Last updated: June 17, 2026
INTRODUCTION
Jak Almuqaddimah, hereinafter referred to as Trademark “Sakhi”, “we”, “us”, or “our”), is committed to protecting the privacy and security of Personal Data in accordance with applicable laws and regulations in the Kingdom of Saudi Arabia.
This Data Privacy Notice explains how SAKHI collects, uses, stores, shares, and protects Personal Data in connection with the use of SAKHI’s products and services. It also outlines your rights and choices regarding your Personal Data.
SAKHI is registered in the Kingdom of Saudi Arabia under commercial registration number 1010951858, with its registered national address at Al Olaya District, King Fahad Road, Attawuniya Towers.
Website: www.sakhi.com
SAKHI is licensed, regulated, and supervised by the Saudi Central Bank (SAMA) pursuant to the applicable licensing framework.
For the purposes of the Personal Data Protection Law (“PDPL”) and related regulations, SAKHI acts as the Data Controller in relation to Personal Data processed through its services, unless otherwise stated.
SCOPE
This Data Privacy Notice applies to all individuals whose Personal Data is processed by SAKHI in connection with its services, including:
· Customers
· Prospective customers
· Users of the SAKHI mobile application
· Visitors to the SAKHI website
· Individuals who interact with SAKHI through other channels
This Notice applies to Personal Data collected through SAKHI’s digital channels, physical premises, customer communications, and any other interactions related to the provision of SAKHI services.
SAKHI is committed to processing Personal Data lawfully, fairly, transparently, and securely, and to using such data only for legitimate and specified purposes.
YOUR DATA PRIVACY JOURNEY WITH US
SAKHI may act as a ‘Data Controller’ or a ‘Data Processor' in relation to your Personal Data.
What is a Data Controller? SAKHI acts as a Data Controller when it determines the purposes and means of processing Personal Data, either alone or jointly with others. In most cases, SAKHI processes Personal Data as a Data Controller, meaning it decides how and why Personal Data is collected and used.
What is a Data Processor? SAKHI acts as a Data Processor when it processes Personal Data on behalf of another entity and strictly in accordance with that entity’s instructions.
If you have questions about how your Personal Data is processed, you may contact SAKHI using the details provided in the “How to Contact Us” section.
CONFIDENTIALITY OF PERSONAL DATA
SAKHI maintains appropriate safeguards to ensure that Personal Data is treated as confidential and protected against unauthorised access, use, disclosure, alteration, or destruction.
SAKHI may disclose Personal Data only where:
· Disclosure is required by law, regulation, or a competent authority
· Disclosure is made with your explicit consent
· Disclosure is permitted under applicable data protection laws
· Disclosure is necessary to protect vital interests or public safety
All disclosures are carried out in accordance with PDPL and other applicable regulations.
UNDERSTANDING PERSONAL DATA AND PROCESSING
Under the applicable laws and regulations in the Kingdom of Saudi Arabia, the terms Personal Data and Processing have specific legal meanings. It is important that you understand these terms as they are used throughout this Data Privacy Notice.
What is Personal Data?
For the purposes of the Applicable Laws, Personal Data means any data relating to a living individual who can be identified, either directly or indirectly, from such data.
Personal Data includes a broad range of information that can identify an individual, including but not limited to the following categories:
· Identification information (such as name, date of birth, and government-issued identification numbers)
· Contact information (such as residential address, email address, and telephone number)
· Financial information (such as account details, transaction history, and credit score information)
· Employment information (such as job title, employer name, and employment status)
· Demographic information (such as gender and marital status)
What is Processing?
Processing refers to any operation or set of operations performed on Personal Data, whether carried out by automated means or manually.
This includes, but is not limited to, the collection, recording, storage, organisation, structuring, indexing, formatting, modification, updating, retrieval, consultation, use, disclosure, transmission, publication, sharing, linking, restriction, blocking, erasure, destruction, or any other form of handling of Personal Data.
