Privacy Policy

1. The Islamic Corporation for the Development of the Private Sector ("ICD", "we", "our", or "us") is a self-regulated multilateral financial institution established pursuant to its Articles of Agreement signed and ratified by its member countries with its headquarters situated in Jeddah, Kingdom of Saudi Arabia. We operate in different jurisdictions and are governed by our Articles of Agreement and our internal policies, rules and regulations.

2. The nature of ICD's business model and operating environment are such that they involve the collection of personal data. ICD is committed to promoting and respecting your privacy. This Personal Data Privacy Notice (the "Privacy Notice") is issued pursuant to our Personal Data Privacy Policy (the "Policy" and sets out the information we collect from you when you visit our website (https://icd-ps.org/) ("Website") or our social media platforms or otherwise interact with us, what is done with this information, with whom this information is shared, and your rights. Please read this Privacy Notice carefully to understand what we do with your personal data.

3. While we are not governed by local regulation, we are taking into consideration the best international practices in respect of data protection. We are responsible for deciding how we hold and use personal data about you (and in such capacity act as a "data controller" or "controller"). Depending on how you interact with us or where you are located, different sections of this Privacy Notice may apply to you and include additional rights and information related to our data collection and use practices. Please review this Privacy Notice carefully to understand what we do with regards to your personal data and information.

4. The Policy and this Notice are intended to ensure:

ICD's adequate use of Personal Data for the fulfilment of its mandate and dealing with Data Subjects (any person or individual whose personal data is being collected, held or processed) in line with the principles set out in the Policy;
that ICD is aware and fully compliant with the principles and requirements set out in the Policy and this Notice;
alignment with the international best practices insofar as the status, mandate and privileges of ICD are preserved;
that integrity and privacy of Personal Data of Data Subjects are maintained; and
all breaches of Personal Data, actual or suspected, are investigated and notified, to the extent required.

SECTION I - DATA PROCESSING PRINCIPLES

1.1 Security

We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. Third parties will only process and/or access your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

Given the nature of information security, there is no guarantee that such safeguards will always be successful. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data is at your own risk.

1.2 Transfer of Personal Data

The ICD is an international organization, and as such, we and our service providers may collect, use, process, store, or disclose your personal data outside your home country or jurisdiction. These other countries may have different data protection laws than the laws of your home country. Where we transfer your personal data to a country, we will do so in accordance with the Policy and this Notice. The transfer of personal data to third parties will be solely for legitimate purposes and with adequate means for the protection of such personal data. See Section VI below regarding international data transfers.

1.3 Storage and Retention

Except as otherwise permitted, we will only keep your personal data for the period necessary to fulfil the purpose of collection or further processing, including for the purposes of satisfying any legal, accounting, or reporting requirements. The ICD would usually decide prior to collection of personal data, how long such information should be retained in order to achieve the purposes for which such personal data was collected and once that period expires, we will retain or destroy your personal data in accordance with our records retention policy. To determine the appropriate retention period for personal data, we consider (among other things) the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Under some circumstances we may anonymize your information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data (which will no longer be personal data) for any legitimate business purpose without the requirement of additional notice or consent from you.

1.4 Preservation of Privileges and Immunities

Nothing in this Privacy Notice shall be deemed as a waiver of or prejudice, the privileges and immunities accorded to the ICD under its Articles of Agreement, which privileges and immunities are specifically hereby reserved.

SECTION II - COLLECTION OF YOUR INFORMATION

In general, we collect information, including personal data, when you communicate with us, when you use our Website, engage with our social media platforms, participate in our surveys, or as part of our regular business activities and operations. There are instances where we invite or request participants to provide personal data, through our Website, social media platforms, or surveys, and we may also collect certain information automatically.

Personal Data You Provide Us

Depending on how you interact with us, you may provide us with the following personal data:

Identifying and contact information, such as your name, online identifiers, email address, mailing address, home address, work address, company name, phone number, identifier number, passport and other national identity details, or other similar identifiers. For example, we collect such information when you register at http://www.icd-ps.org.
Information related to your interactions with us, such as the searches you carry out on the Website, information about your visits to the Website, written communications between you and us, notes related to in-person meetings or telephone calls between you and us, queries sent to us, username, password, online identifiers and information related to your IP address or other device identifiers when using our Website or electronic delivery portals.
Personal details, such as gender, date of birth, religion, nationality, or marital status.
Information related to the provision of our services to you, such as fees and billing information, records related to acts we take on your behalf, notes regarding your service preferences, and transaction-specific information.
Information related to your finances and financial accounts, for example your source of funds/wealth, net worth, gross assets, investment sophistication and goals, financial or bank account information, wire instructions or a signature, asset/investment-specific information, creditworthiness, income, trust and estate information, tax status, tax identification number and other relevant tax information, and transaction-specific information.
Information related to your various activities and relationships, such as information related to your businesses and professional engagements, professional relationships, familial relationships, charitable activities, personal undertakings, and service providers.
Information related to your affiliations, for example, information related to your business(es) or professional engagements, education information, professional or employment-related information, occupation, employer, title and information related to your relationship with any of our clients or investors.
Audio (e.g., voicemail), Video electronic, visual or similar information, such as quotes, interviews with speakers, documentary or success stories.
Inferences: inferences drawn from any of the information identified above to create a profile reflecting your preferences or similar information.

