Privacy Policy

Privacy Policy of Ezdaher Financing Company

1. INTRODUCTION

Ezdaher Financing Company (“we“, “us“, “our“) takes data privacy seriously. We recognize and value the trust that our customers place in us when providing us with personal data, and we are committed to safeguarding the privacy and security of personal data we may collect from visitors to our websites and/or the customers to whom we provide financial services.

Ezdaher Financing Company operates the website www.ezdaher.sa (the “Service“). This Privacy Policy informs website visitors about our policies regarding the collection, use, and disclosure of Personal Information (“Personal Data“) for those who decide to use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy. The Personal Data we collect is used to provide and improve the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, unless otherwise defined in this Privacy Policy.

Any Personal Data processed in connection with this Privacy Policy is controlled by Ezdaher Financing Company, having its registered office in Al Khobar, as the “data controller” of your Personal Data under Saudi Arabia Personal Data Protection Law (“PDPL”). To contact our Data Protection Officer, please use the “Contact Us” page on our website.

2. DEFINITIONS

Data Subject The individual to whom the Personal Data relate.

Personal Data Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

Sensitive Data Personal Data revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.

Credit Data Any Personal Data related to an individual’s request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.

3. INFORMATION COLLECTION AND USE

To enhance your experience while using our Service, we require you to provide certain personally identifiable information, including but not limited to your name, phone number, postal address, and financial information. The information we collect will be used to contact or identify you and is necessary for providing our financing services.

We limit the collection and processing of the Personal Data to the minimum amount necessary, according to your requirements and directly related to the purpose of processing. This determination shall be made using appropriate means, including data maps that indicate the need for each collected data and link it to each objective of the processing.

In compliance with the Saudi PDPL, we ensure any processing of sensitive data follows additional protection measures, such as encryption, anonymization, and strict access controls. The types of Personal Data we may collect include but are not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address
  • Financial information
  • Usage Data
  • Transaction Data
  • Cookies and Tracking Technologies
  • Credit Data
  • Marketing and Communication Data

3.1 USAGE DATA
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

3.2 COOKIES

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive. Our website uses these “cookies” to collect information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

4. LEGAL BASIS FOR PROCESSING PERSONAL DATA

Personal Data is collected and processed based on the consent of the data subject, who can withdraw consent to the collection and processing of their Personal Data at any time unless there is another legal justification for processing. Consent must be freely given, informed, and explicit, particularly for sensitive data.

In line with our commitment to transparency and privacy, data subjects have several rights under the Saudi PDPL, which allow them to control their Personal Data. These rights enable individuals to access, correct, and even delete their data, ensuring that their Personal Data is handled according to their preferences.

We process your Personal Data  based on the following legal bases:

  • Performance of a contract
  • Freely given, informed, and explicit consent, which you may withdraw at any time
  • Legal obligation or legitimate interests
  • Public interest or Vital interests

In the event of a data breach, we will notify affected parties and the relevant authority within 72 hours, as required by the PDPL.

5. PURPOSES OF PROCESSING PERSONAL DATA

We may process your Personal Data for the following specific purposes:

  • To provide and manage your access to our Service
  • To personalize and tailor your experience on our website
  • To process financing requests and send you related information, including requests for further information, rejections or approvals.
  • To manage and respond to inquiries and customer service requests
  • To send administrative information, such as changes to our terms, conditions, and policies
  • To comply with legal obligations and regulatory requirements of the Kingdom of Saudi Arabia (KSA)
  • To detect, prevent, and address technical issues

6. SERVICE PROVIDERS AND SHARING PERSONAL DATA

We may employ third-party companies and individuals for several reasons, including:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related tasks; or
  • To assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose. We will ensure that all third-party data processors adhere to Saudi PDPL requirements through data-sharing agreements, which will include provisions for protecting Personal Data, reporting any breaches, and processing data only under our instructions. These agreements will also establish strict technical and organizational security measures to ensure data protection.

According to the data sharing policy issued by the National Data Management Office, we will not share your Personal Data with non-governmental entities unless they are authorized to perform specific government services or after obtaining your consent.

We may share your Personal Data with third parties acting as independent controllers, including:

  • Legal or government authorities or agencies, or third parties such as law firms and courts, in connection with claims, disputes, litigations, or investigations;
  • Police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff, and assets;
  • Anti-fraud screening service providers to process payments and, where necessary, to carry out fraud screening;
  • Any other third party, with your express consent.

When sharing your Personal Data, we ensure that it is done in a safe and reliable environment in accordance with relevant regulations and policies. We do not sell Personal Data to third parties, and we only allow third parties to send you marketing information where we have your consent. For further information, we encourage you to review and understand the privacy practices of these independent controllers and how they handle your Personal Data.

