Privacy Policy

Your privacy is important to us at neotek. We respect your privacy regarding any information we may collect from you across our website.

Introduction

neotek (“we” or “our”) is committed to protecting your personal data. This privacy notice (“Notice”) is addressed to the individuals based in the Kingdom of Saudi Arabia (“KSA”).

This Privacy Notice will help you to understand what personal data we collect about you, why we collect and use (process) it and what we do with it.

We determine how and why your personal data is collected and used. Therefore, we act as the controller of your personal data under the KSA Personal Data Protection Law approved by the Royal Decree No. 19/m, dated 1443/2/9 (corresponds to 16 September 2021) (“Law”).

In case of any major changes in how we collect and process your personal data, we will notify you by updating this Privacy Notice, as relevant.

1. What is personal data and processing

What is personal data?

Personal data means any data by which you may be identified as an individual.

The personal data that we collect from you may be different, depending on the circumstances. For example, it may include the following:

first name, last name, address, contact details (e.g. phone number, email);
marital status, family members;
customer ID, national ID, passport, freelance number;
gender, photo;
job title, company name, industry;
financial details (salary, IBAN, credit card number, transactions details);
sensitive data, including information relating to your health, criminal records, religion;
recorded calls through the Customer Care Center;
online identifiers (cookies, IP address, browser type, language preference, time zone, referring URL, access date and time, operating system, mobile device manufacturer, and mobile network information).

What is processing?

Processing means doing anything with personal data, e.g. viewing, collecting, using, storing, sharing, modifying, printing, copying, archiving, erasing, etc.

2. What legal bases do we use for processing your personal data?

We will use a legal basis to process your personal data. This means we will have a legal justification to use your personal data, as required by the Law.

We may rely on the following legal bases to process your personal data under the Law:

Your consent (we will let you know on a case-by-case basis should we require your consent).
Processing achieves a definite interest for you, and it is impossible or difficult to contact you.
Processing is required by applicable laws and is performed in accordance with them.
Processing is performed in order to perform an agreement to which you are a party.
Processing is necessary for the purpose of our legitimate interest.

4. When, how and why do we process your personal data?

We may process your personal data in many ways. We will choose particular ways of processing your personal data depending on the purpose of processing, as specified below. The ways of how we may process your personal data may include viewing, collecting, using, storing, sharing, modifying, printing, copying, archiving, erasing, etc.

Please see below the types of possible processing activities and their purposes.

Purposes of processing activities

1. Maintenance and development of our business

We process your personal data to:

arrange internal and external communications in relation to our business;
identify potential customers and generate leads;
negotiate, conclude and perform contracts with you, our contractors and other business partners;
provide customer support, handle your requests and complaints received from various channels (e.g. website, email, social media accounts, IVR);
managing invoicing, billing, finance, cash management;
comply with regulatory requirements applicable to you and to us (e.g. handling SAMA requests);
ensure monitoring and reporting, including internal audits; and
detect and prevent fraud, report spam.

Collecting and processing your personal data is mandatory in order for us to provide high quality services to you.

Please note that if we do not complete the collection of personal data for the above purposes, we will not be able to provide you with a high level of service.

As for the method of collecting your personal data (including sensitive data, e.g. political beliefs) — we may collect it directly from you, automatically (from browsers, devices and servers), and, in some circumstances, from third parties, for example, banks, digital wallets, our reselling partners, government and semi-government entities, etc. We will collect your personal data from such third parties only in cases specified in section 5 below.

If there is a change in your personal data, please let us know as soon as possible by contacting Privacy@neotek.sa.

6. Your rights in relation to processing of your personal data

In accordance with the Law, you may exercise the following rights:

1. Right to be informed

You have the right to be informed of the valid legal or practical justification for collecting your personal data, and details about processing of your personal data (e.g. categories of personal data processed, purpose for collecting your personal data, the period for which the personal data will be stored, etc.).

2. Right to have access to your personal data

You have the right to have access to your personal data that is held by us.

3. Right to obtain personal data

You have the right to request your personal data held by us in a readable and clear format.

4. Right to request correction, completion of personal data

You have the right to request correction, completion or updating of your personal data which is held by us.

5. Right to request destruction of personal data

You have the right to request destruction of your personal data available to us, which is no longer required by us (subject to compliance of the requirements of the Law).

6. Right to withdraw consent

You may at any time withdraw your consent to processing of your personal data (if other legal bases for processing are not used).

We inform you that you may submit a complaint to the Competent Authority, if you believe your rights have been violated.

Please contact us if you would like to know more about your rights or if you would like to exercise any of them: Privacy@neotek.sa.

7. Storing personal data

We will arrange safe storage of your personal data in our information systems in the Kingdom of Saudi Arabia.

