• Home
  • Privacy Notice 



  

  

    

      

        
Privacy Notice


 


The privacy of data subject’s (“you”, “your”) personal data is important to solutions by stc (“solutions”, “we”, “our”). This privacy notice is aimed at informing you of how and why your personal data will be used, and how long it will be retained for. It provides you with information pertaining to the collection and use of your personal data and your rights under the Personal Data Protection Law (M/19) 1443 H and General Principles of Personal Data Protection. This notice governs all relevant business lines of solutions by stc.


 


A.  solutions by stc


solutions by stc or solutions, is the Kingdom’s leading provider of IT solutions and have operated in Saudi Arabia for over 25 years providing innovative, integrated technology solutions to enterprises and Saudi society.

solutions provide Technologies to enhance your day-to-day operations and prepare you for the future.


 


B.  What Personal Data we Collect?


As a Technology service provider, solutions collects the following categories of personal data to provide various services and other related activities. As a part of our commitment, we will let you know if any of the information are optional.


Name and contact information: Your first and last name, email address, postal address, phone number, and other similar contact information.

Identifiers: Government-issued identifiers, such as driver’s license number, and other state-issued identification numbers, as well as other unique identifiers such as those associated with your device.

Demographic data: Data about you such as your age, gender, country, and preferred language.

Payment/financial data: Data required to process payments, such as your account number and associated banking data.

Commercial data: Data regarding products or services you have purchased or considered purchasing, or other purchasing or spending histories or tendencies.

Internet or other similar network activity: Data regarding your browsing history, search history, and data about how you interact with our websites, applications, advertisements, or emails.

Device data: Data about the devices you use to access our websites, applications, or advertisements, such as browser, operating system type, device ID, and IP address. Your IP address may be used to identify the general geographic location of your device.

Support data: Data you provide when you contact solutions for support, such as the content of your communications with solutions, and the products or services related to your inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.

Whistleblowing: Data such as name and email (if opted) you provide when you submit a whistleblowing form for raising complaint related to fraudulent financial reporting, misappropriation of assets, fraudulently obtained revenue and assets, conflict of interest, Employee misconduct etc.

C.  How we Collect your Personal Data?


We collect personal data directly from you in the following circumstances:


·       Online registration and subscribing products/services: We collect personal data when You register, subscribe and/ or use solutions’ Services, Websites, or Applications like MarketPlace.


Customer support: We collect personal data through our interactions with you, such as when you contact customer support (over call and/ or email).

Whistleblowing: We collect personal data through whistleblowing form.

Visiting our website: By entering data on the page titled “Contact Us”, we collect your name, email address and details of the inquiry to enable us to respond to a general/service inquiry made by you. If you wish to be contacted by telephone, we may also collect your work phone number.

Received from Business Partners:


In certain instances, we receive your personal data from external business partners and third-party sources rather than directly from you. We process this information primarily to fulfill our contractual obligations or where we have a legitimate interest in providing and improving our services. In all such cases, we ensure that any data shared with us is processed in strict accordance with the PDPL and only for the specified purposes for which it was collected or received. The specific scenarios in which we obtain data from business partners include:


Business partners: We collect personal data from banks/companies that offer financial products or services to consumers like Point-of-Sale terminal. This includes Name, Business and Personal Email Address and Phone Number.

Data received prior to/during fulfilment of contractual services: This may include for example your name, designation/job role, company you represent, telephone number and email address that you provide us with during the RFP stage, proposal discussions, contract negotiations and/or the duration of time for which you receive services from solutions.

Other Data we Collect:


There is other data we may collect that does not directly reveal your specific identity or does not directly relate to you as an individual. We may automatically collect the following data when you visit our website or utilize our services:

Your equipment, browsing actions and patterns collected automatically as you navigate through our websites.

Usage details, time of requests, browser types, operating system, IP addresses and data collected through cookies, web beacons and other tracking technologies.

Details of your visits to our website, including traffic data, location data, logs and other communication data and the resources that you access and use on the website.

The data we collect automatically is statistical data. It helps us to improve our website and to deliver a better and more personalized service by enabling us to:


Estimate our audience size and usage patterns.

Store data about your preferences, allowing us to customize our website according to your individual interests.

Speed up your searches and recognize you when you return to our website.

For more details, please read our website cookie policy.


 


D.    Purposes of Processing your Personal Data and the Legal Basis for Processing?


·       To provide, develop and improve solutions Products/Services: We use the personal data (such as IP address, webpages visited, cookies etc.,) we collect to perform essential business operation purposes pursuant to our legitimate business interests, for example to understand usage patterns when you visit our websites; and to develop, provide, improve, and personalize solutions services. We do not link this data to a particular customer but instead measure traffic patterns and other analytics to help us improve our customer experience and service offerings.


