RPA-005 — Customer Payment Processing

Processing of customer transactions including credit card payments, bank transfers, and digital wallets.

Data Details

Data Subjects

Data Volume

10,000 - 50,000 transactions/month

Data Categories

Processing Type

Collection

Automated Decision-Making

No

Legal Basis

Legal Obligation

Consent Mechanism

Transaction consent at checkout with T&C acceptance

Purpose

Processing payments for goods and services purchased by customers.

Legal Basis Detail

Saudi Payment Systems Law, SAMA Payment Regulations, and contractual necessity.

Recipients & Transfers

Cross-Border

Internal Recipients

External Recipients

Transfer Countries

Transfer Safeguards

PCI-DSS compliance, Standard Contractual Clauses with international card schemes.

Retention & Security

Retention Period

7 years for transaction records per SAMA requirements

Retention Justification

—

Security Measures

PDPL Compliance Assessment

Update →

D1 Data Subject Rights & Consent

88%

Compliant

All requirements for Data Subject Rights & Consent are met. Documentation is complete and up to date.

D2 Processing Principles & Lawful Basis

92%

Compliant

All requirements for Processing Principles & Lawful Basis are met. Documentation is complete and up to date.

D3 Data Protection & Security

95%

Compliant

All requirements for Data Protection & Security are met. Documentation is complete and up to date.

D4 Organizational Requirements & Governance

85%

Compliant

All requirements for Organizational Requirements & Governance are met. Documentation is complete and up to date.

D5 Cross-Border Data Transfer

70%

Partial

Most requirements for Cross-Border Data Transfer are addressed. Some gaps identified in documentation or process.

D6 Compliance & Accountability

90%

Compliant

All requirements for Compliance & Accountability are met. Documentation is complete and up to date.

Associated Risks

1

High Payment data breach risk from third-party gateway… Open