Introduction
This Privacy Policy (“Policy”) explains how Data Insights (“Data Insights,” “we,” “us”) manages the information you provide to us. It also defines how we use that information, with whom we may share it, and the steps we take to ensure it remains private and secure.
This Policy will remain in effect even after the termination of any agreement between you and Data Insights regarding the company’s products or services. This Policy may be updated from time to time, and the date of the most recent update will be indicated on our website. You can always access the current version through the “Privacy Policy” link in the footer of the website. We encourage you to review this Policy periodically to stay informed of any changes, which will take effect once published on this page.
If we provide additional terms or specific information about the collection and use of your personal data for a particular product or service, such terms shall also apply. In the event of any conflict between those terms and this Policy, the specific terms will take precedence.
Our website may contain links to external websites not operated by Data Insights. When you click on these links, the privacy policy of those websites will apply, which may differ from ours.
Definitions
In this Policy, the following terms shall have the meanings set out below, unless stated otherwise:
- “Client”: The individual or company that contracts with Data Insights to provide Data Insights’ services to their end users.
- “Personal Data”: Data that may directly or indirectly identify an individual, including but not limited to: first and last name, Saudi national ID number, addresses, phone number, and bank account number.
- “Cookies”: Small text files stored on a user’s device when visiting the website, used to enhance the user experience or enable certain features and functionalities.
- “Distributor”: An intermediary or agent that facilitates third-party access to Data Insights’ services, such as payment gateways or other enterprise application services.
- “End User”: The individual or institutional client of the Client who holds accounts with financial service providers and uses Data Insights’ services to link those accounts to the Client.
- “Information”: Your personal data and usage information, including any data you provide to us or authorize us to access.
- “Kingdom”: The Kingdom of Saudi Arabia.
- “Data Insights”: Data Insights Company (see the “Contact Us” section below for details on how to reach us).
- “Data Insights Services”: The services and/or products provided by Data Insights, delivered through our website.
- “Personal Information”: Any data that can be used to identify an individual directly or indirectly, such as name, email address, address, phone number, location, login credentials, or biometric, economic, cultural, or social identifiers.
- “Portal”: The dashboard, applications, or interfaces through which the Client and/or End User may access Data Insights’ services.
- “Service Providers”: Third parties engaged by Data Insights to facilitate services or deliver them on our behalf, or to assist us in analyzing how they are used.
- “Website”: Data Insights’ website at www.datainsights.sa and its related domains and electronic or mobile applications.
- “Usage Information”: Data automatically collected as a result of your use of Data Insights’ services, website, or infrastructure (e.g., duration of visiting a specific page).
- “User”: Any individual using the website and/or portal (i.e., “you”), who is the subject of the information we collect.
- “Sensitive/Credit Data”: Data that the company undertakes not to process except when necessary and with explicit consent when required by law, under enhanced safeguards (limited access, encryption, access tracking).
Personal Data Collected
When registering as a client:
We may collect data such as:
- Identity: Full name, date and place of birth, a copy of identification document (passport or national ID).
- Contact Information: Address, email, phone number.
- Business Information: Job role, company incorporation details, ownership structure.
- Communication Channels: Any data you provide through chat, forms, email, the portal, or any other means of communication.
From external sources:
We may get Information about you from external sources to help us verify your identity and manage our business risk. This may include engaging with credit reference or fraud prevention agencies and Know Your Customer (“KYC”) and Anti money laundering (“AML”), and Know your business(“KYB”) service providers to fulfil our legal duties.
When using as an “End User”:
- Bank Account Information: Includes account holder’s name, account number, account type, IBAN, currency, last four digits of the card, balance, and transaction history (with your consent).
- Communication Channels: Any data you provide to us through chat, email, or other communication methods.
Automatically:
- Payment and account activity data.
- Your service preferences.
- How you interact with the website or services.
- Device, network, system, and geolocation data (if permitted by you).
If your personal data is collected from an indirect source, the company undertakes to notify you of all required information within no more than thirty (30) days from the date of collection, including the type of data, its source, the purposes of processing, your rights, and the means of communication.
How We Use Your Data
We use your information solely for legal and legitimate purposes, such as:
- Providing and improving our services.
- Communicating with you regarding updates and offers.
- Delivering technical support and customer service.
- Conducting analytics and market research.
- Protecting against fraud and financial crimes.
If the Company intends to process your personal data for a new purpose not previously identified, we will document the new purpose, notify you in clear language, and obtain your explicit consent before commencing such processing, in compliance with the PDPL.
