Download Product Catalogue
Careers Contact Us arabic

Privacy Policy

Introduction


WESCOSA, operations hereinafter referred as, ‘we’, ‘us’ or ‘our’ is committed to respect your privacy and choices. The privacy statement highlights our privacy practices regarding Personal Information that we collect and process depending on your association with WESCOSA and nature of processing activity in compliance to applicable data privacy regulations. If you have any questions or concerns about this privacy policy or your personal data, please contact us at: privacy@wescosa.com.sa

What Personal Data we collect?


We, at WESCOSA and its subsidiaries, collect and maintain various categories of personal data, including high-risk personal data (meaning special category or sensitive personal data), about you during your recruitment, employment, and engagement with our organization, as well as from our customers and suppliers. This data is necessary for administrative, legal, operational, and business purposes.

Identification and Contact Details

Full name, gender, nationality, marital status, religion (if applicable), date and place of birth, government-issued identification numbers (e.g., Iqama, National ID, Passport), place of issue, personal photo, email address, telephone number(s), and home address.

Employment and HR Data

Job title, department, employee ID, organizational unit, employment start date, contract details, records of promotions, transfers, resignations or terminations, and reason for separation.

Recruitment and Qualifications Information

CVs, cover letters, education history, degrees and certifications, previous employment records, job applications, professional memberships, and references.

IT and Systems Access Records

IT request forms, system access requests and approvals, username/employee ID, system roles, login records, and internal help desk tickets.

Compensation and Benefits

Salary details, bank account information, records of salary reviews and bonuses, benefits entitlements, family care and health insurance details (including names and birthdates of dependents), annual leave, sick leave, and other time-off records.

Surveillance and Monitoring Data

CCTV footage at office premises, building entry/exit logs, application and system activity logs, communications logs (email and instant messaging where applicable), and internet usage logs.

Special Category Data (Sensitive Personal Data)

Racial or ethnic origin and religious beliefs (when collected for diversity and inclusion purposes), biometric data such as fingerprints (for attendance systems), and criminal background data from pre-employment screenings or access control monitoring.

Customer and Supplier Engagement Data

For employees interacting with external clients and suppliers, we may also collect, and store data related to:

  • Purchase Orders, Contracts, and Quotations issued or reviewed.
  • Customer or supplier employee contact details.
  • Maintenance and QA checklists you have completed.
  • Records related to vendor or client communications.

Purposes of processing your personal data and the legal basis for processing


We, at WESCOSA and its subsidiaries process your personal data to manage our employment relationship with you in a lawful, fair, and transparent manner. The data is processed for employment-related purposes, legal obligations, and legitimate business interests, throughout the duration of your employment and, where necessary, after its termination.

Processing is carried out under one or more of the following legal bases:

  • To fulfill our obligations under your employment contract
  • To comply with applicable legal or regulatory requirements
  • To pursue the legitimate interests of the company (e.g., operational efficiency, security, compliance)
  • Based on your explicit consent, where required (e.g., for processing sensitive data or diversity information)

If you do not provide the necessary personal data, we may not be able to meet our contractual or legal obligations, and we will inform you of the consequences of such cases.

Payroll and Benefits Administration

To process your salary, allowances.

Legal Basis: Contractual necessity and legal obligation.

Recruitment and Background Checks

To validate your credentials, conduct identity, employment, education, and criminal background checks as allowed by law.

Legal Basis: Legitimate interest and legal obligation.

Employment and HR Records Maintenance

To maintain records such as employment history, contracts, correspondence, performance evaluations, and training logs.

Legal Basis: Contractual necessity and legitimate interest.

Disciplinary and Grievance Procedures:

To manage employee relations including investigations, disciplinary actions, and grievance handling.

Legal Basis: Legitimate interest and legal obligation.

Monitoring and Surveillance

To ensure safety, protect assets, and maintain operational security through:

  • CCTV surveillance in company premises
  • Access control systems and time tracking
  • Monitoring of corporate systems, emails, and internet use (where permitted by law)

Legal Basis: Legitimate interest and legal obligation.

Audit and Regulatory Compliance

To conduct internal and external audits, ensure compliance with laws (e.g., labor regulations, tax, health and safety), and respond to regulatory authorities.

Legal Basis: Legal obligation and legitimate interest.