For example, if you contact us via the "Contact Us" form (available here: https://icd-ps.org/en/contact-us), you are required to provide us with certain personal data such as your name, phone number, company name, and email address solely for the purpose of responding to your request or query. A copy of this correspondence may be kept. We may also ask for your information where you report a problem on our Website or otherwise contact us. Any information you provide in this way is used by the ICD in line with the purposes set out below. If you do not provide the requested information, we may not be able to respond to questions or requests that you submit to us.

Similarly, when we conduct client survey (effectiveness or satisfaction), you are required to provide us with certain personal data such as your name, phone number, company name, and email address solely for the purpose of the survey and its analytical part. A copy of this correspondence may be kept.

Personal Data Collected from Third Party Sources

Depending on how you interact with us, we may collect certain information about you from third parties, including:

Identifying and contact information, such as your name, mailing address, phone number, email and other types of contact information.
Information related to your affiliations, for example, information related to your business(es) or professional engagements, and information related to your relationship with the ICD, but not including special categories of information as described below.
Information related to your finances and financial accounts, such as financial account information, and transaction-specific information.
Information related to your various activities and relationships, for example, information related to your businesses and professional engagements, your professional relationships, your familial relationships, your charitable activities, and your personal undertakings.

We may also collect personal data from different sources such as consultants, administrators, identity verification services, and credit reference agencies, sources designed to detect and prevent fraud. We may also collect personal data through publicly available sources such as public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, sanctions screening databases, and regulatory authorities.

Personal Data Collected Automatically

Depending on how you interact with us, we may gather information about you automatically through your use of the Website, social media platforms or interactions with us, such as your IP address, browser type, browsing behavior, and device information and how you navigate our Website or following ICD in different social media platforms. We may collect information about you by using cookies, tracking pixels and other technologies (collectively, "Cookies"). We use this data to enhance your user experience, analyze website performance, and for security purposes. The basis for this is our legitimate interest in improving our services and ensuring the security of our Website. You have the option to accept or reject cookies through your browser settings. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Please note that if you choose to decline cookies, you may not be able to fully experience the interactive features of our Website.

We may use third-party web analytics services on the Website, including Google Analytics. We use Google Analytics to help us understand how people are using our Website. Google Analytics has its own cookies that it uses to track and aggregate this information. You can prevent the use of Google Analytics relating to your use of our Website by downloading and installing the browser plugin.

Depending on how you interact with us, we may automatically collect personal data through these tools, including the following:

Log Data. This includes information that your browser sends whenever you visit our external or internal sites ("Log Data"). This Log Data may include information such as your computer's IP address, browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, and other statistics. When you access ICD's Website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device's unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, your location information, and other statistics.
Website Browsing Data. This includes information gathered while you browse our sites, including technical, usage, and navigational data that shows what pages you have visited and how long various features are used.
Device Information. Such as information about the device you use to access our sites, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

Social Media Data: Many social media platforms provide Application Programming Interfaces(APIs) that allow developers to access certain types of data such as user profiles, posts, likes, followers, events, insights, user media and comments.

Special Categories of Personal Data

We do not directly request or intend to collect special categories of information, including information about your health, race, religion, political opinions, philosophical beliefs, genetics, or biometric data. However, please note that certain other types of information we collect may allow us to indirectly infer or refer to the corresponding special category of information notwithstanding that we are not collecting or otherwise processing such information.

SECTION III - PROCESSING OF YOUR PERSONAL DATA

We will collect, hold, and process personal data provided by you for the purposes outlined below, and where applicable, based on the legal bases provided below. Depending on how you interact with us, we may use your personal data for the following purposes:

Legitimate Interests: We process personal data for our legitimate business interest in managing and promoting our business, provided that our interest is not overridden by your interest. In identifying and relying on this basis for certain processing, we have weighed our legitimate interest as a business against your rights and freedoms and have determined that such processing will not unfairly impact your rights. If you would like further information on how we balanced these interests, you can contact us using the details below.
Legal Requirements: We may need to process your personal data in order to comply with certain legal and regulatory requirements, including to participate in required audits and regulatory examinations, applicable anti-money laundering laws and regulations, for the prevention and detection of fraud, money laundering, terrorism financing or other crimes, for the purpose of responding to a binding request from a public authority or court, to exercise, establish or defend our legal rights, or to protect your vital interest or those of any other person.
Contract: Depending on the circumstances, we may need to process your personal data for the performance of a contract to which you are a party, or related pre-contractual steps.
Consent: We may process your personal data with your consent. You have the right to withdraw this consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
To provide any other specific services for which you have engaged us and/or for improvement in our service delivery purposes.

