Merchant Solutions
Processing Solutions
Cards & Processing
Credit Card Solutions
Debit Card Solutions
Digital Wallets
Corporate Cards Platform
Value Added Services
Enterprise Fraud Solutions
Card Control
3D Secure
Mobile SDk
Remittance as a Service
Card Procurement & Personalization
Instant Issuance
AML Solutions
In-App Provisioning
eStatement
Reconciliation as a service
About Us
Who We Are
Our Team
Sustainability
Media Centre
Contact Us

Privacy Notice

Introduction

This Privacy Notice sets out the basis on which Network collects, uses, shares and otherwise processes any Personal Information.

Please read the following carefully to understand Network’s views and practices regarding Personal Information and how Network will treat it.

By accessing and using Network Services, including Network’s interactions with you via our websites (including but not limited to www.network.global/ksa/en), mobile sites and applications (“Sites”), you agree to the collection, transfer, storing and processing of Personal Information as set out in this Privacy Notice.
 

Definitions

“Card” When Network uses the word ‘card’ in this notice, it applies to all payment methods and types and not simply those involving a physical card; and use of the term ‘cardholder’ applies to any shopper or individual whose payment transactions may be processed.

“Network” “we” “us” or “our” means Network International Arabia (Single Shareholder Closed Joint Stock Company), Network International LLC, and/or any of its subsidiaries or affiliates.

“Network Services” means the products and services which are being offered by Network.

“KSA PDPL” means the KSA Personal Data Protection Law implemented by Royal Decree No. M/19 of 09/02/1443H (16 September 2021) and amended by Royal Decree No. M/147 of 05/09/1444H (27 March 2023) (PDPL), the Implementing Regulations of the PDPL ("Implementing Regulations"), along with the amendments to the Data Transfer Regulations issued on September 1, 2024 (Data Transfer Regulations) and other related regulations, in each case, as may be amended and/or updated from time to time.

"Personal Information or Personal Data" for purposes of this Policy means to any information that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, as further defined in the KSA PDPL.

You are important

At Network our most important asset is you and your trust. We are committed to maintaining the confidentiality, integrity and security of any Personal Information about our users. 
This Privacy Policy explains what and how we collect, use, disclose, transfer, and store your non-personal and Personal Information shared through our Sites or in connection with our Services.
To the extent that any of the Personal Information that we collect includes sensitive data, which is Personal Information revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or genetic data for the purpose of identifying the person, health data, and data that indicates that one or both of the individual’s parents are unknown, we will only process this data with your explicit consent.

We may request that you provide us with your Personal Information which is necessary for us to provide our Services to you or respond to your queries. It is not mandatory for you to provide the requested Personal Information, but, if you choose not to do so, we may unfortunately, not be able to provide you with our Services or respond to your queries.

Principles of Data Processing

Network shall apply the following principles when processing your Personal Information:

1. Lawfulness, fairness and transparency: All Personal Information will be processed fairly, transparently and in compliance with applicable laws.

In accordance with the Personal Data Protection Law, the legal basis on which we rely in processing such data is:

  • Your explicit consent. You can withdraw your consent at any time without affecting processing operations carried out based on other legal bases. To this end, You can reach the Privacy Office at Network using the contact details provided below.
  • Contractual – to fulfil our service obligations to you.

  • Legitimate interest - for activities such as certain types of marketing, preventing fraud and ensuring network and information security.
  • Consent – for other activities such as information, sales & certain types of marketing.
  • Legal obligation – to comply with government requirements including but not limited to, national security and protection of public health.
  • Public Interest - for processing based on regulatory entities requests or for public interest purposes.
    In addition, we may work with other entities to ensure quality of service is provided. If your personal data is disclosed to these entities, it shall be restricted to the purposes specified in this privacy notice for which you have provided consent.


2. Purpose: Any Personal Information collected will be used for a stated purpose.
3. Data Minimization: Network will collect only the Personal Information that is adequate and relevant to the purposes for which it is collected.
4. Accuracy: Network will keep the Personal Information accurate and, where necessary, kept up to date information.
5. Storage Limitation: Personal Information stored by Network no longer is required for the purpose/s for which it was collected or for a defined period in accordance with our policies and/or applicable law.
6. Integrity and Confidentiality: Network will implement appropriate technical, organizational and physical security measures to protect Personal Information.
7. Accountability: Network ensures compliance with the above principles, which includes maintaining appropriate records, logs when handling your Personal Information as required by PDPL.