If we are unable to contact you and the processing is necessary to achieve a verified interest on your behalf, the processing may be carried out in line with regulatory requirements, provided that the justifications are documented and notification is attempted at a later stage.
Your Rights
As the data subject, you have the following rights regarding your personal data:
- Access your personal data and obtain a copy.
- Correct inaccurate or incomplete data.
- Withdraw your consent to data processing at any time.
- Request temporary restriction of processing in certain cases (e.g., when disputing accuracy) until verification or correction is completed.
- Request deletion or destruction of data that no longer has a legitimate or legal purpose, subject to legal and regulatory obligations that may require retention for a specified period.
- File a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA) or the competent authority in the country where you use Data Insights services.
Data Insights undertakes, upon receipt of any request related to the exercise of these rights, to:
- Processing all requests within thirty (30) days from the date of receipt, with the possibility of extending the period if implementation requires additional effort or if multiple requests are received from the same data subject. In such cases, the data subject will be informed in advance of the extension and the reasons for it, with the extension not exceeding an additional thirty (30) days.
- To implement the necessary technical, administrative, and organizational measures to ensure a prompt response to requests, verify the requester’s identity before execution, and document and retain all requests.
- Reserving the right not to process requests that are unreasonably repetitive or require disproportionate effort, while providing the data subject with the reason for refusal.
- Ensuring that the exercise of the right of access does not affect the rights of others, including intellectual property rights, trade secrets, or data that identifies another person.
- Notifying parties to whom the data was previously disclosed of any corrections, where technically and legally feasible.
- Taking the necessary steps, when deletion is requested, to notify all parties or third parties to whom the data was disclosed and requesting its deletion, where technically and legally feasible, and informing you once the process is completed.
Your Obligations
As the data subject, you bear full responsibility for:
- Providing accurate and complete data when registering or using our services, and ensuring it is updated periodically whenever there are any changes.
- Ensuring that you have obtained all necessary legal consents from any third parties whose personal data you provide to us, and informing them where applicable.
Marketing
The company is committed to refraining from sending any marketing materials unless the customer has explicitly consented, and the customer may withdraw such consent and stop receiving marketing messages at any time through the application.
Analytics and Cookies
We may use automated analytics tools to assess your behavior as a user or to identify risks related to your account, with the aim of improving our services and ensuring compliance with legal and regulatory requirements.
Data Sharing
We do not sell your personal data to any party. However, we may share it with the following parties only when necessary:
- Service providers contracted by Data Insights to deliver services on its behalf, with clear notice to the client before sharing any of their personal data.
- Relevant regulatory or legal authorities, when required by law.
- In the event of a merger or acquisition, as permitted by applicable regulations.
Data is not collected or disclosed from/to public sources unless it is legally available to the public, does not violate your rights, and is necessary and proportionate to the specified purpose, with proper documentation.
We disclose personal information to third parties only with the explicit consent of the data subject, except where disclosure is required by law or regulation. Such consent is obtained prior to disclosure and is specific to the stated purposes for which the data was collected.
Cross-Border Data Transfer
Your data is stored and processed within the Kingdom of Saudi Arabia, with all necessary security measures and procedures in place to protect it in accordance with applicable standards, and in compliance with the regulations of the Saudi Central Bank (SAMA) and the Saudi Data and Artificial Intelligence Authority (SDAIA).
Data Security
The Company is committed to applying the highest internationally recognized security standards to protect personal data from unauthorized access, loss, alteration, or disclosure, through the use of appropriate technical, administrative, and organizational controls, including encryption, continuous monitoring systems, firewalls, and access control procedures.
Despite taking all necessary measures to ensure data security, the Company shall not be held responsible for any security incident or breach resulting from circumstances beyond its reasonable control, including advanced cyber-attacks, failures of public infrastructure, or user negligence in safeguarding the confidentiality of their login credentials.
The Company implements identity-masking or anonymization techniques where possible and periodically evaluates their effectiveness to ensure individuals cannot be re-identified, updating controls in line with technological developments.
In the event of a personal data breach, the Company will notify the affected individuals without undue delay and will comply with all applicable legal and regulatory notification requirements, including those of SDAIA and SAMA.
Cookies
Cookies are used to enhance the user experience on websites. This standard technology helps collect information about how visitors use the site, such as the pages visited, browsing duration, browser type, and source of access.
Some of this information may include personal data and is used only for legitimate purposes, including improving services, analyzing performance, and personalizing content to meet user needs.
