According to Data Privacy Principles for ICT from CITC, Salam creates this policy to commit to the regulator’s requirements. This policy aims to maintain personal data privacy for users and protect their rights according to international best practices.
This policy covers all Salam services or products that contain personal identifiable information (PII) and is applied to Salam (employees, contractors, and customers) and third parties that interact with personal data.
Procedures of launching services or products that contain user personal data or sharing personal data:
- Must do the following steps before launching services or products that depend on user personal data or sharing personal data:
- Verify the need for doing a “privacy impact assessment” on Privacy Impact Assessment Procedure (Data Privacy Initial Screening Questions Table) and document the verifying result.
- CITC must be informed when launching services or products that depend on user personal data or sharing personal data using CITC Notice Form
Essential principles to maintain personal data privacy for users
- Salam commits to formally process personal data and ensure processing result is not affecting negatively the personal data owners.
- Salam commits to process personal data for specific and clear purposes for the user.
- Salam commits to collect minimum personal data to achieve processing purposes.
- Salam commits to not retain personal data for more than the specified duration that achieves the purposes of the data processing.
- Salam commit to protect personal data to ensure its privacy and prevent unauthorized access, leakage, tampering or any misuse.
Service Provider Commitments
- Salam commits to develop, execute and maintain a program that protects data privacy for users, and shall cover the development, documentation, and execution of policies and procedures related to maintain personal data privacy and maintain its compliance.
- Salam commits to process the personal data within Saudi Arabia. Salam must acquire CITC approval before any project to process user data outside of Saudi Arabia.
- Salam commits to retaining personal data for specific purposes and durations based on CITC regulations.
- Third-party compliance checks must be performed by Salam on regular basis to maintain personal data privacy compliance.
- In case of user data leakage, Salam commits to report to CITC immediately through approved CITC mechanisms.
Users’ rights regarding their data
- User personal data should not be processed without data owner consent, which can be withdrawn at any time.
- Salam should enable users to access their data at any time and allow users to correct it if required, e.g. in case of wrong or inaccurate data.
- Salam should enable users to get an electronic copy of their data as per CITC regulations.
- Salam should enable users to withdraw their consent to the processing of personal data by calling Salam Contact Center at 8005000000.
The Purpose of using personal data
- To register in any of our services.
- Customer ID verification and information update.
- Marketing and bundles campaigns
- To contact customers for resolving complaints or any inquiries.
- To enhance our services and products and improve them based on customers’ needs.
- To comply with legal and regulatory requirements.
Collection of Data
Types of collected personal data for the mentioned purposes such as:
- Name, ID number, Phone number, Nationality, Address, Email, Date of Birth, …etc.
- Customers National Address.
Types of collected non-personal data for the mentioned purposes such as:
- Cookies to be used to enhance customer experience while using our website.
- Services devices data such as: Serial number, Model number, MAC.