
Privacy Policy
“CODEIT BASIC” Point of Sale System
Introduction
Code Communications & Information Technology ("CodeIT"), CR No. (1010739970) (referred to as the "First Party") is dedicated to upholding the privacy and security of personal data processed through our Point of Sale (POS) system, known as "CODEIT." which consists of the CODEIT POS application and/or CODEIT POS device (referred cumulatively as the “System”). First Party acts as the Data Controller for personal data collected from customers (referred to as the "Second Party") utilizing the System. This Privacy Policy delineates how the First Party collects, utilizes, discloses, and safeguards personal data in adherence to the Personal Data Protection Law (referred to as “PDPL”) of the Kingdom of Saudi Arabia.
Scope and Applicability
This Privacy Policy applies to the processing of personal data by the First Party, encompassing data from the Second Party and suppliers serving the Second Party. It governs the collection, storage, usage, and disclosure of personal data obtained through the System.
Information Collection
First Party collects personal information from Second Party and their registered suppliers, necessary for the operation of the System and to comply with regulatory standards. This includes but is not limited to:
- Business name/s
- User Email Address/es
- User Identification Number/s
- Company Registration Number/s
- Business Address/es (Location Data)
- Contact Number/s (Mobile Number/s)
- Store Photo/s
- User Profile Photo/s
- Screen Recording/s, Screenshot/s and other Video Recording/s (Only when requested by First Party support)
The First Party doesn't collect any data about the second party's device or their activities outside of the System. They also don't use any activity information for anything other than operating the System and sending limited marketing related to offers on the Second Party's subscription plan.
Purpose of Data Processing
First Party collects and processes personal data for various purposes, including:
- Enabling the Second Party to utilize the System.
- Ensuring compliance with regulatory requirements of the Zakat, Tax, and Customs Authority of Saudi Arabia.
- Providing support and assistance to the Second Party on System usage and operations.
- Enhancing the performance and functionality of the System and enabling Second Party to avail offers based on their usage of the System.
Legal Basis for Processing
The processing of personal data by First Party is grounded on legal bases outlined in the PDPL, including:
- Consent: Obtaining consent from the Second Party before processing their personal data. By purchasing, installing and/or using our products and services, the Second Party agrees to provide the consent to the First Party to process their data to enable the Second Party to utilize the system for their business operations.
- Compliance: Processing necessary for adhering to legal obligations imposed by regulatory authorities which includes General Protection Regulation (GDPR) and PDPL
- Legitimate Interests: Processing necessary for the legitimate interests pursued by the First Party, such as improving the System and related products and services.
Data Subject Rights
Second Party has specific rights concerning their personal data, in accordance with PDPL guidelines, followed by the First Party, including:
- The right to know how their personal data is being used.
- The right to access their personal data and request a copy of it.
- The right to correct or update any personal data that is inaccurate or incomplete.
- The right to request the deletion of their personal data under certain conditions. (Review Data Retention Policy)
- The right to withdraw consent for the processing of their personal data. (Account Dismissal or Suspension)
To exercise any of these rights, Second Party should contact the support line of the First Party by emailing at support@codeit.sa
Data Security
The First Party implements robust technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction. First Party consistently reviews and updates the security measures to ensure the ongoing confidentiality, integrity, and availability of personal data.
Training & Audit
The First Party ensures that all its internal company staff receive proper training to adhere to data privacy laws. Regular reviews of all systems and processes related to the System are conducted to ensure compliance with this privacy policy. Additionally, the First Party verifies that appropriate governance controls and resources are available to ensure the proper handling and protection of Second Party's personal data.
Data Sharing and Disclosure
The First Party is allowed to share personal information with third-party service providers and business partners to help provide services related to the System, as long as they follow data protection rules outlined in the PDPL. They won't share the Second Party's information with any other business or personnel unless the second party gives explicit consent. However, they might share the second party's information if the law requires it and with a subpoena, in which case the consent of the Second Party will not be required.
Data Retention
Personal information is retained for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Upon termination of Second Party use of the System, personal information is securely deleted or anonymized after the legally required retention period of 5 years for financial data, unless further retention is necessary for legal or regulatory compliance.
Marketing
The limited marketing exception for existing Second Parties and new Second Party, known as “soft opt-in” allows First Party to send marketing texts, emails or calls, as the First Party has obtained contact details in the course of a sale to the Second Party. The soft opt-in comes in effect when the Second Party registers or uses the System complying with the Terms & Conditions of the First Party and the policies listed in this document.The First Party will be marketing added value features for the System or similar products and/or services, and they give the Second Party an opportunity to opt-out of marketing by contacting support of the First Party at support@codeit.sa.
Updates to Privacy Policy
The First Party reserves the right to update or modify this Privacy Policy at any time to reflect changes in data processing practices or legal requirements. The Second Party is encouraged to review this Policy periodically for updates.
Effective Date
This Privacy Policy is effective as of 14th May 2024 and applies to all personal data collected or processed by First Party in connection with the System.