Privacy

Confidentiality of your information is an important issue for Alinma Bank. Therefore, we have a commitment to our clients and work hard to guarantee confidentiality of their information. And while information is considered a key element in our ability to provide you with a high quality service, your trust remains the major drive. Hence, Privacy and security of our client’s information and using them strictly in accordance with their wish fall in the forefront of our priorities at the bank. On these bases stands our promise to every client that we shall:
 
1. Secure every and any information provided by our clients with the most accurate security and privacy standards.
 
2. Restrict the amount of information and their use to the minimum requirement needed to manage and operate our work and to provide you with a high quality service, including introducing to you our products, services and other opportunities offered to them.
 
3. Allow only permitted members, highly trained on client information management, to access our client's information, and any member of our staff who violates this commitment would be held accountable for violations or instructions of the bank.
 
4. Not share any of our clients’ information with any third party without our client’s written consent or agreement, or his authorization, or enforced by the law.
 
5. Maintain monitoring of confidentiality of our client’s information, but we would assist in facilitating some proper products and services provided by some prominent companies. Those companies would not be allowed to keep any of our client’s information unless the client clearly shows interests in their products and services.
 
6. Inform our clients clearly and direct them at least once a year on how to remove their names from the list of contacts and marketing of those companies. Our client can contact us at any time to remove his name from those lists.
 
7. Every time we use a third party for support services, we require that party to comply with our privacy policy standards and allow us to monitor and search their commitment to it.
 
8. For purposes of preparing credit reports, matching, and risk management, we would share information of our clients with prominent resource references and clearing house services.
 
We try to keep our client's profile complete, accurate and up – to – date. And we will inform our client's on how and where to access their account information easily (with exceptions of legally restricted cases), also with how to report to us of any mistake to be corrected.
 
We will frequently evaluate ourselves in order to ensure compliance with our standards of client's information privacy. And will practice our activity in such manners that fulfill our promise in every community we work in.
 
This section explains our policy concerning any personal information you may provide to us when you visit our site. Our goal is to protect your information on the internet with the same level of protection we provide you in all other points of service, branches, ATM machines and telephone.
 

Information confidentiality

 
Alinma Bank Internet Information Privacy Policy

 
1. You can visit this site, take a look at our products and services, read the bank's reports, look for employment opportunities, read the bank's latest news brief and other valuable services without having to provide us with any information about yourself.
 
2. If you provide us with any of your personal information (address, phone number or fax number) or any other basic or introductory information as a client of Alinma Bank, then we are committed to not disclose these information, share them with any person (or a third party), or sell them unless you are reported and we have your authorization, or enforced by the law. And we will protect these information and your activities and dealings through our strict usual standards of information security and confidentiality.
 
3. In order to serve you best and avoid suspected threats concerning information security and confidentiality, we would sometimes use “Cookies " – a bit of information downloaded in your PC explorer that you can remove later. These Cookies are often used to managerial purposes as: storing your preferences to certain kind of information or saving your password so you would not have to re-type it every time you visit our website. Most of these information remains only during every session or visit, and don not include anything that allows anyone to contact you through your phone or e-mail. You could always adjust your explorer to inform you when any Cookies are installed or to stop installing them. 
 
- To enhance the security of your transactions when accessing the bank's digital channels, certain information may be stored from your browser, including the search engine, geographical address, date, time, and URL. Additionally, your IP number will be automatically saved to ensure better protection.

Clarifications regarding the Privacy Policy

The privacy policy explains the personal data that is collected about the Customer and other persons (such as his family members or joint account holders), collection reason, sharing scope, retention period, and the Customer’s rights related thereto.

 

What is the Personal Data Protection Law and how is it implemented within the Bank? 

The updated version of the Personal Data Protection Law was issued on 05/09/1444 pursuant to a royal decree. The law included definitions, implementation scope, non-prejudice of the provisions of other laws, rights of the personal data subject, processing of personal data or changing the purpose of processing it, selecting the party to perform the processing task, setting periods for exercising access rights, data collection, data contents, data destruction, approval of data privacy policy, methods and elements of data collection, data disclosure, amending and updating data, etc.  

The Bank processes personal data in accordance with the articles of the law. This includes ensuring the availability of a legal basis for processing personal data, processing personal data in a fair, legal, transparent and secure way, setting controls for protecting personal data against loss, damage or destruction. The law applied by the Bank is the modified version of the Personal Data Protection Law.  

 

What are the Sources of Personal Data to be collected?

The Bank collect the personal data of the Customer from the following sources:

  • Applications of web browsers and cell phones.
  • Credit information service providers.
  • Authorized persons.
  • Service providers and external partners to help us in improving the personal data we maintain to provide the products and services related to the Customer.
  • Joint account holders.
  • Our partners in co-branded financial products and services, such as Alinma Investment Co.
  • Debt collection agents.
  • Advertisers and social media partners may share technical information and information about Customer access to them, including his experiences or interactions with them.
  • Databases provided by official authorities and authorized government sources to update/verify the Customer’s documents.
  • Publicly available sources.

 

What is the nature of Personal Data to be collected?

The personal data includes information about the Customer that the Bank collects and processes depending on the products and services to be obtained by him, as follows:

Type

Details

Personal Data

Name, previous names, photo, sex, date and place of birth

Contact information

e-mail, resident address (national address), office address and contact numbers

ID information

National ID, Iqama, passport numbers and any similar documents

Financial information

Account number, account statement, number of credit/debit cards, financial history, credit rate, authentication-related information

Economic, financial and resident information

Income and other revenues, asset value and country of residence

Credit data

Each personal statement related to requesting or obtaining a finance, whether for personal or family purpose from a financing entity, including any statement related to the Customer’s ability to obtain/fulfill a credit or credit history

Education and employment information

Education and employment level, employer’s name and wage.

Transactions

Details of payments from and to the Customer’s account, including settlement of any loan or credit facilities, beneficiaries’ names, accounts’ numbers, addresses and transaction details.

Correspondence

Information provided by the Customer through filling out any of the Bank’s forms or communicating with Bank (whether face-to-face, online, over the phone, e-mail, internet or otherwise)

Marketing

Details of any marketing preferences received from the Customer.

Video protection (including surveillance cameras)

Cameras monitoring the Bank’s facilities and ATMs for security reasons

Audio recordings

Telephone conversation when contacting the call center of the Bank. The Bank may also collect any telephone number used by the Customer to contact the Customer service team (including the call metadata, such as the date, time and length) or the social media ID the Customer uses to communicate with the Customer service team. Calls are registered for legal purposes as well as for the purposes of training and monitoring performance to create clear records.  

Sensitive information

The Bank may obtain personal data that includes reference to the individual’s ethnic or tribal origin, his religious, intellectual or political belief, or his membership in civil society organizations or institutions. As well as criminal and security data, biometric data that determines identity, credit data, health data, location data, and data that indicates that the Customer is of unknown parentage.

Biometric data

Finger prints, voice patterns, facial recognition, which can be used for identity determination in accordance with applicable rules and instructions and for security purposes, if required.

Health data

Required heath data will be collected and maintained for some insurance contracts

 

What is the purpose of collecting Personal Data?

The purpose of collecting personal data (the data shown in the table above) varies for each case of request submitted by the Customer to the Bank in terms of products or services, in addition to the records maintained for analysis and audit purposes, responding to inquiries or complaints, monitoring fraud and money laundering transactions, taking legal actions and responding to regulators’ requests.

 

Is the Provision of my Personal Data Mandatory or Voluntary?

In an effort to comply with legal or regulatory requirements; and in order for the Bank to provide the products and services, providing the Bank with personal data is necessary as per the request forms of the products or services requested by the Customer as well as through electronic channels of service delivery, where mandatory fields are marked with (*).

 

What is the automated Processing of Personal Data?

The manner in which personal data related to the services provided by the Bank is analyzed to issue resolutions about the Customer may include the following:

  • Credit and affordability checks (including credit limit) – the Bank shall take into account a number of factors, including information about the Customers income and expenditures and his compliance in previous payments.
  • Anti-Money laundering, sanction screening, and checking politically exposed persons (PEP).
  • Monitoring the Customer’s account to protect him against financial fraud and other financial offences. The Bank will evaluate the Customer’s transactions to identify suspicious ones.
  • Evaluations required by regulators and competent authorities.

 

For How Long should the Personal Data be retained?

The Bank maintains the Customer’s personal data in line with regulatory requirements. Data maintenance is necessary for the purpose for which data was collected, processed or requested under relevant rules and instructions. Data may be required for legal purposes, such as maintaining records for analysis and audit purposes, responding to inquiries or complaints, monitoring fraud and money laundering transactions, taking legal actions and responding to regulators’ requests.  

If the Customer cancels subscription in receiving marketing communication or objects to any further processing of his personal data, the Bank may document the Customer’s objection to confirm respect the Customer option.

 

How is Personal Data retained and protected?

The Bank uses a set of internal technical and organizational measures to keep personal data secure and protected against illegal processing, loss, destruction or damage, including encryption, anonymization, and physical security measures. The Bank’s employees and any external parties undertaking any work on behalf of the Bank should abide by strict compliance standards, including agreeing to contractual obligations to protect any personal data. 

