there is a power of attorney, we shall transfer to your partners or your authorized representatives all of the information about you, and of course all of the information pertaining to such account, including a specification of charges on means of payment, such as credit cards;
In an account in which there are guarantors, we shall transfer to them information about you and of course information pertaining to such account, insofar as the information is relevant to them as guarantors;
When you, any of your partners in the bank account or your authorized representatives in the account perform a transaction in the account which requires the cooperation of another bank or financial institution, we shall transfer to such bank or financial institution the information about you that is required for performance of the transaction;
The Bank will be entitled, at any time, to disclose information about you to any body to which the Bank is considering assigning or transferring or sharing its rights or risks vis-à-vis you, subject to the information recipient’s signing a confidentiality undertaking in language accepted at the Bank, unless it is subject to a professional and/or statutory or contractual duty of secrecy;
If we receive a judicial order or demand by a competent authority instructing us to deliver your details or the information about you to such competent authority or to any third party;
In order that the Bank will be able to provide you with its services, the Bank uses various suppliers, including printing houses, archive service providers, survey institutes, digital media management providers and more. We shall transfer thereto relevant information about you, or we will receive from them information about you, in order to provide you with our services;
Where the law requires us to do so, we shall transfer the information about you to foreign authorities;
In any dispute, claim, lawsuit, demand or legal proceedings, if any, between you and us;
If we organize the Bank’s activity in a different framework, we shall change the Bank’s legal structure, we shall merge with another body, or consolidate the Bank’s activity with the activity of a third party, we shall transfer the information about you to such body, provided that it assumes vis-à-vis you the provisions of this privacy policy;
According to your explicit request;
In other cases where we believe that we are required to transfer the information about you to third parties, we shall approach or shall have approached you for your consent thereto in advance.

Transfer of information outside of Israel

Generally, we shall keep your personal information in the Bank’s databases in Israel, but the information may also be kept at select suppliers outside of Israel. Your consent to this policy also constitutes consent to keeping the information at such suppliers overseas, and to the transfer thereof outside of Israel, insofar as necessary.

When you, any of your partners in the bank account or the authorized representatives in the account perform a transaction which requires the cooperation of a bank or financial institution outside of Israel (“Correspondent”) (for example activity in foreign securities, transfers of foreign currency, clearing of checks in foreign currency, foreign trade, etc.), we shall transfer to such Correspondent the information about you, including about the account, the transaction and the parties thereto. The Correspondent will treat this information according to its own policy and we do not control this policy or bear responsibility therefor.

How long will we keep the information?

We keep the information about you so long as your accounts are managed at the Bank. Thereafter we will keep the information about you for at least seven additional years. We may keep the information or part thereof for a longer period of time if we so require according to legal provisions that bind us or if we believe that the same is required to protect vital interests of the Bank. After expiration of the data retention period, we will either delete or anonymize it, i.e. the information will be kept by us but in a manner that does not reasonably allow you to be identified.

Your right to inspect and amend the information

Pursuant to the Protection of Privacy Law, 5741-1981, you are entitled to inspect information about you that is held in the Bank’s computerized databases. If you have inspected information and found that it is incorrect, incomplete, unclear or not up-to-date, you may contact us requesting amendment or deletion of the information. In addition, if the information in the company’s databases is used for purposes of contacting you personally, you are entitled, pursuant to the Protection of Privacy Law, 5741-1981, to demand in writing that the information relating to you not be used for direct marketing. Address any inquiry on these matters to us according to the details stated above.

General

This policy supplements the privacy policy on the Bank’s websites and apps. This document does not derogate from the validity of written agreements that you have given to the Bank in the past.
You may request of the Bank, at any time – by contacting your banker at the branch – that information not be collected about you for purposes of customized communication for marketing purposes, and that no bank information processing shall be carried out for these purposes.

Annex pursuant to the California Consumer Privacy Act

Mizrahi Tefahot Bank is providing the following Privacy Notice pursuant to the California Consumer Privacy Act and the California Privacy Rights Act (the “Californian Law”).

This notice applies only to California residents.

This notice is intended to add to, rather than restrict, the provisions of the Bank’s general terms and conditions. In the event of a discrepancy between this notice and the general terms and conditions, the provisions of this notice shall prevail, only with respect to California residents.

The information we collect, and the purposes of collection

Categories of personal information we collect and their sources

Below are the categories of personal information we collect, and the source of that information, according to the categories listed in the Californian Law. These are also the categories of information we have collected over the last 12 months.

We keep the personal information specified below for a period of up to 20 years after closure of the bank account to which such information pertains. Thereafter, we shall see to it that the information is not accessed, other than in extraordinary events such as legal claims.
Furthermore, we neither use nor share sensitive information for purposes that exceed those which are permitted by the regulations of the Californian Law.

Categories of personal information	Details of the personal information that was collected	Sources of information
Identifiers	Name, e-mail address, telephone, I.D. number, U.S. Social Security number and passport number. Access details to consumers’ accounts, financial accounts, payment card or credit card number together with any security or access code, password or approvals which are required to enable access to the account.	1. Directly from you, as the owner of the account. 2. From persons who make deposits to your account. 3. From your device, when you enter our website or app. 4. Information available on search engines, social media and websites, economic and other databases which the Bank uses, among others, for the prevention of money laundering and financing of terror. 5. Information from open sources such as publicly available governmental registers.
Additional information about you	An alias you use. Your tax residency, residential address and citizenship. Specimen signature. Years of education and degrees. Your medical condition.
Protected classifications under California law or federal law	Family status, gender, age, physical disability, mental disability.
Commercial information	Records of personal property, products or services that you purchased or considered purchasing, purchase history – with respect to financial products. Information about life insurance policies.
Biometric information	Your voiceprint.
Visual information	Your photograph.
Internet or other electronic network activity information	Information regarding transactions you performed on the user interface of your account on the website or App, the length of your stay on such interfaces, information regarding internet pages you’ve watched and the sources from which you reached the Bank’s website.
Professional or employment-related information	Information regarding the occupation of the consumer and their family members.
Sensitive information	U.S. Social Security number and passport number. Access details to consumers’ accounts, financial accounts, payment card or credit card number together with any security or access code, password or approvals which are required to enable access to the account. Your voiceprint. Your medical condition.

Business purposes for the collection of personal information

Categories of personal information	Business purposes
Business purposes	1. Provision of services, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments and providing financing. 2. Debugging to identify and repair errors that impair existing intended functionality. 3. Helping to ensure security and integrity (of processes, information, and transactions). 4. Undertaking activities to verify or maintain the quality or safety of our services and improving our services.

Categories of personal information

Business purposes

1. Provision of services, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments and providing financing.
2. Debugging to identify and repair errors that impair existing intended functionality.
3. Helping to ensure security and integrity (of processes, information, and transactions).
4. Undertaking activities to verify or maintain the quality or safety of our services and improving our services.

Disclosing information to others

We do not sell your personal information, nor do we share it for the purpose of online targeted advertising. Furthermore, we do not knowingly sell the personal information of a person under 16 years of age, nor do we knowingly share it for the purpose of targeted online advertising.
Below are the categories of personal information that we disclose to others, with details on the purposes of such disclosure, according to the categories listed in the Californian Law. These are also the categories of information we have disclosed over the last 12 months.

Categories of personal information	Categories of entities we give the information to, and why
Identifiers Additional information about you Protected classifications under California law or federal law Commercial information Biometric information Visual information Internet or other electronic network activity information Professional or occupational information Sensitive information	External professional consultants, such as risk consultants or financial consultants, for the purpose of managing your bank account and our risk management. Entities to whom we are obligated to disclose information pursuant to a judicial order (e.g., a discovery order) or by law (e.g., tax and money laundering laws that require us to file reports). Entities that need the information in order to execute or manage a transaction related to your account. For example, providing information to a transferee bank in a bank transfer you performed, or providing information to a guarantor regarding loans or credit you took. To other companies in the Bank’s group, for the purpose of managing your bank account and our risk management. To another company with which the Bank merges, which acquires the Bank’s activity, or which is involved in restructuring of the Bank, to enable the merger, acquisition or restructuring. To external advisors such as attorneys, accountants, regulators and State agencies, for the purpose of handling suspected violation of the law.

Categories of personal information

Categories of entities we give the information to, and why

Identifiers
Additional information about you
Protected classifications under California law or federal law
Commercial information
Biometric information
Visual information
Internet or other electronic network activity information Professional or occupational information
Sensitive information

External professional consultants, such as risk consultants or financial consultants, for the purpose of managing your bank account and our risk management.

Entities to whom we are obligated to disclose information pursuant to a judicial order (e.g., a discovery order) or by law (e.g., tax and money laundering laws that require us to file reports).

Entities that need the information in order to execute or manage a transaction related to your account. For example, providing information to a transferee bank in a bank transfer you performed, or providing information to a guarantor regarding loans or credit you took.

To other companies in the Bank’s group, for the purpose of managing your bank account and our risk management.

To another company with which the Bank merges, which acquires the Bank’s activity, or which is involved in restructuring of the Bank, to enable the merger, acquisition or restructuring.

To external advisors such as attorneys, accountants, regulators and State agencies, for the purpose of handling suspected violation of the law.

Below are your rights under the Californian Law

The right to know
You have the right to know the following information, which we will provide to you after we receive a request from you and verify your identity:

The categories of personal information we collected about you
The categories of sources from which the personal information was collected
The purposes for which we collect the personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we collected about you

The right to delete
Although the Californian Law provides, in some cases, for the deletion of your personal information, we do not delete the information because we are a banking institution that is required to keep your information in order to comply with our duties under law and to handle legal disputes.

The right to correct inaccurate personal information
Once we receive a request from you to correct your data, and verify your identity, we will examine the veracity of the corrected information provided by you, consider your request to correct, and inform you of our decision.
To establish the veracity of the personal information as per your request, we will consider all the circumstances pertaining to the personal information the correction of which is requested. We may also require you to provide documentation in support of your request to correct the personal information.

We may deny your request to correct your personal information in the following cases:

If we believe in good faith, based on reasons which are documented in writing, that your request is a fraudulent or is an abuse of the right to correct
If we conclude that the existing personal information is likely to be accurate, based on all the circumstances at issue
If it is contrary to Federal or State law
Due to other exceptions to the Californian Law
Due to discrepancy in the required documentation
If the correction of the information turns out to be impossible or involves disproportionate effort

We will provide you with a detailed explanation including sufficient facts, to enable you to meaningfully understand why we cannot fulfil your request to correct your personal information.

The right to non-discrimination as a result of exercising your rights under the Californian Law
You have the right to not be discriminated by us for exercising the rights granted to you under the Californian Law. If you exercise your rights under Californian Law we cannot:

Deny you service
Charge different prices or fees for services, also through discounts, benefits, or fines
Provide you a different level or quality of services
Propose that you receive different prices or tariffs for services

Please note that we may charge a different fee or provide a different level or quality of services, if the difference is reasonably related to the value we gain from your personal information.

The right to appoint a representative to file requests under the Californian Law on your behalf.

You may appoint an authorized agent to file requests under the Californian Law on your behalf. To this end, you must provide your authorized agent with written approval to do so. The authorized agent will have to present us with proof, attesting that you authorized them to act on your behalf. Furthermore, we will require verification of your identity, as explained below.

Filing requests under the Californian Law

Should you wish to exercise your rights under the Californian Law as specified above, please contact us through the following channels:

File a form of consumer requests which is available on our website, at: https://www.mizrahi-tefahot.co.il
Call us, toll free: 18335823417
To verify your identity, we will ask you to provide additional information, through a verification process in which you will be asked to provide us with two items of information known to you and to us.