Privacy Policy

This Privacy Policy explains how Al Rajhi Takaful (collectively, "we", "us", "our", or “group”) collects, processes, uses, shares, stores, archives, protects and destroys customer information. By using our services, we may collect and use your personal data for various purposes, as permitted under applicable law and as explained in this Privacy Policy.

Privacy Policy

This Privacy Policy explains how Al Rajhi Takaful (collectively, "we", "us", "our", or "group") collects, processes, uses, shares, stores, archives, protects and destroys customer information. By using our services, we may collect and use your personal data for various purposes, as permitted under applicable law and as explained in this Privacy Policy.

 

1. Introduction

Al Rajhi Takaful is committed to protecting your personal data. This Privacy Policy is addressed to the individuals based in the Kingdom of Saudi Arabia ("KSA"), as well as those located outside KSA, whose data is processed by us in the KSA or in connection with the individuals in the KSA by authorized third parties from outside the Kingdom, in accordance with this Privacy Policy. This Privacy Policy explains what personal data we collect about you, why we collect and process it, and how we use it.

We determine how and why your personal data is collected and used. Therefore, we act as the controller of your personal data under the KSA Personal Data Protection Law, approved by Royal Decree No. M/148 dated 5/9/1444 AH (27 March 2023), which came into effect on 14th September 2023. ("applicable law").

In case of any major changes to how we collect and process your personal data, we will notify you by updating this Privacy Policy and providing you with the updated version. By continuing to use our services, you agree to these changes. We remain committed to keeping you informed.


2. Who We Are

Al Rajhi Takaful provides first-class, innovative, and ethical insurance solutions for all sections of the Saudi Arabian society. As part of availing our insurance services, we may collect, process, use, share, and store your personal data in accordance with applicable laws. You can contact us using the following contact details:

Contact No.: 8001184444; 920004414

Personal Data Protection Officer: [email protected]


3. What is personal data and processing?

3.1 What is personal data?

Personal data means any information that can identify you as an individual.

The types of personal data we collect may vary depending on the circumstances and the business unit you interact with. Examples of personal data we may process but are not limited to:

  • Identification data (for example: full name, national ID number, Iqama number, passport number)
  • Contact data (for example: phone number, email address, postal address)
  • Demographic data (for example: date of birth, age, nationality, gender)
  • Financial data (for example: bank account details, IBAN, annual income)
  • Health and medical data (for example: health status, medical history, treatment records, diagnostic reports)
  • Insurance data (for example: policy numbers, coverage details, claims history, beneficiary information)
  • Vehicle data (for example: registration number, chassis number, driver licence details)
  • Employment data (for example: employer name, job title)
  • Digital data (for example: IP address, device identifiers, cookies)
  • Biometric data (for example: identifiers used for identity verification)
  • Religious affiliation (for example: implicitly reflected in Alrajhi Takaful product structure)
  • Fraud (for example: information relevant to fraud investigation)

3.2 What is processing?

Processing means any operation carried out on personal data, whether automated or manual, including collecting, recording, saving, organizing, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, erasing, or destroying it.


4. What legal basis do we use for processing your personal data?

We will use a legal basis to process your personal data. This means we will have legal justification to use your personal data, as required by the applicable law.

4.1 We may rely on the following lawful basis to process your personal data:

4.1.1 Your consent (we will seek your consent on a case-by-case basis when required).

4.1.2 Processing achieves an actual interest for you, and it is impossible or difficult to contact you.

4.1.3 Processing is required by other applicable legal requirements and is performed in accordance with them.

4.1.4 Processing is carried out to fulfill an agreement to which you are a party.

4.1.5 Processing is necessary for the purpose of our legitimate interest.


5. Purposes and Methods of Collecting and Processing your Personal Data

5.1 We may process your personal data in different ways. The specific way we process your personal data depends on the purpose of processing, as specified below. This may include activities such as collecting, using, storing, consolidating, sharing, modifying, disclosing, erasing or destroying your personal data.

