Saudi Aramco Jubail Refinery Company (SASREF), is a Saudi Arabian limited liability company, holding Commercial Registration No. 2055000925, and having its principal office address at P.O. Box 10088, Madinat Al-Jubail Al-Sinaiyah 31961, Kingdom of Saudi Arabia (hereinafter referred to as “SASREF”, “the Company”, “our”, “us”, or “we”). In SASREF, we are committed to our responsibilities toward your privacy, and maintaining your trust is our priority. SASREF will only collect and process personal data to the extent it is permitted to do so and with your consent (where required by applicable laws and regulations). By “personal data” we mean any information through which we can identify you as an individual (e.g. name, telephone number, email and/or other related information) including sensitive personal data. This Privacy Notice (herein after referred to as “Notice”) informs you how the information submitted by you or collected by SASREF through SASREF Website (and elsewhere) may be processed (to the extent necessary to achieve the purpose of its collection), and to whom we disclose the data, how long we keep the data, in a secure, lawful and transparent manner. Additionally, we describe your rights and how you can invoke them. SASREF follows strict policies and guidelines to protect personal data and to comply with applicable data protection laws and regulations. This Notice is formulated in accordance with the Personal Data Protection Law and Regulations in the Kingdom of Saudi Arabia.
PERSONAL DATA WE COLLECT
SASREF may collect and process information about you (“Personal Data”) the minimum necessary to achieve the purpose of its collection for business purposes only and the defined purposes for the service you have requested and submitted the data for. This includes both Personal Data you may provide to us, or that is provided about you. The Personal Data that SASREF collects and processes will depend on the relationship we have with you:
• Website visitors:
o Contact information if submitted by you such as (name and email) to enable us to respond to a general or business inquiry made by you, or on behalf of the company that you represent.
o Account information such as (username, password, contact details, preferences, and other information you choose to share with SASREF) if you have created an account in one of our websites such as supplier or career portals.
o Technical Information, and device data (IP address, unique system identifiers and information logged by cookies or similar technologies), including usage information (such as the number of visitors on a specific page of the Site, how long you stay on a page, or which hyperlinks you click on). Please review our Cookies section below for additional information on how we use these technologies.
• Candidates: SASREF collects education and employment information when you submit an employment application for a role at SASREF via our career portal. we process the following personal data:
o Contact information (such as title, name, nationality, date of birth, email, phone, business name, address, role, industry) and other relevant information.
o Identifying, authenticating, location and/or professional data (such as government identification, education history, work history or confirmation of screening process);
o Financial information (such as salary and GOSI details); and
o Other personal data you disclose in the course of your relationship with SASREF
• Suppliers and contact persons or representatives suppliers (current and prospective): In order to establish and maintain a business relationship with you or the company you represent, we process the following personal data:
o Contact information (such as title, name, email, phone, business name, business address, role, industry);
o Identifying, authenticating, location and/or professional data (such as completed supplier due diligence or confirmation of screening process);
o Financial information (such as bank account or invoicing details); and
o Other personal data you disclose in the course of your relationship with SASREF.
• Visitors to SASREF premises or attendees at SASREF webinars and events:
o Contact information (such as name, email, business address, role);
o Video surveillance footage and/or access records (recorded on SASREF premises by the use of video surveillance equipment (CCTV) or access logging systems).
• We may also collect Personal Data about you from publicly and commercially available sources (as permitted by law and the terms of use applicable to the source). We may combine that Personal Data with other Personal Data we collect about you, including when you visit and use our Site. This may include (but is not limited to) social media websites where you publicly share information about yourself, such as LinkedIn, X (previously Twitter), job sites or from other third-party sources.
SASREF will only process personal data for the purpose for which it is collected. We will not use your contact information for promotional advertising unless you have specifically requested to receive promotional information. If you provide us with personal data about other individuals, please ensure that they have given you consent to do so and that they are aware of our Notice.
FOR WHAT PURPOSES AND LEGAL BASES DO WE USE YOUR PERSONAL DATA?
