Privacy Notice

PRIVACY POLICY

Last update September 19, 2024
United Cooperative Assurance Company (UCA) (“the Company” or “we”) are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about the Privacy Policy or our practices regarding your personal information, you may contact us at the following email: uca@uca.com When you visit our website https://uca.com.sa/ (the “Website”) and use any of our services, we appreciate that you trust us when you provide us with your personal information. We take your privacy seriously. Through this policy, we seek to clarify the information we collect, how we use it, and your rights. We hope you take some time to read it carefully. If there are any terms in this privacy policy that you do not agree to, please stop using our services immediately. This Privacy Notice applies to all information collected through our services on the Website and any services, marketing or sales we provide.

The Data Controller is United Cooperative Assurance (UCA) – a Saudi joint stock company established in May 2008, with Unified Number 8002444442 and Commercial Registration Number 1010269076, licensed and regulated by Insurance Authority having principal address as King Fahd Road, Al-Muruj District, Al Saedan Building, Ground Floor, P O Box 002041 Riyadh – Muruj District, Kingdom of Saudi Arabia.

At UCA, we take data privacy seriously and we provide our customers with all necessary data security to protect such Personal Data from unauthorized access. Whenever we engage any third parties (Data Processors) who carry out any work on our behalf to comply with appropriate compliance standards to protect your information.

1. DEFINITIONS

Personal Data:
Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

Processing:
Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.

Collection:
The collection of Personal Data by Controller in accordance with the provisions of this Law, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject or any other party.

Sensitive Data:
Personal Data revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.

Destruction:
Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.

Disclosure:
Enabling any person – other than the Controller or the Processor, as the case may be – to access, collect or use personal data by any means and for any purpose.

Transfer:
The transfer of Personal Data from one place to another for Processing.

Publishing:
Transmitting or making available any Personal Data using any written, audio or visual means.

Genetic Data:
Any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data.

Health Data:
Any Personal Data related to an individual’s health condition, whether their physical, mental or psychological conditions, or related to Health Services received by that individual.

Health Services:
Services related to the health of an individual, including preventive, curative, rehabilitative and hospitalizing services, as well as the provision of medications.

Credit Data:
Any Personal Data related to an individual’s request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.

Data Subject:
The individual to whom the Personal Data relate.

Public Entity:
Any ministry, department, public institution or public authority, any independent public entity in the Kingdom, or any affiliated entity therewith.

Controller:
Any Public Entity, natural person or private legal person that specifies the purpose and manner of Processing Personal Data, whether the data is processed by that Controller or by the Processor.

Processor:
Any Public Entity, natural person or private legal person that processes Personal Data for the benefit and on behalf of the Controller.

2. PRIVACY POLICY

Please read the information privacy policy carefully; this will help you understand our collected information.

2.1. What is the information we collect?
2.2. How do we use your information?
2.3. Will your information be shared with anyone?
2.4. What are your privacy rights?
2.5. Do we usually make updates on our privacy policy?

2.1. WHAT IS THE INFORMATION WE COLLECT

We collect the personal information you provide to us once you register on the Website, when you apply for our services, when you use the Website features, or when you contact us. The personal information we collect depends on for what purpose you use the website features, the choices you make and the services you use. The personal information we collect may include, for example:

  • Personal Information You Provide:
    Collect names, national identification or residency number, phone numbers; email addresses; credit card numbers; usernames; passwords, and other similar information.
  • Payment data:
    We may collect data necessary to process a payment if you make a purchase, such as the payment method number and security code associated with your payment tool. All payment data will be stored through PayFort company. You can find the link to their privacy notice through the following link.

https://paymentservices.amazon.com/privacy?language=ar-AE

All personal information you provide must be true, complete and accurate. You should also notify us of any changes to your personal information.

2.2. HOW DO WE USE YOUR INFORMATION?

We use the personal information collected via our website for various commercial purposes described below. We process your data for these purposes in reliance on our legitimate business interests to enter into or perform a contract with you, with your consent, and to comply with our legal obligations. We indicate the specific processing reasons we rely on next to each item listed below.

We use the information we collect or receive:

  • If insurance is requested, to assess the level of risks to be insured.
  • To fulfill and manage your requests, payments and exchanges made through the Website and provide you with the requested services.
  • To respond to your inquiries and resolve any potential problems you may have when using one of our services. We may send reminders for invoices, information about insurance contracts, offers, products and information about changes to our terms and policies.
  • For marketing and promotional purposes, to inform you of other products or services available to us. If in line with your marketing preferences.
  • For other commercial purposes, such as analyzing data, determining the effectiveness of our promotional campaigns, evaluating and improving our site and products, and marketing. We may use and store information that is not associated with individual users and does not include their data. We will not use your personally identifiable information without your consent.
  • To implement our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.

