Kingdom Brokerage

privacy policy

Kingdom Brokerage for Insurance is dedicated to safeguarding the privacy of our clients and their personal information. This policy applies to all services and products we provide and ensures compliance with the Personal Data Protection Laws in Saudi Arabia. We are committed to collecting and processing personal data securely and in line with established data protection standards.

This privacy policy details how Kingdom Brokerage for Insurance collects, uses, stores, shares, and manages clients’ personal information, as well as the security measures we implement to protect this data in accordance with the Personal Data Protection Law (PDPL) in Saudi Arabia.

Background

In developing this policy, we considered several factors:

  • Regulatory requirements in Saudi Arabia, including those set by the Insurance Authority (IA) and the Saudi Data & AI Authority.
  • Document retention policies and the rights of our clients for whom we act.
  • Our need as an insurance brokerage to manage insurance policies effectively, assess current and future risks, and prevent or detect fraud and other crimes.

Definitions

  • Personal data: Any information, regardless of its source or format, that can identify an individual, including names, identification numbers, addresses, contact information, license numbers, financial details, and photographs.
  • Processing: Any action taken on personal data, including collection, recording, storage, and sharing.
  • Collection: The act of obtaining personal data in accordance with legal requirements, directly from the individual or authorized representatives.
  • Destruction: Actions that render personal data irretrievable.
  • Disclosure: Allowing access to personal data to parties other than those responsible for processing it.
  • Transfer: Moving personal data from one location to another for processing purposes.

Data Collection

Kingdom Brokerage for Insurance collects only the essential personal information needed to provide high-quality services and improve customer experience. This may include:

  • Registration Data: Personal information provided during registration, such as name, date of birth, and national ID number.
  • Geolocation Data: Geographic information relevant to specific services.
  • Contact Information: Address, email, and phone number.
  • Banking and Financial Data: Information related to bank accounts and financial services provided.
  • Documents from Clients: Any documentation submitted by clients for quotes or policy issuance.
  • Compliance Information: Data required to comply with laws and regulations, including anti-money laundering and Know Your Customer principles.

Data Sources

We gather personal data from various sources:

  • Direct Client Information: Data provided by clients themselves.
  • Public or Commercial Information: Data that is publicly available or obtained through commercial means.
  • Government Databases: Information sourced from official government records for verification purposes.
  • Authorized Representatives: Information provided by legal representatives acting on behalf of clients.
  • Digital Interactions: Data collected during direct communications with us.
  • Feedback and Inquiries: Information gathered from client feedback or inquiries.

The collection of personal data includes both electronic transactions and manual interactions with the company.

Purposes of Data Processing

We process personal data based on the principles of the Saudi Personal Data Protection Law (PDPL) for the following reasons:

  • To provide and improve our insurance products and services.
  • To comply with legal and regulatory obligations.
  • To enhance information security and protect personal data.
  • For security, legal, or judicial purposes.
  • With explicit consent from clients for specific purposes.

Data Sharing and Transfer

We may share personal data with third parties when necessary:

  • With Client Consent: When we have received explicit approval from the client.
  • To Fulfill Legal Obligations: When required by law or regulation.
  • With Service Providers: Such as licensed insurance companies in Saudi Arabia that assist us, provided they maintain appropriate data protection measures and have client consent.
  • With Regulatory Authorities: As required by law or upon request.

Data Security

Kingdom Brokerage for Insurance employs strict security protocols to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include cybersecurity measures, encryption, access controls, and ongoing security assessments.

Data Retention and Disposal

We retain personal data only as necessary and in compliance with legal requirements. This includes keeping data to meet operational, regulatory, or security obligations, while implementing safeguards to protect it. We ensure data storage aligns with the PDPL and regulations from the Insurance Authority (IA).

When data is no longer needed or at the request of the data subject, we securely destroy it. If we identify any non-compliance in data processing, we will take corrective measures to rectify the situation.

Data Retention

Personal data is securely stored either electronically in protected databases or as paper documents.

Data Disposal

Data disposal includes securely destroying physical documents and permanently deleting electronic records in line with regulatory requirements.

Minimum Retention Periods:

  • Quotations & Requests: Retained for Ten Years from the date of the quotation or request.

Insurance Policies:

    • Paper records for Ten Years after policy termination.
    • Electronic records for Ten Years after policy termination.

Claims:

    • Paper records for Five Years after the claim is last updated.
    • For specific claims, paper records will be kept for Ten Years.
    • Electronic records for Ten Years from the last update or policy termination.

Accounts & Payment Data:

    • Paper records for Ten Years from creation or payment date.
    • Electronic records for Ten Years from creation, payment, or policy termination.

Complaints:

    • Paper records for Seven Years after the complaint is last updated.
    • Electronic records for Ten Years from the last update or policy termination.

Rights of Data Subjects

Under the Personal Data Protection Law, clients have several rights, including:

  • The right to be informed about data collection and usage.
  • The right to access personal data.
  • The right to request personal data.
  • The right to correct or update data.
  • The right to request deletion of unnecessary data.
  • The right to understand data processing methods.
  • The right to withdraw consent for data processing at any time.
arArabic