Civil Works Company | From Concept to Completion in Water & Wastewater EPC

1.Introduction:

The purpose of this Privacy Policy is to clearly explain how Civil Works Company collects, uses, shares, and protects your personal data. It aims to define the types of information companies gather, how it is used to provide and improve services, the circumstances under which information may be disclosed to third parties, and the measures we take to ensure its security. Additionally, this policy outlines data subject rights concerning personal data and provides guidance on how to exercise those rights.

2.Purpose And Scope:

The Internet is not a secure medium. However, Civil Works Company is committed to ensuring that user privacy is protected. The privacy policy explains the security measures, put in place to protect user information and how Civil Works Company use the collected information

The Privacy Policy applies primarily to information that Civil Works Company collect online; however, it may apply to some of the data that user provides offline and/or through other means, as well (for example, via telephone, through the mail). By submitting any information within Civil Works Company platform, users provide us consent to use it, as set out in privacy notice.

3.How We Collect Data About Users:

We may collect different data from or about users depending on how the platform is used by users:

Users provide us with the following categories of information:

User-provided information: Information provide to Civil Works Company via Platform, phone, email, or other means, including during registration, subscription, product search, order placement, query submission, and problem reporting.
Contact: Basic contact details such as name, email address,

home address, billing, and shipping information.

Identity: Additional information provided, such as photo, gender, date of birth, and personal information within the content you provide, Iqama Number, Supplier CR.
Communications: Records of correspondence, including letters, emails, texts, in-app messages, and calls.
Financial: banking details including Bank Account Numbers, Bank Name, Account Holders’ Name, IBAN.
Marketing: Your preferences for receiving direct marketing communications, such as email or text updates.

Information we collect about user from their use of Platform:

Technical information: Includes IP address, login information, browser details, device settings, operating system, and hardware version.
Information about your visit: Covers URL, clickstream data, viewed/searched products, page response times, interaction information, and methods of navigating away from the page.
Location data: Captures geographic locations (via GPS, Bluetooth, or Wi-Fi) for location-based services, content, and advertising. Location data may be combined with device ID for recognition purposes.
Location services: Involves checking coordinates, current country/region based on IP address, and device identifiers (e.g., IFA code for Apple devices or Android ID).

Information we receive from other sources:

Collaboration with third parties: We work closely with various third parties, including retailers, business partners, technical subcontractors, payment and delivery services, debt collection agencies, advertising networks, analytics providers, and search information providers.
Information from other organizations: We may receive information about you from other organizations, including:
- Verification: We use a third-party service for identity verification. You may be required to provide a government ID scan or number and, in some cases, a selfie for matching purposes. The service is subject to the terms and privacy policy of the organization providing it.
- Advertising: Advertisers may share technical information and details about your interactions or experiences with them. More information on this is available in the following section.

4.How We Use Personal Information:

If user browse our Platform:

✔ Understand how individuals use our Platform and improve it.

✔ Present content from our site in the most effective manner.

✔ Provide information, products, and services you request or may be interested in.

✔ Legal basis: Consent or legitimate interests.

If users create and use account with us:

✔ Create and administer accounts.

✔ Verify user identity.

✔ Conduct financial transactions and provide aggregated reporting information.

✔ Identify user and provide appropriate access to our Platform.

✔ Enforce our terms and notify users about service changes.

✔ Legal basis: Contractual obligations, legal requirements, and legitimate interests

When you contact or engage with us:

✔ Provide customer support and troubleshooting problems.

✔ Offer requested information, products, and services.

✔ Legal basis: Consent or legitimate interests.

If we share marketing or advertising with user:

✔ Provide promotional updates and contact users for opinions.

✔ Understand use and interests.

✔ Offer personalized recommendations and measure advertising effectiveness.

✔ Legal basis: Legitimate interests or consent.

When maintaining and improving our Platform:

✔ Administer and improve our services, evaluate products, and keep the Platform safe.

✔ Detect and protect against error, fraud, or criminal activity.

✔ Enhance presentation and address hardware/software compatibility issues.

✔ Legal basis: Legitimate interests and legal obligations.

We may conduct some profiling and automated decision- making.:

✔ to help us provide user with relevant information, suggestions, and recommendations for products

✔ We do this if permitted in our legitimate interests (where we have considered these are not overridden by your rights) or with your prior consent (where required by law).

✔ Legal basis: Legitimate interests and legal obligations.

User can opt-out of further marketing at any time by sending us an email at cwc@cwc.com.sa. .

5.Sharing Data Within Organization:

Within organization, access to user personal data is restricted to authorized personnel who require it to perform their job duties. This typically includes company employees and contractors who are involved in providing and managing services, such as customer support, IT maintenance, and administrative functions. Civil Works Company implement strict internal controls and access management practices to ensure that only those individuals who need to manage your data for legitimate purposes have access to it. Additionally, all employees and contractors are bound by confidentiality agreements to safeguard your personal information and ensure it is used solely for the purposes outlined in this privacy policy. Civil Works Company regularly review and update access controls to align with best practices and protect data against unauthorized access or misuse.

6.Purpose of Data Sharing Outside Organization:

Civil Works Company may share personal information in the following ways:

6.1 With group companies:

This includes subsidiaries and our ultimate holding company. Sharing data within our group helps with processing personal data as outlined in this Privacy Notice.

6.2With selected third parties:

Organizations processing data on our behalf: These entities support our services by providing website and data hosting, fulfillment services, communication distribution, marketing list support, and IT support.
Banks: We share financial information with banks to facilitate and manage transactions, including processing payments and handling transfers. This ensures that payments and financial operations are completed accurately and securely.
Advertisers and advertising networks: We share aggregated information about our users with these entities to serve relevant advertisements.
Analytics and search engine providers: We work with these providers to improve and optimize our site.
National Identity Verification Service Providers: We may share personal information with these service providers to verify identities as required for compliance, fraud prevention, and security purposes. This helps us ensure that transactions and account activities are conducted by authorized individuals.

6.3 Any person necessary for enforcement or protection:

Disclosure may occur to enforce our rights under this Privacy Notice or any agreement with you.
Information may be shared with law enforcement agencies, regulators, or similar government bodies.

6.4 Legal obligations:

Your information may be disclosed if required by a court order or to comply with any legal obligations we have.

6.5 Business sales or acquisition:

In the event of a business sale or acquisition, your personal data may be disclosed to the prospective buyer or seller.

7. Data Retention Period:

Civil Works Company will keep personal data for:

As long as you have an account with us in order to meet our contractual obligations to you, and For ten years after that to identify any issues and resolve any legal proceedings.
If users opt-out from receiving promotional updates and marketing updates, or object to any other processing of personal information, Civil Works Company may keep a record of opt-out or objection so Civil Works Company can ensure to respect user direct marketing preferences. Civil Works Company may also retain aggregate information beyond this time for research purposes and to help Civil Works Company develop and improve services. Users cannot be identified from aggregate information retained or used for these purposes.

8. Security:

Civil Works Company use appropriate measures to protect the security of data subjects’ personal data. These measures vary based on the sensitivity of the information that Civil Works Company collect, processes and stores and the current state of technology. Please note that no service is completely secure. So, while Civil Works Company strive to protect your data, Civil Works Company cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. Notwithstanding the preceding, Civil Works Company operate with the aim of mitigating the risks associated with processing personal data through several measures, including the following.

8.1. Data Minimization:

Civil Works Company only ever obtain, retain, process, and share Personal Data that is essential to conduct Civil Works Company services and legal obligations: only that which is relevant and necessary is collected. In particular, by way of example, Civil Works Company electronic collections (i.e., via the Platform, etc.), have only fields that are relevant to the purpose of collection and subsequent processing, while the physical collection (i.e., face-to-face contacts, phone calls, etc.) is supported using scripts and internal forms using predefined fields.

8.2. Pseudonymization:

Whenever possible, Civil Works Company utilize pseudonymization to record and store Personal Data in a way that ensures that such data can no longer be attributed to a specific data subject without the use of separate additional information (i.e., personal identifiers) which are protected with encryption, partitioning and other technical and operational measures of risk reduction and data protection.

8.3. Encryption:

Civil Works Company utilize encryption to protect data at rest, in transit, and in use. Civil Works Company implement robust encryption standards and key management practices to safeguard sensitive information.

