SOUQERP – GDPR Compliance Statement (Saudi Arabia Operations)
Applies to: EU-based clients, users, and partners interacting with SOUQERP services hosted or operated from Saudi Arabia

1 Our Commitment

SOUQERP is committed to protecting personal data in accordance with the EU General Data Protection Regulation (GDPR), even when services are delivered from Saudi Arabia. We also align with the Saudi Personal Data Protection Law (PDPL) to ensure dual compliance.

2 Data We Collect

We may collect:

• Identity and contact details (e.g., name, email, phone)
• Usage logs and technical data from our platforms
• Business inputs shared during onboarding or service delivery

3 Legal Basis for Processing

We process data based on:

• Consent
• Contractual necessity
• Legal obligations
• Legitimate interests (e.g., service improvement, security)

4 Your Rights (EU Residents)

Under GDPR, you may:

• Access and correct your data
• Request deletion or restriction
• Object to processing
• Receive a copy (data portability)
• Withdraw consent at any time

Contact support@souqerp.com to exercise these rights.

5 International Data Transfers

Data processed in Saudi Arabia may be transferred to or from the EU. SOUQERP uses:

• Standard Contractual Clauses (SCCs)
• Risk assessments
• Encryption and access controls

These safeguards ensure GDPR-compliant protection across borders.

6 Retention & Disposal

We retain personal data only as long as necessary for service, legal, or support purposes. Data is securely deleted or anonymized when no longer needed.

7 Security Measures

We apply:

• End-to-end encryption
• Role-based access controls
• Continuous monitoring and compliance audits

Our practices align with both GDPR and PDPL standards.