Privacy Notice

Geidea Co for Technology is a company incorporated and organized under the laws of the Kingdom of Saudi Arabia, with its registered address at Canary Center 7304, Al-Sulaimaniyah Dist., Riyadh 122431, Kingdom of Saudi Arabia, was established under Commercial Registration No. 1010332533 on 26/04/1433H.

Will be referred to hereinafter as (“Geidea”, “we”, “our”, or “us”).

This Privacy Policy outlies how Geidea collects, uses, and discloses personal data collected through websites and mobile applications owned and operated by Geidea that link to this Privacy Policy, such as the Geidea mobile app and any other interactions (e.g., customer service and other communications) that you may have with Geidea (collectively, the “Services”). Geidea is the owner of www.geidea.net (Geidea Website), Geidea APP and is the user of certain branded pages on various online platforms (such as Facebook, Instagram, LinkedIn etc.).

This Privacy Policy has been prepared in accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia and the guidelines of the Saudi Data & AI Authority (SDAIA). This policy aims to clarify the data collected from you, the reason for its collection, and how it is processed and protected throughout its retention by Geidea.

This privacy notice applies to all sectors and business units in the Company. All Company staff, contractors, and vendors working either on a permanent or temporary basis are obliged to follow the outlined standards.

You can contact us via various available channels, using the below contact details.

Contact Details

Involved Department/Team: Data Management Office.

Address: Canary Center 7304, Al-Sulaimaniah Riyadh 122431.

Phone Number: 011 465 2881

E-mail: gdmo@geidea.net

License or Commercial Register: 1010332533

Date of Last Update

Effective Date 14 Sep 2024 Please be aware that this Privacy Notice will be updated from time to time to recognize any changes in privacy law or modifications to regulations the Group must comply with.

What Personal Data We Collect and Use:

In order to provide our customers with excellence in our services it is necessary for Geidea to collect their Personal Data. Below is a non-exhaustive list of some Personal Data the company may use:

  1. Personal Data required when registering with our services including:
    • Personal details, for example: name, date of birth, nationality, Country of residence and ID number and contact preferences.
    • Contact details, for example: mobile number, email and national address
    • Contact details for the purposes which you have given the company consent: phone number, e-mail address.
    • Customer Service Interactions: Data exchanged with the company when using our customer support services or any data provided as feedback or from web surveys
    • Social Interactions: Data provided when using social media to interact with the company.
  2. The user may be referred or registered on the Website by a third party, such an agent. As such, the user will provide to the third party and the third party will provide to Geidea the personal data referred to at point above.
  3. Data required for you to use of our services, website or mobile app (such as cookies and usage data).
  4. Data exchanged during communications with you (such as customer support requests and feedback from you).
  5. Data required to improve operational services and resolve devices related complaints (such as merchant location data).

How We Collect Your Personal Data:

We may collect personal data directly from you using different ways, including:

  1. Product and Services – When you register, use or sign a contract to become our customer and use one of our products or services.
  2. Direct Interactions – When you complete a form and send it to us via our website, mobile apps, by email, post or via a phone call to our call center. This includes any personal data you provide to us when making an enquiry or taking part in a promotion.
  3. Social Media Interactions - Any posts and interactions you have directly with us on social media channels.
  4. Browsing: Data about how you are using our web site, including the date and time of your visit, the type of Internet Browser you use and how you were referred to our web site.
  5. Web Surveys: Our online web surveys enable us to gather specific data regarding issues such as your feedback on the look and feel of our website and mobile apps. Additionally, we may also request information on several elements of our Customer Service. Your feedback is vital, appreciated and enables us to enhance the quality of Customer Service we provide. The provision of your name and other details is optional.

We also obtain some Personal Data Indirectly from the following sources:

  • Cookies Technologies.
  • Automatic Collection of Information.
  • Website Analytics.
  • Interconnection With Another Entity

What is the Purpose of Collection?

To provide you with the highest standard of service and products, we collect and use your personal data.

The purposes of this data collection including but not limited to:

  1. Enabling us to develop, enhance, market and/or deliver products and services to geidea customers.
  2. Enabling and supporting our operation and systems to ensure continuity and quality to our services and provide accurate billing and enable us to process payments for products and services.
  3. Understanding your needs as customers and your eligibility for products and services and recommend products and services that would be relevant to you.
  4. Communicating new products and services launched.
  5. Resolving any queries or complaints you may have and allows us to provide you a personalized customer experience across all our channels.
  6. Personal data is also used for sending important information and notices to users, such as changes in GEIDEA policies, notifications related to the transactions the user enters into with GEIDEA and / or notifications of unwanted events such as Website breakdown / crashes, attempts of fraud on our Website, etc.
  7. Provide reports to third parties and/or our enterprise clients where such reports don’t contain any personal information about you or any information that may identify you as a person in accordance with local privacy regulation
  8. For Credit Checks in certain scenarios e.g. when contracting for any new products or services, and we sometimes supplement the information we collect about you with information from other sources to assess the accuracy of the information that we hold e.g. data from governmental entities, like Wathiq, Lean, Nafath ..etc.
  9. For Fraud Prevention where we process your traffic data in order to protect against and detect fraud, to protect and detect misuse or damage to our operations, to recover debts or trace those who owe us money resulting from the use of our services.

