Top
Alfransi Bank
Toggle Menu

Privacy Notice


1. Who Are We

Banque Saudi Fransi, Saudi joint stock company, CR. No 1010073368 (Unified Number 7000025333) (“BSF”,” Bank”, “us”, “we”, “our”) is one of the largest banks in the Kingdom of Saudi Arabia. BSF is under the control and supervision of the Saudi Central Bank (“SAMA”). At BSF, we provide various banking financial services and product for corporate and retail customers.

 

 

 2. Purpose

This Privacy Notice (the “Notice”) outlines how we collect, process, use, manage, disclose, protect your Personal Data, as defined hereunder. This Notice also outlines your rights, the reasons and legal basis for such Processing, and more. At BSF, we value your privacy and value the trust you place in us when you share your Personal Data. This Notice is framed according to the applicable regulations including the PDPL, as defined hereunder, and its Implementing Regulations (the “Regulations”) in the Kingdom of Saudi Arabia.

 

 

3. Contact Details

For further details, inquiry, complaints, or to exercise your rights under PDPL, as defined hereunder, you can contact the Data Privacy Office at BSF using the below mentioned contact details.
Concerned Department: Data Privacy Office - BSF
Email: DPO@BSF.sa

 

 

4. Privacy Notice Amendments

This Notice is subject to updates, amendments and modifications from time-to-time to comply with the applicable laws and regulations and to follow market best practices. We shall notify you of any such updates as may be applicable, and obtain your Consent when and if necessary or required. You shall always refer to our website at BSF.sa to be up to date with our privacy Notice. The current version was last updated on May, 2025

 

 

5. Explanation of Key Terms

Capitalized terms used under this document shall have the meaning attributed to them under this table:


Term Explanation
PDPL Personal Data Protection Law in the Kingdom of Saudi Arabia.
Personal Data Any element of data, regardless of its source or form, that independently or when combined with other available information could lead to the identification of an individual specifically, or that may directly or indirectly make it possible to identify an individual, including but not limited to name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.
Collection The collection of Personal Data by BSF by the provisions of PDPL and other applicable laws, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject, or any other party.
Destruction Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.
Processing Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.
Consent Consent is a crucial concept that refers to the Data Subject’s freely given, specific, informed, and unambiguous agreement to the Processing of their Personal Data.
Data Subject The individual to whom the Personal Data relates (also referred to as “you” or “customer(s)” in this Notice).


*Any term undefined herein shall have the meanings defined in the PDPL and Regulation, as applicable.

 

 

6. Why We Collect, Process, and Use Your Personal Data


We shall collect, process, and use your Personal Data to provide you with our services, which include but not limited to:


  • Provide Banking Products and Services: To open accounts, issue credit/debit cards, use BSF mobile and web applications, payment services, loans, contract performance, debts collection, investment, and any other service or product offered by BSF in the future as one of its banking services or a fundamental part of its operations and procedures as a bank.

  • Operational Efficiency: Ensuring accurate transactional recordings, verification, validation, and efficient billing.

  • Safety & Security: Ensure your account security through advanced fraud prevention and cutting-edge cybersecurity measures.

  • Regulatory Compliance and Reporting: to comply with regulatory requirements and relevant legislations.

  • Criminal Activity Monitoring: Monitoring transactions against fraud, and suspicious activity detection, prevention, investigation, combating money laundering, fraud, and terrorism financing.

  • Credit Assessment: Collaborating with trusted entities and licensed credit bureaus to assess creditworthiness for loan applications or credit facilities.

  • Marketing and Communication: to conduct general, aggregated, or tailored marketing materials and activities to keep you informed and updated about our products, services, and special offers. It is possible to optout from marketing communication via BSF mobile or by contact the data privacy team at DPO@BSF.sa.

  • Financial Profiling: Evaluating your financial behaviors, credit statuses, and history to determine your eligibility for specific banking products or services.

  • Enhanced Customer Service: Addressing your concerns, inquiries, and ensuring a high-quality banking experience.

  • Feedback, Analytics, & Improvement: Regularly gathering feedback and generating reports using analytics and customers behaviors and preferences to refine our offerings and enhancing your banking experience.

