• Home
  • Privacy Notice 



  

  

    

      

        
Privacy Notice

The privacy of data subject’s (“you”, “your”) personal data is important to solutions by stc

(“solutions”, “we”, “our”). This privacy notice is aimed at informing you of how and why your

personal data will be used, and how long it will be retained for. It provides you with

information pertaining to the collection and use of your personal data and your rights under

the Personal Data Protection Law (M/19) 1443 H and General Principles of Personal Data

Protection. This notice governs all relevant business lines of solutions by stc.


A. Solutions by stc

solutions by stc or solutions, is the Kingdom’s leading provider of IT solutions and have

operated in Saudi Arabia for over 25 years providing innovative, integrated technology

solutions to enterprises and Saudi society.

solutions provide Technologies to enhance your day-to-day operations and prepare you for

the future.


B. What Personal Data we Collect?


As a Technology service provider, solutions collects the following categories of personal

data to provide various services and other related activities. As a part of our commitment,

we will let you know if any of the information are optional.

• Name and contact information: Your first and last name, email address, postal

address, phone number, and other similar contact information.


• Identifiers: Government-issued identifiers, such as driver’s license number, and

other state-issued identification numbers, as well as other unique identifiers such

as those associated with your device.

• Demographic data: Data about you such as your age, gender, country, and

preferred language.

• Payment/financial data: Data required to process payments, such as your account

number and associated banking data.

• Commercial data: Data regarding products or services you have purchased or

considered purchasing, or other purchasing or spending histories or tendencies.

• Internet or other similar network activity: Data regarding your browsing history,

search history, and data about how you interact with our websites, applications,

advertisements, or emails.


• Device data: Data about the devices you use to access our websites, applications,

or advertisements, such as browser, operating system type, device ID, and IP

address. Your IP address may be used to identify the general geographic location of

your device.

• Support data: Data you provide when you contact solutions for support, such as

the content of your communications with solutions, and the products or services

related to your inquiry. When you contact us, such as for customer support, phone

conversations or chat sessions with our representatives may be monitored and

recorded.

• Whistleblowing: Data such as name and email (if opted) you provide when you

submit a whistleblowing form for raising complaint related to fraudulent financial

reporting, misappropriation of assets, fraudulently obtained revenue and assets,

conflict of interest, Employee misconduct etc.


C. How we Collect your Personal Data?


We collect personal data directly from you in the following circumstances:

• Online registration and subscribing products/services: We collect personal data

when You register, subscribe and/ or use solutions’ Services, Websites, or

Applications like MarketPlace.

• Customer support: We collect personal data through our interactions with you,

such as when you contact customer support (over call and/ or email).

• Whistleblowing: We collect personal data through whistleblowing form.

• Visiting our website: By entering data on the page titled “Contact Us”, we collect

your name, email address and details of the inquiry to enable us to respond to a

general/service inquiry made by you. If you wish to be contacted by telephone, we

may also collect your work phone number.


Received from Business Partners:


In certain instances, we receive your personal data from external business partners and

third-party sources rather than directly from you. We process this information primarily to

fulfill our contractual obligations or where we have a legitimate interest in providing and

improving our services. In all such cases, we ensure that any data shared with us is

processed in strict accordance with the PDPL and only for the specified purposes for which

Classified: General Business Use

it was collected or received. The specific scenarios in which we obtain data from business

partners include:

• Business partners. We collect personal data from banks/companies that offer

financial products or services to consumers like Point-of-Sale terminal. This

includes Name, Business and Personal Email Address and Phone Number.

• Data received prior to/during fulfilment of contractual services: This may include for

example your name, designation/job role, company you represent, telephone

number and email address that you provide us with during the RFP stage, proposal

discussions, contract negotiations and/or the duration of time for which you receive

services from solutions.

Other Data we Collect:

• There is other data we may collect that does not directly reveal your specific identity

or does not directly relate to you as an individual. We may automatically collect the

following data when you visit our website or utilize our services:

• Your equipment, browsing actions and patterns collected automatically as you

navigate through our websites.

