GlassHUB (“we,” “us,” “our“) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your Personal Data in compliance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia, as well as any other relevant data protection laws. By accessing or using our platform and website, you agree to the terms of this Privacy Policy.
“User(s)”, “you”, “your”, “yourself” refers to any stakeholder who utilizes or accesses the Platform in any capacity.
Each hereinafter (GlassHUB and User) individually referred to as the “Party” and collectively as the “Parties”.
- Data Collected
- We collect, use, store, and process various categories of personal data to facilitate our services and maintain compliance with applicable legal and regulatory requirements. The types of personal data we collect are categorized as follows (“Personal Data”):
- Identity Data: Includes first name, last name, username or other unique identifiers, title, date of birth, gender, and national identification number.
- Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
- Professional Data: Includes job title, employer details, professional qualifications, and employment history.
- Financial Data: Includes bank account details, payment card information, and payment transaction history.
- Transaction Data: Includes records of payments made to or received from you, along with details of products or services purchased.
- Technical Data: Includes internet protocol (IP) address, login credentials, browser type and version, time zone settings, location data, browser plug-in types and versions, operating system and platform, and other technical details related to the devices used to access our website or services.
- Profile Data: Includes username, password, records of transactions, purchase history, preferences, interests, feedback, and survey responses.
- Usage Data: Includes information on how you interact with our website, platform, products, and services.
- Marketing and Communications Data: Includes your preferences regarding marketing communications from us and third parties, as well as general communication preferences.
- We do not collect or process any Special Categories of Personal Data, such as information related to race, ethnicity, religion, health, or biometric data.
- All Personal Data collected is processed in accordance with Applicable Laws of data protection and is handled with strict confidentiality and appropriate security measures.
- Collection of Personal Data
- We collect Personal Data through various methods to ensure the efficient delivery of our services while complying with Applicable Laws of data protection. The sources of Personal Data collection include:
- Direct Interactions: You may provide us with Identity, Contact, Professional, and Financial Data by filling out forms or communicating with us via post, phone, email, or other channels. This includes instances where you:
- Apply for our products or services;
- Create an account on our platform;
- Subscribe to our services or publications;
- Request marketing communications;
- Participate in competitions, promotions, or surveys; or
- Provide feedback or contact us for inquiries.
- Automated Technologies and Interactions: As you engage with our website or services, we may automatically collect Technical Data related to your device, browsing activities, and interaction patterns. This data is collected through cookies, server logs, and similar tracking technologies.
- Third-Party Sources and Publicly Available Data: We may receive Personal Data from external parties, including:
- Technical Data from analytics providers, advertising networks, and search information providers;
- Contact, Financial, and Transaction Data from technical service providers, payment processors, and delivery partners;
- Identity and Contact Data from data brokers or aggregators; and
- Identity and Contact Data from publicly accessible sources.
- All Personal Data collected is processed in accordance with Applicable Laws and is used solely for legitimate business purposes as outlined in this Privacy Policy.
- Personal Data Processing
We have set out below a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity | Type of data | Legal basis for processing |
To register you as a new customer | • Identity Data • Contact Data | Performance of a contract with you |
To process and deliver your order including: (i) Manage payments, fees, and charges (ii) Collect and recover money owed to us | • Identity Data • Contact Data • Financial Data • Transaction Data • Marketing and Communications Data | -Performance of a contract with you -Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: (i) Notifying you about changes to our terms or privacy policy (ii) Asking you to leave a review or take a survey | · Identity Data · Contact Data · Profile Data · Marketing and Communications Data | – Performance of a contract with you – Necessary to comply with a legal obligation – Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To enable you to partake in a prize draw, competition, or complete a survey | • Identity Data • Contact Data • Profile Data • Usage Data • Marketing and Communications Data | – Performance of a contract with you – Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) | • Identity Data • Contact Data • Technical Data | – Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) – Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | • Identity Data • Contact Data • Profile Data • Usage Data • Marketing and Communications Data • Technical Data | – Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences | • Technical Data • Usage Data | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you | • Identity Data • Contact Data • Technical Data • Usage Data • Profile Data • Marketing and Communications Data | Necessary for our legitimate interests (to develop our products/services and grow our business) |
- Data Transfer and Sharing
- Data sharing
- We may share your Personal Data with the following categories of recipients:
- Internal Third Parties: Other companies within our group, acting as joint controllers or processors, to manage business operations, provide customer support, or fulfill other operational needs.
- External Service Providers: Third-party service providers who act as processors to assist us in various functions, such as IT services, data analytics, hosting services, payment processing, customer support, and other essential services.
- External Professional Advisors: External consultants, legal advisors, auditors, insurers, and other professionals who provide banking, legal, insurance, and accounting services.
- Regulatory Authorities and External Legal Entities: Relevant authorities or regulatory bodies, where necessary to meet compliance obligations, such as tax, legal, or reporting requirements.
- Business Transactions: In the event of a business transaction, such as a merger, acquisition, or sale of assets, your Personal Data may be shared with potential buyers or new owners as part of the transaction process.
- We require all third parties to handle your Personal Data in strict accordance with Applicable Laws. We take appropriate measures to ensure that they implement adequate security safeguards to protect your Personal Data. Furthermore, we do not permit our third-party service providers to use your Personal Data for their own purposes and restrict their processing of Personal Data to the specific purposes outlined in this Privacy Policy.
- Data transfer:
- We may transfer your Personal data to recipients located outside the Kingdom of Saudi Arabia. Any such transfer will be conducted in full compliance with the Applicable Laws. Such transfers will only occur for legitimate purposes, including but not limited to fulfilling legal obligations, meeting contractual requirements, or other justified operational needs. We will ensure that appropriate safeguards and measures are in place to maintain the security and confidentiality of your Personal Data during any transfer process.
- Automated Decision-Making
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you in a similar manner. All decisions involving the processing of Personal Data are made with human oversight to ensure fairness, transparency, and compliance with applicable data protection laws.
If, in the future, we implement automated decision-making processes that may have a material impact on you, we will provide prior notice, including details of the underlying logic, the significance and potential consequences of such processing, and your rights in relation to such decisions, in accordance with Applicable Laws
- Data Retention
- We will retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including compliance with the terms of use of the Platform, legal, regulatory, tax, accounting, and reporting obligations. In certain circumstances, we may retain your Personal Data for a longer period if there is an ongoing complaint or if we reasonably anticipate potential litigation in relation to our relationship with you.
- To determine the appropriate retention period, we take into account factors such as the nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized access or disclosure, the purposes for which the data is processed, and any applicable legal, regulatory, or contractual requirements.
- You may request the deletion of your Personal Data under specific circumstances, as outlined in Privacy Policy.
- In some cases, we may anonymize your Personal Data, rendering it impossible to associate with you, for purposes such as research or statistical analysis. In such instances, we may retain and use this anonymized data indefinitely without further notification to you.
- Your Rights
- Under Applicable Laws, you have certain rights regarding the processing of your Personal Data. Subject to legal and regulatory requirements, you may exercise the following rights:
- Right of Access: You have the right to request access to the Personal Data we hold about you and receive a copy of such data.
- Right to Rectification: You have the right to request the correction of any inaccurate or incomplete Personal Data.
- Right to Erasure (“Right to be Forgotten”): You may request the deletion of your Personal Data where there is no legitimate reason for us to continue processing it.
- Right to Restrict Processing: You may request that we suspend the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
- Right to Data Portability: You have the right to request the transfer of your Personal Data to you or to a third party in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw such consent at any time. This will not affect the lawfulness of any processing conducted before your withdrawal.
- Exercising Your Rights:
- You may exercise your rights at any time by contacting us using the details provided in this Privacy Policy. In most cases, you will not be required to pay a fee to access your Personal Data or exercise your rights. However, we reserve the right to charge a reasonable fee or refuse a request if it is manifestly unfounded, repetitive, or excessive.
- To protect your privacy and security, we may request additional information to verify your identity before fulfilling your request. We may also ask for further details to expedite our response.
- We shall respond to all legitimate requests within one month. In cases where a request is particularly complex or if multiple requests have been made, we may require additional time. If an extension is necessary, we will inform you and provide updates on the progress of your request.
- Security of Personal Data
- We implement robust security measures designed to protect your Personal Data from accidental loss, unauthorized access, use, alteration, or disclosure. Access to your Personal Data is strictly limited to employees, agents, contractors, and other third parties who have a legitimate business need to know. These individuals will only process your Personal Data in accordance with our instructions and are bound by confidentiality obligations.
- In the event of a suspected Personal Data breach, we have established procedures to manage and investigate the incident. Where required by Applicable Law, we will promptly notify you and any relevant regulatory authorities of the breach.
- Links to Other Websites
Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
- Cookies and Similar Technologies
We use cookies and similar tracking technologies to track the activity of our service and hold certain information.
- Complaints
- If you have any concerns or complaints about data practices of your Personal Data, please contact us directly. We are committed to addressing your concerns promptly and effectively.
- As the processing, storage, and use of your Personal Data take place in the Kingdom of Saudi Arabia, any complaints should be directed to the Saudi Data & Artificial Intelligence Authority (SDAIA) or the National Data Management Office (NDMO), which are the competent authorities for data protection in Saudi Arabia.
- While we encourage you to reach out to us first to resolve your concerns, if you are not satisfied with our response or believe we have not complied with the Applicable Laws, you have the right to lodge a complaint with SDAIA or NDMO.
- Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.
- Integration
This Privacy Policy shall constitute an integral part of any agreement entered into between the Users and GlassHUB and shall be deemed incorporated therein by reference.
- Governing Laws and Dispute Resolution
This Privacy Policy shall be governed and construed in accordance with the applicable laws of the Kingdom of Saudi Arabia (“Applicable Law(s)”). Any dispute arising out of the formation, performance, interpretation, nullification, termination or invalidation of this Privacy Policy or arising therefrom or related thereto in any manner whatsoever, shall be settled through amicable negotiations. In the event where any such dispute is not settled within fifteen (15) business days from the commencement of negotiations, such dispute shall be finally settled by arbitration in accordance with the Saudi Arabian laws and regulations in force (“Rules”) by three (3) arbitrators appointed in accordance with the said Rules. Each Party shall appoint an arbitrator within ten (10) Business Days of receiving a written notice in that respect from the other Party; the two appointed arbitrators shall then appoint a third arbitrator within an additional ten (10) Business Days. In the event of the other Party’s failure to appoint an arbitrator or the two appointed arbitrators’ failure to appoint a third arbitrator within the specified time frame, then the Competent Court shall appoint the co-arbitrator upon the request of the Party seeking expeditious resolution. The Parties shall initially bear the costs and expenses of arbitration, including those of the arbitral tribunal and its secretariat, equally; thereafter, the Party against whom the arbitral award is made shall bear all such costs and expenses.
- Contact Us
We welcome all questions, comments, and requests regarding the Privacy Policy, which should be directed to the following address:
Address: Business Gate, Airport Road, Qurtubah, Riyadh 13244
Email Address: info@glasshub.ai
Phone Number: +966 50 840 1100