  • Notification: timely notification regarding changes in your account balance or other notifications related to banking transection (withdraw, deposit, and point of sale or online purchase, etc.)

  • Awareness: inform you about various security measures, precautions, and best practices to safeguard your accounts and Personal Data. These messages might include tips on avoiding phishing scams, protecting passwords or One Time Passwords, and providing guidance on safe banking practices.


7. Lawful Basis for Processing your Personal Data


At BSF, we prioritize transparency in our dealings, especially when it comes to managing and utilizing the Personal Data you entrust us with. We gather and use your data based on the following lawful purposes:


  • Contractual Obligation: to fulfill our promises and perform a contract to deliver our services, and maintain high standards of banking you expect from us.

  • Legitimate Interest: to achieve the Bank’s lawful interested and continuously improve our services and protect both the Bank and its customers, without prejudice to your rights and interests.

  • Actual interest: to achieve moral or material interest to you, such as securing your account.

  • Legal Obligation: to meet our regulatory and legal requirements as a banking institution operating in the Kingdom of Saudi Arabia, whether pursuant to laws applicable to us or applicable to you.

  • Consent: When we process your Personal Data based on your Consent.


8. What Personal Data We Collect, Process, and Use


When you are a customer or legal guardian of our customer or related party (including, who fully or partially lack legal capacity, corporates, enterprises, and other legal entities.), to provide you with our services and products, we may collect the following data:


Type of Personal Data Description
Personal Data Full name, gender, nationality, citizenship, National/Residency ID, passport, mobile number, email address, telephone number, age, birth date, birth place, marital status, national address, personal assets, account number, credit/debit cards numbers, account balance, account transaction data, education level, and any relationship with politically exposed person and relevant data.
Credit Data Personal income, credit record, property, assets (financial, real state, stock, etc.,) investment, tax identification number, SIMAH report, and any other data relevant to personal credit status.
Biometrics Data Signature, handwriting, fingerprint, voice, and face recognition data.
Health Data In some conditions we may collect medical reports, health condition, whether physical, mental or psychological conditions.
Other Data Personal Data for compliance with laws and regulations and regulatory requirements, or for delivering online services. Such as, location (including geographic location and network IP address), cookies, communication records (including video or audio records), and CCTV system images.
Personal data arising from customer investigation, e.g., Personal Data collected during customer due diligence, sanction or anti-money laundering checks.


9. How We Collect Your Personal Data


  • When you directly provide us your Personal Data
  • When we collect and verify your Personal Data from other sources. such as, licensed credit bureaus, regulatory bodies, public entity, financial and regulatory authorities.
  • In some cases, we collect certain data based on your Consent, which ensures that we use your data only in ways that you agreed to. Please be advised that when you choose not to grant your Consent for using or sharing your Personal Data required to be collected for our services or products, we may not be able to provide you with such services or products.
  • When we collect data indirectly through cookies, website analytics, or necessary technical information such as IP address to provide with our online services.


10. Data Retention, Storage, and Destruction


Your Personal Data will be stored and retained at digital or physical forms securely at BSF data centers at the Kingdom of Saudi Arabia, or at a cloud computing services provider in the Kingdom of Saudi Arabia. We will retain your data to the extent necessary or as required by the applicable and relevant laws, and for the duration necessary to fulfill the outlined purposes in this Notice. This duration might be changed or extended based on your continued usage when benefiting from our services and products, and/or based on regulatory requirements for the retention of Personal Data or connected information. At the lapse of such duration(s) or upon your request to the extent technically applicable and legally permissible, such data will be destructed securely through secured deletion mechanism, or such data will be anonymized whenever deletion would not be possible. In case your Personal Data is being transferred outside the Kingdom of Saudi Arabia for legitimate purposes (for example: preforming transactions required by/ agreed with you, debt collection, etc.), it will be done in compliance with PDPL and SAMA’s approval, as applicable.



