0

Privacy Policy

Experts HR > Privacy Policy

Privacy Policy

Last updated: Jan 29, 2025

1. Who We Are and What We Do

1.1 We are eHR, located at 3692 Najm Al Din Al Ayoubi, Al Awaly District, Riyadh 11564, Saudi Arabia. You can contact us via telephone at +966 55 974 8933 or email at info@ehr.sa. eHR is a business name of Expert HR CO. LTD. We provide the following products and services (“Products”):

  • HRMS: A cloud-based solution for all HR operations and payroll management.

1.2 In providing these Products, eHR processes personal data. This document outlines how eHR processes personal data, including data collected when you use our website (“Website”) and Products (collectively, “Services”).

2. What Does This Policy Cover?

2.1 eHR takes your personal data seriously and processes it in accordance with applicable laws and regulations. As the ‘controller’ (i.e., the entity responsible for deciding how your personal data is processed), eHR has adopted this privacy policy (“Policy”) to establish and maintain the privacy and security of your personal data. This Policy:

(a) Sets out the types of personal data we collect about you;

(b) Explains how and why we collect and use your personal data;

(c) Explains how long we keep your personal data;

(d) Explains how we will share your personal data—when, why, and with whom;

(e) Explains the different rights and choices you have regarding your personal data;

(f) Explains the security measures we apply to protect your personal data; and

(g) Explains how we may contact you and how you can contact us.

2.2 By accepting this Policy and submitting any personal data to us, you agree that we may collect, use, disclose, and retain such data in accordance with this Privacy Policy and as permitted or required by law. If you do not agree with these terms, please do not accept them or provide any personal data to us.

2.3 Please note that we may not be able to respond to you, provide the relevant Services to you, or address your inquiries unless you provide us with the required personal data as outlined or referred to in this Privacy Policy, unless we indicate that providing the personal data is optional.

3. What Personal Data Do We Collect About You and How Do We Collect It?

3.1 We collect the content, communications, and other information you provide when you use our Services, including when you sign up for an account (if applicable) or communicate with us, including via email. This includes your name, email address, phone number, name of your business (if applicable), location/country, and payment information (if applicable).

3.2 We also collect additional, specific personal data depending on the Products you are using:

  • For eHR, we need to conduct customer due diligence and Know Your Customer (KYC) procedures, which include collecting and processing the following information:
    • ID Validation: ID number, place of issue, expiry date, date of issue.
    • Commercial Registration (CR) Validation: CR number, Unified National Number (UNN), entity name, issue date, expiry date, business type, place of issue, owner name, manager name.
    • Other Information: Outlet name, address, contact person, contact details, and other information you may provide during the onboarding process.

3.3 Additionally, we collect the following personal data:

(a) Usage Information: We collect information about how you use our Services, such as the time, frequency, and duration of your activities, and how you use the features provided by the Services.

(b) Device Information: We collect information about the devices you use, such as the model and type of device, operating system, hardware and software versions, and other technical information (e.g., your IP address).

(c) Your Opinions About Our Products and Services: Information you share, including your experiences and satisfaction with our products or services or other interactions with us.

4. Cookies

4.1 When you use our Website, we use cookies to collect personal data from your device to help us enhance the Services provided and to facilitate your access to our services. For example, cookies allow you to repeatedly use our services on the same device without having to log in or adjust preference settings each time. We automatically collect web statistics about your visit to our Website based on your IP address. This information is used to help us improve your experience on our Website.

5. Where Do We Collect Personal Data About You From?

5.1 We collect your personal data directly from you—this includes the personal data you provide to us when using our Services or communicating with us. We also collect your personal data by deploying cookies as described above. Additionally, we may collect personal data from your organization, relevant third-party partners, and government entities as follows:

  • ID Information: Collected from ELM (a government entity) through an API integration.
  • CR Information: Collected from WATHIQ (a government entity) through an API integration.

6. How and Why Do We Use Your Personal Data?

6.1 We use your personal data for the following purposes:

(a) To send you information related to our products and services.

(b) To respond to your communications and requests.

(c) To manage our relationship with you or your organization.

(d) To manage our relationship with third-party partners and referrers.

(e) For billing and payment purposes.

(f) To handle any disputes.

(g) To provide our Services to you.

(h) To validate you under KYC, Anti-Money Laundering (AML), sanctions screening, and to conduct due diligence.

