checkmark

Privacy Policy

Privacy notice

alinma Bank is a leading Saudi bank established in 2006. It offers an integrated range of banking services that comply with Islamic Sharia for individual customers, businesses, and investors. Its services include account management, financing, credit cards, and electronic banking solutions. The bank is committed to providing innovative financial solutions that meet the needs of various customer segments and enhance interaction with them, while maintaining full compliance with the regulations and regulatory requirements in place in the Kingdom.

alinma Bank respects your privacy and is committed to protecting the personal data we collect and process in accordance with the Kingdom of Saudi Arabia Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443H, and other applicable regulations in the Kingdom.

This Notice, governed by the applicable regulatory requirements, explains how we responsibly and lawfully collect and process your personal data, and how we protect your privacy.

This Notice applies to all personal data processing activities carried out by alinma Bank across all of its business lines, products, services, operational functions, and customer interaction channels, including branches, digital platforms, mobile applications, online banking services.

We recognize that it is important for you to know how we deal with your personal and financial data. When we say “we” this means alinma Bank and our trusted partners who provide services to us. These include our contracted Third Parties, including but not limited to advertising agencies, technology providers, social media partners, etc.

 

Contact Information of the Controller:

Contact Information of the Data Protection Officer (DPO):

Address: AlOlaya, Riyadh, Saudi Arabia

Email: data.privacy@alinma.com

 

Date of Last Update

This Privacy Notice was last updated in Mar 2026. The Notice is reviewed at least annually whenever material legal, regulatory, operational, or technological changes occur. The review process is overseen by the Data Protection Officer to ensure continued compliance with applicable laws and regulatory expectations. Any changes will be posted on our website with the updated date.

What Personal Data is collected?

Personal Data is any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

 

We collect and process the following Personal Data:

 

Mandatory Data: Certain personal data is mandatory for us to provide our banking services and comply with legal obligations. Failure to provide this data may result in our inability to offer certain services.

Optional Data: Some personal data is optional and is collected to enhance our services and customer experience. You may choose not to provide this data without affecting the core services we offer.

How do we collect and use your Personal Data?

Some of the Personal Data that we process is obtained directly from you through account opening forms, loan applications, online banking portals, and customer service interactions either in-person or online.

We also obtain some Personal Data indirectly from third parties such as Credit Bureau agencies, Fraud prevention agencies, regulatory authorities, other banks or financial institutions and publicly available sources.

We gather and process data through cookies, tracking technologies, and other methods from various sources, including our KSA branches, alinma websites, applications, phone calls, emails, and device identifiers.

 

We also obtain information about additional cardholders, account holders, business partners, dependents, family members, representatives, and agents.

For corporate banking, we collect personal data on representatives, employees, shareholders, and beneficial owners.

alinma Bank applies the principle of data minimization, ensuring that personal data collected, whether obtained directly from you or from authorized third parties, is adequate, relevant, and limited to what is necessary in relation to the lawful purpose for which it is processed.

What are the purposes for collection and processing?

We only use Personal Data for the purpose it was collected for. We process your Personal Data for the following reasons:

 

How do we disclose your Personal Data?

Internal Sharing: Personal data may be shared within Bank alinma for operational and administrative purposes.

alinma Bank does not sell, rent, or trade personal data to third parties for commercial purposes. Personal data is only shared where necessary to provide banking services, complete transactions, comply with legal or regulatory obligations, or where explicit consent has been obtained for clearly defined secondary purposes such as marketing.

Sharing with alinma subsidiaries: We may share your personal data with alinma subsidiaries (e.g. alinma Pay) to support seamless services across our platforms. This sharing is limited to what is necessary to enhance our services, improve functionality and ensure a consistent experience. alinma subsidiaries are required to handle your personal data in compliance with privacy and security standards.

External Sharing: Personal data may be shared with:

Occasional (One-Time) Sharing: We may share your personal data on an occasional basis in the event of an exceptional request or urgent legal circumstance, such as a court order.

We ensure that these third parties adhere to strict data protection standards through contractual agreements in line with the requirements of KSA PDPL. These agreements include confidentiality obligations, data protection controls, and incident notification requirements to ensure that personal data remains protected at standards consistent with alinma’s internal requirements.

Transfer outside the Kingdom

Where we transfer your data outside of the Kingdom of Saudi Arabia, we ensure that appropriate safeguards, as required by the KSA PDPL, are in place, including contracts and international agreements.

 

Legal Basis for Collecting and Processing Your Personal Data

In accordance with KSA Personal Data Protection Law, the legal basis on which we rely in processing such data is:

 

If you would like to review, exercise any of the above rights, please contact the Data Protection Officer (DPO).

How do we store, retain and destroy your Personal Data?

Personal Data is only stored for as long as it is necessary to fulfil the purposes for which it was collected. Your Personal Data is stored securely either at the bank’s headquarters or at a cloud computing service provider complying with the Saudi Central Bank (SAMA) guidelines.

We implement technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments to maintain data integrity and confidentiality.

Personal Data is retained for defined retention periods in line with regulatory, legal, and professional body standards and guidelines. This length of time may vary depending on individual circumstances. We regularly review our data retention period to ensure we are not keeping Personal Data for longer than necessary.

We may retain your data after the termination of our banking relationship to fulfill legal and regulatory obligations (including statutory retention periods), comply with judicial orders, adhere to internal policies, or if it aligns with the Bank's legitimate interests.

Personal data related to banking relationships may be retained for at least ten (10) years following the termination of the banking relationship, in accordance with applicable regulations, unless a longer retention period is required by applicable laws or regulatory requirements. After the retention period, we will securely dispose of such data in a manner that prevents access or retrieval.

 

Your Rights Regarding Processing of Your Personal Data

Under KSA Personal Data Protection Law, you have the following rights, which primarily depend on the purpose of Personal Data collection and processing:

You may opt out of receiving marketing messages at any time through the privacy settings in the mobile application, by contacting the Customer Service Center, or by reaching out to the Data Protection Officer via email at (data.privacy@alinma.com).
Withdrawing your consent will not affect any other services in the event you choose to exercise this right.

For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Data Protection Officer (DPO) using the above-mentioned contact details.

Here are common areas where restrictions might apply on the above-mentioned rights:

Your will be provided with the justification regarding the restriction that might apply.