1. Privacy Notice
At BSF ("us”, "we”, "our”), we value your privacy and values the trust you place in us when you share your Personal Data. This privacy notice outlines how we collect, process, use, manage, disclose and protect your Personal Data. This privacy notice is framed according to the Personal Data Protection Law ("PDPL”) and Regulations in the Kingdom of Saudi Arabia. BSF is under the control and supervision of the Saudi Central Bank (SAMA).
2. Why we Collect, Process, and Use Your Personal Data
We collect and use your Personal Data to provide you with our services including:
- Recruitment and hiring: to assess qualifications, skills, and experience to make hiring decisions.
- Employee management: to manage employment records, contract, performance review, promotions, absence management…, etc.
- Payroll and Benefits: to administrate salaries, benefits, GOSI and Muddad administrations and others.
- Legal/Regulator compliance: to adhere to and comply with Labor law, government regulations and any other regulatory/legal requirement (SAMA, HRSD, GOSI, …etc).
- Training and development: to provide you with professional development programs and career progression.
- Disciplinary and grievance procedures: to handle grievances and disciplinary actions in case of misconduct.
- Security and safety purpose: to provide and manage access to BSF premises,and to ensure security of our premises and our employees by monitoring through surveillance system such as CCTV.
- Benefits: to provide you with BSF benefit including, but not limited to provide you with the insurance policy for employee and their families, saving plan, education allowance, child care and marriage allowance, loans, business mission.
- Informed decision-making: to make accurate and informed decisions, whether it’s related to hiring or business strategies.
- Improved efficiency: to automate and optimize processes, reducing time and resources spent on repetitive tasks.
- Performance measurement: to track and measure performance across various functions, allowing better performance management.
3. Lawful Basis for Processing your Personal Data
At BSF, we prioritize transparency in our dealings, especially when it comes to managing and utilizing Personal Data you trust us with. We gather and use your Personal Data based on the following legal basis:
- Contractual Obligation: To Process your Personal Data to fulfill our obligations under your employment contract.
- Legitimate Interest: To protect us and our employee’s interest.
- Actual interest: To achieve moral or material interest to you.
- Legal Obligation: To meet our regulatory and legal requirements.
- Consent: When we Process your Personal Data based on your Consent.
4. What Personal Data we Collect, Process, and Use
When you are BSF employee, we may collect the following data:
| Type of Personal Data | Description |
|---|---|
| Biometrics Data | Signature, handwriting, fingerprint, voice, and face recognition data. |
| Credit Data | SIMAH report |
| Health Data | In some conditions we may collect medical reports, health condition, whether physical, mental or psychological conditions. |
| Other Data | Personal Data for compliance with laws and regulations and regulatory requirements, or for delivering online services. Such as, location (including geographic location and network IP address), cookies, communication records (including video or audio records). Personal data arising from employee investigation, e.g., Personal Data collected during employee due diligence, sanction or anti-money laundering checks. |
| Personal Data | Full name, gender, nationality, citizenship, National/Residency ID number and soft copy, passport, mobile number, personal email address, relative data, telephone number, age, emergency contact, birth date, birth place, marital status, national address, emergency contact number and name, your family data including name and ID, personal assets, account number, GOSI number, account balance, account transaction data, health status fit or not fit, education level, any relationship with politically exposed person and relevant data, your relatives’ information in our custody, and any personal data related to conflicting interests. |
5. How we Collect your Personal Data
- When you directly provide us your Personal Data.
- When we collect and verify your Personal Data from other sources such as, licensed credit bureaus, regulatory bodies, public entity, financial and regulatory bodies including, but not limited GOSI, QIWA, MUDDAD, Passport office, medical provider.
- In some cases, we collect certain data based on your Consent, which ensures that we use your data only in ways that you agreed to.
6. Data Retention, Storage, and Destruction
Your Personal Data will be stored and retained securely in HRMS system, secure room and archive store. No duration limit available because the data might be requested by regulators entity or might be used for re-hiring purpose.
7. Data Protection
Your Personal Data's security is important to us. We deploy both organizational and technical measures, including periodic audits, staff training, and strict policy and procedures for protection against unauthorized data access or Processing. Rest assured, BSF stores your Personal Data with appropriate security measures, such as encryption, masking, and restricted access mechanisms.
Although we do our due diligence, we make no warranties towards the security of third-party links in our websites. BSF assumes no liability or responsibility for the completeness, accuracy, reliability, nor the protection from third-parties (including without limitation software, websites, etc.,), if any, which may be linked to our websites.
8. How we May Share Your Personal Data
Your Personal Data may be shared:
- Within BSF’s affiliates, subsidiaries and sister companies.
- With competent authorities, agencies, and regulatory bodies, whether for verification purposes, to fulfil regulatory compliance obligations, or for other legal requirements.
- With third party who assist in providing service on behalf of BSF.
- Where there is a legitimate interest, public interest, or legal obligation.
- Competent authorities for credit assessment and reporting.
BSF maintains the utmost confidentiality of all collected data. Data disclosure occurs only under legal mandates or to enhance our services, in accordance with this privacy notice
In case of transferring Personal Data outside the Kingdom, or sharing it with external entities, it is carried out judiciously, adhering to PDPL or any other applicable laws.
9. Individual who Lacks Legal Capacity
For employees who fully or partially lack legal capacity, we require legal guardian Consent before Processing any Personal Data.
10. Your Rights as our Employee
- Right to be Informed
- Right to Access
- Right to Obtain Personal Data
- Right to Request Correction
- Right to Destruction
- Right to Withdraw Consent
You have the right to be informed about the legal basis and the purpose of the Collection of your Personal Data.
You have the right to access your Personal Data through the channels provided by BSF.
You have the right to access or receive a copy of your Personal Data in a structured, commonly used, and readable soft or hard copy format, as possible.
You have the right to request correction, completion or updating of your Personal Data available to BSF.
As long as there is no legal requirement or legitimate interest to Process or retain the Personal Data, you have the right to request Destruction of your Personal Data available to BSF, if it is no longer needed for the purpose it was originally collected.
You have the right to withdraw your Consent as long as there is no legal requirement to Process the Personal Data.
11. Privacy Notice Amendments
BSF may update this privacy notice occasionally, especially to stay compliant with new laws. Always refer to this section for the latest version. The current version was last updated on September, 2024.
12. Contacting Us
Maintaining the privacy and trust of our employee’s data is of utmost importance to BSF, and for any queries or to exercise any of the rights mentioned, please contact our Data Privacy Office at DPO@bsf.sa.
13. Explanation of Key Terms
| Term | Explanation |
|---|---|
| Collection | The collection of Personal Data by BSF, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject, or any other party. |
| Consent | Consent is a crucial concept that refers to the Data Subject’s freely given, specific, informed, and unambiguous agreement to the Processing of their Personal Data. It's a fundamental requirement for organizations to collect, use, or share Personal Data lawfully and transparently. |
| Data Subject | The individual to whom the Personal Data relates to. |
| Destruction | Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject. |
| Personal Data | Any element of data, regardless of its source or form, that independently or when combined with other available information could lead to the identification of an individual specifically, or that may directly or indirectly make it possible to identify an individual, including but not limited to name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature. |
| Processing | Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data. |