Privacy Policy 

  1. Introduction:

Our Commitment: Noon Hakbah Information Technology Company (hereinafter referred to as “Hakbah,” “We,” or “the Company”) is profoundly committed to safeguarding the privacy of its customers’ data (referred to herein as “You” or “the User”) and to upholding their rights pertaining to their personal data in strict accordance with the provisions of the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443H and its Implementing Regulations (hereinafter, “the Law”). This Policy (hereinafter, “Privacy Policy”) meticulously outlines how we collect, utilize, share, protect, and store your personal data when you use the Hakbah platform and application (“Platform”) and its associated services (“Services”).

Scope: This Policy applies to all personal data that we process for users of our Services within the Kingdom of Saudi Arabia.

Data Controller: Noon Hakbah Information Technology Company is deemed the Data Controller responsible for determining the purpose and means of processing your personal data under this Policy. Our registered address is [Insert the Company’s Registered Address Here for Legal Accuracy].

Consent: By utilizing our Services and by providing your explicit consent to our Terms and Conditions, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. This Policy constitutes an integral and indispensable part of Hakbah’s General Terms and Conditions.

  1. Key Definitions:

In addition to the definitions set forth in Hakbah’s General Terms and Conditions, the following privacy-specific definitions shall apply:

  • “Personal Data”: Any statement or piece of data—irrespective of its source or form—that, in particular, leads to the identification of an individual, or makes their identification directly or indirectly possible.
  • “Sensitive Data”: Personal data that includes references to an individual’s ethnic or tribal origin, religious, intellectual, or political beliefs, membership in civil associations, criminal and security data, biometric data, genetic data, credit data, health data, and precise geolocation data.
  • “Processing”: Any operation or set of operations performed on personal data by any means, such as collection, recording, storage, organization, classification, structuring, retention, modification, updating, retrieval, usage, disclosure, transfer, publication, erasure, or destruction.
  • “The Law”: The Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443H, its Implementing Regulations, and any subsequent amendments or updates thereto.
  • “Data Controller”: The entity that determines the purpose and means of processing personal data (in this case, Hakbah Company).
  • “Processor”: An entity that processes personal data on behalf of the Data Controller and according to its instructions (such as cloud service providers or specialized companies).
  1. What Personal Data Do We Collect?

We collect and process various types of personal data necessary for the provision and enhancement of our Services and for compliance with regulatory requirements. This primarily includes:

  • Identity and Verification Data: Full name, national ID/Iqama number, date of birth, nationality, gender, copy of ID, verification data via Absher or Yakeen, or any other approved government system.
  • Contact Data: Residential address (National Address), mobile phone number, email address.
  • Financial Data: Bank account number (IBAN), income information and source (we may request supporting documents to assess eligibility), credit history (obtained with your explicit consent from SIMAH), financial transaction history via our Platform, and payment card details (processed securely and in compliance with security standards).
  • Transaction Data: Details of Jameyas you participate in, payment dates, service requests, and virtual withdrawal and deposit records.
  • Technical Data: Internet Protocol (IP) address, device identifier, operating system, browser type, and system log data.
  • Usage Data: How and when the Platform is used, features accessed, session duration, and browsing patterns.
  • Communication Data: Records of your communications with customer service (e.g., recorded calls or text chats).
  • Other Data: Any other information you voluntarily provide or that we obtain with your explicit consent for a specific and defined purpose.

Sensitive Data: We collect and process credit data (classified as Sensitive Data) with your explicit consent from SIMAH, exclusively for the purposes of assessing financial suitability and credit risk, and in compliance with relevant laws and regulations.

  1. How Do We Collect Your Personal Data?

We collect your personal data through the following methods:

  • Directly from You: When you register a new account, update your information, use the Services, or communicate directly with us (via phone, email, or in-app messages).
  • Automatically: When you interact with the Platform (e.g., technical data and usage data collected via cookies and similar tracking technologies).
  • From Third Parties: With your explicit consent or based on a clear legal or regulatory basis, such as government verification services (Absher, Yakeen), the Saudi Credit Bureau (SIMAH), your banks, the Nafith platform, and other publicly permitted sources.
  1. Why and How Do We Use Your Personal Data (Purposes and Legal Basis)?

We process your personal data for the following purposes and based on the legal grounds outlined below, in full compliance with the Personal Data Protection Law:

Purpose of Processing

Legal Basis for Processing (According to The Law)

1. Account Creation and Management, and Provision of Core Jameya Services

Necessary for the performance of a contract to which you are a party (Terms and Conditions).

2. Identity Verification, Eligibility Assessment, and Anti-Money Laundering (KYC/AML)

Compliance with a legal/regulatory obligation imposed on us.

3. Financial Suitability Assessment and Credit Risk Management

Your explicit consent (for SIMAH data), our legitimate interest (for Hakbah), and necessary for contract performance.

4. Payment and Transfer Processing, and Promissory Note Issuance

Necessary for the performance of a contract, and compliance with a legal/regulatory obligation.

5. Communication with You (Customer Service, Important Notifications, Query Response)

Necessary for the performance of a contract, and Hakbah’s legitimate interest in providing effective customer service.

6. Platform and Services Improvement and Development, and Application Performance

Hakbah’s legitimate interest in providing high-quality services and an enhanced user experience.

7. Marketing and Promotional Offers

Your explicit consent (with your right to withdraw consent at any time).

8. Fraud Prevention, Platform Security, and Asset Protection

Hakbah’s legitimate interest in protecting its operations and customers, and compliance with a legal/regulatory obligation to combat financial crimes.

