Privacy policy

Last Updated: 08/07/2024


  • “Personal Data Protection System”: means the Personal Data Protection System issued on 1443/02/09 AH corresponding to: 16/09/2021 AD by Royal Decree No. (M/19) dated 9/2/1443 AH and its subsequent amendments and its executive regulations.
  • “Personal data” or “data”: every statement - whatever its source or form - that would lead to the specific identification of an individual, or make it possible to identify him directly or indirectly, including: name, personal identification number, and addresses. Contact numbers, license numbers, records, personal property, bank account and credit card numbers, fixed or moving images of the individual, and other data of a personal nature.
  • “Personal data subject” or “user”: the individual to whom the personal data relates, his representative, or the person who has legal jurisdiction over him.
  • “Processing”: any operation performed on personal data by any means, whether manual or automated, including: collection, recording, archiving, indexing, arranging, coordinating, storing, modifying, updating, merging, retrieving, using, disclosing, transferring, and publishing. , data sharing or interconnection, blocking, erasure, and destruction.
  • “Collection”: the controller obtaining personal data in accordance with the provisions of the system, whether directly from its owner, his representative, someone who has legal guardianship over him, or from another party.
  • “Destruction” is any action that removes personal data and makes it impossible to access or retrieve it again.
  • “Disclosure”: enabling any person - other than the controller - to obtain, use or access personal data by any means and for any purpose.
  • “Transfer” means the transfer of personal data from one place to another for processing.
  • “Publishing” means broadcasting any personal data via a read, audio or visual means of publication, or making it available.
  • “Credit data” means every personal statement related to an individual’s request for financing, or his obtaining it, whether for a personal or family purpose, from an entity that practices financing, including any statement related to his ability to obtain credit, his ability to fulfill it, or his credit history.
  • “Controller”: Themaar Business Company that owns the platform and is the party that determines the purpose and manner of processing personal data.
  • “Processing Party”: Themar or any other company designated by Themar to process data on its behalf.
  • “Platform” means the debt crowdfunding platform owned by Themar Company and licensed to establish and manage it in accordance with the license issued by the Central Bank of Saudi Arabia to Themar, issued No. 75/Ash/202307. This platform can be accessed via the electronic address (
  • “Themar”: is Themar Business Crowdfunding Company, a Saudi closed joint stock company, 4030489679, Jeddah Commercial Registry Office, with its main headquarters in: Jeddah, and holds a license to practice debt crowdfunding activity from the Central Bank of Saudi Arabia No.: 75/A Sh/202307 Themar Company was established in accordance with the Companies Law 1437, issued by Royal Decree No. (M/3) dated 28 / 1 / 1437 and Council of Ministers Resolution No. (30) dated 27/1/1437, and it is considered the controlling body in accordance with the provisions of this document.
  • “Debt crowdfunding”: with the intention of collecting funds from participants through a digital platform, to grant credit through contracts to beneficiary establishments.
  • “Rules for practicing crowdfunding activity”: means the rules for practicing debt crowdfunding activity issued by the Central Bank of Saudi Arabia on the date of Jumada al-Ula 1443 AH / December 2021 AD, in accordance with the powers granted to it under the Finance Companies Control System issued by Royal Decree No. (M/51) and dated 13/8/1433 AH, and its subsequent amendments.
  • “Visitor”: a visiting user who has not logged in to the platform.

Clause One: Scope of the Agreement 

Themar is keen to provide a safe and fruitful investment experience for all users of the platform, provide the necessary protection for the confidentiality of users’ personal data, and take into account the systems in force in the Kingdom of Saudi Arabia to provide a growing investment environment, and since Themar Business Crowdfunding Company carries out crowdfunding activity through the platform it owns and can be accessed. Via the electronic address (, and since directing debt crowdfunding activity requires collecting, processing and disclosing personal data for platform users in accordance with the provisions set forth in this document and the applicable systems. Accordingly, the use of the platform by the personal data subject constitutes his acceptance of the platform’s privacy policy in accordance with the provisions set forth in this document.

Clause Two: Data Collected by the Platform 

Data collected from the visitor (user without login):

  • The name of the user's Internet service provider.
  • Internet Protocol address (IP address).
  • Information about the browser used
  • Cookies.
  • Information about how you interact with the Themar website. This may include clicks and actions. This information is not linked to any personally identifiable information.
  • Previous and next location of the user

In addition to the data collected from the visitor, the following data is collected from the user during the first login and thereafter:

  • user name.
  • Identity data and personal identification number or permanent residence.
  • Personal data such as nationality, date of birth, and gender.
  • Credit data determined by Themar from time to time, including but not limited to: IBAN or banking information.
  • Contact information such as email, phone number and address.
  • Any other data that Themar may request to enable it to practice its commercial activity of debt crowdfunding.

