Privacy Notice
Last updated: [11 July 2024]
HALAPRIVACY L.L.C. FZ (“HalaPrivacy,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice (“Notice”) explains how we collect, use, disclose, and safeguard your personal data when you visit our website or engage with our services. We adhere to the Kingdom of Saudi Arabia’s Personal Data Protection Law, enacted by Royal Decree No. (M/19) on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
If you have questions about this Notice or our privacy practices, please contact us at athif@halaprivacy.com.
1. Purpose of this Privacy Notice
This Privacy Notice informs you how HalaPrivacy, as the controller of your personal data, manages, protects, and processes your personal data. It applies to all personal data collected via our website, through business interactions, or by other means for our IT services and consulting solutions. We aim to maintain transparency regarding the personal data we handle, the purposes for which we handle it, and the measures we take to safeguard your rights.
2. Who is the Controller of your Personal Data?
HalaPrivacy L.L.C. FZ is the data controller responsible for determining the purposes and means of processing your personal data. If you have questions about our role or if you would like further clarification on our data protection practices, you can contact us at the email address provided above.
3. What Personal Data Do We Collect?
The personal data we collect depends on how you interact with us, the nature of our relationship, and the Services you use or request.
3.1 Information You Provide to Us
Contact and Account Information
We may collect your first and last name, email address, billing address, phone number, job title, company name, or any information you provide through forms on our website or via telephone or email.
Financial Information
For payment or billing purposes, we may collect bank account details and payment history.
Professional or Employment-Related Information
If you are an employee of one of our customers or vendors, we may collect details such as your job title, role, and contact information.
Social Media Information
If you interact with us via social media platforms (e.g., LinkedIn), we may collect usernames, posted content, and related public data made available on those platforms.
Other Information
Any additional information you voluntarily share with us—such as survey responses, feedback, or details provided during events or communications—may also be collected.
3.2 Information Collected Automatically
When you visit our website or use our Services, we (and our service providers) may automatically collect certain data using cookies, web beacons, log files, and other tracking technologies.
Device and Network Information
This may include IP addresses, device identifiers, browser types, operating systems, and mobile network information.
Usage Information
We track details such as pages viewed, time and date of visits, duration of sessions, referral URLs, and interactions with our ads or email communications.
Location Information
We may collect approximate location data derived from your IP address or other geolocation data that you choose to share with us.
3.3 Information from Third Parties
We also obtain personal data from other sources:
- References or Business Partners: If someone refers you to our Services or collaborates with us on events or projects.
- Social Media Platforms: Publicly available information or data shared with us based on the platform’s privacy settings.
- Public Sources: Publicly accessible databases, professional social networks, or government and regulatory authorities, where permissible by law.
- Marketing and Analytics Providers: Insights on traffic and usage patterns from third-party analytics tools.
4. How Do We Use Your Personal Data?
We collect and process personal data for specific, lawful purposes, which may vary depending on the nature of our relationship with you and the services we provide. The key purposes include:
Service Delivery and Project Management
We use personal data to deliver our IT consulting solutions, manage project milestones, fulfill client requirements, and set up and manage accounts where applicable.
Payment and Billing
We process invoices, collect payments, handle billing-related inquiries, and maintain transaction records for auditing and financial reporting.
Communication
We respond to inquiries, support requests, and feedback. We also send updates about our services, promotions, or events when permitted by law or with your consent.
Marketing and Advertising
We provide communications regarding our services, industry updates, and special offers. We may also tailor advertising and marketing campaigns to your interests, subject to your preferences and any relevant tracking opt-outs.
Site and Service Improvement
We analyze, maintain, and enhance our website and services to optimize your user experience. This includes personalization based on browsing history and stated preferences.
Security and Fraud Prevention
We detect, investigate, and prevent fraudulent transactions, misuse of our services, and other illegal activities. We verify identities and protect our IT infrastructure using monitoring and security measures.
Legal Compliance and Obligations
We comply with all applicable laws, regulations, and enforceable governmental requests, enforce our terms and policies, and protect our legal rights.
With Your Consent
We may process your personal data for additional purposes that you explicitly authorize, such as receiving certain marketing communications or participating in promotional activities.
5. Legal Bases for Processing your Data
We rely on one or more of the following legal bases under the KSA PDPL (and other applicable laws) to process your personal data:
Consent
We process your personal data where you have provided explicit consent for activities not directly related to contract performance or legal obligations. For example, we may send you marketing communications if you have opted in to receive them. You can withdraw consent at any time.
Contractual Necessity
We process personal data when it is required for the performance of a contract, or to take steps at your request before entering into a contract. This includes delivering services, managing accounts, and handling inquiries related to your contractual relationship with us.
Legal Obligation
We may process personal data to comply with legal or regulatory requirements, including those related to labor, tax, and corporate laws. This can involve maintaining records for administrative purposes or responding to enforceable governmental requests.
Legitimate Interests
We rely on legitimate business interests when they do not override your rights and freedoms. Examples include ensuring network and information security, conducting marketing activities, analyzing service performance, and preventing or investigating fraud.
6. How do we protect your Personal Data?
We implement robust technical and organizational measures to safeguard your personal data:
- Encryption for secure storage and transmission of data.