SASREF will only process your personal data when it has a legal basis for doing so. In particular, SASREF processes your personal data when the processing is needed for the performance of our contract with you, when SASREF is legally obliged to do so, or when the processing is necessary for the legitimate interests of SASREF (or those of third parties). Where required by applicable law, SASREF will also obtain your consent to process your personal data.
Consenting to data processing:
• Data Subjects’ (the individual to whom the Personal Data relate) data can be processed upon consent of the person concerned. Declarations of consent must be submitted voluntarily.
• Business Partners, Vendors, and any other third party’s data can be processed upon consent, Declarations of consent must be submitted voluntarily.
Purposes of data processing:
We will process your data for specific and limited purposes which are linked to a legal basis set out above. These purposes are:
• For the performance of service requested by you: such as applying for a job; including enabling us to conduct background checks, evaluate and determine your suitability for the role you are applying for, and onboard you, should you be successful.
• To carry out the support and services under the commercial agreement that we concluded or will conclude with you on behalf of your company, for the purposes of billing or invoicing, communicating with you in relation to the agreement, product delivery, processing orders, purchasing materials, supplies and equipment, completing supplier due diligence and customer screening processes, licensing agreements and non-disclosure agreements, etc.
• To comply with legal obligations: monitoring and ensuring compliance with applicable laws and regulatory requirements, communications relating to such obligations, and responding and complying with lawful requests by regulators and law enforcement.
• For SASREF’s legitimate (business) purposes: such as to manage our internal suppliers database in order to maintain contact with current and prospective vendors, to keep track of our candidates database, to operate and expand our business activities and services, to undertake market research, to offer our Online Services, to operate SASREF policies and procedures, to maintain standards of safety and security in our systems and premises, to resolve disputes or manage enquiries and to enable SASREF to make corporate transactions.
• To protect our rights: to protect our sites and business operations including to prevent and detect fraud, unauthorized activities and access, or other misuse where we believe it is necessary to investigate, prevent or take action regarding illegal activities, or in cases of suspected fraud or situations involving potential threats to the safety or legal rights of any person or third party, or violations of our agreements or this Notice.
• To communicate with you: to provide you with status updates about the services requested by you (job application, supplier registration, etc.). We may send you notice updates in case of website policies updates.
Where appropriate we do this with your consent, or based on our legitimate interest, or other applicable legal basis.
HOW DOES SASREF PROTECT YOUR PERSONAL DATA?
SASREF is committed to protecting your personal data by taking strong security and privacy measures reasonably necessary and/or required by applicable data protection laws to protect your personal data and information from unauthorized access, use, loss, disclosure or destruction. We have implemented reasonable and appropriate technical, physical, and organizational measures to protect your personal data which include but not limited to:
• Applying access controls,
• Providing security awareness and training for SASREF personnel,
• Setting up security breach procedures,
• Undertaking regular audits,
• Implementing controls around data integrity, storage and transmission and disposal of data.
• Implement the relevant controls and requirements issued by the Saudi Arabian National Cybersecurity Authority (NCA)
• SASREF requires third party service providers, who process personal data on its behalf, to implement similar security and confidentiality measures.
It should also be noted that the Internet is not a completely safe space and SASREF cannot be held responsible for external parties or external links.
TO WHOM SASREF DISCLOSE YOUR PERSONAL DATA?
To fulfil the purposes above, SASREF may need to disclose to, transfer or otherwise share your personal data with a third party. In general, we may disclose, transfer or otherwise share personal data as follows:
• Service providers: SASREF may disclose personal data to third party service providers where is it necessary for the provision of a services. These services include data storage and analytics, for web hosting, IT technology, infrastructure and security, handling payment transfers, advisory services, maintenance and other similar services. When SASREF outsources processing activities, it will ensure the service provider is bound to implement and maintain adequate data protection and security measures and will comply with applicable privacy laws.
• Disclosures in connection with acquisitions or divestitures: Circumstances may arise where for strategic or other business reasons SASREF is sold, divested, merged or transferred as part of a corporate transaction. We may disclose information we maintain about you to the extent reasonably necessary to proceed with the negotiation or completion of a merger, divesture, acquisition or sale of all or a portion of SASREF’s assets.
