Privacy Policy

About the Platform

Moneydo Platform ("the Platform") is owned by MoneyDo Arabia Limited Company, which is a Limited Liability Company, authorized by the Capital Market Authority's FinTech Lab in the Kingdom of Saudi Arabia to operate a digital platform for the distribution of investment fund units and real estate investment fund units, and registered under Commercial Registration No. 1009087531 dated 16/02/1446H ("the Company").

The Company's activity is represented in operating a digital platform specialized in the distribution of investment fund units, enabling fund managers to showcase their funds on the platform and allowing investors to explore available opportunities, register, and subscribe easily, in full compliance with the regulations of the Capital Market Authority.

MoneyDo provides a trusted and secure environment that connects fund managers with investors through modern technologies and automated services that enhance distribution efficiency and simplify subscription management.

The Company provides its services to both natural and legal persons. Hereinafter, it is referred to as "the Company."

Your Privacy Matters to Us

Your privacy is our priority. Therefore, we have crafted this privacy policy in a clear and easy-to-understand manner to help you understand who we are, what personal data we collect about you, the purpose of collecting such data, and how it is processed. Additionally:

• We do not collect any personal data from you without your consent, and only as outlined in this policy.
• This policy is continuously reviewed to ensure its alignment with updates to relevant laws and users will be notified when it is updated accordingly.

The term "personal data" refers to any information that can identify you directly or indirectly, including but not limited to: name, personal identification number, addresses, contact numbers, license numbers, registration numbers, personal property, an individual's static still or moving images of the individual, and any other personal information.

What Personal Data Do We Collect?

In accordance with the "Know Your Customer" principle and the regulations and laws of the Capital Market Authority, the Anti-Money Laundering and Counter-Terrorism Financing Law, and the information required to verify the client, the company is required to collect certain data, including data that is collected (directly) from the client, which includes all the information provided during the creation of an investment account, and/or any data required by the company for the purpose of providing any of the contracted services. This may include, for example:

Personal Data

Includes full name, date of birth, identification number, passport number, marital status, family members, gender, education level, nationality, email address, mailing address, office location, residential address, and phone number, criminal record, medical record, relationship with second-degree relatives.

Employment Data

Includes education level, employment status, employer name, business sector and job title.

Financial Data

Includes bank account details, Card number, income information, net worth, financial transaction history, tax information, credit scores, and investment preferences, Investment Experience.

Communications

Includes recorded phone calls and email conversations with clients through the Customer Care Department.

To verify the information or to facilitate access to it, the user — whether in a personal or institutional capacity — agrees to authorize and grant the Company all necessary permissions to request, obtain, and exchange any relevant data (including but not limited to credit, financial, legal, and other information) from any related entity (including but not limited to: Elm Company, Thiqa, the Saudi Credit Bureau (SIMAH), Bayan Credit Bureau, and open banking/financial institutions). The user also agrees to the exchange of data/information with service providers inside or outside the Kingdom as deemed necessary by the Company.

Additionally, we may collect information and data (indirectly) from the client, such as the user's IP address, browser type, browser version, the website service pages visited by users, the date and time of the visit, the duration of time each user spends on those pages, this may also include device-related information and data such as device type, device identifier, and other related data.

The company may occasionally need to contact users directly via email and/or contact numbers to discuss necessary details related to data processing in order to complete the service provided by the company.

Legal Basis for Collecting and Processing Your Personal Data

We process your data based on one or more of the following legal grounds:

• Your explicit consent.
• The performance of a contract to which you are a party.
• Compliance with a legal or regulatory obligation.
• A legitimate interest that does not conflict with your rights.
• To protect your vital interests or those of others.

Purpose of Collecting and Processing Your Personal Data

We process the personal data obtained for any of the following purposes:

• Processing personal and financial data to comply with laws and regulations, including identity verification, Know Your Customer (KYC) requirements, anti-money laundering, regulatory reporting, and data sharing with competent authorities.
• Managing the client relationship through account opening and updates, responding to inquiries and requests, and executing financial transactions such as deposits, withdrawals, transfers, subscriptions, and redemptions.
• Providing investment services related to asset management, custody, brokerage, trading and arranging — whether inside or outside the Kingdom — including sharing data with relevant partners to deliver such services.
• Using data for business analysis, statistical and market research to develop and enhance service quality and user experience, in addition to inviting you to participate in surveys and provide feedback to improve your experience with us.
• Implementing cybersecurity and protection measures to safeguard client accounts and data from fraud or unauthorized use.
• Using personal data in marketing activities to offer customized financial products and services tailored to the client's needs and preferences.
• Sending account or portfolio-related notifications, and providing awareness and guidance materials related to cybersecurity and best investment practices.

