Kalsa, with offices registered in Riyadh, Saudi Arabia as Data Controller in charge of data processing (hereinafter the “Controller”) of the website https://www.kalsa.com (hereinafter the “Website”), inform visitors of the Website (hereinafter the “Data Subjects”) about the General Data Protection Regulation (GDPR), pursuant to Art. 13 of European Regulation No. 2016/679.
The Controller is aware of the importance of processing Data Subjects’ personal data, hence he indicates which and how data are processed. By browsing the Website or indicating the willingness to use the services provided by the same, Data Subjects declare that they have read and accepted this policy (hereinafter “Policy”), thus granting their consent to the processing of their personal data by the Controller.
For any information, queries or requests relating to this Policy, the Data Controller provides the Data Subjects with the following email address: email@example.com.
Data Subjects have the following rights:
Data Subjects may exercise their rights by writing to the email address indicated above.
The Controller would like Data Subjects to exercise their rights without incurring any costs. However, to do so the Controller may require specific information to follow up on the Data Subjects’ enquiries in relation to their rights.
Enquiries are usually dealt with within 30 days from receiving them. However, if this deadline cannot be met (e.g. due to a high volume of requests or complexity of the response) it will be the Controller’s responsibility to inform the Data Subjects and keep them updated on the developments.
The personal data provided to the Controller by both the Data Subjects and third parties, are processed to fulfil the Data Subjects’ contact requests (hereinafter the “Services”) received through the Website.
a) Data provided directly by the Data Subjects
b) Data collected from third parties
The Controller does not collect personal data from third parties other than the Data Subjects.
Due to various purposes, the Controller may collect, use and share aggregated data, such as statistical or demographic data.
Aggregated data may come from personal data given by the Data Subjects, but they are not considered as personal data since, as specified by the GDPR, they allow neither the direct nor the indirect identification of the Data Subjects. However, if the Controller combine or connect aggregated data with the Data Subjects’ personal data so that they can directly or indirectly identify the latter, the Controller will process the combined data in accordance with the privacy notice.
The Controller does not process any Data Subjects’ special data (special data means data relating to ethnic or racial origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), as well as data relating to criminal convictions and crimes.
The Controller processes personal data for the purposes indicated in the table below.
The GDPR requires that the Controller has a legal basis to carry out the processing of each personal data.
The Controller may process Data Subjects’ personal data after their consent, and use these as the legal basis for the processing. Consent may be withdrawn at any time. However, the processing carried out until consent is withdrawn shall not be affected.
The summary table below, highlights the purposes and their description:
If data are essential to provide the Services, the Controller shall not be able to provide them and support Data Subjects with their requests. In this case, the Controller may request an integration to the personal data or delete the Data Subjects’ personal data, stopping Services from being provided.
Data Subjects’ personal data might be communicated to third parties instead of the Joint Controllers, as better indicated in the table below:
Data Subjects’ personal data will not be disseminated.
Cookies are kept for as long as necessary to achieve the above-mentioned purposes. For more details on the storage times of each cookies’ individual category (as indicated in the table above), the Data Subjects can contact the Controller by email at firstname.lastname@example.org
Controller keeps personal data in paper files stored at the headquarters, as well as on computer archives located within the European Union, but also outside it – if these are essential to the pursuit of the purposes indicated in letter a). In the latter case, the Controller ensures that companies established outside the European Union, process personal data with the utmost confidentiality in compliance with adequacy decisions adopted by the European Commission, any Privacy Shield or, if necessary, entering into agreements that guarantee an adequate level of protection.
The Controller is aware that the processing of data relating to minors is a sensitive matter. It is noted that Services are not intended for minors under the age of 14, hence the Controller does not voluntarily process these data. In this sense, Data Subjects under the age of 14 should not request any Service.
The Controllers encourages parents or those responsible for minors under the age of 14 to check that they do not request Services and, in any case, to warn them not to disclose their personal data through the Website.
If the Controller becomes aware that some personal data belong to minors under the age of 14, they will make sure to delete them.
The Controller informs Data Subjects that this Policy applies exclusively to the Website. However, the Data Subjects are recommended to verify the information present on other websites before disclosing their personal data.
The Controller takes no responsibility for personal data disclosed by Data Subjects on other websites.
The Controller processes the Data Subjects’ personal data by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification and destruction.
The processing of data is carried out through telematic procedures, electronic means and, alternatively, on paper by specially authorised internal personnel as well as external managers (if appointed), depending on the contractual agreements in place.
The processing can also be carried out through the use of automated means.
Controller reserves the right to amend this Policy at any time. In case of changes, the Controller will upload the new policy on this page and the Data Subjects shall check the changes carried out on the Policy: Data Subjects will be able to review the Policy history by checking the date.
By continuing to use the Website following the changes to the Policy, the Data Subjects accept the new conditions and consent to the processing of data as modified.
© 2023 KALSA All Rights Reserved