For example, we may process your personal data to provide you or the entity that you represent with our products and services related to those products, respond to any queries that you send to us or where a problem with the site is reported, or to otherwise support our interactions with you, including responding to your communications with us, managing and operating our Website, interacting/engaging with our social media posts, in order to keep our Website updated and relevant, to develop our business, and to inform/improve our marketing strategy.

SECTION IV - SHARING YOUR INFORMATION

In certain circumstances, we may disclose your information, including personal data, to third parties, including the following:

Other members of the Islamic Development Bank ("IsDB") Group and our affiliates.
With our employees, officers, directors, partners, advisors, independent contractors, and service providers; provided that within such categories, we restrict access (time and entry) to personal data to those who have a need to know or access such data in the provision of our services. Service providers include accountants, administrators, attorneys, auditors, compliance and IT consultants, custodians, SAAS (software as a service) providers, analytics providers, hosting providers and other third parties engaged by us to assist with or support in the provision of our services.
As part of a transaction with third parties, personal information is required to execute the contemplated transactions.
As part of data analysis to enhance the relationship and improve the products and services offered.
With competent law enforcement bodies, government agencies, courts or third parties where we reasonably believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
To third parties under obligations of confidentiality who request such information as part of our services or as part of a business transaction with us.
In the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).
A third party where it is necessary for our legitimate business interests to protect the rights, property, or safety of the ICD, our clients, customers, or others.
With any other person with your consent to the disclosure.

SECTION V - YOUR RIGHTS

In certain circumstances, you have the following data protection rights:

To access, correct, update, or request deletion of your personal data that we process. There may be instances in which we cannot completely delete your personal data, although we will delete personal data to the extent consistent with our internal rules and regulations.
To object to or restrict processing of your personal data (save for circumstances in which our processing of such personal data is on the legal basis of pursuing our legitimate interest).
Withdraw your consent to our processing of your personal data.

You can exercise these rights by contacting us using the information below.

You have the right to request access to, rectification of, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions. The following is a summary of your rights:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances, for example, where we no longer need it or where you have withdrawn your consent. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to the processing of your personal data. This enables you to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object if we are processing your personal data for direct marketing purposes.
Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in certain circumstances, for example, if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party. This enables you to request that we transmit your personal data to another party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
Withdraw consent. Where you have provided your consent to our processing, you have the right to withdraw it at any time.
Lodge a Complaint. You also have the right to lodge a complaint with the Legal and Compliance Department of ICD if you believe that the processing of your personal data infringes upon this Notice.

How To Exercise Your Rights

If you wish to exercise any of the rights described above, please contact us through the information provided in Section IX below. You may be asked to provide some proof of identification so that we can verify that it is you making the request. We have the right to refuse your request where there is a legal basis to do so, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

SECTION VI - INTERNATIONAL DATA TRANSFERS

Our activities are such that it may be necessary for personal data to be transferred and/or processed within or outside our member countries. In circumstances where we transfer personal data, we will seek to ensure a similar degree of protection is afforded to it by ensuring that, where possible, personal data is generally transferred in one of the following circumstances:

to persons and entities in countries that have been deemed to provide an adequate level of protection for personal data;
to persons and entities to whom the transfer of such personal data is made pursuant to appropriate safeguards for the transfer of personal data; or
to persons and undertakings where relevant consent is obtained.

SECTION VII - EXTERNAL LINKS

ICD's Website and social media platforms may contain links to other websites on the Internet that are owned and operated by third parties (the "External Sites"). These links are provided solely as a convenience to you and not as an endorsement by ICD of the contents or reliability of such External Sites. You acknowledge that ICD is not responsible for the availability of, or the information and contents of any External Site. You should contact the site administrator or webmaster for those External Sites if you have any concerns regarding such links or the content located on such External Sites.

If you decide to access the linked third-party websites, you do so at your own risk. ICD does not accept liability and shall not be liable to you for any loss or damage arising from, or as a result of, your acting upon the contents of another website to which you may link from the Website services.

SECTION VIII - AMENDMENT-WAIVER

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated notice and update the notice's effective date. The most current version of our Privacy Notice at anytime will be available on our Website.

SECTION IX - CONTACT US

If you have any questions or comments about this Privacy Notice, the ways in which we collect and use your personal data, your choices and rights regarding such use, or to exercise your privacy rights, please do not hesitate to contact us at:

Email: ICD.LegalCompliance@isdb.org

Address: P.O. Box 54069, Al-Nazlah Al-Yamaniyah, Jeddah 21514, Kingdom of Saudi Arabia

Attention: General Manager, Legal and Compliance Department

You can also contact us online at: https://icd-ps.org/en/contact-us