Privacy Policy
Date: 24/12/2024
Version: 1.0.4
Introduction:
Welcome to the Privacy Policy page of Al-Jil al-Raqami for Information Technology.
We, Al-Jil al-Raqami for Information Technology (hereinafter referred to as “we” or “the company”), are committed to maintaining the confidentiality and privacy of user data and information.
Please note that this Privacy Policy does not apply to information provided or collected through websites maintained by other companies or institutions with which we may be affiliated, or that may be affiliated with us. Therefore, we are not responsible for the actions and privacy policies of any third-party websites. The company shall not collect, process, or disclose any personal data or information except in accordance with the specified controls set forth in the regulations governing information confidentiality issued by regulatory authorities in the Kingdom, such as the Personal Data Protection Law (PDPL), the National Data Management Office (NDMO), and the Saudi Central Bank (SAMA), including all applicable amendments from time to time.
Definitions:
1. Law: The Personal Data Protection Law.
2. Regulations: The implementing regulations of the Law.
3. Competent Authority: The authority designated by a decision of the Council of Ministers.
4. Personal Data: Any information—regardless of its source or form—that would lead to the specific identification of an individual or make such identification possible, whether directly or indirectly. This includes, but is not limited to: name, personal identification number, addresses, contact numbers, license numbers, records and personal property, bank account numbers, credit card numbers, static or moving images of an individual, and any other personal data.
5. Processing: Any operation performed on personal data by any means, whether manual or automated. This includes, but is not limited to, collection, recording, saving, indexing, arranging, organizing, storing, modifying, updating, merging, retrieval, use, disclosure, transfer, publication, sharing or interlinking data, blocking, erasure, and destruction.
6. Collection: The act of the Controller obtaining personal data in accordance with the provisions of the law, whether directly from the data subject, from their representative, from someone with legal guardianship over them, or from another party.
7. Destruction: Any action taken on personal data that makes it impossible to access, restore, or uniquely identify the data subject again.
8. Disclosure: Enabling any person—other than the Controller or the Processor (as applicable)—to obtain, use, or view personal data by any means and for any purpose.
9. Transfer: Moving personal data from one location to another for processing.
10. Publication: Broadcasting any personal data via a readable, audible, or visual medium, or making it available to the public.
11. Sensitive Data: Any personal information relating to an individual’s racial or ethnic origin, or their religious, intellectual, or political beliefs. It also includes security and criminal information, biometric data that identifies the individual, genetic data, health data, and any data indicating that the individual is of unknown parentage (one or both parents).
12. Genetic Data: Any personal data related to the inherited or acquired characteristics of a natural person, uniquely identifying that person’s physiological or health traits, obtained from analyzing a biological sample (e.g., DNA analysis or any other analysis that yields genetic data).
13. Health Data: Any personal data relating to an individual’s health status—physical, mental, or psychological—or relating to the health services they receive.
14. Health Services: Services related to an individual’s health, including preventive, therapeutic, rehabilitative, inpatient services, and the provision of medication.
15. Credit Data: Any personal data related to an individual’s request for financing or their receipt of financing—whether for personal or family purposes—from an entity engaged in financing. This also includes any data related to their ability to obtain credit, ability to repay, or their credit history.
16. Data Subject: The individual to whom the personal data pertains.
17. Public Entity: Any ministry, public agency, public institution, public authority, any independent public entity in the Kingdom, or any of their affiliates.
18. Controller: Any public entity, or any private natural or legal person, that determines the purpose and manner of processing personal data, whether the processing is carried out by itself or by a Processor on its behalf.
19. Processor: Any public entity, or any private natural or legal person, that processes personal data on behalf of and for the benefit of the Controller.
20. Direct Marketing: Communicating with the data subject by any physical or electronic means directly for the purpose of delivering marketing material. This may include, but is not limited to, advertisements or promotional offers.
21. Personal Data Breach: Any incident that leads to the disclosure, damage, or unauthorized access to personal data, whether intentional or unintentional, and by any means—automated or manual.
22. Vital Interest: Any necessary interest that aims to preserve the life of the data subject.
23. Achieved Interest: Any moral or material interest of the data subject that is directly connected to the purpose of processing personal data, where processing is necessary to achieve that interest.
24. Legitimate Interest: Any necessary need of the Controller that requires the processing of personal data for a specific purpose, provided it does not affect the rights and interests of the data subject.
25. Encoding (Pseudonymization): Transforming the main identifiers that reveal the identity of the data subject into codes that make it impossible to directly identify the data subject without additional data or information. Such additional data or information must be stored separately with the necessary technical and administrative safeguards to ensure it is not linked to the data subject in a specific manner.
26. Anonymization: The removal of both direct and indirect identifiers that point to the data subject’s identity in a permanent way that makes it impossible to identify the data subject.
