INTRODUCTION
Sinad Holding Company is committed to safeguarding and processing personal data (“Personal Data”), including sensitive personal data (“SPD”), in line with the Kingdom of Saudi Arabia’s Personal Data Protection Law and other applicable data protection regulations. “Sinad”, “we”, “us” or “our” means Sinad Holding Company, and each of its direct or indirect subsidiaries. Sinad functions and the entity you contract with are the controllers of your Personal Data. Where we process your Personal Data without a contract with you, the controller is the entity providing you with this Privacy Notice.
References to “you” or “your” refers to individuals whose Personal Data is processed by Sinad, including individual investors, individuals in the alternative business industry, client employees, officers or agents (together “Representatives”) with direct or indirect relationships (such as those who invest through an intermediary); and beneficial owners of an organization or entity in connection with:
(a) the provision of information and/or services to prospective and actual clients, business partners, investee companies and other stakeholders;
(b) transactions to which we are a party, or which we support, participate in, or effect (including transactions carried out on behalf of, or in coordination with, our subsidiaries, investee companies or other stakeholders); or
(c) the provision of services to us by third-party service providers, suppliers, advisors, or vendors.
This Privacy Notice sets applies to your relationship with Sinad and sets out the purposes for which we collect, use, and disclose (collectively “Processing”) Personal Data and how it is protected. It also sets out individuals’ rights in relation to the processing of Personal Data.
There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your Personal Data, which should be read in conjunction with this Privacy Notice.
DATA COLLECTION
Personal Data means data relating to an individual to identify that individual or may make it possible to identify them, whether directly or indirectly, including by reference to such data alone or when combined with other information available. Personal Data does not include data that has been irreversibly anonymized such that it is no longer attributable to an individual, and the individual cannot be identified by any means reasonably likely to be used. SPD is a subset of Personal Data that is subject to enhanced protection and includes (without limitation) data revealing an individual’s ethnic or tribal origin, religious, intellectual or political beliefs, biometric and genetic data for identification purposes, health data, as well as any other categories designated as sensitive under applicable laws and regulations.
The nature and categories of Personal Data that we collect, and process will depend on the applicable laws and regulations, the nature of our relationship with you, and the purposes for which the Personal Data is processed. For ease of reference, we generally categories the Personal Data that may be processed as follows (noting that the examples provided under each category are illustrative and non-exhaustive):
(a) Identification data. Full name, title, nationality, gender, marital status, date of birth, national identification number, passport number, residency/iqama number, specimen signature, license number, relevant official records;
(b) Contact data. Personal address, personal mailing address, telephone number, email address;
(c) Communications and Electronic Monitoring data. To the extent permitted by law, records of communications and correspondence with us (such as telephone calls, emails, instant messaging platforms and other electronic communications) and, where applicable and legally permissible, recordings and monitoring of such communications for legitimate purposes (including quality assurance, training, security, and compliance);
(d) Financial and Transaction data. Payment details, bank account details (and, where strictly necessary, card details), client or investor reference numbers, account statements, and transaction and investment history;
(e) Professional data. Corporate name, employer name, job title/position, work and education history, corporate address, corporate mailing address, corporate telephone number, corporate email address, and professional profiles used for business purposes;
(f) Marketing and Website Usage data. Marketing preferences, records of marketing consents (where required), and information regarding your use of our website and digital channels (including cookies and similar technologies, where applicable);
(g) Profile and Interaction data. Information relating to your interactions with us, services requested, participation in events, surveys and campaigns, and communications preferences and engagement (including social media interactions where relevant);
(h) Premises Security data. Visitor logs and access records for our premises and, where applicable, CCTV footage collected for safety and security purposes
In limited circumstances, and only where permitted or required under applicable law (including the Personal Data Protection Law), we may also process SPD and/or other special categories of data, which may include information relating to health or disability where necessary to provide reasonable accommodations; information required to comply with applicable “know your customer”, anti-money laundering, counter-terrorist financing, sanctions, and regulatory compliance obligations (including, where applicable, information used to assess whether an individual is a politically exposed person); and information relating to criminal convictions and offences, where processing is required or authorized by law. Where we process SPD, we do so on a limited, need-to-know basis and apply enhanced safeguards, and we do not use or disclose such data except to the extent permitted by, and in accordance with, applicable laws and regulations.
We may collect and process your Personal Data through a number of channels, depending on the nature of our relationship with you and the purposes of Processing, including:
(a) directly from you where you provide it to us (for example, in connection with a contemplated or actual investment, engagement, enquiry, request for information, or other interaction);
(b) where you act as Representatives that is, or is seeking to become, a client, investee company, business partner, service provider or vendor of Sinad, and such organization provides us with your Personal Data for legitimate business purposes;
(c) in the course of our ongoing relationship with you and/or your employer or organization, including where you update your details, provide additional information, or where the nature or scope of the relevant engagement or services changes;
(d) from documentation and information that we receive in connection with our investment or holding activities, including (where applicable) from a general partner, limited partner, manager, sponsor, intermediary or other counterparty associated with an entity in which we invest or with which you are otherwise engaged;
(e) from publicly available sources and professional networks, such as corporate websites, public regulatory filings and announcements, and public media sources, as well as professional social media platforms (for example, LinkedIn), including where you interact with us through such platforms or where your publicly available profile is reviewed for legitimate business purposes such as stakeholder engagement or talent acquisition; and
(f) from your participation in, or interactions with, our communications, including email communications, campaigns, events, surveys and feedback initiatives (and related engagement data).
For the foregoing, in each case to the extent permitted under applicable laws and regulations.
PURPOSE OF PROCESSING
We process your Personal Data for specific, explicit and legitimate purposes, which may include (as applicable):
(a) to consider and facilitate the establishment of a relationship with you at your request, including responding to pre-engagement enquiries and undertaking proportionate due diligence and compliance checks (such as sanctions screening and fraud-related checks) where relevant and permitted;
(b) to onboard and engage you, or the organization you represent, as a supplier, service provider, business partner or other counterparty, including conducting reasonable background, integrity and compliance checks (including, where applicable, anti-money laundering, counter-terrorist financing, sanctions and fraud checks) to the extent required or permitted by applicable laws and regulations;
(c) to administer financial matters arising from our relationship, including managing invoices, payments, fees and charges, and pursuing collection and recovery of amounts due;
(d) to communicate and interact with you, including handling enquiries, requests, meetings and correspondence, and providing information and support;
(e) to manage and administer our ongoing relationship with you, including maintaining accurate records and notifying you of material updates to our terms of business, policies and this privacy notice;
(f) to engage and liaise with governmental, regulatory, judicial or other competent authorities, and to respond to lawful requests, enquiries, directions or orders;
(g) to detect, prevent and investigate fraud, misconduct, security incidents and other potentially unlawful activity, and to safeguard our personnel, operations, systems and assets; and/or
(h) to manage and protect our business and operational environment, including maintaining and enhancing cybersecurity and information security, troubleshooting, system maintenance and testing, data hosting and storage, business continuity, and the administration and security of our premises and facilities, in each case to the extent necessary and in accordance with applicable laws and regulations.
BASIS FOR PROCESSING
We obtain your consent prior to processing your Personal Data where consent is required under the Saudi Personal Data Protection Law. Where processing is based on consent, you may withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.
In addition to consent (where applicable), we may process your Personal Data on one or more of the following legal bases, to the extent permitted under the PDPL and other applicable laws and regulations:
(a) performance of a contract;
(b) compliance with a legal or regulatory obligation; and
(c) our legitimate interests, provided that such interests do not prejudice your rights and provided further that we do not rely on legitimate interests to process SPD, in each case including (without limitation) to conduct proportionate integrity and compliance checks and to mitigate financial crime risks (including ensuring that we do not accept the proceeds of criminal activity or facilitate fraud or other unlawful activity, including terrorism), to manage billing, payments, fees and charges and to collect and recover amounts due to us, to administer and improve our relationship management and service delivery communications, to protect and safeguard our legal position and to handle and respond to communications from governmental and regulatory authorities, to protect our employees, operations and assets and to detect, prevent and investigate actual or suspected fraud, misconduct, security incidents and breaches of our policies or applicable laws, and to ensure the efficient and secure operation of our business, including office and facilities administration, information technology operations, network and data security, business continuity, and fraud prevention.
In certain circumstances you may have the following rights in relation to the processing of your Personal Data:
(a) Right to Know and Access. You may request information regarding the Personal Data we process about you, including how and why it is collected and used, and the categories of parties with whom it is shared, and you may request access to such Personal Data.
(b) Right to Obtain Copy. You may request that we provide you with a copy of your Personal Data in a clear and readable format, to the extent required under the applicable laws and regulations, and subject to applicable conditions (including that doing so does not adversely affect the rights of others).
(c) Right to Correction. You may request that we correct, complete, or update your Personal Data where it is inaccurate, incomplete, or out of date.