PERSONAL DATA SAKHI COLLECTS ABOUT YOU
SAKHI Financing Company collects Personal Data directly from you when you interact with us as a customer or prospective customer. This includes Personal Data that you voluntarily provide to us through your access to, or use of, SAKHI products and services.
Personal Data may be collected, for example, when you apply for a product or service through our website or mobile application, communicate with us by telephone, or visit SAKHI premises and provide Personal Data to one of our employees.
Personal Data SAKHI Collects About You From Other Sources
Where permitted under applicable laws and regulations, SAKHI may also collect Personal Data about you from third-party sources. These sources may include, but are not limited to, the following:
· Beneficiaries of your payment transactions
· Co-borrowers and/or guarantors
· Credit bureaus and credit reporting agencies
· Organisations authorised to conduct criminal record or background checks
· Digital identity and authentication service providers
· Government entities and official databases
· Law enforcement authorities
· Legal representatives acting under a valid power of attorney
· Individuals nominated as contact persons by an existing account holder
· Persons authorised to act on your behalf
· Publicly available sources
· Regulatory authorities, including the Saudi Central Bank (SAMA)
· Representatives of corporate clients
· Your employer, where relevant and permitted by law
SAKHI ensures that any Personal Data obtained from external sources is processed in accordance with applicable data protection laws and solely for lawful and legitimate purposes related to the provision of its services.
Personal Data includes any information that SAKHI collects and processes about you, depending on the products or services you apply for, obtain, or receive.
The table below provides a non-exhaustive list highlighting example of the categories of Personal Data processed by SAKHI, the purposes of such processing, and the applicable lawful basis. This list is not intended to cover every processing activity carried out by SAKHI.
|
Category |
Description |
Example |
Lawful Basis |
|
Account Management |
Used to manage and administer your relationship with SAKHI. Used to identify you when accessing your account and to provide products and services. |
Processing customer data for the purpose of managing the ongoing relationship between SAKHI and the customer. |
Performance of a Contract |
|
Account Opening |
Used for customer onboarding and account setup, including compliance with regulatory requirements such as Know Your Customer (KYC). |
Enabling customers to create an account, log in to the SAKHI application, and verify credentials. |
Performance of a Contract |
|
Analytics |
Used to collect information on how customers use the SAKHI application and how the application performs. Used to analyse interactions with SAKHI services. |
Monitoring application usage, diagnosing system issues, detecting crashes, and improving future performance. |
Consent |
|
App Functionality |
Used to enable features available within the SAKHI application and to enhance design and usability. |
Enabling application features and authenticating customers. |
Legitimate Interest |
|
Declined Onboarding |
Where an application is declined, Personal Data is retained in accordance with record retention requirements and legal obligations. |
Retaining reasons for declined onboarding for reference in case of future applications. |
Legitimate Interest |
|
Notification |
Used to send service-related updates, alerts, or notifications. |
Sending push notifications regarding important security updates. |
Performance of a Contract / Legitimate Interest |
|
Financial Mediation / Debt Recovery |
Used to authorise service partners to conduct collection activities and to recover outstanding debts. Used to protect SAKHI’s contractual and financial rights. |
Engagement of authorised partners to contact customers in default to settle liabilities. |
Performance of a Contract / Legitimate Interest |
|
Fraud Prevention, Security and Compliance |
Used to prevent, detect, and investigate fraud, money laundering, and other financial crimes. |
Monitoring failed login attempts, device information, IP addresses, and geolocation data to identify suspicious activity. |
Legal Obligation / Legitimate Interest |
|
General Correspondence |
Personal Data provided through forms or communications with SAKHI, whether in person, by phone, email, or online. |
Responding to inquiries, resolving technical issues, and providing customer support. |
Performance of a Contract |
|
Personalised Commercial and Promotional Communications (Marketing) |
Used to send marketing communications relating to products and services similar to those previously obtained, including market research and statistical analysis. |
Sending promotional emails or SMS messages about SAKHI products or services. |
Consent |
|
Regulatory Requests |
Used to respond to requests and instructions from regulators, law enforcement authorities, and other competent bodies. |
Compliance with regulatory and supervisory obligations applicable to licensed financial institutions. |
Legal Obligation |
|
Satisfaction Surveys |
Used to collect feedback and opinions regarding SAKHI services. |
Sending customer satisfaction or service quality surveys. |
Consent |
|
Service Communications |
Used to keep customers informed about the services they are receiving and any relevant updates. |
Reminders to update personal details such as contact information in the application. |
Performance of a Contract |
|
Video Protection (CCTV) |
Used at SAKHI premises to ensure safety and security. |
Monitoring premises to protect customers, employees, visitors, and property. |
Legitimate Interest |
SAKHI will only process Health Data, Credit Data, or carry out Automated Processing where explicit consent has been obtained or where such processing is otherwise permitted or required by law.
