Saudi cloud computing company platform privacy policy

Saudi Cloud Computing Company (“sccc” or “sccc by stc”) has established this privacy policy to help protect personal data of our customers and to comply with applicable laws. protection of privacy rights is part of sccc’s ongoing objective to provide excellent service to all customers using our services and products.

This privacy policy applies to the access and use of the Saudi cloud computing company website currently located at www.sccc.sa and www.alibabacloud.sa (the “website”) and the access and use by registered users of Saudi cloud computing company's products and services (collectively, the "cloud Services") offered through the platform (the "sccc platform") provided by sccc. By using the website, the cloud Services or the sccc platform, you acknowledge your acceptance of this privacy policy. If you do not agree to these terms, please do not use the website, the cloud Services or the sccc platform. Terms not defined in this privacy policy shall have the same meaning as in the sccc platform Terms of Use.

This privacy policy is formulated in accordance with the personal Data protection Law (the “PDPL”) and Regulations in the Kingdom of Saudi Arabia (“KSA”) and sets out how we collect, use, retain, secure, disclose and, if permissible by applicable law, transfer your personal data and personal data about your customers or end users that you provide to us pursuant to your use of the sccc platform and our cloud Services, as well as other terms relating to data location. It also describes your choices regarding use, access and correction of your personal data.

Many of our cloud Services offered through the sccc platform are intended for business use rather than personal, individual use. Your employer may monitor or control your account with the sccc platform and access, process, or control your personal data, as well as the contents of your communications and files. Your organization’s use of our cloud Services may be subject to your organization’s own rules or policies, and you shall direct all privacy inquiries relating to such rules or policies to your organization’s administrators. We do not control and we are not responsible for the privacy or security practices of your employer or business organization.

Cloud Services may be used by our customers to develop or host customer services and products for customer end users. Any information collected or handled by sccc in such circumstances is processed on behalf of our customer who controls the collection and use of such information for its end users.

We often do not have a direct contractual relationship with the end users of our customers. Where this is the case, end users should direct all privacy enquiries, such as any requests to access, correct, amend or delete personal data, to the sccc customer providing its services or products. Except as specifically required by law, we are not responsible for the privacy or security practices of our customers.

1. collection of personal data

We may collect or receive (and may have collected or received during the 12-month period prior to the last released date above) the categories of personal data listed below. Not all categories will be collected or received for every individual.

1. Identifiers: If you are (i) an individual or (ii) a representative of a business organization at the time you register to become a user of the sccc platform and/or purchase cloud Services, you may be asked to complete registration forms which require you to provide information such as your email address, mobile number, country, preferred language, name, contact address, and screen nickname. You may also provide us with additional contact information in your account profile, such as an address or sub ID - accounts and additional roles.

2. Commercial Information: we record details of your activities (including any purchase or use of our product offerings and services) when you use the sccc platform and certain cloud Services for legal or business purposes. If you make purchases or otherwise transact online through the sccc platform, we also collect information related to such transactions including, but not limited to, the types and specifications of the cloud Services, pricing and invoicing, and any trade dispute or complaint records.

3. Communications: When you contact our customer support, sales or other departments, we may record the communications for security and customer service purposes and collect additional information to verify your identity.

4. Financial Information: If you make online purchases for our cloud Services through the sccc platform, you may be required to provide information related to your payment instrument (such as credit card), including information about your payment instrument organization, your payment instrument number, the security code, and the expiration date of your payment instrument directly to our payment service provider.

5. Required Information: certain categories of data are necessary for us to provide the cloud Services, such as username, address, phone number, and email address. these categories will be specified at the time of collection. In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our cloud Services.

6. Device information, online Activity, and geolocation information: we also retain records of users’ buying and browsing activities on the sccc platform, including but not limited to: Internet protocol (IP) addresses, browsing patterns and purchasing patterns. In addition, we automatically gather statistical information about your sccc platform visits and store it in log files. This information includes your browser software and operating system, browsing date and time, viewed pages, viewed product categories, and length of visit.

