bg

Privacy policy

STC Bank

Privacy Notice

 

This Privacy Notice (the “Privacy Notice”) relates to your use of the STC Bank mobile application which offers financial services and other services available at: www.stcbank.com.sa (the “App”). The App is made available to you by STC BANK, a mixed closed joint stock company incorporated and existing under the laws of the Kingdom of Saudi Arabia and registered in the commercial register in the city of Riyadh under number 1010901344 and unified

ID number 7010933328 having its place of business at 7252 King Khalid Rd – Al Asemah Dist. Ad Dir’iyah 13714 – 5260, Riyadh, Kingdom of Saudi Arabia, licensed by Councils of Ministers under decree 671 dated 12/11/1442H corresponding to 22/06/2021G, and under the oversight and supervision of Saudi Central Bank (referred to in this Privacy Notice as “STC Bank”, “we”, “us” and “our”).

We take your privacy seriously and want you to feel comfortable whenever you use the App. We process your personal data (“Personal Data”) in accordance with the Saudi Arabia Cabinet Decision No. 98/1443 On the Approval Of the Personal Data Protection Law and Royal Decree No. M148 of 05/09/1444 AH and the respective implementing regulations as amended from time to time (together the “PDPL”), the Saudi Arabian Banking Control Law dated 22.2.1386H as amended from time to time (the “Banking Law”) and the Law of Payment and its Services, promulgated by Saudi Arabic Royal Decree No. M26/1443 dated 22/3/1443H and its implementing regulations as amended from time to time (the “PSP Regulations” and jointly with the PDPL and the Banking Law the “Applicable Laws”).

 

This Privacy Notice constitutes an integral part of the App’s terms and conditions. 

 

 

1. What Personal Data we collect and for what purposes

We collect the following types of Personal Data about you:

 

 

A
  1. Purpose: 1- Downloading the App 2- Creating an account on the app
  2. Types of Data Processed: 1- full name 2- mobile number 3- national ID 4- residency cards 5- passport number 6- national address 7- date and place of birth
  3. Provided By: 1-You to us 2- YAKEEN
  4. Legal Basis: 1- Performance of a contract (between you and STC Bank) 2- Article 6(2) of the PDPL
B
  1. Purpose: 1- Creating an account 2- Conducting AML/KYC activities 3- Using the services offered via the App
  2. Types of Data Processed: 1- salary employment sector 2- cash receipt 3- cash expenditure patterns passcode 4- fingerprints and face ID
  3. Provided By: 1- You to us
  4. Legal Basis: 1- Performance of a contract (between you and STC Bank) 2- Article 6(2) of the PDPL 3- Explicit consent 4- Article 5 of the PDPL
C
  1. Purpose: 1- Applying for a debt product 2- Evaluating your credit profile 3- Conducting risk assessments 4- Assist with determining issuing amounts for debts any other product or liability
  2. Types of Data Processed: 1- SIMAH score and credit performance data
  3. Provided By: 1- You to us 2- Saudi Credit Bureau (SIMAH) and any other relevant governmental body
  4. Legal Basis: 1- Explicit consent 2- Article 5 of the PDPL
D
  1. Purpose: 1- Using the App 2- Data Analytics for improving services and enhancing user experience 3- Voice records through IVR, chatbot , email , social media
  2. Types of Data Processed: 1- transactions you carry out 2- details of any bank accounts you transact to and from the App 3- using the services offered via the App and purchasing goods or services available on the App IP 4- address localization data for the purposes of enabling browsing the App 5- fingerprints and face ID 6- process complaints, disputes and inquiries
  3. Provided By: 1- You to us
  4. Legal Basis: 1- Performance of a contract
E
  1. Purpose: 1- Marketing and/or direct sales of STC Bank’s products and/or services 2- Sending advertising material 3- Carrying out promotional activities
  2. Types of Data Processed: 1- full name 2- e-mail address 3- mobile number 4- account name on the App
  3. Provided By: 1- You to us
  4. Legal Basis: 1- Consent 2- Article 5 of the PDPL

You shall provide us only with Personal Data that are accurate, complete, up-to-date, and relevant for the purpose for which they are collected. We will take reasonable steps to ensure that your Personal Data are accurate, complete, up-to-date and relevant for the purpose for which they are collected but we will not be responsible for any inaccuracy, incompleteness, antiquity or irrelevance of the Personal Data if these are a consequence of your error or omission.