In certain circumstances, SAKHI may process Personal Data in order to protect your vital interests. Where this occurs, SAKHI will retain appropriate evidence demonstrating that such interests exist and that it was not possible to contact or communicate with you in advance.
DISCLOSURE OF YOUR PERSONAL DATA BY US
SAKHI only discloses your Personal Data outside of SAKHI in limited and controlled circumstances. Where Personal Data is shared, SAKHI ensures that appropriate safeguards, controls, and data sharing or processing agreements are in place to require recipients to protect your Personal Data and process it strictly in accordance with SAKHI’s instructions.
This does not apply where SAKHI is legally required to disclose Personal Data, as set out under the section “Confidentiality of Personal Data”, or where disclosure is otherwise permitted under applicable laws.
All third parties, contractors, or recipients acting on behalf of SAKHI are required to comply with SAKHI’s instructions and confidentiality obligations. SAKHI does not sell your Personal Data to third parties.
SAKHI may disclose your Personal Data to third-party service providers, agents, and subcontractors (“Suppliers”) where necessary to support the provision of services to SAKHI or directly to you on SAKHI’s behalf.
When engaging Suppliers, SAKHI:
· Shares only the minimum Personal Data necessary to perform the relevant services; and
· Ensures that contractual arrangements are in place requiring Suppliers to maintain the security and confidentiality of your Personal Data and to process it only in accordance with SAKHI’s instructions.
SAKHI takes reasonable steps to ensure that all third-party service providers processing Personal Data comply with applicable data protection laws and apply protection standards equivalent to those implemented by SAKHI. Where feasible, SAKHI aims to anonymise Personal Data or use aggregated and non-identifiable data sets.
A summary of the categories of third parties with whom SAKHI may share Personal Data is set out below.
Categories of Third Parties
|
Category of Third Party |
Description of Service Provided |
Lawful Basis of Processing |
|
Affiliates |
Companies within the SAKHI Group that support SAKHI in delivering and improving services and enhancing the customer experience. |
Legitimate Interest / Legal Obligation |
|
Analytics Providers |
Providers assisting in optimising SAKHI’s website and applications, including campaign performance measurement and user activity analysis. |
Consent |
|
Asset Custodians |
Custodian service providers engaged upon request for asset-related services. |
Consent |
|
Asset Purchasers |
Third parties acquiring all or substantially all of SAKHI’s assets or business, where applicable. SAKHI will use reasonable efforts to ensure continued protection of Personal Data. |
Legitimate Interest |
|
Business Partners |
Entities partnering with SAKHI to provide services, funding, financing, or transactional arrangements connected to your relationship with SAKHI. |
Consent |
|
Courts, Regulators, and Government Authorities |
Authorities requiring disclosure to comply with legal, regulatory, supervisory, or judicial obligations, including law enforcement requests. |
Legal Obligation |
|
Credit Information Agencies |
Government-authorised credit bureaus and fraud prevention agencies. |
Legal Obligation |
|
Debt Collection Agencies |
Entities engaged to recover outstanding receivables from delinquent or defaulted customers. |
Legitimate Interest |
|
Guarantors |
Individuals or entities providing guarantees or security in connection with agreements with SAKHI, including their professional advisers. |
Legitimate Interest |
|
Insurance Providers |
Insurers, brokers, underwriters, and related parties providing insurance services. |
Legal Obligation / Legitimate Interest |
|
IT Service Providers |
Providers of cloud hosting, application development, infrastructure, communication, email, and call-recording services supporting SAKHI operations. |
Legitimate Interest |
|
Law Enforcement Agencies |
Authorities involved in the prevention, detection, investigation, or prosecution of criminal offences. |
Legal Obligation |
|
Legal and Professional Advisors |
Consultants, auditors, and legal advisors providing professional services, including statutory audits and legal advice. |
Legitimate Interest |
|
Payment Processing Services |
Providers supporting payment processing and transaction execution. |
Consent / Legal Obligation |
|
Postal Services and Couriers |
Entities providing delivery and courier services. |
Legitimate Interest |
|
Representatives |
Individuals authorised to act on your behalf, including advisers, intermediaries, and holders of powers of attorney or letters of authorisation. |
Consent |
|
Social Media Agencies |
Platforms and agencies used to deliver relevant marketing messages or suppress irrelevant communications. |
Consent |
Disclosure in Accordance with KSA PDPL:
SAKHI may disclose your Personal Data in accordance with the Personal Data Protection Law in the following circumstances:
· Where you have provided consent to the disclosure
· Where Personal Data has been obtained from a publicly available source
· Where disclosure is requested by a public entity for public interest, security purposes, implementation of another law, or judicial requirements
· Where disclosure is necessary to protect public health or public safety, or to safeguard the life or health of specific individuals
· Where the disclosure involves subsequent processing in a manner that prevents direct or indirect identification of the individual
· Where disclosure is necessary to achieve SAKHI’s legitimate interests, provided that no Sensitive Personal Data is processed
PROCESSING FOR ANOTHER PURPOSE
Where SAKHI collects Personal Data from a source other than the Data Subject and subsequently processes such Personal Data for purposes other than those for which it was originally collected, SAKHI will only do so in accordance with applicable laws and where one or more of the following conditions apply:
· SAKHI has obtained your consent for the additional purpose
· The Personal Data is publicly available or has been collected from a publicly available source
· The collection or processing of Personal Data does not cause harm to you or adversely affect your vital interests
· The collection or processing is necessary to protect public health, public safety, or the life or health of specific individuals
· The Personal Data is not recorded or stored in a form that enables you to be directly or indirectly identified
· The processing is necessary to achieve SAKHI’s legitimate interests, provided that no Sensitive Personal Data is processed
Where SAKHI processes Personal Data relating to an individual who lacks full or partial legal capacity, SAKHI will obtain consent from the individual’s legal guardian. SAKHI will take appropriate steps to verify the validity of the legal guardianship before relying on such consent.
SAKHI’s analysis of Personal Data in relation to its services may involve profiling or other forms of automated processing to support decision-making activities. Such processing may relate to the following areas:
· Credit and affordability assessments, including the determination of credit limits. These assessments may take into account information such as income, expenses, and historical repayment behaviour.
· Anti-money laundering, counter-terrorism financing, sanctions screening, and KYC validations, including checks conducted through national identity and government platforms, as well as screening of politically exposed persons.
· Monitoring accounts for fraud and financial crime, including the assessment of transactions to identify patterns or activities that appear unusual or suspicious.
· Regulatory and supervisory assessments, where certain information may indicate that an individual could be financially vulnerable and require additional support.
· Identification of customers for specific campaigns or offers, based on defined criteria.
You may have the right to request information regarding how automated decisions are made. Where a decision is based solely on automated processing, you may also have the right to request human intervention and to challenge the outcome, subject to applicable laws and regulations.
For further information or to submit a request relating to automated processing, please refer to the “How to Contact Us” section.