7. Characteristics of protected classifications under U.S. federal or state laws (in California: California Sensitive Information, Colorado: Sensitive Data, Connecticut: Sensitive Data, Utah: Sensitive Data, or Virginia: Sensitive Data): we may from time to time collect additional information from you (such as copies of identification documents) and obtain information about you from third parties in order to carry out risk control, fraud prevention and compliance procedures. For example, we may collect payment-related information from third parties and combine it with information we collect about you for the purpose of fraud prevention and risk control.

2. purposes for the collection, retention, use, disclosure and transfer of personal data

We collect, retain, use and disclose personal data for the following purposes:

1. Processing your registration as a user, providing you with a user ID for our sccc platform and maintaining and managing your registration;
2. Providing you with customer service and responding to your queries, feedback, claims or disputes;
3. Providing the cloud Services to you and your end users;
4. Processing your purchases and/or subscriptions;
5. Personalizing our communication with you based on your order history, and performing research or statistical analysis in order to improve our product offerings and services;
6. To comply with applicable law, legal process or lawful government request, or in respect of any claims or potential claims brought against us or our parent companies, shareholders, subsidiaries and affiliates;
7. Performing risk control, legal compliance and sanctions screening; and
8. Performing screening and checks for unlawful, fraudulent, deceptive or malicious activities. Subject to obtaining your specific consent (or where otherwise permitted by applicable law), we may use your name, phone number, residential address, email address and fax number (which may incorporate personal data) to provide notices, surveys, product alerts, related communications and other marketing and promotional materials to you relating to goods and services offered by us on our sccc platform.

Legal basis for processing for users from European Economic Area (“EEA”) and the United

("UK")

1. Necessary for the performance of any contract between you and sccc (for example, to provide you with the cloud Services you request and to identify and authenticate you so you may use the website, our sccc platform or cloud Services);
2. Necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement);
3. Necessary for our legitimate interests (for example, to manage our relationship with you and to improve our website and cloud Services); and
4. Based on your consent (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. You may withdraw any consent that you have provided by contacting us at legal@alibabacloud.sa

3.disclosure of personal data

1. We may disclose your personal data to third-party service providers engaged by us to assist with providing you with our services (including partners providing customer services to you, contacting you regarding promotions products and services, performing risk control, fraud prevention and legal compliance procedures, and conducting payment processing services) (the “third-party Service providers”). these third-party Service providers are under a duty of confidentiality to us and are only permitted to use your personal data in connection with the purposes specified in Section 3 above, and not for their own purposes.
2. We may share your personal data with our affiliated companies or our or their designated service providers, for the purposes specified at Section 3 above.
3. We may provide aggregated or anonymized data to third parties, but when we do so, the information we share is in a de - identified format that does not personally identify you.
4. We have established and will establish relationships with other parties and websites to offer you the benefit of their products and services. we offer you access to these other parties and their websites either through the use of hyperlinks to these sites from our sccc platform or through offering “co - branded" sites in which both we and other parties share the same uniform resource locator, domain name or pages within a domain name on the Internet. In some cases, you may be required to submit personal data to register or apply for products or services provided by such third parties or co-branded partners. This privacy policy does not apply to these third-party sites or co - branded sites. the privacy policies of those other parties may differ from ours, and we have no control over the information that you submit to those third parties. You should read the relevant privacy policy for those third-party sites and co-branded sites before responding to any offers, products or services advertised by those parties.

4.transfer of personal data

As part of providing you with the cloud Services, in accordance with applicable law, including the personal Data protection Law and Regulations in the Kingdom of Saudi Arabia, we may in certain circumstances transfer your personal data from your jurisdiction to another jurisdiction, such as an overseas jurisdiction. Recipients of the data in these jurisdictions may be subject to data privacy laws less protective or not equivalent to those in your own jurisdiction.

Such cross-border transfer or processing of your personal data may be necessary to process and administer your customer account and to provide the cloud Services (including providing customer services to you, contacting you regarding promotions, products and services, performing risk control, fraud prevention and legal compliance procedures, and conducting payment processing services). If you are located in the EEA or the UK, please refer to the EEA and UK Addendum at the end of this policy for our commitment with regard to transferring your data to another jurisdiction.

