Privacy Notice
Contact Details
1.What is the purpose of this Privacy Notice?
This Employee Privacy Notice explains how we collect, use, and share personal information about our employees and outlines your rights concerning your personal data. This notice is in accordance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), enacted by Royal Decree No. (M/19) issued on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
2.Who is the controller of your personal data??
Othaim Markets is the legal entity responsible for the collection, use, and protection of your personal data. As the data controller, we determine the purposes and means of processing your personal data.
3.What personal data do we collect about you?
We collect personal data through various methods:
- Personal Information: Names, email addresses, and phone numbers of vendors representatives.
- Professional Information: Job titles, professional qualifications, and roles within your organization.
- Financial Information: Bank account details, transaction data, and payment records.
- Engagement Records: Details of interactions, engagements, inquiries, feedback, and returns of goods/services.
- Legal Data: Contractual agreements, compliance documents, and legal correspondence related to your dealings with Othaim Markets.
- Technical and Access Data: Data related to access and usage of our vendor portal, including IP addresses, login details, and device information for security purposes.
- CCTV Footage: Visual data captured through CCTV cameras installed at Othaim Markets’ premises, including areas where our vendors and suppliers may visit or conduct business.
4.How do we Collect your Personal Data?
Othaim Markets employs various methods to collect personal data, ensuring accuracy and compliance with legal regulations:
- Direct Interactions : Data gathered directly from you during the registration process, in person interactions, contractual negotiations, and communications via email or phone.
- Automated Collection: Using cookies and similar tracking technologies that collect information about your interactions with our website and applications.
5.How do we use your Personal Data?
Othaim Markets utilizes the collected personal data for the following purposes, aligned with our operational, regulatory, and strategic objectives:
- Business Operations and Relationship Management: To support the smooth operation of our business activities, manage our relationships with you, and ensure effective communication.
- Contract Management: To facilitate the negotiation, execution, and fulfilment of contracts.
- Financial Transactions: To process payments, manage accounts, and carry out financial reporting.
- Compliance and Legal Obligations: To adhere to legal, regulatory, and policy requirements which may include responding to legal processes or government requests for audits and investigations.
- Security and Safety: To ensure the security and safety of our premises, personnel, and assets using CCTV surveillance and monitoring systems.
6.What are the Legal Bases for Processing your Personal Data?
The processing of your personal data is based on several legal grounds, including:
- Contractual Necessity: We process your personal data to fulfil contractual obligations with you, such as managing vendor relationships, processing payments, and executing agreements.
- Legal Obligation We process personal data to comply with applicable laws and regulations.
- Legitimate Interests: In some cases, we process your personal data to pursue legitimate business interests, such as improving our services, managing security systems, or enhancing our vendor portal. We ensure that such processing does not infringe on your rights and freedoms.
7.How do we protect your Personal Data?
At Othaim Markets, safeguarding your personal data is a priority we take very seriously. We are committed to implementing comprehensive security measures, both technical and organizational, to protect your data from unauthorized access, alteration, and misuse.
Technical Security Measures:- Data Encryption: Personal data is encrypted both in transit and at rest using industry-standard encryption protocols. This ensures that unauthorized parties cannot access or read your data.
- Access Controls: We strictly limit access to personal data to authorized personnel only, based on their role and necessity to engage with the data.
- Secure Infrastructure: Our network and data storage solutions are protected with industry-standard firewall and antivirus software, alongside intrusion detection systems to prevent unauthorized access.
- Regular Security Assessments: We conduct periodic security assessments and penetration testing to identify and address potential security vulnerabilities.
Organizational Security Measures:
- Data Privacy Policies and Training: Our comprehensive data privacy policies are strictly followed by all our employees, ensuring awareness and adherence to the best practices in data privacy. We further support this with regular training sessions on the importance of personal data protection and the implementation of effective security measures.
- Confidentiality Agreements: All our employees, contractors, and third-party service providers are required to sign confidentiality agreements that bind them to maintain the secrecy and security of all personal data.
- Physical Security: Our facilities are secured with ID cards, biometrics, and constant surveillance to ensure that only authorized personnel can access data sensitive areas.
- Vendor Management: Third-party vendors are rigorously screened and bound by contracts that enforce our data protection standards.
- Incident Response Protocols: A structured incident response protocol is in place, detailing procedures for addressing any data security incidents. This includes immediate actions to manage and contain potential breaches and ensuring proper escalation and response without undue delay.
8.Who do we share your Personal Data with??
We share your personal data with specific categories of recipients to support our business operations, including:
A. Categories of Recipients
- Service Providers: We may share your personal data with third-party service providers that help us operate our business, including IT service providers, payment processors, and logistics partners.
- Business Partners: Personal data may be shared with business partners for the execution of contracts or service agreements, including suppliers, contractors, or subcontractors involved in our operations.
- Financial Institutions and Payment Processors: Data related to payments and transactions may be shared with banks and payment processors to facilitate payments and manage financial operations.
- Legal and Regulatory Authorities: : We may disclose your personal data to government bodies, regulatory authorities, or law enforcement agencies when required to comply with legal obligations, respond to requests, or protect our rights.
- Audit and Compliance Firms: To conduct audits and ensure compliance with regulatory requirements.
B. Contractual Safeguards
Data shared with third parties is strictly governed by privacy agreements that ensure these parties adhere to confidentiality and data protection standards comparable to those followed by Othaim Markets. We ensure:
- All third parties are carefully vetted and bound by contractual safeguards such as Data Processing Agreements (DPAs) to ensure data protection.
- Data transfers are limited to what is necessary for the services they provide.
C. International Transfers
In some cases, Othaim Markets may transfer your personal data outside the Kingdom of Saudi Arabia. These transfers are conducted in compliance with KSA PDPL and are subject to appropriate safeguards. When transferring data internationally, we ensure that your personal data is protected through safeguards such as:
- Transfer Impact Assessments (TIAs): Assessing the risks of cross-border data transfers and ensuring compliance with applicable regulations.
- Standard Contractual Clauses (SCCs): Implementing data protection clauses in contracts with international third parties.
- Binding Common Rules (BCRs): For internal transfers within the company group across borders.
9.How long will your Personal Data be retained
Othaim Markets retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Here’s how we determine retention periods for different types of personal data:
- Operational Necessity: Assessing the risks of cross-border data transfers and ensuring compliance with applicable regulations.
- Legal Compliance: Implementing data protection clauses in contracts with international third parties.
10.How do we use Cookies?
At Othaim Markets’ Vendor Portal, we utilize cookies to enhance your experience, maintain the functionality of our websites, and improve our services:
A. Types of Cookies Used:
- Functionality Cookies: AWe use functional cookies to manage your session while you use our vendor portal. These cookies are temporary and expire once you close your browser.
B. Managing Cookie Preferences
You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:
- Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling cookies may affect the functionality and services offered on our websites.
- Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change your preferences at any time by accessing the cookie settings available on our website.
11.What are your Rights regarding the processing of your Personal Data?
At Othaim Markets, we are committed to respecting your privacy in compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (KSA PDPL). You are entitled to the following rights under this law:
Right to be Informed
You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Policy or contact us for further information.
Right to Access to Your Personal Data
You have the right to access your personal data that we hold through means provided by us that allow for automatic access without needing to make a formal request.
Right to Request Access to Your Personal Data
You can request to obtain your personal data held by Othaim Markets at any time and obtain a copy of this data in a clear and readable format.
Right to Correct Personal Data
If you find that any of the personal data that we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or update.
Right to Request Destruction of Personal Data
You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal and regulatory requirements.
Right to Withdraw Consent
You may withdraw your consent for the processing of your personal data at any time, unless there is a legal basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal.
Right to File a Complaint
If you believe that Othaim Markets has not complied with the Personal Data Protection Law, you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).
Right to Claim Compensation:
You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.
12.How Can You Exercise Your Rights?
To exercise any of these rights, please contact us via dataprotection@othaimmarkets.com. We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).
You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.
13.What if you have questions or want further information?
For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at Othaim Markets using the below mentioned contact details.
Personal Data Protection Officer Name:[Zaina Alsuwaylih]
Email:
dataprotection@othaimmarkets.com.
Phone:
[00966112547000 Ext:3969]
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel:
Email: dataprotection@othaimmarkets.com
If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
14.Changes in Privacy Notice
Othaim Markets reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations.
