Privacy Policy
Last updated: September 12, 2024
This Privacy Policy has been prepared in accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia and the guidelines of the Saudi Data & AI Authority (SDAIA). This policy aims to clarify the data collected from you, the reason for its collection, and how it is processed and protected throughout its retention by Drahim.
Who we are?
1) Drahim Application Company for Financial Technology, a company organized and existing under the laws of the Kingdom of Saudi Arabia, CR: (1010698626), which has a licenseis authorized from the Saudi Central Bank to provide open banking services, and its registered address is: Riyadh, King Abdulaziz Road, 7463, Alnafal 13312, Kingdom of Saudi Arabia; and 1) Drahim Application Company for Investment, a company organized and existing under the laws of the Kingdom of Saudi Arabia, CR (1010876632) dated 06/10/1444H, and which has a license is authorized from the Capital Market Authority (CMA), to provide Ropo Advisory services, and its registered address is: Riyadh, King Abdulaziz Road, 7463, Alnafal 13312, Kingdom of Saudi Arabia.
Will be referred to hereinafter as (“Drahim”, “we”, “our”, or “us”)
This Privacy Policy outlies how Drahim collects, uses, and discloses personal data collected through websites and mobile applications owned and operated by Drahim that link to this Privacy Policy, such as the Drahim mobile app and any other interactions (e.g., customer service and other communications) that you may have with Drahim (collectively, the “Services”).
PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR PERSONAL DATA. AND BY USING OUR SERVICES YOU AGREE TO THIS PRIVACY POLICY.
Application of this Privacy Policy
This Privacy Policy applies to your use of (regardless of means of access) our Services. You may access or use our Services through a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each, a "Device").
PERSONAL DATA WE COLLECT
Information You Provide Directly.
We collect personal data that you provide when you use the Services or otherwise communicate with us. For example, when you:
Account information: Create an account to use the Services, we may collect contact and registration information, such as your email address and phone number.
Payment Information: We may also collect payment information, including your payment card number and associated billing information, and other profile information you upload to your account.
Interact with Services, we may collect the personal data that you upload or provide, including financial information such as your account balance, descriptions of financial transactions, investment interests, budget names and amounts (“Financial Information”).
Contact us with questions, comments, or for customer service, we may collect contact information, such as your name and email address, as well as any personal data you provide in connection with your outreach.
Choose to integrate the Services with other apps/functionalities on your mobile device (e.g., your photos or Files), we will collect personal data contained in these other apps/functionalities in accordance with your app and device settings.
In the event that you visit Drahim website without logging in as a user, Drahim collects the following personal data:
Name of the domain (domain) that was used to access the internet.
Name of the user's internet service provider.
Previous and subsequent location of the user.
Note that this collected data is not used for knowing the identity of the user, but is used for the purpose of having initial statistics, and for improving the attractiveness of the website, its content and the functions of the Services.
Usage of Cookies and Pixels
Drahim uses Cookies for the following purposes:
ensuring and enhancing the accessibility to, and usage of, its website;
being able to arrange and configure products and services provided by Drahim, as may be from time to time needed; and
collecting anonymous user statistics to allow Drahim to understand how visitors use the site and to help Drahim improve its structure and content.
You may delete cookie files from your hard drive at any time through your browser settings. However, cookies may be necessary to provide access to much of the content and many of the features of the Site.
Personal Data You Provide via Integration with Financial Data Sources.
We collect information about you when you connect your registered account with us to banks, financial institutions and other third-party data sources (“Financial Data Sources”) or you otherwise provide us with access to personal data from those Financial Data Sources. For example, you may choose to connect your bank or other financial accounts with your Drahim account. To sync information from these Financial Data Sources, we will collect your Financial Information including your account balance, transactions, and holdings. We may also collect certain credential information necessary to facilitate an integration with a Financial Data Source that you have chosen to make, including API keys required to connect your registered account with us to invest and savings. We may use third-party data sources to assist in collecting and syncing your personal data, including Financial Information, from Financial Data Sources, and by connecting your Drahim account to a Financial Data Source, you agree to all applicable third-party sources’ terms and conditions and privacy policies.
PURPOSE AND LEGAL BASIS OF COLLECTING YOUR PERSONAL DATA
We collect your personal data to promote new financial and investment products and services that may be of interest to you and for the other purposes outlined in this Policy, without prejudice to the Applicable Law.
HOW WE USE YOUR PERSONAL DATA
We use your personal data in a variety of ways to provide the Services and to operate our business. In particular, we may use your personal data to:
provide the information and Services you request;
provide you with effective customer service;
personalize your experience and our communications with you;
contact you with operational information and notices related to your use of the Services;
analyze use of the Services and improve the content, functionality and usability of the Services;
understand and resolve app crashes and other issues being reported;
comply with any procedures, laws, and regulations where necessary for our legitimate interests or legitimate interests of others;
for any other purpose with your consent.
