IT Privacy Policy

MEIT

1. Introduction

MEIT (“the Company”, “we”, “our”, or “us”) is committed to protecting the privacy and security of the personal data we collect, process, and store. This IT Privacy Policy outlines how we manage, use, and safeguard personal data in accordance with the Saudi Personal Data Protection Law (PDPL) and international best practices.

This policy applies to all employees, contractors, third-party service providers, and anyone accessing the Company’s IT infrastructure.

2. Purpose

The purpose of this policy is to:

  • Protect personal data against unauthorized access, disclosure, alteration, or destruction.
  • Ensure transparency in how we handle data.
  • Ensure compliance with Saudi Arabian regulations and relevant international standards.
  • Promote a culture of data privacy and information security within the organization.

3. Scope

This policy covers:

  • All personal data collected and processed through our IT systems.
  • All systems, services, employees, and third-party providers involved in data processing.
  • Both internal and external users interacting with our IT infrastructure.

4. Types of Data Collected

We may collect the following types of data:

  • Personal Identification Information: Name, ID number, email, phone number, address, nationality, etc.
  • Professional Information: Job title, employer, qualifications.
  • Technical Data: IP addresses, device identifiers, login timestamps, system logs.
  • Usage Data: User activity logs, software usage, and access to company resources.

We collect this data only for legitimate, specific, and clear purposes related to our business operations.

5. Data Collection and Use

We collect personal data through:

  • Company websites and applications.
  • Employee onboarding systems.
  • Security surveillance and access control systems.
  • Communication systems (e.g., email, internal chat platforms).

We use this data to:

  • Administer user access and authentication.
  • Manage IT services and support.
  • Monitor and secure our IT systems.
  • Ensure regulatory compliance.
  • Communicate with users and clients.

6. Legal Basis for Processing

We process personal data based on:

  • User consent, when required.
  • Legal obligations under Saudi law.
  • Legitimate interest, provided it does not override individual rights.
  • Contractual necessity, such as fulfilling employment or service agreements.

7. Data Protection and Security Measures

[Company Name] uses appropriate technical and organizational measures to ensure a high level of security, including:

  • Encryption of sensitive data.
  • Access controls and authentication systems.
  • Regular backups and secure storage.
  • Firewalls, antivirus, and intrusion detection systems.
  • Regular IT audits and vulnerability assessments.
  • Employee training on data privacy and cybersecurity.

8. Data Sharing and Third Parties

We do not sell or rent personal data. We may share personal data with:

  • Authorized government entities, when legally required.
  • Trusted third-party service providers, under strict data protection agreements.
  • Internal departments, only when necessary and with proper controls.

All third parties are required to comply with our privacy standards and the PDPL.

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once data is no longer required, it is securely deleted or anonymized.

10. Data Subject Rights

Under Saudi Arabia’s PDPL, individuals have the right to:

  • Access their personal data.
  • Request correction or deletion of inaccurate or outdated data.
  • Withdraw consent where applicable.
  • Object to data processing under certain conditions.
  • File complaints with the Saudi Data and AI Authority (SDAIA).

Requests can be submitted to our Data Protection Officer (DPO) at:
📧 [Insert DPO Email]

11. International Data Transfers

We avoid international data transfers unless necessary. When data must be transferred outside Saudi Arabia, we ensure compliance with legal safeguards such as:

  • Data transfer agreements.
  • Adequate protection levels as defined by the PDPL.

12. Breach Notification

In case of a data breach that may impact personal data, [Company Name] will:

  • Notify the affected individuals (when required).
  • Inform SDAIA as per regulatory timelines.
  • Take immediate remediation steps to minimize the impact.

13. Policy Review

This policy will be reviewed annually or when required by changes in law or our operations.