1. introduction
At TAMKIN ALQADAH ADMINISTRATIVE CO, trading as Saudi Executive Coaching (“we”, “our”, or “us”), we are committed to upholding the highest standards of privacy and data protection in compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) and its implementing regulations. This Privacy Policy outlines how we collect, use, store, share, and protect your personal data, as well as your rights regarding your data.
2. Contact Information and Update Record
3. Categories of Personal Data Collected
We collect various types of personal data either directly from you or from third-party sources, as outlined below:
– Account Data: Full name, email address, phone number
– Payment Data: IBAN, payment method, transaction history
– Service Data: Personal details submitted during service use or communication
– Technical Data: IP address, browser type, and cookies
– Analytics Data: Usage metrics gathered from website interactions
– Public Data: Information from public social media platforms or publicly accessible databases
Each data category may be designated as either mandatory or optional at the time of collection.
4. Methods and Purposes of Data Collection
4.1 Direct Collection Methods:
We collect personal data directly from you using a variety of secure and transparent methods. These methods are designed to ensure that you are fully informed about what data is being collected and the purpose behind it. The primary direct collection methods we use include:
Online Forms and Account Registrations:
When you access our website or digital platforms, we may ask you to fill out forms to register an account, sign up for coaching programs, download resources. These forms may collect information such as your full name, email address, phone number, organization, job title, and areas of professional interest. Where applicable, mandatory fields will be clearly marked, and optional fields will be indicated accordingly.
Email or Phone Communications:
If you contact us via email, WhatsApp, phone calls, or other communication channels for support, service inquiries, scheduling sessions, or general feedback, we may collect and retain the personal data you provide. This may include your contact details, your message content, and any attachments or supplementary data you share. These interactions are processed in accordance with our confidentiality and data protection obligations.
In-Person Meetings, Coaching Sessions, and Event Participation:
When you attend in-person coaching sessions, training programs, workshops, or networking events hosted or facilitated by Saudi Executive Coaching, we may collect personal data via registration forms, consent sheets, attendance logs, surveys, or feedback forms. Information collected may include your name, contact information, job role, dietary or accessibility preferences (where relevant), and session-related notes provided voluntarily. Consent will be explicitly obtained when sensitive data is involved.
All data collected through these methods is handled with strict confidentiality, stored securely, and used solely for the legitimate purposes described in this policy. You will be informed at the point of collection about why the data is needed, how it will be used, and your rights under applicable laws.
4.2 Indirect Collection Methods:
In addition to collecting data directly from you, we also gather certain types of personal data through indirect means. These methods are commonly used to enhance our services, analyze user behavior, and personalize your experience. All such data is collected in compliance with the Personal Data Protection Law (PDPL) and with appropriate safeguards in place to ensure your privacy. The indirect collection methods we use include:
a. Cookies and Website Analytics Tools (e.g., Google Analytics)
When you visit our website or use our online services, we may use cookies and tracking technologies to collect technical and behavioral data about your interaction with our platform. This includes:
– Your IP address, browser type, and device information
– Pages visited, session duration, and navigation paths
– Preferences and geolocation (approximate)
– Time spent on specific pages or sections
– Referral source (e.g., search engines or social links)
This data helps us:
- Analyze website traffic and usage patterns
- Identify and fix technical issues
- Improve website functionality and user experience
- Deliver targeted content or marketing, with your consent where applicable
You can control or disable cookies via your browser settings. A clear cookie banner is presented when you first visit our website, allowing you to manage your preferences in compliance with PDPL consent requirements.
b. Referrals and Third-Party Platforms
We may receive certain personal data from external sources when:
- You are referred to us by a partner organization or another client
- You interact with our sponsored content or ads on third-party platforms such as LinkedIn, Google, or event registration systems.
- You participate in joint webinars, coaching programs, or business partnerships where your data is shared with us under lawful arrangements
The data received may include your name, contact information, organization name, job title, event participation details, or interest indicators. These sources are contractually or lawfully obligated to share your data only if you have given your consent or if there is a legal basis for the disclosure.
c. Public Social Media Profiles and Public Sources
We may collect publicly available data from professional or business-related platforms such as:
- LinkedIn, Twitter, or company websites
- Public directories, press releases, or professional blogs
- Business conference websites or speaking engagements
This may include your name, job title, employer, public biography, professional interests, or shared content relevant to our coaching and training programs.