Many Drahim users choose that Drahim can collect their personal data from their accounts at other financial institutions, and post them onto their dashboard on our Website or in our App, although you are not required to do so. In enabling this functionality, you accept to grant Drahim the right to access and use the account information maintained by such third-party financial institutions with which You have an existing customer relationship (“Account Information”), as described in this section.
By linking your accounts, you accept to provide Drahim access to your Account Information, which may include prior and current account balances, your transaction history, and holdings from these linked financial institutions. Portions of this information will be displayed on your Drahim dashboard. Drahim may use the Account Information we receive to formulate your financial projections, in connection with purposes consistent with this Privacy Policy and the Services we provide to you. Drahim may also use aggregated Account Information from our Users for purposes of deciding which products and services to build in the future.
By authorizing Drahim to aggregate and analyze your Account Information, you expressly authorize and direct Drahim, on your behalf, to electronically retrieve all Account Information associated with or available through the financial institution’s portal to link your account, in alignment with the Regulations and Guidelines issued – from time to time - by the Saudi Central Bank.
Drahim works with the financial institutions in the collection, use, storage, and handling of data in connection with our account aggregation services. Drahim works with other third party entities to verify your identity and collect KYC data.
Any Account Information that Drahim have access to is read-only, and the Account Information maintained by your third-party institution cannot be altered by Drahim. Drahim retains Account Information collected via consent-based account linking service in accordance with our regulatory recordkeeping requirements, as permitted by law and as described elsewhere in this Privacy Policy, and as required in connection with the maintenance of your account and the Services we provide to you.
Aggregate/De-Identified Personal Data.
We may aggregate and/or de-identify any personal data collected through the Services so that such personal data can no longer be linked to you or your device (“Aggregate/De-Identified Data”). We may use Aggregate/De-Identified Data for any purpose, including without limitation for research and marketing purposes.
How We Store Your Personal Data and for How Long
Drahim stores your Personal Data on servers belonging to licensed cloud computing companies within the Kingdom of Saudi Arabia. Personal data is also archived in a secure environment and is subject to the best practices and internal restrictions for its protection.
When storing personal data, Drahim takes all reasonable steps to protect your personal data from misuse, loss, unauthorized access, modification, or disclosure.
Your personal data will be stored for a period of ten (10) years, and this period will be extended as long as such retention is necessary to achieve the purpose for which it was collected unless it is required to be retained for a longer period to comply with another law or legal purpose such as compliance with a governmental order, court judgment, or other mandatory instructions.
Personal data is destroyed using secure methods such as shredding or magnetic erasure, or the data is anonymized to prevent re-identification of individuals and their data.
HOW WE SHARE YOUR PERSONAL DATA
We do not share your Personal Data with: (1) other financial companies for joint marketing purposes or (2) any third parties so they can market to you, with the exception of financial institutions belonging to the Al Rajhi Group of Companies ("the Group"),
We may share your Personal Data with (a) our affiliates for their everyday business purposes (e.g., information related to your transactions and experiences but not your creditworthiness) (b) Any member of the Group or their service providers and (c) any unaffiliated third parties: (1) if you request or authorize it; (2) if the information is provided to help complete a transaction for you; (3) if the information is provided to: (a) comply with applicable laws, rules, regulations, governmental and quasi-governmental requests, court orders, or subpoenas; (b) enforce our Terms of Use or other agreements; or (c) protect our rights, property, or safety or the rights, property, or safety of our users or others (e.g., to a consumer reporting agency for fraud protection, etc.) or (d) provide you with the products or services, enhancing our products, services and your experience across our channels, and promoting new financial investment products and services that may be of interest to you; (4) if the disclosure is done as part of a purchase, transfer, or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, your Personal Data may be one of the transferred assets); (5) if the information is provided to our third-party service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.); (6) for our everyday business purposes; or (7) as permitted by applicable law or otherwise described in this Privacy Policy.
1) We transfer your Personal Data to trusted third parties, inside the Kingdom of Saudi Arabia, and outside the Kingdom, in the United States of America in particular, for the following purposes: (a) Performing necessary operations for central processing to enable us to conduct our activities. (b) Easing the provision of our Services and benefits to you. (c) Conducting scientific research and studies.
We conducted detailed assessment for those third parties in accordance with the requirements of the Personal Data Protection Law (“PDPL”) and its implementing regulation, and ensured that:
The processing of Personal Data by those third parties does not compromise the national security or the vital interests of the Kingdom.
Those third parties provide sufficient protection for personal data, and the standards of personal data protection are not lower than the standards provided in the PDPL and its regulations.
Those third parties provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
Our third-party service providers will only be permitted to use Personal Data for an intended purpose and in accordance with our instructions. We may disclose Analytics with third parties as described elsewhere in this Privacy Policy and for any of our commercial purposes. We currently share data with partner banks, data processors, data providers, external secure cloud databases and cybersecurity applications.
We are headquartered in Saudi Arabia. Your Personal Data will be accessed by us or transferred to us in the SA and will be accessed by our Saudi-based employees. If you visit our websites or use our Services from outside the SA, be aware that your Personal Data will be transferred to, stored, and processed in the SA where our servers are located, and our central database is operated. By visiting our websites or using our Services, you consent to this transfer of your Personal Data.