5. security measures

We use commercially reasonable endeavours designed to protect the personal data that you provide to us. we also employ several security techniques, including but not limited to the use of industry - standard Secure Socket Layer (SSL) encryption for transmission of personal data in registration information and payment information and the adoption of identity, credential and access management measures for transmission of such personal data designed to prevent security breaches and unauthorized access of personal data.

We limit access to your personal data and other data to people who need access to such data for their work. Nevertheless, no data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we try to protect your personal data, we cannot guarantee the security of any personal data you transmit to us, and you do so at your own risk. we cannot and do not guarantee security in connection with your use of the sccc platform and our cloud Services.

We retain your personal data as long as you have an account with us, as needed to provide services or products to you, to resolve disputes or litigation, to serve the purpose of research and statistical analysis or as required or permitted by applicable laws, such as tax and accounting laws.

we will only retain your personal data for as long as necessary to fulfil these or other purposes for which we have collected such data, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention periods for personal data, we consider the amount, nature and sensitivity of the personal data, legal requirements, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the personal data and whether we can achieve those purposes through other means.

Once the purpose of collecting your personal data ends or we no longer have a legal reason for retaining your personal data, we will destroy or delete your personal data from our systems, provided that we may retain your de - identified personal data.

6. right to access and correct personal data: contacting us

legal@alibabacloud.sa You have the right to request copies of or access to your personal data held by us (or on our behalf) and to request correction or deletion of such personal data. Additionally, upon request, we will provide you with information about whether we hold your personal data. You may contact us at to request access, correction or deletion of your personal data. we will respond to your request within a reasonable timeframe.

You may also have supplemental rights under applicable law in relation to your personal data. For example, if you are an EEA or UK user, you have the right to object to or request the restriction of processing of your personal data, and to request portability of your data by contacting us at legal@alibabacloud.sa In cases where we act as a processor, we may have no direct contractual relationship with the individuals whose personal data we process.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to sccc 's customer (the data controller).

You may receive e-newsletters from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile.

we do not knowingly collect personal data of minors (persons under the age of 18). If a minor has provided us with personal data, the parent or guardian may contact us on the minor's behalf to request that we cease any further collection, use and/ or disclosure of the personal data and delete the personal data we may hold relating to the relevant minor. If we are otherwise made aware of personal data of minors in our possession, we will endeavour to delete the personal data we may hold relating to the relevant minor.

If you have any questions regarding this privacy policy or if you wish to exercise any of these or other rights you may have under applicable law in relation to your personal data, you may send your request in writing to the following contact and address:

attention: GRC & Legal Department

address: King Abdullah financial District, Building 2914, Floor 6th, postal code 13519, Secondary No. 6432, Riyadh, Saudi Arabia

E-mail address: legal@alibabacloud.sa

This privacy policy also contains links to third-party websites. If you experience difficulties using these links, please contact us at legal@alibabacloud.sa

7. your customer rights under the KSA PDPL

As a customer, citizen or resident in KSA, you have the following rights at any time in accordance with the KSA PDPL and Regulations; unless there are legal, regulatory, or judicial restrictions that prevent this:

1. the right to be informed You have the right to know and be informed about our contact details, the specific reasons for collecting your personal Data, the methods used for personal Data collection, and whether this collected personal Data will be shared with third parties. 2. the right to access You have the right to access your personal Data held by sccc through the “privacy” section in your sccc account. 3. the right to obtain a copy You have the right to obtain a copy of your personal Data held by sccc through the “privacy” section in your sccc account. 4. the right to request rectification You can request the correction or update of any incomplete, inaccurate, or outdated personal Data that sccc has collected from you through the “privacy” section in your sccc account. 5. the right to request erasure You have the right to request the deletion of your personal Data collected by sccc. This can be due to various reasons, such as you are withdrawing your consent for data collection or if the data no longer serves its initial purpose. However, sccc may retain such data in accordance with applicable laws and regulations. 6. the right to object and withdraw your consent You have the right to revoke your consent, block marketing calls, or stop receiving promotional messages by contacting us at legal@alibabacloud.sa sccc aims to address all requests or complaints within 30 days and will maintain records of these interactions. If you believe any of your personal Data is inaccurate or incomplete wish to exercise any of these rights or have any privacy-related inquiries, please don't hesitate to contact us at legal@alibabacloud.sa

8. cookies

we and our partners use "cookies" or similar technologies, such as web beacons and JavaScript, to store specific information about you and track your visits to our sccc platform. we may also use “cookies” to store specific information about your use of certain cloud Services as part of its features and to facilitate or enhance your user experience of the relevant service.

