(the "Company," "we," "our," or "us") process personal data we collect about you in accordance with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations (collectively, the "PDPL"). The PDPL establishes protections for your personal data and grants you certain rights. This Privacy Policy applies when you use our websites, and interact with us (collectively, the "Services"). EFG Hermes KSA ("the Company") is a leading financial services company providing investment services, asset management, securities brokerage, and investment banking to individual investors, corporate clients, and financial institutions within and outside Saudi Arabia. We are committed to protecting your Personal Data in accordance with the Personal Data Protection Law issued by Royal Decree No. M/19 dated 09/02/1443H and its Implementing Regulations.
Contact Information | Details |
| Department | Data Protection |
| Address | PO Box 300189, Third Floor, Sky Towers Northern Tower, Riyadh, KSA |
| Phone | 009660112938048 |
| data.protection@efg-hermes.com | |
| Website | www.efghermesksa.com |
| SDAIA License No. | 3250001427 |
| Contact Information | Details |
| Name/Title | Mohamed Al Qassim - Data Protection Officer |
data.protection@efg-hermes.com |
| Date | Version & Changes |
| May 2024 | Version 1.0 - Initial Privacy Policy |
| March 2026 | Version 2.0 - Comprehensive update to align with SDAIA Privacy Policy Guidelines (Version 1.0 - August 2024). Updated response timeframes per Article 12 of the Implementing Regulations. Enhanced data lifecycle details and cross-border transfer safeguards. |
| Data Category | Details |
Account Data | Full name • National ID/Residency number • Date of birth • Nationality • Mailing address • Phone number • Email address • Employment information |
| Financial Data | Bank account information (IBAN) • Income and wealth information • Transaction records • Investment portfolio |
| Transaction Data | Order and trade details • Transaction date and time • Transaction value and type |
| Technical Data | IP Address • Browser type and OS • Cookies • Login and usage logs |
Compliance Data | Identity documents (ID/passport copy) • KYC information • AML information • Suitability assessment |
Communication Data | Phone call records • Email correspondence • Text messages • Customer service chat logs |
A. Collection Methods
| Method | Details |
Direct Collection | Account opening forms • Service request forms • Trading platforms • Mobile applications • Company website • Phone calls • Personal interviews |
Indirect Collection | Cookies and tracking technologies • Web analytics tools • Publicly available information • Credit |
B. Processing Purposes
| Legal Basis | Description |
Explicit Consent | Obtained for account opening and marketing. Withdrawable anytime by contacting the DPO. |
Contractual Obligation | Necessary to execute the financial services contract (account opening, order execution). |
Legal Obligation | Required for: Capital Market Law • AML Law • Personal Data Protection Law • CMA rules • Other regulatory requirements. |
Legitimate Interest | To prevent fraud, protect security, manage risks, improve services, and protect legal rights. |
Public Interest | When necessary for public interest (cooperating with regulatory/security authorities). |
| Entity Type | Entities | Purpose & Frequency |
Regulatory | CMA • SAMA • Ministry of Commerce • Zakat Authority • Criminal Evidence Directorate • Financial Investigation Unit | Regulatory compliance, AML, reporting Frequency: Periodic/continuous |
Service Providers | Tadawul • Edaa • Banks • IT providers • Credit info providers • Auditors • Legal advisors | Transaction execution, settlements, technical services, audit Frequency: As needed |
Marketing Service Providers | Digital marketing services providers (Egypt) | Purpose: Social media, digital marketing, online advertising, PR Frequency: As needed |
EFG Group | EFG Hermes (Egypt, UAE, Bahrain) | Integrated services, operational support, HR records (for EFG employees), providing financial |
International | Cloud providers • Market data providers • Trading platforms | Data hosting, transaction processing, market |
📍 A. Storage Location:
⏱️ B. Retention Periods:
| Data Type | Retention Period |
Identity & KYC documents | 10 years from the relationship's end |
Transaction records | 10 years from the transaction date |
Compliance & AML records | 10 years from the relationship end |
Communications | 10 years from the communication date |
Technical data & logs | 10 years from the relationship end |
Marketing data | Until consent withdrawal or 10 years from last interaction |
🗑️ C. Destruction & Security:
✋ Your Rights
Right | Description & Exercise Method |
