Privacy policy

1. Introduction 

 Asyaf Investment Company

 (a joint stock company) established in accordance with the provisions of the Companies Law enacted by the Royal Decree No. (M/3), dated 28/01/1437H (corresponding to10/11/2015G) under the license ( 20213-32) by the Saudi Capital Market Authority (CMA) dated 14/09/2020 and office address located at Office 1, 1st floor, Building 11, Riyadh Front, Airport Road, Riyadh, Saudi Arabia (“Asyaf”, “we” or “us”) is committed to providing the highest level of privacy and security regarding collection and use of our customers’ personal information. This policy describes how we may collect, use and disclose your personal information. 

Personal information comprises all the details we hold or collect directly or indirectly (including via cookies or other similar tools) about you, your transactions, financial information, interactions or dealings with us, including information received from third parties and information collected through use of our websites and mobile solutions. 

If you have any questions regarding this privacy policy or the security of your personal information, please contact us on [email protected]

For more information about our use of cookies please refer to our Cookie Policy. 

Please take the time to read this Privacy Policy carefully. In opening an account with us you consent to our use of your personal data in accordance with the Terms and Conditions and the Privacy Policy. By implementing and operating this Privacy Policy, we will make your online experience a more secure and enjoyable one.

Use of www.asyafinvestments.com  (“our website”) is subject to our Terms of Use and any products and services supplied are subject to our Terms and Conditions. By visiting our website you are accepting and consenting to the practices described in this Privacy Policy. 

2. Why have a privacy policy? 

There are a number of laws which set out important standards regarding information that identifies a living individual. This is known as “personal data.” All organizations processing personal data must do so fairly and lawfully. 

We treat our obligations seriously and take all steps necessary to comply when we store and process your personal data. 

It is essential to us to collect, store and process only the minimum required amount of personal data so that we can offer and perform our services. Typical information we might ask for includes your name, your address, other contact details and Anti Money Laundering / Know Your Customer (AML/KYC) related information. In addition, our servers automatically receive and record information on all visitors to our website. Please see our Cookie Notice  for more information on the cookies on our website. 

We will record your personal data (aside from the automatic information detailed above) once you have fully registered with us

3. How do we collect your personal data?

We collect your personal data in a number of different ways, including the following: 

  1. if you provide it when communicating with us (for example when registering for our services); 
  2. if you invest in any of our products or services; 
  3. if you enter a competition or promotion; 
  4. if you make payments or modify your account details; 
  5. when you visit our website (for example by cookies, technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and other browser-generated information such information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number); 

4. How do we use your personal data? 

We retain and use your personal data for the following main purposes: 

  1. assessing customer suitability for products and services; 
  2. anti-money laundering (AML), Know Your Customers (KYC) assessments, and setting investor risk profile; 
  3. conducting market research and surveys with the aim of improving our products and services. 
  4. for the prevention, detection, investigation and prosecution of crime (including without limitation, money laundering, terrorism, fraud and other financial crime) in any jurisdiction, identity verification, government sanctions screening and due diligence checks; 
  5. to comply with local or foreign law, regulations, voluntary codes, directives, judgements or court orders, agreements between any member of the Asyaf Investments group and any authority, regulator or enforcement agency policies, reporting requirements under financial transaction legislation and demands or requests of any authority, regulator, enforcement agency or exchange body; 
  6. to seek professional advice, including in connection with any legal proceedings (including any prospective legal proceedings), for obtaining legal advice or establishing, exercising or defending legal rights; 
  7. if we are required to do so by law, or if it is necessary for the proper operation of our systems, our protection or the protection of our users and customers, or for the enforcement of our Terms and Conditions; 
  8. processing applications made by you, running your accounts, providing our services, contacting you; 
  9. servicing our relationship with you, for example administration and accounting, billing and auditing and other legal purposes; 
  10. security, payment verification, preventing and detecting money laundering, fraud and other crime, recovering debt;
  11. generating statistics on our users, such as the popularity of certain of our services, and about the “traffic” on our website. When we do this, data is anonymized and you are not personally identifiable; 
  12. to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you; 
  13. to notify you about changes to our service;
  14. to ensure that content from our website is presented in the most effective manner for you and for your computer; 
  15. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; 
  16. to allow you to participate in interactive features of our service, when you choose to do so; 
  17. to assist us with keeping our website safe and secure; 
  18. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and 
  19. to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them. 
  20. except where you have opted out, we may also use your personal data to keep you informed about relevant products and services.

5. How do we safeguard your personal data?

The security of your personal information is important to us and we have invested significant resources to protect the safekeeping and confidentiality of your personal information. When using external service providers, we require that they adhere to the same standards as us. Personal information may be transferred or stored at a location outside of your country of residence. Regardless of where personal information is transferred or stored, we take all steps reasonably necessary to ensure that personal information is kept secure. 

The Internet is not a secure form of communication and sending and receiving information over the Internet carries with it risks including the risk of access and interference by unauthorized third parties. Information passing over the Internet may be transmitted internationally (even when the sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than your country of residence. We do not accept responsibility or liability for the confidentiality, security or integrity of your personal information in connection with its transmission over the Internet. 

