Introduction
Waslat Al-Khadamat Al-Mumayaza Company — LLC (شركة وصلة الخدمات المميزة — شركة ذات مسؤولية محدودة), hereinafter referred to as "WaslaCo" or the "Company" is committed to protecting your personal data in compliance with the Personal Data Protection Law ("PDPL") issued by Royal Decree No. M/19 (9/2/1443H) and its implementing regulations issued by SDAIA. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you use the Platform.
1.1 The data controller is Waslat Al-Khadamat Al-Mumayaza Company — LLC, registered in KSA. For data protection inquiries, contact us at the address on the Platform.
(a) Identity Data: full name, national ID/Iqama number, date of birth, nationality, gender.
(b) Contact Data: email, mobile number, physical address.
(c) Account Data: username, password (encrypted), profile photo, preferences.
(d) Financial Data: bank details, payment card info (via PCI-DSS gateways), billing address.
(e) Professional Data (Providers): CR number, licenses, qualifications, portfolio, work history.
(f) Employment Data (WaslaJobs): CV, education, skills, salary expectations, references.
(a) Device Data: IP address, device type, OS, browser type, unique identifiers.
(b) Usage Data: pages visited, features used, time spent, click patterns, search queries.
(c) Location Data: approximate (IP-based); precise only with explicit consent (for WaslaCare).
(d) Cookies and Tracking: as detailed in the Cookie Policy.
(a) Identity verification (Absher, Elm, Yakeen). (b) Payment processors. (c) Government databases for CR/license verification. (d) Social media platforms (if linked).
We process data based on: (a) your explicit consent (PDPL Art. 6); (b) contract performance; (c) legal obligation (ZATCA, AML); (d) legitimate interests (fraud prevention, security, improvement); (e) protection of vital interests.
(a) Account creation, verification, management. (b) Facilitating Transactions. (c) Payment processing, invoicing, escrow. (d) Providing, maintaining, improving the Platform. (e) Customer support and dispute resolution. (f) Communications about account and services. (g) Marketing (with consent; opt-out anytime). (h) Fraud detection and security. (i) Legal compliance (ZATCA, PDPL, regulatory requests). (j) Analytics and research (aggregated/anonymized where possible).
(k) Purpose limitation: WaslaCo will not process your personal data for a purpose that is materially incompatible with the original purpose for which it was collected, except in cases permitted under Article 10 of the PDPL. If WaslaCo intends to process your data for a new materially different purpose, you will be informed before such processing begins and, where required by law, your consent will be sought.
(l) Required vs optional fields: Some personal data fields are required to use the Platform. If you do not provide them, you will be unable to complete registration, make or receive bookings, or process payments as applicable. Optional fields are clearly marked on the Platform.
5.1 We do not sell your personal data to third parties.
5.2 We may share data with: (a) other Users (limited profile info for Transactions); (b) payment service providers (PCI-DSS compliant); (c) identity verification providers (Elm, Yakeen, Absher); (d) government authorities (when legally required); (e) professional advisors (bound by confidentiality); (f) in corporate transactions (merger, acquisition).
5.3 All third-party recipients are contractually bound to protect data per the PDPL.
6.1 Data is retained only as long as necessary or as required by law.
6.2 Retention periods: (a) active account data: account duration + 24 months; (b) transaction records: minimum 10 years (ZATCA/Commercial Books); (c) marketing consent: consent duration + 12 months; (d) litigation hold: until resolution.
6.3 Upon expiry, data is securely deleted or irreversibly anonymized.
You have the right to: (a) be informed about data collection/processing; (b) access your data; (c) request correction of inaccurate data; (d) request destruction/anonymization of unnecessary data; (e) withdraw consent at any time; (f) object to legitimate-interest processing; (g) data portability in structured format; (h) lodge a complaint with SDAIA.
Contact us via Platform channels. We respond within thirty (30) days per the PDPL.
8.1 WaslaCo implements: (a) encryption in transit (TLS 1.2+) and at rest (AES-256); (b) access controls and role-based permissions; (c) regular security assessments and penetration testing; (d) PCI-DSS compliant payment processing; (e) employee data protection training.
8.2 In case of a breach, WaslaCo notifies SDAIA within seventy-two (72) hours and affected individuals without undue delay per the PDPL.
9.1 Data is primarily stored and processed within KSA.
9.2 If transfer outside KSA is required, WaslaCo ensures adequate PDPL safeguards including transfer agreements and SDAIA-approved adequacy assessments.
The Platform is not intended for children under 18. We do not knowingly collect data from minors. If discovered, we delete it promptly.
WaslaCo may update this policy. Material changes are notified 15 days in advance via email or in-app notification. The latest version is always on the Platform.