Privacy Policy
1. Background\Introduction
Abdul Latif Jameel United Finance (herein after referred to as “ALJUF”) is committed to respecting your privacy and protecting your personal data.
- We will be transparent about the information we are collecting about you and what we will do with it.
- We will use your personal data for the purposes described below. Your personal data will not be processed in a manner inconsistent with the purpose of its collection or in cases other than those stipulated by applicable privacy laws.
- We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to process your personal data.
- We have measures to protect your personal data and keep it secure.
- We will respect your data protection rights and aim to give you control over your own personal data.
You can access our full Privacy Policy below to help you to understand how we use your personal data. In it, we explain in particular the types of personal data we collect, how we collect and process it, what we may process it for and who we may share it with.
1.1 Objectives
The objective of this policy is to outline ALJUF's commitment to respecting privacy and protecting personal data by being transparent about the information collected, its purposes, and the legal bases for processing it, while ensuring data security and personal data protection.
1.2 Purpose
The purpose of this policy is to inform individuals about how ALJUF collects, processes, and protects personal data in compliance with applicable privacy laws. It aims to ensure that personal data is handled legally, securely, and transparently, and that individuals are aware of their data protection rights and how they can control their personal data.
1.3 Scope
This policy applies to all personal data collected and processed by ALJUF, covering the methods of data collection, the purposes for processing, the legal bases for such processing, and the measures in place to protect data security. It also includes information on data protection rights and how individuals can exercise these rights.
1.4 Controller Of Personal data
Any personal data processed in connection with this Privacy Policy is controlled by ALJUF having its registered office at [Jeddah, Al-Safa District], which is considered the “data controller” of your personal data under the KSA Personal Data Protection Law and its Implementing Regulations. To contact our Data Protection Officer, please send a request using the contact details specified at the end of this Privacy Policy.
1.5 What Do We Mean by Personal Data?
Personal data means any data, regardless of its source or form, that may lead to identifying you specifically, or that may directly or indirectly make it possible to identify you, including your name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of you, and any other data of a personal nature.
1.6 When Does This Policy Apply?
This Privacy Policy applies to personal data about you that we collect, use or otherwise process in connection with [e.g., ; your relationship with us as a customer, a potential customer, a partner; your application for a job with us; your use of our website and any online services offered through the website; the provision of our newsletter; our communication with you, including responding to your inquiry, informing you about our services and events].
1.7 How We Collect and What Types of Personal Data Do We Collect About You?
1.7.1 Direct Collection
We collect and generally process personal data that you provided directly to us when you [e.g. subscribe to our services, visit our offices or branches, use our website or mobile applications, interact with us via email, apply for a job with us, enter into an employment contract with us].
In that respect, we collect the following types of personal data:
• [ e.g., Name, mobile number, Date Of birth, Email address, Address, Age, gender, identification data, contact details, professional life, personal life, economic and financial information].
We will inform you at the time of collection of your personal data whenever the provision of such personal data to us is mandatory to allow us to achieve the purposes described below. Otherwise, the provision of personal data is optional. If you do not provide the personal data, we require this may affect our ability to provide goods or services to you.
1.7.2 Indirect Collection
We may also collect and process personal data about you indirectly when you [ e.g., use our services, our website, our mobile application].
In that respect, we collect the following types of personal data:
• [e.g., traffic data, location data, services we have provided to you in the past, IP address when you browse our website/mobile application].
We also collect and process personal data about you as received from third parties, i.e.,
• [e.g., SIMAH , ELM , WATHIQ ]
1.8 What Do We Use Your Personal Data For and Our Legal Basis?
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your data, as described below:
1.8.1 Performance Of A Contract With You
It will be necessary for us to use your personal data to:
• [ e.g., fulfil your request and deliver the services/products you have asked for; send you status updates and communications related to the services/products you have asked for; manage our contractual relationship and carry out related administration, including customer support; operate and administer promotions you participate in through our services/products; manage your payments].
1.8.2 Legitimate Interests
We have a legitimate business interest to process your personal data to :
• [ e.g., maintain and enhance security of our services/products; maintain and enhance your safety when you use our services; prevent fraudulent transactions; improve our services/products and your experience; carry out analysis and market research; provide services to the company for which you are working and managing our contractual relationship with such company;].
1.8.3 Compliance with legal obligations
There are situations where we are subject to a legal obligation and needs to process your personal data to comply with those obligations. These legal obligations are as follows: [ e.g., laws and regulations related to
Policies Manual Title: Privacy Policy
(Notice)
Page 3 of 5
SAMA and other regulations, accounting, security, immigration, trade and economic sanctions or instances of judicial cases].
1.8.4 To protect the vital interest of you or otherwise serve your actual interests but communicating with you is impossible or difficult
[There are situations where we may need to process your personal data to protect your vital interest or otherwise serve your actual interests but communicating with you is impossible or difficult.]
1.8.5 Consent
We rely on your prior consent to:
• [, e.g., send you marketing communications to promote our services/products or those of our partners as specified on the relevant consent form; undertake targeted online advertising; invite you to events; store cookies on your device.
You can withdraw your consent to such processing at any time, including by [our website or Application ], or alternately contact us by sending a request using the contact details specified at the end of this Privacy Policy.
[In addition, each marketing communication we send by email will also have an unsubscribe option which will allow you to stop receiving further marketing emails.
Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to notify you of your account or payment status.]
1.9 How Long Do We Keep Personal Data?
We will keep your personal data for no longer than is necessary for the purpose it is being processed for as identified in this Privacy Policy.
[ e.g., where you subscribe to our services, we will keep the information related to your account, so we can fulfil the specific arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to your account, including statutory requirements.
The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any credits, which are due to you.
If you stop interacting with us as a customer, we will remove or anonymize your information after the passing of the statutory requirements.]
On the expiry of the applicable data retention periods, we will delete it securely, or in some cases anonymize it.
If you wish to know more about our retention policy and retention periods that apply to your personal data, please send a request using the contact details specified at the end of this Privacy Policy.
1.10 Who Do We Share Your Personal Data With?
For the purposes referred to under this Privacy Policy, we may share your personal data with processors, acting on our behalf and upon our instructions, providing us with the services necessary for the achievement of the purposes described above, i.e.:
- Our third party providers which provide IT systems and tools, including license, maintenance and hosting services; run marketing initiatives or customer surveys on our behalf].
- These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our instructions and to comply with appropriate security measures to protect your personal data.
- Your personal data may also be shared with other entities acting as independent controllers, i.e.:
- any legal or government authorities or agencies, or third parties such as law firms and courts, in connection with claims, disputes, litigations or investigations;
- third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets;
- anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening; other websites so that they know that you have visited our websites;
- any other third party pursuant to your express consent.
For further information, you should consult the privacy policies of these independent controllers as provided to you.
We do not sell personal data to third parties, and we only allow third parties to send you marketing information where we have your consent to do so.
1.11 Do we Transfer Your Personal Data Outside KSA?
[When we share your personal data with the entities mentioned above, it may imply transfers of your personal data outside KSA .
We seek to ensure such transfers satisfy the conditions set out under the applicable privacy laws. We have in particular limited the transfer to the minimum personal data needed and implemented sufficient guarantees for preserving confidentiality of the personal data transferred, so that the standards of the protection of your personal data is not less than the standards set forth in the applicable privacy laws.]
1.12 What Are Your Legal Rights In Relation To The Personal Data We Hold About You?
Under the applicable privacy laws, you have certain rights in relation to your personal data . Responses to exercise your rights will be provided within 30 days (or such other period under applicable law). If your request is particularly complicated we may extend the deadline for responding by a further 30 days (or such other period permitted under applicable law), but we will let you know if this is the case.
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal data involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.
Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?”.
Your rights include the following:
- Right of access to your personal data;
- Right to be informed about our processing of your data [this Privacy Policy provides this information];
- Right to obtain personal data in a readable and clear format ;
- Right to request correction, completing or updating of personal data;
- Right to request the destruction/erasure of personal data.
In any case, you also have the right to lodge a complaint with the competent data protection authority in accordance with applicable law if you consider that the processing of your personal data carried out by us infringes the applicable privacy laws.
1.13 How Can You Exercise Your Legal Rights And Change How We Use Your Data?
In order to exercise any of your rights mentioned above, or if you have any questions about our use of your personal data, please send a request using the contact details specified at the end of this Privacy Policy.
We may ask for some additional information to confirm your identity, which will only be used to process your request.
In your request, please try to make clear which right(s) you would like to enforce and provide any details which may help us answer to your request.
Where you fully or partially lack legal capacity (for example you are a child under 18) your legal guardian may be required by applicable law to exercise your rights on your behalf.
1.14 Security of Your Personal Data
To protect against the loss, misuse and alteration of the information under our control, we have in place appropriate physical, electronic and managerial procedures. For example, our servers are accessible only by authorized personnel and your information is shared with respective personnel on need-to-know basis to complete the transaction and to provide the services requested by you.
Although we will endeavour to safeguard the confidentiality of your personal data, transmissions made by means of the Internet cannot be made absolutely secure. To make sure your access to our services is secure, you should not share your login details with anyone else.
When you finish using our services, you should log out if others may be able to access your computer or
device. This is especially important if you are using a publicly accessible computer.
Be aware that there is an Internet fraud practice known as ‘phishing’ which is the illegal gathering of
personal data by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third
party, and recipients are asked to enter or reconfirm bank or password details into a cloned or illegal copy
website.
1.15 How to get in touch with us and your right to complain to our supervisory authority?
If you want to exercise any of your rights, or if you have any questions about this policy or our use of your
personal data , please contact the Data Protection Officer.
The Data Protection Officer for ALJUF can be contacted via by email at [Privacy@aljfs.com].
1.16 How will we inform you of changes to this privacy policy ?
If we change this Privacy Policy, we will let you know about the changes by publishing the updated version
on [www.aljfinance.com]. If such change to the Privacy Policy requires your consent, you will have a choice
to consent as to whether or not we may use your personal data in this different manner.
We are committed to protecting and respecting your privacy and will continue to do so in any future
changes we make to this Privacy Policy.
Update frequency
This policy shall be reviewed annually or whenever there is a change in the process to ensure its continued
effectiveness, alignment with changing regulations, and compliance with industry best practices.