8.4. Access Restriction:

Civil Works Company use company-wide restriction methods for restricting access into the foundation of Civil Works Company processes, systems, and structure, to ensure that only those with authorization and/or a relevant purpose, have access to Personal Data. Special category data is restricted at all levels and can only be accessed by the authorized personnel and the designated care teams dealing with the client’s care.

9. Data Subject Rights Under the Personal Data Protection Law:

Civil Works Company ensure the following data subject rights under PDPL.

Right to be informed: Individuals have the right to be informed about the collection, processing, and storage of their personal data.
Right of access: Individuals can request access to their personal data held by organizations and obtain information about how it is being used.
Right to rectification: Individuals have the right to request the correction or updating of their inaccurate or incomplete personal data.
Right to erasure: Individuals can request the deletion or removal of their personal data when it is no longer necessary for the purpose for which it was collected or if the processing is unlawful.
Right to data portability: Individuals can request the transfer of their personal data to another organization in a structured, commonly used, and machine-readable format.
Right to withdraw consent: Individuals can, at any time, withdraw their consent to the processing of their personal data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10. Our Policy Concerning Data Subjects that fully or partially lacks Legal Capacity:

Civil Works Company platform is not directed at children under the age of sixteen and Civil Works Company do not knowingly collect personally identifiable information from children or distribute such information to third parties. Civil Works Company screen users who wish to provide personal information to prevent children from providing such information. If Civil Works Company become aware that company have inadvertently received personally identifiable information from a child, company will delete such information from our records. If there is change in our practices in the future, the company will obtain prior, verifiable parental consent before collecting any personally identifiable information from children.

11. Links To Other Websites

Civil Works Company sites may contain links to other websites that are not operated by us. If users click on a third-party link, it will be directed to that third party's site. Civil Works Company strongly advise you to review the Privacy Policy on every site you visit.

Third parties are under no obligation to comply with this Privacy Policy with respect to Personal Data that you provide directly to those third parties or that those third parties collect for themselves. Civil Works Company do not control the third-party sites that may be accessible through Civil Works Company Services. Thus, this Privacy Policy does not apply to information users provide to third-party sites or gathered by the third parties that operate them.

12. Changes To Policy:

Civil Works Company may update Privacy Policy from time to time. Civil Works Company will notify users of any changes by posting the new Privacy Notice with the changes on its official page. If Civil Works Company make any material changes to the Policy, we will notify users via email, through a notification posted on the Services, or as required by applicable law. Users can see when the Policy was last updated by checking the date at the bottom of this page. Users are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective from when they are posted on this page.

13. Contact Us:

For any questions, concerns, or requests regarding our privacy policy, including opting out of marketing communications or exercising rights as a data subject, we have provided the contact cwc@cwc.com.sa in the privacy notice.

Civil Works Company is committed to addressing your privacy-related inquiries promptly and ensuring that your privacy preferences are respected.

14. Compliance:

All the Civil Works Company employees, vendors, subsidiaries, third parties and outsourced service providers that process personal data owned by Civil Works Company have an individual and collective responsibility in following this policy. The Risk Department/Unit will be responsible for ensuring compliance with the constituents of this document. Any cases of non-compliance shall be reported to the compliance department for necessary actions.

15. Regulatory Compliance:

This policy shall be in compliance with applicable laws specifically Saudi Arabia's Personal Data Protection Law, National Data Protection Office and regulations related to data privacy issued by the relevant authorities of the jurisdictions in which Civil Works Company operates.

16. Penalty for Non-Compliance:

Violations of the policy shall be brought to the attention of the Compliance Department/Unit, Risk Department/Unit, Data Protection Unit and Data Governance Function. Intentional misuse resulting in a breach of any part of this policy will result in disciplinary action at the discretion of the HR Department/Unit, Legal Department/Unit, Compliance Department/Unit and Risk Department/Units.

Without prejudice to the relevant laws and regulations, penalty or disciplinary action shall be decided by the Chief Executive Officer (CEO) shall be consistent with the severity of the incident, as determined by an investigation. Severe, deliberate, or repeated breaches of this framework may be considered grounds for instant dismissal.

17. Review & Update:

The Data Protection Unit shall review this procedure biannually to ensure its effective coverage and relevance with the changing environment. The review will be performed once a year whenever there is a change in processes, introducing new products/services/technologies or changes in regulations.