Updated on December 2024
This Privacy Notice aims to explain the policies for collecting, using and protecting personal information provided by the user to the SaudiEXim and the mechanism for dealing with it, based on the bank's commitment to protecting the customer's privacy and its keenness to ensure that the customer benefits from the services provided. Accordingly, if you access this site, you agree to what is stated in the Privacy Notice below and to all updates made to this notice from time to time in line with technical developments and practices followed by the SaudiEXim, as all updates will be added, and accordingly we urge the user to always review the Privacy Notice.
1. Contact Information
Department: SaudiEXim - Data Management Office
Address: Umm Al Hamam - Laysen Valley, Riyadh
Contact Number: 8004333330
Email: info@saudiexim.gov.sa
2. Personal data collected and processed:
We collect the necessary personal data according to the service or product that will be provided to the user, including:
i) Financial data: including income data and also data collected for the purpose of making payment transactions such as bank account
ii) Personal data: including personal data of users such as name, email and mobile number
iii) Technical data: including your protocol address
iv) Licensing data: including data related to the business activity such as the commercial registration number
v) Asset and property data: including data of assets and property owned by you and registered with the relevant government agencies
3. How Personal Data is Collected
Personal data is collected directly by registering in the bank's official channels, including the various products and services provided by the bank, and by communicating through customer service channels in an indirect manner
i) Data related to your use of the site, your navigation through the pages and sections of the site, the services provided through it, the duration of sessions and the frequency of logins.
ii) Data provided to us by other parties
4.Use of Personal Data:
The data disclosed by the user with his knowledge and choice is used for the purpose of providing us with the services and benefiting from them in improving and enhancing the effectiveness of those services, and for other related purposes, including, but not limited to, completing and updating the user's records with the bank and identifying the services, conducting research and analysis that improve our products, services and technologies, in addition to following up on requests submitted through the site, and it is also referred to meet the requirements of the competent government agencies and implement the provisions of the relevant laws, regulations and instructions. Other data related to your use of the site is also used for the purpose of improving the customer experience and developing services.
5. Storage and Destruction of Personal Data
Method of preservation: Personal data is stored within the Kingdom of Saudi Arabia on the bank's servers and in the Documents and Archives Center, which is protected by the best technologies in accordance with the policies and controls of the National Cybersecurity Authority and international standards, to prevent unauthorized access and reduce cyber risks.
How to destroy: Personal data is destroyed after the purpose of its collection has ended, in secure ways that ensure that it cannot be accessed or retrieved again,
The regulatory basis for collecting and processing personal data:
Mandatory Collection:
Some personal data is necessary to provide the requested services, such as full name and email, and the service cannot be provided without providing this information.
Optional Collection:
Additional data may be requested in order to improve your experience, but providing it remains optional and will not affect your use of the basic services.
6. Potential consequences of not completing the personal data collection procedure
Disruption of operations:
Incomplete or inaccurate data can disrupt the internal and external operations of the bank
Inability to make decisions:
Failure to collect data correctly can result in a weakened ability to make sound decisions
Loss of opportunities:
Failure to complete the necessary data collection may affect the bank's ability to target customers and beneficiaries, leading to the loss of potential opportunities, developing new services or products, and providing customized offers.
7. Sharing Personal Data:
In accordance with the Data Sharing Policy issued by the National Data Management Office, we will not share your personal data with non-governmental entities unless they are authorized to perform specific government services, or after obtaining your consent to do so.
8. Protection of Personal Data:
The Bank takes a number of technical measures and security procedures to the extent necessary to protect the security of personal data from loss, misuse, modification, corruption or destruction, and all employees and affiliates of the Bank are committed to following a strict and comprehensive security policy that does not allow access to personal data except to those authorized to do so and committed to maintaining its confidential nature. By applying technical and organizational measures including - but not limited to:
i) Control access to systems and networks.
ii) Implement appropriate security measures to protect personal data.
iii) Provide a secure physical environment for paper copies of personal data records.
iv)Deleting and disposing of personal data when the purpose for which it was collected has ended, in accordance with the applicable rules and regulations, and in accordance with what is stated in (Article Eighteen) of the Personal Data Protection Law
9. How we store your personal data:
Personal data is stored securely within the geographical borders of the Kingdom of Saudi Arabia to ensure the preservation of the national digital sovereignty of this data unless it is in cases of transfer or processing of data outside the geographical borders of the Kingdom as described in Article Twenty-Nine of the Personal Data Protection Law.
10. Your rights as a data subject:
i) The right to know: This includes knowing the legal or practical basis for collecting your personal data and the purpose thereof, and that it is not processed in a manner that conflicts with the purpose for which it was collected, considering the cases stipulated in Article 10 of the Personal Data Protection Law.
ii) The right to access your personal data available to the bank to review it or obtain a copy of it in a clear format that matches the content of the records and without financial compensation - according to what is determined by the regulations - considering the cases stipulated in Article 9 of the Personal Data Protection Law
iii) The right to modify your personal data to correct, modify or update it
iv)The right to request the destruction of your personal data available to the bank when the need for it ends or after the expiration of the prescribed statutory period, considering what is stated in Article 18 of the Personal Data Protection Law
11. Consent to Data Collection
Legal basis:
Personal data is collected and processed based on the explicit consent of the data subject, and the data subject may withdraw his consent at any time, unless there is another legal basis requiring otherwise.
Modification of data:
The personal data subject has the right to request access/correction/destruction of his data by contacting the email mentioned in the Contact Details section.
Withdrawal of consent:
To withdraw consent, the Bank's Data Management Office can be contacted via the email mentioned in the Contact Details section.
12. Personal Data Protection Officer
Appointment of the Officer:
A Personal Data Protection Officer has been appointed to oversee compliance with data protection policies and procedures and ensure their effective implementation.
Communication:
The Personal Data Protection Officer can be contacted via the following email: naldosari@saudiexim.gov.sa
13. External Links
External Sites:
The Bank's website may contain links to external sites that are not subject to this Privacy Policy. Users are advised to read the privacy policies of those sites before submitting any personal data.
Disclaimer: The Bank is not responsible for the content or privacy practices of linked external sites.
14. Modification of the Privacy Policy:
SaudiEXim reserves the right to make any amendments from time to time to the terms and conditions of this Privacy Notice as necessary and appropriate, and any amendments to the Privacy Notice shall be effective from the date of their addition to this notice or one of the sub-sections of the website.
All terms and conditions published in any of the sections or pages of this website or in any publications issued by the Bank shall be considered an integral part of this policy.
15. For inquiries or complaints regarding the Privacy Policy:
In the event of any inquiries, complaints or requests regarding your rights related to the processing of personal data or regarding what is stated in the Privacy Notice in general, you can contact the Data Management Office team at the SaudiEXim via the contact form
