SALAMA Cooperative Insurance Company (“we” or “us”) is committed to respecting your privacy and recognize your need for appropriate protection and management of any personally identifiable information ("Personal Information") you share with us in alignment with applicable KSA personal data protection laws and regulations. We will only use your personal information to deliver the products and services you have requested from us, and to meet our legal responsibilities.
This Privacy Notice applies to all customers, visitors, users, and others (hereinafter referred to as "You" or the "User") who access or use our website or Mobile Application.
The intent of this Privacy Notice is to inform you about the following:
1. The type of information we may gather about you and the purpose for gathering it when you use our website or Mobile Application.
2. The use of the information gathered from you and who do we share it with.
3. Your rights to privacy when it comes to your personal data.
We fully understand how important your personal information means to you, and we will exert our effort to protect the security of your personal information. We have always been committed to maintain your trust and will stick to below privacy principles to protect your personal information: Right and Responsibility, Consistency, Explicit Purpose, Freely Given Consent, Minimization and Necessity, Assurance of information security, Participation, Fair and Transparency. We are also committed to take appropriate security measures to protect your information.
This Privacy notice shall apply to personal information about you and related parties that may be processed when you visit branches, or use our website or mobile application, apply for or use any product, service provided by us, handle any business or make any transaction with us, participate in any of our marketing events and surveys, and in any way contact or correspond with us, no matter the information is provided by yourself or by the related parties, or collected or acquired by us from other sources according to PDPL, regulation, regulatory provision, or based on your or related parties’ authorization or consent.
The Content of this Policy is set out to give below details as per KSA Personal Data Protection Regulations:
i. How We Collect Your Personal Information
ii. How We Use Your Personal Information
iii. How We Store Your Personal Information
iv. How We Protect Your Personal Information
v. How We Share, Transfer and Publicly Disclose Your Personal Information
vi. Special Circumstances for Information Processing
vii. Your Rights Relating to Personal Information
viii. How to Contact Us
ix. Protection of Children and like Personal Information
x. How We Use Cookies and Other Technologies
xi. Formulation, Effectiveness and Update of this Policy and Others
1. For the purpose of complying with law, regulation and regulatory provision, or as required for us to provide you or relevant parties with various products and services and continuously improve our products and services, or in order to contact or communicate with you or relevant parties, understand the needs of you or relevant parties, build, review, maintain and develop our relationship with you or relevant parties, we may receive and keep the personal information provided by yourself or by related parties, or, according to law, regulation, regulatory provision, your or relevant parties’ authorization or consent, collect, enquire, and verify by proper methods your and/or related parties’ personal information from/with members of the SALAMA or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, joint applicants).
2. The personal information we collect may be in paper, electronic or any other forms.
3. When you visit, browse, use our website and/or applications as a visitor, we may collect information about the browser or device you use (such as IP address, operating system, and browser version), your browsing actions and patterns. We use Cookies and other similar technologies to collect above information. You may disable Cookies by changing your settings (for details, please refer to section “How We Use Cookies and Other Technologies” in this notice).
The technical information which cannot identify any individual will not be treated as personal information. However, when such technical information can identify the individual alone or in combination with other information, we will protect it as your personal information.
We may invite you to subscribe to our updates, alerts or to participate in our marketing events or survey via our website and/or applications. If you accept relevant invitation, we may collect the information you provide to us by filling out contact forms or questionnaires, etc. The said information may include name, Iqama number, telephone number, email address, etc. refusal to provide such information will not affect your visiting, browsing, or using our website and/or applications.
4. When you are our prospect or existing individual customer/investor or relevant parties to the transactions, for us to provide you with our products/services and to handle relevant business, we may collect the following information upon your consent or authorization:
Purposes or Functions (Products/ Services/ Functions) | Personal Information we may need to collect |
To provide you with General Insurance like Medical Insurance, Motor Vehicle Insurance, Travel Insurance, etc. | a. Personal identity information, including name, sex, nationality, citizenship, National/IQAMA ID or Residence Number, Job Title, Nationality, Mobile Number, Email Address, Signature, occupation, telephone number, e-mail, contact information, birth date, place of birth, marital status, family status, place of residence (include historic address, contact address and permanent address), company/employer and job position, and any relationship with politically exposed person and relevant information etc.; b. Personal biometrics information, such as signature, handwriting, fingerprint, voice, face recognition information, etc. c. Personal account information, including account number, etc.
|
The above information is the basic information we must collect to provide you with our products or services, to perform our contract with you and to comply with laws, regulations, and regulatory requirements. If you refuse to provide those information (or the information so provided is incomplete, inaccurate, or untrue), you will not be able to use our regular products or services.