We may also process your data for additional purposes if:

• You have given your consent.
• The data is publicly available.
• It is necessary for your protection or public health.
• The data is anonymized.

How Do We Store Your Personal Data?

The company stores your personal data in the Kingdom of Saudi Arabia in a secure and reliable environment. Additionally, administrative, organizational, and technical safeguards are employed when storing your personal data. The data is retained in accordance with our legal obligations and is destroyed once the purpose of its collection has been fulfilled and the legal retention period has expired.

Will Your Personal Data Be Shared with Other Parties?

Your personal data will not be disclosed or shared with other parties except with your consent or where required by law. However, the company may disclose and share information and data as follows:

• If disclosure is required by any applicable law, regulation, or legislative authority in the Kingdom of Saudi Arabia.
• If disclosure is required or made by the company based on the "need to know" principle by managers, employees, consultants, accountants, or affiliated parties or based on a contractual relationship who contribute to providing any of the services.
• If disclosure is required or made by the company as a result of any business transactions such as sales, purchases, acquisitions, or mergers.
• If disclosure is required to any of the affiliated or sister companies.

The website may contain links to other websites, and the company is not responsible for the privacy practices or the content of those third-party websites. Therefore, we strongly recommend reviewing the privacy policies of all websites you visit to understand how they handle personal data.

How Is Your Personal Data Protected?

The company is strictly committed to respecting users' privacy and protecting any personal information collected during the use of the website. In the event of a data breach, the company will notify the relevant authorities immediately upon discovering the incident, in accordance with the applicable regulations and laws. The company will also inform you by providing a detailed description of the incident, including the data leak details, potential impacts, and the actions taken to mitigate these effects, as well as preventive measures to limit its consequences.

You will be contacted by the Data Protection Officer, along with recommendations and guidance to help you take the necessary steps to reduce risks.

Your Rights Regarding the Processing of Your Personal Data

Under the Personal Data Protection Law, which outlines the rights of data subjects, the company enables you to exercise the following rights:

• Right to Be Informed: This includes informing you of the legal basis for collecting your personal data, the purpose of its collection, and ensuring that your data is not processed later in a manner that conflicts with the purpose of its collection or for any purposes other than those specified in Article 10 of the Personal Data Protection Law.
• The Right to Access Your Personal Data: You have the right to the extent permitted by applicable regulations, to access and review your personal data held by the Company. A dedicated page has been made available by the Company to allow you to do so directly.
• The Right to Request a Copy of Your Personal Data: You have the right, to the extent permitted by applicable regulations, to request and obtain a copy of your personal data held by the Company. A dedicated page has been made available by the Company to allow you to do so directly.
• Right to Request Correction of Your Personal Data: You have the right to request the Company to amend and update your personal data if it is inaccurate, incorrect, or incomplete. This can be done by directly requesting an update through the "Update Personal Information" section on the website or by contacting customer service via email at Support@moneydo.sa. Your request will be reviewed, updated, and you will be notified of the changes.
• Right to Withdraw Consent: The client has the right to withdraw their consent to the processing of their personal data at any time, to the extent permitted by applicable regulations, unless there are legal justifications or legitimate purposes that require the continuation of processing. The Company must be notified of such withdrawal through the communication channels specified in the Privacy Policy.
• The Right to Request the Erasure of Your Personal Data: According to the regulations and rules of the Capital Market Authority, the company is not permitted to delete any personal data and is required to retain it for the legally prescribed periods.
• Right to File a Complaint: If you are unable to exercise the rights outlined in the privacy policy, or if your privacy is violated or your personal data is exposed, you have the right to file a complaint.

How to File a Complaint or Objection?

If you have concerns regarding your personal data or if we fail to comply with the Personal Data Protection Law, you can file a complaint by contacting the Personal Data Protection Officer at the following email address: