DOZEN solutions

Privacy Policy

1. Introduction

At DOZEN Solutions, we are committed to protecting your personal data in compliance with the Saudi Personal Data Protection Law (PDPL) and the regulations issued by SDAIA, the National Data Management Office (NDMO), and the National Data Management Center.

2. Scope & Definitions

  • Personal Data: Any information that can identify an individual directly or indirectly.
  • Controller: DOZEN Solutions determines how and why personal data is processed
  • Processing: Any handling of data—collection, storage, use, sharing, or deletion.

3. Data We Collect

We collect your data in two ways:

  • Directly: Name, email, phone number, job title, company name, nationality (via contact forms or direct communication).
  • Indirectly: Analytics and cookies from your use of our website.

4. Legal Basis & Consent

We process personal data based on:

  • Your explicit consent
  • Performance of a contract
  • Compliance with legal obligations You can withdraw your consent at any time without affecting previous lawful processing.

5. Purpose of Use

We use your data to:

  • Respond to service inquiries
  • Deliver consulting services
  • Improve user experience
  • Send optional marketing updates (only with your consent)
  • Comply with legal and regulatory requirements

6. Data Retention

We retain your personal data only for as long as necessary for the purposes described. Retention periods are aligned with PDPL guidelines—usually no more than five years unless legally required otherwise.

7. Data Protection & Security

We implement appropriate technical and organizational security measures to safeguard your personal data against loss, misuse, or unauthorized access, following Saudi cybersecurity and data protection standards.

8. Cross-Border Data Transfers

If your data is transferred outside the Kingdom of Saudi Arabia:

  • We ensure the destination country has adequate protection, OR
  • We apply SDAIA-approved safeguards, such as contractual clauses or intra-group data agreements.

9. Third-Party Data Processors

We may work with authorized service providers (data processors) to deliver our services. All third parties are contractually bound to protect your data and process it only under our instructions

10. Your Rights under PDPL

You have the following rights under Saudi Arabia’s PDPL:

  • Access: Request a copy of your personal data
  • Correction: Fix inaccurate or incomplete data
  • Erasure: Request deletion where appropriate
  • Withdraw Consent: At any time, without affecting previous processing
  • Object to Processing: Especially for marketing or profiling

11. Data Breach Notification

In the event of a data breach:

  • We will notify SDAIA or the National Data Management Center within 72 hours, and
  • We will notify affected individuals promptly, if there is a material risk.

12. Contact Us – Data Protection Officer

For inquiries, concerns, or to exercise your data rights, contact our Data Protection Officer:

13. Regulatory Complaints

If you are unsatisfied with our response, you may escalate your concern to the Saudi Data & Artificial Intelligence Authority (SDAIA) or the National Data Management Center through official channels.

14. Policy Updates

We review and update this policy regularly to maintain compliance with PDPL and national regulations. Any changes will be posted on this page with a new effective date.

Last Updated: 17 September 2024

© Copyrights 2023. All Rights Reserved. | Privacy Policy | T&C's | Powered by Dozen Solutions