SAKHI shall not make copies of official documents where you are identifiable, except where such copying is required by applicable law or where SAKHI is requested to do so by a competent public authority or regulator, including the Saudi Central Bank (SAMA), in accordance with applicable laws and regulations.
Where official documents are copied, SAKHI shall apply appropriate safeguards to protect such documents and shall securely destroy them once the purpose for which they were obtained has been fulfilled, unless there is a legal or regulatory requirement to retain them for a longer period.
IS IT OBLIGATORY OR VOLUNTARY FOR ME TO PROVIDE MY PERSONAL DATA?
SAKHI requires certain Personal Data in order to provide you with the products or services you request. In some cases, SAKHI also requires your explicit consent to process your Personal Data in order to meet contractual, legal, and regulatory obligations.
If you choose not to provide the requested Personal Data, this may affect SAKHI’s ability to process your application or deliver the requested product or service. As a result, SAKHI may be required to decline your request for a product or service. Where you are already receiving SAKHI products or services, failure to provide required Personal Data may result in the temporary suspension or discontinuation of such products or services.
Notwithstanding the above, SAKHI will always comply with applicable legal and regulatory requirements relating to data retention and processing.
SAKHI operates channels, pages, and accounts on various social media platforms for the purpose of informing, assisting, and engaging with customers.
SAKHI is not responsible for any information published on such social media platforms other than content posted directly by SAKHI. SAKHI does not endorse the social media platforms themselves, nor any information, content, or opinions published by third parties on those platforms.
For direct marketing purposes, SAKHI will obtain your explicit consent to collect, maintain, and process your Personal Data in order to send you information about SAKHI’s products and services, including promotional offers.
You may object to or opt out of marketing communications at any time by:
· Contacting the SAKHI Customer Call Centre on +966 800 111 0150.
· Updating your marketing preferences through your SAKHI application account
Further information on how SAKHI uses your Personal Data is set out in this Data Privacy Notice.
SAKHI collects Personal Data relating to your use of the internet through technologies such as cookies. Cookies can often be managed through your internet browser settings or via the SAKHI cookie preference centre available on the SAKHI website.
The information collected through cookies may include:
· Technical information, such as your IP address and device identifier
· Information about your visit, including URLs visited and interactions with the website or application
· Location data, where you have provided consent, which may be used to enhance security controls, support fraud prevention, comply with regulatory requirements, and improve service delivery (for example, by detecting unusual access patterns or ensuring services are offered in accordance with geographic restrictions).
· Network and connection information, including interactions with SAKHI and connections through social media platforms.
SAKHI is established and operates within the Kingdom of Saudi Arabia. Personal Data collected by SAKHI is processed and stored within the Kingdom of Saudi Arabia and is not transferred outside the Kingdom.
SAKHI does not transfer Personal Data internationally unless such transfer is expressly permitted under applicable laws and regulations and subject to the required regulatory approvals and safeguards. In such cases, SAKHI will ensure full compliance with the Personal Data Protection Law and any applicable requirements issued by the competent authorities.
You have certain rights in relation to your Personal Data, and SAKHI has established procedures to enable you to exercise these rights in accordance with applicable laws.
Your rights include the following:
Opt-Out / Unsubscribe
You may request to be removed from SAKHI marketing communications at any time by contacting SAKHI’s Customer Care, submitting a request through the website “Contact Us” or complaints page, or updating your preferences through the SAKHI mobile application, where available.
Right to Access (Subject Access Request)
You have the right to request confirmation as to whether SAKHI processes Personal Data relating to you and, where this is the case, to obtain a copy of such Personal Data. You may also request additional information regarding how and why your Personal Data is processed.
Personal Data will be provided in a commonly used electronic format and, where feasible and upon request, in printed hard-copy form.
Right to Rectification
You have the right to request that inaccurate Personal Data relating to you be corrected and that incomplete Personal Data be completed, for example where you update your name or contact details.
Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of your Personal Data in the following circumstances:
· Where the Personal Data is no longer necessary for the purposes for which it was collected or processed
· Where processing is based on your consent and you withdraw that consent (without affecting the lawfulness of processing prior to withdrawal)
· Where processing is based on SAKHI’s legitimate interests and you object to such processing, and SAKHI has no overriding legitimate grounds
· Where you object to processing for direct marketing purposes or advanced analytics
· Where Personal Data has been unlawfully processed
· Where deletion is required to comply with a legal obligation
Right to Object or Restrict Processing
You have the right to object to, or request restriction of, the processing of your Personal Data where:
· Processing is based on SAKHI’s legitimate interests
· Processing is carried out for direct marketing purposes or advanced analytics
Right to Withdraw Consent
Where SAKHI processes Personal Data based on your consent, you have the right to withdraw such consent at any time. Upon receipt of a valid withdrawal request, SAKHI will cease processing without undue delay. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Requests may be submitted using the contact details provided in the “How to Contact Us” section.
Right to Lodge a Complaint
If you have any concerns or complaints regarding the way SAKHI processes your Personal Data, we encourage you to contact SAKHI in the first instance so that we can address your concern promptly and fairly.
You may submit a complaint by contacting the SAKHI Data Privacy Office using the details provided in the “How to Contact Us” section below.
SAKHI is committed to reviewing and resolving all complaints in a timely and transparent manner.
If you are not satisfied with SAKHI’s response, or if you believe that your complaint has not been adequately addressed, you have the right to lodge a complaint with the competent supervisory authority:
· Authority: Saudi Data & AI Authority (SDAIA)
· Address: Digital City, Riyadh 12382, Kingdom of Saudi Arabia
· Telephone: 8001221111
· Website: https://sdaia.gov.sa/
The security of your Personal Data is important to SAKHI. We take appropriate measures to ensure that Personal Data is protected within our systems against unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction, or accidental loss.
SAKHI maintains a combination of physical, technical, and organisational safeguards to protect Personal Data. Access to Personal Data is restricted to employees, agents, contractors, and authorised third parties who require such access to perform their duties and only on a strict need-to-know basis. All such parties process Personal Data solely in accordance with SAKHI’s instructions and are subject to confidentiality obligations.
Additional safeguards implemented by SAKHI include, but are not limited to:
· Applying appropriate physical, electronic, and procedural controls in relation to the collection, storage, and disclosure of Personal Data
· Protecting Personal Data during transmission through the use of encryption protocols and secure communication technologies
· Implementing technical security measures such as firewalls, antivirus software, and other security technologies
· Regularly monitoring SAKHI systems for potential vulnerabilities or security incidents and conducting penetration testing to further strengthen security controls
SAKHI reviews and evaluates these security measures on an ongoing basis to ensure the continued security of Personal Data processing activities.
Your SAKHI account is protected by authentication controls to ensure that only you and authorised SAKHI personnel can access your account information. While SAKHI makes every reasonable effort to safeguard Personal Data, the security of your information also depends on the security of the device you use to access SAKHI services and the measures you take to protect your credentials, including user IDs and passwords.
To help keep your Personal Data secure, we encourage you to take appropriate steps to protect your login credentials and any information required to access SAKHI services.
If you receive suspicious or fraudulent communications, or if you require assistance relating to SAKHI’s digital services, please contact the SAKHI Customer Service Helpdesk or Call Centre on +966 800 111 0150.
WHAT HAPPENS IF THERE IS A PERSONAL DATA BREACH?
While SAKHI implements appropriate measures to protect your Personal Data, risks to data security may still arise, and there is always a possibility of unauthorised access, use, disclosure, alteration, or destruction of Personal Data.
In the event of a Personal Data Breach, SAKHI will assess the incident and, where required by applicable laws and regulations, notify affected individuals of the breach, its potential consequences, and the measures taken to mitigate any associated risks. SAKHI will also inform individuals of any steps they may take to reduce the potential impact of the breach.
For the purpose of reporting a Personal Data Breach or for further information on how SAKHI manages and responds to such incidents, you may contact SAKHI at dpo@Sakhi.com
The SAKHI website and mobile application may, from time to time, contain links to external websites or platforms. Where you choose to follow a link to any external site, please note that such sites operate independently and have their own data privacy notices and practices.
SAKHI does not control and is not responsible for the content, data privacy notices, or data handling practices of external websites. We encourage you to review the applicable privacy notices of any third-party sites before submitting any Personal Data.
SAKHI has appointed a Data Protection Officer (“DPO”) to oversee compliance with this Data Privacy Notice and applicable data protection laws and regulations.
The DPO is responsible for monitoring compliance, providing guidance on data protection matters, and acting as a point of contact for Data Subjects and supervisory authorities.
You may contact the SAKHI Data Protection Officer at:
Email: dpo@Sakhi.com
For Data Subject Rights-related requests, please use the form below.
https://sakhi.com/docs/dsr-en.pdf
HOW LONG DOES SAKHI STORE YOUR DATA FOR?
SAKHI will retain your Personal Data for as long as there is an ongoing relationship between you and SAKHI.
Once the relationship has ended, SAKHI will retain your Personal Data for a period necessary to:
· Maintain business records for analysis, audit, and internal governance purposes
· Comply with applicable legal, regulatory, and record-retention requirements
· Establish, exercise, or defend existing or potential legal claims
Personal Data will be securely deleted or anonymised when it is no longer required for these purposes. Where, for technical reasons, certain Personal Data cannot be fully deleted from SAKHI systems, SAKHI will implement appropriate measures to prevent any further processing or use of such data.
In certain circumstances, you may request the deletion of your Personal Data. Additional information regarding deletion requests is set out in the “What Are Your Rights?” section of this Notice.
If you have any questions, concerns, or requests relating to the way your Personal Data is processed, you may contact the SAKHI Data Privacy Office using the details below:
Email: dpo@Sakhi.com
If you wish to submit a complaint to the relevant supervisory authority, you may first contact SAKHI and we will provide you with the appropriate guidance and contact details, where required.
SAKHI is committed to working with you to achieve a fair and timely resolution of any concern or complaint you may raise. Where you believe that SAKHI has not adequately addressed your concern, you retain the right to submit a complaint to the competent data protection authority in accordance with applicable laws.
SAKHI may update this Data Privacy Notice from time to time to reflect changes in legal requirements, regulatory guidance, or SAKHI’s data processing practices.
Customers are encouraged to review this Notice periodically to remain informed of how SAKHI protects and processes Personal Data.
GLOSSARY OF TERMS AND DEFINITIONS
|
Term |
Definition |
|
Applicable Law(s) |
Means all applicable laws and regulations relating to data protection and privacy, the processing of personal data, that apply on which this policy is updated in KSA including without limitation, as amended or replace: |
|
Authority(ies) |
Means legal, supervisory, regulatory, governmental, and quasi-governmental bodies such as Saudi Central Bank ("SAMA"), the Capital Market Authority (“CMA”), and Zakat, tax, and customs authority etc. |
|
Automated Processing |
Means Processing that is conducted using an electronic application or system that operates automatically, either independently without any human intervention or under the supervision and limited intervention of a human. |
|
Consent |
Means the Consent by which the Data Subject authorizes SAKHI or third parties to process their Personal Data, provided that such Consent is freely given, informed, clear, specific, explicit, and unambiguous indication of the Data Subject's agreement, by a statement or by a clear affirmative action, to the Processing of their Personal Data, including written or verbal consent or by using electronic methods |
|
Consumer(s) |
Means a Customer for the purpose of SAMA's Financial Consumer Protection Principles and Rules. A natural person who is a beneficiary of products and services provided by SAKHI , with or without charge, to satisfy their personal need or others’ needs. |
|
Consumer(s)/Customer(s) |
Means a Customer for the purpose of CBUAE Consumer Protection Regulation and the accompanying Standards. A Customer is any natural person or sole proprietor who obtains or may prospectively obtain Services and/or products from SAKHI, with or without charge, to satisfy their personal need or others’ needs. A Customer hence includes a Prospective Customer. |
|
Data Breach(es) |
Means, as per KSA Personal Data Protection Law, Any incident that leads to the Disclosure, Destruction, or unauthorized access to Personal Data, whether intentional or accidental, and by any means, whether automated or manual. |
|
Data Controller(s) |
Any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and/or carries out processing directly or through a Data Processor. |
|
Data Processor |
Means Any Public Entity, natural person or private legal person that holds or processes Personal Data on the instructions, for the benefit and on behalf of the Data Controller, but does not exercise responsibility for, or control over the Personal Data. |
|
Data Protection Officer (DPO) |
Means any natural appointed by the Controller or the Processor who undertakes responsibilities to verify that the entity he belongs to complies with the Personal Data Protection controls, requirements, procedures, and rules provided for herein, and to verify the integrity of its systems and procedures to achieve the compliance with the provisions hereof. |
|
Data Protection Regulator |
Means any governmental or regulatory body or authority with responsibility for monitoring or enforcing Applicable Law(s). |
|
Data Rights Request |
Means specific rights that individuals may exercise depending on the jurisdiction they are based in and the maturity of their local data protection laws. Such legislation bestows on individuals several rights that they may exercise. |
|
Data Subject Right(s) |
Means the set of rights afforded to individuals, as per Applicable Data Protection Law(s), who request information about the Personal Data collected or stored by SAKHI and to exert choice or control over how that data is used by SAKHI in accordance with Applicable Data Protection Law(s). |
|
Data Subject(s) |
Means the individual to whom the Personal Data relates to. |
|
Data Transfer(s) |
Means the transfer of data from one jurisdiction to another. |
|
Destruction of Personal Data |
Means Personal Data no longer exists. |
|
Encryption |
Means the process of encoding information stored on a device and can add a further layer of security. It is considered an essential security measure where Personal Data is stored on a portable device or transmitted over a public network. |
|
Know Your Customer or KYC |
Means mandatory requirements to ensure updated information about SAKHI Customers, to perform identity verification and prevention of illegal transactions through the business relationship with SAKHI such as money-laundering, identity theft. |
|
KSA Data Protection Law |
Means the provisions of the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443 AH and amended by Royal Decree No. (M/148) dated 5/9/1444 AH. The Implementing Regulation of the Personal Data Protection Law, and Regulation on Personal Data Transfer outside the Kingdom. |
|
Personal Data |
Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an identification number or to one or more factors specific to their biological, physical, biometric, physiological, mental, economic, cultural or social identity. |
|
Processing |
Means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. |
|
Processor(s) |
Means an establishment or a natural person who processes Personal Data on behalf of the Controller and under his supervision and instructions. |
|
Profiling |
Means a form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to the Data Subject. |
|
Saudi Central Bank or (“SAMA”) |
Means the Central Bank of Kingdom of Saudi Arabia. |
|
Special Category Personal Data (Sensitive Personal Data). |
Means the Personal Data revealing racial or ethnic origin, or religious, intellectual, or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown. |
|
Staff |
Means full time employees, insourcing staff, and contractors of SAKHI. |
|
Subject Access Request |
Means a request to receive a copy of one's data from an organisation in an accessible, readily available, and legible format. Such requests are limited to information that is specific and limited to that one individual. |
|
Supervisory Authority |
Means the local data protection regulators who are responsible for overseeing data protection compliance within a given jurisdiction. Such regulators are responsible for the following: · Monitoring and enforcing data protection compliance · Prepare key guidance documents · Proposing and approving codes of practice · Investigate complaints made by data subjects · Preparing guidance The KSA Supervisory Authority is the Saudi Authority for Data and Artificial Intelligence (“SDAIA”). |