The City Chamber places the confidentiality of the information of its users and visitors at the top of the priority list, and makes every effort to provide a high-quality service to all beneficiaries, and the privacy and confidentiality of the information described below is part of the terms and conditions of use of the investment platform. City Chamber does not collect personal information about you when you visit the Platform unless you specifically and willingly choose to provide such information to us. If you choose to provide your information, we use it only to fulfill your request for information or services in accordance with these policies, and by using the Investment Platform you agree to this privacy policy and confidentiality of information. Visitors to the investment platform and beneficiaries of the services must continuously review the terms and principles of privacy and confidentiality of information to know any updates made on them, knowing that the platform management is not required to announce any updates made on these terms and principles, and your use of the platform means that you know and agree to these terms and principles and what is It is constantly modified. City Chamber is not responsible under any circumstances for any direct, indirect, incidental, consequential, special or exceptional damages arising from the use or inability to use this platform.

• The privacy and confidentiality of information document has been prepared to help visitors and users understand the nature of the data collected from them when visiting the investment platform and how to deal with it.

• The management of the investment platform takes the appropriate and appropriate measures and measures to maintain the personal information it has in a secure manner that ensures its protection from loss, unauthorized access, misuse, or unauthorized modification and disclosure, and one of the most important measures in place in the investment platform is to protect the visitor's personal information :

   1. Strict procedures and measures to protect the security of the information and technology we use to prevent fraud and unauthorized access to our systems.
   2. Regular and periodic update of protection procedures and controls that meet or exceed the standard standards.
   3. Our employees are qualified and trained to respect the confidentiality of the personal information of our visitors

• Once the user visits the investment platform, the server of the platform records the user's IP address, the date and time of the visit and the URL of any website from which you are referred to the City Chamber site.
• Most websites, as soon as they are visited, place a small file on the hard disk of the visitor's device (browser), and this file is called "cookies", and cookies are text files, and these text files contain information that allows the site that deposited them to retrieve them. When needed during the user's next visit to the platform, and from this saved information:
   1. Remember a username and password.
   2. Save the page settings if that is available on the portal.
   3. Save the colors chosen by the user.
   4. Not allowing the same user to vote more than once.
• The browser (the visitor) may not have to enter the password on each visit, as the site's system will be able to discover it through cookies, or it may prevent the user from repeating the voting process if he has previously voted, and so on... On this basis, the site will use The information contained in cookies is for its own technical purposes when you visit it more than once, and the platform administration can change the information contained within the cookies or add new information whenever you log on to the platform.
• If you send us an email through the investment platform providing us with personal data, we may share the necessary data with other parties or departments, in order to serve you more effectively, and we will not share your personal data with non-governmental organizations unless they are authorized by the competent authorities To perform specific government services. By submitting your data and personal information through the website, you fully consent to the storage, processing and use of that data by the Saudi authorities. We reserve the right at all times to disclose any information to the relevant authorities, when it is necessary to comply with any law, regulation or governmental request.
• You are solely responsible for the completeness, correctness and truthfulness of the data you transmit through this site.

• In order for us to be able to help you protect your personal information, we recommend the following:
   1. Contact us immediately when you think that someone has obtained your password, usage code, password, or any other confidential information 920028910
   2. Do not give out confidential information over the phone or the Internet unless you know the identity of the person or party receiving the information.
   3. Use a secure browser when doing online transactions while closing unused applications on the network, and make sure your antivirus software is always up to date
   4. In the event of any inquiries or opinions about privacy principles, you can contact the portal administration via the contact form on the Contact Us page
   5. To safeguard your personal data, electronic storage and personal data transmitted are secured using appropriate security technologies
   6. This platform may contain electronic links to sites or portals that may use methods to protect information and its privacy different from the methods used by us, and we are not responsible for the contents, methods and privacy of these other sites, and we advise you to refer to the privacy notices of those sites.

When you inquire or request information about a specific service or in the event that you give additional information using any of the means of communication with the City Chamber, whether electronic or non-electronic, such as requesting an inquiry on our website, we will use your email address to respond to your inquiries, and it is possible Save your mail address, message and our response for quality control purposes, and we may do so for legal and regulatory purposes.

- Principle 1: Responsibility
    That the privacy policies and procedures of the controller are defined and documented, approved by the entity’s primary official (or his representative), and published to all parties concerned with their application.
- Principle 2: transparency
    That a notice be prepared about the privacy policies and procedures of the controller, specifying the purposes for which the personal data was processed, in a specific, clear and explicit manner
- Principle 3: Choice and Consent
    All possible options for the subject of personal data to be determined and to obtain their consent (implicit or express) regarding the collection, use or disclosure of their data.
- principle 4: limit data collection
    The collection of personal data is limited to the minimum amount of data that enables the purposes specified in the Privacy Notice.
- Principle 5: Limit Data Use, Retention, and Disposal
    That the processing of personal data be restricted to the purposes specified in the privacy notice for which the data subject provided his tacit or explicit consent, and keep it as long as necessary to achieve the specified purposes or as required by the laws, regulations and policies in force in the Kingdom and destroy it in a safe manner that prevents leakage, or loss, embezzlement, misuse, or unauthorized access.
- Principle 6: Access to data
    To identify and provide the means through which the data subject can access his personal data to review, update and correct it.
- Principle 7: Limiting data disclosure
    The disclosure of personal data to third parties is restricted to the purposes specified in the privacy notice for which the data subject has provided his express or tacit consent.
- Principle 8: data security
    That personal data be protected from leakage, damage, loss, misappropriation, misuse, modification or unauthorized access - in accordance with what is issued by the National Cyber Security Authority and the competent authorities.
- Principle 9: data quality
    That personal data be kept accurate, complete, and directly related to the purposes specified in the privacy notice.
- Principle 10: Monitoring and Compliance
    Monitor compliance with the controller's privacy policies and procedures, and address privacy inquiries, complaints, and disputes.

First: The right to be informed, and this includes notifying him of the legal basis or the actual need for collecting his personal data, and the purpose of that, and that his data not be processed later in a manner inconsistent with the purpose of its collection and for which he provided his tacit or explicit consent.
Second: The right to withdraw his consent to the processing of his personal data - at any time - unless there are legitimate purposes that require otherwise
Third: The right to access his personal data with the controller, in order to review it, request correction, completion, or update, request the destruction of what is no longer needed, and obtain a copy of it in a clear format

First: The regulatory authorities shall harmonize the provisions of this policy with their regulatory documents and circulate them to all their subsidiaries or affiliates in a manner that achieves integration and ensures the achievement of the desired goal of preparing this policy.
Second: Regulatory authorities periodically monitor compliance with this policy.
Third: The controlling authorities must comply with this policy and document compliance in accordance with the mechanisms and procedures specified by the regulatory authorities.
Fourth: Controllers must inform the regulatory authorities immediately and without delay, and no later than 72 hours from the occurrence or discovery of any personal data leakage incident in accordance with the mechanisms and procedures specified by the regulatory authorities.
Fifth: The controllers, when contracting with the processing entities, must periodically check the compliance of the processing entities with this policy in accordance with the mechanisms and procedures specified by the regulatory authorities, provided that this includes any subsequent contracts made by the processing entities.
Sixth: The office exercises the roles and tasks of regulatory authorities over control bodies that are not subject to regulatory bodies.
Seventh: Regulators have the right to set additional rules for processing specific types of personal data according to the nature and sensitivity of such data after coordination with the office.
Eighth: The regulatory authorities - after coordinating with the office - prepare the mechanisms and procedures that regulate the process of handling complaints according to a specific time frame and according to the organizational hierarchy of the authorities
Ninth: The office sets the necessary standards that help the controllers know whether appointing a data protection officer is a basic or optional requirement.