Policy Compliance and Enforcement

To monitor adherence to company policies (e.g., Acceptable Use Policy, Code of Conduct, Information Security Policy).

Legal Basis: Legitimate interest.

Crime Reporting and Legal Proceedings

To report criminal activity or cooperate with law enforcement and legal authorities where required by national law.

Legal Basis: Legal obligation.

Monitoring


At WESCOSA and its subsidiaries, we have implemented a range of security and monitoring measures to protect our premises, systems, business operations, and personal data. These measures are designed to detect, prevent, and respond to unauthorized access, data breaches, and other cybersecurity threats, while ensuring compliance with internal policies and legal obligations.

System and Network Security Monitoring

We continuously monitor our IT infrastructure—including emails, endpoints, applications, and networks owned or managed by WESCOSA and its subsidiaries—for security threats such as:

  • Malware and ransomware
  • Phishing attempts
  • Unauthorized access
  • Data leakage or misuse
  • Non-compliance with internal policies

Activity Logs and Audit Trails

All user activity on WESCOSA -managed systems is logged to maintain audit trails, including:

  • System login/logout times
  • Access to applications, files, and websites
  • Use of privileged credentials (where applicable)

Legal Basis for Monitoring

The monitoring measures described above are necessary for:

  • Protecting the legitimate interests of the company in maintaining the confidentiality, integrity, and availability of systems and data;
  • Ensuring compliance with legal and regulatory requirements (e.g., labor law, data protection, and cybersecurity obligations);
  • Protecting employee safety and business assets;
  • Safeguarding personal data stored or processed within company systems.

Security


We have implemented industry-standard security measures to keep your personal data secure and confidential, including and not limited to:

  • Limiting access to your personal data, to WESCOSA’s employees strictly on a need-to-know bases, such as to respond to your inquiry or request.
  • Implemented physical, electronic, administrative, technical, and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure, and destruction.
  • WESCOSA employees who misuse personal data are subject to strict disciplinary action, as it is a violation of the Data Privacy Policy of WESCOSA

Who We May Share Your Personal Data With


We may share your personal data, where necessary and lawful, with the following:

  • Internal Teams within WESCOSA and its affiliates strictly on a need-to-know basis.
  • Authorized Service Providers such as cloud service providers, HR systems vendors, background check providers, payroll processors, and IT support.
  • Government Authorities including regulatory bodies, tax authorities, and law enforcement, as required by law.
  • Auditors (internal or external) for compliance and operational reviews.
  • Clients and Business Partners, where contractually necessary.
  • Contractors under confidentiality obligations.
  • In Corporate Transactions such as mergers, acquisitions, or reorganizations, where personal data may be shared or transferred with appropriate safeguards.

Data Transfer


We may transfer your Personal Data to countries outside your jurisdiction and to our authorized vendor servers which may have different data protection standards to those which apply to your jurisdiction. We shall take the necessary steps to ensure confidentiality and security of the transferred data.

Period for which the personal data will be stored


We store personal data in line with Local Law requirements. Your personal data will be collected, stored, and processed by us while you are an employee. If the tenure of employment completes or terminated, we will securely delete/destroy your employment records and related documents containing your personal data as soon as feasible.

What are your privacy rights?


WESCOSA would like to make sure you are fully aware of all your privacy rights, which include:

  • The right to access: You have the right to request a copy of your personal data.
  • The right to rectification: If you believe that the data we hold about you may not be up to date, accurate, or complete, you may contact WESCOSA for a correction of that data. Upon receipt of this request, we will investigate and resolve the issue within business days. We make good-faith efforts to provide you with ways to update your personal data, although some changes may require personal contact with a WESCOSA representative.
  • The right to erasure or restrict processing of data: You have the right to request WESCOSA to erase or restrict the processing of your personal data under certain conditions, including proving that the data was reported to WESCOSA by mistake. However, exercising this right may impact your access to some of our services.
  • The right to object: You have the right to object to WESCOSA’s processing of your personal data under certain conditions.
  • The right to withdraw consent at any time (where processing is based on consent): Where we process personal data based on your consent, you have the right to withdraw that consent at any time.

How do you contact us?


In case of any queries related to this policy, you can contact our Data Privacy Office.

Email us at privacy@wescosa.com.sa

Changes to this policy


We will notify you of changes we may make to this privacy notice/policy where required, however, we would recommend that you look back at this notice from time to time to check for any updates.