How do we use your Personal Data?

We use your personal data in a variety of ways to provide the Services and to operate our business. In particular, we may use your personal data to:

  1. Provide the information and Services you request.
  2. Provide you with effective customer service.
  3. Personalize your experience and our communications with you.
  4. Contact you with operational information and notices related to your use of the Services.
  5. Comply with any procedures, laws, and regulations where necessary for our legitimate interests or legitimate interests of others.
  6. To fulfill the requirements for your registration and to provide you with our services and products.
  7. To enable you to use our services, website, or mobile app.
  8. To address the support requests Geidea receives from you.
  9. To improve operational services and resolve complaints related to our services or devices.
  10. For any other purpose with your consent.

Personal Data Protection and Disclosure:

We take the protection of your data very seriously and will employ appropriate organizational and technical data protection and security measures and procedures – including internal audit, external audit, training of staff and contractors on privacy and reporting to our audit and data governance steering committees and regulatory authorities – to safeguard your data from any unauthorized disclosure or processing.

geidea always maintains the privacy and confidentiality of all personal data collected. Such data may only be disclosed or shared when approved and required by law, or when we believe that such action is necessary or desirable to provide products and services, or technical support and according to Why We Collect and Use Your Personal Data section.

Geidea does not rent, sell, exchange, or transfer your personal data to third parties outside of Geidea or partner companies without your permission unless it is collected without identifiers on an aggregated basis for analytical purposes, studies, reports with adherence to personal data protection acts and regulations in the Kingdom of Saudi Arabia. Additionally, we may share information with trusted third parties who assist in operating our website, conducting our business, or providing services to you, provided they commit to maintaining its confidentiality.

Therefore, Geidea will not disclose your personal data without your consent except under the following circumstances where the entity requesting disclosure is a public entity and in which case the data will be shared in strict accordance with the controls and procedures set out in the Personal Data Protection Law of the Kingdom of Saudi Arabia:

  • for security purposes
  • to implement another law
  • to meet judicial requirements
  • to protect public health or safety
  • to protect the life or health of a particular individual(s).
  • Sharing with a debt collection agency, credit bureau or insurance business to protect the interests of the Group and to prevent instances of fraud or any other illegal practices.
  • Sub-processing some or all of your contracted services with Geidea for better delivery of those services, for example but not limited to courier businesses or identity verification service providers.

Where do we process information about you?

We may need to transfer personal information about you to other companies in the Group or third parties located in KSA. If we send personal information about you outside KSA, we will make sure that such transfer is permitted by law and that your personal information is adequately protected as required by applicable law. This may include entering into a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) with the relevant parties to ensure that your personal information is handled securely and in compliance with applicable law.

Except for cases of extreme necessity to preserve the life or health of an individual, their vital interests, Geidea may not transfer personal data outside the Kingdom or disclose it to a party outside the Kingdom, unless this is in implementation of an obligation under a convention to which the Kingdom is a party, or to serve the interests of the Kingdom.

Legal Basis for Collecting and Processing Your Personal Data:

In accordance with the Personal Data Protection Law, the legal basis on which we rely in processing such data is:

  1. Your explicit consent. You can withdraw your consent at any time without affecting processing operations carried out based on other legal bases. To this end, You can reach the Data Management Office at Geidea using the contact details provided above.
  2. Contractual – to fulfil our service obligations to you.
  3. Legitimate interest - for activities such as certain types of marketing, preventing fraud and ensuring network and information security.
  4. Consent – for other activities such as information, sales & certain types of marketing.
  5. Legal obligation – to comply with government requirements including but not limited to, national security and protection of public health.
  6. Public Interest - for processing based on regulatory entities requests or for public interest purposes.

In addition, geidea may work with other entities to ensure quality of service is provided. If your personal data is disclosed to these entities, it shall be restricted to the purposes specified in this privacy notice for which you have provided consent.

How Long We Store Your Personal Data:

Your Personal Data will be stored for as long as necessary to fulfil the purpose for which it was collected unless required to be kept longer for compliance with another law, legal purpose e.g. fulfil judicial/court order, or by a regulatory authority’s rules and regulations to which the company must comply.

When stored geidea takes all reasonable steps to protect your Personal Data against misuse, loss, unauthorized access, modification or disclosure.

