Privacy policy

Personal Data Privacy Policy

 

Purpose

According to Data Privacy Principles for ICT from CITC, Salam creates this policy to commit to the regulator’s requirements. This policy aims to maintain personal data privacy for users and protect their rights according to international best practices.

Scope

This policy covers all Salam services or products that contain personally identifiable information (PII) and is applied to Salam (employees, contractors, and customers) and third parties that interact with personal data.

Policy

Procedures for launching services or products that contain user personal data or sharing personal data:

  • Must do the following steps before launching services or products that depend on user personal data or sharing personal data:
  •  
    • Verify the need for doing a “privacy impact assessment” on Privacy Impact Assessment Procedure (Data Privacy Initial Screening Questions Table) and document the verifying result.
    • CITC must be informed when launching services or products that depend on user personal data or sharing personal data using the CITC Notice Form

Essential principles to maintain personal data privacy for users

  • Salam commits to formally process personal data and ensure processing result is not affecting negatively the personal data owners.
  • Salam commits to processing personal data for specific and clear purposes for the user.
  • Salam commits to collecting minimum personal data to achieve processing purposes.
  • Salam commits to not retain personal data for more than the specified duration that achieves the purposes of the data processing.
  • Salam commits to protecting personal data to ensure its privacy and prevent unauthorized access, leakage, tampering, or any misuse.

Service Provider Commitments

  • Salam commits to develop, execute and maintain a program that protects data privacy for users and shall cover the development, documentation, and execution of policies and procedures related to maintaining personal data privacy and maintaining its compliance.
  • Salam commits to develop, approve and publish a personal data privacy policy, which must include types of processing on data, the purpose of processing if third parties are part of data processing, data retention duration, data protection security controls, users’ rights regarding their data and how they use these rights.
  • Salam commits to processing personal data within Saudi Arabia. Salam must acquire CITC approval before any project processes user data outside of Saudi Arabia.
  • Salam commits to retaining personal data for specific purposes and durations based on CITC regulations.
  • Third-party compliance checks must be performed by Salam on regular basis to maintain personal data privacy compliance.
  • In case of user data leakage, Salam commits to report to CITC immediately through approved CITC mechanisms.

Users’ rights regarding their data

  • User personal data should not be processed without data owner consent, which can be withdrawn at any time.
  • Salam should enable users to review the personal data privacy policy before making processing their data.
  • Salam should enable users to access their data at any time and allow users to correct it if required, e.g. in case of wrong or inaccurate data.
  • Salam should enable users to get an electronic copy of their data as per CITC regulations.
  • Salam should enable users to withdraw their consent to the processing of personal data by calling Salam Contact Center at 8005000000.

The Purpose of using personal data

  • To register for any of our services.
  • Customer ID verification and information update.
  • Marketing and bundles campaigns
  • To contact customers for resolving complaints or any inquiries.
  • To enhance our services and products and improve them based on customers’ needs.
  • To comply with legal and regulatory requirements.

Collection of Data

Types of collected personal data for the mentioned purposes such as:

  • Name, ID number, Phone number, Nationality, Address, Email, Date of Birth, …etc.
  • Customers' National Address.

Types of collected non-personal data for the mentioned purposes such as:

  • Cookies to be used to enhance customer experience while using our website.
  • Services devises data such as Serial number, Model number, and MAC.