Data Privacy Notice

Introduction

At SALAMA Cooperative Insurance Company we are committed to protecting the privacy and security of your Personal Data. This Privacy Notice explains how we collect, use, share, and safeguard your Personal Data in accordance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL). It also details your rights under the PDPL and how you can exercise them.

About Us

Salama Cooperative Insurance Company (formerly Saudi IAIC Cooperative Insurance Co.) is a Saudi Joint Stock Company established by Royal Decree No. M/60 Issued on 18/09/1427H corresponding to 11/10/2006G. The history of the company in fact dates back to 1979 with the registration of Islamic Arab Insurance Company (Salama) in UAE, Salama Cooperative Insurance Co is one of the largest Takaful and Retakaful players in the MENA region and considered pioneer in Shariah Compliant Insurance. Salama Saudi is one of the first cooperative insurance companies licensed under the Cooperative Insurance Regulations. The Company is well-known for the quality of service and the security it provides to its valued customers.

You can contact us via various available channels, using the below contact details.

Contact Details

  • Involved Department/Team: Customer Care
  • Address: Jeddah (7864), Salama Tower, 12th floor, Al Madina Road
  • Phone Number: 920023355 | 8002440002
  • E-mail: customer.care@salama.com.sa
  • License or Commercial Register: 4030169661
Last updated on

Privacy Notice was last updated on 15/9/2024

What personal data is collected?

We collect various types of Personal Data depending on your interaction with us to provide our services, meet regulatory requirements, and improve customer experiences. The categories of Personal Data we collect include, but are not limited to:

  • Identification Data:Full name, date of birth, nationality, marital status, gender, national or iqama ID number, passport number.
  • Contact Data: Email address, phone number, national address.
  • Insurance Policy Specific Data:Vehicle registration information, photos and videos related to accidents, driving license, medical data, medical history, dependent information.
  • Financial and Credit Data:Bank details, IBAN, Bank Card Number, credit history.
  • Employment Data:Employer information, employment history.
  • Technical Data:IP address, browser type, operating system, device identifiers.
  • Behavioral Data:Website usage data, cookies, preferences, interaction history.
  • Other Relevant Data:Sponsor name, company authorization certificate, bank authorization certificate, VAT certificate, commercial registration certificate.

We ensure that the Personal Data collected is relevant, adequate, and limited to what is necessary for the purposes for which it is processed, in compliance with the principle of data minimization.

How we collect your Personal Data?

We collect your Personal Data in the following ways:

  • Direct Collection: Personal Data is collected when you interact with us directly (e.g., applying for a policy, communicating with customer service, or using our online services). You may also provide data when subscribing to our updates, participating in surveys, or responding to marketing invitations. Information collected directly includes, but is not limited to, name, contact details, and travel destination..
  • Contact Data: Email address, phone number, national address.
  • Automated Collection: We collect certain information automatically when you visit our website or use our mobile applications, including technical data such as IP address, operating system, and browsing behavior, using cookies and other similar technologies. You may manage or disable cookies through your browser settings. Refusal to provide such information will not affect your ability to visit or use our website or applications.
  • Third-Party Sources: We may collect Personal Data from third parties such as:
    • Brokers
    • SIMAH
    • Najm
    • ELM
    • Wathq
    • Employers
    • Healthcare providers, medical regulators
    • Credit reference and fraud prevention agencies
    • Public sector bodies and regulatory organizations
    • Public data sources
  • Publicly Available Information: We may process data available from public sources, such as government directories or social media platforms, in compliance with legal and regulatory requirements.
  • Minor/ persons lacking legal capacity Personal Data: We pay particular attention while collection of minors/ persons lacking legal capacity Personal Data. We have no intention to collect any minors Personal Data, unless it is consented by their Legal guardians, and it is necessary for the products or services offered to the minors. In the case where we Collect Personal Data of a minor under the age of 18 through our website or other channels, the purpose would solely be to directly respond to his/her request without using their Personal Data for any other purposes. The minor’s data won’t be processed without notifying the minor’s guardian of the request.

We ensure that any Personal Data obtained from third-party sources is collected lawfully and with appropriate safeguards, ensuring no negative impact on your privacy rights.

What is the Purpose of Collection?

We only use Personal Data for the purpose it was collected for. We process your Personal Data for the following purposes.

Data Category Purpose of Collection
Identification Data To verify your identity, fulfill performance of contract, and comply with KYC regulations.
Contact Data To communicate with you, provide service updates, and send notifications.
Insurance Policy Specific Data To provide you our services and products, evaluate your claims.
Credit and Financial Data To assess your eligibility for our insurance products and services. And to process payments, assess credit profile, and comply with financial regulations.
Employment Data To evaluate your eligibility for policy and verify your employment status.
Technical Data To improve website functionality, enhance user experience, and ensure security.
Behavioral Data To analyze user behavior, personalize content, and tailor marketing communications based on your preferences.
Other Relevant Data To evaluate your eligibility for policy and claims.
Legal Basis for Collecting and Processing Your Personal Data

We ensure that your Personal Data is processed fairly, lawfully, and transparently under any legal or lawful basis in compliance with the KSA Personal Data Protection Law (PDPL).

