1. Terms and Definitions

Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data : means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. 

International transfer: means the transmission of personal data to the territory of a foreign country or region, a public authority of a foreign state, foreign individual, or foreign legal entity. 

2. Legal Grounds to Processing of Personal Data

we will process your personal data only where there are legal grounds to do so. Those grounds include the following:
  1. Consent: You have provided your consent to the processing of your personal data.
  2. Legal situations: The processing of your personal data is required or authorized by applicable laws, or relates to suspected unlawful activity, serious misconduct, legal proceedings, or law enforcement.
  3. Reasonable expectations
The processing of your personal data is necessary for the purposes of our legitimate interests. We believe that our processing of your personal data is within our legitimate interests and within your reasonable expectations in a number of situations, including but not limited to: To help us understand our customers better and provide improved, more relevant services to them; To ensure that our Services run smoothly; To help us keep our systems secure and prevent unauthorized access or cyber-attacks.

3. Information We Collect

  1. Contact information (such as name, address, city, state and postal code, email address, and Mobile number).
  2. Vehicle information (such as vehicle identification number (VIN), make, model, model year, servicing dealer, date of purchase or lease, and service history)
  3. Vehicle performance data (such as engine and transmission performance, vehicle camera images, and airbag deployment conditions or crash or near-crash information about how a vehicle’s system performed)
  4. Non-credit-related marketing profile information (such as when you plan to purchase or lease; the vehicle in which you’re interested)
  5. Relationships you have with Geely in addition to the purchase and servicing of your vehicle incentive eligibility verification information.
  6. Payment and SMS gateway information (such as name, address, phone number, email address, order details, billing address, gift details, Location, ID/Iqama, License expiry details)
  7. Finance information(such as salary certificate, bank statement , gosi certificate)

4. Purposes of Processing of Personal Data

We will process your personal data to fulfill the following purposes:

a. Operate our Services: We process collected personal data to

  1. provide, maintain, improve, protect, and develop all of our services, products, content, and advertisements;
  2. register to visit our website.
  3. provide car purchase consulting services.
  4. provide car purchase after sale, maintenance services.
  5. provide you with payment services
  6. send notices to you of our software updates, updated policies, or other information that we believe may be important to you.
  7. Analyze and develop data and information on the use of our services and products to provide better services and products.
  8. Interact with you about your device, services, or any of your questions and requests.

b. Understand how you use our products: We may use the information to understand how you use our products/services.

c.Account management: We may use information (including your personal information) to register and close your account, maintain, and update our records, and do similar activities in connection with our Services.

We may not be able to do these things without your personal data. For example, we may not be able to communicate with you and deal with your inquiries.

5. Ways of Processing of Personal Data

We will carry out the following operations on your personal data: collection, recording, systematization, accumulation, storage, alteration (update, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, and deletion (destruction) of personal data.

we will not take any decisions involving the use of algorithms or profiling that significantly affect you.

We are required to ensure such processing is subject to suitable safeguards, including reasonable steps to ensure personal data is accurate, complete, up-to-date, and relevant, and your rights to access and correct personal data about you.

6. How We Protect and Store Your Personal Data

We will take security measures to protect your information, including but not limited to administrative, technical, and physical measures. However, please note that although we have implemented these measures, there is no security measure that can guarantee the absolute safety and security of your information. If you believe that your log-in credentials have been compromised, please contact us at once.

When you use our conduct, the personal data you share is visible to other users and in some cases search engines and the public and can be read, collected, used, and retained by those other parties. You are responsible for the personal data you choose to share or submit in these instances. It is your responsibility to make sure that your personal data is accurate.

Below are some examples of data security measures we undertake:

  1. Ensuring the security of the premises where the information systems used to process personal data are located. Such security shall prevent any uncontrolled access to such premises by persons having no rights to access such premises.
  2. Using technical means to protect the information including but not limited to encryption and anonymization techniques.
  3. Approving the list of persons who are authorized to access the information systems where the personal data are processed.
  4. Assessing the effectiveness of measures taken to ensure the security of personal data.
  5. Detecting instances of unauthorized access to personal data and taking appropriate measures to mitigate the effects of such unauthorized access.
  6. Taking all practicable measures to restore personal data which have been modified or destroyed as a result of unauthorized access.
  7. Establishing rules for access to personal data being processed in our information systems and recording all processing actions performed on personal data contained in our information systems.

 

The personal data collected about you will be stored in the data centre of AWS server located locally in the Middle East.

We process your personal data for as long as is necessary to fulfill the purpose of its processing. We will terminate the processing of your personal data if you withdraw your consent unless we are entitled (or obliged) to continue processing your personal data on other legal grounds.

When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems, unless the personal data is required to be stored for longer periods (e.g. for archiving purposes in the public interest, or for scientific or historical research purposes). While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example, if it is waiting to be overwritten. For our purposes, such data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

7. How We Share, Transfer, and Publicly Disclose Your Personal Data

  1. We may share your personal information:
  2. in order to comply with applicable laws or regulations;
  3. in order to comply with a court order, subpoena, or another legal process.
  4. in response to a request by a government authority, law enforcement agency, or similar body (whether situated in your jurisdiction or elsewhere)
  5. where we believe it is reasonably necessary to comply with applicable laws or regulations;
  6. in order to enforce the translation services and service enhancements.