A “cookie” is a small amount of data that is sent to your browser and stored on your device. A cookie can be sent to your device only if you access our sccc platform using a device.

If you do not de-activate or erase the cookie, each time you use the same device to access our sccc platform, our web servers will be notified of your visit to our sccc platform and in turn we may have knowledge of your visit and the pattern of your usage.

generally, we use cookies to identify you and enable us to (i) access your registration information so you do not have to re - enter it; (ii) gather statistical information about usage by users; (iii) research visiting patterns and help target advertisements based on user interests; (iv) assist our partners to track user visits to the sccc platform and process orders; (v) track progress and participation in promotions; and (iv) facilitate your use of any relevant cloud Services which may involve the use of cookies. we partner with third parties to manage our advertising on other sites. legal@alibabacloud.sa our third-party partners may use cookies or similar technologies in order to provide you with advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, contact us at You may continue to receive generic advertising not based on your browsing activities. You can determine if and how a cookie will be accepted by configuring the browser which is installed in the computer you are using to access the sccc platform. If you choose, you can change those configurations. You may be able to change your browser preferences or settings to reject all cookies or choose to consent each time a cookie is sent. If you reject all cookies by choosing the cookie - disabling function in your browser, you may be required to re - enter information on our sccc platform more often and certain features of our sccc platform may be unavailable.

By accessing and using our sccc platform and cloud Services, and by accepting the cookies, you consent to the storage of cookies on your devices. You also consent to the access of such cookies by us and by our partners.

9. changes to this privacy policy

any changes to this privacy policy will be communicated by us posting an amended privacy policy on our sccc platform. the new privacy policy will become immediately effective once posted on the sccc platform or at a date specified by sccc. we may also in our discretion provide notice to you of any changes to the privacy policy.

If we make any material changes, we will notify you by email (sent to the e - mail address specified in your account) or by means of a notice on the website or sccc platform prior to the change becoming effective. any information and / or personal data we hold about you (as described in this privacy policy and whether or not collected prior to or after the amended and restated policy comes into effect) will be governed by the latest version of our privacy policy.

we strongly encourage you to visit the website from time to time to review the privacy policy. Your continued use of the website, sccc platform or the cloud Services signifies your acceptance of the changes to this privacy policy.

10. limitation of liability

IN ADDITION TO ANY LIMITATIONS SET FORTH IN THE DISCLAIMER SECTION OF THE sccc PLATFORM TERMS OF USE, IN NO EVENT SHALL sccc OR ITS RELATED PERSONS (AS DEFINED BELOW) BE LIABLE TO ANY PARTY FOR ANY CLAIMS, LIABILITIES, LOSSES, COSTS OR DAMAGES, INCLUDING BUT NOT LIMITED TO ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (“DAMAGES”) ARISING OUT OF OR IN CONNECTION WITH ANY ACCESS, USE (OR INABILITY TO USE) OR DISTRIBUTION OF THE WEBSITE OR THE sccc PLATFORM, INCLUDING DAMAGES CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT, DESTRUCTION OR UNAUTHORIZED ACCESS TO, ALTERATION OF OR USE OF ANY ASSET, WHETHER FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOUR, NEGLIGENCE OR UNDER ANY OTHER CAUSE OF ACTION, OR ANY CONTENT OBTAINED THROUGH USE OF THE WEBSITE OR sccc PLATFORM. THIS IS TRUE EVEN IF sccc HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES.

sccc, its subsidiaries and affiliates and their respective officers, directors, managers, partners, members, shareholders, employees, affiliates and agents (collectively “Related Persons”) make no representations or warranties and specifically disclaim any and all warranties of any kind, express or implied, with respect to the sccc Platform and website, including any representations or warranties with respect to merchantability, fitness for a particular purpose, title, non-infringement, availability, security, accuracy, freedom from viruses or malware, completeness, timeliness, functionality, reliability, sequencing or speed of delivery.