Users can manage their cookie settings through their browser settings, and continued use of the website constitutes implicit consent to the use of cookies unless the user disables them.
External Links
The website may contain links to external websites or applications, and we are not responsible for the privacy practices or content of those sites or apps. Your use of such external resources is governed by the privacy policies and terms of use of the respective third parties.
Access to the Website and Online Content
License
- The website and the Company’s services are protected under intellectual property laws.
- The Company grants the user a limited, personal, non-exclusive, revocable, and non-transferable license to use the website in accordance with these terms.
Restrictions
Users are prohibited from:
- Selling or redistributing any content from the website.
- Modifying, copying, disassembling, translating, or reverse-engineering any part of the website.
- Using the website to build a competing site or service.
- Circumventing security systems or introducing malicious software.
- Using the website for illegal purposes or in ways that infringe intellectual property rights.
Modifications
The Company may modify, suspend, or discontinue the website or any of its content at any time, after notifying the user.
Support and Maintenance
The Company is not obligated to provide ongoing technical support or maintenance for the website.
Ownership
- All intellectual property rights related to the website and its content (including text, images, graphics, and software) belong to the Company or its licensed service providers.
- Users may not use any content or trademark without prior written permission from the rights holder.
Access
- The Company may temporarily suspend access to the website for maintenance or any other reason, and is not liable for any interruption or downtime.
- The Company is not obligated to provide prior notice before temporary suspension of access, though users may be notified when possible.
- The Company is not responsible for any losses resulting from service interruptions or downtime.
Promotional, Marketing, and Awareness Messages
The company reserves the right to send awareness messages only to customers who have provided their prior consent to this policy, and no marketing messages shall be sent, whether directly or indirectly
Service Providers
The Company may collaborate with external parties to support, develop, or enhance its services, ensuring that all engagements comply with personal data protection requirements and applicable legal and regulatory standards. The Company works exclusively with competent and reliable service providers, governed by contracts that include clear obligations regarding the protection and processing of personal data in accordance with relevant regulations. The Company also conducts periodic reviews and assessments to ensure that these parties adhere to privacy and security standards. Service providers are contractually obligated to implement adequate safeguards, including confidentiality, purpose limitation, security measures, incident notification, prior approval for subcontracting, and accountability.
Children’s Privacy
Our services are not directed to children and are intended only for companies and adult users.
Changes to the Privacy Policy
The company reserves the right to modify or update this privacy policy at any time, in compliance with applicable regulatory requirements. Users will be notified of any material changes through official channels, such as email or platform notifications. Continued use of the company’s services after the publication of updates constitutes implicit acceptance of the updated policy.
Data Retention
We retain your data only for as long as necessary for the purposes it was collected or as required by law.
- Retained as long as necessary to achieve the purpose for which it was collected.
- Retained to meet any legal or regulatory requirements.
- Data is retained for no more than ten (10) years from the end of the contractual relationship, unless regulations require a longer period, after which data is securely deleted or destroyed.
Specifically:
- Company Data (e.g., customer registration details, transaction records within the platform) may be retained in line with regulatory requirements and internal policies, up to the maximum period defined above.
- Bank Data (e.g., credit information or financing eligibility details retrieved from the bank) is accessed temporarily upon the customer’s request via the platform. Such data is retained only for the duration specified in the request and is securely deleted immediately once that period expires, ensuring no long-term storage within the company’s environment.
- If the execution of a personal data correction request requires supporting documents from the data subject, the company retains these documents in the client’s file in accordance with regulatory requirements in Saudi Arabia, including Saudi Central Bank instructions, and no documents are deleted before the statutory retention period expires, even if the verification purpose has been completed.
Contact Us
- Email: info@datainsights.sa
- Address: Data Insights, 2nd Floor, Building 4206, King Salman bin Abdulaziz Road, 6959, Al-Qirawan District, 13532, Riyadh, Saudi Arabia
- Official social media: via the company’s verified accounts
- Online platform: https://datainsights.sa
By using our services or registering with us, you explicitly acknowledge and consent to the collection, processing, and use of your personal data in accordance with this policy. You may withdraw your consent at any time via contact channel or personal page.
Disclaimer
This privacy policy does not create any contractual rights of any kind or any other legal rights, nor does it impose any financial obligations on the company toward any party or on behalf of any party. When accessing third-party websites, this privacy policy does not apply to those sites, and we are not responsible for their content or actions, nor do we represent any third party you may interact with.