- Access Controls to ensure only authorized personnel can access personal data.
- Infrastructure Security measures such as firewalls, intrusion detection systems, and routine vulnerability assessments.
- Employee Training programs focused on privacy, security awareness, and best practices.
7. Who do we share your Data with?
We share your personal data only where necessary to achieve legitimate business or legal objectives. We do not sell or rent your personal data for monetary gain. Below are common scenarios where data may be shared:
Service Providers
We engage third-party vendors for tasks like payment processing, analytics, hosting, or marketing support. These providers access only the personal data needed to perform their functions and must comply with our data protection standards.
Business Partners and Affiliates
We collaborate with partners and affiliates who assist in delivering our Services or supporting marketing and events. Data sharing is limited to what is necessary for these collaborations, governed by appropriate contractual safeguards.
Professional Advisors
Personal data may be disclosed to lawyers, accountants, auditors, or other professional advisors when needed for the services they provide (e.g., legal counsel, financial audits).
Government Authorities or Law Enforcement
We share data if required by law, to comply with legal processes, to enforce our agreements, or to protect our rights.
Corporate Transactions
In connection with potential or actual sales, mergers, acquisitions, or restructurings, personal data may be transferred as part of the transaction. We take steps to maintain confidentiality and protect data throughout such processes.
Safeguards for Data Sharing with Third Parties
All third parties receiving personal data on our behalf must adhere to confidentiality and data protection standards equivalent to ours. We perform due diligence when selecting these entities and may enter into Data Processing Agreements (DPAs) that restrict their use of data to what is necessary for their functions.
International Transfers
While HalaPrivacy primarily operates in the Kingdom of Saudi Arabia (KSA), we may occasionally transfer personal data to service providers or affiliates located outside the KSA for operational or technical reasons. We only transfer personal data to countries recognized by the Saudi Data and Artificial Intelligence Authority (SDAIA) as having adequate data protection laws. Where such recognition does not exist, we conduct Transfer Impact Assessments (TIAs) and use appropriate contractual mechanisms—such as Standard Contractual Clauses (SCCs)—to ensure compliance with the KSA PDPL and applicable regulations.
8. How Long Will Your Personal Data Be Retained?
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting obligations. The precise duration may vary based on factors such as:
- Operational Necessity: We keep data for as long as required to deliver Services effectively and manage day-to-day operations.
- Legal Compliance: Certain records must be maintained for specific time frames under various laws or regulatory guidelines.
- Marketing and Communications: Data used for marketing purposes is retained until you opt out, after which it is securely deleted or anonymized.
Once the relevant retention period ends, we either securely delete or anonymize the personal data to ensure it cannot be linked back to you.
9. How do we use Cookies?
We use cookies on our website to enhance your experience, maintain functionality, and improve our services.
Essential Cookies
These cookies are necessary for the basic functioning of our site. They may store consent preferences and help ensure compliance with data protection regulations.
Performance Cookies
These cookies track site usage and performance, helping us understand how visitors interact with our website so we can make improvements and optimize the user experience.
Controlling Cookies
- Browser Settings: You can typically refuse or delete cookies through your browser settings. Disabling cookies may affect website functionality.
- Consent Management: On your first visit, you are prompted to accept or reject non-essential cookies. You can modify your preferences at any time via our cookie settings interface.
10. What are your Rights regarding your Personal Data?
Under the KSA PDPL, you have various rights concerning the processing of your personal data:
- Right to be Informed: You can learn about how and why we collect, process, store, and disclose your data.
- Right to Access: You can request to see the personal data we hold about you.
- Right to Request Access (Formal Copy): You may request a formal copy of your personal data in a clear, readable format.
- Right to Correct: You can ask us to update or rectify inaccurate, incomplete, or outdated personal data.
- Right to Request Destruction: If the data is no longer needed, you may request its deletion or destruction, subject to legal or regulatory requirements.
- Right to Withdraw Consent: If processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of prior processing.
- Right to File a Complaint: If you believe we have violated the PDPL, you can file a complaint with us and, if unsatisfied, escalate it to the Saudi Data & Artificial Intelligence Authority (SDAIA).
- Right to Claim Compensation: You may seek compensation for material or moral damages resulting from violations of the PDPL or its implementing regulations.
Exercising Your Rights
To exercise any of these rights, contact us at athif@halaprivacy.com. We may need to verify your identity before processing your request. Generally, we respond within 30 days, and we do not charge fees for fulfilling valid requests related to your personal data.
11. What if you have questions or want further information?
For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Cyber Security and Data Privacy Department at HalaPrivacy using the below-mentioned contact details.
12. Complaint or Objection Filing Method
If you have concerns or believe we have not complied with the PDPL, you may file a complaint by contacting us at:
Email: athif@halaprivacy.com
If you are unsatisfied with our response or if we fail to respond within 30 days, you can escalate your complaint to the Competent Authority, the Saudi Data & Artificial Intelligence Authority (SDAIA):
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
13. Changes in Privacy Notice
HalaPrivacy reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, legal requirements, or business operations. When we make changes, we will revise the “Effective Date” at the top of this Notice. We encourage you to review this Notice periodically to stay informed about how we protect your personal data.
