Fisher Investments Arabia
Privacy & Cookie Policy

Last Updated: October 2023

1. General

This Privacy & Cookie Policy (this “Policy”) is in accordance with the Personal Data Protection Law issued by Royal Decree No. M/19 dated 09/02/1443H (corresponding to 16 September 2021G) and amended by Royal Decree No. M/148 dated 05/09/1444H (corresponding to 27 March 2023G) (“PDPL”) and any regulations issued thereunder (together with the PDPL, “Privacy Laws”), and sets out how Fisher Investments Arabia and its affiliates (collectively, the “Company”) use Personal Data relating to the following natural people (“Individuals”):

• prospective clients, clients, and their representatives or legal guardian;
• website users;
• business contacts working with service providers and vendors or institutional investors; and
• Individuals who agree to participate in market research.

In this Policy, “Personal Data” means any information through which an Individual may be directly or indirectly identified. The Company is committed to privacy and will use Individuals’ Personal Data only in accordance with this Policy.

The Company can be contacted about this Policy using the following details:

Fisher Investments Arabia
Attn: Data Protection
Suite 1808-09, Building No. 7277
Level 18 Al Faisaliah Tower
King Fahad Highway
Olaya District,P.O. Box 54995
Riyadh 11524, Kingdom of Saudi Arabia
privacy@fisherinvestments.sa
+966 11 299 0580

2. Types of Personal Data

The Company collects and processes the following types of Personal Data for the following categories of Individuals:

a. Prospective clients, clients, and their representatives and legal guardian:

• The Company uses the name, address and email address of Individuals provided by third party list vendors to provide offers for the Company’s informational materials. Such Personal Data may come from public sources and/or such vendors’ private databases.
• The Company uses the name, address, telephone numbers, email address, and asset level category of Individuals who provide such information at the time that they request the Company’s informational materials, and at the time that they express an interest in services offered by the Company.
• When Individuals request that the Company provide a suitability assessment and investment strategy recommendation and/or engage the Company as discretionary investment manager, the Company uses the Personal Data provided directly by Individuals, including:
  • Information provided in the client profile document;
  • Information provided in the client agreement, account statements, account opening documents, and any instruction or mandate form with respect to the Company’s discretionary investment management service;
  • Information provided to employee representatives of the Company in-person and by telephone, including information the Company may request from time to time to assist in providing services to the Individual.
• To conduct a suitability assessment and design a recommended investment strategy for Individuals, as well as conduct ongoing suitability assessments for clients, the Company uses information provided by Individuals about their mental and physical health (“Health Data”), including in the context of conducting a proprietary assessment of an Individual’s life expectancy and any impact on the investment time horizon for the Individual’s assets.
• The Company is required under the Anti-Money Laundering Law (issued by Royal Decree No. (M/20) dated 05/02/1439H (corresponding to 25 October 2017G)) and the Combating Terrorism Crimes and their Financing Law (issued by Royal Decree No. (M/21) dated 12/02/1439H (corresponding to 1 November 2017G)), and their corresponding implementing regulations thereunder and related rules of the Capital Market Authority (collectively “AML/CTF Laws”) to carry out identity verification, sanctions checks, and anti-money laundering and anti-terrorist financing screens. Accordingly, the Company use the name, date of birth and address provided by Individuals seeking to become clients to perform identity verification and a sanctions and anti-money laundering check using the services of a third party service provider, which may reveal information relating to criminal convictions or offences.
• The Company is required under the Capital Market Institutions Regulations issued pursuant to Resolution No. 1-83-2005 dated 28 June 2005 under the Capital Market Law issued by Royal Decree No. M/30 dated 12 August 2020 (“Capital Market Regulations”) to record telephone conversations with clients or prospective clients in relation to securities business. Accordingly, telephone calls between Individuals who may be considered clients or prospective clients and the Company will be recorded.
• Where an organization or some other legal entity seeks to become or becomes a client, the Company uses business contact information and other identifying information about the Individuals representing the organization or legal entity in its dealing with the Company.

b. Website users:

• The Company places ads on publishers’ websites or within email content, either directly through the publisher or via a third party. As a result of Individuals interacting with the advertising content, ad server companies will collect Individuals’ domain types, IP address, and clickstream data.
• The Company uses cookies and other online tracking technologies, such as pixels, tags and web beacons that collect information about Individuals’ internet browsing habits and history (collectively referred to in this Policy as “cookies”). For more information, please see Section 8.

c. Business contacts at service providers and vendors or institutional investors:

In dealing with service providers and vendors, the Company obtains information about the Individual representing the service provider or vendor or institutional investor, including name, title, name, address, telephone and fax numbers and email address.

d. Individuals who agree to participate in market research:

When Individuals agree to participate in market research, the Company use information about Individuals’ marketing, investment and servicing preferences. Such data is provided directly by Individuals to the Company or to a third party service provider engaged by the Company to conduct such market research

3. Use of Personal Data

a. Purposes and Lawful Bases

The Company processes Individuals’ Personal Data for the following purposes, and upon the legal bases set out in the table below:

Individuals’ Personal Data will not be subsequently processed in a manner inconsistent with the above purposes or in cases other than those stated in Article (10) of the PDPL, including without limitation, with consent, where the Personal Data is publicly available or was collected from a publicly available source, as required for public interest or security purposes or to implement another law or fulfill judicial requirements, to protect the health or safety of the public or specific individuals, or to achieve the legitimate interests of the Company.

