- First Publication date: 27 December 2022
- Last updated on: 16 June 2025
meem by Gulf International Bank – Saudi Arabia ("we" , “our” or “us”) are committed to protecting and respecting your privacy. This privacy notice (“Privacy Notice”) (together with our Terms Of Use and any other documents referred to on it) sets out the basis on which any Personal Data (as defined below) we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data (as defined below) and how we will treat it.
The data controller is Gulf International Bank - Saudi Arabia , a Saudi Closed Joint Stock Company registered in the Kingdom of Saudi Arabia with Unified Number 7001399042 and Commercial Registration Number 2052001920, licensed by the Saudi Central Bank (“SAMA”) to operate as a bank in the Kingdom of Saudi Arabia with banking license number 2007 whose principal address is at PO Box 93, AlKhobar 31952, national address number 5515 Kingdom of Saudi Arabia
Safeguarding your Personal Data is our main concern. We maintain physical, electronic and procedural safeguards that comply with applicable laws and regulations to secure your information from unauthorized access and use, accidental or unlawful alteration and destruction; and other unlawful or unauthorized forms of processing. We engage in the continuous training of our employees in the proper management of Personal Data.
At meem Digital Banking, we take data privacy very seriously and we provide our customers with all necessary data security to protect such Personal Data from unauthorized access. We require any third parties who carry out any work on our behalf to comply with appropriate compliance standards to protect your information.
PERSONAL DATA:
means any data – of whatever source or form – that would lead to the identification of the individual specifically or make it possible to identify him or her directly or indirectly, including name, personal identification number, addresses, contact numbers, license numbers, records, data location, personal property, bank account and credit card numbers, fixed or moving pictures of the individual, and other data of personal nature.
SENSITIVE DATA:
means any personal data that includes a reference to an individual's ethnic or tribal origin, or religious, intellectual, or political belief, or indicates his membership in nongovernmental associations or institutions, as well as criminal and security data, biometric data, genetic data, credit data, health data, and data that indicates that both parents of an individual or one of them is unknown.
We will limit the collection and use of customer information to the minimum We require to deliver Our services to Our customers, which includes advising Our customers about Our products, services and other opportunities, and to administer Our business.
In addition, the data collected will differ based on your capacity, if it’s in your personal capacity or if you are acting on behalf of an individual or representing an entity.
What Personal Data Do We May Collect?
We will collect, use, store and transfer various elements of your personal data through different channels. Including but not limited to cases where it is mandatory for us to collect your data, including, but not limited to:
1.Identifying Information:
Full name
National ID or Residency number
Date of birth
Gender
Nationality
If you lack full or partial legal capacity
Evaluate if you are a Politically Exposed Person (“PEP”)
Employer Name / Occupation
Education
Disabilities (if any)
2.Contact Information:
Mobile phone number
Email address
National Address
Mailing Address (if different from National Address)
3.Basic Financial Information (where applicable):
Bank account number
Credit score via relevant Credit Bureaus.
Credit or debit card number (if voluntarily submitted through specific forms)
4.Technical Usage Data:
Internet Protocol (IP) address
Device type and operating system
Browser type
Browsing activity on the Bank’s website
Cookies and similar tracking technologies
5.Digital Banking Information:
Access to online banking or mobile applications
User preferences and interaction data with the Bank’s digital platforms
6.Original Documents (where applicable):
In the case of Power of Attorney or legal guardianship of a customer: Copy of ID and / or Family Card
Power of Attorney
Death Certificate(s)
Medical Reports (for risk assessment purposes if you a customer)
Court rulings issued by the Ministry of Justice (where applicable)
Commercial Papers governed by the Commercial Papers Law
Proof of income letter
Proof of residency letter
Salary certificate
Salary assignment letter
Bank statement letter
Tax exemption certificate
Titled deeds
Permit letter for construction
Real estate site map
Personal Guarantee Letter
7.Voluntarily Provided Information:
Responses submitted through online forms (e.g., Contact Us, complaints)
Uploaded attachments (such as ID documents or supporting files)
Consent to receive promotion material via your provided contact information
We may collect information from a range of sources, and it may relate to any of the products or services we currently provide or may have provided in the past. We collect your personal data both directly (though online forms, drop-down lists, options list, banking forms, etc.) and indirectly (through cookies, auto data collection, website analytics, etc)
We collect your Personal Data when:
•Information you have provided to use through our direct channels
• you open an account or perform transactions such as make deposits or withdrawals from your account, payment history and transactions records
• you are referred to us part of our Referral program
• you seek advice about your investments
• you apply for a loan or use your credit or debit card
• you seek information from Our customer service provider, information concerning complaints and disputes
• Information you have provided to use through our direct channels
• We seek information about your credit history from credit bureaus
• you provide account information such as your personal details e.g., name, gender, date and place of birth; contact information such as address, email address, and mobile numbers, provide your employment information
• you provide information concerning your identity e.g., photo ID, passport information, national ID card and nationality
• you use your login credentials for online banking and mobile banking apps and We collect information about your computer (or mobile device), including collecting your IP address, operating system and browser type. We use this information for system administration or for Our own commercial purposes.
