SALAMA
Cooperative Insurance Company (“we” or “us”) is committed to respecting your privacy and
recognize your need for appropriate protection and management of any personally
identifiable information ("Personal Information") you share
with us in alignment with applicable KSA personal data protection laws and
regulations. We will only use your personal information to deliver the products
and services you have requested from us, and to meet our legal
responsibilities.
This Privacy Notice applies to all customers, visitors, users, and
others (hereinafter referred to as "You" or the "User") who
access or use our website or Mobile Application.
The intent of this Privacy Notice is to inform
you about the following:
1. The type of information we
may gather about you and the purpose for gathering it when you use our website
or Mobile Application.
2. The use of the information
gathered from you and who do we share it with.
3. Your rights to privacy when
it comes to your personal data.
We fully understand how important
your personal information means to you, and we will exert our effort to protect
the security of your personal information. We have always been committed to
maintain your trust and will stick to below privacy principles to protect your
personal information: Right and Responsibility, Consistency, Explicit Purpose,
Freely Given Consent, Minimization and Necessity, Assurance of information
security, Participation, Fair and Transparency. We are also committed to take
appropriate security measures to protect your information.
This Privacy notice shall apply to
personal information about you and related parties that may be processed when
you visit branches, or use our website or mobile application, apply for or use
any product, service provided by us,
handle any business or make any transaction with us, participate in any of our
marketing events and surveys, and in any way contact or correspond with us, no
matter the information is provided by yourself or by the related parties, or
collected or acquired by us from other sources according to PDPL, regulation,
regulatory provision, or based on your or related parties’ authorization or
consent.
The Content of this Policy is set
out to give below details as per KSA Personal Data Protection Regulations:
i.
How We Collect Your Personal Information
ii.
How We Use Your Personal Information
iii.
How We Store Your Personal Information
iv.
How We Protect Your Personal Information
v.
How We Share, Transfer and Publicly Disclose Your Personal
Information
vi.
Special Circumstances for Information Processing
vii.
Your Rights Relating to Personal Information
viii.
How to Contact Us
ix.
Protection of Children and like Personal Information
x.
How We Use Cookies and Other Technologies
xi.
Formulation, Effectiveness and Update of this Policy and Others
1.
For
the purpose of complying with law, regulation and regulatory provision, or as
required for us to provide you or relevant parties with various products and
services and continuously improve our products and services, or in order to
contact or communicate with you or relevant parties, understand the needs of
you or relevant parties, build, review, maintain and develop our relationship
with you or relevant parties, we may receive and keep the personal information
provided by yourself or by related parties, or, according to law, regulation,
regulatory provision, your or relevant parties’ authorization or consent,
collect, enquire, and verify by proper methods your and/or related parties’
personal information from/with members of the SALAMA or other third parties (including but not
limited to credit reference agencies, information service providers, relevant
authorities, employers, counterparties, joint applicants).
2.
The
personal information we collect may be in paper, electronic or any other forms.
3.
When
you visit, browse, use our website and/or applications as a visitor, we may
collect information about the browser or device you use (such as IP address,
operating system, and browser version), your browsing actions and patterns. We
use Cookies and other similar technologies to collect above information. You
may disable Cookies by changing your settings (for details, please refer to
section “How We Use Cookies and Other Technologies” in this notice).
The technical information which
cannot identify any individual will not be treated as personal information.
However, when such technical information can identify the individual alone or
in combination with other information, we will protect it as your personal
information.
We may invite you to subscribe to
our updates, alerts or to participate in our marketing events or survey via our
website and/or applications. If you accept relevant invitation, we may collect
the information you provide to us by filling out contact forms or
questionnaires, etc. The said information may include name, Iqama number,
telephone number, email address, etc. refusal to provide such information will
not affect your visiting, browsing, or using our website and/or applications.
4.
When
you are our prospect or existing individual customer/investor or relevant
parties to the transactions, for us to provide you with our
products/services and to handle relevant business, we may collect the following
information upon your consent or authorization:
|
Purposes
or Functions (Products/
Services/ Functions) |
Personal
Information we may need to collect |
|
To provide you with General
Insurance like Medical Insurance, Motor Vehicle Insurance, Travel Insurance,
etc. |
a.