Note: Please refer to Appendix-A for general consent and for opting in/out for marketing consent.  The login screen presents two separate check-box where the marketing check-box is optional.

2.3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

We may process or share the data we hold about you based on your giving us your consent to use your personal information for a specific purpose. In addition, we may process your data when it is necessary to achieve our legitimate business interests. We may disclose your information where we are legally required to comply with applicable law, governmental requests or legal processes.

More specifically, we may need to process your data or share your personal information in the following situations:

  • Vendors and other third-party service providers:
    We may share your information with suppliers, service providers, social services organizations and companies, or agents who perform services for us or on our behalf and request access to this information to do that work. Examples include payment processing, data analysis, and marketing efforts. We may allow selected third parties to use tracking technology on the Website to analyze and track data and understand online activity better. We do not share, sell, rent or trade any of your information with third parties for promotional purposes. We have contracts in place with data processors that are designed to help protect your personal information. Accordingly, they will not share your personal information with any organization other than us and are obligated to protect the data they hold on our behalf, keep it on our behalf, and keep it for the period that was.
  • Governmental agencies:
    For regulatory purposes and government services to comply with legal and regulatory requirements or in connection with our contract.

2.4. WHAT ARE YOUR PRIVACY RIGHTS?

You have rights that allow you greater access to and control over your personal information. You can review, change or close your account at any time. If at any time you would like to review or change the information in your account, you can log into your account settings and update your user account. We may retain certain information in our files to prevent fraud, troubleshoot problems, assist with any investigations, implement our Terms of Use and comply with applicable legal requirements.

2.4.1. Right to Know / Information / Purpose

You have the right to know about our contact details, the exact reason the data is being collected, the methods being used for data collection.

2.4.2. Right to Request Access or Copy

You have the right to access your Personal Data from us and obtain a copy of it in a clear and readable format, in conformity with the content of the records, at no cost.

2.4.3. Right to Request Correction

You have the right to request correction of any data collected on them if it is incomplete, inaccurate, or obsolete.

2.4.4. Right to Request Destruction

You have the right to request the destruction of data collected on them. The reasons can range from the user rescinding their consent for data collection to the data no longer serving the purpose for which it was collected.

UCA is required to ensure that you are appropriately informed about these rights and establish dedicated channels for you to exercise these rights. UCA must fulfill these requests within 30 days and record all data subject requests received.

3. COOKIES AND SIMILAR TECHNOLOGIES

Most web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to flag and reject cookies. If you remove or decline cookies, this may affect certain features or services on our website.

4. UNSUBSCRIBE FROM EMAIL MARKETING

You can unsubscribe from our email marketing list anytime by clicking on the unsubscribe link in our emails or by calling. You will then be removed from our marketing email list – but we may continue to contact you as necessary, for example, to send you information related to the service listed on or knowledge required to manage or use your account to respond to service requests or other non-marketing requests. You can access your account settings and update your preferences to opt-out.

5. SECURITY PRACTICES & PROCEDURES

The security of Personal Data is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. We shall take reasonable steps and measures to protect the security of the customer’s Personal Data from misuse, loss, unauthorized access, modification or disclosure. We maintain our security systems to ensure that the Personal Data of the customer is appropriately protected and follows standard encryption norms for the transmission of information. We ensure that our employees and affiliates respect the confidentiality of any Personal Data held by us.

6. RETENTION OF PERSONAL DATA

We retain your Personal Data only for as long as mandated by the regulators for the purposes set out in this Privacy Notice. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies which is subject to Electronic Insurance Services instructions and other applicable rules and regulations within the designated jurisdiction.

7. PRIVACY NOTICE UPDATES

Any updates or changes to the notice will be posted on our website with the new revision date, which is the effective date of changes. Your continued use of this website constitutes your acceptance of any changes to the notice. Therefore, we recommend you to check

8. DISCLAIMER

This Privacy Notice is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on us in respect of any other party or on behalf of any party. When you log in to third parties’ websites, you will not be subject or under this Privacy Notice. Moreover, we are not responsible for their websites’ content, and we do not represent third parties. Therefore, we recommend you review the privacy and security policy of each link you log in to.

9. CONTACT US

If you have any questions, concerns or complaints regarding our compliance with the Privacy Notice and the KSA PDPL, or if you wish to exercise your rights, please contact us. We will investigate and will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible, in any event, within the timescales provided by applicable data protection laws or regulations.

If you have any questions or comments regarding the processing of your Personal Data, our privacy practices or if you would like us to update information or preferences you provided to us, please contact the Data Privacy Team through the following email: data.privacy@uca.com.sa or call 8002444442 locally or +966112175335 internationally.

APPENDIX – A

apendex-a

Leave a Reply

Your email address will not be published. Required fields are marked *