Privacy Policy

Website Privacy Notice

YANAL Finance Company

By accessing or using YANAL’s services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.

Contact Details

Involved Department/Team:

Customer Care

Address:

YANAL Finance Company, Prince Fawaz Bin Abdul Aziz Street, Postal code 12813, Riyadh 7997, Kingdom of Saudi Arabia 

Phone Number:

8001244555

E-mail:

data.protection@yanal.com 

Date of Last Update

The Privacy Policy was last updated on October 2024

1. What is the purpose of this Privacy Notice?

This Privacy Notice informs you about how YANAL, as the controller of your personal data, manages, protects, and processes your personal data. It covers all personal data collected by YANAL whether obtained online or through other interactions, and covers data related to customers, suppliers, third-party vendors, and contractors.

We comply with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), enacted by Royal Decree No. (M/19) on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.

2. Who is the Controller of your Personal Data?

YANAL is the legal entity responsible for the collection, use, and protection of your personal data. As the data controller, we determine the purposes and means of processing your personal data.

3. What Personal Data do we collect about you?

At YANAL, we collect specific personal data from our customers and other stakeholders, such as: 

• From Customers
• Personal Information: Names, email addresses, phone numbers, addresses, vehicle registration (Istemara) numbers and customer identification numbers.
• Financial Information: Details related to financial transactions, credit data, and bank account information.
• Transaction Details: Transaction history, payment information, and billing records.
• Address Details: Physical addresses are used for billing, legal, asset management and recovery processes.
• Online Interaction Data: Information collected through online interactions, including online form, browsing history, preferences, IP addresses, cookies, device type, and operating system.
• Feedback and Survey Data: Information provided through customer feedback, surveys, and reviews.
• Security Information: CCTV footage captured on YANAL premises for the safety and security of customers and staff.
• Customer Service Interaction Records: Records of communications with customer service, including call recordings and email logs.
• From Business Partners (Suppliers, Contractors, and Third-Party Vendors)
• Personal Information: Names, email addresses, phone numbers of business representatives.
• Professional Information: Job titles, professional qualifications, and their roles within their organization.
• Financial Information: Bank account details, transaction data, and payment records.
• Engagement Records: Details of interactions and engagements with YANAL, including inquiries, feedback, and service provisioning.
• Legal Data: Contract details, compliance documents, and legal correspondence with YANAL.
• From Visitors
• Personal Information: Names, email addresses, phone numbers, Iqama ID, and Passport details of visitors at YANAL premises or events.
• Security Information: CCTV footage and other security measures used to monitor and control access to facilities, ensuring safety for all visitors and staff.
  
  

4. How do we Collect your Personal Data?

YANAL employs various methods to collect personal data, ensuring accuracy and compliance with legal regulations, such as:

• Direct Collection: Through customer interactions on our website, at office premises, marketing surveys, and customer service interactions.
• Automated Collection: Using cookies and similar tracking technologies that collect information about your interactions with our website and applications.
• Third-Party Sources: We may receive your personal data from our business partners, external agencies and public sources to facilitate and enhance the services we offer. 
  
  

5. How do we use your Personal Data?

YANAL utilizes the collected personal data for the following purposes, aligned with our operational, regulatory, and strategic objectives:

• Providing Services: We use your personal data to manage your accounts, process transactions, and provide the financial services that you have requested from us. This includes maintaining records of your financial interactions and ensuring the accurate and timely delivery of our services.
• Customer Support: We use your personal data to assist you with inquiries, resolve any issues related to our services, and improve overall customer experience. This includes data collected through your interactions with our customer service teams.
• Marketing and Communication: With your consent, we collect and use personal data to enhance our marketing and communication strategies, focusing on establishing and maintaining relationships with customers, business partners, third-party vendors, and prospects.
• Compliance and Legal Obligations: We use your personal data to fulfill our legal obligations, such as complying with applicable financial regulations, tax laws, and other legal requirements in the Kingdom of Saudi Arabia. This includes sharing your data with regulators, auditors, or other authorities when necessary.
• Fraud Prevention and Security: We use your personal data to ensure the security of our services, including detecting and preventing fraud, unauthorized access, or illegal activities. This may involve monitoring and analyzing activity on our platforms to ensure the integrity of our services.
• Business Operations: We use your personal data to support day-to-day business operations, including managing our internal administrative processes, reviewing financial transactions, and conducting audits and risk assessments.
  
  

6. What are the Legal Bases for Processing your Personal Data?

YANAL processes personal data based on several legal grounds to ensure compliance with the personal data protection law:

• Consent: We obtain explicit consent for certain processing activities, especially those not directly related to the fulfillment of contracts or legal obligations. You have the right to withdraw your consent at any time, and this will not affect the lawfulness of processing based on consent before its withdrawal.
• Contractual Necessity: Data is processed as necessary for the performance of a contract to which you are a party, or to take steps at your request before entering a contract. This applies when we process your data to provide financial services, manage your accounts, and handle transactions as part of our contractual obligations.
• Legal Obligation: YANAL processes your personal data to comply with legal and regulatory obligations. This includes meeting the requirements of financial regulators, fulfilling tax obligations, and responding to lawful requests from government or law enforcement authorities.
• Legitimate Interests: We may process your personal data where it is necessary for the purposes of our legitimate interests, provided that these interests are not overridden by your fundamental rights and freedoms. This includes processing data for security purposes, fraud prevention, business analysis, and improving the quality of our services.
• Vital Interests: In rare cases, we may process personal data necessary to protect the vital interests of individuals, such as in situations requiring urgent medical attention or emergency situations.
  