·       To let you know about significant changes to our products, terms, or privacy notice: We will let you know by email, SMS, push notification or when you log in to the site if there are significant changes to our products, their features, our terms, or our privacy notice.


·       To confirm your identity and authenticate the data you provide: As part of providing services to you we will confirm your identity and authenticate the data you provide for security purposes to provide you access to the services requested by you.


·       To respond to any queries made by you: We may collect and use your personal data to enable us to respond to queries or services requested by you.


·       To personalize the information that we send you: We may combine the data we receive and collect about you to better understand your interests and preferences so that we can provide you with an experience that is tailored to those interests and preferences. For example, sending you personalized offers, discounts or promotions by our application, or email (where you have agreed to receive our emails), or advertising content that is relevant to your interests. In the event you prefer not to receive such information, you may opt out by following the instruction provided Section – “How to opt out?”.


·       Reporting, analytics, and tracking: We will use your data we hold about you, your behavior on our websites and in our apps, IDs created when you use our services and how you respond to our emails to understand you and how you use our services. This analysis will be used to enable us to improve and promote our products and services, provide educational content, and to provide appropriate levels of support to our customers. No personal data will be publicly available as a result.


·       To improve data accuracy and completeness: Personal data you provide to us during registration, when you search for products or services in our Market Place to check for accuracy and completeness.


·       To enter, renew or fulfil service contracts: We collect and use personal data such as name, email ID, contact number and in certain cases passport/ government ID proof to facilitate the performance of the contract between solutions and the Organization you represent.


·       To facilitate email campaigns carried out by our sales and marketing departments: As part of our email campaigns, we track whenever you receive, open, click a link, or download any attachments from an e-mail you receive from solutions. We will carry out automated profiling of such data to evaluate your interest in our service offerings or promotions. This processing will enable us to identify and target potential customers or business partners, tailor our marketing and provide you with relevant and timely content based on your interests, in pursuit of our legitimate business interests. In the event you prefer not to receive such information, you may opt out by following the instruction provided in Section – “How to opt out?”.


·       To comply with legal requirements and exercise or defend legal claims: We may need to process and retain your personal data to comply with legal requirements to which we are subject (for example in relation to licensing, health, and safety). It is in our legitimate interests to process personal data for the purposes of exercising and defending legal claims. Processing personal data may also be necessary to ensure compliance with the relevant legal and regulatory obligations.


·       To process your payments and protect against fraudulent transactions: We may need to process your personal data to keep your payments safe and secure and protect against fraudulent transactions. It is in our legitimate interests to process personal data to keep your payments secure and to prevent fraud. We may also require your personal data to send payment reminders and legal intimations in case of overdue payments. Processing personal data in this way may also be necessary to ensure compliance with the relevant legal and regulatory obligations.


·       To comply with any opt-out or do not disturb requests we receive from you: We understand that you may not prefer for us to contact you with any offers, promotions or details of our products and services. In the event you opt-out, we may be required to maintain data such as name, email ID/contact number and the subscription(s) that you have opted out of to ensure compliance with your requests. Also, in the future, if you wish to hear from us, you may at any time, contact us to opt-in and we would be happy to keep you posted about our latest offers, promotions and/ or details of our products and services.


 


E.     How to opt out?


·       Email: You can click on the unsubscribe link provided in the email you receive from us.


SMS: you can follow the instruction provided in the messages you receive from us.

Applications: You may use the “opt out” option provided within the applications; and/or

Contact us: You may contact us using the details provided in Section – ‘Contact Us’.

F.      Who might we share this data with?


·       We may use carefully selected third parties  who support us in managing our business activities, maintaining service quality to perform services on our behalf or to assist us with the provision of services to you. For example, we may engage cloud or IOT service providers and other third parties to support cloud and IOT services, brand promotions, marketing, advertising, communications, to personalize and optimize our service, to analyze and enhance data (including data about users’ interactions with our services). This may also occur when we determine that such actions are necessary or beneficial for providing products, services, or technical support. While providing such services, these third parties may have access to your personal data. All such sharing is conducted in full compliance with the Personal Data Protection Law and Regulations, ensuring that your rights and interests are not impacted.


Where required or permitted by law, personal data may be provided to others, such as regulators and law enforcement agencies.

We may share with government or regulatory authorities upon request to comply with any court order, law, or legal process.

·       The personal data that we collect from you may be solely processed within the Kingdom. In the event your personal data is transferred outside the Kingdom, we will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy notice and applicable data privacy laws, including, where relevant, entering data privacy clauses with the party outside the Kingdom receiving the personal data.


·       Your personal data is not rented, sold, or exchanged with third parties for non-service-related purposes.