(i) For marketing purposes, including contacting you by email, postal mail, or phone (including via SMS messages) regarding eHR and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you or your organization, based on your consent as indicated by your acceptance of this Privacy Policy and in accordance with applicable law. We will provide you with the ability to opt out of promotional and marketing communications.

(j) To customize the content and services we provide through our Services and more generally.

(k) To help us better understand your interests and needs, as well as those of your organization, and to improve our Services.

(l) To engage in analysis, research, and reporting regarding the use of our Services.

(m) For training purposes.

(n) For archiving purposes.

(o) To secure our Services and systems.

(p) To comply with any procedures, laws, and regulations that apply to us.

(q) To establish, exercise, or defend our legal rights.

(r) To prevent and detect crime and fraud.

(s) To protect health and safety and ensure security.

(t) To comply with contractual requirements.

(u) To carry out our internal business purposes, such as corporate transactions, audits, and data analysis.

7. How Long Do We Keep Your Personal Data?

7.1 The length of time we retain personal data typically depends on the purposes for which we collected and used it and/or as required to comply with applicable laws. Once we no longer need to keep your personal data, we will take reasonable steps to erase it from our systems and ensure it is erased from systems where it is processed on our behalf.

8. Who Do We Share Your Personal Data With?

8.1 We do not sell or rent your personal data to third parties. However, we may share your personal data with the following categories of recipients when necessary:

(a) Service Providers and Partners – We may share your personal data with trusted service providers and business partners who assist us in operating our Services, conducting our business, or servicing you. These entities process your personal data only under our instructions and in compliance with applicable data protection laws.

(b) Government Authorities and Law Enforcement – We may disclose your personal data when required to do so by law, court order, or regulatory requirements. This includes sharing information with government entities such as ELM and WATHIQ for identity and commercial registration validation.

(c) Business Transfers – In the event of a merger, acquisition, restructuring, or sale of our business or assets, we may transfer your personal data to the acquiring entity. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

(d) Legal and Compliance Obligations – We may disclose your personal data when we believe it is necessary to comply with legal obligations, enforce our terms and conditions, protect our rights, investigate fraud, or protect the safety of users.

(e) Marketing and Advertising Partners – If you have opted in to receive marketing communications, we may share your personal data with marketing agencies and advertising networks that help us promote our Services.

9. International Data Transfers

9.1 Your personal data may be transferred to, stored, and processed in a country other than your country of residence. These countries may have different data protection laws than those in your jurisdiction. However, we take appropriate measures to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable laws.

10. Your Rights Regarding Your Personal Data

10.1 Depending on the laws that apply to your personal data, you may have certain rights regarding your personal data, including:

(a) Right to Access – You have the right to request a copy of the personal data we hold about you.

(b) Right to Rectification – You have the right to request correction of inaccurate or incomplete personal data.

(c) Right to Erasure – In certain circumstances, you have the right to request that we delete your personal data.

(d) Right to Restrict Processing – You may request that we restrict the processing of your personal data in specific situations.

(e) Right to Data Portability – You have the right to request that your personal data be transferred to another organization in a structured, commonly used format.

(f) Right to Object – You may object to our processing of your personal data when such processing is based on our legitimate interests.

(g) Right to Withdraw Consent – If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.

10.2 If you wish to exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request in accordance with applicable laws.

11. How Do We Keep Your Data Secure?

11.1 We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

(a) Encryption – We use encryption protocols to protect sensitive data during transmission.

(b) Access Controls – We restrict access to personal data to authorized personnel only.

(c) Regular Security Audits – We conduct regular security assessments to identify and address potential vulnerabilities.

(d) Data Minimization – We collect and retain only the data necessary for our business operations and legal obligations.

11.2 While we take reasonable precautions to protect your personal data, no security system is completely foolproof. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of any suspected unauthorized access to your account.

12. How to Contact Us

12.1 If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you may contact us using the following details:

Company Name: eHR (Expert HR CO. LTD)
Address: 3692 Najm Al Din Al Ayoubi, Al Awaly District, Riyadh 11564, Saudi Arabia
Phone: +966 55 974 8933
Email: info@ehr.sa

13. Updates to This Privacy Policy

13.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. We encourage you to review this page periodically for the latest information on our privacy practices. If we make significant changes to this Policy, we will notify you through our Website or via email.

13.2 Your continued use of our Services after such updates constitutes your acceptance of the revised Privacy Policy.

14. Governing Law

14.1 This Privacy Policy is governed by and interpreted in accordance with the laws of the Kingdom of Saudi Arabia. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the competent courts in Saudi Arabia.

Privacy Policy