• Usage details, time of requests, browser types, operating system, IP addresses and

data collected through cookies, web beacons and other tracking technologies.

• Details of your visits to our website, including traffic data, location data, logs and

other communication data and the resources that you access and use on the

website.

The data we collect automatically is statistical data. It helps us to improve our website and

to deliver a better and more personalized service by enabling us to:

• Estimate our audience size and usage patterns.

• Store data about your preferences, allowing us to customize our website according

to your individual interests.

• Speed up your searches and recognize you when you return to our website.

For more details, please read our website cookie policy.


D. Purposes of Processing your Personal Data and the Legal Basis for Processing?


• To provide, develop and improve solutions Products/Services: We use the

personal data (such as IP address, webpages visited, cookies etc.,) we collect to

perform essential business operation purposes pursuant to our legitimate business

interests, for example to understand usage patterns when you visit our websites;

and to develop, provide, improve, and personalize solutions services. We do not link

this data to a particular customer but instead measure traffic patterns and other

analytics to help us improve our customer experience and service offerings.

• To let you know about significant changes to our products, terms, or privacy

notice: We will let you know by email, SMS, push notification or when you log in to

the site if there are significant changes to our products, their features, our terms, or

our privacy notice.

• To confirm your identity and authenticate the data you provide: As part of

providing services to you we will confirm your identity and authenticate the data you

provide for security purposes to provide you access to the services requested by

you.

• To respond to any queries made by you: We may collect and use your personal

data to enable us to respond to queries or services requested by you.

• To personalize the information that we send you: We may combine the data we

receive and collect about you to better understand your interests and preferences

so that we can provide you with an experience that is tailored to those interests and

preferences. For example, sending you personalized offers, discounts or promotions

by our application, or email (where you have agreed to receive our emails), or

advertising content that is relevant to your interests. In the event you prefer not to

receive such information, you may opt out by following the instruction provided

Section – “How to opt out?”.


• Reporting, analytics, and tracking: We will use your data we hold about you, your

behavior on our websites and in our apps, IDs created when you use our services

and how you respond to our emails to understand you and how you use our

services. This analysis will be used to enable us to improve and promote our

products and services, provide educational content, and to provide appropriate

levels of support to our customers. No personal data will be publicly available as a

result.


• To improve data accuracy and completeness: Personal data you provide to us

during registration, when you search for products or services in our Market Place to

check for accuracy and completeness.

• To enter, renew or fulfil service contracts: We collect and use personal data such

as name, email ID, contact number and in certain cases passport/ government ID

proof to facilitate the performance of the contract between solutions and the

Organization you represent.

• To facilitate email campaigns carried out by our sales and marketing

departments: As part of our email campaigns, we track whenever you receive,

open, click a link, or download any attachments from an e-mail you receive from

solutions. We will carry out automated profiling of such data to evaluate your

interest in our service offerings or promotions. This processing will enable us to

identify and target potential customers or business partners, tailor our marketing

and provide you with relevant and timely content based on your interests, in pursuit

of our legitimate business interests. In the event you prefer not to receive such

information, you may opt out by following the instruction provided in Section – “How

to opt out?”.

• To comply with legal requirements and exercise or defend legal claims: We may

need to process and retain your personal data to comply with legal requirements to

which we are subject (for example in relation to licensing, health, and safety). It is in

our legitimate interests to process personal data for the purposes of exercising and

defending legal claims. Processing personal data may also be necessary to ensure

compliance with the relevant legal and regulatory obligations.

• To process your payments and protect against fraudulent transactions: We may

need to process your personal data to keep your payments safe and secure and

protect against fraudulent transactions. It is in our legitimate interests to process

personal data to keep your payments secure and to prevent fraud. We may also

require your personal data to send payment reminders and legal intimations in case

of overdue payments. Processing personal data in this way may also be necessary

to ensure compliance with the relevant legal and regulatory obligations.