• We conduct necessary investigations i.e., due diligence checks, and anti-money laundering/counter fraud and terrorism checks and obtain information that We need to support Our regulatory obligations, e.g., information about transaction details, detection of any suspicious and unusual activities.
•We may record conversations you have with us, including phone calls, face-to-face meetings, letters, emails and other forms of communication for the purpose of verifying your instructions provided to us and improving the delivery of our products and services.
•We may collect information related to your computer (or mobile phone), including your IP address (where available), operating system ty pe, and browser type. This information is used for system administration purposes and for our own business purposes. This information is only statistical data about users' browsing behaviors and cannot be used to identify a person.
We will collect and use your personal data in accordance with the Personal Data Protection Law and its implementing regulations collectively, (PDPL) and any other rules or regulations issued thereunder from time to time, or from competent authorities including the Central Bank, the Saudi Authority for Saudi Data Artificial Intelligence Authority (SDAIA) and any other competent authority in accordance with the Personal Data Protection Law. Depending on the purpose of processing your personal data, the legal basis for processing your personal data is one of the following:
1. Entering into and performing an agreement: to take steps necessary to enter into or perform a contract or agreement with you regarding the services or products you request, or to perform our obligations under such contract or agreement.
2. Compliance with legal and regulatory requirements: To comply with any legal obligations or requirements imposed by competent regulatory authorities, including conducting checks to comply with legal and regulatory requirements and disclosure to the competent authorities, regulators and supervisors.
3. Consent: in specific cases where your consent has already been obtained (where required by law) or where the consent of the data subject is required under the system, including the requirement to obtain explicit consent for certain types of data under the Personal Data Protection Regulations
4. Interest achieved: In some cases, if it is necessary to perform an action that would achieve the interest of the data subject (whether material or moral) and communication is impossible or difficult to achieve.
5. Legitimate interest: where the processing is necessary to achieve our legitimate interest without prejudice to any of your rights or interests and to the extent that such personal data is necessary for the purpose for which the data is processed without including sensitive data.
6. Examples of legitimate interest include the following (without limitation) provided that they do not conflict with any of your rights under the Personal Data Protection Law.
• Elevate our products, services and your experience across our channels, promote new financial and investment products and services that may interest you, and understand your needs as a customer and your eligibility for products and services.
• Receiving and processing complaints, requests, or reports submitted by you or third parties to Us.
• Taking the necessary steps to improve Our products, services, and use of technology, and conducting market research.
• Cooperation to carrying out any request or inquiries submitted by an actual or potential public authorities or judicial bodies, and providing evidence and support in relation to litigation proceedings.
• Enable Us to provide you with products and services
• Protect you from fraud by conducting identity and credit checks and conflicts of interest procedures.
•In order to protect the security of Our information and network, We may process your personal data to monitor and identify security risks, prevent unauthorised access to Our systems, and ensure the integrity and confidentiality of your information and Our services.
• Implementing precautionary measures includes encryption, firewalls, and intrusion detection systems (IDS), as well as conducting security audits to identify and mitigate vulnerabilities.
• We will only use your information when you have provided your consent or when we are required by the law to do so. If you do refuse to provide us with your consent (where applicable) to use and / or share your personal data, due to regulatory restrictions, We may not be able to provide you with the products or services for which your consent is being requested.
• We use the information We collect to provide customers with excellent products and services, to manage Our business and to offer an enriched and enhanced customer experience.
• We make appropriate use of your data to manage transactions, respond to your requests, and to provide you with more relevant products and services.
• We make appropriate use of your data to manage transactions, respond to your requests, and to provide you with more relevant products and services.
• If you opt you use smartphone payment solutions such as; Apple Pay, Samsung Pay etc. you accept that your transaction details including, the transaction amount, currency, time and date, the merchant's name category and address will be shared with these systems.
