Privacy Policy

Privacy Professionals

Privacy Professionals is a Saudi company specialized in the protection of personal data in accordance with the provisions of the Saudi Personal Data Protection Law and its Regulations. The company is committed to implementing the regulatory controls and approved standards to ensure the confidentiality and security of the data we collect and process.

This Policy clarifies how the company handles personal data in line with the applicable laws, ensuring transparency and compliance with the regulations in force.

This Policy sets out the fundamental rules for the collection, processing, and protection of personal data in accordance with the provisions of the Saudi Personal Data Protection Law. It also clarifies the standards governing the handling of personal data of individuals who interact with Privacy Professionals, including clients, partners, employees, contractors, and users.

This Policy applies to all personal data collected or processed by the company through its digital platforms or any other channels.

We collect personal data from several sources, including but not limited to the following:

Information Provided by the Data Subject
Personal data is collected directly when you register an account, contact us, or complete forms and surveys.

Data Collected Automatically
This includes data collected while using our digital platforms, such as device information, IP addresses, usage logs, and cookies.

Data Provided by Third Parties
We may obtain certain data from trusted entities that work with us, such as service providers or partners who assist in delivering and improving our services.

Data Derived from Interaction with Services
Such as information collected when using specific features within our digital platforms or when interacting with content.

Publicly Available Sources
Certain personal data may be collected from publicly available sources, such as official websites, government databases, social media platforms, or other publicly accessible sources.

Personal Data We Collect

Such as your name, national ID number, residence permit number, and passport number.

Such as your mobile number, email address, and other contact details.

Such as your IP address, device type, operating system, and browser used.

Such as patterns of interaction with our services, pages visited, and the time and date of activity.

 
 

Such as bank card number, financial transaction details, and payment methods used.

Such as account preferences and customized service options.

We collect personal data from several sources, including but not limited to the following:

Information Provided by the Data Subject
Personal data is collected directly when you register an account, contact us, or complete forms and surveys.

Data Collected Automatically
This includes data collected while using our digital platforms, such as device information, IP addresses, usage logs, and cookies.

Data Provided by Third Parties
We may obtain certain data from trusted entities that work with us, such as service providers or partners who assist in delivering and improving our services.

Data Derived from Interaction with Services
Such as information collected when using specific features within our digital platforms or when interacting with content.

Publicly Available Sources
Certain personal data may be collected from publicly available sources, such as official websites, government databases, social media platforms, or other publicly accessible sources.

Purposes for the Collection and Processing of Personal Data

Personal data is collected and processed for a range of legitimate purposes, including but not limited to the following:

Such as processing requests, verifying identity, granting access to services, and ensuring the provision of necessary support.

 
 

Such as managing accounts, executing financial transactions, issuing invoices, and performing updates to ensure service continuity.

 
 

Such as fulfilling legal and regulatory obligations, verifying compliance with applicable laws, responding to official requests, and conducting internal audits.

 
 

Through data analysis, understanding customer needs, and delivering tailored experiences.

 
 

Such as implementing encryption technologies and threat detection systems to prevent unauthorized access or misuse of personal data.

Directly when you register an account, contact us, or complete forms and surveys.

 
 

The company relies on the legal bases specified in the Saudi Personal Data Protection Law and its Regulations for the collection and processing of personal data. These include the explicit consent of the data subject, the performance of contractual obligations, and compliance with legal and regulatory requirements.

Processing may also be carried out on any other legal basis permitted by law, in a manner that serves a legitimate purpose and safeguards the rights of data subjects.

Personal data is processed in accordance with controls and procedures that ensure it is handled in a structured and purpose-specific manner.

The data is stored within secured systems subject to strict access controls and is managed in line with clear policies governing retention and deletion periods.

Personal data may also be used for analytical purposes to improve and develop service quality, while ensuring that its use is limited strictly to what is necessary to achieve the specified purposes.

We ensure that personal data is stored and retained in secure environments within the Kingdom of Saudi Arabia or through approved cloud service providers. We implement encryption measures and advanced security controls to prevent unauthorized access, loss, or damage to personal data.

When personal data is no longer required, digital data is securely disposed of using appropriate methods, such as permanent deletion from systems. Paper-based data is used only when necessary, stored in secure and restricted locations, and destroyed by shredding or other methods that prevent its recovery once the purpose has been fulfilled.

 

We conduct periodic reviews of storage and disposal processes to ensure compliance with best practices and approved controls.

The Privacy Professionals website uses cookies to enhance the quality of the services provided and to improve the user browsing experience. When you visit the website, a cookie notice may be displayed to inform you of their use.

