Privacy Notice
Who Are We
Jeel is a Digital Innovation Center that is Powered by Riyad Bank. We provide a comprehensive range of financial products and services fully compliant with the Islamic Sharia’ to meet the needs of both retail and corporate customers, including small and medium-size enterprises
Purpose
This Privacy Notice is framed in accordance with the Personal Data Protection Law and applicable Regulations in the Kingdom of Saudi Arabia. The purpose of this notice is to explain how Jeel processes your personal data to help you understand why we collect, use, share, and store it, and the steps taken to make sure it stays confidential and secure. Protecting your privacy and processing your personal data strictly in accordance with the regulatory requirements fall at the forefront of the priorities at the company.
What Personal Data We Collect and How We Collect It
We collect and process various categories of personal data throughout your relationship with us to achieve one or more legitimate purposes outlined in this notice. We will collect personal data from you through your direct interaction with us, and in some cases the collection will be indirectly through various data collection points including but not limited to:
- Application forms.
- Jeel’s & Bank’s website.
- Digital channels.
- Direct and electronic communication (including telephone conversations) to provide our services to you.
- Your broker intermediaries.
- Bank’s Affiliates.
- Cookies.
- Device IDs.
- Publicly available resources such as online registers or directories or online publications, social media posts, and other information that is publicly available.
- Business partners to better understand and serve you, satisfy a legal obligation, or in pursuance of another legitimate interest.
The Personal Data Types We Collect
The personal data types that we collect may include, but not limited to, the following:
| Type | Details |
|---|---|
| Identification Data / Information concerning your identity | Full name, gender, place and date of birth, IQAMA, Photo identification, passport information, National Insurance number, National ID card, driving license number, signature, and nationality. |
| Contact Information | National address or business address, email address, telephone number. |
| Financial Information | Loan details, transactions, income and other revenues, insurance data, account number, account statement, number of credit/debit cards, financial history, credit rate, details of payments to and from your account, including settlement of any loans or credit facilities, beneficiaries' names, account numbers, and addresses. |
| Transactions | Details of contract transactions, conventions, financial and real estate instruments. |
| Sensitive Data | Data relating to security, criminal convictions and offenses, biometric data to identify you, and health data. |
| Education and job information | Education level, name of employer, date of joining. |
| Personal Relationship Data | Family members, emergency contacts, and guardians which include their signatures, addresses, and relationship with you. |
| Data collected as part of our interactions with you / Audio recordings | Your comments, suggestions, needs, any records of phone calls between you, discussion by email, WhatsApp, live chat exchanges on our pages on the social networks. |
| Data from the video protection system | Including video surveillance cameras. |
| Data concerning your devices / Geo location Data | IP address, technical characteristics, and unique identification data. |
| Legal and regulatory requirements | Information required by the Bank for anti-money laundering in form of Know Your Customer (KYC) and Anti-Money Laundering (AML). |
| Cookie Information | Login information, language settings, website layout choices, pages visited, time spent on the site, and clicks. |
| Health Data | Required health data will be collected and maintained for some insurance contracts and to meet any regulatory requirements. |
| Marketing | Details of any marketing preferences received from the customer. |
| Other Information | Information collected from you when you fill in forms or by communicating with us, whether direct by phone, email, online or in other ways. |
On What Legal Grounds Do We Process Your Personal Data
We rely on the following lawful reasons (but not limited to) when we collect and process your personal data to operate our business, transacting with you, providing our products and services:
- Legal Obligation: We process personal information to comply with a legal obligation to meet regulatory and public interest obligations or mandates.
- Contractual agreement: If we need to process the personal data to enter into or carry out a contractual agreement that we have with you.
- Actual interests: If the processing achieves actual interests for you and it is impossible or difficult to contact you.
- Publicly Available Data: If the personal data is publicly available or collected from public sources.
- Legitimate interests: If we need to pursue our legitimate interests without prejudice to your rights and interests and provided that no Sensitive Data is processed.
- Regulations and laws: If we have to comply with the regulations and laws that are applicable to us.
- Vital interests: To protect your and/or the Kingdom’s vital interests.
- Public interests or official authorities: Achieving public interest or serving an official request from an authority according to its roles.
- Consent: We will only process your personal data/information with your explicit consent except for reasons permitted under the Law.
How We Use Your Personal Data
We process your personal data for the following purposes including but not limited to as necessary to provide relevant products and services depending on whether you have your own bank account with us or you represent or are associated with other individuals, companies, businesses, or organizations who bank with us:
- Assessing and providing products and services to through our banking obligations including our Know-your-customer (KYC) obligations, conducting credit checks and financial assessments, setting credit limits for clients, and opening accounts.
- Establishing and managing banking relationships, administering client accounts, and providing clients with appropriate access to our products and services such as our online and mobile banking platforms.
- Verifying transactions and acting on instructions or requests such as transferring money between accounts and making payments to third parties for clients.
- Responding to questions or managing any complaints including monitoring social media conversations and posts to identify conversations, sentiments, and complaints about the Bank and issuing notifications about changes to the terms and conditions of our products and services.
- Operating our business including managing authentication and user access controls for online and mobile banking, audits of business operations, and creating and maintaining our credit scoring models relating to clients.
- Improving our products and services by monitoring and recording our communications with you including phone calls for training and quality purposes, conducting market research, customer satisfaction surveys, demographic analytics, and gathering insights by aggregating data such as behavioral data from the use of our products and services and our applications to provide you with more tailored products and services.
- Detecting, investigating, and preventing financial crimes by monitoring and recording voice and electronic communications and screening applications and transactions in connection with actual or suspected fraud, financial crime, or other criminal activities to detect unusual transaction behavior.
- Exercising the company’s legal rights and conducting legal proceedings by retaining records as evidence for any potential litigation or investigation and investigating or making an insurance claim.
- Complying with applicable and relevant local and foreign laws, regulations, rules, directives, judgments, or court orders, requests, guidelines, government sanctions, reporting requirements, restrictions, demands from or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the company operates.
- Facilitating the company’s mergers, acquisitions, and divestments by evaluating our business and providing continuity of services to you after a transfer of our business because of a merger, acquisition, sale, or divestment.
Who We Might Share Your Personal Data With
Your personal data may be disclosed internally within the Bank as well as to the following entities including but not limited to for the legal basis described above:
- Account Holders: Any joint account holders, guarantors, trustees, or beneficiaries assigned by you at the onset or during the course of receiving the Bank’s products/services.
- Business Partners: Partners with whom we collaborate including Fintech apps and banks enable us to enhance our services offering you the ability to make faster and more efficient payments.
- Fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you.
- Service Providers: Carefully selected companies that provide services for or on behalf of us such as companies that help us with insurance companies that provide applications to the Bank to operate our services, etc. These providers are also committed to protecting your information.
- Insurance Provider: Facilitating insurance-related aspects for comprehensive coverage.
- Fintech Applications: Integrating cutting-edge financial technology to enhance your experiences.
- Background Verification Services: Ensuring thorough verification processes for reliable information.
- Logistic Service Provider: Ensuring efficient and secure delivery logistics for bank’s cards.
- Consultancy Agencies: Providing strategic support to the Bank’s operations for overall excellence.
- IT Service Providers: Cloud hosting services; application development and support Services; IT Infrastructure Services; email Services etc.
- Our card processing suppliers to carry out credit fraud and risk checks, process your payments, issue and manage your card.
- Public or regulatory authorities: We may be legally obligated to share your information in response to legal processes or court orders issued by government. We may also disclose your information to the relevant authorities where we are required to disclose information by applicable law or regulation or at their request.
- Law enforcement authorities, government agencies, courts, dispute resolution bodies, regulators, auditors, and any party appointed by the Bank’s regulators to conduct investigations or audits of the Bank’s activities.
- Other Parties in Connection with Corporate Transactions: In case of a merger or transfer, acquisition, or sale, we may disclose your information to corresponding third party.
- Other Parties with Your Consent or applicable Legal Basis: In addition to the disclosures described in this Privacy Notice, we share information about you with third parties when you separately provide consent to or request such sharing.
- Data analysis service providers who improve the Bank’s website and applications by measuring the performance of the Bank’s online campaigns and analyzing the visitor’s activity (i.e., device / browser information, user engagement metrics, patterns of website or app usage).
- Legal/Professional Advisors.
- Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime.
- Social Media Agencies so they can display messages to you about the Bank’s products and services or make sure you do not get irrelevant messages.
How Long We Will Keep Your Personal Data
Jeel might be required to keep your personal data for the purpose for which it was collected, processed, or requested under relevant rules and instructions in line with the regulatory requirements. This may include legal purposes, maintaining records for analysis and audit purposes, responding to inquiries or complaints, monitoring fraud and money laundering transactions, taking legal actions, and responding to regulators’ requests. Retention periods for records are determined by the type of record, the nature of the activity, product or service, the jurisdictions we are in, and applicable regulations. Jeel will keep your personal data for a defined period after your relationship ends with us. How long we keep your personal data for might change from time-to-time based on the company’s legal and regulatory requirements.
Jeel might, in exceptional circumstances, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by competent authorities and enforcement agencies or our regulators. This is so that we can produce records as evidence if required.