(d) Right to Destruction. You may request that we destroy (delete) your Personal Data where it is no longer necessary for the purposes for which it was collected or where there is no lawful basis to continue processing, subject always to any retention requirements or other permitted grounds for continued processing under applicable laws and regulations.
(e) Right to Withdraw Consent. Where we process your Personal Data on the basis of your consent, you may withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal, and we may continue to process certain Personal Data where permitted or required by law notwithstanding the withdrawal.
(f) Right to Restriction. You may request that we restrict certain processing activities, where and to the extent such restriction is required or recognized (for example, while a request to correct data is being assessed).
(g) Right to Opt-Out of Marketing Preferences. Where we send you direct marketing communications on the basis of consent (where required), you may withdraw such consent and/or opt out at any time using the unsubscribe mechanism provided in the communication or by contacting us, and we will act on your request in accordance with applicable law.
(h) Right to Lodge a Complaint. You may lodge a complaint with the competent authority if you consider that our processing of your Personal Data does not comply with the applicable laws and regulations.
To exercise any of the rights above, please contact us using the details set out in this Privacy Notice.
We may request specific information from you (and/or from any person submitting a request on your behalf) to verify your identity and confirm your entitlement to submit the request, and to ensure that Personal Data is not disclosed to any person who is not authorized to receive it.
We may also request additional information reasonably necessary to locate and retrieve the Personal Data relevant to your request, including information relating to the nature of your dealings with us and the relevant timeframe.
We will respond to all legitimate requests within the time periods prescribed under applicable laws and regulations.
Where permitted under applicable law, you may appoint an authorized representative to submit a request on your behalf (including by written authorization and/or a duly executed power of attorney). In such cases, we will require appropriate evidence of the representative’s authority and may also require you to verify your identity and confirm the authorization directly with us prior to processing the request. You will not be subject to unlawful discrimination or disadvantage solely for exercising your rights in relation to the processing of your Personal Data.
SHARING AND DISCLOSURE
We do not disclose your Personal Data to third parties except to the extent necessary and proportionate to achieve the purposes set out in this Privacy Notice, including (as applicable) to provide services and administer our relationship with you, to engage professional advisers and service providers acting on our instructions, to complete or support transactions, to comply with applicable laws and lawful requests from competent authorities, or to establish, exercise or defend our legal rights. Where we disclose Personal Data, we take reasonable steps to ensure that appropriate contractual, technical and organizational safeguards are in place to protect such Personal Data and to require recipients to process it in a manner consistent with applicable law.
As a general matter, Sinad does not transfer your Personal Data outside the Kingdom of Saudi Arabia. If, in limited circumstances, a cross-border transfer becomes necessary (for example, where required for the performance of an engagement or to use a third-party service provider), we will only do so in accordance with the Personal Data Protection Law, including by implementing appropriate safeguards and obtaining any approvals and/or consents required. Although the country to which Personal Data may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of Personal Data wherever it is processed, and we require recipients to maintain equivalent protections.
SECURITY AND RETENTION
We maintain appropriate technical and organizational security measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data, taking into account the nature of the Personal Data and the risks associated with processing. Access to Personal Data is restricted to authorized personnel and third parties on a need-to-know basis, and we apply reasonable controls to support confidentiality, integrity and availability.
We will retain and process your Personal Data only for as long as is necessary and proportionate to fulfil the purposes for which it was collected and processed, and thereafter only to the extent required or permitted under applicable laws and regulations, including for compliance with legal, regulatory, accounting, reporting and internal policy requirements, and/or for the establishment, exercise or defense of legal rights and claims (including in connection with audits, disputes, investigations or litigation).
The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any Personal Data by open/unsecure channels over the internet. We endeavor to protect Personal Data but cannot guarantee the security of data transmitted to us or by us.
CHANGES TO THIS PRIVACY NOTICE
We may amend this Privacy Notice from time to time to reflect changes in our processing activities, operational practices, or applicable legal and regulatory requirements. The updated version will be made available on our website and will be effective as of the stated “last revised” date. Where required under applicable law, we will provide additional notice and/or obtain consent prior to implementing material changes.
CONTACTING US
If you have any questions, concerns or complaints regarding this Privacy Notice and/or our processing of your Personal Data, or if you wish to exercise any of your rights under applicable laws and regulations, you may contact us through [info@sinadholding.com] or [CMC Tower, Level9, Riyadh 13524, Kingdom Of Saudi Arabia]