By selecting “Accept,” you consent to the use of cookies for the purposes described. You may choose “رفض” (Reject) if you do not wish to allow the use of cookies.

Cookie Management

You may manage or control cookies at any time by adjusting your web browser settings, including accepting, blocking, deleting, or restricting the use of cookies, in accordance with the instructions available within your browser settings.

Please note that disabling or rejecting certain cookies may affect the availability of some website features or the efficiency of your browsing experience. 

Rights of Data Subjects

The data subject has the right to be informed of the legal basis for collecting their personal data, the specific purposes of its processing, how it will be used, the retention period, and the entities with whom the data may be shared, if any, in addition to their rights related to such data, in order to ensure transparency.

The data subject has the right to access their personal data held by us and to obtain information regarding its processing, including the purposes of processing, the categories of personal data processed, and the entities with whom it has been shared, where applicable, in accordance with the procedures set out in the Law.

 
 

The data subject has the right to request a copy of their personal data held by us, provided that such request is made in accordance with the procedures specified in the Law and its relevant Regulations.

 
 

The data subject has the right to request the correction of their personal data if it is inaccurate or incomplete, subject to providing evidence supporting the requested correction.

 
 

The data subject has the right to request the erasure of their personal data in cases permitted by the Law, such as when the purpose for which it was collected has been fulfilled or when consent is withdrawn where processing is based on consent.

The data subject has the right to withdraw their consent to the processing of their personal data at any time where processing is based on consent. Such withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.

We are committed not to share your personal data with any external entity or third party except in cases permitted by law, including but not limited to the following:

Compliance with Security and Judicial Requirements
We may disclose personal data to competent security or judicial authorities where there is a legal obligation or an official request requiring such disclosure, and strictly within the limits prescribed by applicable laws, to safeguard public interest or to enforce legal procedures.

Engagement with Service Providers
Personal data may be shared with entities that provide services on our behalf, such as data processors or technical support providers, in accordance with applicable legal controls. Such parties are bound by strict contractual agreements that include data protection and confidentiality obligations.

Processing of Financial Transactions
Payment data may be shared with trusted financial service providers that comply with recognized security standards, such as PCI DSS, to ensure the protection of data during the execution of financial transactions.

Data Sharing Under Formal Legal Agreements
Personal data shall not be shared with any other party except pursuant to a formal agreement specifying the scope of sharing, usage controls, and protection requirements, such as a Data Sharing Agreement (DSA) or any other agreement required under applicable law, to ensure compliance with personal data protection standards.

Personal data is shared with other parties only in cases permitted by law and after taking the necessary measures to ensure its protection. Disclosure of personal data to competent security or judicial authorities may occur without the consent of the data subject where a lawful basis exists, in accordance with the provisions of the Saudi Personal Data Protection Law.

Lawfulness, Fairness, and Transparency
Personal data is processed in a fair and lawful manner, with transparency regarding how it is collected and used.

Purpose Limitation
Personal data is collected and processed for specific and legitimate purposes and shall not be used for purposes incompatible with the original purpose.

Data Minimization
The collection and processing of personal data are limited to what is necessary to achieve the specified purposes.

Accuracy
Personal data is kept up to date, and appropriate measures are taken to correct any inaccurate information.

Storage Limitation
Personal data is retained only for as long as necessary and is destroyed or anonymized once the purpose of processing has been fulfilled.

Integrity and Confidentiality
Appropriate security measures are implemented to protect personal data from unauthorized access, loss, or damage.

Accountability
The company is committed to documenting personal data processing activities and demonstrating compliance with these principles by implementing necessary measures and maintaining relevant records.

 
 

In the event of any incident resulting in a personal data breach, the company shall promptly assess the incident and take the necessary measures to mitigate its impact, in accordance with its comprehensive data breach management framework.

The company shall notify the competent authority within 72 hours from the time it becomes aware of the incident, where the breach results in serious harm or affects the rights of data subjects, in accordance with the provisions of the Saudi Personal Data Protection Law and its Regulations. Where required, affected data subjects shall also be notified, with an explanation of the nature of the incident and the measures taken to address it and mitigate its potential impact.

The company shall document all personal data breach incidents, conduct a thorough investigation into their causes, and implement the necessary measures to strengthen protection and prevent recurrence in the future.

Data subjects may exercise their statutory rights or submit inquiries related to the processing of their personal data by contacting us via email at: DPO@ppros.com.sa.

The company is committed to reviewing and responding to all requests within a reasonable period ranging from 7 to 15 business days.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.