5. When you are a connected person/legal guardian of our prospect or existing non-individual customers or relevant parties to the transactions (including children, corporate, enterprise, institution and other legal entities) (Here we refer connected person/guardian means any other person with whom our prospect or existing non-individual customer has a relationship, including but not limited to, a director, supervisor or employee of a company, partners or members of a partnership, any shareholder, substantial owner, controlling person, or beneficial owner, trustee, settler or protector of a trust, account holder of a designated account, payee of a designated payment, representative, agent or nominee of the account holder, or the account holder’s principal where the account holder is acting on another’s behalf), we may collect the following information upon your or relevant customer’s consent or authorization:
Purposes or Functions (Products/ Services/ Functions) | Personal Information we may need to collect |
To provide you with General Insurance like Medical Insurance, Motor Vehicle Insurance, Travel Insurance, etc. | a. Personal identity information, including name, sex, nationality, National/IQAMA ID, occupation, job position, relationship with relevant customers (such as legal guardian/employment/shareholding/investment relationship), telephone number, e-mail, contact information, birth date, place of birth, place of residence, work address, photo, personal virtual identity and authentication information, any relationship with politically exposed person (“PEP”) and relevant information etc. b. Personal biometrics information, such as signature, handwriting, fingerprint, voice, face recognition information, etc. c. Any other personal information acquired during the establishment or maintenance of business relationship for the performance of contracts or for compliance with laws, regulations, and regulatory requirements, e.g., person information included in the customer documentation, personal information arising from any suspicious and unusual activity investigation, correspondence or other communication records (including video or audio records, call log and correspondence records and contents). |
The above information is the basic information we must collect to provide relevant customer or relevant parties to the transactions with our products or services, to perform our contract with you or relevant customer and to comply with laws, regulations, and regulatory requirements. If you refuse to provide those information (or the information so provided is incomplete, inaccurate, or untrue), you or relevant customer will not be able to use our regular products or services.
6. You may decide, at your free choice, to provide us, or allow us to collect from you or any third party as you agree, the following information for the following purposes or functions:
Purposes or Functions (Products/ Services/ Functions) | Consent Information we may need to collect |
Message service functions | Your account and transaction information |
Appointment for policy information, other services | Your name, mobile phone number, ID document type and number, tax residence, address, email, telephone number, fax number |
To provide you with more accurate, personalized, and convenient service and improve customer service experience | Information you provide when raising your feedback, suggestion or complaint, information you input when participating in campaigns or surveys, category, methods, operation information. |
You can choose not to provide such information. Your failure to provide such information will make you unable to participate or utilize the corresponding convenience or functions but will not affect your normal use of our other services.
7. We obtain most of your personal information directly from you and through the products and services you use. Some information may be obtained from other sources. For example, we may verify some of the information you give us with your employer or our references. Generally, when we obtain information from someone other than you, (such as LUX, and other third parties we may have we record the source of that information). We may obtain your consent in writing or through electronic means before collecting personal information. In some cases, we may be as required by law to obtain your explicit consent, in which case we ensure that we do so.
1. We will use your information to realize the purposes and functions mentioned in above section of this Policy “How We Collect Your Personal Information”.
2. When you visit, browse, use our website and/or applications as a visitor, we may use your information for the following purposes:
i. to respond to your queries and requests.
ii. to provide you with information, products, or services that you request from us or which we feel may interest you, subject to your prior consent.
iii. to perform contracts or agreements entered between you and us.
iv. to allow you to interact with us at our website and/or applications.
v. to notify you about changes to our website and/or applications.
vi. to ensure the content of our website and/or application is presented in an effective manner on your device.
vii. to maintain proper and secure operation of website and/or applications as well as insurance business, to prevent and control risk, or to detect and prevent misuse or abuse of our website, applications, products, or services.
viii. to meet the compliance obligations of us, or to comply with any applicable laws and regulations that we are subject to; and
ix. to make statistics and analysis of the use of our business, products, services, or functions. But such statistics will not contain any of your personally identifiable information.
3. When you are our prospect or existing individual customer or a connected person or a guardian of our individual/ non-individual customers, we may use your information for the following purposes:
i. to provide you or related parties with products or services, to recognize or verify the identity of you and related parties, or to approve, manage, handle, execute or effect transactions requested or authorised by you or related parties.
ii. to comply with any applicable Laws and any order or requirement from any authority.
iii. to perform SALAMA’s compliance obligations (including regulatory compliance, and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by SALAMA for the performance of compliance obligations.
iv. to enforce or defend SALAMA, or to perform SALAMA’s obligations.
v. as required by or to fulfil SALAMA’s reasonable operational requirements (including for data statistics, analysis, processing, and handling, archiving, and recording, system, product and service design, research, development and improvement, planning, insurance, audit, and administrative purposes).
vi. subject to your or relevant parties’ authorization, market or promote relevant products or services to you or relevant parties, to assess your or relevant parties’ interests in relevant products or services, or to conduct market research or survey or satisfaction survey; and
vii. to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.
4. The above information collection and use in this notice shall not impact our use of your information for the purposes as otherwise agreed between you or related parties and us.
5. If we use your personal information for the purposes other than the purposes of collection and use as set forth in this notice or in other agreement between you or related parties and us, we shall obtain your consent before using your personal information for such additional purposes.
We comply with KSA laws and requirements on data storage. When we collect or process your information, we will, according to applicable laws and regulations, regulatory, archival, accounting, auditing, or reporting requirements, and the purposes as set forth in this notice, store your information for a period as minimum as necessary to fulfill the purposes of information collection. Personal data collected from the website and/or mobile applications are being stored on our servers located within the Kingdom of Saudi Arabia governed by appropriate security techniques to protect and preserve the data. After the retention period expires, we will destroy, delete or de-identify relevant information, or where the destruction, deletion or anonymization is not possible, store your personal information securely and separate it from other data processing. The requirements do not apply to the information that needs to be retained according to applicable laws and regulations, regulatory, archival, accounting, auditing, or reporting requirements, special agreement between you or relevant customers and us, or for settlement of indebtedness between you or relevant customers and us or bond issuer, or for record check or enquiry from you, relevant customers, regulators, or other authorities. We might require keeping your personal data even after the purpose of its collection has ended in the following cases:
a. If there is a legal justification for us to keep it for a specified period by law, regulation, or for security reasons
b. If the personal data is closely related to a case before a judicial authority and its retention is required for this purpose
c. If all personal elements have been anonymized
1. Information security is our top priority. We will always endeavor to safeguard your personal information against unauthorized or accidental access, processing, or damage. We maintain this commitment to information security by implementing appropriate physical, electronic and managerial measures to secure your personal information. We will take responsibility in accordance with the law if your information suffers from unauthorized access, public disclosure, erasure, or damage for a reason attributable to us and so impairs your lawful rights and interests.
2. We maintain strict security system to prevent unauthorized access to your personal information. We exercise strict management over our staff members who may have access to your personal information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information security related policies and procedures, and information security related training offered to staff.
3. We will not disclose your personal information to any third party, unless the disclosure is made to comply with laws, regulations, and regulatory requirements or according to this Policy or other agreement (if any) or based on your or related parties’ separate consent or authorization. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by the security standards of this Policy when processing personal information.
4. For the security of your personal information, you take on the same responsibility as us. You shall properly take care of your personal information, such as your account information, identity verification information (e.g., username, password, dynamic password, verification code, etc.), and all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, devices, or other media. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
5. We will organize regular staff training and drills on emergency response. If unfortunately, personal information security incident occurs, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements set out in law and regulation, inform regulatory authorities about the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions to prevent and mitigate the risk, and applicable remediation measures.
1. Entrusted Processing and Sharing
For the purposes set out above in the SALAMA Privacy Policy, we may provide or disclose all or part of your personal information to the following recipients under the preconditions that such provision or disclosure is necessary and is made with proper protective measures (please refer to section “How We Protect Your Personal Information” for details) and the recipients may also, for the aforesaid purposes, use, process or further disclose the information they receive provided that corresponding protective measures are adopted pursuant to the applicable laws or our requirements:
i. any member of the SALAMA.
ii. any contractor, subcontractor, agent, third party product or service provider, professional consultant, business partner, or associated person of the SALAMA (including their employees, directors, and officers).
iii. any regulator of SALAMA or any other authority, or any organization or individual designated by such regulators or authorities.
Subject to applicable laws and regulations, we will seek your separate consent and notify you of the data sharing/transferring, including the data receiver's identity, contact information, purpose of processing, method of processing and the type of personal information (if cross-border transfer involved, we will also notify you the manner and method of exercise your right).
We may disclose information about you to affiliated and non-affiliated third parties. If we do this, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information.
· Affiliates: We may share information about you within the SALAMA group for legal and regulatory purposes, to manage credit risk and other business risks, and to ensure we have corrected and up to date information about you, such as your current address, date of birth, etc. We may also share your information to better manage your total relationship with the SALAMA group and enable other members of the SALAMA group to bring suitable products and services to your attention, such as mutual funds and brokerage accounts. SALAMA will share your information within the SALAMA group for these purposes unless prohibited by law or you tell us not to do so.
· Authorized Business Partners: We may partner with other companies to offer you products or services. We may disclose personal information and/or non-personal or de-identified information collected about you to such third-party partners for the purposes of providing those services.
