- Introduction
Astra Farms Co. (“AFC”) is committed to protecting personal data and safeguarding the privacy of individuals who interact with its services and systems. AFC applies the necessary administrative and technical measures in compliance with relevant regulations, laws, and policies to ensure that personal data is handled appropriately. Personal data will only be shared or disclosed in accordance with legal obligations and legitimate business purposes. AFC also ensures that your data is protected in line with regulations set by the National Cybersecurity Authority.
This Privacy Notice is intended to help individuals, including employees, vendors, and customers, understand the type of personal data we collect and process through various channels, the reasons for collecting and processing it, what we do with it, and with whom we may share it.
By using AFC’s services or accessing its platforms, you acknowledge and consent to this Privacy Notice and any substantive changes made to it. We encourage you to periodically review the Privacy Notice to stay informed.
You may withdraw consent at any time unless there is another legislative basis, by sending an email to the Data Protection Officer ([email protected]).
- Personal Data and processing
2.1. What is Personal Data?
Personal Data refers to any information that can be used to identify you, directly or indirectly, either alone or when combined with other information. This may include but is not limited to:
- Name, address, contact details (e.g., phone number, email)
- Date of birth, nationality
- Bank account details and financial information
- Sensitive personal data such as health information, required for employment or business purposes
2.2. What is processing?
Processing refers to any operation performed on personal data, such as collecting, using, storing, sharing, modifying, printing, copying, archiving, deleting, or disclosing it.
- Legal Bases for Processing Your Personal Data
AFC processes personal data in accordance with the Personal Data Protection Law and its amendments. The following legal bases may apply when processing your personal data:
- Processing is based on your consent.
- Processing is necessary to fulfill a contract or agreement to which you are a party.
- Processing is required to comply with legal obligations.
- Processing is necessary for legitimate business purposes, such as payroll, medical insurance, or HR systems.
- Processing is necessary to comply with regulatory or social insurance obligations.
- Processing is required for security reasons or judicial purposes.
- Purposes for Processing Personal Data.
AFC may process your personal data for various business-related reasons, including but not limited to:
- Employment purposes, such as payroll, medical insurance, and banking (e.g., wage protection systems) or HR systems like Qiwa and Mudad.
- Compliance with social insurance regulations, including the General Organization for Social Insurance (GOSI).
- Regulatory audits, actuarial analysis, and financial reporting.
- Providing benefits, such as medical insurance and wage protection.
- AFC ensures that your personal data will not be used for marketing or promotional purposes without your explicit consent. Additionally, personal data will not be shared or published on social media platforms.
- Collection of Personal Data from other sources or for other purposes
Collection and processing of your personal data is mandatory to enable AFC to implement its tasks to provide you with a high level of services. Please be aware that if you do not complete collecting your personal data, you will not be able to get services that provides, regarding the manner we use to collect your personal data, whether directly from you, or indirectly from third parties, for example Absher Platform, the Ministry of Human Resources and Social Development. If your personal data changes, please keep us updated by contacting our Personal Data Protection Officer at [email protected]
outlined in this Privacy Notice. However, in specific situations, we may collect data from other sources or process it for additional purposes, including:
- If you provide your explicit consent.
- If the data is publicly available or sourced from a public platform.
- If processing is necessary to protect vital interests, such as in medical emergencies.
- If processing is required for public health, safety, or other regulatory reasons.
- Your rights in relation to processing your Personal Data
This Privacy Notice provides information about your rights. Under certain circumstances and in accordance with the Law, you may exercise the following rights:
1. | Right to be informed: | you are entitled to be informed of the valid legal or practical justification for collecting your Personal Data, and the purpose thereof, and that your Personal Data should not be processed later in a manner inconsistent with the purpose for which it was collected, or in cases other than those specified in section 5 of the Notice herein. |
2. | Right to have access to your Personal Data: | you are entitled to have access to your Personal Data that is available to us, which includes accessing it, and obtaining a copy thereof in a format that is clear and identical to the content of the records. |
3. | Right to request correction, completion or updating: | you are entitled to request correction, completion or updating of your Personal Data which is available to us. |
4. | Right to be notified | In the event of a data breach involving a leak, damage, or unauthorized access to your personal data, the data controller is legally obligated to promptly notify both the relevant regulatory authority and you, (the data subject), if the breach poses a risk to your Personal Data. |
5. | Right to request erasure (destruction): | you are entitled to request erasure (destruction) of your Personal Data available to us, which is no longer required by us (subject to compliance of the requirements of the Law). |
6. | Lodge complaints – You have a right to lodge a complaint with the regulator. | If you wish to raise a complaint on how we have handled your personal Data, you can contact our DPO at [email protected] who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the competent authority for lodging complaints. |
Please contact us if you would like to know more about the above rights or if you would like to exercise any of these rights.
- Personal Data processing outside the Kingdom
In certain circumstances, AFC may need to transfer your personal data outside the Kingdom of Saudi Arabia. If such a transfer is required, AFC will ensure compliance with applicable legal requirements and obtain the necessary approvals from regulatory authorities, as required by the Personal Data Protection Law.
- Data Protection and Security
AFC prioritizes the protection of your personal data and complies with all applicable data protection laws. We implement policies and regulations to ensure that personal data is handled securely. Access to personal data is restricted to authorized personnel who require it to perform their job functions, in accordance with AFC’s internal policies.
8.1. with the relevant laws, regulations and policies. We may take additional steps to ensure the protection of your data by signing an agreement to share data between the AFC and other parties according to specific terms and conditions consistent to the principles of data sharing.
- Storing Personal Data
We will arrange safe storage of your Personal Data in systems and servers of the AFC. The servers are protected and governed according to the regulations issued by the National Cybersecurity Authority and the Saudi Data and Artificial Intelligence Authority. Personal data will only be available to AFC employees who need to view and use it in accordance with the employees’ tasks and responsibilities.
- Retention of Personal Data
Your personal data will be retained for as long as necessary to fulfill the purposes outlined here and as required by law, after which it will be securely disposed of.
- Disposal of Personal Data
If we no longer need your Personal Data and if we do not have any legal basis to hold it further, we will arrange its erasure, anonymization or return to you (unless we must return it to any other entity based on our legal obligations). We will ensure that:
- In case of anonymization: you will not be further re-identified after anonymization.
- In case of erasure: Personal Data will not be reconstructed after it was erased.
Contact details:
For any inquiries please feel free to reach out to our Data Protection Officer (DPO): [email protected]
Consent to Use Personal Data
I acknowledge that I have read, understand, and agree to the terms of the Privacy Notice as it explains how my personal data will be used, and that I am aware about my rights.
I agree to use my personal data in accordance with the Privacy Notice. I acknowledge that the AFC will use my personal data for the purposes described in the Privacy Notice. I understand that I can withdraw consent to use my personal data at any time.