Privacy Policy
Red Sea Security (“We”, “Our”, “Us”, “RSS”) is committed to protecting and respecting your privacy. We are a registered company in Saudi Arabia with an office at 3rd Floor, IN01 Tower, ITCC Complex, AlRaidah Digital City, Al Nakhil District 3807, Riyadh 12382 – 6726, Saudi Arabia, and for the purpose of applicable data protection laws, we are the “Data Controller”.
This Privacy Policy sets out the basis on which we will process any information and data we collect from you, or that you provide to us, in connection with your use of our website at www.redseasecurity.sa (the “Website”) and in connection with the property information services we provide to you (together, the “Services”).
Please read this Privacy Policy carefully so that you understand your rights in relation to your information, and how we will collect, use and process your information. This Privacy Policy supplements any other privacy related notices and policies we may provide to you from time to time and is not intended to override them. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website, use our Services or otherwise provide your information to us.
Our Website and Services are not intended for children, and we do not knowingly collect data relating to children. Children (below 18 years old) must not use the Services.
We change our Privacy Policy from time to time and we will note on our Website when our Privacy Policy has been updated. Please check the Website regularly for notices of changes to our Privacy Policy. Updates to our Privacy Policy will apply only to information collected after the date of the change.
1 How RSS Collects Customer Data
Data Category |
Data Field |
Purpose for Collection |
Contact & Business Inquiry Data |
Full Name, Company (optional), Email, Phone, Message (optional) |
Business Operations: - Receive, route, and respond to inquiries, requests for services, and follow-ups. - Validate and maintain records of communications and service requests. - Provide customer support and manage relationship communications related to the request (by email or phone).
Compliance & Protection: - Maintain audit trails and protect the Website and our systems (e.g., preventing spam, misuse, or security incidents). |
Recruitment / Applicant Data |
Full Name, Email, Phone, Nationality, CV/Resume (upload), Cover Letter (optional), LinkedIn Profile URL (optional) |
Recruitment: |
Technical & Usage Data (Website) |
IP Address, device/browser information, log data, page interactions, referral source, cookie identifiers (where applicable) |
Website Operations & Security:
Notes: - RSS does not require applicants to submit a photo; if an applicant includes a photo within their CV, it is treated as information voluntarily provided by the applicant. - RSS does not use Contact Us submissions to subscribe users to marketing lists unless this is explicitly offered and consented to elsewhere in the Website flow.
|
2 How Red Sea Security Shares Customer Personal Data
RSS does not use or share its customers information with others unless as described in this Privacy Policy. In certain circumstances, RSS will share your information with third parties, as necessary, or as otherwise required or permitted by PDPL. Specifically, RSS may share your information:
▪ With service providers and vendors for business purposes in its legitimate interests, or to perform a contract with you. Such third parties include: (i) data analytics vendors; (ii) security vendors; and (iii) website hosting vendors. These service providers assist RSS with many different functions and tasks, such as providing data storage and disaster recovery services.
▪ When RSS’s customer request to share certain information with third parties, with consent or to perform a contract with the customer. With the customer’s permission or upon the customer’s discretion, RSS will disclose the customer’s information to relevant third parties.
▪ With professional advisors, in RSS’s legitimate interests or as required by law. As necessary, RSS will share its customers’ information with professional advisors functioning as service providers such as auditors, law firms, or accounting firms.
▪ For legal and security reasons and to protect RSS’s services and business, in RSS’s legitimate interests or as required by law. RSS will share its customers’ information with regulators, law enforcement agencies, public authorities, or any other relevant organizations: (i) in response to a legal obligation; (ii) if RSS has determined that it is necessary to share customers information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) to protect the interests of, and ensure the safety and security, of RSS, its stakeholders, a third party or the public; (iv) to exercise or defend legal claims; and (v) to enforce RSS’s terms and conditions
▪ With RSS affiliates, in its legitimate interests. RSS may share its customers’ information with companies within its corporate group.
▪ In connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organization, in RSS’s legitimate interests. RSS will share customers’ information with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of RSS assets.
▪ Analyze user behavior on the website and across direct communication channels, like Email, SMS, WhatsApp, Push; (ii) attribute conversions to specific campaigns via URL tracking and/or pixels at user level. (iii) create user profiles and segments based on user behavior; (iv) process survey data for statistical analysis and product enhancements; (v) process user personal data for profiling, behavior analysis purposes and predictive models using AI or algorithms.
▪ Send marketing and/or commercial emails, promos, or newsletters; (ii) communicate promotions or marketing campaigns via SMS or WhatsApp; (iii) send push notifications through the website and app; (iv) communicate specific offers over the phone; (v) activate customer feedback surveys and collect survey data; (vi) share (pseudonymized) personal data with advertising platforms to perform a retargeting campaign on Paid Media for users who already visited the website or otherwise interacted on other communication channels; (vii) create Lookalike audiences of prospective customers and/or converted customers to activate campaigns on online advertising platforms.
3 Where Red Sea Security Stores Customer Personal Data
As RSS is based in the Kingdom of Saudi Arabia, the Personal Data that it collects from its customers will be transferred to, stored, and processed within the Kingdom of Saudi Arabia. Where permitted by the PDPL, RSS may also transfer its customers’ information internationally as necessary for it to provide the services to its customers, including to RSS’s service providers.
RSS will take all reasonable steps necessary to ensure that its customers’ information is treated securely and in accordance with this Privacy Policy and applicable privacy laws.
4 How Long Red Sea Security Retains Customer Personal Data
RSS will retain your Personal Data as follows:
▪ Customers information will be retained for as long as needed to provide RSS Services to the customer.
▪ If a customer contact RSS requesting permeant disposition of their information, RSS will keep the information for 5 years after the customer contacts RSS or RSS will also retain and use its customers information to the extent necessary to comply with RSS’s legal obligations, resolve disputes and enforce RSS’s terms and conditions, other applicable terms of service, and RSS policies. After these periods, RSS may store its customers information in an aggregated and anonymized format, and it may use this information indefinitely without further notice to its customers.
5 Identifying Purposes
RSS collects, uses, and discloses Personal Data to provide its customers with the product or service they have requested and to offer them additional products or services RSS believes its customers might be interested in. The purpose for which we collect Personal Data will be identified before or at the time RSS collects the information. RSS may collect Personal Data to provide a service, where an individual’s consent may be implied. Implied consent is consent that is not given explicitly, but which can be inferred based on the individual’s actions and the facts of a particular situation as part of the process of delivering the service.
6 Consent
Knowledge and consent are required for the collection, use or disclosure of Personal Data unless otherwise required or permitted by law. Customers always have the choice to provide their Personal Data to RSS. However, the customer decision not to provide certain information may limit RSS’s ability to provide them with RSS’s products, service, or may limit functionality. However, there are specific cases in which information will be processed even without the data owner’s consent. These cases are specified by the PDPL as per the following:
▪ If the Processing serves actual interests of the customer, but communicating with the customer is impossible or difficult.
▪ If the Processing is pursuant to another law or in implementation of a previous agreement to which the customer is a party.
▪ If the Controller is a Public Entity and the Processing is required for security purposes or to satisfy judicial requirements.
▪ If the Processing is necessary for the purpose of legitimate interest of the Controller (RSS in this case), without prejudice to the rights and interests of the customer and provided that no Sensitive Data is to be processed.
7 Limited Collection
The Personal Data collected will be limited to those details necessary for the purposes identified by RSS. With the customer consent, RSS may collect Personal Data from them in person, over the telephone or by corresponding with to customers via mail, or the internet. Other possible methods of the collection of Personal Data (not limited to), direct interactions, using RSS products or services, social media interactions, browsing the website, applying for a job, registering to become a supplier, etc.
8 Limited Use, Disclosure, and Retention
Personal Data may only be used or disclosed for the purpose for which it was collected unless the customer has otherwise consented, or when it is required or permitted by law.
Personal Data will only be retained for the period required to fulfill the purpose for which we collected it or as may be required by law and as forementioned in section 6 of this policy.
9 Safeguarding Personal Data
Personal Data will be protected by security safeguards that are appropriate to the sensitivity level of the information. RSS takes all reasonable precautions to protect its customers’ Personal Data from any loss or unauthorized use, access, or disclosure.
10 Openness
RSS will make information available to its customers about its policies and practices with respect to the management of its customers’ Personal Data.
11 Customer Data Rights
RSS would like to make sure its customers are fully aware of all their data privacy rights, in which RSS customers are entitled to the following:
▪ Right to know / information: A customer has the right to know about RSS (data controller) contact details, the exact reason the data is being collected, the methods being used for data collection, and whether this collected data will be shared.
▪ Right to request access or copy: A customer has the right to access their Personal Data from RSS (data controller) and obtain a copy of it in a clear and readable format, in conformity with the content of the records. In most cases this will be at no cost, however a, ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if a customer requests further copies of their data may be assessed at the time of the request.
▪ The right to request correction / rectification: A customer has the right to request that RSS (data controller) correct any information they believe is incomplete, inaccurate, or obsolete. The customer also has the right to request RSS to complete the information they believe is incomplete.
