International Expertise… Local Insights

Privacy Notice

PERSONAL DATA PRIVACY AND PROTECTION

Dar Al Riyadh is committed to conducting its business in accordance with all applicable Data Protection laws and to respecting your privacy and protecting your personal information in line with the highest standards of ethical conduct. This document explains what personal data we collect about you, why we collect it, whom we share it, how long we keep it, and what rights you have in relation to that personal data.

 

Saudi Arabia Personal Data Protection Law (PDPL)

The Personal Data Protection Law (PDPL) aims to protect individuals' personal data privacy and regulate organizations' collection, processing, disclosure, or retention of personal data. It has been issued pursuant to Royal Decree No. M/19 dated 09/02/1443 (16/09/2021) and amended pursuant to Royal Decree No. M/148 dated 05/09/1444 (27/03/2023).

Dar Al Riyadh as a Data Controller processes personal data as per the principles stated in PDPL. This includes ensuring that there is a legal basis for processing personal data, as well as ensuring that personal data is processed consensually, fairly, lawfully, transparently, and securely. In addition, safeguards are put in place to protect personal data from loss, damage, or destruction.

 

Sources of Personal Data Collection

We collect your personal data from the following sources:

  • From employee hiring and onboarding.
  • From client engagements.
  • From vendors interactions.
  • From official authorities and government authorized sources.
  • Anonymously from our web site.
  • From registered users in our career portal.
  • From publicly available profiles in portals and services (i.e. LinkedIn).
  • From reputable and well established third parties (i.e. recruitment agencies).

 

Personal Data Content

Typically, we process the following categories of information:

Type

Details

Personal

Name, nationality, photograph, gender, birth date, place of birth, religion, family information.

Contact

Email address, residential address, original/home country/permanent address, contact telephone number.

Identity

National ID, Iqama Number, Passport number, Driver license, Visa, and any other government issue document.

Financial

Bank account number, loans, bank requests, payroll, expenses, deductions.

Security

Criminal or security history reported in a background check.

Education and Employment

Employer, title, level of education, educational institutions attended, degrees, professional certifications, prior experience and employers.

CCTV/Video

Surveillance of our premises for 30 days.

Communications

Phone numbers called and received and duration of calls. In some cases, recording of online meetings with audio and/or video.

Biometric

Face and fingerprints for access control systems.

Health

Medical history and conditions, insurance and insurance related queries and cases, certain leaves requests, and work-related injuries.

Transactions

Emails on company account, pages, documents, files and information stored or accessed on company servers, company provided online services, or company provided applications, limited tracking of site names accessed through company provided internet connections or company provided devices.

 

Purpose of Personal Data Collection

Type

Details

Employee
  • Manage employment contracts, contractual changes, and probation.
  • Manage relocation.
  • Manage emergency contact information for emergency situations. 
  • Comply with government and legal requirements.
  • Issue ID, login credentials, provide IT services and facility access.
  • Issue residency, work permits and visas to employee’s and family.
  • Manage Dar Al Riyadh Directory.
  • Administer payroll, benefits, deductions, allowances and entitlements.
  • Manage requests for leave.
  • Manage attendance.
  • Manage reimbursements for business-related expenses and travel.
  • Provide HR certificates and letters.
  • Manage performance and conflicts of interest.
  • Recognize employees’ achievements and awards.
  • Manage grievance and disciplinary cases.
  • Comply with professional certifications requirements.
  • Provide learning and development opportunities.
  • Conduct surveys to assess employee experience and competencies.
  • Promote Dar Al Riyadh to clients and the market.
  • Manage visit requests.
  • Assure HSEQ compliance.
  • Investigate and manage workplace health and safety incidents.
  • Manage illness and injury.
  • Carry out CCTV surveillance for security reasons.

Candidates
  • Contact candidate.
  • Evaluate skills and match against job requirements.
  • Schedule and perform job interviews.
  • Prepare a job offer.
  • Comply with government and legal requirements.
  • Ensure medical and security eligibility.
  • Prepare documentation for travelling and onboarding.

Clients
  • Provide products and professional services.
  • Prepare offers and proposals.
  • Prepare and sign contracts and other legal documents.
  • Invoice and collect the professional fees of product/services rendered.
  • Comply with government and legal requirements.
  • Collect client satisfaction/engagement data.
  • Maintain a proactive relationship and anticipate requirements.

Vendors
  • Procure products and professional services.
  • Receive offers and proposals.
  • Prepare and sign contracts and other legal documents.
  • Receive and pay invoices of product/services rendered.
  • Comply with government and legal requirements.
  • Rate and evaluate vendor performance.
  • Maintain a proactive relationship.

Visitors
  • Provide access to facilities.
  • Manage the logistics of the visit.
  • Assure HSEQ compliance during the visit.
  • Carry out CCTV surveillance for security reasons.

Web site users
  • Improve user experience using cookies.
  • Collect anonymous web site statistics.

 

Personal Data Marketing

We do not use personal data for unsolicited marketing or sales purposes. We do not sell or monetize in any way your personal data.

 

Necessity Of Providing Personal Data

Mandatory data will be marked as such and it needs to be provided in order to engage with Dar Al Riyadh. Failure to provide required information may prevent Dar Al Riyadh from establishing an association with the person.

 

Personal Data and Automated Processing

Personal data may be used in automated processes for triggering events based on specific data and dates (for example renewal of documentation). It may also be used to integrate and share personal data amongst different systems. Dar Al Riyadh does not use any personal data for profiling or automatic decision making.

