privacy-policy-banner-en

Privacy Notice

Introduction

The Saudi Investment Bank (‘SAIB’, ‘Bank’, ‘Us’, ‘We’, ‘Our’) is committed to protecting the privacy and security of your Personal Data. This privacy notice (‘Notice’) is addressed to the individuals based in the Kingdom of Saudi Arabia (‘KSA’).

This Notice aims to provide you with clear and transparent information about how we collect, use, and protect your Personal Data in compliance with the KSA Personal Data Protection Law approved by the Royal Decree No. (m/19), dated 1443/02/09 (corresponds to 16 September 2021) and amended pursuant to Royal Decree No. (m/148) dated 1444/09/05 (Corresponds to 27 March 2023) (“Law”). Your Personal Data may be obtained when using our website https://www.saib.com.sa as well as the choices you can make about our collection and use through other channels. Our website may contain links or have a mechanism of re-direction to other websites and in that case refer to the website specific privacy notice for reference.

This Notice applies to you (‘Customer’) including current, former or prospective customer of our products, services and/or businesses including any credit facilities, credit cards, debit cards, forex instruments, cheques, any other payment instruments, remittance services (both inward and outward), currency exchange services, prepaid payment instruments, loans, any other credit transactions related products or services, insurance products, investments, wealth management, estate management, credit assessment, financial products, advisory services, investment advisory services, trading accounts, savings or current accounts, any other accounts, deposits, transfers, referrals, cash management, payment services and products, payment gateway, wallets, merchant acquiring, PSP services, Third Party Application Provider (TPAP) services, Point of Sale (POS) services, collections, distributions, agencies, trusts Sharia compliant finance and investment products etc. Our products and/or services will outline specific terms and conditions and can be read in conjunction with this Notice (where applicable).

Policies

  1. Personal Data and Processing

    Personal data means any data by which you may be identified as a living individual which may include your name, your address, your photo, etc. In order to operate as a Bank and offer you customized products and services, we may process your Personal Data. Processing means operations performed on Personal Data, e.g., collecting, recording, saving, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, sharing etc.

  2. Controller and Processor

    The Saudi Investment Bank is the Bank’s registered business name. The registered Head Office of The Saudi Investment Bank is 8081 Sheikh Abdul Rahman bin Hassan Al Wizarat, Al Maather Unit No 2, AR Riyadh 12622-3144, Kingdom of Saudi Arabia.

    For the purposes of the applicable Law, the Bank is the Data Controller in respect of the Personal Data that we collect and process about you. This is because the Bank in most cases determines why and how your Personal Data is processed.

    In some cases, the Bank may act as a Data Processor when processing your Personal Data on behalf of another SAIB entities or subsidiaries. In these cases, the Bank carries out the processing of Personal Data under specific instructions from the entity or subsidiaries acting as a Data Controller.

  3. Your Personal Data

    We may collect and process your Personal Data to the extent necessary to provide a high standard of personalised products and/or services. We may collect and process different kinds of Personal Data about you, which may include:

    1. Identifying information: such as name, date of birth, nationality, qualifications, certifications, emergency contact, photos, video recording, passport, visa or work permit, national ID or Iqama, gender details, location data and publicly available data.
    2. Contact information: including address, phone numbers, and email.
    3. Family information: including marital status, spouse details, and children details.
    4. Financial information: such as financial transaction, bank account details, bank card number, credit data, investment portfolio details, and tax identification details
    5. Professional information: covering employee details, career history, and salary records.
    6. Website technical data: comprising IP addresses and browser details.
    7. Sensitive data: Any personal information that includes references to an individual's racial or tribal origin, religious, intellectual, or political beliefs, or indicates their membership in associations or civic institutions. This also includes criminal and security data, biometric data that identifies the individual, genetic data, credit data, health data, location data, and data that indicates the individual is an orphan or has an unknown parent or parents.
    8. Website profile and usage data: encompassing marketing preferences.

    Moreover, when we process Personal Data related children or incompetents’, we will notify the Legal Guardian and obtain the necessary consent.

     

    We may collect your Personal Data in a number of ways:

    • When you apply for a product and/or service from our website or through other channels such as mobile application, phone conversations, branches or directly from one of our employees.
    • When you provide it online or by other methods of communication such as email, ‘can we help you’ chats, phone conversations or branch visits.
    • When you visit the website through internet capturing your Internet Protocol (IP) address.
     

    We may obtain your Personal Data indirectly from third parties in the following ways:

    • Following an introduction to us by another third party, such as law firm, or management consulting.
    • If another person provides your Personal Data to us when they obtain a product or service from us on your behalf, that is to be held jointly with you, on behalf of business of which you are a director, shareholder, owner, trustee or beneficiary (as applicable) or they have nominated you as a guarantor under our agreement with them or to provide any other security or informed us that you are a donor or lender / financer.
    • When we carry our searches for the purposes of processing your application and/or during the course of your relationship with us.
    • In response to our marketing activities, you request information about our products via a third party (e.g. website and social media platforms).
     