 

In accordance with legal requirements, legal procedures, litigation, and/or requests from public agencies and government agencies, we may need to disclose your personal information. If the disclosure is necessary or appropriate for national security, law enforcement, or other matters of public importance, we may also disclose information about you. In order to enforce our terms or protect our business, rights, assets, or services, or to protect users, or if the disclosure is reasonably necessary for the following purposes (detecting, preventing, and resolving fraud, unauthorized use of the services, violations of our terms or policies, or other harmful or illegal activities), we may also disclose information about you.

We will only publicly disclose your personal information under the following circumstances:

  1. Where we have obtained your explicit consent;
  2. Public disclosure based on law or reasonable grounds: including laws and regulations, legal procedures, litigation, or at the request of the competent government departments.

8. Your Rights

Being a data subject, you have other rights with respect to your personal data in accordance with relevant laws. You can exercise your rights by sending your request to [email protected] or calling 920000525 as set out in the Contact Us section of this Privacy Policy. We shall at no time however be responsible for the authenticity of the information you provide. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

This Privacy Policy requires that your request satisfy applicable laws and regulations and the following conditions:

(1) Through our exclusive access of request and for the protection of your information security, your request should be in writing (unless the local law explicitly recognizes the oral request);

(2) Provide sufficient information to enable us to verify your identity and ensure that the applicant is the subject or legally authorized person of the requested information.

Once we obtain sufficient information to confirm that your request can be processed, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws.

When you make a request, we need to obtain your personal information (such as account information, etc.) to verify your identity. After successful verification, you can exercise your rights according to your needs. You have the following rights in relation to your personal data:

a.Right to know

Before the collection of personal data, you have the right to know the following information:

  1. The purposes of the processing of your personal data;
  2. The categories of personal data collected;
  3. The name of the data operator handling personal information;
  4. The procedure of dealing with the rights of data subjects;
  5. Channels and procedures for handling complaints of data subjects.

The data subject shall be informed before changing the purpose for which personal information is to be used.

b.Right to access

You may ask us for a copy of the information we hold about you at any time. You may also access and update the details relating to personal information by logging into your account.

If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

c.Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you.

d.Right to erasure

You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists where:

  1. It is no longer necessary for us to process your personal data;
  2. You have withdrawn your consent to us using your personal data, and there is no other valid reason for us to continue;
  3. The personal data has been processed unlawfully;
  4. It is necessary for the personal data to be erased in order for us to comply with our obligations under law; or
  5. You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of personal data we will take all reasonably practicable steps to delete the relevant personal data.

If the right is upheld, we may not be able to immediately remove the information from the backup system due to applicable legal and security technologies. If this is the case, we will securely store your personal information and isolate it from any further processing until the backup can be cleared or be made anonymous.

e.Right to withdraw consent

Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your personal data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your personal data for that purpose, in which case we will inform you of this basis.

You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. To do this, please call 920000525 or send your withdrawal request to [email protected] ,Your personal data will be deleted within a reasonable time period after receipt of your withdrawal. We draw your attention to the fact that we may continue processing your personal data if we are entitled (or obliged) to continue processing your personal data on other legal grounds.

9. Minor’s Privacy

We will not apply for minors to directly register the account for the platform. If you are a minor as defined by applicable laws, please read carefully and fully understand this policy with your parent or guardian, and use the products and/or services with the consent of the parent or guardian.

If we accidentally collect a child’s personal data without verified prior consent from the child’s parents, we will attempt to delete the data as soon as possible. If you believe a minor has provided personal data to us without parental or guardian consent, please contact us.

10. International Transfer

As we provide products or services through resources and servers around the world, this means that, with your authorized consent, your personal information may be transferred to foreign jurisdictions in the country where you use the product or service or receive visits from these jurisdictions.

Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we will ensure that your personal information is adequately protected in AWS server located locally in the Middle East. For example, we may ask for your consent to the transfer of personal information across borders, or to implement security measures such as data de-identification prior to cross-border data transfer.

11. Cookies

When you use our services, we may use cookies and similar technologies to provide you with a better, faster, and safer user experience. These technologies are used to analyze trends, track your activity, and gather statistical information about the entire user population. We will receive individual or aggregate analysis reports collected by the above techniques. These technologies help us better understand your behavior, enable us to see which parts of our application you are viewing, and improve functionality.

A short text file that a visited website sends to the browser. It allows the web to record information on your visit, for example, the preferred language and other settings. The next visit to the website thus may be easier and more productive. Cookie files are important. Without them, web browsing would be much more complicated.

Similarly, we may also place web beacons in our emails to measure the effectiveness of our email campaigns by identifying the individuals who open or act upon an email message, when an email message is opened, how many times an email message is forwarded, the type of software, device, operating system, and browser used to deliver the email and any URL accessed through our email message.

12. Notification Regarding Updates

We review the Privacy Policy periodically based on changes in business and technology, and we may update this Privacy Policy. In the event of any material changes to our Privacy Policy, you will be notified via our website, e-mail, or other available approaches. Such changes to Privacy Policy will apply from the effective date specified in the notice or website. We strongly suggest you read the latest information on our privacy practices. Your continued use of the services will be deemed an acknowledgment of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or the way we handle your personal data which have not been answered in this Privacy Policy, you may call 920000525 or email us at [email protected]. We will reply to you within 30 days. You can also contact us by writing to this address:

Name: Wallan Group

Address: 2833 Northern Ring Branch Rd, Al Muruj, Riyadh 12283

City: Riyadh

Prefecture: Riyadh

Country: Saudi Arabia

Post code: 12283

Number: 920000525