Privacy Policy

Kingdom of Saudi Arabia
Effective date:
February 1, 2025

1. Introduction

At Alaan Systems Company for Information Technology (hereafter referred to as "Alaan"), we will never misuse your data and we will always stick to the letter and spirit of the law. We will never sell it, give it away or use it for anything other than to deliver or improve our services to you.

This privacy policy applies to all individuals who supply personal data to us in relation to our services for businesses. This includes the person who signs up to our services on behalf of our business customer, the super administrators who have authority to create and approve user accounts, and the users who access and use our services in the course of their employment / engagement with our business customer.

This privacy policy sets out how we use your personal data in relation to the supply of our payment and software services.

2. Who we are

We are Alaan Systems Company for Information Technology incorporated in Riyadh, Kingdom of Saudi Arabia.

3. The basis for collecting your data

3.1. Legal obligation

We have to collect and use some of your data to comply with laws to which we are subject. This is called a 'legal obligation'.

3.2. Legitimate interest

This means we can collect and use your data for legitimate business objectives pursued by Alaan, in a way that most people would think was reasonable. For instance, if you signed up to Alaan and gave us your email address, you might reasonably assume we'd use it to update you about your account activity.

4. Purpose

This Privacy Policy aims to provide you with some helpful information regarding our use of your personal data and to help you understand the rights you have in connection with your personal data. This Privacy Policy informs you of our policies regarding the collection, use and disclosure of Personal information when you use our Service. We will not use or share your information with anyone except as described in this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at https://www.alaan.com/en-sa/terms-and-conditions

5. What is personal data?

Personal data is widely defined by Saudi Arabia law and includes all types of information that directly or indirectly can identify a natural person. This means that name, address, phone number are considered personal data, but that log data, encrypted data or other types of electronic ID such as an IP-Address can also be classified as personal data, if they can be connected to a natural person.

6. What is processing of personal data?

Processing is similarly defined very widely by Saudi Arabia law and includes almost every action taken in relation to personal data - for example collection, registration, organization, structuring, storage, adaption, transfer or deletion.

7. What does this Privacy Policy cover?

This privacy policy concerns data for which Alaan is a ‘data controller’ - in other words, where we decide the purpose and means by which personal data is processed. This policy does not cover personal data that we process on behalf of our customers - the legal agreements which relate to this processing can be found in our Terms and Conditions.

  • Authorized User Data, including your Contact Information, login credentials, and other information used by your Company to invite and manage Authorized Users.
  • Transaction Data, including information associated with your bill payments, reimbursements and card transactions made through your Company's Alaan Account, whether online or in store, such as the purchase details, payment mechanism, amount, location, and any annotations or coding you provide. Transactions can be made through a variety of domestic and international payment mechanisms.
  • Spend and Workflow Data, including your Company's spend limits and policies, approval hierarchies, and finance workflows.
  • Travel Data, including your business travel booking and itinerary. This may include imprecise location information, such as when your travel itinerary indicates you have booked a flight to or hotel in a location.
  • Receipt and Invoice Data, including information you submit to us to pay Company invoices and process your receipts, such as photos, PDFs, e-mails and SMS messages if you opt-in to text messages, along with associated metadata.
  • Vendor Data, including the identity of your Company's vendors and their Contact Information, payment details, contracts and purchase orders, and information to complete tax documentation (e.g., the vendor's tax identification number).

8. What data do we collect?

8.1. Representatives of Customers and Alaan users

Alaan is also the data controller in relation to both account Administrators as well as in regard to the personal data provided by Alaan users when accepting an Administrators’ invitation and activating their Alaan profile.

8.2. Executive Directors, LLP Members or Designated Members, Board Members, Beneficial Owners and other individuals within the scope of Alaan’s Know-Your-Business (KYB) policy

Alaan is the data controller for personal data obtained when our customers register for our services and during the registration process provide information regarding their corporate structure and permit us to pull applicable data from public registries.

8.3. Leads

Alaan is also the data controller for representatives of potential customers who are either website visitors who submit personal data through any of the forms on our websites or otherwise contact us through our customer support or people who might be interested in our services and/or products whose information we have received from other sources e.g., Facebook, LinkedIn or similar.

8.4. Prospects

In some situations, you may have been contacted by Alaan if we have determined that you may be interested in a demonstration and/or trial of the Alaan service. In this case some limited personal information may be controlled and processed by Alaan to offer this demonstration and answer any questions you may have about our product.

8.5. Website visitors and individuals interacting via webchat, emailing or telephoning our support

Alaan controls some personal data of individuals visiting our website, particularly behavioural and tracking details: e.g., location data, behavioural patterns, personal preferences, and IP-number you use to access the services and our websites. Further, Alaan controls personal data regarding individuals who interact with our team either via webchat, email or telephoning our support.

8.6. Candidates

Alaan is the data controller for a candidate's personal data obtained in the recruiting process.

9. Types of data, purposes of processing and lawful basis for processing

9.1. Representatives of customers and Alaan users

Categories of personal data we may process:

  • Identification information: e.g., identification number, ID or equivalent;
  • Contact information: e.g., name, address, phone number, email or equivalent.

For existing customers:

  • Behavioural and tracking details: e.g., location data, behavioural patterns, personal preferences and IP-number you use to access and use the services and our websites.

9.2. Executive Directors, LLP Members or Designated Members, Board Members, Beneficial Owners and other individuals within the scope of Alaan’s Know-Your-Business (KYB) policy

Categories of personal data we process:

  • Identification information: e.g., identification number, ID or equivalent;
  • Contact information: e.g., name, address, phone number, email or equivalent;
  • Information related to legal requirements: e.g., customer due diligence and anti-money laundering requirements.

9.3. Leads, website visitors, individuals interacting via webchat, emailing or telephoning our support:

Categories of personal data we may process:

  • Contact information: e.g., name, address, position, business phone number, email or equivalent.

For existing customers visiting our website or using our services:

  • Behavioural and tracking details: e.g., location data, behavioural patterns, personal preferences, IP-number, cookie identifiers, unique identifier of devices you use to access and use the services and our websites

9.4. Prospects and referrals:

Categories of personal data we may process:

  • Contact information: e.g., name, address, position, business phone number, email or equivalent

Additionally, for prospects from qualified companies, including those connected to website visitors, those interacting with our marketing communications or otherwise assessed as qualified

  • Behavioural and tracking details: e.g., location data, behavioural patterns, personal preferences and IP-number you use to access and use the services and our websites.

9.5. Candidates:

Categories of personal data we may process:

  • Contact information: Name; Address (if provided); Phone Number; Email or equivalent.

10. What personal data does Alaan collect from third parties?

We process personal data obtained from selected third parties such as fraud detection agencies, other financial institutions and other information providers, and from publicly available sources including population registers, company registration offices, enforcement authorities, as well as services such as LinkedIn.

Other external resources from which we may collect information are sanctions lists and other commercial information providers providing information on e.g., beneficial owners and politically exposed persons.

11. How Alaan uses information

We use information for business and commercial purposes in accordance with the practices described in this Policy. In addition, Alaan uses information to operate our services as follows:

  • Providing and Maintaining Our Services, Website and Business. To provide, operate and manage our Services, Website and other parts of our Business, including to perform customer validation and enable you to use cards and our other payment tools, verify financial information to establish spend limits, prevent or address technical issues and disruptions, and analyze and monitor usage and activities.
  • Communicating with You. To send you notices, updates, security alerts, information regarding changes to our policies and terms, and support administrative messages.
  • Security and Fraud Prevention. To maintain the safety and security of our Business and manage risk, including identifying and troubleshooting any issues with the Services, investigating suspicious activity, detecting and preventing potentially fraudulent or unauthorized transactions and breaches of policies and terms, and threats of harm, including in an automated fashion.
  • Legal Obligations and Enforcing Our Rights To fulfill legal, regulatory and contractual obligations, including when cooperating with government authorities, courts and regulators in accordance with applicable law, maintaining records to demonstrate compliance with applicable law and regulation, protecting our legal rights and pursuing remedies available to us.
  • Developing and Improving Our Business. To make the Services and other aspects of our Business as useful as possible for customers, including by improving and expanding our products and operations. For example, we may develop or improve Services by analyzing how you use features, the documentation you submit or information associated with your transactions.
  • Auditing and Research. To conduct internal reporting, auditing, and research, including focus groups and surveys.
  • Marketing and Advertising. To develop, send and measure advertising, direct marketing, and communications about our products, offers, promotions, rewards, events, and Services. We may also use information to engage in personalized advertising, including Interest-based Advertising (discussed further below in the "Analytics and Advertising" section).
  • Generating Aggregate or De-identified Information. To develop de-identified information by removing or masking information that could be used to identify you and by aggregating or combining information with other information.
  • At Your Direction. To fulfill any other purpose at your direction, including as expressed through your or your Company's use of Services functionality.
  • With Notice to You and Your Consent. We may otherwise use the information we collect after providing notice to you and obtaining your consent.

Notwithstanding the above, we may use information that does not identify you for any purpose permitted by law or contractual obligation applicable to us.

12. Ways we will never use personal data

We will never use your personal data for any other purposes than those listed in this Privacy Policy. The only exception being if we obtain your written consent, or inform you of a new purpose for processing that is also compatible with the original purpose for which we collected the personal data, in accordance with applicable laws and regulations. We will not share personal data with third parties for them to use for their own marketing purposes without ensuring that there is a lawful ground to do so. We do not sell your personal data to third parties.

13. Policy regarding sharing of data with third parties

13.1. Third party service providers

Where necessary to provide our services we may disclose personal data about you to identify you and perform an assignment or agreement with companies that we cooperate with in order to perform our services. These services include, but are not limited to, secure identification solutions and between parties in the financial system such as banks. Our designated banks and relevant card networks may also come to process your personal data for their own fraud prevention and risk management.

13.2. Authorities

We also disclose personal data to authorities to the extent we are under a statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our services, e.g., revenue or tax authorities, as required by law, which may include personal data such as your name, address and information regarding card transactions processed by us on your behalf through your use of our services.

14. Security and integrity

We take security seriously. We always process personal data in accordance with applicable laws and regulations, and we have implemented appropriate technical and organizational security measures to prevent that your personal data is used for non-legitimate purposes or disclosed to unauthorized third parties and otherwise protected from misuse, loss, alteration or destruction. The technical and organizational measures that we have implemented are designed to ensure a level of security appropriate to the risks that are associated with our data processing activities, in particular accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data including access control to premises, facilities, systems and data, disclosure control, input control, job control, availability control and segregation control.

15. Storage of personal data

We will not process personal data for a longer period than is necessary for fulfilling the purpose of such processing during the tenure of our relationship, as set out in this Privacy Policy. Your personal data will be anonymized or deleted once it is no longer relevant for the purposes for which it was collected. We only retain your personal data to ensure compliance with our legal and regulatory requirements. If we keep your data for other purposes than those of the performance of a contract, such as anti-money laundering purposes, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.

16. Change to our Privacy Policy

Any changes we make to our privacy policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

17. Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to dpo@alaan.com or +966112502763. Additional communication channels can be found at www.alaan.com/help.

If your company has expenses, Alaan is the solution for you.

More control   |   More savings   |   More automation
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dark purple Alaan Visa Platinum Business card on a two-tone purple surface.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

RejectAccept
Preferences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences