Privacy Policy

1. Introduction & Data Controller

This Privacy Policy explains how Bankkie ("we", "us", or "our") collects, uses, shares, and protects your personal data when you use our financial product comparison platform at bankkie.com.

Bankkie is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the Saudi Personal Data Protection Law (PDPL), the Saudi E-Commerce Law (Royal Decree M/126), and applicable regulations issued by the Saudi Data & Artificial Intelligence Authority (SDAIA).

By using our platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

2. Information We Collect

We collect the following categories of information:

• Personal information you provide directly: name, email address, and contact details when you create an account, submit feedback, or contact us
• Usage data collected automatically: pages visited, products compared, search queries, filter preferences, time spent on pages, and click patterns
• Device and technical data: browser type and version, operating system, device type, screen resolution, IP address, and language preferences
• Cookie data: information collected through cookies and similar tracking technologies (see Section 10 for details)
• Financial preferences: product categories of interest, comparison history, and saved products (if you create an account)

We do not collect sensitive financial data such as bank account numbers, credit card details, national ID numbers, or income information. If you provide such information voluntarily through feedback or contact forms, we will delete it promptly.

3. Legal Basis for Processing

Under the Saudi Personal Data Protection Law (PDPL), we process your personal data based on the following lawful bases:

• Consent: When you create an account, submit a form, or accept cookies, you provide consent for us to process your data for the stated purposes. You may withdraw consent at any time
• Legitimate interest: We process usage data and analytics to improve our platform, ensure security, and provide better comparison tools. This processing is necessary for our legitimate business interests and does not override your fundamental rights
• Legal obligation: We may process your data to comply with applicable Saudi laws and regulations, including record-keeping requirements under the E-Commerce Law
• Performance of a service: When you use our comparison tools, we process your preferences and selections to deliver the requested comparisons and results

4. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and improving our comparison services: delivering product comparisons, search results, and recommendations based on your preferences
• Platform improvement: analyzing usage patterns, identifying technical issues, and enhancing user experience
• Communication: responding to your inquiries, sending service-related notifications, and providing customer support
• Security: detecting, preventing, and addressing fraud, unauthorized access, and other security issues
• Analytics: understanding how our platform is used, measuring the effectiveness of our features, and generating aggregate statistical reports
• Legal compliance: fulfilling our obligations under Saudi law, including the PDPL and E-Commerce Law

We will not use your personal data for purposes that are incompatible with those described above without first obtaining your explicit consent.

5. Data Sharing & Third Parties

We may share your personal data with the following categories of third parties:

• Analytics providers: We use analytics services (such as Google Analytics) to understand platform usage patterns. These providers receive anonymized or pseudonymized data
• Hosting and infrastructure providers: Our platform is hosted on cloud infrastructure services that process data on our behalf under strict data processing agreements
• Security service providers: We use security tools to protect the platform and detect threats, which may involve processing technical data
• Legal and regulatory authorities: We may disclose your data if required by Saudi law, court order, or regulatory authority (such as SAMA, SDAIA, or the Ministry of Commerce)

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. All third-party service providers are bound by data processing agreements that require them to protect your data and use it only for the specified purposes.

6. Affiliate Partners & Banks

When you click on "Apply" or similar links that redirect you to a bank or financial institution's website, please note the following:

• We may share a referral identifier with the financial institution to track the referral for compensation purposes
• We do not share your personal data (name, email, or account information) with banks through these referral links
• Once you leave Bankkie and visit a bank's website, their privacy policy governs the collection and use of your data
• Any information you provide directly to a financial institution is subject to that institution's privacy practices, not ours

We encourage you to review the privacy policy of any financial institution before providing your personal information to them.

7. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside the Kingdom of Saudi Arabia. This may occur when our hosting providers, analytics services, or other infrastructure partners operate servers or facilities in other jurisdictions.

In accordance with the Saudi PDPL, any cross-border data transfer is conducted under one or more of the following safeguards:

• Standard Contractual Clauses (SCCs) approved by SDAIA
• The recipient country provides an adequate level of data protection as assessed by SDAIA
• Your explicit consent to the transfer, where applicable
• The transfer is necessary to fulfill a contractual obligation with you

You have the right to request information about the safeguards in place for any cross-border transfers of your data. Contact us using the details in Section 14.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by Saudi law.

Specific retention periods include:

• Account data: Retained for the duration of your active account plus two (2) years after account deletion to comply with legal record-keeping requirements
• Usage and analytics data: Retained in anonymized or aggregated form indefinitely for statistical purposes. Identifiable usage data is retained for up to twelve (12) months
• Communication records: Feedback submissions and support inquiries are retained for up to three (3) years
• Cookie data: Retention periods vary by cookie type (see Section 10)
• Legal compliance records: Retained as required by applicable Saudi law

When personal data is no longer needed, we securely delete or anonymize it in accordance with industry best practices.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Access controls and authentication mechanisms to limit data access to authorized personnel
• Regular security assessments and vulnerability testing
• Secure development practices and code review processes
• Employee training on data protection and security best practices
• Incident response procedures for potential data breaches

While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

10. Cookies & Tracking Technologies

Bankkie uses cookies and similar tracking technologies to enhance your experience on our platform. The types of cookies we use include:

• Essential cookies: Required for the platform to function properly, including session management, language preferences, and security features. These cannot be disabled
• Analytics cookies: Help us understand how visitors interact with our platform by collecting information about pages visited, time spent, and navigation patterns. This data is used to improve our services
• Preference cookies: Store your settings such as language selection, display preferences, and comparison history to provide a personalized experience
• Third-party cookies: Some analytics and functionality services may set their own cookies. These are governed by the respective third party's privacy policy

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our platform. We honor Do Not Track (DNT) browser signals where technically feasible.

11. Your Rights Under Saudi PDPL

Under the Saudi Personal Data Protection Law, you have the following rights regarding your personal data:

• Right to access: You may request a copy of the personal data we hold about you
• Right to correction: You may request that we correct any inaccurate or incomplete personal data
• Right to deletion: You may request deletion of your personal data, subject to legal retention requirements
• Right to data portability: You may request a copy of your data in a structured, commonly used, machine-readable format
• Right to withdraw consent: You may withdraw your consent to data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal
• Right to object: You may object to the processing of your personal data in certain circumstances
• Right to lodge a complaint: You have the right to file a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA) if you believe your data protection rights have been violated

To exercise any of these rights, please contact us using the details provided in Section 14. We will respond to your request within thirty (30) days. We may request additional information to verify your identity before processing your request.

12. Children's Privacy

Bankkie is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age.

If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data from our systems. If you believe that a child under 18 has provided us with personal data, please contact us immediately using the details in Section 14.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify affected individuals without undue delay and provide information about the nature of the breach, the data involved, and the measures taken to address it.

Report the breach to the relevant authorities, including the Ministry of Commerce within three (3) business days and SDAIA as required by the PDPL.

Take immediate steps to contain the breach, assess the impact, and implement measures to prevent recurrence.

Maintain records of all data breaches, including the facts, effects, and remedial actions taken.