However, we take all reasonable care in the collection, storage, processing and disclosure of your personal data and have implemented internal security procedures to minimize the risk that unauthorized parties will be able to access the information. It is because of these security procedures that we may ask for proof of identity before we disclose any personal information about you. 

To help protect your personal data and minimize the risk of it being intercepted by unauthorized third parties our secure servers use industry standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) technology when you submit information to us through our website. This security is documented by the usage of the secure “https” protocol and the padlock on the URL bar. 

You can also help to protect your personal data, by following the guidelines below: 

  1. choose a password that you will be able to remember but that would be hard for someone to guess. Ideally it should include special characters (such as “?” or “#” for example) and numbers. We recommend that you change it regularly and if you need to write it down, always keep it in a safe place; 
  2. make sure that no-one can see the details you are entering when you log-in; 
  3. remember to close your browser each time you log-off and end your session and, if possible, clear any history of the websites you have visited and that your browser may have saved or “cached”; 
  4. never disclose your account details to anyone; 
  5. ensure that the software you use has installed the latest security upgrades and that your software protection is up-to-date. 

To get the best from our services, please keep your personal data (including your email address) accurate and up to date. You can do this by logging into our secure website. We will store your personal data (aside from the automatic information detailed above) once we have received your registration. 

6. How long do we retain your personal data for?

Information relating to your financial transactions with us will be kept for the period required by applicable tax and zakat revenue legislation. 

Your personal profile and membership data for will be retained whilst you continue to be an active free or paid member, and for up to 7 years following cessation of membership activity. 

In all other cases, we will erase or anonymize your data once it is no longer necessary for the purpose we obtained it for. 

7. Who do we disclose your personal data to?

We allow third party service providers to process personal data where this is needed in connection with a service they provide to us. These arrangements may involve your personal information being located in various countries around the world including the United Arab Emirates where we have our head office. 

You should be aware that different privacy laws may apply in these countries from any laws that may apply in the country where you are located. We will always strive to adopt the highest standards of privacy protection wherever your personal information is located. Our Privacy Policy does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites which we do not operate or control. 

We may share your information with selected third parties including: 

  1. business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; 
  2. advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; 
  3. analytics and search engine providers that assist us in the improvement and optimization of our website; and 
  4. credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; 
  5. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; 
  6. if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and 
  7. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements between us and you, or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. 
  8.  

8. How do you withdraw your consent including marketing opt-out? 

You may withdraw your consent for data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. 

You may also instruct us not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-in to the use of your personal information for marketing purposes. You can unsubscribe from our emails at any time by clicking on “unsubscribe” at the bottom of the email. 

You can also contact us at [email protected]  should you wish to withdraw your consent or opt out of marketing communications at any time.

9. Do we carry out profiling and automated decision making? 

We use Google analytics to collect details of how you use our website, as well as anonymous data that you enter into our forms. We do this to help us analyze how visitors use our site (including behavior patterns and the tracking of visits across multiple devices), administer our site and manage your account.  Please see our Cookie Notice for more details about Google analytics. 

We do not carry out any other profiling or automated decision-making in respect of the information we automatically collect about you when you visit our site. 

10. Monitoring 

To the extent permitted by law, we may record and monitor your communications with us to ensure compliance with our legal and regulatory obligations and our internal policies. This may include the recording of telephone conversations. 

11. What rights do you have?

Under DIFC Data Protection Law data protection law, you have a number of rights in respect of your information, which include the right to: 

  1. access your information; 
  2. withdraw your consent to the processing of your information at any time; 
  3. ask us to make changes to the information we hold about you to make sure that it is accurate and up to date; 
  4. delete or erase your information (sometimes called the right to be forgotten); 
  5. stop or restrict our processing of your information; 
  6. object to our processing your information; 
  7. not be subject to automated decision-making; and 
  8. request the transfer of some of the information we hold about you (known as data portability). 

If you would like to exercise any of your rights, please contact us at [email protected]. Please note that an archive copy of any information provided to us may be retained by us for our records and for audit purposes. 

You have the right to request a copy of the information we hold about you by sending your request in writing to us at [email protected]

12. Third party websites 

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. 

13. Social media 

We operate channels, pages and accounts on some social media sites to inform, assist and engage with customers. We monitor and record comments and posts made on these channels about us so that we can improve our services. 

We are not responsible for any information posted on those sites other than information we have posted ourselves. We do not endorse the social media sites themselves or any information posted on them by third parties. 

14. International data transfers 

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable us to use the information in accordance with this Privacy Policy. 

Information which you provide may be transferred to countries, including the United States, which may not have data protection laws equivalent to those in force in the European Economic Area. However, any transfers of personal data will be done in compliance with applicable Saudi data protection Protection law.

In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others. 

You expressly agree to such transfers of personal information. 

15. Changes to this privacy policy 

We may in our absolute discretion update this Privacy Policy from time to time. It is therefore recommended that you review it regularly. 

16. Contact 

If you have any questions, concerns or complaints about the way we process your personal information, please contact [email protected].

If you are not happy with the way we have handled your complaint or are still concerned about our handling of your personal information, you can lodge a complaint with the relevant privacy supervisory authority.