    We have outlined below the types of possible processing activities and their purposes:

    • Account Management: We may process your Personal Data to manage account activities including account opening, account closing, account updates, account maintenance, account reconciliation, sending account statements, account related queries or complaints and others.
    • Transactions: We may process your Personal Data to fulfil financial transactions such as deposits, withdrawals, payments, transfers, Sharia compliant transactions and others.
    • Know Your Customer (KYC) update: We may process your Personal Data to identify and verify your identity while account opening and periodically over time.
    • Business operations: We may process your Personal Data to manage business operations related activities including changes to the business, legal and regulatory compliance reporting, auditing, monitoring communications and activities related to your account, anti-money laundering checks, protecting the safety and welfare of individuals, bank’s property and assets, monitoring unauthorised access or activities on our systems, detecting fraudulent transactions and others.
    • Credit Assessment: We may process your Personal Data to evaluate your credit worthiness when applying for loans, Financing mortgages, credit cards, or any Sharia complaint Financing
    • Risk Assessment: We may process your Personal Data to assess risks associated with providing you with our products and/or services to prevent fraudulent activities.
    • Delivery: We may process your Personal Data to deliver our products to you in the form of cards, statements, rewards and others.
    • Marketing: We may process your Personal Data to market and promote our products and services tailored to your needs and preferences except sensitive data.
    • Research and statistical analysis: We may process your Personal Data for research and statistical analysis to develop and provide you with customised products and services.
    • Customer Service: We may process your Personal Data to support your queries/requests on recent purchases and/or orders and providing timely updates and others.
    • Safeguard interests: We may process your Personal Data to safeguard interests of you and the bank including managing queries/use of your rights, fraud monitoring and investigations, claims made by or against us or our customers and others.
    • Legal and regulatory obligations: We may process your Personal Data to comply with the legal and regulatory obligations including managing requests from government bodies, responding to judicial proceedings, requests or other inquiries.
     

    You may be not required to provide any of the Personal Data that we request. However, failure to do so may result in us being unable to open or maintain your account, provide services and/or products to you or your organisation, discuss any other opportunities with you or deal with other matters.

  4. Legal Basis

    We will use a legal basis to process your Personal Data. This means we will have a legal justification to use your Personal Data, as required by the Law. We may rely on the following legal basis to process your Personal Data if collected from you under the Law:

    • Your consent (we will let you know on a case-by-case basis should we require your consent).
    • Processing achieves a definite interest for you, and it is impossible or difficult to contact you.
    • Processing is required by applicable Laws and is performed in accordance with them.
    • Processing is performed in order to perform an agreement to which you are a party.
    • Processing is necessary for the purpose of our legitimate interest.
     

    We aim to ensure that as a rule we will use your Personal Data in accordance with the purposes, as specified in Section 3. However, please note that pursuant to the Law we may also collect and process your Personal Data for purposes other than the ones specified in Section 3 for which Personal Data was collected. It may happen in the following circumstances:

    • If you give your consent to such collection and processing.
    • If your Personal Data is publicly available, or if it was collected from a publicly available source.
    • If collection and processing is required for your vital interests.
    • If collection or processing of your Personal Data is necessary to protect public health or safety, or to protect the life or health of you or other individuals.
    • If your Personal Data is recorded or stored in a form that makes it impossible to identify you directly or indirectly.
    • Collection of your Personal Data is necessary to achieve our legitimate interests (in this case, we will not process your Sensitive Data, e.g., Credit Data, Health Data).
  5. Personal Data Disclosure

    We may, as could be required for the purposes listed in section 3, disclose your Personal Data to the following:

    • Other entities or subsidiaries of SAIB Group.
    • Service providers, vendors, agents, consultants, intermediaries etc., who perform services or assist us to operate the business or provide products or services such as IT companies, Legal firms etc.
    • Entities or persons with whom we have tie-ups for the co-branded services, products or programs, any rewards programs or loyalty programs, any benefits, offers, features or any similar arrangements.
    • With co-lenders / Financers, co-originators, collaborators, and persons with whom SAIB or its affiliates may have a tie-up for products or services.
    • Insurance, health or legal services, any member of our group, current or potential clients, suppliers, subcontractors and other business contacts in the ordinary course of our business.
    • Third-party banks, financial institutions, credit card associations or other card payment and platform providers, payment recipients, beneficiaries, nominees, intermediaries and their banks, financial clearing houses and clearing or settlement systems and specialised payment companies or institutions such as Electronic Clearing Service (ECS), ESAL, ATM portability, SARIE, SWIFT, MADA etc.
    • Security brokers, stock exchanges, Financial Technology (Fintech) entities or service providers, third party fund managers, and securities clearing houses (if you have invested with us).
    • Current or potential business partners, professional advisors and consultants involved in the management of our business or derivations.
    • Any applicable regulatory authorities (governmental, statutory, regulatory, executive, law-enforcement, investigating or judicial/ quasi-judicial authorities, departments, instrumentalities, agencies, ministries, institutions, boards, commissions, courts, tribunals, etc.) or other third parties as could be required by Law or in accordance with other regulatory obligations or policies applicable to us or to you.
     

