LOOP is a Digital Payments Company in Saudi Arabia committed to providing secure and innovative payment solutions to its customers.
By accessing or using LOOP’s services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.
Contact Details
Involved Department/Team:
Cybersecurity Department
Address:
2699 Northern Ring Rd Al Nakheel Dist. – Unit No 2699. Riyadh 12385 – 7680
Phone Number:
8001222228
E-mail:
dataprotection@loop.sa
License or Commercial Register:
1010949680
Date of Last Update
The Privacy Policy was last updated on 03/11/2024
1. What is the purpose of this Privacy Notice?
This Privacy Notice informs you how LOOP, as the controller of your personal data, collects, manages, protects, and processes your
information. It applies to personal data obtained through various service interactions, both online and during physical service
engagements, and covers data related to customers, business partners and third-party vendors
This notice adheres to the regulations set forth by the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), enacted by
Royal Decree No. (M/19) on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
2. Who is the Controller of your Personal Data?
LOOP is the legal entity responsible for the collection, use, and protection of your personal data. As the data controller, we
determine the purposes and means of processing your personal data.
3. What Personal Data do we collect about you?
At LOOP, we collect specific personal data from our customers and other stakeholders, such as:
A. From Customers
• Personal Information: Names, email addresses, phone numbers, physical addresses, nationality, and customer identification numbers.
• Financial Information: IBANs, bank account details, and payment information such as billing records and transaction histories.
• Transaction Details: Payment information, and Transaction records.
• Location Data: Geographic locations collected for payment processing and fraud prevention purposes.
• Online Interaction Data: Browsing history, preferences, and interactions with our digital platforms.
• Device Information: Types and specifications of devices used to access our services.
• Feedback and Survey Data: Responses and insights from customer surveys and feedback mechanisms.
• Security Information: CCTV footage for ensuring the safety and security of our premises and customers.
• Customer Service Interaction Records: Details from interactions with our customer service, including communications via emails and
calls.
• Social Media Interactions: Data from your interactions with our social media channels.
B. From our Suppliers, Contractors, and Third-Party Vendors:
• Professional Information: Job titles, roles within the organization, and professional qualifications.
• Financial Information: Details related to financial transactions and banking data.
• Legal Data: Contracts, compliance documentation, and other related legal information.
C. Methods of Data Collection
LOOP employs various methods to collect personal data, ensuring accuracy and compliance with legal regulations:
• Direct Collection: Through customer interactions on our websites, mobile apps and through customer service conversations.
• Automated Collection: Using cookies and similar tracking technologies that collect information about your interactions with our
website and applications.
• Third-Party Sources: We may receive your personal data from business partners, external agencies and public sources to facilitate and
enhance the services we offer. This includes information received from marketing initiatives and social media comments.
4. How do we use your Personal Data?
At LOOP, we utilize the personal data we collect to support our business operations, enhance user experiences, and ensure compliance
with legal and regulatory standards. The purposes for which we use personal data include:
• Business Operations and Payment Processing: We use your data to process transactions, fulfill services, and ensure smooth operations.
This includes verifying identities, managing customer accounts, and ensuring that our services are delivered effectively.
• Customer Support: To provide efficient and responsive customer service, we use personal data to resolve inquiries, provide assistance,
and manage any issues that may arise during your interactions with LOOP.
• Business Development: To analyze customer behaviors and preferences, supporting our marketing and strategic business initiatives.
• Operational Excellence and Compliance: To improve operational efficiencies, ensure service quality, and adhere to legal standards,
particularly the KSA PDPL.
• Security and Safety: To ensure the safety of our premises, we utilize CCTV surveillance systems which provide a secure shopping
environment and enhance the safety of all our customers, suppliers, and third-party vendors.
5. Legal Bases for Processing your Data
LOOP processes personal data based on several legal grounds to ensure compliance with the law:
• Consent: We obtain explicit consent for certain processing activities, especially those not directly related to the fulfillment of
contracts or legal obligations.
• Contractual Necessity: Data is processed as necessary for the performance of a contract to which you are a party, or to take steps at
your request before entering into a contract.
• Legal Obligation: Processing necessary to comply with our legal obligations, including but not limited to labor, corporate laws and
the standards set by the Saudi Arabian Monetary Authority (SAMA).
• Vital Interests: Occasionally, we process data necessary to protect the vital interests of individuals, such as emergency situations.
• Legitimate Interests: We process data based on legitimate business interests, such as preventing fraud, ensuring network and
information security, and conducting business management activities, provided such processing does not outweigh your rights and
freedoms.
6. How do we protect your Personal Data?
At LOOP, safeguarding your personal data is a priority we take very seriously. We are committed to implementing comprehensive
security measures—both technical and organizational—to protect your data from unauthorized access, alteration, and misuse.
A. Technical Security Measures:
• Data Storage Encryption: All sensitive personal data transmitted to and stored on our systems is encrypted using advanced encryption
technologies.
• Access Controls: We strictly limit access to personal data to authorized personnel only, based on their role and necessity to engage
with the data.
• Secure Infrastructure: Our network and data storage solutions are protected with industry-standard firewall and antivirus software,
alongside intrusion detection systems to prevent unauthorized access.
• Mobile Device Management: We use the IVANTI Mobile Device Management (MDM) system to control and secure email access outside our
network, reducing the risk of data breaches related to remote access and mobile devices.
• Regular Security Assessments: We conduct periodic security assessments and penetration testing to identify and address potential
security vulnerabilities.
B. Organizational Security Measures:
• Data Privacy Policies and Training: We enforce comprehensive data privacy policies and ensure that all employees are trained regularly
on the importance of personal data protection and security best practices.
• Confidentiality Agreements: All our employees, contractors, and third-party service providers are required to sign confidentiality
agreements that bind them to maintain the secrecy and security of all personal data.
• Physical Security: Our facilities are secured with ID cards, biometrics, and constant surveillance to ensure that only authorized
personnel can access data sensitive areas.
• Vendor Management: Third-party vendors are rigorously screened and bound by contracts that enforce our data protection standards.
• Incident Response Management: A structured incident response protocol is in place, detailing procedures for addressing any data
security incidents. This includes immediate actions to manage and contain potential breaches and ensuring proper escalation and
response without undue delay.
7. Who do we share your Data with?
LOOP shares your personal data with specific categories of recipients to facilitate business operations and comply with legal
requirements:
• Service Providers and Professional Partners: This includes IT and logistics providers like cloud services and delivery partners, as
well as professional firms such as financial auditors who support our business operations.
• Government and Regulatory Authorities: To comply with legal obligations or in response to legal requests.
• Financial Institutions and Payment Processors: For processing transactions and managing financial operations.
• Marketing and Advertising Partners: To conduct marketing and promotional campaigns.
Third-Party Transfers
Data shared with third parties is strictly governed by privacy agreements that ensure these parties adhere to confidentiality and data protection standards comparable to those followed by Tamimi Markets. We ensure that:
• All third parties are carefully vetted and bound by contractual safeguards such as Data Processing Agreements (DPAs) to ensure data
protection.
• Data transfers are limited to what is necessary for the services they provide.
International Transfers
In instances where your personal data is transferred across borders, LOOP takes the following precautions:
When transferring personal data internationally, we employ strict safeguards to ensure the protection of your data across borders. We
enter into Data Processing Agreements (DPAs) with all third parties handling your data outside the Kingdom of Saudi Arabia (KSA),
requiring them to maintain the same level of data protection that LOOP adheres to.
Additionally, we only transfer data to countries that are recognized by the Saudi Data and Artificial Intelligence Authority (SDAIA)
for having adequate data protection laws. For transfers to countries without such recognition, we conduct Transfer Impact Assessments
(TIAs) to evaluate and mitigate potential risks. We also use Standard Contractual Clauses (SCCs) to ensure compliance with KSA PDPL.
8. How long will your Personal Data be retained by us?
LOOP retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Here’s how we determine retention periods for different types of personal data:
• Operational Necessity: We retain your data for as long as needed to provide you with services and to conduct our business operations
efficiently.
• Legal Compliance: Certain types of data are retained for specific periods as required by law or other regulatory guidelines.
• Marketing and Communications: Data used for marketing purposes is kept until you request that we stop contacting you.
Upon expiration of the retention period, personal data is securely deleted or anonymized, ensuring it can no longer be linked back to
an individual.
9. How do we use Cookies?
At LOOP’s Website, we utilize cookies to enhance your experience, maintain the functionality of our websites and improve our services:
• Essential Cookies: These cookies include those necessary for managing compliance with data protection regulations. They store your
consent preferences and ensure that the website adheres to legal requirements.
• Performance Cookies: Used for tracking site usage and performance, these cookies help us gather insights into how visitors use the
corporate website. This data is used to optimize site functionality and improve the user experience.
• Advertising Cookies: These cookies are employed to support our marketing efforts, allowing us to deliver relevant advertisements based
on your browsing behavior and interests.
Managing Cookie Preferences
You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:
• Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling
cookies may affect the functionality and service offered on our websites.
• Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change
your preferences at any time by accessing the cookie settings available on our website.
10 What are your Rights regarding the processing of your Personal Data?
At LOOP we respect your privacy and provide you with the ability to exercise them according to the Kingdom of Saudi Arabia’s Personal Data Protection Law (KSA PDPL). Following are the rights available to you:
• Right to be Informed: You have the right to be informed about how we collect your personal data, the legal basis for collection and
processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through
our Privacy Policy or contact us for further information.
• Right to Access to Your Personal Data: You have the right to access your personal data that we hold through means provided by us that
allow for automatic access without needing to make a formal request.
• Right to Request Access to Your Personal Data: You can request to obtain your personal data held by LOOP at any time and obtain a copy
of this data in a clear and readable format.
• Right to Correct Personal Data: If you find that any of the personal data that we hold about you is inaccurate, incomplete, or
outdated, you have the right to request its correction or update.
• Right to Request Destruction of Personal Data: You may request the destruction of your personal data when it is no longer needed for
the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal and regulatory
requirements.
• Right to Withdraw Consent: You may withdraw your consent for the processing of your personal data at any time, unless there is a legal
basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its
withdrawal.
• Right to File a Complaint: If you believe that LOOP has not complied with the Personal Data Protection Law, you have the right to file
a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial
Intelligence Authority (SDAIA).
• Right to Claim Compensation: You are entitled to claim compensation for any material or moral damage resulting from a violation of the
Personal Data Protection Law and its implementing regulations.
Exercising Your Rights
To exercise any of these rights, please contact us via dataprotection@loop.sa. We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).
You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.
11. What if you have questions or want further information?
For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at LOOP using the below mentioned contact details.
Email:
dataprotection@loop.sa
Phone:
8001222228
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel:
Email: dataprotection@loop.sa
If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
12. Changes in Privacy Notice
LOOP reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations