Introduction
Geidea Co for Technology is committed to protecting individuals’ privacy and maintaining the confidentiality of their personal data, while ensuring the provision of its services services in accordance with the highest standards of quality and compliance. This Privacy Notice has been prepared in accordance with the provisions of the Personal Data Protection Law applicable in the Kingdom of Saudi Arabia, as well as the relevant regulations, instructions, and guidelines issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
For the purposes of this Notice, the terms “Geidea”, “we”, “us”, and “our” refer to Geidea Technology Company, and the terms “you” and “your” refer to the person whose personal data is being processed in accordance with the provisions of this Notice.
This Notice aims to clarify the types of personal data collected by the Company, the legal bases relied upon for processing such data, the purposes associated therewith, and the technical and organizational measures implemented to ensure the protection and confidentiality of personal data.
Who We Are?
Company Name: Geidea Co. for Technology Company, a company established and organized in accordance with the laws and regulations of the Kingdom of Saudi Arabia
Commercial Registration No.: 1010332533, issued on 26/04/1433H.
National Address: Canary Center, 7304 Al Sulaymaniyah District, Riyadh 122431, Kingdom of Saudi Arabia.
For more details, please refer to the "Contact Sales" page.
To learn more about Geidea, please refer to our About Us
Categories of Data That May Be Collected
The categories of data that may be collected include, without limitation, the following:
- ✓Identification and personal data: including full name, date of birth, nationality, country of residence, national ID number or residence permit number, and passport number.
- ✓Contact data: National address, mobile number, email address.
- ✓Device Data: including device identifiers, Internet Protocol (IP) address, browser type, and geolocation data.
- ✓Financial data: including bank account number, IBAN number, payment records, and transaction details.
- ✓Sensitive Personal Data: including biometric data such as fingerprints or biometric verification characteristics used for identity verification and authentication purposes, which are processed in accordance with the applicable legal requirements.
- ✓Communication Data: Recorded phone calls, dates and durations of conversations, SMS records and emails.
- ✓Cookies Information: Our websites use cookies, which are a standard technology used to collect information relating to website usage. For more details, please refer to the "Cookies Policy."
- ✓Mandatory Data: The provision of certain personal data is necessary to enable us to provide our services and fulfill our regulatory obligations. Failure to provide such information may prevent us from providing some or all of our services.
- ✓Optional Data: Certain personal data is collected on an optional basis to enhance services and improve customer experience. You have the right not to provide such data without affecting the core services provided.
How Do We Collect Your Personal Data?
We collect your personal data through the following methods:
Direct collection of Data
- ✓When you register, sign a contract or use any of our products or Services.
- ✓When completing forms through our website or mobile applications, or when communicating with us via email, written correspondence, or by contacting customer service or sales teams, including inquiries, support requests, participation in surveys, or promotional offers.
Indirect collection of Data
- ✓We may collect certain personal data indirectly through cookies and similar analytical technologies used on our website.
- ✓Certain technical information may be collected automatically, including Internet Protocol (IP) addresses, device identifiers, and browsing behavior data, through website analytics tools and similar technologies.
- ✓We may collect certain personal data from third parties or publicly available sources, within the limits permitted by applicable laws, regulations, and instructions.
Legal Basis For Processing Personal Data
In accordance with the provisions of the Personal Data Protection Law (PDPL) and its Implementing Regulations, we process your personal data based on one or more of the following legal bases:
For any inquiries or further clarification requests, please contact us through the Official communication channels.
Performance or preparation of a contract: We process your information for the purpose of providing services in accordance with concluded agreements, maintaining necessary records, complying with legal and regulatory requirements, providing Geidea products and services, and responding to your requests and inquiries with the necessary support and follow-up.
Compliance with legal and regulatory obligations: We may process your personal data where necessary to comply with the laws, regulations, and instructions issued by regulatory authorities in the Kingdom of Saudi Arabia, including judicial orders, anti-fraud, anti-money laundering and counter-terrorism financing requirements, and regulatory obligations related to payment services.
Marketing and additional processing:
- ✓We will obtain your explicit consent before using your personal data for direct marketing purposes or for any processing activities that are not directly related to the original purpose for which your data was collected.
- ✓Your consent will be obtained through clear and specific opt-in mechanisms, and you will have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to such withdrawal.
- ✓We will not use your personal data for marketing communications or any secondary purposes unless we have a valid legal basis to do so in accordance with applicable data protection laws.
Use of personal data for other purposes: Your personal data will not be used for automated decision-making or profiling beyond the purposes stated above, except where permitted or required by applicable laws and regulations. Your personal data may also be processed in cases permitted by law without the need to obtain your explicit consent.
What Is The Minimum Data?
Geidea applies the principle of data minimization, whereby only the minimum amount of personal data necessary to achieve the purposes associated with the relevant service or process is collected. Where there is no longer a need to retain data that directly identifies its owner, we implement appropriate measures to anonymize or pseudonymize personal data to the extent reasonably practicable and in accordance with applicable legal and regulatory requirements.
With Whom Do We Share Your Personal Data?
We may share your personal data with the following parties, where necessary and in accordance with applicable laws and regulations:
- ✓Courts, government authorities, or regulatory bodies within the Kingdom of Saudi Arabia to comply with legal and regulatory obligations.
- ✓Licensed entities that provide credit information or insurance services.
- ✓Our affiliated companies and authorized service providers, for the purpose of delivering products and services to you, improving our offerings, enhancing your experience across our channels, and promoting relevant financial and investment products and services.
How long do we retain your personal data?
Your personal data will be retained only for the period necessary to fulfill the purposes for which it was collected, in accordance with the applicable legal, regulatory, and contractual requirements, in addition to audit and oversight requirements, anti-fraud and anti-money laundering purposes, dispute resolution, and ensuring business continuity.
Cross-Border Transfer of Personal Data
We may transfer or share your personal data outside the Kingdom of Saudi Arabia only in cases permitted under the applicable laws and regulations, and subject to regulatory approvals where required. Your prior consent will also be obtained when necessary in accordance with the applicable legal requirements. Any such transfer shall be carried out in accordance with legally approved mechanisms and in a manner that ensures the implementation of appropriate safeguards to maintain the security and confidentiality of your personal data.
How Do We Protect Your Personal Data?
- ✓We implement appropriate organizational, administrative, and technical security measures to protect your personal data from unauthorized access, disclosure, misuse, alteration, loss, or destruction.
- ✓Such measures include access controls, encryption, secure storage, monitoring mechanisms, and restricted access to personal data on a need-to-know basis.
- ✓We periodically review and strengthen our security controls to ensure the confidentiality, integrity, and availability of your personal data in accordance with applicable laws and regulations in the Kingdom of Saudi Arabia.
- ✓Personal data shared with authorized third parties or approved service providers shall be subject to appropriate protection measures, including contractual obligations, security controls, and confidentiality requirements, in a manner that ensures the protection of personal data in accordance with applicable laws and regulations.
What Are Your Rights Regarding the Processing of Your Personal Data
- ✓Right to be informed: You have the right to know how your personal data is collected, the purpose of its processing, the legal basis for such processing, and with whom it may be shared.
- ✓Right of access: You have the right to access your personal data.
- ✓Right to obtain a copy: You have the right to obtain a copy of your personal data held by Geidea in a readable, clear, commonly used electronic format or a printed hard-copy where technically feasible.
- ✓Right to rectification: You have the right to request the correction, completion or update of your personal data if it is inaccurate, incorrect or incomplete.
- ✓Right to request destruction: You have the right to request the destruction of your personal data in certain circumstances. Such requests will be balanced against any specific legal or regulatory ground for retention.
- ✓Right to withdraw consent: Where the processing is based on your consent, you have the right to withdraw that consent at any time, unless another legal basis requires otherwise. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Response time limit
Your request will be addressed within thirty (30) days of receipt. This period may be extended by up to an additional thirty (30) days, particularly in cases involving multiple requests. If an extension is required, you will be notified in advance and provided with the reasons for the delay.
Request Costs
Unless otherwise stipulated by law, you will not be charged a fee for exercising your rights under this Privacy Notice. However, if a request is manifestly unfounded or excessive, we may either charge a reasonable fee or decline to act on the request, and we will inform you of the reasons for our decision.
Your Responsibilities
- ✓It is your responsibility to ensure that the personal data we hold about you is accurate and up to date. Please notify us if your personal data changes by sharing updated details with us.
- ✓We may need to request specific information from you to help us confirm your identity and ensure your right to access information or exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.
- ✓We may also contact you to request further information in relation to your request in order to expedite our response.
Contact Us
If you wish to exercise any of your rights or have any complaints or inquiries regarding the contents of this Privacy Notice, please contact us through:
Data Privacy Office — Data Protection Officer (DPO)
Address: Canary Center, 7304 Al Sulaymaniyah District, Riyadh 122431, Kingdom of Saudi Arabia
Phone: 8003030038
Email: DPO@geidea.net
Disclaimer
- ✓This Privacy Notice is not intended to create any contractual or statutory rights, nor does it impose any obligations on Geidea toward or on behalf of any third party.
- ✓This Notice does not apply to third-party websites or services that may be accessed through our services, and Geidea shall not bear any responsibility for the content of such websites or services, or for their privacy practices or security procedures.
Intellectual property rights
All information contained on Geidea's website and mobile applications is protected by copyright and other intellectual property rights. No images, texts, or content from these channels may be distributed or copied without obtaining prior written consent from Geidea.
Privacy Notice Updates
This Privacy Notice was last updated and is effective from May 2026 and may be subject to further updates as necessary to reflect changes in privacy law, regulatory requirements, or modifications to our processing activities. Geidea will inform customers of any material changes to this Notice. We recommend that you visit our website regularly to review this Privacy Notice and stay updated on the latest changes. By continuing to use our Services after the updated version of this Notice is published, you acknowledge your acceptance of the modifications therein.
Governing Law and Dispute Resolution
This Privacy Notice is governed by the laws and regulations in force in the Kingdom of Saudi Arabia. Any dispute arising from this Notice shall be referred to the competent courts of the Kingdom of Saudi Arabia for adjudication.