 

 

2. Mandatory and optional provision of Personal Data 

The provision of Personal Data under Section 1, letters A,B,C and D is mandatory to enable STC Bank to provide the services described therein to you. Consequently, failure to provide Personal Data for the purposes referred to in Section 1, letters A,B,C and D will make it impossible for us to carry out the activities described therein.

The provision of Personal Data under Section 1, letter E is optional and failure to provide such Personal Data will have no consequences other than make it impossible for us to carry out the activities described therein.

 

 

3. How we collect and process your Personal Data

We collect and process Personal Data only when you specifically give it to us by registering on and/or using the App or by the third parties mentioned in Section 1 above.

The Personal Data you provide will be processed in compliance with the Applicable Laws and, in any case, in such a way as to guarantee the security and confidentiality of the same, to prevent unauthorised disclosure or use, alteration or destruction. The Personal Data will be processed on paper and/or via telematic means, also with the help of electronic and information means. We will process your Personal Data in our own technological infrastructure and/or using the technological infrastructure of third-party suppliers appointed as data processors. We process Personal Data for the purposes set out in Section 1.

You may reach out to STC Bank’s DPO to the address indicated in Section 9 below for any queries related to collecting and processing your Personal Data.

 

 

4. Protecting your Personal Data

The transmission of information via the Internet is not completely secure. We will do our best to protect your Personal Data while it is in our possession, however, we cannot guarantee the security of your data transmitted online or over the App.

We recognise industry standards and employ security safeguards to protect Personal Data from unauthorised access and misuse. All information you provide to us is stored on secure servers. Any payment transactions will be protected and safeguarded by encryption.

 

 

5. Sharing your Personal Data with third parties and cross-border transfers

A)  Persons, companies, associations or professional firms that provide services and activities of assistance and consultancy to STC Bank, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;

B)  Companies that provide, on behalf of STC Bank, certain services related to the App and to the management and execution of purchase orders through the App, with particular but not exclusive reference to the analysis of Personal Data, the management of payment services, the management, shipment and delivery of products purchased on the App, marketing activities, the management of services provided through the App and their customisation in your favour;

C)  In the event of a sale, merger, liquidation, receivership or transfer of assets of STC Bank or one of our affiliated companies, to the prospective buyer of the business and their professional advisers;

D)  Companies belonging to the same corporate group as STC Bank, with particular but not exclusive reference to activities of Personal Data analysis in aggregate and anonymised form, identity management of user profiles on the App, profiling and profiled marketing in relation to users who have given their consent to these activities;

E)  Subjects to whom the right to access the Personal Data is required by law, secondary legislation, a court order or by a regulatory authority of competent jurisdiction or if we believe that such disclosure is necessary, to protect, defend or enforce our rights. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and

F)  Third party companies and clients with whom STC Bank collaborates as a business partner (e.g. for the promotion of goods and services) including those third parties assisting us in supplying our services to you or perform certain functions on our behalf, including IT support services, card management services or professional services.

The Personal Data may be communicated, exclusively for the purposes indicated in this Privacy Notice, to the categories of recipients listed above and having their registered offices in the Kingdom of Saudi Arabia and acting, as the case may be, as data processors on behalf of STC Bank or as separate data controllers, in this case providing you, under his/her own responsibility, with appropriate information.

For the purposes of providing you with our payment services, the Personal Data may also be communicated, exclusively for the purposes indicated in this Privacy Notice, to the categories of recipients listed above and having their registered offices in countries outside the Kingdom of Saudi Arabia (in this case in compliance with the provisions of the Applicable Laws regarding data transfers and acting as data processors on behalf of STC Bank or as autonomous data controllers).

Your Personal Data will be stored on the servers available to STC Bank or to the persons in charge located in Kingdom of Saudi Arabia. Should it become necessary for technical and/or operational reasons to use subjects located outside the Kingdom of Saudi Arabia, or should it become necessary to transfer some of the collected Personal Data to technical systems and services managed in the cloud and located outside the Kingdom of Saudi Arabia. We ensure that appropriate safeguards, such as standard contractual clauses and valid contract is signed with the processor, are in place to protect your data.

