Data protection

- Personal Data Protection -

Personal Data Protection

At Jisr Al-Sidad, regarding the collection of financing entity debts, we are committed to protecting personal data and ensuring its confidentiality in accordance with the highest standards of compliance and governance, and in line with the laws and regulations in force in the Kingdom of Saudi Arabia

We believe that protecting information is not just a regulatory obligation, but a professional and ethical responsibility that reflects the trust our clients and partners place in us

1- Scope of the policy

This policy applies to all personal data collected, processed, or stored through:

  • agreements with financing entities

  • debt management and collection operations

  • telephone or electronic communication

  • the company website

  • technical systems used for file management

2- Types of data we may process

Depending on the nature of the file, personal data may include:

  • Identity data

  • Contact data

  • Financial data related to the debt file

  • Contractual and legal obligation data

  • Communication and follow-up records

These data are collected solely for legitimate purposes related to collection activities and portfolio management

3- Legal bases for processing

Personal data is processed based on one of the following legal bases:

  • Existence of a contractual relationship

  • Compliance with regulatory or statutory requirements

  • Execution of legal proceedings

  • Pursuit of a legitimate interest within the scope of collection operations

Data shall not be used for any purpose outside the scope of the contract or regulatory requirements

4- Data protection and security

We adopt an integrated data protection system that includes:

  • Secure and encrypted technical systems

  • Restricted access permissions based on the principle of least privilege

  • Periodic system monitoring

  • Internal policies binding on employees

  • Binding confidentiality agreements for all employees

Employees are also periodically trained on data protection and information security requirements

5- Data sharing

Personal data is only disclosed in the following cases:

  • To competent judicial or regulatory authorities

  • To service providers bound by formal contracts

  • In accordance with binding regulatory requirements

In all cases, disclosure is limited to the minimum necessary to achieve the legitimate purpose

6- Data Retention

Personal data is retained for a period commensurate with the purpose of its collection, or as required by regulatory requirements. Once the regulatory necessity has ended, it is securely destroyed or archived

7- Data Subject Rights

We respect the rights of personal data subjects, which may include, in accordance with applicable regulations:

  • The right to know how data is collected and processed

  • The right to request the correction of inaccurate data

  • Request to update data

  • The right to request access to data within the regulatory framework

Requests may be submitted through the official communication channels specified below

8- Data Protection Officer

The company is committed to appointing an officer or internal supervisory body to monitor compliance with data protection requirements and ensure the continuous implementation of this policy

Scroll to Top