27. Explicit Consent: Consent given directly and unambiguously by the data subject in any form, indicating their acceptance of the processing of their personal data in such a way that it cannot be interpreted otherwise, and which is provable.
What is the purpose of this Privacy Policy?
This Privacy Policy explains the personal data the Company will collect from you, the purpose for which it is processed, how it is used, the legal basis for collecting and processing it, the parties to whom the data may be disclosed, the geographical scope of processing, the data retention period, and how it is destroyed. It also outlines your rights as the data subject, how to exercise those rights, and how to contact us. Additionally, it clarifies our commitment to make your data accessible in clear and easily reachable ways at the time of collection, such as by linking it on our websites or applications.
What types of personal data does the Company collect and store?
1. When you interact with the Company, we may collect data that helps us identify and contact you, including (but not limited to) your name, email address, physical address, and phone number(s) (landline and/or mobile), as well as your ID number.
2. If you create an account, we may collect your username, password, date of birth, and national identity information in order to provide you with our services.
3. We may also collect data about the device you use to access our online services. This includes the device ID, advertising ID, and browser details used while accessing our online services.
4. We may collect your device’s IP address and related details, such as geographical data and range data.
5. We may collect various types of personal data about you from different sources.
6. We may collect your financial information, including financial data, bank account details, credit history, loan dates/details, and salary information.
We do not collect certain types of personal data, such as data related to race or ethnic origin, religion, philosophical beliefs, political opinions, health status, genetic or biometric information about you, or any information relating to criminal convictions or criminal offenses.
What might we need from you?
We may request certain information from you to help us verify your identity and ensure you are entitled to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to anyone who does not have the right to view or obtain it. We may also contact you to request further information related to your request.
How do we collect your personal data, and from whom do we collect it?
What we may collect: 1. Identity Data: Name (including first and last), date of birth, national ID number, marital status.
2. Demographic Information: Age, gender, nationality
3. Contact Data: National address, email address(es), phone number(s)
4. Location Data
5. Company Information: Name, address, location, type of assets sold, commercial registration number, phone numbers, email addresses, websites, financial data, income, and land market value
6. Information collected via cookies.
7. Professional/Employment Details: Employment dates, employer name, employer information.
8. Financial Details: Bank account details, financial data, income, credit history, loan or credit application data, salary information.
9. Voice and electronic recordings, for example, when you call customer service with a question.
10. Video recordings for service provision purposes
From whom we collect it?
• Some personal data we process is obtained directly from you (the data subject).
• We also obtain some personal data indirectly from the following sources: third parties (such as data collectors, or banks with which you deal), national private companies (such as Elm), and parties with whom you conduct transactions via our websites using cookies, web beacons, mobile application plugins, and similar technologies.
What is the purpose of collecting and processing your personal data?
1. For customer onboarding/customer registration purposes.
2. To provide the Company’s services.
3. To process transactions and send notifications about your transactions.
4. To collect payments and fees.
5. To verify your identity and the accuracy of your information, and to authenticate it.
6. To prevent fraud and unauthorized disclosure of your personal data.
7. To comply with the Company’s business, legal, and regulatory requirements.
8. For product development, research, and to send information about features and improvements.
9. To fulfill your requests, transactions, and other communications about our websites and online services.
10. To record and demonstrate how we handle dispute resolution and complaints and how we reach solutions.
11. To communicate changes to our policies.
12. Your personal data, excluding sensitive data, may be used for marketing and advertising purposes and to send promotional offers for the Company’s services.
13. Your personal data may be used for automated decision-making.
14. For statistical and demographic purposes.
JeelPay may request your consent to use or disclose your personal data if it needs to use your data for a purpose other than that for which it was collected. If you do not consent to Jeel Pay collecting, using, or disclosing your personal data for these other purposes, it may affect the Company’s ability to provide or improve its services and may affect the manner in which we deal with you.
Change in Purpose:
We use your personal data only for the purposes for which it was collected, unless we need to use it for another purpose that is compatible and not in conflict with the original purpose. If you wish to know how the new purpose for processing aligns with the original purpose, please contact us.
If we wish to use your personal data for a purpose not related to the original purpose, we will notify you and clarify the legal basis permitting us to do so. Please note that we may process your personal data without your knowledge and without your consent if such processing is required under relevant laws and regulations, such as the Personal Data Protection Law and its Implementing Regulations, or under the authority of legislative bodies such as the Saudi Central Bank.
How long does the Company retain personal data?
We retain your personal data for the period specified in the Personal Data Protection Law or for the duration necessary for legal and regulatory purposes, including meeting any legal, regulatory, tax, accounting, or reporting requirements in accordance with instructions from regulatory authorities such as the Saudi Central Bank.
When determining an appropriate retention period for any personal data, we take into account the volume, nature, and sensitivity of the personal data, the purpose of processing, and the potential harm that could arise from unauthorized use or disclosure.