If you opt-out from receiving marketing materials or object to any other processing of your personal data, we may keep a record of your objection to ensure that we continue to respect your privacy and do not contact you further.
How We Keep Your Personal Data Secure
To protect your data, we have put in place state-of-the-art security measures including appropriate administrative, technical, physical, and organizational controls to safeguard and keep your personal data confidential.
Jeel has implemented information security and data privacy policies including incident management and reporting procedures. Technical measures including but not limited to data loss prevention solutions to protect personal data and to comply with legal and regulatory requirements.
We require our service providers or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy, and security standards and measures when they handle, access, or process your personal data.
Sharing Your Personal Data Outside the Kingdom
When the company shares your personal information outside the Kingdom, it will take appropriate steps to ensure that sharing of personal information is in accordance with applicable law and carefully managed to protect your privacy rights and interests and that sharing is limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights and personal data.
Your Rights
The Bank makes all its efforts to guarantee your rights in line with the applicable regulations and standards according to the following:
- Right to Be Informed: You have the right to be informed about the collection and usage of your personal data, including why and how we collect your personal data, the purposes for processing your data, and who will it be shared with.
- Right to Request Access: You have the right to access your personal data available in the Bank in a structured, readable, and clear format.
- Right to Obtain a Copy: You have the right to obtain a copy of your personal data available in the Bank in a structured, readable, and clear format.
- Right to Rectification: You can request to have your personal data corrected (if inaccurate), completed (if incomplete), or updated (if out of date).
- Right to Request Destruction: You have the right to request that your personal data be destroyed when:
- You consider that we no longer require the information for the purposes for which it was obtained.
- You have validly objected to our use of your personal data.
- Our use of your personal data is contrary to the Law or any other legal obligations.
- You have revoked your consent to collect and process your personal data whenever the consent is the only legal basis.
- Right to Withdraw Consent: You have the right to modify/revoke consent to collect and process your personal data, unless statutory or legal requirements, contractual necessity, and public interest require otherwise. Consent withdrawal shall not affect the processing of personal data that is based on another legal basis.
- Right to Lodge a Complaint: You have the right to file a complaint to the competent authority when you feel that your rights have not been met.
Jeel will take appropriate steps to inform third parties of any modification or withdrawal of consent pertaining to the shared personal data.
However, there are few exceptions to consider when dealing with your data privacy rights. Here are some common exceptions:
- Right to Access: If providing access will not affect the rights of others, such as intellectual property rights and trade secrets, and that personal data is not disclosed to other data subjects. The company may also restrict this right as per the cases stipulated in applicable laws and regulations.
- Right to Obtain a Copy: The company may restrict this right as per the cases stipulated in applicable laws and regulations.
- Right to Rectification: If the company, acting as a data controller, can't verify that the requested changes are accurate, they might not be obligated to rectify it. The company may also restrict this right as per the cases stipulated in applicable laws and regulations.
- Right to Destruct: If a law or regulation mandates retaining the data, or the personal data is relevant to ongoing or potential legal dispute, then the company is required to retain it. This could include financial records for tax purposes or medical data for health compliance. The company may also restrict this right as per the cases stipulated in applicable laws and regulations.
- Restriction: The company might not be able to restrict processing entirely if the personal data is needed for legal purposes.
To make a request concerning your rights or to make an inquiry, please contact us. See the CONTACT US section.
Protection of Minors and Legally Incompetent’s Personal Data
The company’s website and applications are intended for use only by persons who are at least 18 years of age and/or legally competent. If the data subject is under 18 or legally incompetent, a parent or legal guardian should agree on behalf of him/her as the company requires consent in connection with the collection and processing of the data subject’s personal data.
Your Responsibilities
You are responsible for making sure the personal data you give us is accurate and up to date, and you must inform us if anything changes as soon as possible.
If you give the company personal data that belongs to another person (for example, a joint account holder, a beneficiary under an insurance policy, or a dependent, etc.), you will need to inform them of this Privacy Notice and obtain their consent for the company to use their personal data for the specified purpose.
Social Media Content Use Terms and Conditions
We kindly urge you to refrain from sharing personal data on the company’s social media platforms, including Instagram, YouTube, and X Platform.
Changes to our Data Privacy Notice
This Privacy Notice was last updated 09-2024. This Privacy Notice may be updated as required, and we will inform customers of these updates. The company recommends that you revisit the website and review the notice on a regular basis to stay informed of any changes. When you continue to use the company’s website and e-platforms after the date of posting the updated notice, you acknowledge acceptance of all modifications introduced in this Privacy Notice.
Contact Us
You can contact us if you have any inquiries or concerns with regard to this Privacy Notice and your rights by reaching out to Data Protection Officer at MyPrivacy@riyadbank.com
