• Article 1: Definitions and Interpretation
• Article 2: Personal data collected
• Article 3: General Provisions Concerning the Rights of Personal Data Subjects
• Article 4: Collecting personal data purposes
• Article 5: Methods for Submitting Data Subjects’ Requests
• Article 6: How to collect personal data
• Article 7: Consent
• Article 8: Processing for Legitimate Interests
• Article 9: Storage of personal data
• Article 10: Personal data protection
• Article 11: Personal data disclosure
• Article 12: Changes to the privacy policy
• Article 13: User of HTTP cookies
• Article 14: Contact with the company
• Article 15: Disclaimer

1. The following terms, wherever they appear in this policy, have the meanings given next to each of them, as follows:
   1. The terms mentioned in the website terms and conditions shall have the same meanings in this policy.
   2. Personal data: shall mean data that may lead to the identification of a person, directly or indirectly, including but not limited to: first name, last name or last name, Saudi national ID number, addresses, phone number, and bank account number.
   3. Explicit Consent: Consent that is granted directly and explicitly by the owner of the personal data in any documented form, indicating their acceptance of the processing of their personal data in a manner that cannot be interpreted otherwise. Such consent must be verifiable.
   4. Sensitive Data: Refers to any personal data that reveals racial origin, religious, intellectual, political, health, genetic, biometric or criminal information, or any data related to children, or any other data classified as sensitive under applicable laws.
   5. Processing: Refers to any operation or set of operations performed on personal data, whether by automated or non-automated means, including but not limited to: collection, recording, storage, alteration, availability, transfer, publication, erasure, or destruction.
   6. Controller: The entity that, alone or jointly with others, determines the purposes and means of processing personal data. The Lending Hub is the Controller of the personal data covered under this Policy.
   7. Processor: Any party that processes personal data on behalf of the Controller, following the Controller’s instructions. The Saudi Credit Bureau (SIMAH) is an approved Processor in relation to creditworthiness assessment.
   8. Data Subject: The natural person to whom the personal data relates, whether a customer, user, or visitor.
   9. Cookies: Small text files stored on the user’s device when visiting the website, used to improve user experience or enable certain features and functionalities.
2. Reference to “the company”, “we”, or “us”, individually and collectively, includes all branches that collect and use your personal data within the kingdom of saudi arabia.

The data we collect varies based on what it is used for, and the following are examples of the data we collect:

1. Data collected through application forms, questionnaires, or other documents or communications. Such as, but not limited to, full name, date of birth, and ID numbers.
2. Data is voluntarily provided by the data subject.
3. Data required to benefit from the company's services.
4. Data about your transactions and products with us, such as account activity and use of the products.
5. Data collected through your use of our services, websites or mobile applications (such as HTTP cookies.
6. Data exchanged as we communicate with you, such as customer service requests and visuals we receive from you either through our websites, mobile applications, social media accounts, or any channels we use to communicate with customers.

The Company, acting as the data controller, shall, upon receiving a request from a personal data subject regarding their rights, proceed as follows:

1. Execution of Rights Requests:
   The Company shall execute requests to exercise the rights provided under the Personal Data Protection System within a period not exceeding thirty (30) days without delay. This period may be extended if the execution requires unexpected or unusual additional effort, or if the Company receives multiple requests from the same individual. The data subject will be notified in advance of any extension along with the reasons for it, provided that the extension does not exceed an additional thirty (30) days.
2. Adoption of Appropriate Means:
   The Company shall implement the necessary technical, administrative, and organizational measures to ensure a prompt response to requests for exercising rights.
3. Right to Access Personal Data
   The data subject has the right to access their personal data held by the Company, whether through the control panel in the application or by submitting a formal request via the communication channels specified in this policy. If an access request is submitted, the Company is committed to processing it within no more than twenty-one (21) business days, unless the nature or volume of the request requires extending the period in accordance with applicable regulations.
4. Correction of Personal Data
   Requests to correct personal data will only be processed by the Company after all required information in the correction form has been completed and its accuracy verified. Any related processing operations shall be temporarily suspended until the correction is finalized. 
5. Verification of Requestor's Identity:
   The Company shall take appropriate steps to verify the identity of the requestor prior to executing the request, in accordance with the applicable regulatory provisions.
6. Right to Request Deletion or Destruction of Personal Data
   The data subject has the right to request the deletion or destruction of their personal data that no longer has a legitimate or legal purpose, or if they withdraw their consent for its processing, in accordance with the Personal Data Protection Law, and without prejudice to any legal obligation to retain the data for a specific period as required by the directives of regulatory authorities such as the Saudi Central Bank (SAMA).
7. Documentation and Record-Keeping:
   All requests submitted, including verbal requests, shall be documented and maintained to ensure transparency and accountability.