Where the Company relies upon its ‘legitimate interest’ as a legal basis for a particular purpose, the Company does so without prejudice to the rights and interests of the Individuals, and provided that no Sensitive Data is to be processed.

b. If Individuals fail to provide Personal Data

Where the Company collects Personal Data to comply with a legal obligation or to provide services, and the Individual does not provide such data, the Company may not be able to provide services and may need to terminate the agreement. The Company will notify the Individual if this is the case at the time. If an Individual requesting informational materials together with ongoing insights does not consent to receiving the same, the Company will not be able to provide such materials/insights.

4. Sharing of Personal Data

a. Who will the Company share Personal Data with?

The Company will not sell or lease Individuals’ Personal Data to third parties.

For the purposes listed in Section 3 above, the Company may share Individuals’ Personal Data with:

• One or more Fisher Group companies providing services to the Company, including without limitation:
  • The Company’s parent company in the United States (“US”), Fisher Asset Management, LLC;
  • The Company’s sister company in the United Kingdom (“UK”), Fisher Investments Europe Limited;
  • The Company’s sister companies in the European Union (“EU”), including Fisher Investments Ireland Limited and Fisher Investments Luxembourg, Sàrl.
• Authorized vendors, service providers, contractors and representatives, as follows:
  • Custodians that hold custody of clients’ assets managed by the Company or in which the Company invests clients’ assets, as well as custodians, brokers and dealers that execute trade order instructions for clients. 
  • Sanctions screening and identity verification companies that carry out the sanctions and anti-money laundering checks on behalf of the Company as described above in Section 3.
  • Information technology and security providers, such as communications, operating, portfolio management, client management and other systems and software related to the Company’s activities, internet firewall, and malware detection providers.
  • Marketing service providers, including website host Company that collect Personal Data on behalf of the Company from Individuals interested in the Company’s informational materials, social media platforms, merge-purge service providers that ensure mailing lists are accurate, and mailing service providers that send mail to Individuals on behalf of the Company.
  • Providers of third party professional advice, such as lawyers and auditors.

Such service providers will generally be located in the Kingdom of Saudi Arabia (“KSA”), US, Canada, EU or UK (“Approved Countries”), and to the extent they are providing a regulated service, subject to applicable local financial services laws.

• Courts and tribunals, as described above in Section 3.
• Regulators (including the relevant financial regulators), tax authorities, other government agencies, and law enforcement organizations, as described above in Section 3, which will generally be located in the Approved Countries.

b. What safeguards are in place where Personal Data is transferred outside of the KSA?

Where the Company transfers Personal Data to a data recipient in a jurisdiction outside of the KSA where the laws do not provide an equivalent level of data protection as the KSA, the Personal Data will be transferred in accordance with Standard Contractual Clauses that provide a sufficient level of protection for Personal Data or to the extent necessary for the performance of an agreement to which the Individual is party or necessary for the public interest or in connection with the investigation, detection or prosecution of crimes, together with a risk assessment of such transfer.

5. Consent

Individuals who consent to the Company using their Personal Data may withdraw that consent at any time. Individuals may do so via the Company’s online form at https://www.fisherinvestments.com/ar-sa/campaigns/unsubscribe/zu or using the details set out in Section 1 above.

When doing so, Individuals should:

• ensure that a full name and address and/or email address is provided in exactly the form in which it was originally provided to the Company to avoid any possible confusion with a different Individual; and
• ensure that the particular uses for which consent is being withdrawn are specified. The uses for which the Company relies on consent are set out in Section 3.

Individuals may also unsubscribe from direct email marketing via the Company’s online form at https://www.fisherinvestments.com/ar-sa/unsubscribe.

6. Individuals’ Rights

Under the Privacy Laws, in addition to the right to be informed of the matters set out in this Policy, Individuals have the following rights in relation to their Personal Data that the Company holds:

• To access their Personal Data held by the Company;
• To request obtaining their Personal Data held by the Company in a readable and clear format;
• To request correcting, completing or updating their Personal Data held by Company;
• To request the erasure of their Personal Data held by the Company when such Personal Data is no longer needed by the Company.

To exercise these rights, Individuals should contact the Company using the details set out in Section 1 above. In such case, Individuals should ensure that the full name and address and/or email address are provided in exactly the form in which they were originally provided to the Company to avoid any possible confusion with a different Individual.

7. Security

The Company is committed to ensuring that Personal Data is secure. In order to prevent unauthorized access or disclosure, the Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Data collected. The Company also uses encryption when collecting or transferring sensitive data. The Company stores Personal Data locally, in the KSA, in the cloud and servers located in the Approved Countries.