  

7. How do we protect your Personal Data?

At YANAL, safeguarding your personal data is a priority that we take very seriously. We are committed to implementing comprehensive security measures—both technical and organizational—to protect your data from unauthorized access, alteration, and misuse. These measures are in line with industry best practices and applicable legal requirements, ensuring the highest level of data protection.

Organizational Security Measures:

• Data Privacy Policies and Training: We enforce comprehensive data privacy policies and ensure that all employees are trained regularly on the importance of personal data protection and security best practices.
• Confidentiality Agreements: All our employees, contractors, and third-party service providers are required to sign confidentiality agreements that bind them to maintain the secrecy and security of all personal data.
• Physical Security: Our facilities are secured with ID cards and constant surveillance to ensure that only authorized personnel can access data sensitive areas. Trained security personnel are stationed to monitor our premises around the clock.
• Vendor Management: Third-party vendors are rigorously screened and bound by contracts that enforce our data protection standards. Trained security personnel are stationed to monitor our premises around the clock.
• Incident Response Management: A structured incident response protocol is in place, detailing procedures for addressing any data security incidents. This includes immediate actions to manage and contain potential breaches and ensuring proper escalation and response without undue delay.
• Employee Endpoint Security: We strictly limit access to personal data to authorized personnel only, based on their role and necessity to engage with the data.
• Cloud Security: Cloud services used by YANAL are protected by strict security protocols, including data encryption and robust access controls.
• Network Security: We maintain a secure network environment using firewalls, intrusion detection systems, and conduct regular network security assessments.

8. Who do we share your Personal Data with?

YANAL shares your personal data with specific categories of recipients to facilitate business operations and comply with legal requirements:

• Service Providers: Third-party companies that provide services on our behalf, such as payment processing, email delivery, and hosting services.
• Government and Regulatory Authorities: To meet legal obligations, YANAL may share personal data with government bodies, regulatory authorities, and law enforcement agencies.
• Financial Institutions and Payment Processors: For handling transactions, processing payments, and managing financial operations related to our services.
• Professional Advisors: Law firms, auditors, and consultants that provide legal, financial, and compliance services to ensure we meet regulatory requirements and manage our business effectively
• Contractors and Subcontractors: External service providers, such as IT support, maintenance teams, and specialized consultants, perform specific tasks for YANAL. They are contractually obligated to protect your data in line with YANAL’s privacy standards.

Third-Party Transfers

Data shared with third parties is strictly governed by privacy agreements that ensure these parties adhere to confidentiality and data protection standards comparable to those followed by YANAL.
We ensure that:

• All third parties are carefully vetted and bound by contractual safeguards such as Data Processing Agreements (DPAs) to ensure data protection.
• Data transfers are limited to what is necessary for the services they provide.
  
  

9. How long will your Personal Data be retained by us?

YANAL retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Here’s how we determine retention periods for different types of personal data:

• Operational Necessity: We retain your data for as long as needed to provide you with services and to conduct our business operations efficiently.
• Legal Compliance: Certain types of data are retained for specific periods as required by law or other regulatory guidelines.
• Communications: Data used for communication purposes is kept until you request that we stop contacting you. After this point, your data will be securely deleted.

Upon expiration of the retention period, personal data is securely deleted or anonymized, ensuring it can no longer be linked back to an individual.

10. How do we use Cookies?

At YANAL’s Corporate Website, we utilize cookies to enhance your experience, maintain the functionality of our websites, and improve our services:

• Essential Cookies:

These cookies are necessary for basic website functions like storing login details, checking browser support for cookies, and ensuring security features work properly.

11. What are your Rights regarding the processing of your Personal Data?

At YANAL we respect your privacy and provide you with the ability to exercise them according to the Kingdom of Saudi Arabia’s Personal Data Protection Law (KSA PDPL). Following are the rights available to you:

• Right to be Informed

You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Policy or contact us for further information.

• Right to Access to Your Personal Data

You have the right to access your personal data that we hold through means provided by us that allow for automatic access without needing to make a formal request.

• Right to Request Access to Your Personal Data

You can request to obtain your personal data held by YANAL at any time and obtain a copy of this data in a clear and readable format.

• Right to Correct Personal Data

If you find that any of the personal data that we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or update.

• Right to Request Destruction of Personal Data

You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal and regulatory requirements.

• Right to Withdraw Consent

You may withdraw your consent for the processing of your personal data at any time, unless there is a legal basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal.

• Right to File a Complaint

If you believe that YANAL has not complied with the Personal Data Protection Law, you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).

• Right to Claim Compensation: 

You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.

12. How Can You Exercise Your Rights?

To exercise any of these rights, please contact us via data.protection@yanal.com.  

We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights). 

You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.

13. What if you have questions or want further information?

For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at YANAL using the below mentioned contact details.

Complaint or Objection Filing Method

If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel: 

Email: data.protection@yanal.com

If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).

SDAIA Address: 

Kingdom of Saudi Arabia, Riyadh

SDAIA Website:

Saudi Data & AI Authority (sdaia.gov.sa)

National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)

14. Changes in Privacy Notice

YANAL reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations.