Tree Digital Insurance Agency
Privacy Policy
TREE digital insurance agency (hereby referred to as “TREE”, “we”, “our” or “us”) is committed to protecting and respecting your privacy.
This Privacy Notice applies to all employees, customers, visitors, third parties, and others (hereinafter referred to as “you” or the “user”) who access or use our digital platforms, such as websites, customer and employee portals and social media pages.
This notice (together with our Terms Of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Your personal data is processed only within the scope of the legal provisions of the Kingdom of Saudi Arabia’s Federal Data Protection Law (“PDPL”). In this privacy notice we provide you with information about the processing of your personal data and your rights as a data subject in the context of the steps taken by TREE to process your request. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Safeguarding your personal data is our main concern. We maintain physical, electronic and procedural safeguards that comply with applicable laws and regulations to secure your information from unauthorized access and use, accidental or unlawful alteration and destruction, and other unlawful or unauthorized forms of processing. We engage in the continuous training of our employees in the proper management of personal data. TREE has a code of conduct that has been approved by the TREE board. The code includes a section on confidentiality of information, which requires every TREE employee to keep business and internal information obtained in the course of their work confidential.
- We collect your personal data to the extent necessary to provide high-standard, customized products and services, in compliance with relevant regulations and laws. Failure to provide this information may affect your use of our website and the benefits of our products.
- We collect different kinds of information about you as shown below. In some cases, the information may not be personal by itself but where it is associated with other information from which you can be identified, we treat such information as personal information:
- Identity information may include your first name, last name, title and gender and the organization you represent (if any).
- Contact information includes your National Address, e-mail address and telephone numbers.
- Financial information includes your IBAN bank account.
- Technical information includes your internet protocol (IP) address, your login data to our website/ application, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access this website.
- Profile information includes your username and password of TREE portal.
- Usage information includes information about how you use our Websites, Apps, and services.
- Marketing and communications information includes your preferences in receiving marketing from us and your communication preferences.
- Recruitment information includes date of birth; gender; country of residence; nationality; details of your eligibility to work (including documents that we may collect to verify this); skills, qualifications, work history; photographs of you; any personal data which appears in your curriculum vitae or job application.
- We may collect some sensitive personal data as well about you, for example to process insurance claims, including but not limited to:
- Medical reports, death certificates
- In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.
- We use your information to deliver our products and services, carry out your instructions, and provide online insurance services and associated product and services.
- We may send certain communications such as welcome letters, billing reminders, information regarding your insurance contracts.
- Where we have your consent, we may use personal data we have about you such as your email address, mobile number, mailing address to deliver advertising to you directly or on our websites, provide updates on special deals and offers that might interest you.
- We may share your personal data with governmental systems, such as NAJM, which provides a unified accident record system, to comply with legal or regulatory requirements.
- We may need to record conversations you have with us including phone calls, face-to-face meetings, letters, emails, and any other kinds of communication. These recordings may be used to check your instructions to us and improve on our product and service delivery.
- We may need to use your personal and sensitive data for reasons of public interest, such as investigating fraudulent policyholder applications or claims, including large scale/organized fraudulent claims and anti-money laundering checks.
- We may collect your mobile data, such as location information, IMEI number, operating system, or your computer data, such as IP address for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
- In accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia, the legal basis we rely on to process your personal data in most cases are:
- Your Explicit Consent: When we obtain your consent to use your personal data for a specific activity. You have the absolute right to withdraw your consent by contacting us at any time using the contact information provided in the ‘Contact Us’ section of this privacy notice.
- Performance of a Contractual Obligation: Where we use your personal data to perform a contract or take steps to enter into a contract with you.
- Legitimate Interests or Objectives: Where we use your personal data to pursue our legitimate interests (or those of any other party), and these interests outweigh any impact on your data protection rights.
- Compliance with a Legal Obligation: Where we need to use your personal data to comply with relevant legal or regulatory obligations.
- Public Interest: Where the processing of your data is necessary for reasons related to substantial public interest, based on applicable law
- We may collect information from a range of sources, and it may relate to any of our products or services we currently provide or may have provided in the past.
- We collect personal data directly from you:
- Via our digital platforms, such as mobile applications, website, registration and claim forms or through phone conversation.
- When you purchase an insurance or any of our associated products and services.
- Via cookies on our website and digital platforms.
- When you use your login credentials for accessing online profile on the TREE portal, including collecting your IP address, operating system, and browser-type. We use this information for system administration or our own commercial purposes.
- When we seek information about your credit history from credit bureaus.
- Directly from your employer who has a policy with us under which you are insured.
- We may collect your personal data from different external sources, including:
- Aggregators, such as price comparison websites.
- At TREE, we, in efforts to provide you with excellent products and services, may need to outsource our product delivery, this will be done in line with relevant regulations and law. We may need to disclose your personal information outside TREE if we believe such action is necessary to:
- We may share your personal information with determined third parties, including:
- Provide improved services and experience to our customers.
- Comply with the law or legal process.
- Protect and defend the rights or property of TREE (including the enforcement of our agreements).
- Act in urgent circumstances to protect the personal safety of TREE’s customers or members of the public.
- Companies who may be acting as controllers or processors that provide system administration services and internal reporting activities.
- Governmental or semi-governmental entities.
- Service providers who provide IT systems, payment systems, customer management systems who will process your data in accordance with the terms of our data processing agreements with them.
- Competent Authorities and Supervisory/ Regulatory bodies.
- The TREE application uses the data to award you points and rewards
- If you would no longer like us to collect your user data from the TREE application, you may adjust your app settings. This will have an impact on our ability to award you points and rewards.
- A cookie is a small file that is placed on your computer’s hard drive. Its functions include storing your login and session statuses, recording your user preferences, and analyzing web traffic.
- Apart from the data that you elect to disclose and share with us, we cannot access your computer or any other information about you with cookies.
- Although most browsers automatically accept cookies, you can amend your browser settings to disable cookies. This may however prevent you from fully experiencing the website as it was intended.
- We may also use web beacons, also known as a web bug. A web beacon is a clear graphic image that is delivered through your web browser or e-mail. The web beacon operates as a tag that records your visit to our website or viewing of the e-mails, we send you. It is also sometimes used in conjunction with the cookie and provided as part of a third-party tracking service. It will enable us to produce specific profiles of your behavior in combination with your web server logs.
- At TREE, where we have a lawful basis to do so, we may use your personal information to send you marketing communications or to promote our services and other information that you may have interest in, via email or SMS. You may opt-out of receiving any marketing materials, or all, of these communications from us by unsubscribing or by contacting TREE.
- Our marketing communications may include personalized and non-personalized materials, where the personalized materials will be specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you.
The security of personal data is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. We shall take reasonable steps and measures to protect the security of the customer’s personal data from misuse and loss, un-authorized access, modification, or disclosure. We maintain our security systems to ensure that the personal data of the customer is appropriately protected and follows standard encryption norms for the transmission of information. We ensure that our employees and affiliates respect the confidentiality of any personal data held by us.
- At TREE, we retain your personal data only for as long as mandated by the regulators for the purposes set out in this privacy notice. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies which is subject to instruction from regulators, such as CHI, Insurance Authority and SDAIA and other applicable rules & regulations within the Kingdom of Saudi Arabia
- If you are resident in KSA and under 18 or, alternatively, are resident elsewhere and are not yet the relevant age of majority in the jurisdiction in which you reside, we are not permitted to contract with you directly. Where necessary by local legislation, by agreeing to this privacy notice, your guardian acknowledges and consents to the terms of this privacy notice on your behalf. If we seek your consent to process your personal data for a specific purpose in accordance with this privacy notice, such consent must be granted on your behalf by your guardian.
- Right To Know/Information
- You have the right to know about our contact details, the exact reason the data is being collected, the methods being used for data collection, and whether this collected data will be shared or sold.
- Right To Request Access or Copy
- You have the right to access your personal data from us and obtain a copy of it in a clear and readable format, in conformity with the content of the records, at no cost.
- Right To Request Correction
- You have the right to request correction of any data collected on them if it is incomplete, inaccurate, or obsolete.
- Right To Request Destruction
- You have the right to request the destruction of data collected on them. The reasons can range from the user rescinding their consent for data collection to the data no longer serving the purpose for which it was collected.
- Right To Limit/Restriction of Processing
- You have the right to limit or refuse the processing of your personal data by TREE for special cases and for a limited period of time. This right is not explicitly provided under the PDPL; however, the regulatory authority has released a set of FAQs that provides details of this right.
- We are required to ensure that you are appropriately informed about these rights and establish dedicated channels for you to exercise these rights. We must fulfill these requests within 30 days and record all data subject requests received.
- Name: Data Office (TREE).
- Email: privacy@tree.com.sa
- If you have any questions, concerns, or complaints regarding our compliance with this privacy notice and the data protection law, or if you wish to exercise your rights, or to withdraw your Explicit Consent please contact us. We will investigate and will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible, in any event, within the timescales provided by applicable data protection laws.
- If you have any questions or comments regarding the processing of your personal data our privacy practices or if you would like us to update information or preferences you provided to us, please contact the Data Privacy / Protection Team through the following email: privacy@tree.com.sa
- The effective date of this notice is 14 September 2024. Any updates or changes to the notice will be posted on this website with the new revision date, which is the effective date of changes. Your continued use of this website constitutes your acceptance of any changes to this notice.