Beta Login

Data Policy

Effective Date: 15th May 2025   |   Last Updated: 15th May 2025

At AliaICT [Electronic Company for High Technology], we are committed to ensuring the lawful, secure, and transparent management of all data we collect, process, and store. This Data Policy outlines our approach to data governance and our obligations under the Saudi Personal Data Protection Law (PDPL).

1. Purpose

This policy defines the principles, rules, and procedures governing the collection, processing, storage, transfer, and disposal of personal and sensitive data by AliaICT. It applies to all employees, contractors, systems, and business units involved in data management.

2. Scope

This policy applies to:

  • All personal data processed by the company
  • All employees, third-party service providers, and partners with access to such data
  • All data processing activities carried out in or from the Kingdom of Saudi Arabia

3. Data Classification

We categorize data into the following classifications:

  • Personal Data: Any information that can identify an individual (e.g., name, ID number, email address)
  • Sensitive Data: Information related to religion, health, genetics, biometrics, or criminal records
  • Confidential Business Data: Intellectual property, trade secrets, and strategic plans

4. Data Collection Principles

All data collected must comply with the PDPL and adhere to the following principles:

  • Legitimacy: Data must be collected for a clear, lawful, and specified purpose
  • Consent: When required, data subjects must provide explicit and informed consent
  • Minimization: Only the minimum data necessary for the intended purpose should be collected
  • Accuracy: Data must be accurate and kept up to date
  • Transparency: Data subjects must be informed about the data collected and their rights

5. Data Processing and Use

  • With a clear and lawful purpose
  • Based on one of the legal bases defined in the PDPL (e.g., consent, contractual necessity, legal obligation)
  • In a manner that ensures integrity and confidentiality
  • For the minimum period necessary to achieve its purpose

6. Data Storage and Retention

  • Personal data must be securely stored in approved systems or repositories
  • Access must be limited to authorized personnel only
  • Data must be retained only as long as necessary to fulfill its purpose or as required by Saudi law

7. Data Security

We implement administrative, technical, and physical safeguards to protect data, including:

  • Firewalls and encryption
  • Role-based access control
  • Regular security audits and vulnerability assessments
  • Employee training on data security and privacy

8. Data Transfers

  • Personal data may not be transferred outside Saudi Arabia without prior approval from SDAIA, unless exempted
  • When international transfers are allowed, we ensure adequate protection mechanisms are in place (e.g., binding corporate rules, contractual clauses)

9. Data Subject Rights

Under the PDPL, data subjects have the right to:

  • Access their personal data
  • Request correction or deletion of inaccurate or unnecessary data
  • Withdraw consent for data processing (where applicable)
  • File complaints with SDAIA

Requests must be processed promptly and in accordance with legal requirements.

10. Breach Notification

Any suspected or actual data breach must be reported immediately to the designated Data Protection Officer (DPO) or relevant authority. In case of a confirmed breach, SDAIA and affected individuals must be notified within the legally mandated timeframe.

11. Employee and Contractor Responsibilities

  • Comply with this policy and relevant data protection laws
  • Protect all forms of data (electronic or paper-based)
  • Report any suspected data breaches or incidents

12. Training and Awareness

We provide ongoing training to employees and relevant third parties to ensure understanding of data protection responsibilities and secure data handling practices.

13. Policy Enforcement

Non-compliance with this policy may result in disciplinary action, termination of employment or contract, and potential legal action, depending on the severity of the violation.

14. Review and Updates

This policy is reviewed annually or whenever there are changes in applicable laws or our data processing practices.


Contact Information

Mr. Jobin Scaria, Data Protection Officer (DPO)
AliaICT [Electronic Company for High Technology]
Alia Plaza, Al Rabae, Riyadh, Saudi Arabia
Email: j.scaria@aliaict.com
Phone: +966 11 8266270