• Where required by law or to protect our rights: In certain instances and where permitted by applicable law SASREF may be required to disclose your personal data to comply with legal requirements such as to comply with tax authorities or binding requests from other law enforcement authorities or to protect SASREF’s legal rights such as to defend a legal claim where permitted by applicable law.
We may share aggregate or anonymous information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
We store and process your Personal Data in the Kingdom of Saudi Arabia. Your Personal Data may be shared with and processed by other entities outside of the country in which your Personal Data was collected. It may also be accessed or processed by staff operating outside of that country.
The laws on processing such Personal Data in these locations may be less stringent than in your country. We will take all steps reasonably necessary and/or required by applicable data protection laws to ensure that your Personal Data is transferred subject to an appropriate mechanism, treated in accordance with this notice, and provided equivalent protections under the applicable laws regarding its transfer.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
SASREF will retain your Personal Information in its records as long as we have a relationship with you and you are using our website to fulfil your requirement or otherwise authorized by Personal Data Protection Law. As required by law, we will only hold your personal data for as long as necessary to fulfil the purposes for which the data is collected before making it non-identifiable (anonymous) or deleting it. This applies unless there is a contractual or legal requirement to retain data for a longer period (such as required by trade or tax regulations or to defend a legal claim).
Should you wish to request earlier deletion, you may discuss this by contacting Privacy@sasref.com.sa
COOKIES
• Technical Information, SASREF may collect technical information that could be used to enhance your experience. For Example:
o Internet Protocol (“IP”)
o Browser type and capabilities
o Language
o Operating system
o cookies
• Usage data: SASREF may collect data that could be used to help us to understand your experience and behaviour while using our website. For example:
o Information about how you use our website
o What pages you view.
o The number of bytes transferred.
o The links you click.
o The materials you access.
o The date and time you accessed the website.
DATA SUBJECT PRIVACY RIGHTS
SASREF is committed to transparently processing your data. All Data subjects have certain rights (subject to limitations) determined by the Personal Data Protection Law and Regulations including the following:
1. The right to be informed about the legal basis and the purpose of the collection of their Personal Data.
2. The right to access their Personal Data held by SASREF , in accordance with the rules and procedures set out in the applicable laws and regulations.
3. The right to request obtaining their Personal Data held by SASREF in a readable and clear format, in accordance with the controls and procedures specified by the applicable laws and regulations.
4. The right to request correcting, completing, or updating their Personal Data held by SASREF.
5. The right to request a destruction of their Personal Data held by SASREF when such Personal Data is no longer needed by Data Subject.
6. If you have given your consent for processing your personal data, you have the right to withdraw your consent. Please note that a withdrawal of consent does not affect the lawfulness of any processing which has taken place prior to your consent being withdrawn and that we can only action your request in accordance with applicable law.
There may be situations where SASREF cannot grant your request, for example, if you make a request for access and we cannot verify your identity, we will not be able to comply with the request. We may also be unable to comply with your request to delete if we have a legal or regulatory obligation to maintain your Personal Information.
Where we deny your request in whole or in part, SASREF will take steps to inform you of the denial and provide an explanation of our actions and the reasons for the denial.
To exercise your rights, please make your request to Privacy@sasref.com.sa
Should you object to the processing of your information, this may, without limitation, impede your access to the Site (or parts of it), impair or render impossible your use of some of the functionalities, and services on it.
CHANGES TO THIS NOTICE
SASREF reserves the right to amend this Privacy Notice at any time due to changes of relevant laws and regulations, changes of terms and conditions, technical reasons, or any other reasonable basis.
How well I know if the Privacy Notice has been updated?
• If SASREF changes its privacy practices, a new Privacy Notice will reflect those changes and the effective date of the revised notice will be set forth at the bottom of this Policy.
• You will receive an email notification alert if you have an active user account in one of our sites.
HOW CAN YOU CONTACT US?
If you have any questions about your Personal Information or want to exercise your rights, please contact us at Privacy@sasref.com.sa
We will do our best to respond to all reasonable requests within 60 days and without delays. This period may be extended to an additional 30 days in certain circumstances, depending on the nature of the request, while considering that you are informed in advance of the extension with the reasons for the delay.