We use this data to:
- Understand our audience and tailor our services accordingly
- Identify potential clients, partners, or speakers
- Offer relevant programs or services in line with your professional role
We only process such data for legitimate interests and ensure it is used ethically, transparently, and within the boundaries allowed by PDPL.
4.3 Purposes of Collection and Legal Basis:
We collect and process your personal data to fulfill a range of operational, legal, and service-related needs. Each processing activity is based on a valid legal foundation as outlined under the Saudi Personal Data Protection Law (PDPL). Below is a detailed explanation of our data processing purposes along with the corresponding legal bases:
a. To Provide Coaching Services
Legal Basis: Performance of a Contract
We process your personal data to provide the coaching, mentoring, training, or consultation services that you or your organization have requested. This includes:
– Creating and managing your client or attendee profile
– Scheduling coaching sessions
– Customizing coaching content and goals
– Tracking progress and performance feedback
– Providing access to digital resources, training materials, or recordings
Processing is necessary to fulfill our obligations under a service agreement between you (or your employer) and Saudi Executive Coaching. Without this data, we would not be able to deliver the services effectively.
b. To Manage Client Relationships and Improve Our Services
Legal Basis: Legitimate Interest
We may process certain types of personal data to:
– Maintain and update contact records
– Communicate with you regarding appointments, feedback, or service updates
– Conduct post-session evaluations and satisfaction surveys
– Analyze client engagement to improve our service quality
This processing is based on our legitimate interest in understanding and improving how we serve clients, enhancing the quality of our offerings, and maintaining a strong, professional relationship with you. We ensure that our legitimate interests do not override your data protection rights and freedoms.
c. To Send Newsletters, Event Invitations, and Promotional Communications
Legal Basis: Your Explicit Consent
If you have opted in to receive marketing communications, we will use your contact information to:
– Share newsletters or insights related to executive coaching
– Notify you about upcoming events, webinars, or public sessions
– Inform you of new services or special offers
You may withdraw your consent at any time by clicking the “unsubscribe” link included in our communications or by contacting us directly. Withdrawing consent will not affect the lawfulness of any processing carried out before withdrawal.
d. To Ensure Platform Security and Prevent Fraud or Abuse
Legal Basis: Compliance with Legal Obligations
We may collect and process personal data to:
– Monitor and secure our digital platforms
– Detect suspicious or unauthorized activities
– Protect our systems from fraud, malware, or cyberattacks
– Ensure compliance with applicable cybersecurity and data protection laws
This processing is essential to meet regulatory and security standards required under Saudi law and international good practice. It helps us safeguard your personal information and our operational integrity.
e. To Respond to Inquiries and Support Requests
Legal Basis: Your Consent
When you reach out to us with a question, service inquiry, or support request, we may collect and process your contact information and communication history to:
– Address your concern or respond to your question
– Follow up on unresolved issues
– Offer tailored solutions based on your needs
5. Legal Basis for Processing Personal Data
In accordance with the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations, every processing activity we carry out is supported by a clearly defined legal basis. The purpose of specifying these legal bases is to ensure transparency and to help you, as a Data Subject, understand the foundation upon which we collect, use, and retain your personal data. We may rely on one or more of the following legal bases depending on the nature of the processing activity:
a. Your Explicit Consent
We may process your personal data when you have provided clear, informed, and affirmative consent for a specific purpose. Consent is typically required for:
– Receiving newsletters or promotional content
– Participating in research or feedback surveys
– Enabling the use of cookies and analytics tools
– Processing sensitive personal data (e.g., health-related information during event registrations)
You have the right to withdraw your consent at any time, without affecting the legality of any processing conducted prior to the withdrawal. We provide simple, accessible mechanisms for managing or revoking your consent, including email requests or opt-out links.
b. Performance of a Contract
We may process your personal data where it is necessary to fulfill a contractual obligation to which you are a party. This includes:
– Delivering coaching services or training programs you have purchased or subscribed to
– Scheduling appointments or managing access to your sessions
– Responding to your service-related requests or inquiries
– Providing post-engagement materials or certification (if applicable)
Without this data, we would not be able to perform the services or fulfill our contractual duties effectively.