• We use this information to detect and prevent financial crimes including fraud, financing for terrorism and money laundering, this is to ensure security and business continuity.
• We will use your information to meet Our compliance obligations, to comply with laws and regulations and to share with regulators when absolutely necessary.
• Where We have your consent, we may use Personal Data We have about you such as your email address, mobile number, mailing address to deliver advertising to you directly or on Our websites, provide updates on special deals and offers that might interest you.
• We may transfer your information outside KSA border to our representatives for operational purposes, upon receiving prior permission from the Competent Authorities.
• We may send you general announcements or important news about your account.
• We may need to record conversations you have with Us including phone calls, face-to-face meetings, letters, emails and any other kinds of communication. These recordings may be used to check your instructions to Us and improve on Our product and service delivery.
• We may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for Our own commercial purposes. This is statistical/analytical data about Our users' browsing actions and patterns, and does not identify any individual.
• We may send reminder emails and/or SMS messages for you to complete the opening of your meem account.
• We may record conversations you have with us, including phone calls, face-to-face meetings, letters, emails and other forms of communication for the purpose of verifying your instructions provided to us and improving the delivery of our products and services.
• We may collect information related to your computer (or mobile phone), including your IP address (where available), operating system ty pe, and browser type. This information is used for system administration purposes and for our own business purposes. This information is only statistical data about users' browsing behaviors and cannot be used to identify a person.
At meem Digital Banking, we, in efforts to provide you with excellent products and services, may need to outsource our product delivery, this will be done in line with relevant regulations and laws. We may share your personal data with internal parties (e.g., GIB entities and/or affiliates) and external parties (e.g., regulatory authority, service providers, third parties, etc.) for processing to the extent necessary to fulfil the purposes described in this Notice.
We may also share your information where We have a public or legal duty to do so, when We need it to conclude regulatory reporting and when We have requested and received your permission to share it. In some circumstances where the law permits, this will involve us transferring your personal data outside the Kingdom of Saudi Arabia (KSA). Such transfers will be performed in compliance with the law. When we transfer your personal information outside the region, we will take the necessary steps to ensure appropriate safeguards are applied to maintain the same levels of protection as required under the law.
Subject to your relationship with us, we may disclose or share your personal data with trusted third parties, whether occasionally (once) or periodically and frequently, depending on the nature of the service provided or the relevant regulatory requirements. This includes, but is not limited to, carrying out periodic processes such as billing cycles, completing transactions, submitting applications for new banking products or services, conducting periodic reviews of compliance with Know Your Customer (KYC) and AML/CFT requirements. For security and safety purposes, we may use CCTV cameras and surveillance systems in our premises. The footage can be used to monitor and investigate security incidents, prevent fraud, and ensure the safety of our customers, employees and assets.
If you have a joint account with another individual or individuals, please note that we may disclose account information and transaction details to all joint account holders and each joint account holder is responsible for ensuring that he or she has the necessary authority and consent to provide and access personal data related to the joint account.
We use 'cookies' to monitor how people use our website 'www.meem.com.sa'. A cookie is a piece of information that is stored on your computer's hard drive and it records how you have used a website. This helps us to understand how our customers use our website so we can develop and improve it.
This Privacy Notice is applicable to Personal Data and Sensitive Data or information collected by us or our affiliates directly from the customer or through our online portals, mobile apps and electronic communications as also any information collected by our servers from the customer’s browser.
The security of Personal Data is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. We shall take reasonable steps and measures to protect the security of the customer’s Personal Data from misuse, loss, unauthorised access, modification or disclosure. We maintain Our security systems to ensure that the Personal Data of the customer is appropriately protected and follows standard encryption norms for the transmission of information. We ensure that Our employees and affiliates respect the confidentiality of any Personal Data held by Us.
At meem Digital Banking, we retain your Personal Data only for as long as mandated by the regulators for the purposes set out in this Privacy Notice. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies which is subject to Electronic Banking Services instructions and other applicable rules and regulations within the designated jurisdiction.
We are committed to protecting personal data by applying the highest standards of security and compliance in accordance with the Personal Data Protection Law (PDPL) and the regulations of the National Data Management Office (NDMO). The following outlines our practices regarding data storage, geographic location, and secure data disposal:
1. Data Storage:
•Personal data is stored in secure environments that utilize advanced technologies to prevent unauthorized access, modification, or loss.