▪ The right to destruction / erasure: A customer has the right to request that RSS (data controller) erases their personal data. The reasons can range from rescinding the customer’s consent for data collection to the data no longer serving the purpose for which it was collected.
▪ The right to limit/restrict processing: A customer has the right to limit or object to the processing of their Personal Data by RSS (data controller) or any of its contracted data processors.
▪ The right to data portability: A customer has the right to request that RSS (data controller) transfer the data that it has collected to another organization, under certain conditions.
▪ Automated individual decision: A customer has the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects unless it is necessary for entering into, or performance of a contract between the customer and RSS (data controller), or at the customer’s explicit consent.
In certain circumstances permitted by regulation, or law, RSS will not disclose certain information to its owner. For example, RSS may not disclose information relating to a customer if other individuals are referenced or if there are legal, security or commercial proprietary restrictions.
If a customer makes a request related to any of the above rights to which they are entitled, RSS will fulfill these requests within 30 calendar days and record all data subject requests received. RSS will inform its customers of required extensions for fulfillment of raised requests should the resolution of the request require more than 30 calendar days.
12 Cookie Policy
By using this website, you may choose whether to allow non-essential cookies (such as analytics or performance cookies) through the cookie preference tool where available. Strictly necessary cookies are required for the operation of the website and cannot be disabled in our systems. If you choose not to enable non-essential cookies, certain measurement and performance features of the website may be limited. You may update your cookie preferences at any time through the cookie preference tool provided on the website.
1. What are Cookies?
C Cookies are small text files that are placed on your device when you visit a website. Cookies allow websites to function efficiently and provide information to the website owner about how visitors interact with the site.
Some cookies are strictly necessary for the operation of the website. Other cookies help us understand how visitors use the website and improve performance and user experience.
Cookies may collect information such as device type, browser type, pages visited, navigation paths, and general website usage data. In some cases, online identifiers such as IP address or cookie identifiers may be processed.
Where third-party services are used (such as analytics or advertising tools), certain cookie information may be processed by those providers in accordance with their own privacy policies.
This website may use both session cookies, which expire when the browser is closed, and persistent cookies, which remain on the device until they expire or are deleted.
The categories of cookies that may be used on this website include:
Strictly Necessary Cookies
These cookies are required for the website to function and cannot be switched off in our systems. They are typically set in response to actions taken by the user such as filling forms, setting preferences, or accessing secure areas of the website.
Performance Cookies
These cookies collect information about how visitors use the website, such as which pages are visited most frequently. This information helps improve website functionality and user experience.
Functional Cookies
These cookies enable the website to remember choices made by users such as language preferences or regional settings.
To manage your cookie preferences, please use the cookie preference tool available on this website where enabled.
2. This website uses the following cookies:
Cookie Name |
Default Category |
Default Description |
Essential website cookies |
Strictly Necessary Cookies |
These cookies are necessary for the website to function properly and cannot be switched off in our systems. They are typically set in response to actions made by the user such as filling forms, setting privacy preferences, or accessing secure areas of the website. |
Google Ads cookies |
Performance Cookies |
Google cookies may be used to measure interactions with advertisements and to understand how visitors reach and interact with the website. These cookies help evaluate advertising effectiveness and improve website performance. |
LinkedIn cookies |
Performance Cookies |
LinkedIn cookies may be used to measure website visits originating from LinkedIn and to understand how visitors interact with the website after arriving from LinkedIn. |
X (formerly Twitter) cookies |
Performance Cookies |
Cookies associated with the X platform may be used to understand how visitors interact with the website after engaging with content on the X platform. |
Website performance cookies |
Performance Cookies |
These cookies collect aggregated information about how visitors navigate the website and are used to improve website performance and usability. |
Functional cookies |
Functional cookies |
These cookies allow the website to remember user preferences such as language or region where applicable. |
3. Does the policy apply to linked websites?
Our websites may contain links to other websites. This cookie policy only applies to this website so when you link to other websites you should read their own cookie policies.
4. How do we update this Cookie Policy?
We conduct regular reviews of this Cookie Policy, and any updates will be published on this webpage.
13 Contact Information
1. Complaints
If a customer has any complaints about how we process their information, they may contact us at [email protected] and we will respond to their request as soon as possible.
13.1 Contact RSS
If a customer has any questions regarding this policy, please do not hesitate to contact RSS at [email protected]
13.2 Contact Appropriate Authority
Should a customer wish to report a complaint or if the customer feels that RSS has not addressed their concern in a satisfactory manner, they may contact The Saudi Data & Artificial Intelligence Authority (“SDAIA”) at [email protected]