Personal Data Protection Regulations

BrightWare Company (Hereinafter referred to as: “the Company” or “we”) is committed to protecting the privacy of personal data.

These regulations aim at providing our clients with clear and transparent information about how their personal data shall be collected, used, and protected, in compliance with the Personal Data Protection Law, which was adopted by the Kingdom of Saudi Arabia, by virtue of the Royal Decree No. (M/19) dated 09/02/1443 AH. (Corresponding to September 16th, 2021), as amended by Royal Decree No. (M/148) dated 05/09/1444 AH. (Corresponding to March 27th, 2023) (Hereinafter referred to as: the “Law”).

This notice applies to (“Clients from Business Sector and their employees”), including current, former, or potential clients of our products, services, and/or business activities.


1. Personal Data and Processing:

Personal Data is any information that relates to an identified or identifiable living individual. It may include your name, address, photo, etc. We may process your personal data to conduct our business and to provide you with personalized products and services. Processing refers to the operations performed on your personal data, such as collecting, recording, storing, organizing, formatting, storing, modifying, updating, unifying, retrieving, using, disclosing, sharing, etc.


2. Processing Entity:

BrightWare Company, registered under Commercial Register No. 1010280291, located in Riyadh, Al Narjis District, Abu Bakr Al Siddiq Road.


What Personal Data is collected?

Personal data is any data that can identify, whether directly or indirectly, a person; including his/her name, personal identification number, addresses, contact numbers, license numbers, records, and personal assets.


We collect and process the following personal data:

  • Personal identification information: full name, date of birth, gender, nationality, and identification numbers (such as national ID number, passport number).
  • Contact information: address, phone numbers, e-mail address.
  • Financial information: bank account numbers.
  • Employment information: employer name.


      • We may collect your personal data in several ways, as follows:

      • When you apply for a product and/or service through our website or through other channels, such as our mobile application, telephone conversations, or directly from one of our employees.
      • When a client invoices individuals or companies through “ROSOM” system.
      • If another party provides us with your personal data when you receive a product or service from us on your behalf, the data will be processed as appropriate.
      • When you request information about our products through a third party in response to our marketing activities (for example, the website and social media platforms).


      Types of possible processing activities and their purposes:

      • Invoicing processing through “ROSOM” system.
      • Client Service: We may process your personal data to support your inquiries/requests regarding recent purchases and/or orders, provide timely updates, etc.
      • Risk Assessment: We may process your personal data to assess the associated risks and prevent fraudulent activities.
      • Marketing: We may process your personal data to market and promote our products and services, customized to your needs and preferences, with the exception of sensitive data.
      • Research and Statistical Analysis: We may process your personal data for research and statistical analysis to develop and provide you with personalized products and services.
      • Legal and Regulatory Obligations: We may process your personal data to comply with legal and regulatory obligations, including managing requests from government agencies or responding to judicial proceedings or other requests or inquiries.


      Statutory Basis for Collecting and Processing Client’s Personal Data:

        According to the Personal Data Protection Law, the statutory basis on which we process such data is as follows:

      • Fulfilment of a contractual obligation (e.g., customer service, customer support management, and account management).
      • Complying with regulatory requirements based on the instructions of the Saudi Central Bank and other regulatory authorities (complying with the laws and directives issued by the competent authorities and the laws in force in the Kingdom of Saudi Arabia).
      • Achieving legitimate interests or objectives.
      • Disclosure of Personal Data.


      We may, as required, disclose your personal data to the following entities:

      • Service providers, suppliers, agents, consultants, brokers, and others who perform services or assist us in managing our business, or provide products or services, such as information technology companies, law firms, etc.
      • Entities or companies contracted by BrightWare Company (the Company's clients) from which personal information is obtained
      • Current or potential business partners, professional advisors, and consultants involved in the management of our business or financial derivatives.
      • Any applicable regulatory authorities (governmental, statutory, regulatory, executive, system enforcement, investigative, judicial/quasi-judicial authorities, departments, instruments, agencies, ministries, institutions, boards, committees, courts, tribunals, etc.), or other third parties as may be required by law or in accordance with other regulatory obligations or policies applicable to us or you.


      We may disclose your personal data in the following cases:

      • Your personal data is collected from a publicly available source.
      • The entity requesting the disclosure is a public entity, and the collection or processing of your personal data is required for purposes of public interest, security, to implement another system, or to meet judicial requirements.
      • If disclosure is necessary for the protection of public health or public safety, or to protect the life or health of specific individuals.
      • If the disclosure involves subsequent processing only in a form that makes it impossible to directly or indirectly identify you.
      • Disclosure when the data is obtained through BrightWare Company's clients (contracting companies), who are also required to comply with personal data protection requirements.


      Data Security:

      We have taken appropriate technical measures, set administrative controls, and enforced legal safeguards to:

      • Prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized manner (for example, access control, network security, communications security, policies and procedures, encryption, and other technologies).
      • Handle any suspected personal data breach and notify the relevant authority, if needed.


      Retention Period:

      We will retain your personal data for the period specified in the relevant retention policies of the Saudi Central Bank, legal and regulatory obligations, or any other period necessary for us to fulfil our operational obligations. However, we may retain personal data after its purpose has been fulfilled if there is a legal requirement to retain it for a specific period, or if a case is pending before a judicial authority and retention is required.


      Contact Us

      If you have any questions about this Privacy Policy or your data, you can contact us via the following channels:

      • Email: ContactUs@BrightWare.com.sa
      • Phone: 8001240256
Riyadh, Saudi Arabia

Address: 6157 Abi Bakr As Siddiq Rd , Alnarjas Area, 13323 – 2821.
First floor, Office #39

800 124 0256

ContactUs@BrightWare.com.sa

SADAD Certified

© 2025 BrightWare ALL RIGHTS RESERVED

BrightWare is licensed by the Saudi Central Bank (SAMA). Click Here