In all cases, Themar may request all data necessary to comply with the governing rules issued by the Central Bank of Saudi Arabia or to comply with the regulations in force in the Kingdom of Saudi Arabia from time to time.

Themar Business Crowdfunding Company, a Saudi closed joint stock company, 4030489679, Jeddah Commercial Registry Office, with its main headquarters in: Jeddah, is the entity entrusted with collecting the data subject to this document, taking into account the provisions of the Personal Data Protection System and its subsequent amendments and its executive regulations.

The user acknowledges his consent to Themar storing data, especially credit data, in his personal file linked to his account registered with the platform, and grants the platform the right to use the data and make it available to the relevant parties participating in the crowdfunding process (the beneficiary facility or the financing applicant) or the credit assessment or risk assessment bodies.

Clause Three: Purpose of Data Collection 

  • The data is collected for the purpose of allowing login to the platform to benefit from the debt crowdfunding service in accordance with the license issued to the platform by the Central Bank of Saudi Arabia, and for this it is necessary to collect the data shown above, for example.
  • Track user preferences by collecting cookies to improve the user or service recipient's experience and so that the platform is easier and better to use.
  • We may process your information to respond to your inquiries and resolve any potential problems you may have with the requested service.
  • We may process your information as part of our efforts to keep our services safe and secure, including fraud monitoring and prevention
  • Analyze user data and collect statistics to adapt to how users use the site to obtain the necessary information to improve the platform and provide it with the necessary technical support according to usage needs.
  • The user acknowledges his agreement to obtain some credit data that the platform may request from time to time, as the basic activity of the platform is to connect investors with beneficiaries requesting financing through debt crowdfunding, which requires providing the platform with some credit data necessary to conduct the crowdfunding process.
  • To obtain user feedback, the platform may display a form for an opinion questionnaire from time to time related to the services provided by the platform.
  • We may process your information to comply with our legal obligations, respond to legal requests, and exercise or defend our legal rights.
  • The platform has the right to verify the user’s personal data entered on the site and share it with the relevant verification authorities for the purpose of conducting the necessary credit evaluation operations to finance purchases, including verifying commercial records and financial transactions with suppliers and other due diligence procedures required to obtain financing and evaluation. The user's credit card, by conducting the necessary verification through government systems or any other systems; Such as the Ministry of Commerce, the Absher system, Alam, Sima or Bayan, for example, and other governmental or non-governmental platforms.

Clause Four: Data Collection Methods and Storage 

We collect some information automatically without you needing to log in, as described in the first section. This information is collected automatically when a user visits the site. This information is collected automatically to improve user experience, understand how the site is used, and for analytics and security purposes.

When registering on the site, we ask the user to fill in some necessary personal information. As described in the first item. This information is necessary to facilitate our services, such as creating and managing accounts, providing technical support, and ensuring compliance with legal requirements.

When filling out the contact form or opinion polls provided by the platform from time to time on the platform or through any of the means of communication that the user has shared with Themar.

Customer data is stored on secure cloud servers within the Kingdom of Saudi Arabia. We are committed to taking all necessary security measures to protect personal data and ensure the confidentiality and integrity of stored information. These measures include

  • Use encryption techniques to protect data during transmission and storage.
  • Restrict access to personal data to employees who need that data to perform their duties.
  • Regularly monitor security systems to prevent and respond to security breaches.

We are committed to applying legal and regulatory standards related to the protection of personal data, and we strive to ensure the highest levels of protection and privacy for our users’ data

Clause Five: Legal basis for processing personal data 

We may process personal data under the following conditions:

  • Consent: You have given your consent to the processing of personal data for one or more specified purposes.
  • Performance of a Contract: Providing Personal Data is necessary for the performance of an agreement with you and/or for any relevant pre-contractual obligations.
  • Legal Obligations: Processing personal data is necessary for compliance with a legal obligation to which the Company is subject.
  • Public interests: The processing of personal data is related to a task carried out in the public interest or in the exercise of official authority vested in the company.
  • Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by the Company.

Clause Six: Cookies

Types of cookies:

  • Necessary cookies: These cookies are necessary to store your preferences on the website. Without these cookies, you will be treated as a new user each time you visit the site.
  • Tracking cookies: We use these cookies to collect information about how you use our site, which helps us improve site performance and deliver content more relevant to your needs.

You can manage cookies through your browser settings or account settings on the platform. You can choose to accept or reject cookies, but please note that rejecting necessary cookies may affect your experience on the Site. To learn more about cookies and how to manage them, you can visit the following link:

Clause Seven: Credit Information 

Themar complies with the personal data protection system and the systems established regarding the processing of credit data in a way that ensures the preservation of the privacy of its owners and the protection of their rights stipulated in the system and the credit information system, especially notifying the personal data owner when a request to disclose his credit data is received from any party.

