Privecy Policy
Loan for Finance is a licensed financial technology company in Saudi Arabia, regulated and supervised by the Saudi Central Bank, specializing in providing micro-consumer financing solutions through an integrated digital system, compliant with Islamic law.
Who are we and what do we do?
Loan Finance (“Loan”, “we”, or “the platform”) is a FinTech company established in the Kingdom of Saudi Arabia in 2022, and practices consumer microfinance activity using innovative technical solutions.
The company holds Commercial Registration No. (1010756292), and License No. (87/Ash/202308) issued by the Central Bank of Saudi Arabia on 01-19-1446 AH corresponding to 08-06-2023 AD. Its registered headquarters is located in Riyadh – Al-Rabwah District – Makkah Al-Mukarramah Branch Road – Building No. 2333 – Postal Code 12821 – Additional Number 7890.
The Loan platform allows its customers to obtain microfinance services in a fully digital manner through the Loan application on smart devices (“Loan App”), without the need to visit the company’s headquarters.
Our services are provided to all segments of society, including workers in the government, private, military and semi-government sectors, in addition to retirees.
This privacy policy has been prepared to highlight Loan Company’s commitment to protecting your privacy and personal data, and to clarify our practices in collecting, processing and using your data in accordance with the Personal Data Protection System (PDPL) issued in the Kingdom, the controls and standards of the Saudi Data and Artificial Intelligence Authority (SDAIA), as well as the instructions of the Central Bank of Saudi Arabia.
Scope of application
This policy applies to all personal data collected or processed by Loan Finance Company (“Loan” or the “Platform”) through any of the following channels:
Loan application on smart devices (“Laon application”).
The Company’s website (“Loan Website”).
Call centers, live chats, or any digital communication means affiliated with the platform.
This policy includes all the platform’s clients, visitors to its website, and users who benefit from financing services or create accounts through the company’s digital platforms.
This policy does not apply to any websites, applications or third parties that are not owned or operated by Loan, even if accessed through the Loan application or website.
This policy also does not apply to the data collection or use practices carried out by these parties, which are subject to their privacy policies.
Data collected
Loan Finance Company (“Loan” or the “platform”) collects multiple types of personal and non-personal data from its customers and users of its application and website, with the aim of providing digital financial services and ensuring a safe and compatible user experience with the relevant systems. This data includes the following:
First: Identity and personal identification data
Data collected when you register or create an account includes, such as:
Full name.
National ID or residence number.
Mobile number.
date of birth.
Email (if available).
The validity of this data is verified through Elm’s “Yaqeen” service, which relies on the Absher platform of the Ministry of Interior in the Kingdom of Saudi Arabia.
Second: Technical and technical data
The Loan application and website collect non-identifying technical data with the aim of improving performance and ensuring security, such as:
Operating system and device version.
Browser type and device settings.
Name of the telecommunications or Internet service provider.
Time zone, language, and area code.
Internet Protocol Address (IP Address).
Information about the user’s activities within the application (number of page views, session duration, etc.).
Geolocation data (GPS, Wi-Fi or Bluetooth) may also be collected when this service is activated on the device.
Third: Financial and credit data
In accordance with the instructions of the Central Bank of Saudi Arabia (SAMA), the Loan platform collects some financial data necessary to evaluate the customer’s creditworthiness, such as:
Data from the General Organization for Social Insurance (GOSI) and the Credit Information Company (SIMAH) to determine the Debt Burden Ratio (DBR) and the Deduction Ratio (DR).
Information about linked bank cards (credit or debit cards).
Records of financial transactions carried out via the Loan application.
Fourth: Usage and behavior data
The Loan application keeps a record of the activities carried out by the user within the application, for the purposes of analysis and improving the user experience and the quality of the services provided.
Fifth: Device data and storage means
The Loan application may need access to some device features to activate some services, such as:
Camera or photo library (eg to scan bank cards or documents).
Cookies on the website to maintain the user’s session state and improve the user’s experience.
Cookies are used for purely technical purposes and do not contain personal or confidential information.
The purpose of collecting data and the systematic basis for its use
Loan Finance Company (“Loan” or “the platform”) collects and uses personal data to the extent necessary to provide its digital financial services and implement its regulatory and operational functions, according to the following principles and purposes:
Compliance with regulatory obligations
As a company subject to the supervision of the Central Bank of Saudi Arabia (SAMA), we are obligated to comply with the requirements of the supervisory and regulatory authorities in the Kingdom of Saudi Arabia, including:
Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.
Adhere to the instructions of official authorities when requesting data as permitted by the system.
Implementing the controls and standards issued by the Saudi Data and Artificial Intelligence Authority (SDAIA) under the Personal Data Protection System (PDPL).
Implementation of contractual obligations
We process personal data to fulfill contracts and services concluded with customers, such as:
Identity verification and personal account management.