11. Data Protection


Your data’s security is important to us. We implement both organizational and technical measures, including periodic audits, staff training, and strict policies and procedures for protection against unauthorized data access or Processing. Rest assured, BSF stores your Personal Data with appropriate security measures, such as encryption, masking, and restricted access mechanisms.
Although we do our due diligence, we make no warranties, towards the security of third-party links in our websites. BSF assumes no responsibility for the completeness, accuracy, reliability, nor the protection from third-parties (including without limitation software, websites, etc.,), if any, which may be linked to our websites.



12. How We May Share Your Personal Data


Your Personal Data may be shared:


  • Occasionally and/or regularly within BSF’s affiliates, subsidiaries, sister companies (“BSF Group”)..
  • With competent authorities, agencies, and regulatory bodies, occasionally and/or regularly, whether for verification purposes, to fulfil regulatory compliance obligations, or for other legal requirements.
  • Occasionally and/or regularly with third party who assist in providing service on behalf of BSF, whether acting on behalf of BSF to the extent BSF allows or the relevant laws require, or supporting BSF in its performance of its services. Such sharing may be as a required in substance or as a consequence whether in accordance with a lawful basis, in compliance with relevant laws, or based on BSF’s professional discretion as contractually agreed upon
  • Where there is a legitimate interest, public interest, or legal obligation. such sharing might be occasionally and/or regularly.
  • Regularly with relevant bodies for credit assessment and reporting.
  • Regularly with payment service providers to facilitate your payments.
  • Occasionally with debts collection agency whether inside or outside the Kingdom of Saudi Arabia.
  • We inquire on your data from trusted and licensed entities to provide us with accurate and updated data about you for verification purpose (i.e. Know Your Customer). such sharing might be occasional and/or regular.

BSF maintains the utmost confidentiality of all Personal Data. Personal Data disclosure occurs only under lawful basis, in accordance with this Notice.

In the case of transferring Personal Data outside the Kingdom or sharing it with external entities, such activity is carried out judiciously while adhering to the PDPL.



13. How We Use Cookies


When you visit our website or our application, we use cookies to enhance your experience and improve the functionality of our services. Cookies are small text files that are stored on your device. They help us understand how our applications or website are being used and to enhance your experience when you allow us.



14. Individual Who Lacks Legal Capacity


For customers who fully or partially lack legal capacity, we require legal guardian Consent before Processing any Personal Data.



15. Your Rights as Our Customer


1. Right to be Informed


You have the right to be informed about the legal basis and the purpose of the Collection and Processing of your Personal Data.


2. Right to Access Personal Data


You have the right to access or receive a copy of your Personal Data through the channels provided by BSF in a structured, commonly used, and readable soft or hard copy format if possible. The Bank may restrict this right as per the cases stipulated in relevant and applicable laws and regulations.


3. Right to Access


You have the right to access your Personal Data through the channels provided by BSF.


4. Right to Request Correction


You have the right to request correction, completion or updating of your Personal Data available to BSF.


5. Right to Destruction


As long as there is no legal requirement or lawful basis to Process or retain the data, you have the right to request Destruction of your Personal Data available to BSF, if it is no longer needed for the purpose it was originally collected.


6. Right to Withdraw Consent


You have right to withdraw your Consent as long as there is no legal requirement to process the data.

 

7. The Right to submit any complaint


You have the right to submit any complaint related to applying the provisions of the PDPL, should you not be satisfied with how we’ve addressed your concerns, the competent authority to resolve such complaint would be SAMA.


8. The Right to claim compensation


You have the right to seek and claim compensation for evidenced damages if you are harmed as a result of any material violation of the PDPL pursuant to a final court order.
Unless otherwise stipulated by the PDPL, you will not be required to pay any fees in return for exercising your rights under the PDPL, unless required by a governing or a judicial body. In case of submitting a request relating to any of your rights under the PDPL, as applicable, you will receive a response within 30 days.


16. Complaint or Objection Filing Method


If you have any inquiries or complaints regarding the processing of your personal data under the Personal Data Protection Law, you may contact BSF Customer Care Department via bsf.sa website or call us through the free line 8001188880 and outside the kingdom +966920000548, If you are not satisfied with how we process your complaint, or if you did not receive a response within 30 days, you can file a complaint to the Competent Authority which is the Saudi Central Bank (SAMA) via SAMA Care.


Contact Us