1. Purpose

According to Data Privacy Principles for ICT from CITC, Salam Mobile creates this policy to commit to the regulator’s requirements. This policy aims to maintain personal data privacy for users and protect their rights according to international best practices.

2. Scope

This policy covers all Salam Mobile services or products that contain personal identifiable information (PII) and is applied to Salam Mobile (employees, contractors, and customers) and third parties that interact with personal data.

3. Policy

3.1. Procedures of launching services or products that contain user personal data or sharing personal data:

• Must do the following steps before launching services or products that depend on user personal data or sharing personal data:
• Verify the need for doing a “privacy impact assessment” on Privacy Impact Assessment Procedure (Data Privacy Initial Screening Questions Table) and document the verifying result.
• CITC must be informed when launching services or products that depend on user personal data or sharing personal data using CITC Notice Form

3.2. Essential principles to maintain personal data privacy for users

• Salam Mobile commit to formally process personal data and ensure processing result is not affecting negatively the personal data owners.
• Salam Mobile commit to process personal data for specific and clear purposes for the user.
• Salam Mobile commit to collect minimum personal data to achieve processing purposes.
• Salam Mobile commit to not retain personal data for more than the specified duration that achieves the purposes of the data processing.
• Salam Mobile commit to protect personal data to ensure its privacy and prevent unauthorized access, leakage, tampering or any misuse.

3.3. Service Provider Commitments

• Salam Mobile commit to develop, execute and maintain a program that protects data privacy for users, and shall cover the development, documentation, and execution of policies and procedures related to maintain personal data privacy and maintain its compliance.
• Salam Mobile commit to develop, approve and publish a personal data privacy policy, which must include types of processing on data, the purpose of processing if third-parties are part of data processing, data retention duration, data protection security controls, users’ rights regarding their data and how they use these rights.
• Salam Mobile commit to process the personal data within Saudi Arabia. Salam Mobile must acquire CITC approval before any project to process user data outside of Saudi Arabia.
• Salam Mobile commit to retaining personal data for specific purposes and durations based on CITC regulations.
• Third-party compliance checks must be performed by Salam Mobile on regular basis to maintain personal data privacy compliance.
• In case of user data leakage, Salam Mobile commit to report to CITC immediately through approved CITC mechanisms.

3.4. Users’ rights regarding their data

• User personal data should not be processed without data owner consent, which can be withdrawn at any time.
• Salam Mobile should enable users to review the personal data privacy policy before making any processing of their data.
• Salam Mobile should enable users to access their data at any time and allow users to correct it if required, e.g. in case of wrong or inaccurate data.
• Salam Mobile should enable users to get an electronic copy of their data as per CITC regulations.
• Salam Mobile should enable users to withdraw their consent to the processing of personal data by calling Salam Mobile Contact Center at 1101.

The Purpose of using personal data

• To register in any of our services.
• Customer ID verification and information update.
• Marketing and bundles campaigns
• To contact customers for resolving complaints or any inquiries.
• To enhance our services and products and improve them based on customers’ needs.
• To comply with legal and regulatory requirements.

Collection of Data

Types of collected personal data for the mentioned purposes such as:

• Name, ID number, Phone number, Nationality, Address, Email, Date of Birth, …etc.
• Customer’s National Address.

Types of collected non-personal data for the mentioned purposes such as:

• Cookies to be used to enhance customer experience while using our website.
• Services devices data such as: Serial number, Model number, MAC.

*last updated on 28\08\2022 at 11:45AM