This privacy policy (the "Privacy Policy") tells you how EFG Hermes KSA (the "Company," "we," "our," or "us") process personal data we collect about you in accordance with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations (collectively, the "PDPL"). The PDPL establishes protections for your personal data and grants you certain rights. This Privacy Policy applies when you use our websites, and interact with us (collectively, the "Services"). The policy also describes the manner by which we use cookies and employ similar tracking technologies. Additionally, this Privacy Policy sets out your personal data protection rights, including your right to object to some of the data processing which we carry out.

Who are we?

The controllers of your personal data are listed under Annex 1 of this Privacy Policy. We are committed to protecting your privacy and personal data, and we take our responsibility to hold your personal data securely and in strict confidence seriously.

What personal data do we process about you ?

We collect the following personal data you provide during your use of the Services:

How do we collect your personal data?

We and our third-party service providers collect the above information in a variety of ways. This includes from you directly and:

How do we use your personal data?

We collect and use your personal data for the following purposes:

In order for us to provide you with certain services, including but not limited to the Services, securities brokerage services, and research services, which require us to process your personal data due to regulatory and legal requirements (for example KYC and AML), the provision of personal data is mandatory.

If the relevant personal data is not provided to us, then we will not be able to provide you with the full range of our services, meaning that our services may only be offered with a limited scope or not at all. All other provision of your personal data is optional.

Cookies and similar technologies

Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies, which are similar to cookies, are also employed and used by us. Other similar technologies can include pixel tags, google tags, and tracking URLs. All these tracking technologies shall be collectively referred to as the "Cookies".

The types of Cookies that we use on our Services, and the purposes for which they are used, are set out below:

If you wish to disable Cookies (save for Strictly Necessary Cookies), you can opt to disable the same by choosing "No, I Disagree" when given the option, via the Cookies consent management tool on our Services or you may rely on your browser’s settings to disable all Cookies. You can choose "Yes, I Agree" to accepting all Cookies. You can also accept or decline certain Cookie categories (save for Strictly Necessary Cookies) via the Cookies consent management tool on our Services. Where you delete or disable Cookies, certain features of our Services may not be able to function.

To find out more about Cookies please visit: or see which contains further information about behavioral advertising and online privacy.


We are committed to protecting personal data from loss, misuse, disclosure, alteration, unavailability, unauthorized access, and destruction and takes all reasonable precautions to safeguard the confidentiality of personal information, including through use of appropriate security measures. These measures include the following:

We regularly review and update our security measures to ensure that they are effective in protecting your personal data. If we know or have reason to believe that your personal data has been compromised, we will immediately notify you and take steps to mitigate the impact of the breach.

However, while providing your personal data to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, we cannot guarantee the security of your personal data transmitted to us over the internet.

For how long do we keep your personal data?

We keep your personal data for no longer than necessary for the purposes for which the personal data is used or otherwise processed. The length of time we retain personal data depends on the purposes for which we collect and use it and / or as required to comply with applicable laws. In all cases we will only retain data as required to support legitimate business purposes.

Where we process data for: (i) registration purposes, (ii) support purposes, or (iii) in order to customize your experience on our Services, we keep this personal data for the duration of the period where you are a user and for an additional Ten-year period from when you cease to be a user, in compliance with regulatory rules and regulations, unless a longer retention period is required by applicable laws.

Where we process personal data for marketing purposes we will do so unless we receive a request from you to cease such action. We will hold a record of such personal data for Ten years from when you request us to cease such action.

Where we process personal data for the security of the Services, we hold this personal data for a maximum period of ten years.

Who do we share your personal data with?

Where we send direct marketing materials to you, we send your personal data to third parties with whom we have contracted to provide these materials to you on our behalf and in our name. These third parties may be located inside or outside of Saudi Arabia.

We also share your personal data with:

We also disclose your personal data to:

For the avoidance of doubt, please note that Service Providers do not use/disclose your personal data for marketing purposes or for any other purposes. Personal data received by Service Providers are used for the purposes of performing their designated functions.

Where is your personal data transferred?

When we share your personal data with the parties listed above, it may involves transferring your personal data outside of kingdom of Saudi Arabia to countries where the level of protection of personal data has not been deemed adequate by Saudi Arabia.

Our third party service providers are located in the List of Service Providers

Where information is transferred outside Saudi Arabia to a country that is not subject to an adequacy decision by Saudi Arabia, personal data is adequately protected by NCA ECC, NCA DCC, SAMA CSF & Regulation on Personal Data Transfer outside the geographical boundaries of the Kingdom.

What are your rights in relation to the personal data we process about you?

You have the following rights in relation to your personal data:

To exercise any of these rights, please contact us at

We are entitled to decline your request to exercise your data subject rights if it is not permitted by applicable laws, or if it is unreasonably repetitive, or if it would violate the rights of others. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by applicable laws to keep or have compelling legitimate interests in keeping. KSA PDPL outlines these limitations in detail. We will inform you of relevant exemptions we rely upon when responding to any request you make.

Your request will be answered promptly and within 30 business days unless we are legally entitled to an extension of time. If we are unable to grant your request, we will provide you with an explanation.

If you have any concerns about how we handle your personal data, we encourage you to contact us at We're committed to resolving your concerns. However, you also have the right to lodge a complaint with your local data protection authority if you believe we haven't addressed your concerns adequately.

Amendments to this privacy policy

This Privacy Policy was last updated in May 2024 . We reserve the right to revise this Privacy Policy at any time by posting a revised version and, if we consider it necessary, we will notify you of changes.

How can you contact us?

If you have any questions about this Privacy Policy or would like to make any requests as described in this Privacy Policy, please contact us using the details in Annex 1 to this Privacy Policy.



Data Controller



Group Representative/ Contact Details


EFG Hermes KSA

PO Box 300189 Third Floor, Sky Towers Northern Tower , Riyadh Kingdom of Saudi Arabia



EFG Hermes KSA is regulated by the Capital Market Authority.

© 2024 EFG-Hermes Holding S.A.E.

All rights reserved.