Personal
identity information, including name, sex, nationality, citizenship, National/IQAMA
ID or Residence Number, Job Title, Nationality, Mobile Number, Email Address,
Signature, occupation, telephone number, e-mail, contact information, birth
date, place of birth, marital status, family status, place of residence
(include historic address, contact address and permanent address), company/employer
and job position, and any relationship with politically exposed person and
relevant information etc.; b.
Personal
biometrics information, such as signature, handwriting, fingerprint, voice,
face recognition information, etc. c.
Personal
account information, including account number, etc.
|
The above information is the basic information we must collect to
provide you with our products or services, to perform our contract with you and
to comply with laws, regulations, and regulatory requirements. If you refuse to
provide those information (or the information so provided is incomplete, inaccurate,
or untrue), you will not be able to use our regular products or services.
5.
When
you are a connected person/legal guardian of our prospect or existing
non-individual customers or relevant parties to the transactions (including
children, corporate, enterprise, institution and other legal entities) (Here we
refer connected person/guardian means any other person with whom our prospect
or existing non-individual customer has a relationship, including but not
limited to, a director, supervisor or employee of a company, partners or
members of a partnership, any shareholder, substantial owner, controlling
person, or beneficial owner, trustee, settler or protector of a trust, account
holder of a designated account, payee of a designated payment, representative,
agent or nominee of the account holder, or the account holder’s principal where
the account holder is acting on another’s behalf), we may collect the
following information upon your or relevant customer’s consent or
authorization:
|
Purposes
or Functions (Products/
Services/ Functions) |
Personal
Information we may need to collect |
|
To provide you with General
Insurance like Medical Insurance, Motor Vehicle Insurance, Travel Insurance,
etc. |
a.
Personal
identity information, including name, sex, nationality, National/IQAMA ID,
occupation, job position, relationship with relevant customers (such as legal
guardian/employment/shareholding/investment relationship), telephone number,
e-mail, contact information, birth date, place of birth, place of residence,
work address, photo, personal virtual identity and authentication
information, any relationship with politically exposed person (“PEP”) and
relevant information etc. b.
Personal
biometrics information, such as signature, handwriting, fingerprint, voice,
face recognition information, etc. c.
Any
other personal information acquired during the establishment or maintenance
of business relationship for the performance of contracts or for compliance
with laws, regulations, and regulatory requirements, e.g., person information
included in the customer documentation, personal information arising from any
suspicious and unusual activity investigation, correspondence or other
communication records (including video or audio records, call log and
correspondence records and contents). |
The above information is the basic information we must collect to
provide relevant customer or relevant parties to the transactions with our
products or services, to perform our contract with you or relevant customer and
to comply with laws, regulations, and regulatory requirements. If you refuse to
provide those information (or the information so provided is incomplete, inaccurate,
or untrue), you or relevant customer will not be able to use our regular
products or services.
6.
You
may decide, at your free choice, to provide us, or allow us to collect from you
or any third party as you agree, the following information for the following
purposes or functions:
|
Purposes
or Functions (Products/
Services/ Functions) |
Consent
Information we may need to collect |
|
Message service functions |
Your account and transaction information |
|
Appointment for policy information, other
services |
Your name, mobile phone number, ID document type and number, tax
residence, address, email, telephone number, fax number |
|
To provide you with more accurate, personalized,
and convenient service and improve customer service experience |
Information you provide when raising your feedback, suggestion
or complaint, information you input when participating in campaigns or
surveys, category, methods, operation information. |
You can choose not to provide such
information. Your failure to provide such information will make you unable to
participate or utilize the corresponding convenience or functions but will not
affect your normal use of our other services.
7.
We
obtain most of your personal information directly from you and through the
products and services you use. Some information may be obtained from other
sources. For example, we may verify some of the information you give us with
your employer or our references. Generally, when we obtain information from
someone other than you, (such as LUX, and other third parties we may have we
record the source of that information). We may obtain your consent in writing
or through electronic means before collecting personal information. In some
cases, we may be as required by law to obtain your explicit consent, in which
case we ensure that we do so.