What kind of Personal Information do we collect?

Network collects Personal Information relating to cardholders, merchants or other customers, suppliers and other business partners in order to carry out its business activities. Network may collect Personal Information from various sources, including:


•  Information you voluntarily provide, either directly to us or via our customers.
• Information automatically collected when you use our Sites and Services, including in our role as a payment processor.
• Information collected by cookies and other tracking technologies when you use our Sites.


This Personal Information may include but is not limited to:

  • Contact information such as your name, job title, company name, address, phone number, email address, other related information.
    Demographic information such as age, gender, nationality.
  • Biographical information such as photos, social media profiles or usernames, CV, qualifications, skills and experience.
  • Identification information such as national ID number or passport details.
  • Transaction information - data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.
  • Financial information such as billing name and address, credit card or bank account information; or
  • Technical information such as information about your device and your usage of our Sites or emails (such as Internet Protocol (IP) addresses or other identifiers).

If you provide Personal Information to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you represent that you have the authority, or consent where required, and acknowledge that without us taking any further steps, we may collect, use and disclose the related Personal Information as described in this Privacy Notice.

Non-Personal Information

We also collect information in a form that does not, on its own, permit direct association with any specific individual such as occupation, language, zip/area code, location, time zone, etc. We may collect, use, transfer, and disclose non-personal information for any purpose. This information is aggregated and used to help us provide more useful information to our customers and to understand which portions of Services are of most interest. This aggregated data is considered non personal information for the purposes of this Privacy Notice.

How do we use your Personal Information?

Network uses your Personal Information internally to:

  1. Conduct its operations, risk management, transaction processing, marketing, development of existing and new products and for legal, compliance, regulatory or law enforcement purposes.
  2. Online session information and usage data is collected to improve your experience.
  3. We may also collect technical and navigational related Personal Information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This Personal Information may be used, for example, to alert you to software compatibility issues, or it may be analysed to improve our design and functionality of the Network Sites and the Services.
  4. We use Cookies and other technologies to improve your experience.

We may use cookies and similar technologies to help us better understand user behaviour, identify which parts of Network Sites people have visited, to facilitate and measure the effectiveness of our offers and Services and improve them.
We collect various categories of cookies, such as:


Required cookies: essential for the proper functioning of our Sites and Services. Due to their nature, these are mandatory, and you cannot opt-out of them.

  • Analytical or performance cookies: to collect anonymous information about how visitors use our Sites. They allow us to analyse information such as, the count of visitors to our Sites, what search terms our visitors are using, what pages are viewed, and the last page visited. This information is based on the visitor’s IP address, and we cannot view individual activity tied to a single person.
  • Advertising cookies: to track your activity across our Sites in order to understand your interests and to direct marketing to them.
  • Temporary cookies: used to enable you to navigate our Site and use its features. These are deleted when you close your browser. IP addresses are used in conjunction with cookies for the purpose of “remembering” computers or other devices used to access our Sites.


You will have the option to disable cookies. If you choose to do so and the cookies are essential/required, certain features of the Network website and the Services will not be available or function as intended.

Network may offer certain features that are only available through the use of tracking technologies. Some web browsers may send out ‘do not track’ signals. There is no industry standard currently in place as to what websites and other online services should do upon receipt of such signals, thus, Network currently takes no specific action upon receipt of such signals. Should such a standard be developed, Network will revise this Privacy Notice accordingly.


To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be Personal Information under any local law and where such local law is applicable to Network Services, Network will manage such identifiers as Personal Information.


Network Sites may also contain links to and from third party websites, including those of partner networks, advertisers and affiliates. Please note that these websites may have their own privacy notices and cookies policies, and Network does not accept any responsibility or liability for these third party websites. The inclusion of links to third party websites in no way constitutes an endorsement by us of such websites’ content, actions, or policies.