c. Compliance with Legal and Regulatory Obligations
In some cases, we are required by law or regulation to collect, store, or disclose your personal data. This includes compliance with:
– National data protection and cybersecurity regulations
– Anti-fraud or anti-money laundering laws (if applicable)
– Taxation and financial reporting obligations
– Regulatory audits or lawful access requests from government bodies
This legal basis ensures that we meet our obligations to government regulators, supervisory authorities, or courts.
d. Protection of Your Vital Interests
We may process your personal data if it is necessary to protect your vital interests, or those of another natural person. This would only apply in emergency or life-threatening situations, for example:
– Health or safety emergencies during in-person events or coaching retreats
– Notifying emergency contacts in case of a medical or safety incident
This processing is carried out with utmost care and only when strictly required to ensure your well-being or physical safety.
e. Legitimate Interests Pursued by Our Organization
We may also process your personal data where it is necessary to support our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. Examples include:
– Improving the quality of our services through internal research and analytics
– Enhancing user experience and website performance
– Managing customer relationships and communications
– Detecting fraud or misuse of our services
– Promoting similar services to existing clients (with an opt-out option)
Before relying on this basis, we conduct a legitimate interest assessment to ensure the processing is justified, proportionate, and respects your privacy rights.
6. Personal Data Sharing
We value your privacy and take the sharing of your personal data seriously. We only share personal data where it is lawful, necessary, and conducted under strict data protection safeguards in accordance with the Saudi Personal Data Protection Law (PDPL). The sharing of your data is limited to the extent required to deliver our services, fulfill contractual or legal obligations, and protect our legitimate interests.
Your personal data may be shared with the following categories of recipients:
a. Internal Departments within Our Organization
We may share your data internally across authorized teams within Saudi Executive Coaching (TAMKIN ALQADAH ADMINISTRATIVE CO) to ensure effective service delivery, support, and compliance. This includes:
– Client relations and account management teams
– Coaching, training, and program delivery staff
– IT and platform administration teams
– Legal, compliance, and finance departments
All internal access to personal data is strictly role-based, ensuring only authorized personnel handle your data on a “need-to-know” basis, with access control and audit logging in place.
b. Third-Party Service Providers and Professional Advisors
To support our operations and service delivery, we may engage with trusted third-party providers who perform services on our behalf, such as:
– IT and cloud infrastructure providers
– Payment gateways and billing processors
– Marketing or communications platforms (e.g., email distribution tools)
– Legal, tax, and professional advisory firms
– Assessment Providors
These third parties are contractually bound by strict data protection agreements that require them to:
– Process your data only under our instructions
– Implement appropriate technical and organizational security measures
– Refrain from using your data for their own purposes
– Comply fully with PDPL and relevant local or international data protection laws
c. Governmental and Regulatory Authorities (Where Legally Required)
We may disclose your personal data to regulatory, supervisory, law enforcement, or judicial authorities when such disclosure is:
– Required by Saudi law, regulatory frameworks, or court orders
– Necessary for the establishment, exercise, or defense of legal claims
– In response to a binding request from a competent public authority (e.g., SDAIA)
In these situations, we only disclose the minimum data necessary and document the basis for such disclosure.
d. Cloud Service Providers (Under Data Protection Agreements)
We may store or process your data on cloud-based platforms hosted either within Saudi Arabia or—where approved by regulators—outside the Kingdom. These platforms may include services such as:
– Data storage and backup providers
– Secure client portals or learning management systems
– Video conferencing platforms used for virtual coaching
All cloud service providers we use are required to comply with PDPL, and we ensure:
– Data is encrypted both in transit and at rest
– Secure authentication and monitoring practices are followed
– Hosting is performed under legally compliant and documented contracts
Security and Compliance Measures
We take full responsibility for the protection of your data even when shared with third parties. To ensure compliance:
– All third parties undergo due diligence and are monitored regularly
– Data sharing is limited to what is strictly necessary
– We maintain up-to-date records of all data processors and sharing arrangements
– We ensure data transfer outside the Kingdom is performed only where permitted by SDAIA and under explicit safeguards
This part should be updated based on each platform
We are dealing with the SEC website currently and these details according to SEC
7. International Transfers of Personal Data
We do not transfer personal data outside the Kingdom of Saudi Arabia unless it is essential for service delivery, and we ensure full compliance with PDPL by securing SDAIA approval or your explicit consent.
