PRIVACY & CORPORATE COMPLIANCE POLICY

 

1. INTRODUCTION

   Shiyar Ward Company (“Shiyar Ward” or the “Company”), a limited liability company incorporated
   and registered in the Kingdom of Saudi Arabia, adopts this Privacy & Corporate Compliance
   Policy to ensure full compliance with:

   • The Saudi Personal Data Protection Law (PDPL)
   • Applicable commercial and regulatory laws
   • International best practices in governance and risk management

   This Policy governs the collection, processing, storage, transfer, and protection of personal
   and business data in connection with the Company’s website, client portal, and operational
   activities.

    

2. SCOPE

   This Policy applies to:

   • Website visitors
   • Clients and project owners
   • Developers and operators
   • Suppliers and manufacturers
   • Consultants and subcontractors
   • Employees and representatives
   • Client portal users

    

3. DATA COLLECTION

   The Company may collect the following categories of data:

   3.1 Personal Identification Data

   • Full name
   • Company name
   • Position/title
   • Email address
   • Phone number
   • Business address
   • Country and city

   3.2 Commercial & Project Data

   • BOQs
   • Technical drawings
   • Procurement specifications
   • Tender submissions
   • Commercial proposals
   • Contracts and supporting documents

   3.3 Technical & Digital Data

   • IP address
   • Device information
   • Browser type
   • Cookies and usage analytics

   3.4 Portal Data

   • Login credentials
   • Uploaded files
   • Project dashboards
   • Communications

    

4. PURPOSE OF PROCESSING

   Data may be processed for:

   • Project execution (FF&E, Fit-Out, PM)
   • Tender management
   • Procurement operations
   • Contract administration
   • Regulatory compliance
   • Risk management
   • Service optimization
   • Corporate governance

    

5. LEGAL BASIS

   Processing is based on:

   • Contractual necessity
   • Legal obligation
   • Legitimate business interest
   • Explicit consent (where required)

    

6. DATA SHARING

   The Company does not sell personal data.

   Data may be shared strictly where necessary with:

   • Approved manufacturing partners
   • Logistics providers
   • Legal and financial advisors
   • IT and hosting providers
   • Government authorities (when legally required)

   All third parties are contractually bound by confidentiality and compliance obligations.

    

7. INTERNATIONAL TRANSFERS

   Due to the global nature of operations, data may be transferred outside the Kingdom of Saudi
   Arabia strictly for project execution, procurement, or operational purposes.

   Appropriate safeguards and contractual protections are implemented.

    

8. DATA RETENTION

   Data is retained:

   • For the duration of the contractual relationship
   • As required by law
   • As necessary for legitimate corporate purposes

   After expiry, data is securely deleted or anonymized.

    

9. INFORMATION SECURITY

   The Company implements:

   • Secure hosting infrastructure
   • Role-based access controls
   • Confidentiality agreements
   • Governance oversight
   • Secure document management systems

    

10. DATA SUBJECT RIGHTS

    In accordance with PDPL, individuals may:

    • Request access to their data
    • Request correction
    • Request deletion (where legally permissible)
    • Withdraw consent
    • File complaints with competent authorities

    Requests must be submitted through official Company channels.

     

11. ANTI-CORRUPTION POLICY

    Shiyar Ward adopts a zero-tolerance policy toward:

    • Bribery
    • Corruption
    • Facilitation payments
    • Improper inducements
    • Tender manipulation

    Employees, directors, consultants, and partners are strictly prohibited from engaging in such
    conduct.

    Gifts and hospitality must be reasonable, transparent, and compliant with applicable laws.

    Confidential reporting mechanisms are maintained to protect whistleblowers.

     

12. COMMERCIAL COMPLIANCE POLICY

    The Company complies with:

    • Saudi Commercial Law
    • ZATCA regulations
    • Customs regulations
    • SASO & SABER standards
    • Anti-money laundering laws
    • Export control and sanctions regulations

    All suppliers and partners undergo legal and commercial due diligence before engagement.

     

13. CONFLICT OF INTEREST POLICY

    A conflict of interest arises when personal interests interfere with Company interests.

    All employees, directors, and representatives must:

    • Immediately disclose actual or potential conflicts
    • Refrain from decision-making where conflicts exist

    The Company reserves the right to reassign duties or terminate engagements if necessary.

     

14. CONFIDENTIALITY CHARTER

    Confidential information includes:

    • Client data
    • Pricing structures
    • Technical drawings
    • Strategic plans
    • Commercial terms

    Confidential information must not be disclosed without written authorization.

    Confidentiality obligations survive termination of contracts.

     

15. POLICY REVIEW

    This Policy is subject to annual review and may be updated at the discretion of the Board of
    Directors.