Accessing Your Personal Data
You must notify us of any change in your Personal Data by updating your Drahim account profile through our Services. Any changes will affect only future uses of your Personal Data.
Subject to applicable law, which might, from time to time, oblige us to store your Personal Data for a certain period of time, we will respect your wishes to correct inaccurate information. Otherwise, we will hold your Personal Data for as long as we believe it will help us achieve our objectives as detailed in this Privacy Policy. If you are no more willing to continue receiving the Service, you can ask us to destruct your Personal Data we store. However, we shall preserve Personal Data until after the termination of the purpose of their Collection in the following two situations:
1) If a legal justification exists that necessitates their preservation for a specified period of time. In this case, the Personal Data shall be destroyed at the end of this period or the end of the purpose for their Collection, whichever is longer.
1) If the Personal Data is closely connected to a case being considered before a judicial body and their preservation is required for this purpose. In this case, the Personal Data shall be destroyed after the completion of the judicial proceedings related to the case.
You can ask us whether we are storing your Personal Data and you can ask to receive a copy of that Personal Data, with no additional cost on you. Before sending you any Personal Data, we will ask you to provide proof of your identity. If you are not able to provide proof of your identity, we reserve the right to refuse to send you any Personal Data. We will respond as quickly as we can to your requests for details of Personal Data we hold about you.
Information You Share Socially
Our Services may allow you to connect and share your actions, comments, content, and information publicly or with friends. We are not responsible for maintaining the confidentiality of any information you share publicly or with friends.
Our Services may also allow you to connect with us on, share on, and use third-party websites, applications, and services. Please be mindful of your personal privacy needs and the privacy needs of others, as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of personal data you choose to make public or share with others. We also do not control the privacy practices of third parties. Please contact those sites and services directly if you want to learn about their privacy practices.
Protecting Children's Privacy
Our Services are not directed, or intended to be attractive, to children under the age of 18. We do not knowingly collect Personal Data from children under the age of 18. If you are under the age of 18, do not use our Services or submit any information to us.
Links to Third-Party Websites
When you use our Services, you may be directed to other websites that are beyond our control. We may also allow third-party websites or applications to link to our Services. We are not responsible for the privacy practices of any third parties or the content of linked websites, but we do encourage you to read the applicable privacy policies and terms and conditions of such parties and websites. This Privacy Policy only applies to our Services.
كيف نحمي بياناتك
We have, and require our third-party service providers that receive Personal Data from us to have, a comprehensive written information security program that contains administrative, technical, and physical safeguards for our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect personal data contained within such systems from loss, misuse, or alteration. When your bank account information is transmitted via our Services, it will be protected by encryption, anonymization, encoding, and other technologies.
No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Personal Data. You also play a role in protecting your Personal Data. Please safeguard your username and password for your Drahim account and do not share them with others. If we receive instructions using your Drahim account login information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your Drahim account or any other breach of security. We reserve the right, in our sole discretion, to refuse to provide our Services, terminate Drahim accounts, and to remove or edit content.
Your Legal Rights Related to Personal Data
The Right to be Informed: You have the right to know which of your personal data is being collected, the legal basis for it, and for what purpose that information will be used.
Right of Access: You have the right to request access to your personal data held by Drahim.
The Right to Request a Copy: You have the right to request a copy of your personal data in a readable and clear format, consistent with the content of the records, in electronic format (when technically possible) or to provide a printed copy of it.
The Right to Request Correction: You have the right to request the correction of data (if inaccurate) or to complete it (if incomplete or outdated).
The Right to Request Deletion: You have the right to request the deletion of personal data held about you, only under certain circumstances. Your deletion request will be reviewed along with our specific legal/legitimate basis for retention.
The Right to Withdraw Consent: You have the right to withdraw consent to the processing of your personal data at any time, unless there are legal justifications that require otherwise, provided that the withdrawal of consent does not affect the processing of personal data based on another legal basis as mentioned in this policy.
Drahim will act upon any request for these rights within thirty (30) days without delay and will keep a record of these requests. This period may be extended to an additional thirty (30) days under certain circumstances, depending on the nature of the request, provided that you are notified in advance of the extension with the reasons for it.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will notify you immediately after we revise the Privacy Policy, and will make the revised Privacy Policy accessible through use of the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Last Updated” date included at the beginning of the document. If we make a material change to the Policy, we will provide you with notice in accordance with legal requirements. Your use of the Services following any such change constitutes your agreement that all personal data collected from or about you after the revised Privacy Policy is posted will be subject to the terms of the revised Privacy Policy.
COMMUNICATION AND CONTACT INFORMATION
We may contact and/or send notifications to you through different channels such as, short messages (SMS), email and/or phone with regards to our products and services.If you have any questions or comments about this Privacy Policy, our privacy practices, please contact us at contatct@drahim.sa or by writing to us at:Drahim App, LLC.King Abdulaziz Road, 7463, Alnafal, 13312Riyadh, Saudi Arabia
