Privacy Policy

Privacy Professionals

Privacy Professionals is a Saudi company specialized in providing integrated solutions in the fields of personal data protection, data management and governance, and AI governance, in accordance with the Saudi Personal Data Protection Law, its Implementing Regulations, the requirements of the National Data Management Office, and relevant legislation. The company is committed to applying best practices, regulatory controls, and recognized standards to ensure the confidentiality and security of the data collected and processed.

This Policy explains how the company handles personal data in line with applicable laws and regulations, ensuring the highest levels of transparency, reliability, and full compliance with the requirements in force.

This Policy sets out the fundamental rules for the collection, processing, and protection of personal data in accordance with the provisions of the Saudi Personal Data Protection Law. It also clarifies the standards governing the handling of personal data of individuals who interact with Privacy Professionals, including clients, partners, employees, contractors, and users. This Policy applies to all personal data collected or processed by the company through its digital platforms or any other channels.

The Company: We, Privacy Professionals.

Personal Data: Information relating to you, such as your name, email address, or phone number, that can be used to identify you directly or indirectly.

Data Subject: You, the individual to whom the personal data relates.

Processing: Any operation we perform on your personal data, such as collecting, storing, using, or sharing it.

Consent: Your clear permission for us to use your data in a specific way, which you may withdraw at any time.

Disclosure: Sharing your data with other parties, such as government entities, when necessary in accordance with applicable laws and regulations.

Personal Data We Collect

It includes the email address, which is collected when completing the contact form available on the website, when contacting us directly through the company’s official email addresses, or when using our digital services and requesting the privacy policy drafting service.

Such as your IP address, device type, operating system, and browser used.

Such as patterns of interaction with our services, pages visited, and the time and date of activity.

Such as account preferences and customized service options.

We collect personal data from several sources, including but not limited to the following:

Information Provided by the Data Subject
Personal data is collected directly when you register an account, contact us, or complete forms and surveys.

Data Collected Automatically
This includes data collected while using our digital platforms, such as device information, IP addresses, usage logs, and cookies.

Data Provided by Third Parties
We may obtain certain data from trusted entities that work with us, such as service providers or partners who assist in delivering and improving our services.

Data Derived from Interaction with Services
Such as information collected when using specific features within our digital platforms or when interacting with content.

Publicly Available Sources
Certain personal data may be collected from publicly available sources, such as official websites, government databases, social media platforms, or other publicly accessible sources.

Purposes for the Collection and Processing of Personal Data

Personal data is collected and processed for a range of legitimate purposes, including but not limited to the following:

Such as processing requests, verifying identity, granting access to services, and ensuring the provision of necessary support.

 
 

Such as managing accounts, executing financial transactions, issuing invoices, and performing updates to ensure service continuity.

 
 

Such as fulfilling legal and regulatory obligations, verifying compliance with applicable laws, responding to official requests, and conducting internal audits.

 
 

Through data analysis, understanding customer needs, and delivering tailored experiences.

 
 

Such as implementing encryption technologies and threat detection systems to prevent unauthorized access or misuse of personal data.

Directly when you register an account, contact us, or complete forms and surveys.

 
 

The company relies on the legal bases specified in the Saudi Personal Data Protection Law and its Regulations for the collection and processing of personal data. These include the explicit consent of the data subject, the performance of contractual obligations, and compliance with legal and regulatory requirements.

Processing may also be carried out on any other legal basis permitted by law, in a manner that serves a legitimate purpose and safeguards the rights of data subjects.

Personal data is processed in accordance with controls and procedures that ensure it is handled in a structured and purpose-specific manner.

The data is stored within secured systems subject to strict access controls and is managed in line with clear policies governing retention and deletion periods.

Personal data may also be used for analytical purposes to improve and develop service quality, while ensuring that its use is limited strictly to what is necessary to achieve the specified purposes.

We ensure that personal data is stored and retained in secure environments within the Kingdom of Saudi Arabia or through approved cloud service providers. We implement encryption measures and advanced security controls to prevent unauthorized access, loss, or damage to personal data.

When personal data is no longer required, digital data is securely disposed of using appropriate methods, such as permanent deletion from systems. Paper-based data is used only when necessary, stored in secure and restricted locations, and destroyed by shredding or other methods that prevent its recovery once the purpose has been fulfilled.

We conduct periodic reviews of storage and disposal processes to ensure compliance with best practices and approved controls.

The Privacy Professionals website uses cookies to enhance the quality of the services provided and to improve the user browsing experience. When you visit the website, a cookie notice may be displayed to inform you of their use.

By selecting “Accept,” you consent to the use of cookies for the purposes described. You may choose “رفض” (Reject) if you do not wish to allow the use of cookies.

Cookie Management

You may manage or control cookies at any time by adjusting your web browser settings, including accepting, blocking, deleting, or restricting the use of cookies, in accordance with the instructions available within your browser settings.

Please note that disabling or rejecting certain cookies may affect the availability of some website features or the efficiency of your browsing experience. 

Rights of Data Subjects

The data subject has the right to be informed of the legal basis for collecting their personal data, the specific purposes of its processing, how it will be used, the retention period, and the entities with whom the data may be shared, if any, in addition to their rights related to such data, in order to ensure transparency.

The data subject has the right to access their personal data held by us and to obtain information regarding its processing, including the purposes of processing, the categories of personal data processed, and the entities with whom it has been shared, where applicable, in accordance with the procedures set out in the Law.

 
 

The data subject has the right to request a copy of their personal data held by us, provided that such request is made in accordance with the procedures specified in the Law and its relevant Regulations.

 
 

The data subject has the right to request the correction of their personal data if it is inaccurate or incomplete, subject to providing evidence supporting the requested correction.

 
 

The data subject has the right to request the erasure of their personal data in cases permitted by the Law, such as when the purpose for which it was collected has been fulfilled or when consent is withdrawn where processing is based on consent.

The data subject has the right to withdraw their consent to the processing of their personal data at any time where processing is based on consent. Such withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.

We are committed not to share your personal data with any external entity or third party except in cases permitted by law, including, without limitation, the following:

Compliance with Security and Judicial Requirements: We may disclose personal data to the competent security or judicial authorities where there is a legal obligation or an official request requiring such disclosure, and only to the extent required under the applicable laws and regulations, in order to safeguard security interests or implement legal procedures.

Engagement with Service Providers: Data may be shared with entities that provide services on our behalf in specific cases, such as processing financial transactions in accordance with applicable regulatory controls. In such cases, payment data is shared with trusted financial service providers that comply with recognized security standards, such as PCI DSS, to ensure the protection of data during the execution of financial transactions. Such sharing is carried out in accordance with regulatory requirements and under strict contractual agreements that include data protection and confidentiality obligations.

Data Sharing Pursuant to Regulated Legal Agreements: Personal data is not shared with any other party unless a dedicated agreement has been signed specifying the scope of sharing, conditions of use, and protection requirements, such as a Data Sharing Agreement (DSA) or any other agreement required by law, to ensure the application of personal data protection standards.

Personal data is shared with other parties only in cases permitted by law and after taking the necessary measures to ensure its protection. As for disclosure of personal data, it may be made to the competent security or judicial authorities without the consent of the data subject where there is a legal basis requiring such disclosure, provided that this is carried out in accordance with the provisions of the Personal Data Protection Law in the Kingdom of Saudi Arabia.

Lawfulness, Fairness, and Transparency
Personal data is processed in a fair and lawful manner, with transparency regarding how it is collected and used.

Purpose Limitation
Personal data is collected and processed for specific and legitimate purposes and shall not be used for purposes incompatible with the original purpose.

Data Minimization
The collection and processing of personal data are limited to what is necessary to achieve the specified purposes.

Accuracy
Personal data is kept up to date, and appropriate measures are taken to correct any inaccurate information.

Storage Limitation
Personal data is retained only for as long as necessary and is destroyed or anonymized once the purpose of processing has been fulfilled.

Integrity and Confidentiality
Appropriate security measures are implemented to protect personal data from unauthorized access, loss, or damage.

Accountability
The company is committed to documenting personal data processing activities and demonstrating compliance with these principles by implementing necessary measures and maintaining relevant records.

 
 

In the event of any incident resulting in a personal data breach, the company shall promptly assess the incident and take the necessary measures to mitigate its impact, in accordance with its comprehensive data breach management framework.

The company shall notify the competent authority within 72 hours from the time it becomes aware of the incident, where the breach results in serious harm or affects the rights of data subjects, in accordance with the provisions of the Saudi Personal Data Protection Law and its Regulations. Where required, affected data subjects shall also be notified, with an explanation of the nature of the incident and the measures taken to address it and mitigate its potential impact.

The company shall document all personal data breach incidents, conduct a thorough investigation into their causes, and implement the necessary measures to strengthen protection and prevent recurrence in the future.

Data subjects may exercise their statutory rights or submit inquiries related to the processing of their personal data by contacting us via email at: DPO@ppros.com.sa.

The company is committed to reviewing and responding to all requests within a reasonable period ranging from 7 to 15 business days.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.