Privacy Policy for Nayifat Finance Company

Effective Date: 01-09-2024

This Privacy Policy describes how Nayifat Finance Company (“we,” “us,” or “our”) collects, uses, and shares information collected from users (“user,” “you,” or “your”) of the Nayifat Portal/Nayifat App in compliance with the Saudi Personal Data Protection Law (PDPL) and National Data Management Office (NDMO) requirements.

Information We Collect

  1. Personal Information: We may collect certain personal information, such as your name, email address, phone number, national ID, or similar identifiers when you voluntarily provide this information to us, for instance, when you create an account or contact us for support.
  2. Usage Data: We may automatically collect information about your device and how you interact with the App, such as device information (e.g., device type, operating system), IP address, usage patterns, and browsing history within the App.
  3. Location Information: With your consent, we may collect and process information about your approximate or precise location using various technologies, including GPS and Wi-Fi.
  4. Cookies and Tracking Technologies: We use cookies and similar tracking technologies to enhance your user experience and collect data about how you use the App or Portal. You can manage your cookie preferences through your browser settings.

How We Use Your Information

We may use the collected information for the following purposes, in accordance with PDPL and NDMO guidelines:

  • To provide and maintain the App’s functionality and services.
  • To personalize your experience and improve our App.
  • To communicate with you, respond to your inquiries, and provide customer support.
  • To analyze usage trends and optimize the App’s performance.
  • To comply with legal obligations, prevent fraud, and resolve disputes.
  • To send you promotional materials or updates about our services, with your consent where required by applicable law.

We ensure that your data is used only for the purposes described above and in line with the data minimization principle under PDPL.

Legal Basis for Processing

We process your personal data in accordance with the PDPL based on the following legal grounds:

  • Consent: When you have explicitly consented to the processing of your personal data for a specific purpose.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you.
  • Legal Obligation: Where we are required by law to process your data.
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as fraud prevention or enhancing security, provided those interests do not conflict with your rights under the PDPL.

Data Sharing and Disclosure

We will not share or disclose your personal data except under the following circumstances:

  • With service providers or third-party vendors who assist us in operating the App and providing services to you. These service providers are required to comply with PDPL and NDMO standards.
  • In response to legal requests, court orders, or in compliance with applicable laws and regulations.
  • If our business undergoes a merger, acquisition, or sale, your information may be transferred as part of that transaction, in accordance with the PDPL.
  • With government entities and regulatory bodies, as mandated by law.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, in line with the PDPL and NDMO’s Data Retention and Disposal Policy. We will delete or anonymize your personal data when it is no longer needed, except where the law requires us to retain it for a longer period.

Data Transfer and Storage within Saudi Arabia

In compliance with PDPL and NDMO regulations, all personal data, including Personally Identifiable Information (PII), is stored and processed exclusively within the Kingdom of Saudi Arabia (KSA). No PII is transferred or stored outside of KSA. All data storage systems are located within Saudi Arabia and comply with the data localization requirements set by the NDMO.

Your Rights Under PDPL

Under the Saudi PDPL, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request access to your personal data.
  • Right to Correction: You can request the correction of any inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request the deletion of your personal data when it is no longer necessary for the purposes it was collected.
  • Right to Restriction: You can request to restrict the processing of your personal data in certain circumstances.
  • Right to Withdraw Consent: If processing is based on your consent, you can withdraw your consent at any time.
  • Right to Object: You have the right to object to the processing of your personal data in specific situations, such as for direct marketing purposes.

Security

We implement security measures that align with PDPL and NDMO standards to protect your personal data from unauthorized access, loss, or disclosure. These include encryption, access controls, and secure storage solutions. However, no method of transmission over the internet is entirely secure, so we cannot guarantee absolute security. In the event of a data breach, we will notify the National Cybersecurity Authority (NCA) and affected individuals in accordance with PDPL requirements.

Children’s Privacy

Our App and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected personal information from a child under 18, we will take immediate steps to delete that information in compliance with PDPL.

Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, or if you wish to exercise your rights under the PDPL, please contact us at:

  • Phone:[8001000088]
  • Email: [privacy@nayifat.com]

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to ensure continued compliance with PDPL and NDMO regulations. Any changes will be communicated by posting the revised policy on this page. We encourage you to review the Privacy Policy periodically to stay informed about how we protect your information.