العربيةEnglish

Privacy

At Mala’a we take privacy and data security very seriously. We believe in our users’ right of privacy; this includes the right to know what data is collected and for what use. We also believe in the user’s right of controlling the data and removing it at any time. We make our best effort to ensure the security and transparency of the methods with which we process your data and how we ensure it is kept secure and confidential. We value your privacy and will never sell or share your personal information to anyone.

Privacy Notice

Last modified: 14th September 2024

Description

This policy outlines Mala’a’s methodology and processes to collect, process and store end user data in a consistent method across the company. Our privacy policy is aligned with the principles and standards of international standards and compliant with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) and regulations issued by NDMO (the regulatory arm of SDAIA) and compliant with SAMA’s regulations and SAMA’s Cybersecurity framework and the Capital Market Authority Institutions Regulations.

Introduction

Mala’a and/or its affiliates (“Mala’a”, “we”, “us” and/or “our”) 1) Mala’a Information Technology Company is an established company under the Saudi Companies Law with a commercial registration number (1010594631) and an address (Doble Two Center 3087 Anas Bin Malik Alnarjas Riyadh 13323 Saudi Arabia). It operates in the field of financial technology and open banking, under the supervision of the Saudi Central Bank's regulatory sandbox. 2) Mala’a Financial Technology Company in the field of securities is an established company under the Saudi Companies Law with a commercial registration number (1010833421) and an address (Doble Two Center 3087 Anas Bin Malik Alnarjas Riyadh 13323 Saudi Arabia). It provides robo-advisory services under the supervision of the Financial Technology Lab of the Capital Market Authority.

Mala’a offer a financial planner product, financial planning software and services, investment and investment advisory services, and may offer additional products and services in the future (collectively, the “Services”), through Mala’a’s website, www.malaa.tech (“Site”) and our mobile applications (“App”). This Privacy Policy describes the information that is collected and how Mala’a treats your personal information when you use or evaluate our Site, App and/or Services.

For the purposes of this Privacy Policy, a “User” is an individual who creates an account on our Site or App to use our free financial planning software and/or open an investment account and/or to understand or evaluate our Services. Our Privacy Policy, Terms and Conditions, collectively govern your use or evaluation of our Site, App, and Services.

Information Collection

The categories of information we collect depend on whether you are a current or a former User. Examples of instances when we collect Personal Information include:

  • when you register to open an account as a User.
  • when you contact our client service organization with questions, or
  • when you connect your bank account(s) with us
  • when you go through our Know Your Customer (KYC) process
  • when you open an investment account(s) with us
  • When visiting the website

Wherever Mala’a collects Personal Information, we endeavor to provide a link to this Privacy Policy and other relevant terms.

Information we collect from users

  • name, e-mail address, telephone number, zip code, Internet Protocol address, birth date and location;
  • Income information and other financial planning associated with those accounts you choose to link to our Services, any challenge and/or security questions associated with those accounts and any information contained in those accounts. Note: The section labeled “Information we collect when acting as a user’s authorized agent” provides additional details regarding how we use and protect this information alongside Mala’a’s internal data operations processes in compliance with the KSA management and data protection framework and regulation.

We collect Personal Information from Users, including but not limited to the above.

Information we collect when acting as a user’s authorized agent

Many Mala’a users choose to aggregate information from accounts at other financial institutions onto their dashboard on our Site or in our App, although you are not required to do so. In enabling this functionality, Mala’a retrieves the User account information maintained by such third-party financial institutions with which the User or Client has an existing customer relationship (“Account Information”), as described in this section.

By linking your accounts, you provide Mala’a access to your Account Information, which may include prior and current account balances, your transaction history, and holdings from these linked financial institutions, as per the scope agreed upon at the time of authorization. Portions of this information will be displayed on your Mala’a dashboard. Mala’a may use the Account Information we receive to formulate your financial projections and the required analytics to provide wealth management services in connection with purposes consistent with this Privacy Policy and the Services we provide to you.

Mala’a may also use aggregated Account Information from our Users for purposes of deciding which products and services to build in the future.