 

How We Use Anonymized Data: Peer Comparisons, Research & Development

Network may anonymise or aggregate Personal Information in a manner that ensures it cannot be reasonably re-identified with any specific individual. Such anonymised or aggregated Personal Information is considered Non-Personal Information under PDPL and may be disclosed in a non-personally identifiable manner to:

  1. advertising, measurement or analytics partners approved by Network that conduct research into consumer spending;
  2. deliver products and services to other clients; and
  3. users of the Service for purposes of comparison of their financial situation relative to the broader community.

With whom does Network share Personal Information and for what purposes?

Before we share Personal Information, we ensure there are adequate safeguards in place to protect the processing of that data, including if required, standard contractual clauses in accordance with KSA PDPL. Network does not disclose information that could identify you personally to anyone, except as described in this Privacy Notice, including, but not limited to:

  1. Any Network group company.
  2. Any group company (such as advisers, share plan, payroll and other third party administrators, agents or contractors working on behalf of Network).
     Financial institution clients.
  3. Service providers and other third parties under contract who help with our business operations (including, but not limited to, fraud investigations, site analytics and operations).
  4. Regulatory, legal and judicial authorities.
  5. Social media sites integrated into web services that we offer.
  6. Governmental or quasi-governmental organizations; and
  7. Potential purchasers of Network.

Network may disclose Personal Information to third parties for the following purposes:
Legal or regulatory purposes.

  1. Business purposes.
  2. Suppliers who assist Network with the provision of its Services.

 

Information on cross-border data transfers

Network International LLC, has it registered office in Dubai, UAE. Network International Arabia (Single Shareholder Closed Joint Stock Company), has it registered office in the Kingdom of Saudi Arabia. Network has offices and operations in other countries including Egypt, South Africa, Jordan, Kenya, Ghana and Nigeria. The data Network collects from you may be transferred, stored and processed in a country different from where the data was collected.


By using our Network Sites and Services, you are permitting Network (or its authorized service providers) to process, store and transfer Personal Information to a country which is different from where the data was collected. The transfer of information will often be in furtherance of a contract to which you or your bank/merchant are a party. In other cases, the transfer of information will be consistent with the legitimate interests of conducting Network Services.

Individual’s Privacy Rights (data subject rights)

Under KSA PDPL, you have the following rights, which primarily depend on the purpose of Personal Data collection and processing:

  • Right to Be Informed: You are entitled to be informed how we collect your personal data, legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed.
  • Right of Access to Your Personal Data: You have the right to request access to your personal data held by us.
  • Right to Request Access to Your Personal Data: You are entitled to request access to your Personal Data held by us in a readable and clear format, consistent with the content of the records, in electronic format (when technically possible) or to provide a printed copy of it.
  • Right to Request Correction of Your Personal Data: You are entitled to request correction of your Personal Data that you believe is inaccurate, incorrect or incomplete.
  • Right to Request Destruction of Your Personal Data: You are entitled to request erasure of the Personal Data that is held about you, in certain circumstances only. Your deletion request will be balanced against our specific legitimate/legal ground for retention.
  • Right to Withdraw Your Consent for Processing Your Personal Data: You are entitled to withdraw your consent for processing your Personal Data at any time unless there are legal bases that require otherwise.
  • Right to Request Restriction of Personal Data Processing in Case of Inaccuracy:You have the right to request the restriction of processing your personal data until it is corrected if it is inaccurate, unless there are legal bases that require otherwise.

In circumstances, where a request to exercise such a right is received by Network, it must be forwarded to privacy@network.global so that it can be handled in accordance with timeframes of 30 days which can be extended as per KSA PDPL.
 

How do we keep your Personal Information safe and secure?

We are bound by our Group Policies
Our employees are committed to maintaining the highest data protection standards by complying with this Privacy Notice and our other policies including our Code of Conduct and Group Data Protection Policy. The Board Audit and Technology Committee has the overall responsibility to review the adequacy and effectiveness of the Group Data Protection Policy, ensure compliance with the same, and review and approve changes to the said Policy wherever considered appropriate or required by applicable laws.
All our employees receive training on these important requirements at least annually.

We Are Committed to Keeping Your Personal Information Secure

The security of your Personal Information is important to us. As further outlined below, we utilize physical, electronic and procedural security measures to protect against loss, misuse, and alteration of Personal Information under our control. We adhere to industry standard practices and security measures and our practices are independently validated annually enabling us to comply with ISO 27001 and PCI-DSS standards to safeguard and secure the information we collect.


No method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, we cannot guarantee its absolute security. Any transmission is at your own risk.


We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online in-app session and to protect Network accounts and systems from unauthorized access. Our servers are in a secure facility. Access requires multiple levels of authentication. Security personnel monitor the system 7 days a week, 24 hours a day.

We Enforce Physical Access Controls to Our Facilities

No employee may put any Personal Information or account Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). In addition, Network frequently tests the Service for any failure points that would allow hacking.


However, it is important to understand that these precautions apply only to our Service and systems. We exercise no control over how your Personal Information is stored, maintained or displayed by third parties or on third-party sites.

Our Service Ensures Secure Communications with Encryption

From the time you submit your login ID and password so that communications between your device and Network are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.


You are responsible for keeping your login ID, password, mobile device, and email account safe and confidential.


You also agree that you control and limit access to the email account and mobile device. If your email address or your mobile number changes, you are responsible for informing us of that change.


We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy Notice or the Terms of Use.

Restrictions and Monitoring of Our Partners and third parties

Any partners we work with have been selected in accordance with our security and risk management policies and practices and are bound by contractual obligations which includes compliance with Network policies and requirements relating to confidentiality, privacy and security. They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.


We may also use third party vendors or service providers to help us provide the Service to you, such as sending e-mail messages on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality and security of the Personal Information we provide to them.

How long does Network store and retain Personal Information?

Network will store Personal Information only for the greater of as long as necessary to achieve the purposes for which it was collected and applicable law. Retention periods for transaction and other data categories may vary, depending on our obligations. For example, legal and regulatory compliance with anti-money laundering (AML) and KYC requirements, operational demands, business requirements or dates we assigned based on contracts will also need to be taken into account, and may require retention for a period of up to 7 years after the data was collected or after the merchant or other customer relationship has ended.

What happens in case of a data breach?

In case Network is faced with a breach of Personal Information, Network shall inform Saudi Central Bank (SAMA), Saudi Data & AI Authority (SDAIA) and affected individuals within 72 hours of becoming aware of a breach and shall take necessary steps to mitigate the impact of such breach.

Changes and updates to the Privacy Notice

Network may, from time to time, make changes to this Privacy Notice. If any material changes are made as to how Network treat Personal Information, you will be notified through this Privacy Notice on Network’s Sites.


The date the Privacy Notice was last modified is at the bottom of the page. You are responsible for ensuring you periodically visit our Sites to check for any changes. By continuing to use Network Services or the Sites, you agree to the changes in this Privacy Notice.


This Privacy Notice is global in scope, but is not intended to override any legal rights in any territory where such rights prevail. In such event, the rights and obligations set out in this Privacy Notice will apply, subject only to amendment under any applicable local law having precedence.

Questions

We have appointed a Group Data Protection Officer (DPO). If you have questions, comments, concerns or feedback regarding this Privacy Notice or any other privacy concern, contact DPO at privacy@network.global or call us at +971 4075863.. If you are an employee you can also get in touch with your Talent & Culture team.

How To File a Complaint or Objection?

If you have concerns or feel we are not complying with the KSA PDPL, you can submit a complaint to Privacy Office using one of the communication channels outlined above.

If you are not satisfied with our handling of the complaint or if we do not respond within (30) business days from the date of receiving the complaint, you can escalate it to the relevant authority as detailed below:

  • Competent Authority: Saudi Central Bank (SAMA).
  • Address: Riyadh, Kingdom of Saudi Arabia
  • Website:https://sama.gov.sa/
  • National DG Platform: Dgp.sdaia.gov.sa

Network uses cookies and similar technologies to improve your experience on our website :

  • Keeping you signed in.
  • Necessary for operation of the website.
  • Give you the best experience each time to visit our website and to recommend products that may be suitable for your needs.