    We may disclose your Personal Data, in the following cases:

    • You consent to the disclosure.
    • Your Personal Data has been collected from a publicly available source.
    • The entity requesting disclosure is a public entity, and the collection or processing of your Personal Data is required for public interest or security purposes, or to implement another Law, or to fulfil judicial requirements.
    • The disclosure is necessary to protect public health, public safety, or to protect the lives or health of specific individuals.
    • The disclosure will only involve subsequent processing in a form that makes it impossible to directly or indirectly identify you.
    • The disclosure is necessary to achieve our legitimate interests (in this case, no Sensitive Data (e.g., Health Data, Credit Data) will be processed).
  6. Cross-border Transfer

    We may be required to transfer your Personal Data for processing outside of the KSA. In such cases, we will comply with the requirements of the Law regarding the cross-border Personal Data transfers, as well as with the requirements of other Laws and regulations, where applicable.

  7. Data security

    We have put in place appropriate technical measures, administrative controls and legal safeguards to:

    • Prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (e.g., access control, network security, communication security, policies and procedures, encryption and other techniques).
    • Deal with any suspected Personal Data breach, and we will notify you and the Competent Authority of the breach where we are legally required to do so based on the requirements outlined in the Law.
  8. Retention

    We will retain your Personal Data for the period outlined as per the SAIB’s related retention policies, legal and regulatory obligations or any other period necessary for us to meet our operational obligations such as maintaining accounts, facilitating client relationship management, responding or defending against legal claims or regulatory requests etc. However, we will retain your personal data after completing its purpose in the event that there is a regularity requirement that requires keeping it for a specific period, and in the event where a case pending with judicial authority.

  9. Your rights

    In accordance with the Law, you may exercise the following rights:

    Right to be informed

    You have the right to be informed of:

    • the valid legal or practical justification for collecting your Personal Data and
    • The purpose for collecting your Personal Data.
    Right to have access to your Personal Data You have the right to have access to your Personal Data that is held by us.
    Right to request obtaining your Personal Data You have the right to request your Personal Data held by us in a readable and clear format.
    Right to request correcting, completing or updating You have the right to request correction, completion or updating of your Personal Data, which is held by us
    Right to request erasure (destruction) You have the right to request erasure (destruction) of your Personal Data available to us, which is no longer required by us. Moreover, we may continue to retain personal data to comply with legal and regulatory obligations.
    Right to withdraw consent You have the right to withdraw your consent at any time, which you previously gave in relation to processing of your Personal Data. Moreover, in cases where consent is withdrawn, we may not be able to provide certain products or services that depend on processing your Personal Data
    Right to complain You have the right to submit any complaint to the Competent Authority that may arise out of the Law.

    Please contact us via digital channels, phone banking and branches if you would like to know more about your rights or if you would like to exercise any of them.

  10. Marketing from Us

    We may use your Personal Data for marketing/advertising except sensitive data purposes to inform you about our products and/or services based on the consent provided. You may ask us to stop sending the marketing messages by following the opt-out links on any marketing message sent to you or by contacting us via phone banking at any time. When you opt-out of receiving these marketing messages, you will no longer receive them.

  11. Social Media

    SAIB operates channels, pages, and accounts on social media sites to be able to inform, assist, and engage with you in order to improve our products and services. Please do not share any personal information on our social media sites. If you wish to communicate with us, please contact us via phone banking. SAIB shall not be responsible for any information posted on those sites other than the information posted by its employees on its behalf.

  12. Automated decision-making

    Your Personal Data may be processed through automated decision making using tools and technologies to make credit decisions, and determine eligibility for our products and/or services. Moreover, we may also use automated decision making to perform anti-money laundering and sanction checks to determine if your activity is consistent with money laundering or known fraudulent conducts.

  13. Your use of our website

    We may use (“Cookies”) to monitor user activity on our websites. A Cookie is a small piece of information stored on your computer's hard drive, tracking your interactions with our website. This enables us to gain insights into how customers navigate our website, facilitating its ongoing development and enhancement. Should you have any further inquiries, please refer to the cookie policy or contact us via phone banking.

  14. Review and Updates

    Our products, services, facilities, features and/or functionalities are subject to change and therefore, any changes we make to our last updated Notice on August-2024 will be posted on our website and, when appropriate, we will notify you of the change via email. Please check back frequently to see any updates or changes to our Notice.

  15. Contact Us

    Keeping your Personal Data accurate and up to date is very important for us. Please keep us informed if any of the information we hold about your changes during your relationship with us. If you have any queries, comments or requests regarding this Notice, or you would like to exercise any of your rights set out above, please contact us via digital channels, phone banking and branches.