Website Privacy Policy
Saudi Manpower Solutions Company (SMASCO) is a registered entity under the Saudi Ministry of Commerce and holds trademarks in line with regulatory requirements. SMASCO specializes in providing comprehensive workforce solutions across various sectors, including domestic labour, corporate staffing, and project-based manpower services. The company operates under the licensing and oversight of the Ministry of Human Resources and Social Development.
SMASCOs core tasks include recruitment, mobilization, training, and management of local and international manpower. It offers services to both individual customers and corporate clients. Its target group spans households, small and medium enterprises, and large-scale organizations operating within the Kingdom of Saudi Arabia.
License or Commercial Register: 1010331000
The Privacy Policy was last updated on 15/07/2025.
This Privacy Policy is issued by Saudi Manpower Solutions Company (SMASCO), the Controller of personal data processing activities.
Contact Information:
If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of your rights under the Personal Data Protection Law, you may contact our Personal Data Protection Officer (DPO) at:
The DPO is available to provide further information about how your personal data is handled and to assist with any related inquiries.
Raha collects personal data either directly from the Data Subject or indirectly through system usage. The categories of data collected include:
|
Category |
Description |
Source |
Mandatory/Optional |
|
Customer Data |
Name, mobile number, email address |
Provided directly by user during account creation |
Mandatory |
|
Worker Data |
Name, ID number, availability, shift and booking history |
Collected internally and through operational systems |
Mandatory |
|
Operational Data |
Trip schedules, booking statuses, and resource assignment |
Generated through usage of the platform |
Mandatory |
|
System Data |
Login records, feedback, booking timestamps, and approximate location |
Collected through application logs and monitoring tools |
Mandatory |
|
Location Data |
Approximate location during booking and service execution |
System-generated via device/location permissions |
Optional (depending on user/device settings) |
|
Payment Data |
Card number, Card owner holder number, expiration date , security code (cvc) or (cvv ) |
Provided by user during checkout |
Mandatory |
|
Third-Party Data |
No data is collected from third parties unless legally required or with user consent |
N/A |
N/A |
Raha collects personal data through the following methods:
|
Method |
Type of Data Collected |
Collection Type |
|
Account registration form (e-form) |
Name, mobile number, email address |
Direct |
|
Booking and service workflows |
Trip schedules, resource assignment, booking statuses |
Direct |
|
Worker onboarding and management |
Worker name, ID number, availability, shift and booking history |
Direct |
|
System-generated logs |
Login activity, feedback, timestamps, approximate location |
Indirect |
|
Device-based location detection |
Approximate location during service use |
Indirect |
The processing of personal data is conducted on one or more of the following legal bases as defined under the PDPL:
Raha does not rely on publicly available sources, nor does it collect personally identifiable data unless directly required for service provision. Any analytics conducted on anonymized data is performed in compliance with Article (9) of the PDPL Implementing Regulation.
Raha ensures that the personal data collected is:
Consent is only requested when necessary. Consent is never used as a precondition for accessing basic services unless the data is essential to deliver that service.
Raha processes personal data to support its core domestic labour services through structured and secure data handling across each stage of the data lifecycle: collection, storage, usage, sharing, and destruction. The following table outlines the processing objectives and operations at each stage:
|
Lifecycle Stage |
General Objective |
Specific Operations |
Data Involved |
|
Collection |
Enable service delivery |
- User registration - Booking requests - Worker onboarding |
Account data, worker data, operational data |
|
Storage |
Secure data retention for operations and compliance |
- Storing customer data within the bounds of the Kingdom with RBAC and encryption - Worker and trip records in secured databases |
All collected data |
|
Usage |
Provide services and improve quality |
- Booking and scheduling - Customer notifications - KPI reporting - Feedback review |
Operational data, system data |
|
Sharing |
Legal and customer-authorized data sharing |
- Sharing data only with regulatory authorities if required by law - No third-party sharing without explicit consent |
Customer and worker data |
|
Destruction |
Compliant data disposal |
- Data deletion after defined retention periods. - Secure deletion methods |
All data categories, depending on retention rules |
All processing activities are carried out under strict access controls, operational monitoring, and based on legitimate, contractual, or legal bases as outlined previously.
Raha does not disclose personal data to any external parties outside the Kingdom of Saudi Arabia. All data processing and storage are performed on infrastructure located within the Kingdom.
Disclosure Inside the Kingdom:
Personal data may be disclosed to the following entities within Saudi Arabia, but only when legally required or with explicit consent from you:
|
Entity |
Description |
Purpose of Disclosure |
Disclosure Frequency |
|
Governmental Authorities |
Regulatory or judicial bodies (e.g., Ministry of Human Resources, tax authorities) |
Legal compliance and audit obligations |
Occasional (as required) |
Raha does not engage in third-party data sharing for marketing, advertising, or profiling purposes.
The company ensures that any disclosure complies with applicable PDPL requirements, and all disclosures are logged and subject to access control.
Under the Saudi Personal Data Protection Law (PDPL), Data Subjects using the Raha platform are entitled to the following rights concerning their personal data:
|
Right |
Description |
|
Right to Be Informed |
You have the right to be informed of the legal basis, purpose, and method of collecting your personal data. Raha commits to processing your data only for the purposes described in this Privacy Policy. |
|
Right to Access |
You may request access to your personal data held by Raha. Where technically feasible, you can request a copy of your data using one of the contact methods mentioned in this Privacy Policy. |
|
Right to Receive Data |
Upon request, you can receive a copy of your personal data in a readable, structured, and commonly used format, or as a printed hard copy if needed. |
|
Right to Rectify |
You can request correction, completion, or updating of inaccurate or outdated personal data. |
|
Right to Erasure |
You may request deletion of your personal data if it is no longer necessary for the purposes for which it was collected, unless retention is legally required. |
|
Right to Withdraw Consent |
Where your data is processed based on consent, you may withdraw that consent at any time. Withdrawal will not affect any prior lawful processing. |
|
Right to Lodge a Complaint |
If you believe your rights under the PDPL have been violated, you have the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA). |
Exercising Your Rights
To exercise any of the above rights, you may contact us via one of the following communication channels:
Raha will acknowledge your request within 5 business days and will respond within a maximum of 30 calendar days, unless a legal obligation or complexity requires an extension.
In the event where an extension is needed, Rahas team will contact you to inform you of the delay and the reasons why the extension is needed.
Raha is committed to upholding your rights under the Saudi Personal Data Protection Law (PDPL). If you believe that your rights have not been respected, for example, if you were unable to exercise your rights within the legally required period or if you object to the processing of your personal data, you have the right to file a formal complaint.
How to File a Complaint or Objection
You can submit your complaint or objection through one of the following channels:
Responsible Department
All complaints are received and processed by SMASCOs Data Protection Office.
Complaint Handling Timeline
If you are not satisfied with the resolution provided by SMASCO, you may escalate your complaint to the Competent Authority:
Raha is committed to ensuring transparency in how personal data is collected and processed. To that end, this Privacy Policy is:
Notification and Awareness
Raha uses the following channels to notify users about this Privacy Policy and any updates:
Policy Review and Updates
This Privacy Policy is reviewed periodically by SMASCOs Data Protection Office to ensure alignment with:
All updates are documented in a version control log, and the effective date of the latest version is 15/07/2025.