Archival of Personal Data is done in a secure environment and subject to company internal best practice and restrictions to protect it.

Destruction of your Personal Data is done using secure methods in a manner that prevents access or retrieval, as follows:

  • Digital Data Disposal: Digital data will be destroyed using secure deletion techniques, which overwrite the data multiple times before deletion to ensure it cannot be recovered. Alternatively, encryption methods will be used where the data is first encrypted, and then the encryption key is deleted, making the data irretrievable.
  • Paper Data Disposal: Paper documents containing personal data will be shredded using shredders that turn the documents into small pieces, ensuring that they cannot be reassembled or read.

geidea ensure data deletion after this necessary duration and avoid collecting third-party personal data unless required by law.

How Do We Protect Your Personal Data?

Geidea is committed to protecting your personal information. We apply strong security and privacy measures to protect your personal information from unauthorized access, use, loss, disclosure or destruction. We maintain up-to-date and modern security both technically and materially to protect you and company against loss or theft. This includes but is not limited to:

  • Protection against data breaches and malicious actors/hackers
  • Implementing relevant controls, standards, and rules as issued by the National Cybersecurity Authority to include best practices and cybersecurity standards
  • Any requirements mandated by the Saudi National bank (SAMA)
  • It must be noted the internet is not totally secure and the company cannot be held responsible for third-party or external links

Your Rights Regarding Processing of Your Personal Data

Under Personal Data Protection Law, you have the following rights, which primarily depend on the purpose of Personal Data collection and processing:

  • Right to Be Informed: You are entitled to be informed how we collect your personal data, legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed.
  • Right of Access to Your Personal Data: You have the right to request access to your personal data held by Geidea.
  • Right to Request Access to Your Personal Data: You are entitled to request access to your Personal Data held by geidea in a readable and clear format, consistent with the content of the records, in electronic format (when technically possible) or to provide a printed copy of it.
  • Right to Request Correction of Your Personal Data: You are entitled to request correction of your Personal Data that you believe is inaccurate, incorrect or incomplete.
  • Right to Request Destruction of Your Personal Data: You are entitled to request erasure of the Personal Data that is held about you, in certain circumstances only. Your deletion request will be balanced against our specific legitimate/legal ground for retention.
  • Right to Withdraw Your Consent for Processing Your Personal Data: You are entitled to withdraw your consent for processing your Personal Data at any time unless there are legal bases that require otherwise.
  • Right to Request Restriction of Personal Data Processing in Case of Inaccuracy: You have the right to request the restriction of processing your personal data until it is corrected if it is inaccurate, unless there are legal bases that require otherwise.

How can we effectively enable you to exercise your rights?

We would also like to inform you that you can exercise any of the rights outlined above by submitting a request regarding this matter and sending it to us. To make this request, please fill out the "Service Form" available [here] and attach it to your request. You can send it to the Data Management Office at Geidea or directly contact the Personal Data Protection Officer using the contact details provided below

Unless otherwise stipulated by the law, you will not be required to pay any fees in return for exercising this right. In case of submitting a request for exercising this right, you will receive a response within (30) as of the request receiving date.

Note: Please be informed that Geidea reserves the right to extend the timeframe for processing requests related to exercising the above-mentioned rights or those stipulated by the law. This extension may occur if the request requires unexpected or extraordinary efforts or if multiple requests are received from the same data subject. The extension period shall not exceed an additional thirty days. In such cases, Geidea is committed to notifying the data subject in advance about the extension and the reasons for it.

For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at Geidea using the below mentioned contact details.

Personal Data Protection Officer

Address: Riyadh - Al Sulaimaniyah Dist. - Prince Abdul Aziz Bin Musaid Bin Jalawi - Canary Center - Geidea Co - Data Management Office-Personal Data Protection Officer.

Phone Number: 011 465 2881

E-mail: gdmo@geidea.net

Contacting Geidea for Personal Data Requests

If you have a request regarding your personal data or wish to exercise any of your rights concerning this data, such as obtaining a copy of your data, modifying/correcting it, requesting its Destruction, or withdrawing a previously given consent, you can contact us through one of the channels listed below. Our specialized team will handle your request and update you with the results.

Feel free to select your preferred communication method:

How To File a Complaint or Objection?

If you have concerns or feel we are not complying with the Personal Data Protection Law, you can submit a complaint to Geidea Data Management Office using one of the communication channels outlined above.

If you are not satisfied with our handling of the complaint or if we do not respond within (30) business days from the date of receiving the complaint, you can escalate it to the relevant authority as detailed below:

Privacy Information Specific to Geidea Website and Mobile Apps Usage of Cookies

Geidea uses cookies and similar technologies to improve your experience on our website. :

  • Keeping you signed in.
  • Necessary for operation of the website.
  • Understanding how you use our website and mobile apps.