By choosing to use our Services to aggregate and analyze your Account Information, you expressly authorize and direct Mala’a, on your behalf, to electronically retrieve all Account Information associated with or available via consent that you create through the financial institution’s portal to link your account, and to periodically refresh your consent to this retrieved Account Information for so long as the link remains active in alignment with the open banking guidelines issued by the Saudi Central Bank. Mala’a does not have access to the login credentials such as the username and password used to link your third-party accounts. Any Account Information that Mala’a has access to is read-only. If you choose to remove or revoke a link to an account with a third-party institution you have previously linked, we will not retrieve any new Account Information for that account unless you re-link that account in the future.

Information regarding children

Due to the nature of our business, our Services are not made available to minors. Except for beneficiary information as described above, Mala’a does not knowingly solicit Personal Information directly from or about persons under the age of 18. If you are under the age of 18, please do not submit any Personal Information to Mala’a. If a parent or guardian becomes aware that his or her child under the age of 18 has directly provided us with Personal Information without his or her consent, he or she should contact us at compliance@malaa.tech and we will delete such information from our files unless regulatory obligations prevent us from doing so.

Other ways we collect information

Other means by which we collect Personal Information include the following:

  • Automatic Data Collection. We may collect certain information when you use our Services, including your IP address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, and information about how you use the Services.
  • Anonymized or Aggregated Information. Mala’a’s Site and App record certain anonymized or aggregated information about your use or evaluation of our Services, used for functions including the measurement of Users’ interest in various portions or features of the Site and App.
  • Cookies and Pixels. Mala’a uses cookies, a small piece of computer code that enables our Web servers to “identify” Users each time they initiate a session on our Site. Cookies do not store any Personal Information; they are simply identifiers. You may delete cookie files at any time through your browser settings.
  • Pixel Tags. Along with cookies, we may use “pixel tags” (also known as “web beacons”), small graphic files that allow us to monitor the use of our Sites.
  • Site and App Activity. Mala’a may also use third-party tracking technology, such as Google Analytics, to record similar information regarding you and your activity on our Site and App.
  • “Do Not Track” Technology. We do not collect Personal Information about your online activities over time and across different websites or online services. Therefore, our Site does not respond to Do Not Track (“DNT”) signals.
  • Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include Personal Information.

How we use information

No renting, selling or trading out list: We will never rent, sell or trade your personal information to anyone. Ever.

User personal information: We use your Personal Information for a variety of business purposes, such as to help you evaluate our Services, offer you new products or services, enhance our Services, and for research and internal analysis.

Identity verification: We use third-party vendors to verify your identity as part of the regulatory requirement to verify our user’s identity. We may access your personal information with the National Information Center.

Cross-device tracking: Your browsing activity may be tracked across different websites and different devices or apps. To do this, we may analyze your browsing patterns, geo-location and device identifiers to match the information of the browser and devices that appear to be used by the same person.

Social media and links to other websites and applications: This Privacy Policy and these terms apply only to Mala’a operated Services and applications. Our Site and Apps may contain links to other websites that are not operated or controlled by Mala’a. We encourage you to review the privacy policy of any company or website before submitting your Personal Information.

Information sharing and onward transfer

We will not share or disclose our Personal Information (current or former User) to any nonaffiliated third-parties except:

  • To protect ourselves or others. We may share your Personal Information as required by law, such as when we reasonably believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the personal safety of any person.
  • Disclosure in the event of merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, purchase or sale of assets, or transition of service to another provider, your Personal Information may be transferred as part of such a transaction.
  • Service providers. We may share your Personal Information with non-affiliated third-party service providers for the provision of the Services, which includes but is not limited to: mailing information; data processing and storage; identification and verification of fraud detection; customer support; and marketing.

Data subject rights

Mala’a provides you with several self-service features to assist in complying with its obligations under the Personal Data Protection Law with respect to responding to requests from data subjects at no additional cost. You have the following rights:

  • Access: the right to ask us to provide you with copies of your personal information, verify its accuracy and update it as necessary in accordance with the applicable laws.
  • Anonymization: the right to request anonymization of your personal information.
  • Complaints: the right to file a complaint to the designated data authority if you believe that your data protection rights may have been breached.
  • Withdraw consent: when personal information is processed on a consent basis, you may withdraw consent at any time. To stop receiving marketing material, you can unsubscribe through the unsubscribe option included in all marketing emails or contact us on the details below.

Choices of opting-out

You may decline to provide Personal Information to Mala’a. Declining to provide Personal Information may disqualify you from using Mala’a Services, Site, and App features that require certain Personal Information.

