Privacy Policy

1. Who We Are (Data Controller)

SKYLINE Limited Company ("SKYLINE", "we", "us", "Data Controller") is a company established in Saudi Arabia, with headquarters at Building 5529, King Saud Road, Ar Rabie District, Dammam 32241. We act as the Data Controller for all personal data collected through our website, services, and business relationships.

2. Legal Basis & Compliance

We process personal data in accordance with:

• Saudi Personal Data Protection Law (PDPL) — Royal Decree No. (M/19) of 2021 and its Implementing Regulations
• Saudi National Data Management Office (NDMO) requirements
• EU General Data Protection Regulation (GDPR 2016/679)
• Saudi NCA Cloud Controls (NCA-CCC) for cloud-stored data
• Data minimization principle — we collect only what is necessary

3. Data We Collect

3.1 Data You Provide Directly

• Full name
• Email address and phone number
• Company name and job title
• Service request details
• Content of messages and inquiries

3.2 Data Automatically Collected

• IP address and device information
• Browser type and operating system
• Pages visited and browsing times
• Referrer URL (if you arrived via external link)
• Cookies (see Cookie Policy)

3.3 Sensitive Data

We do not intentionally collect sensitive data (religious, health, biometric, etc.) from website visitors. If we need to process such data for employment purposes, it is done with explicit consent.

4. Lawful Bases for Processing

5. Data Retention Periods

We retain personal data only as long as necessary:

• Contact form data: 24 months after last interaction
• Customer data (contracts): 10 years (ZATCA & SAMA requirements)
• Analytics data: 14 months (Google Analytics)
• Employee data: 5 years after employment ends
• Security log files: 12 months

6. Data Sharing

We do not sell your personal data. We may share data only with:

• Service providers (hosting, analytics, email) under Data Processing Agreements (DPA)
• Government authorities when legally required (ZATCA, NCA, courts)
• Professional advisors (lawyers, accountants, auditors) under confidentiality obligations
• With your explicit consent, to any other party

International data transfers occur only to countries with adequate data protection, or under Standard Contractual Clauses (SCCs).

7. Data Security

We implement robust technical and organizational measures:

• Data encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls and least-privilege principles
• Multi-Factor Authentication (MFA)
• 24/7 security monitoring via SOC
• Annual penetration testing and vulnerability assessments
• Regular backups and disaster recovery
• ISO 27001 compliance and NCA Essential Cybersecurity Controls

In the event of a data breach affecting your rights, we will notify Saudi Data Authority within 72 hours and notify you as soon as reasonably possible.

8. Your Rights (PDPL + GDPR)

To exercise any of these rights, contact privacy@alskyline.com. We will respond within 30 days.

9. Cookies

Our website uses cookies to improve experience and analytics. For details, see our Cookie Policy.

10. Children's Privacy

Our services are directed at business professionals and are not intended for children under 18. We do not knowingly collect personal data from children. If we learn we have, we will delete it immediately.

11. Data Protection Officer (DPO)

12. Changes to This Policy

We may update this Policy to reflect changes in practices or law. Updates will be posted on this page with a new "Last Updated" date. For material changes, we will notify you by email.