8. How Long Data Will Be Kept

The Company retains Personal Data until the lapse of the specific period for which there was a legal basis for retaining such Personal Data or until the purpose of the collection of the Personal Data is satisfied, whichever is later. As detailed in Section 3 above, legal basis may include implementing an agreement, complying with Applicable Law, in connection with judicial procedures, and for the Company’s legitimate interests. Following the end of the retention period, Personal Data will be destroyed in accordance with the Company’s record retention schedule.

8. How Long Data Will Be Kept

The Company retains Personal Data until the lapse of the specific period for which there was a legal basis for retaining such Personal Data or until the purpose of the collection of the Personal Data is satisfied, whichever is later. As detailed in Section 3 above, legal basis may include implementing an agreement, complying with Applicable Law, in connection with judicial procedures, and for the Company’s legitimate interests. Following the end of the retention period, Personal Data will be destroyed in accordance with the Company’s record retention schedule.

9. Cookies

A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity and browsing habits. Depending on the information they contain and user behaviour, cookies may be used to identify the user.

Cookies can be categorized by who places them:

• First-party cookies: These cookies are downloaded to a user’s computer (or other device) by the publisher of the website whose service the user is requesting.
• Third-party cookies: These cookies are downloaded to a user’s computer (or other device) by another entity that may be seeking data obtained through cookies.

Cookies can also be categorized by their duration:

• Session cookies: These cookies are designed to collect and store data while the user accesses a website. They are often used to store information for the duration of a visit to the website (e.g. what account user is logged into). Once a user leaves the website, the session cookie is deleted.
• Persistent cookies: These cookies store data on the user’s computer (or other device) for the duration period set within the cookie’s file, which is determined by the entity controlling the cookie and can range from a few minutes to several years, or until the user manually deletes them.

Lastly, cookies can be categorized by the function they serve. The Company uses the following types of first- and third-party cookies:

• Required: Required cookies are necessary to enable the basic features of this site to function. They keep track of whether or not a user has consented to have other types of cookies placed on their computer (or other device). Required cookies do not collect Personal Data. Required cookies may also include authentication cookies.
• Statistical: Statistical cookies analyze pseudonymized site statistics. They enable measuring the number of visitors and analyzing how users interact with the website. This information is used to improve the website and the products or services offered.
• Marketing: Marketing cookies are used to understand user interests, provide relevant ads, and make a user’s online experience more enjoyable. They can be used to build a user profile to provide users with content more relevant to their interests. They adapt advertising and the content users see on other websites based on their website browsing habits, as well as how users interact with internet advertising.
• Preferences: Preferences cookies allow the website to personalize website content, such as the language selected for viewing the page. These also save a user’s cookie preference settings.

The Company uses first- and third-party required, statistical, and marketing and preferences cookies. The following vendors load cookies on this website:

• Sitecore

For further information on cookies and to manage them, please click here.

Some browsers have a “Do Not Track” setting that allows users to send a signal to the websites they visit that the user does not wish to be tracked. The Company’s website does not respond to these signals.

10. Social Media

The Company maintains a presence on various social media platforms. The terms and conditions set by the operators of the various platforms apply to the Company and any Individuals who interact with the Company through the platforms. These platforms collect and analyze interests expressed by their users and combine it with information provided by the Company to optimize marketing. More information about the privacy practices of these social media platforms is available below, including information about interest-based advertising.

• Facebook: The Company is subject to an agreement with Facebook Ireland Limited, which determines their respective responsibilities with respect to Personal Data. Facebook Ireland Limited is responsible for enabling Individuals’ rights with respect to Personal Data it stores. Information about how Facebook processes Personal Data is available at https://www.facebook.com/about/privacy. The terms applicable to the various Facebook products set out the purposes for which Personal Data is collected and transmitted. More information on interest-based advertising is available at https://www.facebook.com/settings/ads.
• LinkedIn: Information about how LinkedIn processes Personal Data is available at https://www.linkedin.com/legal/privacy-policy. More information on interest-based advertising is available at https://www.linkedin.com/help/linkedin/answer/a1342443.
• Instagram: Information about how Instagram processes Personal Data is available at https://www.instagram.com/legal/privacy.
• YouTube: Information about how YouTube processes Personal Data is available at https://policies.google.com/privacy. More information on interest-based advertising is available at https://www.youtube.com/intl/ALL_uk/howyoutubeworks/user-settings/ad-settings/.
• Twitter: Information about how Twitter processes Personal Data is available at https://twitter.com/privacy.
• Google: Information about how Google processes Personal Data is available at https://policies.google.com/privacy. More information on interest-based advertising is available at https://adssettings.google.com/anonymous?hl=en.

11. Changes to Privacy & Cookie Policy

From time to time, the Company may use Personal Data for new, unanticipated uses not previously disclosed in this Policy to the extent permitted by law. If its practices regarding Personal Data change at some time in the future, the Company will post the changes to https://www.fisherinvestments.com/ar-sa/privacy.