Processing financing requests and credit operations.
Providing digital financial products and services through the Loan application and website.
Legitimate interest
In some cases, personal data is processed to achieve a legitimate interest of the company, We will not infringe on the rights of data subjects, including:
Understand customers’ needs and evaluate their eligibility for products and services.
Improving the quality of services and user experience on digital platforms.
Communicating with customers to obtain their opinions or observations through studies and questionnaires.
Develop and improve the operational performance of the application and website.
Enhance fraud protection and monitor suspicious activities.
Consent-based processing
If we need to process your data for purposes not covered by the previous statutory grounds, this will be done after obtaining your explicit consent, and you have the right to withdraw this consent at any time, without affecting the lawfulness of the processing that took place before its withdrawal.
Examples include:
Sending promotional offers and marketing messages regarding Loan services.
Direct communication with the customer about new products or advertising campaigns.
Conduct additional identity checks to protect against fraud, when needed.
Public interest
Personal data may be processed when there is an official request from the competent authorities for purposes related to the public interest, public security, public safety or public health, as permitted by the relevant regulations.
Disclosure of your personal data
Loan Finance Company (“Loan” or the “platform”) treats your personal data with strict confidentiality, and it is not disclosed except in cases required by regulations or to carry out the legitimate purposes described in this policy.
Within the company
Your personal data may be shared with company employees or specialized work teams who need to perform their duties to access it, only to the extent necessary to carry out their job duties and in accordance with the company’s approved information confidentiality policy.
With subsidiaries or partners
Your data may be shared with Loan entities or with strategic partners for the purposes of implementing contracts and services you have requested, or to improve the quality of services provided, in accordance with legal and regulatory controls.
With service providers
The Company may use service providers or trusted third parties to provide certain operational or technical services on its behalf, such as technical infrastructure services, technical support, identity verification, or payment processing.
These parties are bound by strict agreements that guarantee the confidentiality and security of personal data, and are prohibited from using the data for any purposes other than those specified by the company.
With official and regulatory authorities
Some personal data may be disclosed to official authorities in the Kingdom of Saudi Arabia, such as the Central Bank of Saudi Arabia (SAMA), or judicial and regulatory authorities, in order to comply with regulatory requirements or based on official orders or requests issued in accordance with the system.
With other parties when necessary
Data may be shared with third parties where legitimately necessary, such as:
Law firms, external auditors or financial advisors.
Collection companies or credit information companies such as SIMAH.
Insurance companies related to financing operations.
Loan confirms that it does not share your personal data with any third party for independent marketing purposes except after obtaining your express prior consent.
Protect your personal data
Loan Finance Company (“Loan” or “the platform”) is keen to protect your personal data from unauthorized access, use, disclosure, modification or destruction, by applying a set of technical, organizational and administrative security measures, in accordance with the laws and regulations in force in the Kingdom of Saudi Arabia, and in particular the Personal Data Protection System (PDPL) issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
Technical procedures
Technical controls used include:
Use advanced security systems to monitor and prevent unauthorized access.
Apply encryption techniques to protect data during transmission and storage.
Securing servers and databases against hacking or leaking.
Monitor electronic activities periodically to detect any unauthorized access or modification attempts.
Organizational and administrative procedures
Organizational and administrative measures include:
Restrict access to personal data to only authorized employees who need it to perform their job duties.
Training employees on data protection policies and procedures and adherence to confidentiality.
Establish clear policies for managing security incidents and reporting them when any data breach occurs.
Review and update protection procedures periodically to ensure their effectiveness.
Loan is committed to continuing to develop protection controls in line with technical developments and potential risks, to ensure the highest levels of security and reliability in protecting its customers’ data.
Retention of your personal data
Loan Finance Company (“Loan” or “the platform”) is committed to keeping your personal data on local servers within the Kingdom of Saudi Arabia, in order to ensure compliance with the laws and regulations in force in the Kingdom, and to facilitate safe access to data when needed, in accordance with the instructions of the Personal Data Protection System (PDPL) and the Central Bank of Saudi Arabia (SAMA).
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, unless law or regulation requires a longer retention period.
Data is retained after the purpose of its collection has ended in the following cases:
Existence of a legal obligation:
If there are legal requirements that require data to be retained for a specific period, it will be retained for that period of time, and then destroyed or anonymised when the data expires or when the purpose for which it was collected has been achieved, whichever is longer.
The existence of a case or judicial proceeding:
If the data is related to a lawsuit or case pending before a judicial authority, it will be kept throughout the duration of the judicial proceedings until a final ruling is issued, after which it will be destroyed or anonymized according to the approved controls.
Loan Company is committed to destroying or deleting personal data securely and permanently upon the expiration of the purpose for collecting it or the expiry of the recovery period The system is preserved, ensuring that it cannot be retrieved or used in any way.
Cross-border data transfer
Loan Finance Company (“Loan” or “the platform”) is committed not to transfer or process any personal data outside the Kingdom of Saudi Arabia except as permitted by the relevant laws and regulations, and in accordance with the provisions of the Personal Data Protection System (PDPL) issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), and the instructions of the Central Bank of Saudi Arabia (SAMA).
Cases allowed for transportation
Personal data may be transferred outside the Kingdom only in the following cases:
There is a necessity to provide a service or implement a contractual obligation between the platform and the customer, provided that the transfer takes place in accordance with the approved regulatory controls.
If the entity to which the data is transferred provides a level of protection no less than the level applied in the Kingdom, and provided that there are binding agreements to protect the data.
When the transfer is made based on an official request from a competent authority in the Kingdom, or in implementation of a legal obligation or international agreement to which the Kingdom is a party.
Controls and procedures followed
Loan Company is committed to ensuring that any entity that receives data outside the Kingdom takes appropriate security and regulatory measures to protect the data from unauthorized access, disclosure, or processing.
The transfer does not take place except after obtaining the approval of the competent authority (SDAIA) in cases where this is required by law.
The Company maintains a detailed record of cross-border transfers, including the recipients, the purpose of the transfer, and the regulatory basis used.
Prohibition of transfer in certain cases
Loan will not transfer customers’ personal data to any country or entity that does not provide adequate data protection, or if there are risks to the security of the data or the privacy of its owners.
Rights of personal data subjects
In order for Loan Finance Company (“Loan” or “the platform”) to protect the privacy of its customers and ensure transparency in the processing of their personal data, data subjects have the following rights, in accordance with what is stated in the Personal Data Protection System (PDPL) and its implementing regulations:
Right of briefing:
You have the right to know the legal basis and purpose of collecting your personal data, the nature of this data, how it is processed and to whom it may be disclosed.
Access right:
You may request access to your personal data held by the Company, and obtain a copy of it in a clear and legible format.
Right to correct and amend:
You have the right to request that any inaccurate or incomplete personal data about you held by the Company be corrected or updated.
Right to object or restrict:
You can object to the processing of your personal data or request the restriction of its use if you consider that the data is inaccurate or that the processing is not justified.
Right to destroy or delete:
You have the right to request the deletion or destruction of your personal data when the purpose for collecting it ceases to exist or the statutory period of retention for it expires, unless its retention is legally or judicially required.
Right to withdraw consent:
If the processing of your data is based on consent, you have the right to withdraw this consent at any time, without affecting the lawfulness of the processing carried out before the withdrawal.
Right to grievance:
If you are not satisfied with the way we process your data or our response to your request, you can submit a complaint to the authority responsible for protecting personal data (SDAIA) according to the approved procedures.
Possible consequences if personal data is not provided
Some personal data is necessary to provide digital financing services through Loan Finance Company (“Loan” or the “Platform”).
If the platform is not provided with the required data, the company may not be able to implement its legal or contractual obligations.
Which may lead to an inability to provide services or complete financing application procedures.
Manage privacy policy
Lone Finance Company reserves the right to update, amend or change this policy in whole or in part at any time, in line with systemic, technical or operational changes.
Users will be notified of any material updates to this Policy through the Website or Application.
Your continued use of our services after the update is published constitutes implicit acceptance of the revised policy.
If you do not agree to any amendment to this policy, you can stop using the platform services, without this affecting the contracts or obligations in force between you and the company.
Use of cookies
To improve user experience, Loan’s website uses cookie technology to collect information about how the site is used, such as which pages are visited and the duration of sessions.
These cookies are used purely for operational and technical purposes, and are intended to improve site performance and user experience.
Cookies do not contain any personal data or confidential information.
You may modify your browser settings to refuse or delete cookies, although this may affect some functionality of the site.
Help and support
If you have any inquiries or comments related to the privacy policy or the processing of your personal data, you can contact Loan Finance Company through the following channels:
Email: DPO@loan.com.sa
Unified number: 8001240301
Via the website or Loan application https://loan.com.sa:
You can also exercise your rights guaranteed under the Personal Data Protection System by filling out the Personal Data Subject Requests Form via the link below:
Loan Finance Company
Headquarters:
2333 Mecca Road, Riyadh 12821, Kingdom of Saudi Arabia – Postal Code 12821 – Additional Number 7890
Kingdom of Saudi Arabia
Disclaimer
To improve user experience, Loan’s website uses cookie technology to collect information about how the site is used, such as which pages are visited and the duration of sessions.
These files are used for purely operational and technical purposes, and are intended to improve the performance of the website and user experience.
Cookies do not contain any personal data or confidential information.
You may modify your browser settings to refuse or delete cookies, although this may affect some functionality of the site.