سياسة الخصوصية

This Privacy Policy applies to Safqa, our iOS and Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your personal data.

GENERAL INFORMATION

1. What law applies?

In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular Kuwait’s Decision No. 42 of 2021 on Data Privacy Protection Regulation (“Data Protection Regulation”) (“DPR”) and the EU’s counterpart the General Data Protection Regulation (“GDPR”).

1. What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, as well as online identifiers such as your IP address and device ID.

1. What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

1. Responsible for data processing

The responsible party within the meaning of the DPR and the GDPR is Safqa Electronic Publishing Company W.L.L. based in Kuwait (“Safqa WLL“, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights, please feel free to email support@safqa.com, or through the contact form on our website www.safqa.com.

1. The Legal Bases for processing Personal Data

In accordance with the DPR and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

PROCESSING OF AUTOMATICALLY COLLECTED DATA

1. Downloading the App

The App can be downloaded from the “Google Play Store” a service offered by Google LLC, or the Apple “App Store” a service of Apple Inc. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

1. Installing the App 

As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.

1. Device information

Google and Apple may collect information from and about the device(s) you use to access the App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and payment data and billing confirmations.

1. Authorizations and Access

We may request permission to access your internet connection, network and push notifications. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.

1. Push messages

When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

1. Firebase

The App uses components of the Firebase App of Google LLC. By integrating Google services, Google may collect and process information (including Personal Data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google actually collects and processes. However, Google states that, among other things, the following information (including personal data) may be processed in principle: Log data (in particular the IP address, Location-based information, Unique application numbers, Cookies and similar technologies for information on the types of cookies used by Google, please visit https://policies.google.com/technologies/types.

1. Google Analytics for Firebase

Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution and any updates.

In order to provide the relevant data for analysis, Firebase Analytics uses your device’s advertising ID, an app instance ID (a randomly generated number that identifies a single app installation), and the IP address, which is shortened (IP masking) before being processed on Google’s servers to generate the usage analysis. You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations.

1. Subscriptions

If you take out a subscription, your payment will be processed via our payment service providers Google and Apple. Payment data will solely be processed through Google or Apple. In both cases, we have no access to any payment data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

1. RevenueCat

For the management and analysis of in-app purchases, the App uses the product RevenueCat from Revenue Cat, Inc. You consent to the collection of data by the App and its transmission to RevenueCat. If the storage of the provided data by the third-party provider is not desired, the use of the App is to be refrained from.

1. System notifications

By using our services, you are giving your consent to receiving system notifications. Those typically include administrative information, warnings, and alerts as well as other relevant notifications relating to your account or activity on our services. Our notifications are sent using the services of SendGrid. You cannot opt out of receiving system notifications, and the only way to stop receiving them is to delete your account. The legal basis for processing is our obligation to fulfill the contract.

DATA PROCESSING BY US

1. Contacting us

Personal Data is processed depending on the contact method. In addition to your name and email address, IP address, we usually collect the context of your message which may also include certain Personal Data. The Personal Data collected when contacting us is processed for the purpose of dealing with your request and the legal basis is your consent. The use of your IP address takes place exclusively in the context of law enforcement and security measures in compliance with our legal requirements.

1. Account Registration 

If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form. The entry of your data is encrypted so that third parties cannot read your data when it is entered. We also use a Token-based Authentication system which is a protocol that generates encrypted security tokens and enables users to verify their identity and then generates a unique encrypted authentication token. The basis for this storage is our legitimate interest and to fulfill our contractual obligations. Of course, you can delete your account at any time using the delete account features in your Profile.

1. Profile

A user profile will be created for you based on the information you provide during the sign up (including your email, and password). You have the option of adjusting, changing, or deleting the information in your profile to edit within your account. The data processing carried out in this context is necessary to provide our service on the basis of the requests made by you. The data processing is also based on a legitimate interest, the provision of a contract and your consent.

1. When using our services

We process both Personal Data and Non-Personal Data, involved in your use of our services in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as your consent if applicable.

1. Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

GENERAL PRINCIPLES

1. Minors

Persons under the age of 18 should not transmit any Personal Data to us without the consent of their parents or legal guardians. We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.

1. Automated decision-making

Automated decision-making including profiling does not take place.

1. Do Not Sell

We do not sell your Personal Data; however, we may sell aggregated answer data.

1. Sharing

We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, (including our data providers and financial exchanges to verify that there is no misuse of data) b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Safqa WLL (or a part of Safqa WLL) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect Safqa WLL or Safqa.

1. How long and where will you keep my data?

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Kuwait’s Commercial Law and Fiscal Code). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted. In general, your data is saved and stored using the services of Amazon (AWS).

1. International Transfer

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

1. Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

YOUR RIGHTS AND PRIVILEGES 

1. Privacy rights

You can exercise the following rights:

1. • Right to information

1. • Right to rectification

1. • Right to deletion

1. • Right to data portability

1. • Right of objection

1. • Right to withdraw consent

1. • Right to complain to a supervisory authority

1. • Right not to be subject to a decision based solely on automated processing.

If you wish to exercise any of your rights, please contact us.

1. Updating your information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

1. Withdrawing your consent 

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

1. Access Request 

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

CHANGES, QUESTIONS AND EFFECTIVE DATE

We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If you have any questions about this policy or our data protection practices, please contact us using support@safqa.com. This Privacy Policy was last updated on Thursday, 7^th of December 2023, and are the current and valid version.