 

Personal Data Retention Period

Dar Al Riyadh will retain your personal data for any period as mandated by the regulations, necessary for the purpose for which your personal data was collected, processed, required by law or where we may need it for our legitimate purposes such as maintaining records for analysis or audit purposes, responding to queries or complaints, defending or taking legal action and responding to requests from government.

If you exercise your option to be removed from our records, we may keep a basic record of your request to ensure that the action has been carried out.

 

Personal Data Protection & Retention Method

Dar Al Riyadh implements internal technical and organizational measures to keep personal data safe and secure including encryption, anonymization and physical security measures. We require our staff and any third parties who carry out any work on our behalf to comply with strict compliance standards including agreeing to contractual obligations to protect any personal data.

When we collect personal data, we provide a safe, secure and confidential environment to ensure that your personal data remains private, used for the purposes it was requested for, and accessible to only those authorized to process it. We have a legal obligation to keep your personal data confidential, except in circumstances where the disclosure of your personal data is imposed by a legal authority, or in circumstances where the disclosure is made with your explicit consent or through a representative nominated by you.

We use a range of measures to keep your personal data secure and protected against unlawful processing, accidental loss, destruction and damage.

When we interact with external service providers, we require them to provide the same data protection standards to be assured.

If we are knowledgeable that a breach in the security of the personal data has taken place, we will communicate with those affected and the authorities to inform and to try to remedy.

 

Personal Data Sharing

Type

Details

Subsidiary
  • For the same purpose stated in this document.

Recruiter
  • To process your selection and hiring.
  • Perform a background check.
  • Perform a health and medical evaluation.

Travel agency
  • To arrange travel documents and reservations.

Vendor
  • Provide training.
  • Provide medical insurance.
  • Provide accommodation.
  • Provide transportation or car rental.
  • Provide software, IT services and support for applications.
  • Carry out audits, 3rd party inspections and surveys.
  • Comply with signed contracts.
  • Collect statistics and optimize our web site (anonymously)
  • Provide other services or products.

Banks
  • Issue payments

Emergency contact
  • Provide details of an emergency incident.

Government
  • Provide GOSI information.
  • Provide Labor information to the Ministry.
  • Provide Tax Information to ZATCA.
  • Obtain visa and permits.
  • Carry out audits of our activities.
  • Other cases as per require by law.

Social Media
  • Promote Dar Al Riyadh.
  • Recognize merits, achievements and awards.

Legal
  • If requested by court, arbitration body, or law enforcement.

Other
  • If you request it and provide explicit consent.

 

Personal Data Transfer Outside KSA

We are headquartered in Riyadh, Kingdom of Saudi Arabia. We may transfer your personal data to other countries where we may have service providers.

When we transfer personal data, we ensure it has an appropriate level of protection by including contractual clauses to assure confidentiality and privacy.

 

Children's Personal Data Protection

We do not provide services and knowingly solicit data from our market to persons under the age of 18. Employees of Dar Al Riyadh may provide information of their children to obtain services from Dar Al Riyadh such as medical insurance or visa issuance.

 

Disclosures Required By Law, For Health, Or Safety

Consistent with the Personal Data Protection Law, Dar Al Riyadh may disclose personal data if:

  • Requested to do so by a governmental entity:
    • For security purposes.
    • To implement a law.
    • To meet judicial requirements.
  • Disclosure is necessary to protect public health or safety, including to prevent a crime or protect national security.
  • Disclosure is necessary to protect the life or health of one or more individual(s).

 

Subject's Rights

The PDPL provides you with certain rights regarding our processing of your personal data, Dar Al Riyadh will make a good faith effort to honor the rights of personal data owners and to fulfill legitimate and appropriate requests:

  • Right to know which data we collect, our contact details, the exact reason the data is being collected, the methods being used for data collection, and whether this collected data will be shared or sold.
  • Right to request correction of any data collected if it is incomplete, inaccurate, or obsolete.
  • Right to request the destruction of data collected on them. 
  • Right to withdraw your consent.

 

Contact At Dar Al Riyadh

To know more about your rights or if there is any question, issue, or request regarding this Personal Data Privacy and Protection notice, send email at privacy@daralriyadh.com.

 

Web Cookies

Cookies are pieces of information that a website transfers to the customer’s device to be able to track the users browsing activities to improve the user experience. Cookies are used both in web sites and mobile applications. Dar Al Riyadh cookies cannot look into customer’s devices and obtain information about them. Cookies cannot read any material or file kept on their device. Only when the user logs in, the cookie is associated with a specific user profile and the data collected is associated with his/her personal data.

 

Types Of Information Collected Using Cookies

Dar Al Riyadh collects the following information when customers use its website or mobile applications:

  • Browsing history.
  • Some information about customer computer and internet connection, including IP address, country, browser type, and operating system.
  • browser type.

 

Non-Compliance

Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify the Dar Al Riyadh providing a description of what occurred. Anybody who is found to have violated this document may be subject to disciplinary action, including termination of employment, and termination of contract services.

 

Personal Data Privacy and Protection Document review

Dar Al Riyadh reserve the right to make changes to this document at any time and for any reason. Any changes or modifications will be effective immediately upon posting the updated document. You are encouraged to periodically review this document to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised document by your continued use of the Dar Al Riyadh sites and services after the date such revised document is updated.