Data privacy policy
1. Introduction
At SMASCO, we highly value our customers' privacy and are committed to protecting their personal data in accordance with the Personal Data Protection Law (PDPL) of Saudi Arabia and other relevant data protection regulations, under the oversight of the Saudi Data and Artificial Intelligence Authority (SADAIA). This policy outlines how personal data is collected, used, stored, and protected through our platform.
Data Collection
We collect personal data provided by you when using our online services, visiting our branches, or communicating with us through various channels. This data may include, but is not limited to:
Personal Information: Name, contact details, payment details, purchase history, and browsing behavior.
Purpose of Data Processing
Your personal data is processed for specific purposes, including:
Delivering requested products and services.
Improving our services and customer experience.
Communicating regarding your account or transactions.
Conducting market research and analysis.
Complying with legal obligations and enforcing terms and conditions.
Consent
We obtain your consent before processing any personal data for purposes requiring it under the PDPL. You have the right to withdraw your consent at any time.
Data Sharing and Disclosure
We do not share your personal data with third parties unless necessary to provide services, for legitimate purposes, or to comply with legal obligations. Appropriate safeguards are in place when data is shared.
Data Security
We implement technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
Your Rights
You have the following rights regarding your personal data:
Access and obtain a copy of your data.
Request correction of inaccurate data.
Request deletion of your data under certain conditions.
Object to the processing of your data.
Request data portability.
Restrict data processing under specific circumstances.
Object to processing for purposes like direct marketing.
To manage communication preferences and personal data, visit the communication and privacy options center in your account.
2. Definitions
Personal Data: Information related to an identified or identifiable individual.
Controller: SMASCO, responsible for determining the purposes and means of processing personal data.
Data Subject: Any individual whose personal data is processed.
Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
Data Protection Officer (DPO): The individual appointed by SMASCO to oversee compliance with the PDPL.
3. Scope
This policy applies to all users of SMASCO's websites and applications, including B2C and B2B consumers, suppliers, and job applicants accessing the platform.
4. Data Collection
We may collect the following types of personal data:
Customers (B2C & B2B):
Personal Details: Name, nationality, gender, date of birth, place of birth, religion, family information.
Identity Details: National ID, residency ID, passport number, driver�s license, visa, or other government-issued documents.
Employment Details: Job title, company name, industry.
Transaction Details: Payment information.
Usage Data: IP addresses, browser type, activity timestamps.
Preferences and Feedback: From surveys or inquiries.
Suppliers:
Business name, contact details, registration information.
Financial information and bank account details.
Job Applicants:
Full name, contact details (phone, email), nationality, gender, date of birth.
National ID/residency ID/passport number.
Employment history, educational background, qualifications, and references.
Legal Basis for Data Processing
The legal basis for processing personal data under PDPL includes:
Contract Execution: Processing related to transactions with customers and suppliers.
Legal Compliance: Meeting regulatory requirements.
Legitimate Interests: Improving website functionality and business operations without infringing on individuals' rights.
Consent: For processing specific information, such as newsletter subscriptions or job applications.
5. Mandatory or Optional Data Provision
Providing personal data is essential for creating and managing accounts, accessing services, and ensuring security. Failure to provide mandatory data (e.g., contact or identity details) may limit service access. Optional data (e.g., marketing preferences) is collected only with consent.
Third-Party Data Collection
To ensure transparency, we collect data from third parties only as permitted by law, treating such data with the same level of protection as directly provided information. Examples include:
Public Records: For identity verification.
Service Providers: To enhance offerings.
6. Purposes of Data Processing
Customers:
Managing accounts, orders, and inquiries.
Processing payments and transactions.
Delivering personalized content and marketing communications.
Suppliers:
Managing contractual relationships and payments.
Job Applicants:
Assessing applications and qualifications.
Communicating during the hiring process.
7. Data Retention
Data is retained only as long as necessary to fulfill the purposes it was collected for or as required by law. Once no longer needed, data is securely deleted or anonymized.
8. Automated Decision-Making
Our platform may use automated processes for service matching or recommendations based on predefined criteria such as user preferences and location. If automated decisions significantly affect you, you can request a human review where applicable.
9. Cookies and Tracking Technologies
Our website uses cookies to collect usage data and enhance user experience. By using our site, you agree to the use of cookies, which include:
Essential cookies for site functionality.
Analytical cookies to track user behavior.
Marketing cookies for personalized content and advertisements.
For further inquiries or to exercise your rights, please contact SMASCO's Data Protection Officer (DPO).