Last Revised: December 31, 2024
The Personal Data Protection System.
Any information—regardless of its source or form—that could lead to identifying an individual specifically or making their identification possible, whether directly or indirectly. This includes, but is not limited to: names, personal ID numbers, addresses, contact numbers, licenses, records, personal property numbers, bank account numbers, credit card numbers, static or moving images of the individual, and other personally identifiable data.
Any personal data indicating an individual’s racial or tribal origin, religious, intellectual, or political beliefs, membership in associations or civil institutions, as well as criminal and security data, biometric data used for identity determination, genetic data, credit information, health data, location data, or data indicating that the individual has unknown parents or a single unknown parent.
The individual to whom the personal data pertains, their representative, or their legal guardian.
Any operations conducted on personal data by manual or automated means, including—without limitation—data collection, transfer, storage, preservation, sharing, destruction, analysis, pattern recognition, inference, and integration with other data.
Express or implied agreement by the data subject, granted explicitly or inferred through the person's actions, circumstances, or context, such as signing contracts or agreeing to terms and conditions.
Unauthorized disclosure, acquisition, or access to personal data, whether intentional or accidental.
The purpose of the Personal Data Protection Policy is to maintain the confidentiality of personal information, ensuring the rights of users of Wafy services are safeguarded. The policy regulates the collection, processing, and sharing of personal data while preserving national digital sovereignty. Wafy ensures that personal data collection and usage comply with the Personal Data Protection System and related regulations. Wafy serves as the data controller (responsible for determining how personal data is processed) and is accountable for it.
This policy applies to any personal data processing activities related to beneficiaries conducted within the Kingdom by any means.
Wafy may share data with third-party service providers who deliver marketing, customer support, IT support, payment processing, or event management services. Regulatory authorities may also access data when required for legal compliance or to protect Wafy’s or a third party's interests. External services, content, links, or referrals integrated into Wafy’s platform are excluded from this policy.
By using Wafy platforms (WAFY APP), you explicitly agree to the collection and processing of your data for the purposes specified in this policy. Failure to provide such consent may hinder Wafy’s ability to meet its obligations to users or authorities.
Data processing is limited to the purposes outlined in the privacy notice, with retention only as long as necessary for legal, financial, reporting, or contractual obligations. Data will be securely destroyed once its purpose has been fulfilled, ensuring no leakage, misuse, or unauthorized access.
Data may be transferred and stored outside your country of residence. Wafy ensures appropriate safeguards, including contractual terms and legal protections, for such transfers. Personal data is secured using appropriate technologies.
In case of a data breach, Wafy will notify relevant authorities if required and inform users if the breach poses significant risks to their rights.
Users are advised to report suspected unauthorized access to passwords or confidential information and refrain from sharing sensitive data unless identity is verified.
Users should regularly review Wafy’s privacy policy for updates, which will be published on the website with the "last updated" date.
If you have any questions about this privacy policy, please contact us at:
Phone: +966-9200-24425
Email: info@wafyapp.com
Mailing Address: P.O. Box 76600, Jeddah 23434, Saudi Arabia