Opting-out – Obtaining and withdrawing consent

Where you have consented to Mala’a’s use of your Personal Information, you may withdraw that consent (revoke consent) at any time and opt-out by contacting us by email indicated under the “Contacting us” section below. Users cannot opt-out of providing Mala’a Personal Information and continue to use the Services. Users must close their account(s) in order to opt-out of further providing us with Personal Information. Even if you opt-out, we may still collect and use non-personal information regarding your activities on our Services and for other legal and regulatory purposes as described above.

Email and SMS communications

Mala’a may use your Personal Information to communicate with you regarding our Services or to tell you about blog posts or Services that we believe will be of interest to you. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the “unsubscribe” instructions provided in the communications or contact us at compliance@malaa.tech. Please note that you cannot opt-out of administrative communications such as regulatory, billing or service notifications, or updates to our Terms or this Privacy Policy.

Mobile devices

We may send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.

Data Protection and Safeguards

Mala’a, along with its external service providers who are relied upon for delivering services and processing personal information, are committed to adhering to the highest standards of cybersecurity and governance, alongside technical, administrative, and financial competencies to provide an infrastructure of systems, networks, and databases designed to protect the aforementioned information from leaks or misuse.

Despite all necessary precautions and safeguards, no technical infrastructure, transmission, or electronic storage method is 100% secure. Therefore, we cannot guarantee the absolute security of your personal data. Your role as a user is critical in ensuring security by not sharing your passwords or verification codes with any other party, including the Mala’a team. Any actions taken on your account using your verification codes will be treated as originating from you. As a user, you agree to notify us immediately of any unauthorized use of your account or any threat to information security.

Customer Rights Regarding Personal Data

Under the Personal Data Protection Law, the customer has the following rights, which primarily depend on the purpose of collecting and processing the personal data:

  • Right to Obtain Information: the customer has the right to obtain information related to the collection of personal data, the legal basis for collecting and processing it, how the data is collected, stored, and destroyed, and the parties to whom this data may be disclosed.
  • Right to Access Personal Data: the customer has the right to request access to their personal data held by Mala’a in a readable and clear format, provided it is technically feasible through the Mala’a systems.
  • Right to Request Correction of Personal Data: the customer has the right to request correction of their personal data if they believe it is inaccurate, incorrect, or incomplete. This data will be reviewed and updated within thirty (30) days, extendable as permitted by law.
  • Right to Request Deletion of Personal Data: under certain circumstances, the customer has the right to request the deletion of their personal data.
  • Right to Withdraw Consent for Data Processing: the customer has the right to withdraw their consent to the processing of their personal data at any time, unless there are legal grounds requiring otherwise.

For more details regarding personal data processing and exercising the rights mentioned above, the customer can contact the Mala’a Data Protection Officer via the following email: data.privacy@malaa.tech.

Delete Account

You will not be able to open your account again, and your data will not be able to be retrieved after completing the deletion process. Therefore, we recommend that you think carefully before starting the deletion procedures. When opening a new account using the same ID linked to the deleted account, you must contact the Compliance Department at compliance@malaa.tech

Steps to delete your account:

  • Open the Mala’a app
  • Tap on the "Account" icon from the main menu
  • Tap on "Personal Account"
  • Tap on "Delete My Account"

Data that will be deleted: All data you have entered in the app will be deleted, including personal information and data you have shared through open banking.

How long we keep your data

We only retain your Personal Information for as long as reasonably necessary to fulfill the purposes we collected it for, including retaining your data to satisfy any legal, regulatory, tax, accounting or reporting requirements. On certain occasions, we may retain your Personal Information for a longer period, and even after you stop using our Services, in order to:

  • Respond to inquiries and complaints
  • Comply with laws and regulations

Changes to this Privacy Policy

We may update this Privacy Policy from time to time as we deem necessary at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law.

Mala’a encourages you to review this Privacy Policy periodically to be informed regarding how we are using and protecting your information and to be aware of any policy changes. Your continued relationship with Mala’a after the posting or notice of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. This document constitutes Mala’a’s complete Privacy Policy for Mala’a and its affiliates and the Services, Site and App.

Contact Us

If after reviewing this Privacy Policy, you would like to submit a request, opt-out or you have any questions or privacy concerns, please contact us by email at support@malaa.tech.