This Privacy Notice only applies to Personal Data collected on the App. Although the App may provide links to websites of third parties, such as banks, this Privacy Notice does not apply to any other application or website that you connect to from the App. We are not responsible for the content or practices of applications and websites operated by third parties that are linked to or from the App and you should refer to the relevant privacy policies issued by such third parties.

 

 

6. Underage users and users lacking legal capacity

STC Bank encourages parents to monitor their children’s use of the Internet for safe and filtered use of its content, including through the use of parental control tools. Besides ensuring an online environment suitable for minors, these tools can prevent the disclosure of personal data by children or young people who do not have their parents’ consent. With regard to the collection and processing of personal data, STC Bank does not process personal data of subjects under 15 years of age. Creating an account on the App is, therefore, only permitted to users who have reached the age of majority or to users who are at least 15 years old. STC Bank, moreover, encourages the creation of an account on the App of parents of registered users who are minors: in this way, parents have the opportunity to keep abreast of the initiatives that STC Bank makes available to their children, and to check their compliance with their own expectations and educational models and paths. STC Bank urges all users who are under the age of 15 not to communicate their personal data, under any circumstance, and reserves the right to exclude from the App any user who has concealed their under-age or who has communicated their personal data despite being aged less than 15.

Legal guardians of subjects under 15 years of age or of subjects lacking legal capacity shall exercise data subjects’ rights set out in the Applicable Laws and this Privacy Notice on their behalf.

 

 

7. Data retention period

The Personal Data collected for the processing purpose indicated in Section 1 above shall be retained for the time necessary for the pursuit of such purposes and thereafter, and in any case for the permitted time under the Applicable Law from the achievement of the respective purposes as required by the Applicable Laws, except in case of extraordinary necessity of STC Bank to keep the Personal Data further in order to defend its rights, also in relation to disputes existing at the time of the request or upon indication of public authorities or as otherwise permitted by the Applicable Laws.

The Personal Data collected for the processing purpose indicated in Section 1 letter E above shall be retained until the withdrawal of the relevant consent or until you expressly request the deletion of such Personal Data, and in any case for the permitted time under the Applicable Law from the last purchase made, except in case of extraordinary necessity of STC Bank to keep the Personal Data further in order to defend its rights, also in relation to disputes existing at the time of the request or upon indication of public authorities or as otherwise permitted by the Applicable Laws.

 

 

8. Changes to this Privacy Notice

Any changes we may make to this Privacy Notice in the future will be posted on the App and, where appropriate, notified to you. By continuing to use the App you will be deemed to accept the changes to this Privacy Notice

 

 

 

9. Contact

Your personal data processing controller is STC Bank. You can contact STC Bank at any time by mail or e-mail at DPO@stcbank.com.sa. If you have any questions regarding this Privacy Notice, please include it in the email subject to enable our DPO to contact you.

STC Bank has appointed its own Data Protection Officer (also known as the “DPO“), who may be contacted for matters relating to the processing of your data. By writing to DPO@stcbank.com.sa you may also exercise the rights indicated under Section 10 below.

 

 

10. Your rights

Unless otherwise permitted by the Applicable Laws, we hereby remind you that you have the following rights:

  • to the extent that consent was given for any processing of Personal Data, the right to withdraw your consent at any time by selecting the appropriate option in the App or sending an e-mail to our contacts above;
  • the right to obtain information in relation to the purposes and legal basis for which your Personal Data is processed;
  • the right to obtain correction of inaccurate, incomplete and/or outdated Personal Data relating to you;
  • the right to obtain that the Personal Data concerning you is only kept without any other use of the Personal Data in the following cases: (a) you contest the accuracy of the Personal Data, for the period necessary to allow us to verify the accuracy of such Personal Data; (b) the Personal Data is necessary for the establishment, exercise or defence of legal claims; and (c) you object to the processing and are awaiting verification as to whether the legitimate grounds of the data controller for processing prevail over those of the data subject;
  • the right to obtain the cessation of processing in cases where your Personal Data is processed for marketing purposes; and
  • the right to receive in a readable and clear format, a copy of the Personal Data provided to STC Bank.

Should you reckon that your Personal Data is being processed unlawfully, you may file a complaint with the relevant data protection authority. Please note that in the Kingdom of Saudi Arabia you have the right to turn to the national authority (SDAIA/ NDMO) to assert your rights in relation to the processing of your Personal Data.

Furthermore, by writing to the address DPO@stcbank.com.sa you may exercise the rights set forth under this Section.