· Sharing information where ownership or liability is shared with others: If you have a product or service where ownership or liability is shared with others, we may share your information with them in connection with the product or service. Also, if you authorize us, we may provide your information to your lawyer, accountant, or others you've identified.
· Government and Law Enforcement; Compliance; Other Purposes Permitted by Law: Notwithstanding any other provision of this notice to the contrary, we reserve the right to disclose personal information to others as we believe appropriate to comply with legal process and/or to respond to governmental or regulatory requests for any other purpose permitted by applicable law.
2. Transfer
Without your separate consent, we will not transfer your personal information to any other company, organization or individual. On exceptional cases to provide the cross-border service, after obtaining your consent, your information may be transferred abroad too. Under this circumstance, we will adopt appropriate, necessary, and effective security methods(encryption) to protect your information security. Also, we will inform you of the identity, contact etc. of the personal information recipient according to the requirements of applicable laws and regulations and request the personal information recipient to comply with the SALAMA Privacy Policy. If the personal information recipient changes the purposes, methods etc. of personal information processing under SALAMA Privacy Policy, it shall re-obtain the consent from you.
3. Public Disclosure
We will not disclose your personal information to the public unless we have your separate consent.
We will process your information (collection, storage, use, analysis, transfer, provide, disclosure) based on your consent. To the extent allowed by laws and regulations, we may process your personal information without your consent under the following circumstances:
1. Where it is necessary to protect your vital interests in an emergency or respond to public health emergencies.
2. When the processing achieves a real interest for the data owner, and it is impossible to contact him, or it is difficult to achieve this.
3. Other circumstances stipulated by laws and regulations.
SALAMA makes all its efforts to provide high-quality services to all users in a manner that guarantees their rights under the limits stipulated in the Personal Data Protection Law as well as other regulations according to the following:
Exceptions to this right include:
i. Poses a Threat to security, harms the reputation of the Kingdom of Saudi Arabia, conflicts with the Kingdom of Saudi Arabia 's interests
ii. Affects the Kingdom of Saudi Arabia 's relations with other countries
iii. Prevents detection of a crime, affects the rights of the accused, affects the integrity of existing criminal procedures
iv. Endangers the safety of individuals
v. Violates the privacy of an individual other than the owner
vi. Conflicts with the interests of an incompetent or incapacitated individual
Requests for access to, correction or deletion of personal information, for withdrawal of authorization or disposal of personal information beyond retention period, for a copy of this Policy, or enquiries about our practices regarding personal information and privacy protection, should be addressed to:
Contact Details:920023355 | 8002440002
We pay particular attention to protection of the minors’ personal information. We have no intention to collect any minors’ personal information, unless it is agreed by their legal guardians, and it is necessary for the products or services offered to the minors. In the case where we collect personal data of a child under the age of 13 through our website or application, the purpose would solely be to directly respond to his/her request without using their personal data for any other purposes. The child’s data won’t be processed without notifying the child’s guardian of the request except for the following:
· If there is a legal justification for SALAMA to process the data specified by law, regulation, or for security reasons
· When the sole purpose of collecting the contact details of the child is to respond directly to a specific request from the child, and this data is not used to call him back again or for any other purpose
If you are under 13 years of age, for that personal information we collect with the consent of your parents or legal guardians, we will only use or disclose such information to the extent allowed by law and regulation or expressly consented by your parents or legal guardians or necessary for protection of the minors’ interests.
Your visit, browse, use of any of our website or mobile device applications may be recorded for analysis on the number of visitors to the site and/or applications, general use patterns and your personal use patterns and improving your experience. Some of this information will be gathered using “Cookies”. Cookies are small bits of information automatically stored on your local terminal, which can be retrieved by your local terminal. Cookies can enable our website or applications to recognise your device and store information about your use of website and/or applications so to provide more useful features to you and to tailor the content of our website/applications to suit your interests and, where permitted by you, to provide you with promotional materials based on your use patterns. We will be able to access the information stored on the Cookies.
The information collected by Cookies is anonymous aggregated data, and contains no personal information such as name, address, telephone, email address etc.
You can manage or disable Cookies based on your own preference. Should you wish to disable the Cookies, you may do so by changing the setting on your local terminals. However, after changing the setting you may not be able to enjoy the convenience that Cookies bring, but your normal use of other functions of the local terminals will not be affected.
We regularly monitor our procedures and security measures to ensure that they remain effective. SALAMA is committed to treating you with the greatest respect and consideration and providing the highest level of service. Even so, there may be a misunderstanding or times where you may feel you have been dealt with unjustly. Whatever the circumstances, our primary objective is ensuring your concerns are addressed. If you have any question or complaint please send an email to customer.care@salama.com.sa