Clause Eight: User's rights related to his personal data, how to destroy it, and how to exercise these rights

  • The right to information, which includes informing the user of the legal or practical justification for collecting his personal data and the purpose of that, and that his data will not be subsequently processed in a way that is inconsistent with the purpose of collecting it.
  • The right to access his personal data available to the controller, which includes the user’s right to view his personal data and obtain a copy of it in a clear format that matches the content of the records and without financial compensation. After submitting a request for this to the platform, the platform will provide him with the data within the reasonable period determined by Themar.
  • The right to request that his personal data available to the controller be corrected, completed, or updated
  • The right to request the destruction of his personal data available to the controller, taking into account the contracts that the user may have concluded with the platform, where the user is obligated to keep the personal data to the extent necessary to perform his contractual obligations and until all of them are completed, taking into account the rules for practicing debt crowdfunding activity that impose an obligation The platform retains user data for a period of time after terminating the contract.
  • Right to reject the Privacy Policy and Terms and Conditions at any time: The User can reject the Privacy Policy and Terms and Conditions at any time. However, the Company may have to suspend the user's account for legal reasons if he or she rejects the policy and terms, to ensure compliance with applicable legislation and regulations.
  • Right to Opt Out of Marketing and Advertising: The User has the right to refuse to receive any marketing or advertising messages from the Company at any time
  • The right to refuse cookies: The user has the right to refuse the use of cookies on the website. However, you should keep in mind that some features of the Site may not function properly as a result.

These rights cannot conflict with or exceed regulatory requirements issued by the Central Bank

Clause Nine: Platform Obligations and Powers 

  • Themar takes the necessary organizational, administrative and technical measures and means to ensure the preservation of personal data, including when transferring it. This is in accordance with the provisions and controls specified by the regulations.
  • The controller may not process personal data without taking sufficient steps to verify its accuracy, completeness, timeliness and relevance to the purpose for which it was collected in accordance with the provisions of the personal data protection system.
  • The Platform may disclose personal data from time to time in accordance with the requirements of the data processing process. However, the Company will only disclose personal data if there is a legitimate reason to do so, and will ensure that the disclosure request is closely related to a specific purpose and contains the minimum amount of personal data necessary to achieve that purpose. In addition, the Company must carry out due diligence to protect the privacy of the personal data subject or any other individual
  • It is permissible to disclose it to credit assessment and risk assessment bodies.
  • Themar may, if an error is corrected, a deficiency is completed, or an update is made in the personal data, it may notify any other party to whom that data has been transferred of any modification occurring to it, and allow it to make that modification available.
  • Themar may retain users’ personal data for a period of no less than ten years, taking into account the periods stated in the rules for practicing debt crowdfunding activity issued by the Central Bank of Saudi Arabia.
  • The controller shall notify the user immediately upon becoming aware of the occurrence of a leak, damage to personal data, or unauthorized access to it.
  • The controller must respond to the requests of the personal data subject regarding his rights stipulated in the personal data protection system within a specified period and through an appropriate means.
  • The controlling body must conduct an evaluation of the effects of processing personal data for any product or service provided to the public, according to the nature of the activity practiced by the controlling body, and the regulations shall specify the necessary provisions for this.
  • When the control party chooses the processing party, it must be committed to choosing the party that provides the necessary guarantees to implement the provisions of the law and regulations, and it must continuously verify that party’s compliance with the instructions it directs to it in all matters related to the protection of personal data in a way that does not conflict with the provisions of the law and regulations. A company is not considered a company. Themar is responsible for the data processor’s breach of any obligations imposed by the Personal Data Protection System or related systems in force in the Kingdom of Saudi Arabia.
  • Themar may use the personal means of communication - including postal and electronic addresses - of the personal data subject in order to send advertising or awareness materials after his approval, and the user may request cancellation of this service.
  • Themar may amend the privacy policy from time to time and periodically, provided that the new user is notified.

Clause Ten: Security Measures 

Themar applies appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.

Themar regularly reviews its data security practices and updates them as needed to address new security threats.

Themar ensures that any external service providers it contracts adhere to similar security standards to protect personal data.

Clause Eleven: User Responsibilities 

  • Users are responsible for maintaining the confidentiality of their account credentials and any activities that occur under their accounts.
  • Users must immediately notify Themar of any unauthorized use of their accounts or any other security breach.
  • Users agree to provide accurate and up-to-date personal data and to update such data as needed to ensure its accuracy.

Clause Twelve: Governing Law and Dispute Resolution 

This privacy policy is governed by the laws of the Kingdom of Saudi Arabia. 

Any disputes arising from or related to this privacy policy shall be resolved through arbitration in accordance with the applicable regulations in Saudi Arabia. 

Contact Information 

Users can contact Themar for any questions or concerns regarding this privacy policy through the contact details provided on the platform (Link).