•Data is stored in data centres located within the Kingdom of Saudi Arabia, or in cloud solutions in or outside Saudi Arabia that adhere to applicable data protection regulations, ensuring data sovereignty is maintained .
•In cases where cross-border data transfer is necessary, it is conducted in accordance with the legal requirements for international data transfer, ensuring that appropriate safeguards are in place to protect the data.
2. Data Disposal:
•We retain personal data only for the duration necessary to fulfil the purpose for which it was collected, or as required by applicable laws and regulations.
•Once the purpose is fulfilled or the retention period expires, personal data is securely disposed of using approved technical methods that ensure it cannot be recovered or accessed again. These methods include:
•Secure deletion from electronic systems.
•Physical destruction of storage media such as hard drives or portable devices.
•The disposal process is documented to ensure transparency and accountability.
If you are a resident in KSA and under 18 or, alternatively, are resident elsewhere and are not yet the relevant age of majority in the jurisdiction in which you reside, We are not permitted to contract with you directly. Where necessary by local legislation, by agreeing to this Privacy Notice, your guardian acknowledges and consents to the terms of this Privacy Notice on your behalf. If we seek your consent to process your Personal Data for a specific purpose in accordance with this Privacy Notice, such consent must be granted on your behalf by your guardian.
The effective date of this Notice is provided above. Any updates or changes to the Notice will be posted on this website with the new revision date, which is the effective date of changes. Your continued use of this website constitutes your acceptance of any changes to this Notice. Therefore, we recommend you check the Notice periodically to be aware of the most updated version of this Notice.
You may have certain rights relating to your Personal Data depending on the country in which you access our KSA website. In some cases, depending on applicable legislation, such as Kingdom Saudi Arabia – Personal Data Protection Law (“KSA PDPL”), these rights may include: the right to be informed – this right allows you to receive information from Us about what Personal Data We collect and what do We do with it. The purpose of this notice is to fulfil this right.
Right to Know / Information
You have the right to know about Our contact details, the exact reason the data is being collected, the methods being used for data collection, and whether this collected data will be shared or sold.
Right to Request Access or Copy
You have the right to access your Personal Data from us and obtain a copy of it in a clear and readable format, in conformity with the content of the records, at no cost.
Right to Request Correction
You have the right to request correction of any data collected on them if it is incomplete, inaccurate, or obsolete.
Right to Request Destruction
You have the right to request the destruction of data collected on them. The reasons can range from the user rescinding their consent for data collection to the data no longer serving the purpose for which it was collected.
Right to withdraw Consent from Processing
You have the right to withdraw your consent at any time, which you previously gave in relation to processing of your Personal Data. To the extent permitted by applicable laws and regulations as We are required retain certain data for a period of time.
Right to Limit/Restriction of Processing
You have the right to limit or refuse the processing of their Personal Data by the organization for special cases and for a limited period of time. This right is not explicitly provided under the KSA PDPL; however, the regulatory authority has released a set of FAQs that provides details of this right.
We are required to ensure that you are appropriately informed about these rights and establish dedicated channels for you to exercise these rights. We must fulfill these requests within 30 days and record all data subject requests received.
These rights are neither absolute nor applicable in all circumstances. You are entitled to any other additional rights granted by applicable laws and regulations.
In addition to the above rights if you suffer damage as a result of our violation of the requirements of the PDPL or its Implementing Regulations, you may apply exclusively to the competent court in the Kingdom of Saudi Arabia, for proportionate compensation for the material or moral damage perceived to be incurred.
This Privacy Notice is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on us in respect of any other party or on behalf of any party. When you log in to third parties’ websites, you will not be subject or under this Privacy Notice. Moreover, we are not responsible for their websites’ content, and we do not represent third parties. Therefore, we recommend you review the privacy and security policy of each link you log in to.We also emphasise the importance of protecting your login credentials and notifying Us immediately of any unauthorised access or use of your accounts with Us.
If you have any questions, concerns or complaints regarding our compliance with this Privacy Notice and the KSA PDPL, or if you wish to exercise your rights, please contact us. We will investigate and will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible, in any event, within the timescales provided by applicable data protection laws or regulations.
If you have any questions or comments regarding the processing of your Personal Data, our privacy practices or if you would like us to update information or preferences you provided to us, please contact the Data Privacy / Protection Team (Data Management Office) through the following email: [email protected] or [email protected] or call 8001166336 locally or +966920026336 internationally.
For complaints or concerns related to how we handle your Personal Data, you may contact the Saudi Central Bank (SAMA).