  • Contractual Basis: We process your data where processing is necessary for delivering and managing the insurance services agreed upon between us and you, for example carrying out risk assessments before underwriting a policy.
  • Legal Basis: To adhere to the rules and regulations in the Kingdom of Saudi Arabia, issued by the Saudi Data and Artificial Intelligence Authority and any legal obligations mandated by the regulatory authorities (such as Saudi Central Bank “SAMA”, Insurance Authority "IA", Council of Health Insurance "CCHI") that oversee our operations within the Kingdom of Saudi Arabia, and governed in all respects by the Laws of the Kingdom of Saudi Arabia.
  • Legitimate Interest: When the processing is essential for the legitimate interests for us, without infringing upon the rights and interests of you, and provided that no sensitive data is processed. For example, protecting against fraud through identity and fraud detection tools/vendors.
  • Consent Based: When you give explicit consent for your personal data to be processed, or guardian consent in case of children or persons lacking their legal capacity. For example, to receive our marketing communications about available offers and services, process children’s medical policy.
  • Vital Interest: To serve the actual interest of you in case communicating with you is impossible or difficult, for example, disclosing medical details of the employee with his employer who got very ill at work (e.g., heart attack).
How We Use Your Personal Data?

We use your Personal Data for the purposes outlined in section 4 of this Privacy Notice. If we use your data for purposes other than those stated or agreed upon, we will seek your consent unless otherwise permitted by applicable laws and regulations.

How We Use Cookies and Other Technologies

We use cookies and other technologies to enhance your experience on our website. Cookies help us understand how you interact with our site, which allows us to improve functionality and personalize your experience. You can manage your cookie preferences through your browser settings.

How We Disclose Your Personal Data?

For the purposes outlined above, we may share your Personal Data with:

  • Service Providers: Third-party service providers who assist with IT, medical insurance services, payment processing, and customer support.
  • Your Employers and Banks: For verification purposes.
  • Regulatory Authorities: To comply with legal obligations or respond to lawful requests.
  • Reinsurers: For the reinsurance with our reinsurers.

If Personal Data is transferred outside the Kingdom of Saudi Arabia, appropriate safeguards (e.g., encryption) will be applied, and we will obtain your explicit consent when required by law. We ensure that any third-party recipients comply with our privacy notice and legal obligations.

How We Store Your Personal Data

Personal Data is stored on servers within the Kingdom of Saudi Arabia and governed by appropriate security measures. We retain your data only as long as necessary for the purposes for which it was collected or as required by law. After the retention period, data will be securely deleted or anonymized in line with our data retention policy.

Your Rights Regarding Processing of Your Personal Data

Under the KSA PDPL, you have the following rights about your Personal Data:

  • Right to be informed: You have the right to be informed about how your Personal Data is processed, the lawful basis, and the purpose of collection and processing.
  • Right of access to Personal Data: You have the right to have access to your Personal Data collected and processed by SALAMA.
  • Right to request access to Personal Data: You have the right to request a copy of your Personal Data in a clear, structured, and readable format.
  • Right to request correction of Personal Data: You have the right to request correction, completion, or updating of your Personal Data collected and processed by SALAMA.
  • Right to request destruction of Personal Data: You have the right to request destruction of your Personal Data collected and processed by SALAMA if it is no longer needed for the purpose for which it was originally collected.
  • Right to withdraw consent for Personal Data: You have the right to withdraw your consent to the processing of your personal data by SALAMA at any time, except if there are legitimate purposes that require otherwise.

To exercise any of these rights, please fill the subject rights form you can download it from here and share it with us by contacting our Data Privacy Office (DPO) at DPO@salama.com.sa. We will respond, assess, and process your requests related to access, correction, or deletion, within 30 days. We will do this without delay and keep a record of all such requests. In some situations, we may need to extend this period by additional days, depending on the request's specifics. If this happens, we will let you know about the extension and explain why we need more time.

There may be specific situations where we cannot fulfill your request, such as when processing is necessary for a legal obligation, performance of a contract, or other legitimate interests. In such cases, we will inform you of the reasons for the denial of your request.

How We Protect Your Personal Data?

We implement strict physical, electronic, and organizational measures to secure your Personal Data against unauthorized access, loss, or damage. This includes role-based access control, confidentiality agreements with staff, and regular training. In the event of a personal data breach, we have procedures in place to mitigate any damage and notify you and the authorities when required by law.

Contact Our Personal Data Protection Officer

Contact Details: DPO@salama.com.sa

Office Address: Jeddah (7864), Salama Tower, 12th floor, Al Madina Road

Complaint or Objection Filing Method

If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint to Customer Service or DPO using one of the customer.care@salama.com.sa OR DPO@salama.com.sa. If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority SDAIA.