Privacy Notice

Last updated Sep 30, 2024

1. Introduction

Your privacy is important to sirar (hereafter referred as “sirar” or “we” or “our” or “us”). In this notice “You” or “Your” refers to data subject (customers, vendors, partners, website visitors…etc.) whose Personal Data is processed by us. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and we work hard to protect your information and put you in control.

This privacy notice explains the Personal Data we handle, how we process it, and for what purposes. It is formulated in accordance with the Personal Data Protection Law and regulations in the Kingdom of Saudi Arabia to help you understand the nature of Personal Data we collect from you and how this Personal Data will be treated by us. For the purposes of this privacy notice, “Personal Data” means “Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.”

This privacy notice applies to all our sectors and business units. All our staff, contractors, and vendors working either on a permanent or temporary basis are obliged to follow the outlined standards.

2. Why We Collect and Use Your Personal Data

To provide you the highest standard of service and products, we collect and use your Personal Data on the basis of the following legal grounds:

a) Consent
Personal Data processing after obtaining your consent (e.g., for sales and marketing purposes).

b) Contract
Personal Data processing to fulfil our contractual obligations for the performance of a service agreement to which you are a party.

c) Actual Interests
Personal Data processing serves your actual interests, but communicating with you is impossible or difficult.

d) Legal Obligation
Personal Data processing is required to comply with regulatory requirements including but not limited to national security and protection of public health or to satisfy judicial requirements or to respond to a lawsuit.

e) Legitimate Interests
Personal Data processing is necessary for the purpose of our legitimate interests. Legitimate interest means the interest of sirar in conducting and managing business and to enable us to give you the best services and most secure experience.
The purposes of the Personal Data collection shall include the following:

a) For enabling us to develop, enhance, market and/or deliver products and services to you.

b) For enabling and supporting our operation and systems to ensure continuity and quality to our services and providing accurate billing and enabling us to process payments for products and services.

c) For understanding your needs as customers and your eligibility for products and services and recommend products and services that would be relevant to you.

d) For communicating new products and services launched.

e) For resolving any queries or complaints you may have and allows us to provide you a personalized customer experience across all our channels.

f) To provide reports to third parties and/or our enterprise clients where such reports don’t contain any personal information about you or any information that may identify you as a person in accordance with international and local law. For Credit Checks in certain scenarios e.g., when contracting for any new products or services, and we sometimes supplement the information we collect about you with information from other sources to assess the accuracy of the information that we hold e.g., data from governmental entities.

In addition, we may work with other entities to ensure a quality of service is provided. If your Personal Data is disclosed to these entities, it shall be restricted to the purposes specified in this privacy notice for which you have provided consent.

3. What Personal Data We Collect and Use

We collect Personal Data from you, through our interactions with you and through our products. You provide some of this Personal Data directly, and we get some of it by collecting data about your interactions, use, and experiences with our services.
The main types of Personal Data we collect from you and your use includes:

a) Personal Data required when registering with our services (such as name,
e-mail address, address, phone number, date of birth, nationality, gender).
This is mandatory to collect.

b) Personal Data required for you to use of our services, websites, or mobile apps (such as cookies and usage data).
This is mandatory to collect.

c) Personal Data exchanged during communications with you (such as customer support requests and feedback).
This is optional to collect.

d) Device data for product recommendations and solving technical complaints (such as Device ID).
This is mandatory to collect.

e) Personal Data required to improve operational services and resolve network-related complaints (such as location data).
This is optional to collect.

f) Personal Data captured through video surveillance such as your identity and image data. We may perform video surveillance to ensure the safety and security of our employees, visitors, and business partners present in our offices and premises.
This is optional to collect.

g) Such Personal Data is only processed for the purpose for which the Personal Data is collected. However, we may collect your Personal Data indirectly or process Personal Data for a purpose other than that for which the Personal Data is collected in the following cases:
a) If you consent in accordance with the provision of the Personal Data Protection Law.

b) If the Personal Data is publicly available, or collected from a publicly available source, without prejudice to the provisions of the Personal Data Protection Law.

c) If compliance with the above restriction may cause harm to you or affect your vital interests, as set out in the applicable regulations.

d) If the collection or processing of Personal Data is necessary to protect public health, public safety, or public interest, or to protect your life or health.

e) If the Personal Data will not be recorded or stored in a form that makes it possible to identify you directly or indirectly.

f) If the collection or processing of the Personal Data is necessary to achieve our lawful interests or of any other party, without prejudice to your rights or interests and provided that the Personal Data is not sensitive Personal Data, in accordance with the rules and provisions set out in the regulations.

4. How We Collect Your Personal Data

We may collect your Personal Data through the following ways:

a) Product and Services – When you register, use or sign a contract to become our customer and use one of our products or services.

b) Direct Interactions – When you complete a form and send it to us via our website, mobile apps, by email, post or via a phone call to our call center.
This includes any Personal Data you provide to us when making an enquiry or taking part in a promotion or marketing activity.

c) Conferences/Events – When you register and submit your Personal Data during sirar’s participation in some events/conferences to know more about sirar’s update, products & services, or insights.

d) Browsing – Data about how you are using our website, including the date and time of your visit, the type of Internet Browser you use and how you were referred to our web site.

e) Web Surveys – Our online web surveys enable us to gather specific data regarding issues such as your feedback on the look and feel of our website and mobile apps. Additionally, we may also request information on several elements of our customer service. Your feedback is vital, appreciated and enables us to enhance the quality of customer service we provide. The provision of your name and other details is optional.

f) Telecommunication Network – When you use our networks.

g) Recruitment – When you share your Personal Data such as resume for recruitment purposes.

h) Business Purpose – Personal Data provided by you through face-to-face meetings, email messages, telephone conversations, our websites or provided by third parties. If you contact us, we may keep a record of that contact. We collect this Personal Data when it is necessary for business purposes or to meet the purposes for which you have submitted the information.