We will determine the period of storage of your personal data in accordance with our Data Retention Policy. In particular, when determining the period of storage of your personal data we will take into account:

requirements to the storage period, as such requirements are specific in applicable laws and regulations;
specific purposes for which we require your personal data.

8. Disclosure of your personal data

We may, as could be required for the purposes listed in section 4 above, disclose your personal data to the following organizations:

any member of our group;
current or potential suppliers, subcontractors in the ordinary course of our business (e.g. payment gateways, etc.);
current or potential business partners in the banking and financial sector or other third parties involved in the management of our business (e.g. open banking certified companies or non open banking companies, TPPs, reselling partners, etc.);
any applicable regulatory authorities (governmental and other public bodies, for example, SAMA) or other third parties as could be required by law or in accordance with other regulatory obligations or policies applicable to us or to you.

We may disclose your personal data in the following cases:

You consent to the disclosure.
Your personal data has been collected from a publicly available source.
The entity requesting disclosure is a public entity, and the collection or processing of your personal data is required for public interest or security purposes, or to implement another law, or to fulfill judicial requirements.
The disclosure is necessary to protect public health, public safety, or to protect the lives or health of specific individuals.
The disclosure will only involve subsequent processing in a form that makes it impossible to directly or indirectly identify you.
The disclosure is necessary to achieve our legitimate interests (in this case no sensitive data (e.g. health data) will be processed).

When providing your personal data to our group companies and/or legal entities with whom we have contractual relations, we request a confirmation of the security measures these legal entities take to protect the personal data we provide. We do not share the personal data with public authorities or other third parties without a proper lawful request of the authorities.

We make best efforts to ensure we have relevant contractual agreements in place with the parties with whom we share your personal data and that they comply with the data protection requirements of neotek.

9. Cross-border personal data transfers

We don’t transfer your personal data for processing outside of the KSA. If we may be required to transfer your personal data for processing outside of the KSA in the future, we will comply with the requirements of the Law regarding the cross-border personal data transfers, as well as with the requirements of other laws and regulations, where applicable.

10. Protecting personal data

We protect your personal data by using a range of methods, procedures and techniques. For example:

we have assigned the responsibility for the organisation of personal data processing to specific employees;
we have in place policies and procedures in the area of protection of personal data to ensure that our personal data processing activities comply with the Law;
we have implemented the necessary organizational and technical measures to protect personal data (access control, encryption);
we have organized a process of receiving and controlling the processing of data subjects’ requests;
we keep up to date the Records of Processing Activities (RoPA);
we carry out a Data Protection Impact Assessment (DPIA) for personal data processing activities that result in a high risk;
we ensure security of third parties (controllers, processors, joint controllers);
we carry out planned and unscheduled audits of personal data processing activities.

11. Disposal of personal data

If we no longer need your personal data and if we do not have any legal basis to hold it further, we will arrange its erasure (destruction), anonymisation or return to you (unless we must return it to any other entity based on our legal obligations).

We will ensure that:

in case of anonymisation: you will not be further re-identified after anonymization;
in case of erasure (destruction): the personal data will not be reconstructed after it was erased.

12. Withdrawal of consent

In some cases, we may request your consent to processing of your personal data (e.g. for marketing purposes). When we request your consent, we will also explain to you how you can withdraw your consent. If you have any questions regarding the consent that you may provide to us (or already provided), as well as how you can withdraw it — you may contact us with the use of the contact details specified in the “Contact details” section of this Notice.

13. Cookies and web analytics

We use cookies to understand how you interact with our services, collect information about visits, and to enhance performance of our website. Most cookies do not collect information that identifies you, but collect general information (entry method, use of our website) instead.

You can manage cookies, which are placed on your devices (tablet, smartphone, PC, etc.): delete cookies, set permissions for them, and withdraw your consent to our use of cookies. Instructions for deleting or blocking cookies are available in the help pages of your browser (Google Chrome, Internet Explorer, Opera, Mozilla Firefox, Safari).

We use Google Analytics services on our website. On our behalf, Google Inc. service owners analyze the ways users interact with the website. This is done to assess our website performance and improve its functionality in order to create high-quality content and services for you.

You can refuse to provide this information by downloading and installing the Google Analytics Opt-out Browser Add-on.

You should be aware that in this case some functions and services will not be able to work properly.

14. Automated decision-making

We do not make any decisions that cause legal consequences in relation to you or in any other way affect your rights and legitimate interests based solely on the results of automated personal data processing.

15. Contact details

If you have any questions or comments regarding our use of your personal data, please contact us by using the following contact details: Privacy@neotek.sa.

16. Linking to other websites

Our website or marketing email messages sometimes include links to other websites which are not within our control. Once you have left our website / marketing email message, we cannot be held responsible for the content of other websites or the protection and privacy of any information which you provide to those websites. You should exercise caution and look at the privacy notice applicable to the website in question.