5.2 Below are examples of possible processing activities:

  1. Customer Care

    We may process your personal data to:

    • Store and analyze recorded customer service calls for quality purposes.
    • Generate reports to review information on metrics such as the number of calls received, and interactions handled.
    • Evaluate and store agents' performance metrics.
    • Enhance services provided, managing change requests, and adding new features using customer data.
  2. Sales

    We may process your personal data to:

    • Target you to sell insurance products.
    • Calculate performance for each channel to enhance sales performance.
    • Calculate sales performance for each product.
  3. Risk Management

    We may process your personal data to:

    • Report fraud cases.
    • Process information (e.g., videos, photos) regarding operational risk incident management.
    • Set up and manage user accounts and permissions.
  4. General Business

    We may process your personal data to:

    • Process requests for policy cancellations and handling customer complaints.
    • Manage reinsurance arrangements.
    • Assess, evaluate, and determine the risk associated with issuing insurance policies to corporate clients.
    • Process requests for policy cancellations and handling corporate clients.
    • Manage reinsurance arrangements for corporate clients.
  5. Motor Business

    We may process your personal data to:

    • Process claims, to review and pay the insurance claim.
    • Assess and identify the risk category and calibrate the premium rates for you.
    • Contact you in order to recover and collect funds for motor insurance.
  6. Life Business

    We may process your personal data to:

    • Assess risk, determine premium rates based on the policyholder's information, and collect the premium.
    • Process beneficiary's claims.
    • Process policyholder's requests.
    • Reinsure our risks on a quarterly basis / ad hoc basis.
  7. Health Business

    We may process your personal data to:

    • Assess and analyze the members (corporate client, small and middle-sized companies) list to provide accurate health insurance pricing advice.
    • Assess and validate health insurance claims by reviewing medical records, treatment details, and diagnostic reports.
    • Provide pre-authorization for services.
    • Process health data insights to enhance or provide solutions for activities across the health department.
    • Provide strategic oversight for the health department, conducting market surveys and analyzing market-related data for future projects, and assessing customer satisfaction.
    • Process personal data to assess and investigate fraudulent claims.
  8. Actuarial

    We may process your personal data to identify risk factors to determine the pricing of various actuarial risks.

  9. Digital

    We may process your personal data to:

    • Operate, manage, and maintain our digital platforms, websites, applications, and related systems.
    • Enable digital services and interactions, including online requests, self-service features, and digital claim submissions.
    • Monitor, review, and analyze application performance, including error detection and user journey experiences, to improve system reliability, efficiency, and user experience.
    • Use automated and AI-enabled tools to support operational activities such as claims assessment, service evaluation, and personalized product offerings, where applicable.
  10. Marketing

    We may process your personal data to:

    • Inform you about our insurance products, services, offers, promotions, and events.
    • Conduct marketing, lead generation, and outreach activities through approved communication channels and platforms.
    • Review and analyze customer feedback and engagement to better understand interests and improve the relevance of our marketing communications.
    • Manage your marketing preferences, including consent, opt-in, and opt-out requests.
  11. Shariah Compliance

    We may process your personal data to:

    • Access policies, procedures, products and social media platforms to ensure compliance with Shariah standards.
    • Review claims and provide opinions regarding compliance with Shariah standards.
  12. We may also process personal data for statistical or research purposes without your consent. In doing so, we will clearly specify the purpose, limit the data collected to the minimum necessary, pseudonymize data where possible, and ensure that such processing does not negatively affect your rights or interests, all as documented in our records.

5.3 For information about any other types and methods of processing of your personal data not described here, please contact us via [email protected]

5.4 We may collect your personal data directly from you and, in some circumstances, from third parties.


6. Processing of Personal Data of Minors

6.1 If you are under 18 years of age or otherwise do not have full legal capacity, your legal guardian must exercise your rights in relation to your Personal Data on your behalf. We may collect and process Personal Data relating to minors where necessary for providing our services, complying with legal or regulatory obligations, or for other purposes described in this Privacy Policy. Where consent is required, it must be provided by your legal guardian. We may request reasonable confirmation of guardianship before relying on such consent or responding to related requests.


7. Processing personal data for other purposes

7.1 We aim to ensure that we will use your personal data in accordance with the purposes, as specified in section 4 above.