7. DATA SECURITY MEASURES AND PROTECTION OF PERSONAL DATA

We value your trust in providing us your Personal Data , and we are striving to use commercially acceptable means of protecting it. Protecting your Personal Data and ensuring that it is handled correctly is one of our key priorities. We implement a number of technical and organizational measures, including, but not limited to, the following :

  • Data Encryption: We encrypt sensitive information to safeguard its confidentiality.
  • Secure Access Controls: Access to Personal Data is restricted to authorized personnel only.
  • Regular Security Audits: We conduct audits to assess and improve our security practices.
  • Employee Training: Our staff receives ongoing training on data protection protocols.
  • Data Deletion and Disposal: Personal Data is deleted and disposed of when its purpose has been fulfilled, in compliance with applicable laws and regulations, including the provisions of Article 18 of the PDPL.
  • Physical Security: We provide a secure environment for physical copies of Personal Data.

While no method of transmission over the internet or electronic storage is 100% secure, we strive to use commercially acceptable means to protect your Personal Data . In the event of any unauthorized access to Personal Data, we commit to notifying affected parties and authorities within the mandated 72-hour period. Notifications may be made electronically, in writing, or by telephone.

To prevent loss, misuse and alteration of your information, we have in place appropriate physical, electronic and managerial procedures. Our servers are accessible only to authorized personnel and Personal Data is shared on a need-to-know basis to complete the transaction and to provide the Services requested by you.

8. LEGAL RIGHTS IN RELATION TO YOUR PERSONAL DATA AND HOW TO EXERCISE THEM

Under the applicable privacy laws, you have certain rights in relation to your Personal Data, including the following:

  • Right to Know: You have the right to be informed about the systematic or practical justification for the collection of your Personal Data, its purpose, and any limitations on its future processing. You can access this information through our Privacy Policy or by contacting us.
  • Right to Access: You may request access to your Personal Data held by us, including a copy of the data in a clear format. Requests can be made through the “Contact Us” page on our website and will be addressed within 30 days, as required by applicable regulations.
  • Right to Request Correction: If you believe your Personal Data is inaccurate, incomplete, or incorrect, you may request its correction. We will review and update the data within 10 business days, or as required by local regulations.
  • Right to Request Destruction: You are entitled to request the destruction of your Personal Data when it is no longer necessary for the purposes for which it was collected, in accordance with Article 18 of the PDPL. This includes cases where:
  • The contractual relationship has ended, and 60 months have passed since that end.
  • The request meets the criteria for destruction as outlined by law.
  • Right to Withdraw Consent: You may withdraw your consent for processing your Personal Data at any time as per Article 7 of the PDPL, except where legal bases exist that require otherwise. There are no fees for exercising this right, and we will respond to such requests within 10 business days.

To exercise any of these rights or if you have any questions about our use of your Personal Data, please send a request using the “Contact Us” page on our website. We may ask for additional information to confirm your identity, which will only be used to process your request.

Please note that some of these rights may be subject to certain exceptions and will be evaluated on a case-by-case basis.

9.DATA RETENTION, DESTRUCTION AND CHANGES TO YOUR PERSONAL DATA

We are required by SAMA to maintain your Personal Data, including historical data, for a minimum period of 10 years. Your data will be stored and processed in a secure manner at a cloud computing service provider within the geographical borders of KSA, ensuring national digital sovereignty.

We will retain your Personal Data only for as long as it is necessary for the purposes set out in this Privacy Policy, including compliance with legal obligations, resolving disputes, and enforcing our legal agreements and policies. After the 10-year retention period or once the purpose for processing is fulfilled, we will securely destroy or anonymize your Personal Data if there is no legal justification for retaining it.

You have the right to update, correct, or withdraw your consent for processing your Personal Data at any time. To make changes to your Personal Data, please contact us through the methods listed on the “Contact Us” page on our website. We rely on you to keep your Personal Data accurate and up to date.

10. TRANSFER OF PERSONAL DATA OUTSIDE THE GEOGRAPHICAL BOUNDARIES OF THE KINGDOM

In accordance with the applicable regulations, we prioritize keeping data within the Kingdom, and any transfer outside the Kingdom follows strict protocols as set forth in the PDPL. These protocols include obtaining regulatory approval, ensuring adequate data protection measures in the receiving country, and, where necessary, obtaining explicit consent from the data subject.

If we share your personal data with any service provider mentioned above, it may imply transfers of your personal data outside KSA. We ensure that such transfers comply with the conditions set out under the applicable privacy laws. Specifically, we limit the transfer to the minimum personal data necessary and implement sufficient guarantees to preserve the confidentiality and security of the transferred data. These guarantees ensure that the level of protection afforded to your personal data is not less than the standards set forth under Saudi privacy laws and regulations.

11. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

12. CONTACT US

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us and specify your language or preference.