In the event that a request is made repeatedly without justification or requires extraordinary effort to execute, the Company reserves the right not to process the request, provided that the reasons are clearly communicated to the data subject.

We collect and use personal data as required by the nature of the Services and business, so we use personal data in accordance with, but not limited to, the following:

1. To comply with any obligations and requirements issued by legal and regulatory authorities within the Kingdom of Saudi Arabia.
2. To allow us to provide products or services.
3. To protect you from fraud by conducting identity and credit checks or checking for no conflicts.
4. To improve our products and services and improve your experience of the services provided through our channels.
5. To understand your needs as a customer and your eligibility for products and services.
6. To promote new investment and financial products and services that may interest you.

The Company is committed to providing appropriate methods to receive and respond to its clients' requests regarding the exercise of their rights related to their personal data. Clients may choose one of the following options based on their preference and availability:

• Email: support@thelendinghub.sa
• Customer Service Number: 8001111970
• Applications: The Lending Hub application or via the following link: https://thelendinghub.sa/

There are several contact points that help us collect personal data, including but not limited to:

1. When establishing the relationship and use the service: When you use our services, become a user and benefit from our products
2. Sharing information: When completing a form and upload it to our website, mobile applications, email, and social media posts, by calling the customer center or participating in promotions.
3. Interaction (social media): When interacting with any posts, interaction, or any communication you conduct directly with us on social media channels.
4. Browsing pattern: This is data about how you explore our website, the timing of your visit, your browser types, and how you were referred to our website.
5. Surveys: - Online web surveys that enable us to gather opinions on topics relevant to our services. For example, what you like and don't like about the look and feel of our website and mobile apps. For the purpose of benefiting from your valuable feedback that enables us to improve the quality of the experience we provide to you.
6. Data provided by you personally
7. In legally acceptable cases, from third parties and public sources. Including government agencies and the Saudi Credit Information Company

The Company may engage a data processor, namely the Saudi Credit Information Company (SIMAH), for the purpose of creditworthiness assessment and related data processing, provided that the processor adheres to the privacy and information security standards applicable in the Kingdom of Saudi Arabia.

1. The Company is committed to obtaining explicit consent from the client before processing their personal data through any appropriate form or method, including written or electronic consent. The client cannot complete the registration process on the platform without explicitly agreeing to the terms and conditions and the privacy policy by checking the designated consent box after reviewing, understanding, and comprehending all the provisions.
2. The consent must meet the following conditions:
   
   • It must be given freely and without any misleading means.
   • The client must acknowledge their understanding and awareness of the purposes of collecting and processing personal data before providing consent.
   • The consent must be given by a person with full legal capacity.
3. Explicit consent is required in the following cases:
   
   • If the processing involves sensitive data.
   • If the processing involves credit data.
   • If decisions will be made entirely based on automated processing of personal data.
4. Withdrawing Consent:
   The user has the right to contact the Company directly if they wish to withdraw any previously given consent. The request will be reviewed and executed in accordance with the Personal Data Protection Law and its regulations, ensuring compliance with the Central Bank’s regulations and the Company’s internal policies. If the user withdraws their consent to process personal data, processing will be halted without undue delay. However, such withdrawal will not affect the legality of any processing carried out based on consent before its withdrawal.

The Company may process personal data to achieve a legitimate interest, provided that the following conditions are met:

1. The purpose of the processing must not violate any applicable regulations in the Kingdom.
2. A balance must be maintained between the rights and interests of data subjects and the Company’s legitimate interest, ensuring that the Company’s interest does not negatively impact the rights and interests of data subjects.
3. The processing must not involve any sensitive data.
4. The processing must align with the reasonable expectations of data subjects.

Legitimate interests include, but are not limited to:

1. Detecting fraud and ensuring network and information security.
2. Any other legitimate interests that meet the conditions stated in paragraph (1) of Article 16 of the Executive Regulations of the Personal Data Protection Law.

Your personal data shall be:

1. Kept for as long as necessary to achieve the purpose for which it was collected.
2. Kept inside Kingdom of Saudi Arabia
3. Kept to meet any legal and regulatory requirements
4. Kept for a period not exceeding ten (10) years from the end of the contractual relationship, unless otherwise required by applicable regulations. After this period, the data will be securely deleted or destroyed. 
5. Not transferred or stored outside the Kingdom of Saudi Arabia.
6. If fulfilling a personal data correction request requires the submission of supporting documents from the data subject, the Company shall retain these documents in the customer’s file in accordance with the requirements of regulatory authorities in the Kingdom, including the directives of the Saudi Central Bank. No documents shall be destroyed or deleted before the expiry of the statutory retention period, even if the verification purpose has been completed.

The Company is committed to protecting personal data by implementing appropriate physical, technical, administrative, and organizational security measures. These measures are designed to prevent unauthorized access, collection, use, disclosure, copying, modification, or destruction of personal data.

Data protection is carried out in accordance with the personal data protection laws and regulations in force in the Kingdom of Saudi Arabia.

The Company adopts appropriate techniques to anonymize the personal data subject in cases where data processing is required for statistical, analytical, or participatory purposes without the need for direct or indirect identification. The Company is committed to periodically reviewing and updating its anonymization methods and techniques to keep pace with technological changes and developments. Periodic assessments are also conducted to evaluate the effectiveness of these techniques, and necessary measures are taken to ensure that re-identifying the data subject after anonymization is not possible, in accordance with best technical practices and the approved information security standards in the Kingdom.

The Company disclaims any liability for technical errors or breaches beyond its control or the control of its employees, which may result in the leakage of personal data through its website or mobile applications.

1. We may share personal data with any of the parties listed below:
   • Any court or any governmental or regulatory body to comply with any obligations and requirements issued by legal and regulatory bodies inside the Kingdom of Saudi Arabia.
   • Any debt collection agent, entity licensed to provide credit information service, or insurance company.
   • The Company or any associated service provider for the purpose of providing you with products or services, improving our products, services and your experience through our Channels, and promoting new financial investment products and services that may be of interest to you.
2. You may be contacted and/or submitted notices to you via various channels such as SMS, email and/or telephone regarding our products and services.
3. The Company may disclose personal data to approved external parties solely within the scope of the legitimate purpose for which the data was collected, and in accordance with the principle of minimizing the required data. Disclosure shall be made after obtaining the necessary regulatory approvals or the consent of the data subject, unless there is another legal basis that permits it.
4. The Company commits to dealing only with external service providers who demonstrate competence and reliability. Its relationship with them is governed by contracts that clearly stipulate obligations to protect data privacy and process it in compliance with applicable regulations. The Company also conducts periodic reviews and evaluations to ensure these parties adhere to privacy and security standards.
5. If corrections are made to personal data previously disclosed to external parties, the Company, whenever possible, shall notify those parties of the updates to ensure that the data remains accurate, complete, and aligned with the purposes of lawful processing.

The Company reserves the right to amend or update this Privacy Policy at any time, in accordance with applicable legal and regulatory requirements. Users will be notified of any material changes through official communication channels, such as email or in-app notifications.

Continued use of the Company's services after such changes have been published shall be deemed as implicit acceptance of the updated policy.

To improve our customers' experience, The Company uses HTTP cookies to enhance the user experience on its websites. Cookies are standard small text files stored on your device when you visit our website, and they help us collect information such as visited pages, browsing duration, browser type, and referral sources.

This information may include personal data and is used strictly for legitimate purposes, such as improving services, analyzing performance, and personalizing content.

You may manage your cookie preferences through your browser settings. Continued use of our website constitutes implied consent to the use of cookies unless you choose to disable them.

If you have any inquiries or wish to exercise your rights regarding your personal data, you may contact us through any of the following official channels:

1. Email: support@thelendinghub.sa 
2. Customer Service Number: 8001111970 
3. Website: https://thelendinghub.sa 
4. Mobile Application: The Lending Hub 
5. Official Social Media Accounts: As published on our website 
6. Live Chat: Available on our website and mobile application 

The Company is committed to responding to all inquiries and requests as promptly as possible and within the timeframes defined by applicable regulations.

This Privacy Policy does not intend to create any contractual or legal rights of any kind, nor does it impose any financial obligations on the Company with respect to any third party or on behalf of any party.

When you access third-party websites, this Privacy Policy does not apply to those websites. The Company is not responsible for the content of any third-party websites and does not represent or endorse any such parties you may interact with.