1. Introduction
ALELM ALSATEA COMPANY FOR GENERAL CONTRACTING (Unified National Number / Commercial Registration 7049551620, registered in Dammam, Kingdom of Saudi Arabia) ("we", "us", or "the Company") is committed to protecting the privacy of its employees. This policy explains how we collect, use, and protect personal data processed through the HR System mobile application, in accordance with the Saudi Personal Data Protection Law ("PDPL").
2. Information We Collect
2.1 Employee Profile Data
- Full name (Arabic and English).
- National ID / Iqama.
- Employee number, department, job title, line manager.
- Contact details (email, mobile, address).
- Employment details (hire date, contract type, salary).
2.2 Attendance & Location Data
- GPS coordinates captured at clock-in and clock-out.
- GPS coordinates captured when you submit an attendance correction request — to confirm where the correction photo was taken and identify the nearest approved work site and the distance to it.
- Clock-in / clock-out timestamps.
- Photos captured from the camera (for correction requests only, when required).
2.3 Device Data
- Device model, OS version, app version.
- Device identifier (for push notification management).
- Firebase Cloud Messaging (FCM) token.
- Device security signals (root/jailbreak status, mock GPS detection).
2.4 Leave & Request Data
- Leave requests and balances.
- Attendance correction requests.
- Tasks assigned to you.
3. Legal Basis for Processing
We process your personal data on the following legal bases under the Saudi PDPL:
- Performance of the employment contract: most processing is necessary to perform the contract between you and the company.
- Legal obligation: compliance with the Saudi Labor Law, GOSI, and other regulatory requirements.
- Legitimate interest: information system security and fraud prevention.
- Consent: for optional features such as biometric unlock and push notifications.
4. How We Use Your Data
- Manage attendance and calculate working hours.
- Verify you are at an approved work site when clocking in.
- Determine the work site where an attendance correction photo was taken (the nearest approved location and distance) to help your manager review the request.
- Process leave requests, corrections, and tasks.
- Send work-related notifications.
- Comply with regulatory obligations and payroll calculations.
- Improve App performance and security.
5. Sharing of Information
We do not sell your data. We may share it with:
- The HR and Finance departments within the Company (for employment purposes).
- Trusted service providers (such as Google Firebase, for push notifications and hosting).
- Government entities upon legal request (GOSI, Ministry of Labor, Mudad).
All service providers are contractually bound to protect your data at the same level we apply.
6. International Data Transfers
Some service providers (such as Firebase) may store data in data centers outside the Kingdom of Saudi Arabia. When this happens, we ensure appropriate legal safeguards are in place in accordance with the Saudi PDPL.
7. Data Retention
- Attendance data: retained for at least 5 years per the Saudi Labor Law.
- Employee profile data: retained for the duration of employment plus a period required by regulatory obligations after contract termination.
- Device data and push tokens: deleted as soon as you log out of the device.
- Security audit logs: retained for 12 months then deleted.
8. Your Rights Under the Saudi PDPL
You have the following rights:
- Right to be informed: to know how we process your data (this policy).
- Right of access: to request a copy of the personal data we hold about you.
- Right of correction: to correct any inaccurate data (partially available within the App).
- Right of erasure: to request deletion of your data (subject to regulatory obligations).
- Right of portability: to obtain your data in a structured format.
- Right to withdraw consent: to withdraw your consent for optional processing at any time.
To exercise any of these rights, contact the HR department at the email below.
9. Security
- Encrypted communications (HTTPS with certificate pinning).
- Token storage in secure device storage (Android Keystore, iOS Keychain).
- Optional biometric unlock for an extra layer of protection.
- Root/jailbreak and mock-GPS detection to prevent fraud.
- Strong password policy + biometric lockout after 3 failed attempts.
10. Children's Privacy
The App is intended for adult employees only (18 years and older). We do not knowingly collect any data from minors.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be posted on this page with a revised "Last Updated" date and surfaced via an in-app notification.
Contact Us
For privacy questions or to exercise your rights:
Data Controller: ALELM ALSATEA COMPANY FOR GENERAL CONTRACTING (CR 7049551620 · D-U-N-S 986468470)
Email: info@alelm-alsatea.com
HR Department: info@alelm-alsatea.com
Address: Building No. 2855, King Saud Street, Nakheel District, Dammam 32244, Saudi Arabia