| Term | Description |
|---|---|
Personal Data | Personal Data or Personal Identifying Information (PII) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. e.g., Name, Address, Phone Number, IP Address etc. |
Sensitive Personal Data | Sensitive Personal Data or Sensitive Personal Identifying Information (SPII) is defined as information that if lost, compromised, or disclosed could potentially harm, cause inconvenience, embarrassment, or unfairness to an individual. e.g., Racial, or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sex life, and data relating to offenses, or criminal convictions etc |
Processing | Processing is any operation or set of operations which is performed upon Personal Data, whether by automatic means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. |
| Consent | Any freely given specific and informed indication of his wishes by which the Data Subject signifies agreement to Personal Data relating to him being processed. |
Data Subject | The individual to whom the Personal Data relates. |
Controller | A Controller is an entity that makes decisions about the purposes and ways of the processing of Personal Data. |
| Processor | A Processor is an entity that processes personal data on behalf of a Controller. |
Third Party | Third party, in relation to Personal Data, means any person other than the Data Subject, the Controller, or any Processor or other person authorized to process Personal Data for the Controller. |
UAE Data Protection Law (Federal Decree-Law No. 45 of 2021), Central Bank regulations (e.g., AML/CFT guidelines, cybersecurity standards), other relevant local laws (e.g., Consumer Protection Regulations).
ruya recognizes the importance of the protection of Data Subjects regarding the Processing of their personal data as a fundamental right. In this respect, ruya comply with the following principles governing the Processing of Personal Data, to ensure consistent practices, aligned with current international best standards and practices for the relevant rights of the Data Subjects.
ruya ensures that the Personal Data is processed fairly and transparently, and only adequate, relevant, and limited data is collected for specified, explicit and legitimate purposes. The data shall not be further processed in a manner that is incompatible with those purposes. Ruya warrant that collected data is accurate and kept up to date and is retained for the necessary purposes and held back beyond the specified purposes, if required by law while maintaining the security and protection of the data.
ruya shall implement appropriate organizational and technical measures to uphold the principles outlined above. ruya will integrate necessary safeguards to any data processing to meet regulatory requirements and to protect the rights of the individuals.
ruya will aim to provide the relevant data within time limit as per the compliance requirement. ruya will always verify the identity of anyone making a subject access request before handing over any information.
Necessity and proportionality of the measures to be taken to enable the Controller and Processors to process the minimal Personal Data necessary to achieve the purposes of the Processing.
Impact of the Processing on Data Subjects.
Measures that will be taken to prevent or limit the risks.
Suitability of the measures envisaged to avoid identified risks.
No fee is required to a make a request and ruya can reject the request if it is not related to the personal data or it is excessively repetitive, is in conflict with judicial procedures or investigations, risks information security and affects the privacy and confidentiality of Personal Data of third parties.
ruya do not sell or rent your personal information. ruya may share your data with:
Authorized service providers and vendors engaged to support ruya website hosting, analytics, or communication.
Regulatory authorities when required by UAE law.
Affiliates or partners where relevant to service delivery (with safeguards in place).
ruya retains personal information only as long as necessary for the purposes described in this policy or as required by law. After the retention period, data is securely deleted or anonymized.
ruya implements appropriate technical, administrative, and physical controls to protect your information against unauthorized access, loss, misuse, or alteration. These include encryption, secure hosting, access restrictions, and regular monitoring.
Under the UAE PDPL, you have the right to:
Request access to your personal data.
Request correction or deletion of your data.
Withdraw consent at any time for processing based on consent.
Object to certain types of processing.
ruya use cookies to enhance user experience. You may control or disable cookies via your browser settings. Some features of the ruya website may not function properly if cookies are disabled.
If your data is transferred outside the UAE, ruya ensure that adequate protection is in place, consistent with PDPL and international data protection principles.
The appointed DPO (Data Protection Officer) at ruya is responsible for monitoring data protection compliance, advising the organization on data processing activities, acting as a contact point for data subjects and the UAE Data Office, and ensuring adherence to relevant regulations.
Subject access requests from individuals can be made by email or a standard request form addressed to ruya at DPO@ruyabank.com.