11. Australia addendum

If you are located in Australia, you acknowledge that sccc is bound by the Australian privacy Principles (APPs) in the privacy Act 1988 (Cth) (privacy Act). If you have any questions, concerns or complaints about this privacy policy, or how we handle your personal data, please contact our General counsel at the address for “Outside the EEA” set forth in Part F above, who will review your complaint and respond within a reasonable period.

If you are dissatisfied with the handling of your complaint or concern, you may contact the Office of the Australian Information commissioner: Office of the Australian Information commissioner GPO Box 5218 Sydney NSW 2001 Telephone: 1300 363 992 Email: enquiries@oaic.gov.au

12. California addendum

If you are a California resident, then you also have the following rights under the California Consumer privacy Act ("CCPA") regarding your personal information.

California Shine the Light Law we do not provide your personal information to third parties for their use in marketing. However, California residents have the right to opt-out of such use of your personal information if it occurred. California residents are entitled once a calendar year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes. To obtain this information, please send an email to the address at the bottom of this privacy policy with the phrase “California privacy Request” in the subject line of your message.

right to know You have the right to know, at or before the point of collection, and see what personal information we have collected about you over the past 12 months, including: the categories of personal information we have collected about you; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting your personal information; the categories of third parties with whom we have shared your personal information; and the specific pieces of personal information we have collected about you.

right to Delete You have the right to request that we delete the personal information we have collected from you. there are a number of exceptions, however, that include, but are not limited, to when the information is necessary for us or a third party to do any of the following: complete your transaction; Provide you a good or service; Perform a contract between us and you; Protect your security and prosecute those responsible for breaching it; Fix our system in the case of a bug; Protect the free speech rights of you or other users of the website; comply with the California Electronic Communications privacy Act (Cal. Penal code § 1546 et seq.); engage in public or peer - reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;cComply with a legal obligation; or Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

right to correct You have the right to correct inaccurate information that we have collected about you.

right to limit You have the right to limit how we use your sensitive personal information, such as your financial account information and government-issued identifiers, for limited purposes.

sale of Your Personal Information we do not sell your personal information for money or other considerations of value. More information about your rights as a California resident may be found on California's Department of Justice website.

sccc does not discriminate we will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.

How to Exercise Your rights to exercise any of your California access or deletion request rights, please submit a verifiable consumer request to our contact email address at the bottom of this policy. To the extent applicable, we will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. we verify requests by matching information provided in connection with your request to information contained in our records. You may also designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent's authority to make requests on your behalf, and we may verify such authorized person's identity using the procedures above. the verifiable consumer request must:

• provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and
• describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. we will not be able to respond to your request or provide you with specific pieces of personal information if we cannot verify your identity and authority to make the request. our goal is to respond to any verifiable consumer request within forty - five (45) days of our receipt of such request.

13. EEA and UK addendum

this section of the privacy policy applies only if you are located in the EEA or the UK or Europe (but outside the EEA) and supplements the information in this privacy policy.

sccc is the controller of personal data only when it collects personal data and determines the purposes and means of processing that personal data. For example, when customers of our cloud Services register an account with us or provide contact information in order to receive customer support, we are the controller of that data. When customers host their own services on our cloud Services, we act as a data processor with respect to that data.

If permitted by applicable law, our business may require us to transfer your personal data to countries outside of the EEA or the UK, including to countries that may not provide the same level of data protection as your home country. we strive to take appropriate steps to ensure that an adequate level of protection is provided for your personal data. [Per GDPR Art. 46, we implement measures such as entering into written agreements including standard contractual clauses and other data protection agreements with recipients. A copy of those clauses can be obtained by contacting us at legal@alibabacloud.sa You may lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes applicable law.