 


G.    How we secure your Personal Data?


Your personal data security is an important concern to us. We provide the utmost care in secure transmission of your personal data from your computer, smartphone, and other electronic devices to our servers. We use industry security standards to safeguard the confidentiality of your data (e.g. firewalls, Transport Security Layer (“TLS”) etc.) and to make sure that your personal data is secure with us. We have implemented and maintained appropriate technical and organizational security measures, policies, and procedures to protect your personal data from the accidental loss, unauthorized access, use, alteration, and disclosure. Solutions’ information security and privacy management systems are certified against ISO/IEC 27001 and ISO/IEC 27701 and apply across relevant business operations. All data you provide to us is stored on our secure servers behind firewalls. All payment transactions are encrypted using TLS technology. E.g.: Measures we take includes:


Placing confidentiality requirements on our staff and service providers.

Restriction of access to your personal data to employees and third parties strictly on a need-to-know basis, such as to respond to your enquiry or request.

Destroying or anonymizing personal data if it is no longer needed for the purposes for which it was collected; and

Using secure communication channels for transmitting personal data.

The safety and security of your data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website. For your own protection, you should exercise care with the data you share over the internet. You should always use a secure browser and exercise good judgment in using passwords, such as using a combination of upper, and lower-case letters, numbers, special characters, and you should avoid using the same or similar passwords across multiple sites.


 


H.    How long do we keep your data?


We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including the satisfaction of any legal, regulatory, tax, accounting, or reporting requirements. Once the applicable retention period has expired, we will securely delete or anonymize your personal data in accordance with our internal data destruction policies and applicable laws. All disposal, including backups, is performed using secure methods to ensure your information cannot be reconstructed or accessed by unauthorized parties.


 


For more information on where and how long your personal data is stored, and for more information on your rights, please contact us using the details provided in Section – ‘How do you contact us?’.


 


I.        What are your privacy rights?


In accordance with the PDPL, you are entitled to exercise the following rights regarding your personal data; we will process your request within the legally prescribed timeframe:


·       The Right to Be Informed: You have the right to be informed about the specific purpose and type of personal data that solutions have about you.


·       The Right to Access: You have the right to access and to obtain a copy of your personal data held by solutions in a clear and readable format, in accordance with the provisions of the PDPL.


·       The Right to Rectification: If you believe that data, we hold about you may not be up to date, accurate or complete, you may contact solutions for a correction of that data. We will make all the efforts to give you ways to update your personal data, although some changes require personal contact with solutions representative.


·       The Right to Erasure: You have the right to request solutions to erase your personal data which is no longer required for the purposes for which it was collected, unless there is a legal or regulatory requirement necessitating its preservation.


·       The Right to Restrict Processing of Data or the Right to Object: You have the right to object to our use of your personal data for direct marketing or where we rely on legitimate interests as a legal basis. Furthermore, you have the right to request restriction (temporarily pause) to the processing of your personal data if you contest its accuracy, believe the processing is unlawful, or require us to preserve it for legal claims. While restricted, we will only store your data and refrain from further processing until the matter is resolved or the restriction is lifted in accordance with the Personal Data Protection Law (PDPL).


·       The Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time. This includes the right to opt-out of marketing communications and promotional messages (you may also refer to section- How to opt out?).


 


These rights are not absolute and are subject to certain conditions including but not limited to that the requested right does not conflict with other laws or regulations. Furthermore, exercising certain rights may impact our ability to provide you with full access to some of our services.


You can exercise your rights through the following link: Solutions DSAR Web Form


 


J.       Right to Lodge a Complaint


If you believe that solutions by stc is processing your personal data in violation of the KSA Personal Data Protection Law (PDPL), you have the right to lodge a formal complaint. While we encourage you to contact our Data Protection Officer (DPO) at privacyoffice@solutions.com.sa to seek an internal resolution, you may at any time submit a complaint directly to the Saudi Data and Artificial Intelligence Authority (SDAIA), or any other competent authority. Complaints can be filed through the official SDAIA website, or any other platforms in accordance with the procedures and timelines established by the applicable regulations.


K. How do you contact us?


For any privacy-related inquiries, queries related to this notice, please contact our Data Protection Officer (DPO) at privacyoffice@solutions.com.sa. To exercise your privacy rights, please submit a request via our DSAR form.


privacyoffice@solutions.com.sa


 


L. Privacy notice of other websites.


This privacy notice governs the data practices of solutions’ websites and our own applications. For your convenience, our services may provide links to external websites. However, once you leave our platform, our privacy obligations no longer apply. Because we do not control third-party environments, we encourage you to read the privacy notices of any external site you visit to ensure your information remains protected.


 


M. If you fail to provide personal information.


Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide the personal data when requested, we may not be able to deliver the services you have requested or perform certain aspects of it or we may be prevented from complying with our legal or regulatory obligations.


 


N. Changes to this notice.


This Privacy Notice may be updated from time to time. The latest version will always be available on our website, with the ‘Last Updated’ date clearly indicated. By continuing to use our services after changes are posted, you acknowledge the terms of the revised notice.



                

          

  Home