Purpose

This Personal Data Protection Policy outlines how Eastern Resources Co. Ltd. protects, manages, and processes personal data in compliance with applicable privacy and data protection laws in the Kingdom of Saudi Arabia.

Scope

This policy applies to:

  • All employees
  • Contractors
  • Website users
  • Clients and partners
  • Any individual whose personal data we process

What Is Personal Data?

Personal data refers to any information that identifies an individual, including:

  • Name
  • Contact information
  • Identification documents
  • Employment details
  • Any other personally identifiable information

Principles of Personal Data Protection

We commit to the following principles:

1. Lawfulness & Transparency

We process personal data in a lawful and transparent manner, informing individuals about how their data is collected and used.

2. Purpose Limitation

Personal data is collected for specific, legitimate purposes and not used in ways unrelated to those purposes.

3. Minimization

We collect only the minimum amount of data necessary for operational, legal, or contractual requirements.

4. Accuracy

We make reasonable efforts to keep personal data accurate and up to date.

5. Storage Limitation

Personal data is stored only for as long as necessary to fulfill the purpose for which it was collected.

6. Security

We implement safeguards — technical, administrative, and physical — to protect personal data from unauthorized access or disclosure.

Data Handling & Storage

Personal data may be stored digitally or physically. We ensure:

  • Controlled access
  • Password-protected systems
  • Secure storage environments
  • Restricted internal sharing

Sharing of Personal Data

Personal data may be shared with:

  • Government authorities when legally required
  • Authorized service providers (IT, telecom, maintenance)
  • Business partners for necessary operations

We ensure that all third parties handle data securely.

Data Subject Rights

Individuals have the right to:

  • Request access to their personal data
  • Request correction of inaccurate information
  • Request deletion (subject to legal limitations)
  • Withdraw consent where applicable

Requests can be made via: ereind@ereind.com

Breach Management

In the event of a data breach, we will:

  • Take immediate containment actions
  • Assess risks
  • Notify relevant authorities when required
  • Inform affected individuals if necessary

Policy Compliance

All employees and contractors must adhere to this policy. Violations may result in disciplinary action.

Review & Updates

This policy is reviewed periodically and updated as needed to comply with evolving legal requirements.