8. Data Retention and Destruction
At Saudi Executive Coaching (TAMKIN ALQADAH ADMINISTRATIVE CO), we are committed to retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, regulatory, or contractual obligations.
We follow a disciplined and lawful approach to data lifecycle management, which includes retention, secure storage, and eventual destruction in compliance with the PDPL and its implementing regulations.
a. Retention Periods
– Personal data is retained only for the duration necessary to serve the specified processing purposes outlined in this Privacy Policy.
– In general, we retain personal data for a period of up to five (5) years from your last interaction with our services (e.g., last session, inquiry, or communication), unless a longer or shorter period is required by applicable laws or internal operational needs.
– In cases where legal obligations require longer retention (e.g., tax, contract, or legal claims), we may retain data beyond the typical five-year window.
b. Storage Locations and Security
Your data is securely stored using modern infrastructure and security protocols, which may include:
– Internal servers hosted within our secured IT environment in the Kingdom of Saudi Arabia
– Approved cloud service providers located in KSA or outside the Kingdom, provided the transfer meets all PDPL conditions and has SDAIA approval
We ensure that access to stored data is restricted to authorized personnel only, using role-based controls and activity monitoring. All stored data is protected using:
– Encryption in transit and at rest
– Backup and disaster recovery protocols
– Network firewalls and endpoint protection
c. Secure Destruction of Personal Data
Once personal data is no longer needed for the purposes for which it was collected—and where there are no legal or regulatory requirements to retain it—we take immediate steps to ensure it is permanently and securely destroyed. Our destruction methods include:
– Digital Data: Secure deletion and overwriting of files, using certified data-erasure tools to ensure irretrievability
– Physical Records (if any): Shredding or incineration of printed documents under controlled conditions
– Anonymization: Where appropriate, we may render data permanently anonymous, ensuring it can no longer be linked to any identifiable individual
We maintain detailed logs of data destruction activities to ensure transparency, traceability, and compliance with internal policies and legal obligations.
d. Retention Review and Policy Updates
We conduct regular data retention audits to review our data holdings and ensure they are aligned with:
– The purposes described in this Privacy Policy
– Statutory and regulatory data retention requirements
– The principles of data minimization and accountability under the PDPL
9. Data Security Measures
At Saudi Executive Coaching (TAMKIN ALQADAH ADMINISTRATIVE CO), we are deeply committed to protecting the confidentiality, integrity, and availability of your personal data. In accordance with the requirements of the PDPL, we have implemented a comprehensive data security program designed to safeguard personal information throughout its lifecycle—from collection and storage to processing and deletion.
Our security controls are tailored based on the sensitivity, volume, and risk profile of the personal data processed. These measures include technical, organizational, and administrative safeguards, outlined as follows:
a. Data Encryption and Anonymization
– We use strong encryption protocols (such as AES-256) to protect personal data during transmission (in transit) and when stored (at rest).
– Secure Socket Layer (SSL)/TLS certificates are used to protect online forms and communications over our website.
– Sensitive or identifying information may be anonymized or pseudonymized where appropriate, to minimize exposure risks and ensure compliance with Article 9 of the PDPL’s implementing regulations.
b. Role-Based Access Controls and Secure Authentication
– Access to personal data is governed through role-based access controls (RBAC), ensuring that only authorized personnel can access the data needed to perform their job functions.
– All user accounts accessing personal data are protected by multi-factor authentication (MFA) and password complexity requirements.
– Audit logs are maintained to monitor, trace, and investigate all access and activity related to personal data processing.
c. Regular Risk Assessments and Staff Training
– We conduct periodic risk assessments to evaluate and mitigate vulnerabilities in our systems, processes, and infrastructure. This includes internal audits, penetration testing, and third-party assessments.
– Employees and contractors undergo mandatory data privacy and cybersecurity training, with a focus on PDPL requirements, social engineering risks, phishing prevention, secure data handling, and breach response protocols.
– All personnel with access to personal data sign confidentiality agreements and are held to high standards of accountability.
d. Incident Response and Breach Notification Procedures
We maintain a dedicated incident response plan to detect, assess, contain, and remediate any data breaches or security incidents in a timely and effective manner.
