Icon's Slot (1)Icon (3) erApp Gallery icon

Privacy Policy

Your security is our priority. At Go Money, we will never sell or share your personal information with third-party marketers.

1.Introduction

GO Money, a SAMA-regulated financial technology institution, processes personal data through its website in compliance with the Personal Data Protection Law (PDPL) issued by SDAIA, and subject to SAMA Cybersecurity Framework and ISO/IEC 27001 standards. This policy sets out how GO Money collects, uses, stores, and protects your data when interacting with its website.

1.1. Who We Are

We are GO Money, a financial technology company operating in the Kingdom of Saudi Arabia. Address: Riyadh, King Abdullah Road

Email: Support@gomoney.com.sa

Phone: 8001111166

For any privacy-related concerns, you may contact our Data Privacy Officer via the above details.

2.How We Use Your Personal Data

2.1 When You Use Our Website

We collect information through cookies and similar technologies. Some cookies are essential for site functionality, while others help improve user experience.

  • Strictly Necessary Cookies
    • Used without requiring consent.
  • Optional Cookies
    • Used with your explicit consent.
  • Third-Party Cookies
    • May include analytics or tracking services, placed with your consent.

2.2 When You Submit an Enquiry

When you submit a query through our website:

  • We collect your name, contact number, and email.
  • Purpose: Respond to your enquiry.
  • Legal Basis: Legitimate Interest (Article 6(4), PDPL) or Consent if applicable.
  • Storage: Stored securely on servers within the Kingdom or as approved by SDAIA’s cross-border guidelines.

Retention: 2 years for inquiries; 7 years for archived data.

2.3 When You Conduct a Transaction

When you complete a transaction, we collect:

  • Full name, contact details, payment information, IP address.

Purpose:

  • Verify identity and fulfill financial obligations.

Legal Basis:

  • Contractual Necessity (PDPL Article 6(2)).
  • Legal Obligation under financial regulations enforced by SAMA.

Payment information is processed by licensed third-party providers under secure, encrypted environments. Credit card details are not retained.

Retention: Invoices and payment records are retained for 10 years per SAMA recordkeeping obligations.

 

2.4 When You Consent to Specific Services

Examples:

  • Newsletter subscriptions
  • Webinars
  • Downloadable tools or whitepapers

    Each of these services:

  • Will explicitly state what data is collected
  • Will require clear affirmative consent
  • Include opt-out mechanisms.

2.6 Security and Compliance

  • CCTV systems must be subject to periodic testing and validation under SAMA CSF Domain 6 (Security Operations).
  • All access, changes, or footage exports must be logged and monitored.
  • Breaches or unauthorized access involving CCTV data must follow GO Money’s Personal Data Breach Notification Procedure under PDPL Article 22.

3.Your Rights Under PDPL

Under the PDPL, you have the right to:

  • Access and obtain a copy of your personal data
  • Request correction or deletion of inaccurate or outdated data
  • Withdraw consent where processing is based on consent
  • Object to certain processing activities
  • File a complaint with SDAIA

To exercise these rights, contact us via the contact information in Section 2.

4.International Transfers

If personal data is transferred outside the Kingdom:

  • A risk assessment will be conducted per SDAIA’s Cross-Border Transfer Regulation.
  • Standard contractual clauses or binding corporate rules will be used.
  • Only countries offering adequate protection or based on SDAIA-approved exceptions will be used.

5.Updates to This Policy

This policy will be reviewed at least annually and updated as required to comply with PDPL and other applicable regulations. Significant changes will be communicated through our website or email.

6.Complaints and Escalations

We encourage users to first contact us directly regarding any concerns. If unresolved, complaints may be escalated to:

  • Saudi Data and Artificial Intelligence Authority (SDAIA)
  • PDPL Supervisory Authority

We encourage users to first contact us directly regarding any concerns. If unresolved, complaints may be escalated to:

  • Saudi Data and Artificial Intelligence Authority (SDAIA)
  • PDPL Supervisory Authority

7.References

  • Personal Data Protection Law (PDPL), Royal Decree M/19
  • SDAIA Executive Regulations (March 2023)
  • SDAIA Cross-Border Data Transfer Regulations
  • SDAIA Transparency Guidelines
  • SAMA Cybersecurity Framework (CSF)
  • National Cybersecurity Authority (NCA) Essential Cybersecurity Controls
  • ISO/IEC 27001