Company Profile
Offcanvas
Linkedin X-twitter
Counter
Housing Program Logo
Company Profile
Edit Template

Privacy Policy

Contents

This Privacy Policy of the Saudi Mortgage Guarantees Company (Damanat) (the “Company“) explains how the Company’s collect, use, disclose, and protect your Personal Data when you visit our website (the “Company’s Website“).  By using the Company’s Website, you agree to the terms of this Privacy Policy.

In its commitment to protecting your privacy, the Company undertakes to collect and process your Personal Data in accordance with the provisions of the Personal Data Protection Law issued under Royal Decree No. (M/19) dated 09/02/1443H, supervised by the Saudi Data and Artificial Intelligence Authority (“SDAIA”). The purpose of this Law is to safeguard the rights of individuals, including employees, persons, and visitors, in relation to their Personal Data, and to regulate its collection, processing, storage, and sharing, in a manner that ensures privacy and prevents misuse.

For the purposes of this Policy, (“Personal Data”) refers to any information related to an identified or identifiable natural person, whether directly or indirectly, such as full name, national identification number, address, telephone number, email address, financial data, or any other information used to identify or associated with the individual.

The entity responsible for controlling the processing of data under data protection Law and regulations is: The Saudi Company for Real Estate Housing Guarantee Services “Damanat”.

About the Company and Its Activities

The Saudi Mortgage Guarantees Services Company (Damanat) was established as a closed joint-stock company operating in the field of mortgage finance guarantees, with a capital of 18.6 billion riyals. It is the first of its kind in the Middle East and is wholly owned by the Real Estate Development Fund (REDF) under the supervision and control of the Insurance Authority. Its headquarters is located in Riyadh. The Company seeks to contribute to achieving the goals of Vision 2030 by supporting the housing market to raise the percentage of Saudi families’ ownership of homes to 70% and develop a secondary market for real estate mortgages in the Kingdom of Saudi Arabia “The Kingdom”. 

Contact Information

You can reach the company through the following channels:

Data to Be Collected

The Company will collect and process the following data:

  • User’s full name
  • Email
  • Phone and contact information
  • Location data and adress
  • Commercial entity information 
  • Bank account information (bank name/ account name/IBAN)
  • Government licence/ registration/ ceritificates information
  • (“Cookies”) data  are small files stored on your device that help us remember your preferences and understand how you use the Company’s website. The Company’s website uses cookies to enhance user experience and analyze performance. By continuing to use the website, you implicitly consent to the use of cookies. You may modify your browser settings at any time to disable cookies; however, some features of the Company’s website may not function properly if cookies are disabled.
  • Usage Data, which includes information about how you use our websites, applications, and services.

  • Marketing and Communications Data, which includes your preferences in receiving marketing materials from us and your communication preferences.

  • Employment Data, which includes your date of birth, gender, country of residence, nationality, details regarding your eligibility to work (including documents we may collect to verify such eligibility), skills and qualifications, employment history, personal photographs, and any Personal Data contained in your CV or job application.

We will inform you whether the collection of this data is mandatory or optional for processing purposes.

Collecting Personal Data Methods and Purposes

  1. Data is collected directly through electronic forms with empty fields, drop-down lists, checkboxes, and other similar methods.
  2. Surveys and questionnaires for the purposes of conducting analysis, research, service development, and other related purposes.
  3. Data is collected indirectly through cookies collected when visiting the Company’s Website, automatic information collection, website analytics, or interconnection with another entity.
  4. Personal data may also be obtained from other governmental or non-governmental sources, such as Absher services, the National Access platform (NAFATH), and banks.

Purpose of Collecting Data

Data is collected and used for the following purposes:

  1. To follow up on any inquiries, suggestions, or complaints submitted by the user.
  2. completing the registration process of suppliers.
  3. To improving the user’s experience.
  4. To provide services directly related to the Company’s activities.
  5. Collection and processing of Personal Data to meet regulatory requirements.
  6. Data analysis and the generation of reports to support necessary business requirements, such as statistical reports.

Data Processing

We process data to achieve the purposes stated above, ensuring that all uses are comprehensively defined.

Data will be processed through stages: 

  1. Data Collection: Relevant data is collected from the specified sources in accordance with the declared purposes.
  2. Data Storage: Data is stored in a secure and organized manner to ensure its confidentiality and integrity.
  3. Data Use: Data is used to fulfill the specified purposes, in compliance with the approved conditions and policies.
  4. Data Sharing: Data may be shared with relevant parties, in accordance with legal and requirements.
  5. Data Disposal: Data is securely destroyed once it is no longer needed, to ensure it cannot be used or accessed in the future.