In the event of a personal data breach that may compromise your privacy or rights, we are committed to:
Promptly notifying affected individuals
– Reporting the incident to the Saudi Data and Artificial Intelligence Authority (SDAIA) in accordance with PDPL Article 21
-Taking remedial measures to contain and prevent recurrence of such incidents
e. Physical and Environmental Security
For physical records (if any) , we employ:
– Restricted physical access to secure storage areas
– Environmental safeguards including fire suppression and uninterruptible power supply (UPS) systems
We continuously monitor, test, and improve our security controls to adapt to evolving threats, regulatory changes, and industry standards—ensuring that your personal data remains secure, private, and protected at all times.
10. Your Rights Under PDPL
As an individual whose personal data is collected or processed by Saudi Executive Coaching (TAMKIN ALQADAH ADMINISTRATIVE CO), you are entitled to a range of rights under the KSA Personal Data Protection Law (PDPL). These rights are designed to give you control over your data, ensure transparency, and protect your personal and legal interests.
Below are your key rights and what each one means in practice:
- Right to be informed
You have the right to be fully informed about how your personal data is being collected, processed, stored, used, shared, and protected. This includes:
– The purpose of data collection
– The legal basis for processing
– Categories of personal data collected
– Your rights and how to exercise them
– Contact details of our Data Protection Officer
This Privacy Policy is part of our obligation to fulfill this right.
2. Right to access your data
You have the right to request access to the personal data we hold about you. Upon request, we will provide:
– A copy of your personal data
– Information about how we are using your data
– The categories of personal data involved
– The parties with whom your data has been shared
Requests are generally responded to within 30 days, unless the request is particularly complex.
3. Right to data portability:
You may request that your personal data be provided to you in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that your data be transferred directly to another service provider.
This right applies when the processing is based on your consent or a contract and is carried out by automated means.
4. Right to rectification:
If you believe that any of the personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update it. We will take reasonable steps to verify the accuracy and ensure updates are reflected in all systems.
5. Right to erasure (under specific conditions):
You have the right to request the deletion of your personal data in certain circumstances, such as when:
– The data is no longer needed for the purposes for which it was collected
– You withdraw your consent and there is no other legal basis for processing
– The processing was unlawful
– The data must be erased to comply with legal obligations
Note: This right is not absolute. It may be restricted if the data is required for compliance with legal obligations, for public interest reasons, or for the establishment or defense of legal claims.
6. Right to restrict processing:
You may request that we limit the processing of your data in certain circumstances, such as:
– When you contest the accuracy of the data
– When processing is unlawful and you prefer restriction over deletion
– When you need the data to establish or defend legal claims
– When you object to processing, pending verification of our legitimate interest
During this restriction period, we may continue to store your data but will not use or process it further without your consent.
7. Right to object to processing:
You have the right to object to the processing of your personal data when:
– The processing is based on our legitimate interests
– The data is being used for direct marketing purposes
– The processing involves profiling or automated decision-making
We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights, or where the data is needed for legal claims.
8. Right to withdraw consent at any time:
If you have given us your explicit consent for a specific data processing purpose (e.g., marketing), you have the right to withdraw that consent at any time. Withdrawal will not affect any processing that was carried out before the withdrawal.
To withdraw your consent, you may contact us directly via the details in Section 2.
9. Right to lodge a complaint with SDAIA:
If you believe your personal data has been mishandled or your rights have been violated, you have the right to file a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA)—the competent regulatory body overseeing data protection in the Kingdom.
Website: https://sdaia.gov.sa
Before doing so, we encourage you to first contact us to allow us the opportunity to resolve your concern.
You may exercise your rights by contacting us via email or using our Data Subject Management form on the website
11. Access to Privacy Policy and Updates
This Privacy Policy is published on our website and is accessible to all users. We may update this policy periodically to reflect changes in our practices or legal requirements. You will be notified via email or platform banners where applicable.
12. Cookie Policy
We use cookies to personalize your experience, analyze site traffic, and offer tailored services. You can control cookie settings via your browser. Continued use of our website indicates consent to our cookie practices.
13. Amendments
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i) TAMKIN ALQADAH ADMINISTRATIVE CO ( as Saudi Executive Coaching ) 7233 Ar Rabwah Dist Jeddah 23535,4823. You can contact Saudi exective coaching and view their privacy policy here: www.secoaches.co. SEC are registered CR 4030374115.
Clause for insertion as follows;
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”
“Digital Marketing Service Providers”
You can contact us at:
Email: info@secoaches.co
Data Subject Management Form