The Bank has a legal obligation to maintain the confidentiality of the Customer’s personal data, except in circumstances where disclosure of such data is required by a legal authority, or in circumstances in which disclosure is made under the express consent of the Customer or his representative.

 

With whom can Personal Data be shared?

The personal data of the Customer may be shared with:

  • Authorized subsidiaries, for the purposes stipulated in the Privacy Policy.
  • Any joint account holders, trustees, beneficiaries authorized to receive the personal data of the Customer.
  • Any person managing the Customer’s account on behalf of him, including advisors (such as lawyers and accountant), brokers and persons holding an official Power of Attorney.
  • Providers of payment processing services and other companies employed by the Bank for processing Customer payments.
  • Providers of Credit information service approved by the government for compliance with mandatory legal and regulatory requirements.
  • Fund managers who provide asset management services and any brokers who introduce the Customer to the Bank or deal with the Bank on behalf of the Customer.
  • Independent third party service providers, such as collection agents.
  • The Bank’s commercial partners in hotels, restaurants, stores and airline companies who provide services with the Bank and service providers who provide services on behalf of the partners.
  • Insurance service providers, including insurance companies, brokers and related parties.
  • Data analysis service providers who improve the Bank’s website and applications by measuring the performance of the Bank’s online campaigns and analyzing the visitor’s activity.
  • Social media agencies to display messages to the Customer about the products and services of the Bank or ensuring that the Customer does not receive annoying messages.
  • Any persons or companies as required in connection with potential or actual corporate restructuring, merger or acquisition, including transferring any of Bank’s rights or duties under an agreement with the Customer
  • Law enforcement authorities, government agencies, courts, dispute resolution bodies, regulators, auditors and any party appointed by the Bank’s regulators to conduct investigations or audits of the Bank’s activities.

 

Does the Bank transfer Personal Data outside the Kingdom?

The Bank’s Head Office is located in Riyadh, Kingdom of Saudi Arabia. When the Bank (or its subsidiaries or service providers) transfers personal data to other countries, the Bank ensures that it has an appropriate level of protection and that such transfer is legal. This includes relying on adequacy resolutions issued by the relevant data protection authority and compliance with contractual terms of personal data transfer.

 

What are the Rights of Data Subjects?

As a personal data subject, the Customer shall have the following rights:

  1. The right to know, which includes being informed of the legal or practical justification for collecting his personal data and the purpose thereof, and that his data will not be processed at a later stage in a way that violates the purpose of its collection or in circumstances other than those stipulated in Article (10) of the law.
  2. The right to access his personal data. This includes reviewing personal data and obtaining a copy thereof free of charge, in a clear form that matches the content of the records, as determined by the relevant regulations, without prejudice to the requirements of the credit information law with respect to financial compensation and the provisions of Article (9) of the law.
  3. The right to request correction, completion and update of his personal data.
  4. The right to request destruction of his personal data that is no longer needed without prejudice to the provisions of Article (18) of the law.
  5. Other rights provided for in the law and set forth in the relevant regulations.

 

How to protect the Personal Data of Children

The Bank’s website and applications are intended for use only by persons who are at least 18 years of age. If the Customer is under 18, a parent or guardian should agree on behalf of him, as the Bank requires consent in connection with the use of the Customer’s personal data.

 

How to destroy Personal Data

Based on the rights of the personal data subject, the Customer shall have the right to request destruction of his personal data as stipulated in the Personal Data Protection Law. The approved mechanism for data destruction follows specific procedures aim to achieve the Customer request effectively and in line with legal controls. An automated work structure will be provided to ensure the activation of proper data destruction process, with the possibility of providing notifications to the data subject to track the status of the fulfillment of data destruction request. This approach seeks to ensure compliance with local rules and regulations related to personal data protection while achieving balance between individual rights and legal obligations.

 

Modifications to the Privacy Policy  

The Privacy Policy of the Bank was updated on 28/02/2023 and the Bank reserves the right to introduce amendments thereto at any time and for any reason and the Customer will be informed of the same accordingly.

Any amendments or modifications shall be effective immediately upon posting the updated policy on website. The Customer may waive the right to receive specific notice of each change or amendment.

The Bank recommends the Customer to read and review the policy on a regular basis to stay informed of the changes. When the Customer continues to use the Bank’s website and e-platforms after the date of posting the updated policy, the Customer acknowledges his acceptance of all modifications introduced to the Policy.

 
Finally...
Be confident that we will maintain confidentiality of your data. We will protect the privacy of your information automatically and on daily basis and without you having to request that. We, also, would like you to know that you can be confident and not only in protecting your data, but that we will provide you with all financial services available now and in the coming years.
 
Thank you for giving us the chance to serve your transactions and financial needs.