1. Who We Are
The Saudi Financial Support Services Company – SANID, a Closed Joint Stock Company registered in the Kingdom of Saudi Arabia, Commercial Registration No. (1010059195), Unified Number (920010252) (hereinafter referred to as “SANID” or “the Company” or “we”), is a leading Saudi provider of comprehensive financial solutions and services.
Our offerings include – but are not limited to – point-of-sale (POS) devices, ATM management, e-commerce solutions, cash center management and operations, prepaid cards, cash recycling machines, and self-service devices, serving banks, financial institutions, and corporate clients across the Kingdom of Saudi Arabia.
The Company is regulated and supervised by the Saudi Central Bank (SAMA) and the Ministry of Interior and is fully committed to complying with all applicable laws and regulations.
2. Purpose of the Notice
This Privacy Notice (“Notice”) explains how SANID collects, processes, uses, stores, and protects your personal data, as well as the legal bases for processing, your legal rights, and how to exercise them.
This Notice has been prepared in accordance with the Personal Data Protection Law (PDPL), its implementing regulations, and all other applicable laws and regulations in force in the Kingdom of Saudi Arabia.
3. Definitions
| No. | Term | Definition |
|---|---|---|
| 1 | Personal Data | Any data, regardless of its source or form, that would lead to identifying a person directly or indirectly, including: name, ID number, address, contact number, photographs, or any other identifying data. |
| 2 | Sensitive Data | Personal data revealing an individual’s racial or tribal origin, religious, intellectual, or political beliefs, health or genetic data, banking or credit data, location data, or criminal record. |
| 3 | Processing | Any operation performed on personal data, whether manual or automated, such as collection, recording, storage, use, disclosure, alteration, or destruction. |
| 4 | Data Controller | The entity that determines the purpose of collecting personal data and the method of processing it, whether a natural or legal person. |
| 5 | Data Processor | The entity that processes personal data on behalf of the Data Controller and according to its instructions, whether a natural or legal person. |
| 6 | Consent | The explicit permission given by the Data Subject – by any reliable means – for the processing of their personal data for a specific purpose. |
| 7 | Data Subject | The individual to whom the personal data relates and who is either identified or identifiable. |
| 8 | Personal Data Breach | Any incident leading to unauthorized access to, disclosure, destruction, or alteration of personal data without legal authorization. |
| 9 | Disclosure | Enabling a person or entity to access, reveal, send, or transfer personal data by any means. |
| 10 | Storage | The retention of personal data in any medium that allows retrieval or future access. |
4. Legal Bases for Processing
The Company relies on one or more of the following legal bases for collecting and processing your personal data:
Contractual necessity for the performance of agreed services or obligations.
Legitimate interest that does not conflict with your legal rights.
Direct benefit that provides tangible advantage to you.
Legal obligation under applicable laws and regulations.
Explicit consent, in cases where required by law.
5. Types of Personal Data Collected
This may include, but is not limited to:
Identity Data: Full name, National ID/Iqama, date of birth, nationality.
Contact Data: Phone number, email address, national address.
Financial Data: Account and transaction details.
Compliance Data: Documents required to meet regulatory obligations.
Technical Data: IP addresses, cookies data, electronic access logs.
6. Methods of Data Collection
Directly from the customer or their legal representative.
Through digital channels or approved applications.
From public records, official authorities, or legally authorized third parties.
7. Data Retention and Destruction
Personal data is retained for the period necessary to fulfill the purposes for which it was collected or as required by applicable laws.
Data is securely destroyed or anonymized using approved methods once the purpose or retention period expires.
8. Data Protection
SANID applies strict organizational and technical controls, including encryption, access restrictions, periodic audits, and employee training, to safeguard personal data against unauthorized access or processing.
9. Data Sharing
SANID may share your personal data, to the extent necessary, with:
Regulatory and official authorities.
Approved service providers under contractual agreements.
Other parties under a legal basis or legitimate interest.
Entities inside and outside the Kingdom, provided an adequate protection level is ensured or in accordance with adequacy decisions issued by the Saudi Data & AI Authority (SDAIA).
10. Your Rights
Under the PDPL, you have the right to:
Be informed about the purposes and legal bases for collecting and processing your data.
Access your data and obtain a copy.
Request correction, update, or deletion of your data.
Withdraw consent, where legally permissible.
File complaints and seek compensation for proven damages.
11. Complaints
You may file complaints or objections through:
The official website: www.sanid.sa
Email: info@sanid.sa
Other approved customer service channels.
12. Updates to the Privacy Notice
SANID reserves the right to amend or update this Notice from time to time in line with legal requirements and best practices. In the event of material changes, you will be notified through approved channels, and your consent may be requested where required by law.