• To comply with any opt-out or do not disturb requests we receive from you: We

understand that you may not prefer for us to contact you with any offers, promotions

or details of our products and services. In the event you opt-out, we may be required

to maintain data such as name, email ID/contact number and the subscription(s)

that you have opted out of to ensure compliance with your requests. Also, in the


future, if you wish to hear from us, you may at any time, contact us to opt-in and we

would be happy to keep you posted about our latest offers, promotions and/ or

details of our products and services.

E. How to opt out?

• Email: You can click on the unsubscribe link provided in the email you receive from

us.

• SMS: you can follow the instruction provided in the messages you receive from us.

• Applications: You may use the “opt out” option provided within the applications;

and/or

• Contact us: You may contact us using the details provided in Section – ‘Contact Us’.

F. Who might we share this data with?

• We may use carefully selected third parties who support us in managing our

business activities, maintaining service quality to perform services on our behalf or

to assist us with the provision of services to you. For example, we may engage cloud

or IOT service providers and other third parties to support cloud and IOT services,

brand promotions, marketing, advertising, communications, to personalize and

optimize our service, to analyze and enhance data (including data about users’

interactions with our services). This may also occur when we determine that such

actions are necessary or beneficial for providing products, services, or technical

support. While providing such services, these third parties may have access to your

personal data. All such sharing is conducted in full compliance with the Personal

Data Protection Law and Regulations, ensuring that your rights and interests are not

impacted.

• Where required or permitted by law, personal data may be provided to others, such

as regulators and law enforcement agencies.

• We may share with government or regulatory authorities upon request to comply

with any court order, law, or legal process.

• The personal data that we collect from you may be solely processed within the

Kingdom. In the event your personal data is transferred outside the Kingdom, we will

take all steps that are reasonably necessary to ensure that your personal data is

treated securely and in accordance with this privacy notice and applicable data


privacy laws, including, where relevant, entering data privacy clauses with the party

outside the Kingdom receiving the personal data.

• Your personal data is not rented, sold, or exchanged with third parties for nonservice-related purposes.


G. How we secure your Personal Data?


Your personal data security is an important concern to us. We provide the utmost care in

secure transmission of your personal data from your computer, smartphone, and other

electronic devices to our servers. We use industry security standards to safeguard the

confidentiality of your data (e.g. firewalls, Transport Security Layer (“TLS”) etc.) and to

make sure that your personal data is secure with us. We have implemented and maintained

appropriate technical and organizational security measures, policies, and procedures to

protect your personal data from the accidental loss, unauthorized access, use, alteration,

and disclosure. Solutions’ information security and privacy management systems are

certified against ISO/IEC 27001 and ISO/IEC 27701 and apply across relevant business

operations. All data you provide to us is stored on our secure servers behind firewalls. All

payment transactions are encrypted using TLS technology. E.g.: Measures we take

includes:


• Placing confidentiality requirements on our staff and service providers.

• Restriction of access to your personal data to employees and third parties strictly on

a need-to-know basis, such as to respond to your enquiry or request.

• Destroying or anonymizing personal data if it is no longer needed for the purposes

for which it was collected; and

• Using secure communication channels for transmitting personal data.

The safety and security of your data also depends on you. Where we have given you (or

where you have chosen) a password for access to certain parts of our website, you are

responsible for keeping this password confidential. We ask you not to share your password

with anyone.

Unfortunately, the transmission of data via the internet is not completely secure. Although

we do our best to protect your personal data, we cannot guarantee the security of your

personal data transmitted to our website. Any transmission of personal data is at your own

risk. We are not responsible for circumvention of any privacy settings or security measures

contained on the Website. For your own protection, you should exercise care with the data


you share over the internet. You should always use a secure browser and exercise good

judgment in using passwords, such as using a combination of upper, and lower-case

letters, numbers, special characters, and you should avoid using the same or similar

passwords across multiple sites.

H. How long do we keep data about you?

We retain your personal data only for as long as necessary to fulfill the purposes for which

it was collected, including the satisfaction of any legal, regulatory, tax, accounting, or

reporting requirements. Once the applicable retention period has expired, we will securely

delete or anonymize your personal data in accordance with our internal data destruction

policies and applicable laws. All disposal, including backups, is performed using secure

methods to ensure your information cannot be reconstructed or accessed by unauthorized

parties.


For more information on where and how long your personal data is stored, and for more

information on your rights, please contact us using the details provided in Section – ‘How

do you contact us?’.

I. What are your privacy rights?

In accordance with the PDPL, you are entitled to exercise the following rights regarding your

personal data; we will process your request within the legally prescribed timeframe:

• The Right to Be Informed: You have the right to be informed about the specific

purpose and type of personal data that solutions have about you.

• The Right to Access: You have the right to access and to obtain a copy of your

personal data held by solutions in a clear and readable format, in accordance with

the provisions of the PDPL.


• The Right to Rectification: If you believe that data, we hold about you may not be

up to date, accurate or complete, you may contact solutions for a correction of that

data. We will make all the efforts to give you ways to update your personal data,

although some changes require personal contact with solutions representative.

• The Right to Erasure: You have the right to request solutions to erase your personal

data which is no longer required for the purposes for which it was collected, unless

there is a legal or regulatory requirement necessitating its preservation.


• The Right to Restrict Processing of Data or the Right to Object: You have the right

to object to our use of your personal data for direct marketing or where we rely on

legitimate interests as a legal basis. Furthermore, you have the right to request

restriction (temporarily pause) to the processing of your personal data if you contest

its accuracy, believe the processing is unlawful, or require us to preserve it for legal

claims. While restricted, we will only store your data and refrain from further

processing until the matter is resolved or the restriction is lifted in accordance with

the Personal Data Protection Law (PDPL).

• The Right to Withdraw Consent: Where our processing is based on your consent,

you have the right to withdraw that consent at any time. This includes the right to

opt-out of marketing communications and promotional messages (you may also

refer to section- How to opt out?).


These rights are not absolute and are subject to certain conditions including but not limited

to that the requested right does not conflict with other laws or regulations. Furthermore,

exercising certain rights may impact our ability to provide you with full access to some of

our services.


You can exercise your rights through the following link: Solutions DSAR Web Form


 


J. Right to Lodge a Complaint


If you believe that solutions by stc is processing your personal data in violation of the KSA

Personal Data Protection Law (PDPL), you have the right to lodge a formal complaint. While

we encourage you to contact our Data Protection Officer (DPO) at

privacyoffice@solutions.com.sa to seek an internal resolution, you may at any time submit

a complaint directly to the Saudi Data and Artificial Intelligence Authority (SDAIA), or any

other competent authority. Complaints can be filed through the official SDAIA website, or

any other platforms in accordance with the procedures and timelines established by the

applicable regulations.


K. How do you contact us?


For any privacy-related inquiries, queries related to this notice, please contact our Data

Protection Officer (DPO) at privacyoffice@solutions.com.sa. To exercise your privacy rights,

please submit a request via our DSAR form.


privacyoffice@solutions.com.sa

L. Privacy notice of other websites.

This privacy notice governs the data practices of solutions’ websites and our own

applications. For your convenience, our services may provide links to external websites.

However, once you leave our platform, our privacy obligations no longer apply. Because we

do not control third-party environments, we encourage you to read the privacy notices of

any external site you visit to ensure your information remains protected.

M. If you fail to provide personal information.

Where we need to collect personal data by law or under the terms of a contract we have

with you and you fail to provide the personal data when requested, we may not be able to

deliver the services you have requested or perform certain aspects of it or we may be

prevented from complying with our legal or regulatory obligations.


N. Changes to this notice.


This Privacy Notice may be updated from time to time. The latest version will always be

available on our website, with the ‘Last Updated’ date clearly indicated. By continuing to

use our services after changes are posted, you acknowledge the terms of the revised

notice.



                

          

  Home