Privacy Policy

Effective Date: 1st April, 2025

Website: https://getsahl.io

1. Introduction

Sahl (“we”, “our”, or “us”) is a digital service provider committed to safeguarding the privacy and personal data of all individuals who interact with us. Our operations are governed by the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), and applicable international standards. This Privacy Policy outlines how we collect, use, share, and protect personal data, and the rights you have over your information. This Policy applies to all personal data collected through our platforms, services, events, consultancy activities, and communications.

2. Our Promise to You

We are committed to data protection and transparency. Our guiding principles include:

  • Lawfulness, Fairness, and Transparency: We process personal data fairly and in accordance with legal requirements.
  • Purpose Limitation: Data is only collected for clear, lawful, and specific purposes.
  • Data Minimization: We collect only the minimum data necessary.
  • Accuracy: We take reasonable steps to ensure data is accurate and current.
  • Storage Limitation: Data is retained only for as long as necessary.
  • Integrity and Confidentiality: We apply robust security controls.
  • Accountability: We demonstrate compliance and provide mechanisms to enforce data protection.

3. Enquiries and Marketing

When you contact us or express interest in our services:

What we collect:

  • Full name, email address, phone number
  • Company name, physical address
  • Communication preferences and interests

Why we collect it:

  • To respond to enquiries and support requests
  • To send you information about products, services, and updates
  • To manage subscriptions to our newsletters
Legal basis:
  • Your explicit consent (opt-in)
  • Our legitimate interest in responding to queries

You may opt-out anytime via Data Subject Management Form available on
our website.

4. Providing Consultancy Services

During consultancy engagements, we may collect and process:

  • Business contact data of client personnel
  • Project-related documents containing personal or sensitive data
  • Feedback, reports, or diagnostic assessments

Purpose:

  • To deliver customized consultancy services
  • To fulfill contractual obligations
  • To ensure compliance with applicable laws and client policies

We apply confidentiality agreements, access restrictions, and encryption to
safeguard client-related data.

5. Training and Events

For webinars or training:

Data collected:

  • Participant registration details
  • Payment information (if applicable)
  • Attendance records and post-event feedback
    Purpose:
  • To facilitate participation and logistics
  • To issue training certificates
  • To maintain records for internal quality assurance and improvement

Use of recordings or photography:
We inform attendees in advance and seek consent if required by PDPL.

6. Cross Border Transfers

Personal data may be transferred to our service providers or partners in jurisdictions outside Saudi Arabia. Such transfers are subject to:

  • Adequacy decisions by the Saudi Data and Artificial Intelligence Authority
    (SDAIA)
  • Binding contractual obligations ensuring data protection
  • Explicit consent from the data subject when necessary

We do not transfer your data outside the Kingdom unless:

  •  It is required to perform a contract or provide a service
  • There is a compelling public interest

7. Information Sharing, Security, and Retention Sharing:

We only share personal data with:

  • Authorized third-party processors bound by confidentiality and security terms
  • Governmental or judicial authorities where legally required
  • Affiliates within our business group, under intra-group data protection
    rules

Security Measures:

  • Data is stored on secure servers with restricted access
  • Multi-layered security (encryption, firewalls, backups)
  • Regular risk assessments, audits, and compliance checks

Data Retention:

  • Data is retained based on purpose, legal obligations, or consent
  • When no longer required, data is securely deleted or anonymized

8. Your Data Protection Rights

You have the right to:

  • Access: Know what data we hold and request a copy
  • Rectify: Correct inaccurate or outdated data
  • Erase: Request deletion when no longer needed (subject to legal
    exceptions)
  • Restrict Processing: Limit the use of your data in specific circumstances
  • Data Portability: Request transfer of your data to another service
  • Withdraw Consent: At any time, for data collected based on consent
  •  Object: To any data processing not aligned with your rights
    Requests will be addressed within 30 days.

9. How to Complain

If you believe your data has been processed unlawfully or your rights were
violated:
1. Contact Us First:
Email: operations@getsahl.io
2. Escalate to SDAIA:
If unsatisfied with our response, you can file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) at https://sdaia.gov.sa We are committed to resolving any issues fairly and promptly.

10. Review and Updates

This policy is reviewed regularly to ensure it remains current and reflective of best practices. We may update it to comply with regulatory changes, service enhancements, or internal governance measures.

We encourage users to review this policy periodically to stay informed.

Contact Us:
Email: operations@getsahl.io
Thank you for trusting Sahl with your data