7.2 However please note that pursuant to the applicable law we may process your personal data for purposes other than specified in section 4 above. It may happen in the following cases:

7.2.1 If you give your consent to such collection and processing.

7.2.2 If your personal data is publicly available, or if it was collected from a publicly available source.

7.2.3 If collection and processing is required for your vital interests.

7.2.4 If collection or processing of your personal data is necessary to protect public health or safety, or to protect the life or health of you or other individuals.

7.2.5 Collection of your personal data is necessary to achieve our legitimate interests (in this case we will not process your sensitive data, e.g., health data).


8. Your rights in relation to the processing of your personal data

In accordance with the applicable law, you may exercise the following rights:

  1. Right to be informed

    You have the right to be informed of:

    • The valid legal or practical justification for collecting your personal data; and
    • Details of how your personal data is processed, including categories of personal data, purposes of processing, and the period for which it will be stored.
  2. Right to have access to your personal data

    You have the right to access the personal data we hold about you.

  3. Right to obtain personal data

    You have the right to request a copy of your personal data in a readable and clear format.

  4. Right to request correction, completion of personal data

    You have the right to request correction, completion or updating of your personal data that we hold.

  5. Right to request destruction of personal data

    You have the right to request destruction of your personal data that is no longer required, subject to compliance with applicable legal requirements.

  6. Right to withdraw consent

    You may withdraw your consent to the processing of your personal data at any time, if no other legal basis for processing applies.

To learn more about your rights or to exercise any of them, please send it via email to [email protected].

We will respond to your request within thirty (30) days. If an extension of up to thirty (30) additional days is needed due to complexity or multiple requests, we will notify you in advance of the reason.


9. Storage and Retention of your Personal Data

9.1 We will arrange safe storage of your personal data in secure systems.

9.2 We will determine the period for storing your personal data in accordance with our Data Retention Policy and Retention Schedule. When determining the period of storage, we will consider any requirements specified by applicable laws and regulations.


10. Disclosure of your personal data

10.1 We may, as required for the purposes listed in section 4 above, disclose your Personal Data to the following organizations:

10.1.1 Our contractors who provide us with data processing, professional or management services, such as IT companies, etc.

10.1.2 Insurance, health, legal services, business partners and strategic alliances, or any member of our group, as well as current or potential clients, suppliers, subcontractors and other business contacts in the ordinary course of our business.

10.1.3 Current or potential business partners in the banking and financial sector, or other third parties involved in the management of our business, for example, through a joint venture or a merger.

10.1.4 Any applicable regulatory authorities (governmental and other public bodies, etc.) or other third parties, as required by law or in accordance with applicable regulatory obligations or policies.

10.1.5 Other organizations, where cooperation with them is necessary for our operations and to provide you with high quality services.

10.2 We may disclose your personal data, in the following cases:

10.2.1 You consent to the disclosure.

10.2.2 Your personal data has been collected from a publicly available source.

10.2.3 The entity requesting disclosure is a public entity, and the collection or processing of your personal data is required for public interest or security purposes, or to implement another law, or to fulfill judicial requirements.

10.2.4 The disclosure is necessary to protect public health, public safety, or to protect the lives or health of specific individuals.

10.2.5 The disclosure will only involve subsequent processing in a form that makes it impossible to directly or indirectly identify you.

10.2.6 The disclosure is necessary to achieve our legitimate interests (in this case no sensitive data (e.g., health data) will be processed).

10.3 When providing your personal data to our Group companies or legal entities with whom we have contractual relationships, we require confirmation of the security measures they implement to protect the personal data. We do not share personal data with public authorities or other third parties without a lawful request from the relevant authorities.

10.4 We make best efforts to ensure we have relevant contractual agreements in place with the parties with whom we share your personal data and that they comply with data protection requirements of Al Rajhi Takaful.

10.5 Al Rajhi Takaful shall not disclose any personal data that:

  • Represents a threat to security, harms the reputation of the Kingdom, or conflicts with the interests of the Kingdom;
  • Affects the Kingdom's relations with any other state;
  • Prevents the detection of a crime, affects the rights of an accused to a fair trial, or affects the integrity of criminal procedures;
  • Compromises the safety of an individual;
  • Results in violating the privacy of an individual other than the Data Subject;
  • Conflicts with the interests of a person that fully or partially lacks legal capacity;
  • Violates legally established professional obligations;
  • Involves a violation of an obligation, procedure, or judicial decision;
  • Exposes the identity of a confidential source of information in a manner detrimental to the public interest.

11. Cross-border personal data processing

We may be required to transfer your personal data for processing outside of the KSA. In such cases, we will comply with the requirements of the applicable law and its Implementing Regulations, or other guidelines issued from time to time regarding cross-border personal data transfers, as well as with the requirements of other laws and regulations, where applicable.


12. Protecting personal data

The security of personal data is a priority and is protected through physical, electronic, and procedural safeguards in line with applicable laws. We take reasonable steps to protect customer personal data from misuse, loss, unauthorized access, modification, or disclosure. Our security systems are maintained to ensure that personal data is appropriately protected and transmitted in accordance with standard encryption practices. We also ensure that our employees and affiliates maintain the confidentiality of any personal data held by us.


13. Disposal of personal data

13.1 If we no longer need your personal data and if we do not have any legal basis to hold it further, we will arrange its erasure (destruction), anonymization or return it to you (unless we must return it to any other entity based on our legal obligations).

13.2 We will ensure that:

13.2.1 In case of anonymization: you will not be further re-identified after anonymization.

13.2.2 In case of erasure (destruction): the personal data will not be reconstructed after it is erased.


14. Direct Marketing

At Al Rajhi Takaful, where we have a legal basis to do so, we may use your personal information to send marketing & awareness communications or to promote our services and other information that you may have interest in, via official channels such as email, SMS or WhatsApp, as applicable and when available. You may opt out of receiving any or all marketing materials communications from us by unsubscribing or contacting Al Rajhi Takaful at the email address mentioned in this Privacy Policy. Our marketing communications may include personalized and non-personalized materials. Personalized communications are tailored specifically to you and include content we believe is most relevant based on the information we hold about you.


15. Use of Google Analytics 4 (GA4)

Our website uses Google Analytics 4 (GA4), a service provided by Google LLC, to analyze and monitor website traffic and user behavior. GA4 helps us understand how visitors interact with our site, so we can improve its functionality, user experience, and performance. The data collected by GA4 is used for:

  • Monitoring and analyzing website performance.
  • Improving the functionality and user experience of our website.
  • Understanding user preferences and behavior patterns to optimize our content.
  • Ensuring that our website meets technical requirements and user needs.

All data collected through GA4 is processed in an anonymized and aggregated form, meaning that it cannot be used to personally identify any individual user.

You can control the collection and use of data through GA4 by:

  • Managing your cookies preferences: You can disable the collection of cookies through your browser settings.
  • Opting out of Google Analytics: You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

For more information about how Google collects and processes data through Google Analytics 4, please visit Google's Privacy Policy and Google Analytics terms.


16. Use of Artificial Intelligence and Emerging Technologies

We may use artificial intelligence and emerging technologies, in accordance with applicable laws, to process your personal data for purposes such as service improvement, pattern analysis, targeted marketing or enhancing the digital customer experience, fraud detection, and claims assessment.


17. Disclosure of Personal Data to Third Parties

We may utilize third parties to perform services on our behalf, under agreements that protect the confidentiality of personal data and ensure it is processed securely and in compliance with applicable laws and regulations.


18. Complaint or Objection Filing Method

If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint to Data Protection Officer of Al Rajhi Takaful, by sending an email to [email protected]

If you are not satisfied with how we process your complaint, or if we fail to respond within 30 working days (or within any extended period, if you have been notified in advance), you may file a complaint with the Competent Authority, SDAIA - Saudi Data & AI Authority.

Address:

Kingdom of Saudi Arabia

Riyadh

Website: Saudi Data & AI Authority (sdaia.gov.sa)

National Data Governance Platform "DGP" (dgp.sdaia.gov.sa)


19. Contact details

If you have any questions or comments regarding our use of your personal data, please contact us by using the following details:

Email: [email protected]


20. Linking to other websites

Our website and marketing email messages may sometimes include links to other websites that are not under our control. Once you have left our website or marketing email, we cannot be held responsible for the content of these websites or the protection and privacy of any information you provide to them. We recommend that you exercise caution and review the Privacy Policy of the relevant website.

This Privacy Policy was last updated on the 17 th of February 2026