9. Compliance with Legal and Regulatory Requests and Competent Authority Orders

Compliance with a legal/regulatory obligation imposed on us, or for public interest purposes.

10. Record Retention for Audit Purposes

Compliance with a legal/regulatory obligation, and Hakbah’s legitimate interest in maintaining records for accountability and compliance.

  1. With Whom Do We Share Your Personal Data?

We may share your personal data with the following categories of third parties, only when necessary and for the purposes outlined in this Policy, and always with appropriate contractual and organizational measures in place to protect your data:

  • Service Providers: Entities that provide services to us (such as cloud service providers, payment processors, identity verification services, data analytics companies, information security firms, and technical support services).
  • Regulatory and Government Authorities: Entities that impose statutory obligations on us or have the authority to request data (such as the Saudi Central Bank (SAMA), Ministry of Commerce, Ministry of Justice (Nafith platform), Ministry of Interior (Absher, Yakeen), Saudi Credit Bureau (SIMAH), Saudi Data and AI Authority (SDAIA), and relevant judicial and security authorities).
  • Specialized Consultants: (e.g., legal advisors, accountants, and external auditors) for professional advice.
  • Business Partners: In the event of joint programs or services, such sharing will occur only with your explicit and prior consent.
  • In Cases of Change of Ownership or Restructuring: In the event of a merger, acquisition, restructuring, or asset sale, your data may be transferred as part of the assets, subject to the same level of protection stipulated in this Policy.
  • Other Jameya Members: Certain essential data necessary for the operation of the Jameya (such as role schedules) may be shared with other Jameya members, in accordance with your consent provided within the Terms and Conditions.
  1. Data Transfer Outside the Kingdom:

We primarily store and process your personal data within the Kingdom of Saudi Arabia. Should there be a necessity to transfer any data outside the Kingdom for processing purposes, we shall strictly adhere to the requirements of the Personal Data Protection Law and its Implementing Regulations. We will ensure an adequate level of protection for transferred data (e.g., by utilizing standard contractual clauses or binding corporate rules), or obtain your explicit and prior consent, or fulfill other statutory conditions specified in the Law.

  1. Security of Your Personal Data:

Hakbah implements robust and appropriate technical, organizational, and administrative security measures to protect your personal data from unauthorized access, damage, loss, alteration, or disclosure. These measures include, but are not limited to, encryption, access controls, firewalls, and periodic security audits. You are also responsible for safeguarding your account login credentials and the devices you use to access the Platform. In the event of any data breach incident affecting your personal data, we will notify the competent authorities and affected customers in accordance with statutory requirements.

  1. Duration of Retention of Your Personal Data:

We retain your personal data for the period necessary to fulfill the purposes for which it was collected, and to comply with statutory and legal requirements (which may extend to 10 years or more for certain financial and regulatory records). Data will be securely and irrevocably destroyed upon the cessation of its necessity and the expiry of statutory retention periods.

  1. Your Rights Regarding Your Personal Data:

In accordance with the Saudi Personal Data Protection Law, you possess the following rights:

  • Right to Know: To be informed about the processing of your personal data, its legal basis, and its purpose.
  • Right to Access: To access your personal data that we hold and to request a copy thereof.
  • Right to Rectification: To rectify your inaccurate or incomplete personal data.
  • Right to Erasure: To request the destruction of your personal data in specific cases stipulated by the Law (e.g., cessation of the purpose for collection or withdrawal of consent if that was the sole basis for processing).
  • Right to Withdraw Consent: To withdraw your consent for processing that is based on your consent (e.g., direct marketing), without affecting the lawfulness of processing carried out before the withdrawal of consent.
  • Right to Object: To object to certain types of processing, as permitted by the Law.

To exercise any of the aforementioned rights, please contact us via the designated contact channels (Clause 14). We will rigorously verify your identity and respond to your request in accordance with the timeframes and procedures stipulated in the Law. Should you be dissatisfied with our response, you retain the right to escalate your complaint to the competent supervisory authority as per the Law.

  1. Cookies and Tracking Technologies:

We utilize cookies and similar tracking technologies for various purposes. These include cookies essential for the basic operation of the Platform (such as maintaining login status), functional cookies to remember your preferences (e.g., language), and analytical cookies to understand usage patterns and improve performance. We may also use marketing cookies for targeted advertising purposes, provided we have obtained your explicit prior consent.

You can manage cookies through your browser settings or via the cookie consent tools we may provide on the Platform. Please refer to our separate “Cookie Policy” (if available) for more detailed information.

  1. Children’s Privacy:

Our Services are not directed at individuals under 18 years of age, and we do not knowingly collect their personal data. Should we become aware that we have collected personal data from a child under this age without parental or guardian consent, we will take necessary steps to delete such data.

  1. Updates to the Privacy Policy:

We may update this Policy from time to time to reflect changes in our practices or regulatory requirements. We will publish the updated version on the Platform with the last updated date. In the event of any material changes that affect your rights, we will notify you in advance and appropriately, in accordance with the procedures outlined in the General Terms and Conditions.

  1. Contact Information:

For inquiries pertaining to this Policy, or to exercise your rights related to your personal data privacy, please contact our Data Protection Officer (or the designated team) via:

  • Dedicated Privacy Email: [email protected]
  • Or via other customer service channels mentioned in the General Terms and Conditions (Clause 16).

Last update 21 June 2025

All rights reserved to Noon Hakbah © 2025

Noon Hakbah Information Technology is permitted by the Saudi Central Bank to test its innovative services under the Regulatory Sandbox environment. For more information please click here

Give us a call

Your Jamiya Is On Your Mobile

Download the App now

Connect with us