Privacy Policy

Terminology and its significance:

In order to properly understand this policy and apply its provisions, the terms contained herein shall be construed in accordance with the indications set out below, unless the context otherwise requires, consistent with the definitions adopted in the Personal Data Protection Regulation and its implementing regulations.

 

System: The Law on the Protection of Personal Data, issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and its amendments issued by Royal Decree No. (M/148) dated 05/09/1444 AH, and all subsequent relevant regulations and executive decisions.

 

Working Environment: Is the place of performance of the work in accordance with the regulations and regulations.

C

Personal DataAny statement, whatever its origin or form, that leads to the individual's specific knowledge or makes it possible to identify him directly or indirectly, including: name, personal identification number, addresses, contact numbers, license numbers, records, personal property, bank account and credit card numbers, photographs of the individual fixed or moving, and other personal data..

Owner of personal data: The individual to whom the protected personal data relates.

Processing: Any processing of personal data by any means, manual or automated, including: collection, recording, archiving, indexing, arrangement, coordination, storage, modification, updating, consolidation, retrieval, use, disclosure, transfer, publication, data sharing or interconnection, blocking, scanning, destruction.

Control:It is the entity that determines, individually or in association with others, the purpose of the processing of personal data and the manner in which it is processed.

Combination: Access to personal data by the controller in accordance with the provisions of the system, whether directly from the owner or his representative or his legal jurisdiction or from another party.

 

Disclosure: Enable any person, other than the controller or the processor as the case may be, to obtain, use or access personal data by any means and for any purpose

Destruction: Any action taken on personal data that makes it inaccessible or unrecoverable Again or know its owner specifically.

 

Entity: Thiqatik Advocates & Legal Consultants Company – Commercial Registration No. (٢٢966) – Unified Number (٧٠966) – Address (Al Ahsa).

Policy Introduction:

"This policy has been prepared as a systematic and ethical obligation of the entity to protect individuals’ data and personal information collected or processed within the scope of its activities. This policy aims to ensure full compliance with the regulatory requirements and legislation in force in the Kingdom. Saudi Arabia, with a focus on enhancing trust and transparency in all transactions. It also seeks to put in place effective measures to protect personal information from any breach or misuse that may affect the privacy of individuals or affect the entity’s reputation and stability, in support of Saudi Arabia’s efforts to promote digital trust and safeguard the rights of individuals in the digital age, in accordance with the relevant regulations and decisions."

  • Adhere to best practices and standards adopted to maintain the confidentiality and security of personal data.
  • Prevent any misuse or unlawful processing of personal data.
  • Ensure full compliance with the regulations and legislation related to the protection of personal data in the Kingdom of Saudi Arabia.
  • Develop and implement effective procedures to ensure that the privacy of individuals is protected and their personal data is protected from any threats or risks.

Transparency: Identify the purposes for which personal data is processed in a clear, explicit and specific manner.
Privacy: Establish approved internal controls to limit access to or use of personal data for non-authorized purposes.
Limiting data collection: limiting the minimum amount of personal data necessary to achieve legitimate purposes.
Data Security: Protect personal data from any leakage, damage, loss, misappropriation or misuse.
Responsibility: Identifying responsibilities within the entity to ensure compliance with the policy, and disseminating them to all parties involved, with accountability for any violation.
Choice and Consent: Enabling the holder of personal data to have all possible options and obtain his/her prior consent regarding the collection, use or disclosure of his/her data.
Processing: Restrict the processing of personal data only for specified and authorized purposes, and retain it for as long as necessary for those purposes or as required by relevant regulations and policies, while disposing of it in a secure manner that prevents any leakage or misuse.
Access to data: Enable the owner of personal data to review, update and correct his data through specific and clear means.
Data Quality: Ensure that personal data is accurate, complete and linked to the specified purposes, updated periodically when needed.
Monitoring and compliance: Monitoring compliance with privacy policies and procedures, and dealing with inquiries, complaints and disputes in accordance with clear regulatory frameworks.

Rights and duties:

Science: This includes taking note of the statutory justification for the collection of his personal data and the purpose for which it was collected.

AccessThe right of access to the personal data available to the controller, in accordance with the regulations and procedures, and without prejudice to the provisions of Article 9 of the Law..
Get: Enable the data owner to obtain a copy of his personal data available at the control, in accordance with the regulations and procedures.


CorrectionEnable the data owner to request correction, updating or updating of his personal data to ensure accuracy and completeness.

Right to request correction, completion or updating of personal data available at the controller.
Destruction. : The right of the controller to destroy personal data after the end of the purpose of collection without delay. However, it may retain such data after the end of the purpose of collection if all that leads to the specific knowledge of the owner in accordance with the regulations, without prejudice to the provisions of Article (18) of the Law..

Prohibited behaviors:

The entity or its employees are prohibited from committing any practices that would compromise the protection of personal data, including, but not limited to:

  • Collecting personal data without permission or legal justification.
  • Use of personal data other than for specified and authorized purposes.
  • Disclosure or sharing of personal data in any way to an unauthorized party.
  • Retention of personal data after the end of the regular or practical purpose of collection.

Scope of application:

Location: within the working environment.

Persons:

  • Employees of Taqwatik Law Firm.
  • All dealings directly or indirectly with the entity of third parties and customers.

Method of data collection:

The entity collects personal data when providing services and contracting in regular and legitimate ways that comply with the laws and regulations in force in the Kingdom, including but not limited to:

  • When communicating directly
  • Through digital platforms

Data storage method:

The entity is committed to the preservation of personal data as follows:

  • Cloud archive by saving it in Google Drive Ave Calendar Google Ave And...Hardisk.
  • A paper archive by keeping it in paper documents.

 

Exceptions:

The Company may, in exceptional cases, collect personal data from the non-owner directly, or process it for a purpose other than the one for which it was collected, or transfer it outside the Kingdom, as stated in Articles (1) and (2) of the Personal Data Protection Law, in the following cases:

Exceptions to the collection or processing of personal data:

  • If the holder of personal data expressly agrees to this in accordance with the statutory provisions.
  • If the personal data is publicly available, or collected from a publicly available source.
  • If the collection or processing of data is necessary to achieve a legitimate interest, in a manner that does not conflict with the rights or interests of the data subject.
  • If the collection or processing of data is required to implement another system or to satisfy judicial or public interest requirements.

Exceptions to transferring data outside the Kingdom:

 

  • If the transfer is in fulfilment of an obligation under an agreement to which the Kingdom is a party.
  • If the transfer is necessary to implement an obligation to which the data subject is a party.
  • If there are sufficient safeguards to protect personal data outside the Kingdom in accordance with the levels of protection prescribed in the system.

Reporting mechanism:

  1. The data subject may lodge any complaint arising from the application of this policy through the following means:
  • Send a complaint by email to the entity thiqatklawfirm@gmail.com or WhatsApp number (009665381111700) or (0096613586662)
  • The complaint should contain the exact details of the incident, including:
  • Name and phone number.
  • Describe the incident in detail.
  • Evidence, evidence and proof.
  • Names of witnesses, if any.

Investigation procedures:

  • An investigation committee shall be formed consisting of (Personnel Manager – Board Member – Direct Manager) specialized to receive and consider the complaint.
  • The Commission is committed to investigating in strict confidence and with respect for all parties.
  • The investigation and recommendations shall be completed within a maximum period of [3 days] from the date of receipt of the complaint.
  • Results are reported to senior management for appropriate decision making.
  • The owner of personal data has the right to submit to the competent authority any complaint arising from the application of the personal data protection system and regulations.

 

Penalties:

The senior management (Board of Directors) shall apply the prescribed penalties in case of any violation of the policy of protection of personal data, in violation of the system to do the following:

Entity Employees

 

  • Call attention or a written warning.
  • A deduction from salary or financial benefits as permitted by the labor law.
  • Suspension pending completion of investigation procedures.
  • Termination of service in accordance with statutory controls, in case of serious violation.
  • Holding the employee liable for any damages or losses resulting from the violation.

External parties (entity clients)

 

  • Termination or suspension of the contractual relationship.
  • Claim for damages arising from the violation.
  • Take the necessary regulatory measures as required by the applicable regulations.

Awareness and training:

  • The entity is committed to enhancing the level of awareness among its employees of the importance of protecting personal data and their legal and ethical duties towards it.
  • Publish the updated version of the policy on the Company’s website, as well as any appropriate media that ensures that it reaches all interested parties.

Preventive measures:

  • Anyone engaged in the processing of personal data is obliged to keep confidential and not to disclose any information or secrets associated with it, and this obligation remains in place even after the end of the functional or contractual relationship with the entity, based on the clause (non-disclosure of secrets) stipulated in the employment contracts concluded with its employees.
  • The entity must take all necessary measures to prevent unauthorized access to its personal data and ensure that it is protected to the highest standards of security and privacy.

  • Destruction:

    The entity is obliged to destroy the personal data that it has at the end of the purpose of collection or processing or at the end of the regular period necessary for retention, and the destruction is done using technical means or secure material that prevents the recovery or reuse of data in any way, in accordance with Article (1) of the Personal Data Protection Law.

    Commitment:

     

    Entity EmployeesSending this policy to the employees of the entity through the approved means of communication is an acknowledgement of its knowledge and full compliance with the provisions and controls contained therein.

     

    Third parties (third parties): This policy shall be announced at the headquarters of the administrative entity in visible places dedicated to information, and it shall be published through the entity's website or any other means that benefit the flag, and this is an implicit commitment by all customers with the entity with the provisions and controls contained therein.

    Disclaimer:

    The entity disclaims its regular and professional liability for any breach of personal data committed by its employees or third parties contrary to what is stated in this policy, while retaining the entity’s full statutory rights to take action and claim compensation for any damages arising as a result of non-compliance with the provisions of this policy."

EnglishenEnglishEnglish
ArabicarArabicالعربيةEnglishenEnglishEnglish