Right to Be Informed | Know how data is collected, legal basis, processing, storage, destruction, and disclosure entities. Access your information through the means added in this Policy or contact us. |
Right of Access | Request access via: Online platforms • Customer service • Written request to DPO Response: 30 days (extendable to 60 with notice if extra effort required) |
Right to Copy | Request data copy in clear, readable format Method: Email data.protection@efg- hermes.com or account portal Response: 30 days (extendable to 60) |
Right to Correction | Request correction of inaccurate/incomplete data Method: Online account or customer service Response: 30 days with notification |
Right to Destruction | Request destruction when: Data no longer necessary • Consent withdrawn • Unlawful processing • Legal requirement Note: May not be possible if legally obligated Response: 30 days |
Right to Withdraw Consent | Withdraw consent anytime unless another legal basis exists Method: Contact DPO at data.protection@efg-hermes.com or 009660112938048 Does not affect prior lawful processing |
Right to Complain | File complaint with SDAIA if dissatisfied |
📝 Complaint Filing Mechanism
Level | Contact Information |
Company Level | Department: Data Protection Email: data.protection@efg-hermes.com |
SDAIA (if unsatisfied) | Authority: Saudi Data & AI Authority |
🌐 Policy Access and Updates
📱 Access Methods
Company website: www.efghermesksa.com/privacy-policy
Email l upon request: Data.protection
🌍 Language Availability
🔔 Update Notifications
We will notify you of any material changes to this Privacy Policy through the following channels:
You will have [30 days] to review changes before they take effect unless immediate implementation is required by law.
🔄 Periodic Review:
We conduct periodic reviews of this Privacy Policy to ensure:
Any amendments or updates are recorded in the Update Record table in Section Two above.
🍪 What Are Cookies and Similar Technologies?
Cookies are small pieces of information sent by a web server to your web browser, allowing the server to uniquely identify your browser on each page. We also use other tracking technologies similar to cookies, including pixel tags, Google tags, and tracking links — all collectively referred to as "Cookies" in this Policy.
Cookies | Description | Legal Basis |
🔒 Strictly Necessary | Enable navigation and access to secure areas. Services cannot be provided without these cookies. | Legitimate interest / Contractual obligation |
📊 Analytical / Performance | Collect anonymous information on how you use our site (e.g., Google Analytics) to improve performance. | Explicit consent |
⚙️ Functional | Remember your choices (language, username, display settings) to provide a personalized experience. | Explicit consent |
🎯 Targeting / Advertising | Enable navigation and access to secure areas. Services cannot be provided without these cookies. | Explicit consent |
📱 Social Media | Allow sharing of content via social platforms (Facebook, Instagram, X). Subject to those platforms' privacy policies. | Explicit consent |
Tracking Technology | Description |
| Pixel Tags | Invisible images embedded in pages that generate a notification upon visit. Work alongside cookies to measure usage activity. |
| Google Tags | Measurement tools for tracking conversions and advertising campaign performance across Google platforms. |
| Tracking Links | Custom URLs that measure the source of traffic and the effectiveness of marketing campaigns. |
Right | How to Exercise |
✅ Accept All Cookies | Select "Yes, I agree" when the consent notice appears. |
🚫 Reject Optional Cookies | Select "No, I do not agree" or adjust settings via the Consent Management Tool on the website. |
⚙️ Customise Preferences | Accept or reject specific categories (except Strictly Necessary) through the Consent Management Tool. |
🌐 Browser Settings | Disable cookies from your browser settings. Note that some website features may not function fully. |
✏️ Withdraw Consent | Withdraw consent at any time via the Consent Management Tool or by contacting the Data Protection Officer. |
For more information about cookies, please visit:
🌐 Policy Access and Updates
This Cookie Policy is available in both Arabic (العربية) and English. In case of any conflict between the two versions, the Arabic version shall prevail.
We will notify you of any material changes to this Policy via a prominent notice on our website or by email to your registered address.
EFG Hermes KSA is regulated by the Capital Market Authority.
© 2024 EFG-Hermes Holding S.A.E.
All rights reserved.
We use cookies to collect information about how you use our website. And we use the information derived from such cookies to ensure the functionality of our website and to enhance our services.