This is the Privacy Policy content in English for UAE.
This Privacy Policy has been prepared in accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia and the guidelines of the Saudi Data & AI Authority (SDAIA). This policy aims to clarify the data collected from you, the reason for its collection, and how it is processed and protected throughout its retention by Geidea.
This privacy notice applies to all sectors and business units in the Company. All Company staff, contractors, and vendors working either on a permanent or temporary basis are obliged to follow the outlined standards.
You can contact us via various available channels, using the contact details provided in this policy.
Geidea Co for Technology: Geidea Co for Technology is a company incorporated and organized under the laws of the Kingdom of Saudi Arabia, with its registered address at Canary Center 7304, Al-Sulaimaniyah Dist., Riyadh 122431, Kingdom of Saudi Arabia, established under Commercial Registration No. 1010332533 on 26/04/1433H. It will be referred to hereinafter as ("Geidea", "we", "our", or "us").
Commercial Registration No.: 1010332533
National Address: RHSB7304
In order to provide our customers with excellence in our services, it is necessary for Geidea to collect their Personal Data. Below is a non-exhaustive list of some Personal Data the company may use:
We may collect personal data directly from you in different ways, including:
In accordance with the Personal Data Protection Law, the legal basis on which we rely in processing such data is as follows:
Your explicit consent is one legal basis we rely on. You can withdraw your consent at any time without affecting processing operations carried out based on other legal bases. To do so, you can reach the Data Management Office at Geidea using the contact details provided in this policy.
Contractual: To fulfil our service obligations to you.
Legal Obligation: To comply with government requirements, including but not limited to national security and protection of public health.
Legitimate Interest and Consent:
Public Interest: For processing based on regulatory entities' requests or for public interest purposes. In addition, Geidea may work with other entities to ensure quality of service is provided; where your personal data is disclosed to these entities, it is restricted to the purposes specified in this privacy notice for which you have provided consent.
Geidea ensures data is deleted once it is no longer necessary and avoids collecting third-party personal data unless required by law.
Geidea always maintains the privacy and confidentiality of all personal data collected. Such data may only be disclosed or shared when approved and required by law, or when we believe such action is necessary or desirable to provide products and services or technical support. Geidea does not rent, sell, exchange, or transfer your personal data to third parties outside of Geidea or partner companies without your permission, unless it is collected without identifiers on an aggregated basis for analytical purposes, studies, or reports, with adherence to personal data protection regulations in the Kingdom of Saudi Arabia. We may also share information with trusted third parties who assist in operating our website, conducting our business, or providing services to you, provided they commit to maintaining confidentiality. Geidea will not disclose your personal data without your consent except under the following circumstances, where the entity requesting disclosure is a public entity and the data will be shared in strict accordance with the controls and procedures set out in the Personal Data Protection Law of the Kingdom of Saudi Arabia:
Your Personal Data will be stored for as long as necessary to fulfil the purpose for which it was collected, unless required to be kept longer for compliance with another law, a legal purpose (e.g. to fulfil a judicial/court order), or by a regulatory authority's rules and regulations to which the company must comply. When stored, Geidea takes all reasonable steps to protect your Personal Data against misuse, loss, unauthorized access, modification or disclosure. Archival of Personal Data is done in a secure environment and subject to company internal best practice and restrictions to protect it. Destruction of your Personal Data is done using secure methods that prevent access or retrieval: digital data is destroyed using secure deletion techniques (multiple overwrites, or encryption followed by deletion of the encryption key), and paper documents are shredded so they cannot be reassembled or read.
We may need to transfer personal information about you to other companies in the Group or third parties located in KSA. If we send personal information about you outside KSA, we will make sure that such transfer is permitted by law and that your personal information is adequately protected as required by applicable law, which may include entering into a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) with the relevant parties. Except for cases of extreme necessity to preserve the life or health of an individual or their vital interests, Geidea may not transfer personal data outside the Kingdom or disclose it to a party outside the Kingdom, unless this is in implementation of an obligation under a convention to which the Kingdom is a party, or to serve the interests of the Kingdom.
In case of submitting a request to exercise your rights, you will receive a response within 30 days of the request receiving date. Geidea reserves the right to extend this timeframe if the request requires unexpected or extraordinary efforts or if multiple requests are received from the same data subject; this extension shall not exceed an additional thirty days, and Geidea will notify the data subject in advance about the extension and the reasons for it.
Unless otherwise stipulated by law, you will not be required to pay any fees in return for exercising your rights regarding your personal data.
If you have a request regarding your personal data or wish to exercise any of your rights — such as obtaining a copy of your data, modifying/correcting it, requesting its destruction, or withdrawing previously given consent — you can contact us through the channels below, or fill out the Service Form and send it to the Data Management Office. Our specialized team will handle your request and update you with the results.
Data Management Office / Personal Data Protection Officer
Address: Riyadh - Al Sulaimaniyah Dist. - Prince Abdul Aziz Bin Musaid Bin Jalawi - Canary Center - Geidea Co - Data Management Office
Phone: 011 465 2881
Email: gdmo@geidea.net
Effective Date: 14 Sep 2024. Please be aware that this Privacy Notice will be updated from time to time to recognize any changes in privacy law or modifications to regulations the Group must comply with.
This Privacy Policy has been prepared in accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia and the guidelines of the Saudi Data & AI Authority (SDAIA). If you have concerns or feel we are not complying with the Personal Data Protection Law, you can submit a complaint to the Geidea Data Management Office. If you are not satisfied with our handling of the complaint, or if we do not respond within 30 business days from the date of receiving it, you can escalate it to the Saudi Central Bank (SAMA), Riyadh, Kingdom of Saudi Arabia (https://sama.gov.sa/), or via the National DG Platform (https://dgp.sdaia.gov.sa/).