Each stage involves specific operations carried out on particular data sets, ensuring that intended objectives are achieved while maintaining privacy and security.

Data Sharing

Data may be disclosed to other entities (inside or outside the Kingdom) and provide you with information about these entities.

Data is shared in accordance with the following Conditions:

  1. Identification of the recipient entity and the purpose of sharing.
  2. Ensuring data protection in accordance with approved security standards.
  3. No disclosure of data except in legally permitted cases or with the user’s consent.

Personal Data Storage, Retention Period, and Destruction

Data is stored inside the Kingdom in the servers at our headquarters or with external entities, such as cloud computing service providers, and these servers are protected with the best technologies in accordance with the policies and controls of the National Authority for Cybersecurity and international standards in order to prevent non-authorized entry and reduce cyber risks, and then the data will be destroyed within 10 years, unless a longer duration is required by law,  from the date of its storage in a secure manner, through which it cannot be viewed or retrieved again.

Necessary administrative, technical, and organizational measures are taken to protect data from incidents of leakage, damage, or illegal access.

Data Breach Reporting Procedures:

  1. In the event of a security breach affecting Personal Data, the Company will notify the Saudi Data and Artificial Intelligence Authority (SDAIA) within no more than 72 hours of discovering the breach, in accordance with applicable laws and regulatory requirements.
  2. The Company will notify you of the nature of the breach and the measures taken to address it, and such notice will include the following:
    1. A description of the incident involving the leakage of your personal data.
    2. A description of the potential risks arising from the leakage of your data, and the measures we have taken to prevent, mitigate, or minimize such risks and their effects.
    3. Our information and contact details, as well as those of our Data Protection Officer – if appointed – or any other appropriate means of contact.
    4. Recommendations or advice that may assist you in taking appropriate actions to avoid the identified risks or to mitigate their effects.

Legal basis for collecting and processing data

The collection and processing of data is based on the consent of the Personal Data subject, and the Personal Data subject can revoke his/her consent to the collection and processing of his/her Personal Data at any time unless there is another legal basis, and to do so, he/she can contact he Data Management Department at the Saudi Mortgage Guarantees Company (Damanat), through the following  Email: DMO@damanat.com.sa.

Rights Held by the Subject of the Personal Data

  1. Right to be Informed: you have the right to be informed about the legal basis and purpose of collecting your data.
  2. Right of Access: you have the right to access your Personal Data held by the Company.
  3. Right to Request Access: you have the right to request access to your Personal Data in a readable and clear format.
  4. Right to Request Correction: you have the right to request correction and update of your Personal Data.
  5. Right to Request Destruction: you have the right to request the destruction of your Personal Data.
  6. Right to Withdraw Consent: you have the right to withdraw your consent for processing your Personal Data at any time.
  7. Right to Submit Complaints: you have the right to submit any complaint related to applying the provisions of the Personal Data Protection Law to the Competent Authority.
  8. Right to Claim Compensation: you have the right to claim compensation for material or moral damage if you are harmed as a result of any violation stipulated in the Personal Data Protection Law and its Implementing Regulations.

Complaint and Objection Filing Mechanism

In case of complaints or inquiries, please contact the Data Management Department via email: DMO@damanat.com.sa

In the event that a response is not received within ten working days, the complaint or inquiry may be submitted to Partners Relationship Department via email: info@damanat.com.sa.

The Company is committed to handling requests and complaints in accordance with applicable regulations, in a manner that ensures the protection of data subjects rights.

The Company is also committed to protecting the privacy of individuals who are legally incapacitated or have limited legal capacity, in accordance with the applicable laws in the Kingdom. Their Personal Data rights shall be exercised by their legal representatives, and appropriate measures shall be taken to ensure the security and proper use of their data.

Policy Provisions and Update Record

  1. The Privacy Policy was last updated on 29/09/2025 G.
  2. The Company’s Website reserves the right to add or change any of the provisions of the Privacy Policy, and the Company’s Website will notify the data subject of that, and the Company Website’s has the right to terminate the account of the data subject if the data subject does not accept any change in the Privacy Policy.
  3. The Arabic language is the approved language in the application of the terms and conditions, and in the event of a dispute arising in the interpretation of any text mentioned in any other language, the text written in the Arabic language shall prevail.