1. We will use your information to realize
the purposes and functions mentioned in above section of this Policy “How We
Collect Your Personal Information”.
2. When you visit, browse, use our website
and/or applications as a visitor, we may use your information for the following
purposes:
i.
to respond to your queries and requests.
ii.
to provide you with information, products, or services that you request
from us or which we feel may interest you, subject to your prior consent.
iii.
to perform contracts or agreements entered between you and us.
iv.
to allow you to interact with us at our website and/or applications.
v.
to notify you about changes to our website and/or applications.
vi.
to ensure the content of our website and/or application is presented in
an effective manner on your device.
vii.
to maintain proper and secure operation of website and/or applications
as well as insurance business, to prevent and control risk, or to detect and
prevent misuse or abuse of our website, applications, products, or services.
viii.
to meet the compliance obligations of us, or to comply with any
applicable laws and regulations that we are subject to; and
ix.
to make statistics and analysis of the use of our business, products, services,
or functions. But such statistics will not contain any of your personally
identifiable information.
3. When you are our prospect or existing
individual customer or a connected person or a guardian of our individual/
non-individual customers, we may use your information for the following
purposes:
i.
to provide you or related parties with products or services, to
recognize or verify the identity of you and related parties, or to approve,
manage, handle, execute or effect transactions requested or authorised by you
or related parties.
ii.
to comply with any applicable Laws and any order or requirement from any
authority.
iii.
to perform SALAMA’s compliance obligations (including regulatory
compliance, and/or compliance with any Applicable Laws or requirement of any
authority), or to implement any policy or procedure made by SALAMA for the
performance of compliance obligations.
iv.
to enforce or defend SALAMA, or to perform SALAMA’s obligations.
v.
as required by or to fulfil SALAMA’s reasonable operational requirements
(including for data statistics, analysis, processing, and handling, archiving,
and recording, system, product and service design, research, development and
improvement, planning, insurance, audit, and administrative purposes).
vi.
subject to your or relevant parties’ authorization, market or promote
relevant products or services to you or relevant parties, to assess your or
relevant parties’ interests in relevant products or services, or to conduct
market research or survey or satisfaction survey; and
vii.
to obtain or utilize administrative, consultancy, telecommunications,
computer, payment, data storage, processing, outsourcing and/or other products
or services.
4. The above information collection and use
in this notice shall not impact our use of your information for the purposes as
otherwise agreed between you or related parties and us.
5. If we use your personal information for
the purposes other than the purposes of collection and use as set forth in this
notice or in other agreement between you or related parties and us, we shall
obtain your consent before using your personal information for such additional
purposes.
We comply with KSA laws and
requirements on data storage. When we collect or process your information, we
will, according to applicable laws and regulations, regulatory, archival,
accounting, auditing, or reporting requirements, and the purposes as set forth
in this notice, store your information for a period as minimum as necessary to
fulfill the purposes of information collection. Personal data collected from
the website and/or mobile applications are being stored on our servers located
within the Kingdom of Saudi Arabia governed by appropriate security techniques
to protect and preserve the data. After the retention period expires, we will
destroy, delete or de-identify relevant information, or where the destruction,
deletion or anonymization is not possible, store your personal information
securely and separate it from other data processing. The requirements do not
apply to the information that needs to be retained according to applicable laws
and regulations, regulatory, archival, accounting, auditing, or reporting
requirements, special agreement between you or relevant customers and us, or
for settlement of indebtedness between you or relevant customers and us or bond
issuer, or for record check or enquiry from you, relevant customers, regulators,
or other authorities. We might require keeping your personal data even after
the purpose of its collection has ended in the following cases:
a.
If
there is a legal justification for us to keep it for a specified period by law,
regulation, or for security reasons
b.
If
the personal data is closely related to a case before a judicial authority and
its retention is required for this purpose
c.
If
all personal elements have been anonymized
1.
Information
security is our top priority. We will always endeavor to safeguard your
personal information against unauthorized or accidental access, processing, or
damage. We maintain this commitment to information security by implementing
appropriate physical, electronic and managerial measures to secure your
personal information. We will take responsibility in accordance with the law if
your information suffers from unauthorized access, public disclosure, erasure,
or damage for a reason attributable to us and so impairs your lawful rights and
interests.
2.
We
maintain strict security system to prevent unauthorized access to your personal
information. We exercise strict management over our staff members who may have
access to your personal information, including but not limited to access
control applied to different positions, contractual obligation of
confidentiality agreed with relevant staff members, formulation and
implementation of information security related policies and procedures, and
information security related training offered to staff.
3.
We
will not disclose your personal information to any third party, unless the
disclosure is made to comply with laws, regulations, and regulatory
requirements or according to this Policy or other agreement (if any) or based
on your or related parties’ separate consent or authorization. When we use
services provided by external service providers (entities or individuals), we
also impose strict confidentiality obligations on them and request them to
abide by the security standards of this Policy when processing personal
information.
4. For the security of your personal information, you take on the same responsibility as us. You shall properly take care of your personal information, such as your account information, identity verification information (e.g., username, password, dynamic password, verification code, etc.), and all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, devices, or other media. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
5.
We
will organize regular staff training and drills on emergency response. If
unfortunately, personal information security incident occurs, we will adopt
emergency plan and take relevant actions and remediation measures to mitigate
the severity and losses in connection therewith. Meanwhile, we will, following
the applicable requirements set out in law and regulation, inform regulatory
authorities about the basic information of the security incident and its
possible impact, the actions and measures we have taken or will take,
suggestions to prevent and mitigate the risk, and applicable remediation
measures.
1.
Entrusted Processing and Sharing
For the purposes set out above in the SALAMA Privacy Policy, we
may provide or disclose all or part of your personal information to the
following recipients under the preconditions that such provision or disclosure
is necessary and is made with proper protective measures (please refer to
section “How We Protect Your Personal Information” for details) and the
recipients may also, for the aforesaid purposes, use, process or further
disclose the information they receive provided that corresponding protective measures
are adopted pursuant to the applicable laws or our requirements:
i.
any
member of the SALAMA.
ii.
any
contractor, subcontractor, agent, third party product or service provider,
professional consultant, business partner, or associated person of the SALAMA
(including their employees, directors, and officers).
iii.
any
regulator of SALAMA or any other authority, or any organization or individual
designated by such regulators or authorities.
Subject to applicable laws and regulations, we will seek your
separate consent and notify you of the data sharing/transferring, including the
data receiver's identity, contact information, purpose of processing, method of
processing and the type of personal information (if cross-border transfer
involved, we will also notify you the manner and method of exercise your
right).
We may
disclose information about you to affiliated and non-affiliated third parties.
If we do this, we make sure there are appropriate privacy, data handling and
security arrangements in place to protect your information.
·
Affiliates: We may share
information about you within the SALAMA group for legal and regulatory
purposes, to manage credit risk and other business risks, and to ensure we have
corrected and up to date information about you, such as your current address,
date of birth, etc. We may also share your information to better manage your
total relationship with the SALAMA group and enable other members of the SALAMA
group to bring suitable products and services to your attention, such as mutual
funds and brokerage accounts. SALAMA will share your information within the
SALAMA group for these purposes unless prohibited by law or you tell us not to
do so.
·
Authorized Business Partners: We may
partner with other companies to offer you products or services. We may disclose
personal information and/or non-personal or de-identified information collected
about you to such third-party partners for the purposes of providing those
services.
·
Sharing information where
ownership or liability is shared with others: If you have a product or service
where ownership or liability is shared with others, we may share your
information with them in connection with the product or service. Also, if you
authorize us, we may provide your information to your lawyer, accountant, or
others you've identified.
·
Government and Law Enforcement;
Compliance; Other Purposes Permitted by Law: Notwithstanding any other
provision of this notice to the contrary, we reserve the right to disclose
personal information to others as we believe appropriate to comply with legal
process and/or to respond to governmental or regulatory requests for any other
purpose permitted by applicable law.
2.
Transfer
Without your separate consent, we will not transfer your personal
information to any other company, organization or individual. On exceptional
cases to provide the cross-border service, after obtaining your consent, your
information may be transferred abroad too. Under this circumstance, we will
adopt appropriate, necessary, and effective security methods(encryption) to
protect your information security. Also, we will inform you of the identity,
contact etc. of the personal information recipient according to the
requirements of applicable laws and regulations and request the personal
information recipient to comply with the SALAMA Privacy Policy. If the personal
information recipient changes the purposes, methods etc. of personal
information processing under SALAMA Privacy Policy, it shall re-obtain the
consent from you.
3.
Public Disclosure
We will not disclose your personal information to the public unless we have your separate consent.
We will process your information (collection, storage, use,
analysis, transfer, provide, disclosure) based on your consent. To the extent
allowed by laws and regulations, we may process your personal information
without your consent under the following circumstances:
1. Where it is necessary to protect your vital
interests in an emergency or respond to public health emergencies.
2. When the processing achieves a real interest
for the data owner, and it is impossible to contact him, or it is difficult to
achieve this.
3. Other circumstances stipulated by laws and
regulations.
SALAMA makes all its efforts to provide high-quality services to
all users in a manner that guarantees their rights under the limits stipulated
in the Personal Data Protection Law as well as other regulations according to
the following:
Exceptions to this right include:
i. Poses
a Threat to security, harms the reputation of the Kingdom of Saudi Arabia,
conflicts with the Kingdom of Saudi Arabia 's interests
ii. Affects
the Kingdom of Saudi Arabia 's relations with other countries
iii. Prevents
detection of a crime, affects the rights of the accused, affects the integrity
of existing criminal procedures
iv. Endangers
the safety of individuals
v. Violates
the privacy of an individual other than the owner
vi. Conflicts
with the interests of an incompetent or incapacitated individual
Requests for access to, correction or deletion of personal
information, for withdrawal of authorization or disposal of personal
information beyond retention period, for a copy of this Policy, or enquiries
about our practices regarding personal information and privacy protection,
should be addressed to:
Data Protection Officer Name:
Contact Details:
Office Address
We pay particular attention to
protection of the minors’ personal information. We have no intention to collect
any minors’ personal information, unless it is agreed by their legal guardians,
and it is necessary for the products or services offered to the minors. In the
case where we collect personal data of a child under the age of 13 through our
website or application, the purpose would solely be to directly respond to
his/her request without using their personal data for any other purposes. The
child’s data won’t be processed without notifying the child’s guardian of the
request except for the following:
·
If
there is a legal justification for SALAMA to process the data specified by law,
regulation, or for security reasons
·
When
the sole purpose of collecting the contact details of the child is to respond
directly to a specific request from the child, and this data is not used to
call him back again or for any other purpose
If you are under 13 years of age,
for that personal information we collect with the consent of your parents or
legal guardians, we will only use or disclose such information to the extent
allowed by law and regulation or expressly consented by your parents or legal
guardians or necessary for protection of the minors’ interests.
Your visit, browse, use of any of our website or mobile device
applications may be recorded for analysis on the number of visitors to the site
and/or applications, general use patterns and your personal use patterns and
improving your experience. Some of this information will be gathered using
“Cookies”. Cookies are small bits of information automatically stored on your
local terminal, which can be retrieved by your local terminal. Cookies can
enable our website or applications to recognise your device and store
information about your use of website and/or applications so to provide more
useful features to you and to tailor the content of our website/applications to
suit your interests and, where permitted by you, to provide you with
promotional materials based on your use patterns. We will be able to access the
information stored on the Cookies.
The information collected by Cookies is anonymous aggregated data, and
contains no personal information such as name, address, telephone, email
address etc.
You can manage or disable Cookies based on your own preference. Should
you wish to disable the Cookies, you may do so by changing the setting on your
local terminals. However, after changing the setting you may not be able to
enjoy the convenience that Cookies bring, but your normal use of other
functions of the local terminals will not be affected.
We regularly monitor our procedures and security measures to ensure that they remain effective. SALAMA is committed to treating you with the greatest respect and consideration and providing the highest level of service. Even so, there may be a misunderstanding or times where you may feel you have been dealt with unjustly. Whatever the circumstances, our primary objective is ensuring your concerns are addressed.
