Privacy Policy

Ops Information Systems Technology Company ("the Company" or "we") is committed to protecting the privacy of personal data of users, customers, and data subjects whose data is processed through the Company's website.

Your use of the website or registration on it constitutes explicit consent to this policy in accordance with the Personal Data Protection Law and its implementing regulations.

• Country: Kingdom of Saudi Arabia.
• Company: Ops Information Systems Technology Company — Riyadh.
• Personal data: Any data that identifies an individual or makes them identifiable, directly or indirectly.
• Data subject: The natural person to whom personal data relates.
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, destruction, etc.).

The Company collects or processes data necessary to provide services and operate the website, including but not limited to:

• Technical data: IP address, device type, browser, operating system.
• Contact data: name, email, phone number, national ID, residency number.
• Employment data (for applicants): qualifications, experience, CV and attachments.
• Subscription data: email address.

This privacy policy applies to:

• The Company's website.
• Current or future electronic applications belonging to the Company.
• Technical services related to the website.

When certain services or features are activated, some sensitive or special-category data may be processed in accordance with regulatory requirements and applicable controls, including data related to attendance verification, identity verification, or other data permitted by law.

Personal data is obtained from:

• The customer subscribed to the website.
• Data generated when using the website.
• Sources permitted by law.

Personal data is processed for legitimate purposes related to the services provided, including:

• Creating and managing accounts.
• Providing human resources management services.
• Providing technical support.
• Improving platform performance and service quality.
• Protecting systems and technical infrastructure.
• Responding to requests, inquiries, and complaints.

Personal data is not shared with third parties except when:

• There is explicit consent from the data subject.
• There is a legal obligation or order from a competent authority.

Ops Information Systems Technology Company undertakes not to sell data or use it for unauthorized purposes.

Personal data is not transferred outside the Kingdom of Saudi Arabia except as permitted by applicable laws, regulations, and instructions issued by competent authorities, after fulfilling regulatory requirements and obtaining necessary consents, while ensuring an equivalent level of protection.

Ops Information Systems Technology Company retains data only for the period necessary to achieve the purpose for which it was collected or to comply with regulatory requirements. After the purpose ends, data is securely destroyed or anonymized.

The Company is committed to taking appropriate technical and organizational measures to protect personal data, including:

• Managing access permissions.
• Protecting systems and databases.
• Encrypting data where appropriate.
• Security monitoring.
• Periodic backups.
• Measures against unauthorized access, use, modification, or unlawful disclosure.

However, absolute security cannot be guaranteed for any electronic system or means of transmission over the Internet.

Subject to applicable laws and regulations, the data subject enjoys the rights prescribed by law, including:

Right to be informed

The data subject has the right to know how we collect their data, the legal basis for collection and processing, how it is processed, stored, destroyed, and with whom it may be shared. Full details are available in this policy or by contacting us via the details in Section 15.

Right of access

The data subject may request a copy of their personal data via the email in Section 15. A copy will be provided free of charge within a reasonable period by email.

Right to rectification

The data subject may request correction of inaccurate, incorrect, or incomplete personal data via the email in Section 15. Requests will be reviewed and updated within seven business days, with notification by email.

Right to erasure

The data subject may request erasure of their personal data in certain circumstances, unless a legal provision specifies a retention period or there are contractual requirements.

Right to withdraw consent

The data subject may withdraw consent to processing of their personal data at any time, unless legitimate purposes require otherwise.

Ops Information Systems Technology Company applies appropriate technical and organizational security measures, including:

• Access control based on need-to-know.
• Encryption and protection of servers and backups.
• Internal policies and procedures for incident management and reporting.

Cookies are used to improve performance, statistical analysis, and user experience. Users may manage or disable cookies through browser settings, though some website functions may be affected.

Services provided by the Company are directed at establishments and persons with the necessary legal capacity. The Company does not directly target collection of children's personal data except where permitted by law or where there is a legitimate legal basis.

The Company may amend or update this policy from time to time in line with operational developments or regulatory requirements. The updated version takes effect from the date of publication on the website unless otherwise stated.

For inquiries or complaints related to personal data processing, the data subject may contact the Company through the channels below. The Company will review the request and respond in accordance with applicable regulatory requirements.

Email: info@hrops.sa