5. How Long We Store Your Personal Data

Your personal information is stored either in hard copies in our office or stored electronically in our servers. Your Personal Data is only stored for as long as it is necessary, according to defined retention periods for the purposes for which it was collected, and for satisfying any legal, regulatory, accounting or reporting requirements and is properly destroyed as per our data storage and retention policy and the applicable laws and regulations, when the purpose of collecting it is fulfilled. This length of time may vary depending on individual circumstances; in the case the Personal Data is kept after the purpose of collection ceases to exist, all personally identifiable information will be destroyed.

We regularly review our data retention period to ensure we are not keeping your Personal Data for longer than necessary. Note that your Personal Data maybe retained after the purpose of the collection ceases to exist, only if retaining it is under legal basis, or if it is related to a case under consideration before a judicial authority and shall be destroyed post a specified period.

Further, we may retain Personal Data related to you if we believe it may be necessary to prevent fraud or future abuse, to enable us to exercise our legal rights and/or defend against legal claims or if required by law or for other legitimate purposes. We may continue to retain your Personal Data in anonymized form for analytical and research purposes.

6. Personal Data Protection and Disclosure

We take the protection of your Personal Data very seriously and will employ appropriate organizational and technical data protection and security measures and procedures – including internal audit, external audit, training of staff and contractors on privacy and reporting to our audit and data governance steering committees and regulatory authorities – to safeguard your Personal Data from any unauthorized disclosure or processing.

We always maintain the privacy and confidentiality of all Personal Data collected. Such Personal Data may only be disclosed or shared when approved and required by law, or when we believe that such action is necessary or desirable to provide products and services, or technical support and according to Why We Collect and Use Your Personal Data section.

We will not use any of your Personal Data for commercial purposes or share with any third party outside sirar or partner companies without your permission unless it is collected without identifiers on an aggregated basis for analytical purposes, studies, reports with adherence to Personal Data protection laws and regulations in the Kingdom of Saudi Arabia. You will be notified of other sources used in case additional Personal Data is indirectly collected from other entities.

We may transfer your Personal Data outside the Kingdom or disclose it to a party outside the Kingdom as per the Personal Data Protection Laws and its Implementing Regulations and in the following cases:

• If the transfer is related to performance of an obligation under an agreement, to which the Kingdom is a party.
• If the transfer serves the interests of the Kingdom.
• If the transfer is for the performance of an obligation to which the Data Subject is a party.

We shall transfer your Personal Data outside the Kingdom only if one of the following conditions apply as per the Personal Data Protection Law:

• Transfer based on adequacy decision by Competent Authority.
• Transfer based on appropriate safeguards..
• Transfer based on derogations as defined in Personal Data Protection Law and bylaws.

In conclusion, we will not disclose your Personal Data without your consent except under the following circumstances where the entity requesting disclosure is a public entity and in which case the Personal Data will be shared in strict accordance with the controls and procedures set out in the Personal Data Protection Law of the Kingdom of Saudi Arabia:

• for security purposes
• to implement another law
• to meet judicial requirements
• to protect public health or safety
• to protect the life or health of a particular individual(s)

7. Your Rights

As a data subject, you have the right to be informed about the purpose and type of Personal Data that we have about you, to access this Personal Data, to request its correction, destruction, to get a copy, and to withdraw your consent on processing your Personal Data. As part of our data privacy compliance, we shall make the rights below available to you depending on your relationship with us.
a) Right to be informed: The right to know how we process your Personal Data and the legal basis and purpose of collection.

b) Right to access: The right to access your Personal Data held by us.

c) Right to request access to Personal Data: The right to request obtaining your Personal Data held by us in a readable and clear format.

d) Right to request correction of Personal Data: The right to request correcting, completing, or updating your Personal Data held by us.

e) Right to request destruction of Personal Data: The right to request destruction of your Personal Data held by us when such Personal Data is no longer needed for the purpose of collection.

f) Right to withdraw consent: The right to withdraw your consent obtained for Processing your Personal Data.

We try to respond to all legitimate Data Subject Rights requests within 30 days as per the law. Occasionally, it may take us an additional 30 days to respond if your request is particularly complex or you have made several requests. In that case, we shall notify you and keep you updated.

We may refuse to act on request when it is repetitive, manifestly unfounded, or requires disproportionate efforts, in which case you will be notified of such reason.

For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact sirar’s Personal Data Protection Officer at: PDPO@sirar.com.sa

8. Links to other websites

Our website and mobile apps may contain links to third party sites, which may be subject to separate privacy policies. These sites are not under our control, and we are not responsible for their own privacy policies.

9. Privacy Information Specific to sirar by stc Website Usage of Cookies

As a part of our Personal Data collection process on our sites, the site may deposit “cookies” in your device. Cookies are small data files transferred to your device’s storage by a site, while using a web browser (upon your acceptance). They keep a record of your activities on the site, making your subsequent visits to the site more efficient.

sirar website uses cookies and similar technologies in a range of ways to improve your experience on our website, commonly including:

a) Keeping you signed in

b) Necessary for operation of the website

c) Understanding how you use our website.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. By continuing to use our services, you agree to our use of cookies. If you do not agree to our use of cookie, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies because of which you may lose some functionality on the site.

10. Changes to the Privacy Notice

We may modify this privacy notice occasionally to reflect our current privacy practices. When we make changes to this notice, we will revise the date. Any changes to the processing of Personal Data as described in this privacy notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.