We may retain your personal data for a longer period if there is an ongoing complaint or if we believe there is a likelihood of legal proceedings relating to our existing relationship with you.
How do we disclose your personal data?
The Company shares your personal data with various organizations, for example (but not limited to): identity verification programs, financial investigation companies, banks, credit record service providers, trusted cloud service providers, and regulatory authorities in Saudi Arabia to whom you agree to disclose your personal data. Before sharing your personal data with these partner organizations, we review the services they provide and require them to keep the personal data confidential and secure, and not to use it for any purpose other than performing the agreed-upon services. Disclosure for Legal Reasons: We may share personal data with third parties in order to comply with legal requirements such as Saudi laws, regulations, inspection orders, subpoenas, court orders, or other legal processes. We will not disclose your personal data to any other party for direct marketing purposes.
What are the legal grounds for collecting and processing your personal data?
In accordance with the Personal Data Protection Law, the legal grounds upon which we rely to process your data are as follows: • Your Explicit Consent o Please note that you have the right to withdraw your consent at any time, provided that such withdrawal does not affect any processing operations carried out under other legal grounds. To do so, you can contact us at ([email protected]). o Please be aware that your withdrawal of consent does not affect the lawfulness of any processing carried out under consent before its withdrawal. • Contractual Obligation o Where you are a party to a contract, or where processing is necessary prior to entering into a contract or agreement at your request.
How Do We Store Your Personal Data?
Your personal data is securely stored either at the Company’s premises or on its approved data centers, adhering to the policies and best practices related to security and data protection. We retain personal data for the duration specified by the Personal Data Protection Law (PDPL) or as long as needed for legal and regulatory purposes. Once the data is no longer required, it is securely destroyed in a manner that prevents unauthorized access or recovery.
What Are Your Legal Rights Regarding Your Personal Data?
Under the PDPL, you have the following rights, which depend primarily on the purpose of collecting and processing your personal data: 1. Right to be informed: You have the right to be informed about: • The legal basis for collecting your personal data.
• The purpose of its collection and processing.
• How your data is processed, stored, and destroyed.
• To whom it will be disclosed.
You can contact us for all details using the information provided below.
2. Right of Access:
You can request access to your personal data we hold, provided that: 1. Exercising this right does not negatively impact the rights of others (e.g., intellectual property or trade secrets).
2. Exercising this right does not involve disclosing another individual's personal data. We may limit this right if necessary to protect you from harm, in accordance with the regulations.
3. The Right to request access in a readable and clear format You can request your personal data in a clear, machine-readable format. If feasible, you may also request a printed copy.
4. Right to Request Correction You may request corrections, completion, or updates to your personal data. We may ask for supporting documents for verification purposes. Such documents will be securely destroyed after verification.
5. Right to request the destruction The right to request the destruction of your personal data that we hold, once it is no longer needed, or in any of the following cases: 1. In fulfillment of your request.
2. If the personal data is no longer necessary to achieve the
purpose for which it was collected, or if that purpose has ended. However, we may retain such data after the purpose for which it was collected has ended if all identifiers that would lead to your specific identification are removed, in accordance with the regulations. We may also retain personal data even after the purpose for which it was collected has ended in the following cases: 1. If there is a legal basis requiring us to retain it for a specified period. In this case, the data will be destroyed after the end of that period or once the purpose of its collection has ended, whichever is later.
2. If the personal data is closely related to an ongoing legal case under review by a judicial authority and its retention is required for that purpose. In this case, it will be destroyed once the legal proceedings for the case are completed.
3. If any and all information leading to your specific identification is removed, in accordance with the regulations.
4. If you amend your consent for the collection of your personal data and that consent was the only legal basis for processing.
5. If you become aware that your personal data is being processed in violation of the law. General Provisions for the Rights of Personal Data Subjects When the company receives a request from a personal data subject related to their rights under the law, the company is committed to the following:
1. Adopting the necessary technical, administrative, and organizational measures to ensure a prompt response to requests to exercise these rights.
2. Taking appropriate actions and measures to verify the identity of the requester before carrying out their request, in line with applicable legal provisions.
3. Implementing means to document and retain all requests submitted to us, including oral requests.
4. If a request is repeated unjustifiably or its execution requires extraordinary effort, we have the right not to process the request, provided we have a valid reason and we inform the data subject of this.
5. In situations where the personal data subject is partially or fully lacking legal capacity, their legal guardian may exercise these rights on their behalf.
Unless otherwise provided for by law, you will not be required to pay any fees to exercise these rights. If you submit a request to exercise these rights, you will receive a response within 30 days of our receiving the completed request. We may extend this period if execution requires unexpected or unusual additional effort, or if we receive multiple requests from the same data subject, provided that any extension does not exceed an additional 30 days. We will notify the data subject in advance of the extension and the reasons for it.
What About Personal Data of Individuals Under 18?
The company places great importance on protecting the privacy of minors. Our website is not directed toward individuals under the legal age. We do not knowingly request or collect personal information from anyone under the age of 18. If the company suspects a user is under 18, we will require the user to close their account, and we will not permit them to continue using our services. Please notify us if you become aware of any individual under 18 years of age using our services so that we can take appropriate action.
Failure to Provide Personal Data:
If we need to collect personal data as required by law or by a contractual agreement we have with you, and you fail to provide the requested data, we may be unable to fulfill or proceed with the contract (for example, providing services to you). In this case, we may have to cancel the service you receive through us. We will notify you if such cancellation is indeed due to your failure to provide the requested data. You are also obliged to inform us of any changes to your personal data.
What if the Data is Incorrect?
We conduct checks on the data you provide to identify any errors or deficiencies. If there are any errors or deficiencies in the data you have provided, you have the right to request that the data be corrected, completed, or updated.
SMS Terms and Conditions:
By entering your mobile phone number, you agree to receive text messages for service notifications and verification codes from the company. Message frequency may vary (e.g., reply “HELP” for help, or “STOP” to stop/cancel). Standard message and data rates may apply. The company is not responsible for delayed or undelivered messages.
Marketing and Promotional Messages:
We will send you marketing messages about the services we offer that may interest you. We may also send you other information in the form of alerts, newsletters, discounts, or tasks that we believe may be of interest to you or to provide you with updates we believe may be relevant or connected to you. We may use your personal information to make inferences and provide more relevant content, such as purchase and spending habits. We will send these to you in several ways, including by regular mail, phone, email, or other communication channels. We may work with third parties for online advertising to provide you with useful and relevant ads. This may include ads displayed on or through our websites, or ads displayed on other companies’ websites. These ads may be based on information collected by us or by third parties. For example, your zip code may be used to target ads to people in your area. These ads may also be based on your activities on our websites or on third-party websites. If you have registered to receive promotional materials, you can unsubscribe at any time. However, please note that this choice does not apply to any personal data you provided to us as a result of using a service or during registration. Also note that if you opt out of notifications, we may still collect and process your geographic location for other purposes.
Cookies:
We use cookies and track IP addresses on our websites so that we can improve the services provided by our websites and enhance your user experience. When you access our websites or use our services, we (including our partners and companies we work with) may place small data files on your computer or other device. These data files may include cookies, pixel tags, “Flash cookies,” or other local storage provided by your browser or associated applications (collectively referred to as “cookies”). We use cookies to ensure which web pages are visited and how often, to make our websites more user-friendly, to give you a better experience when you return to the website, and to show you ads that we believe you may be interested in. For example, cookies allow us to save your password so you don’t have to re-enter it every time you visit our site. Most web browsers automatically accept cookies. You can find information relevant to your browser in its “Help” menu. You are free to refuse our cookies if your browser or browser add-on permits, unless our cookies are required to prevent fraud or ensure the security of the websites we control. However, refusing our cookies may interfere with your use of our websites and payment services. You can configure your browser settings to refuse all or some cookies or to alert you when cookies are placed on your system by an app/website. However, if you disable or refuse cookies, be aware that you may not be able to access certain parts of this website or these parts may not function properly.
Data Security:
1. We have put in place appropriate procedures and security measures designed to prevent any accidental loss of your personal data, as well as its unauthorized use, access, alteration, or disclosure. Furthermore, we only grant access to personal data to employees, agents, or third parties who need to know such data to fulfill our business purposes. These individuals will process your personal data based on our instructions and are bound by confidentiality obligations.
2. We have also introduced procedures to handle any suspected breach of personal data security. If legally required, we will notify you and any relevant regulatory authority of such a breach.
3. We regularly review our security procedures to consider new and appropriate technologies and updated methods.
4. Only properly authorized individuals who need access to personal data to perform their duties can view or use it. However, despite our reasonable efforts, no security measure is completely perfect or entirely impervious to breaches.
Third-Party Links:
Our website, mobile application, customer portal, and tracking dashboard may include links to websites owned by third parties, as well as third-party components and applications. Clicking on these links or enabling them may allow third parties to collect or share data about you. We do not control third-party websites or applications, nor are we responsible for their privacy statements. When you leave our application or website, we recommend that you read the privacy policies of every application or website you visit.
Will We Notify You of Changes to This Privacy Policy?
If we make any changes to this Privacy Policy, we will inform you by posting the updated version on the website and application. These changes become effective as soon as they are posted. The company is committed to protecting and respecting your privacy.
Contact Us
If you have any questions or suggestions regarding our Privacy and Usage Policy, please do not hesitate to contact us via email at (c[email protected]) or by phone at (8001200010).