Privacy Policy

Privacy Policy

Last Updated: 20 March 2025

1. Bakan’s Commitment

Welcome to Bakan for Smart Technologies (“Bakan,” “we,” “our,” or “us”). As a Saudi pioneer in data governance, regulatory compliance, cybersecurity, and smart infrastructure solutions, we are dedicated to ensuring the highest standards of data protection, privacy, and AI ethics. Our approach aligns with the Saudi Personal Data Protection Law (PDPL), the AI Ethics Principles, and the General Data Protection Regulation (GDPR).

At Bakan, we draw inspiration from Saudi Arabia’s rich cultural heritage, where trust, security, and preservation have always been deeply valued. The name Bakan originates from a secure compartment in traditional Saudi homes, where families protected their most valuable possessions. In today’s digital age, data is among the most critical assets, and we ensure its protection with the same principles of trust and security that define our heritage.

Our expertise lies in enabling organisations to thrive in the digital landscape while navigating complex regulatory environments. By leveraging advanced compliance frameworks, AI-driven governance, and cybersecurity resilience, we empower businesses and public institutions to build a secure, ethical, and data-driven future.

2. What Personal Data We Collect

To provide our services and ensure compliance with PDPL, SDAIA’s AI Ethics Principles, and GDPR, we may collect and process the following types of personal data:

  • Identity Information (e.g., name, national ID, passport details)
  • Contact Information (e.g., phone number, email, postal address)
  • Technical Information (e.g., IP address, browser type, device identifiers)
  • Usage Information (e.g., browsing behaviour, interaction with our services)
  • Professional Information (e.g., job title, organisation details)
  • Financial Information (e.g., payment details, if applicable)
  • Communication Records (e.g., inquiries, feedback, customer support interactions)
  • Compliance and AI-Generated Insights (e.g., risk assessments, data governance analytics, anonymised user behaviour data)

We collect only the necessary data and process it with transparency and accountability.

3. How We Use Your Personal Data

We process personal data to:

  • Deliver and enhance our services, including data governance, compliance automation, and cybersecurity solutions.
  • Ensure regulatory compliance with PDPL, SDAIA’s AI Ethics Principles, and GDPR.
  • Secure critical data assets, ensuring resilience against cyber threats.
  • Improve risk management and data integrity through AI-powered compliance monitoring.
  • Facilitate transparent, fair, and non-discriminatory AI applications in line with SDAIA’s ethical AI principles.
  • Communicate with clients and partners regarding updates, security advisories, and compliance best practices.
  • Support innovation and digital transformation while maintaining ethical AI governance.

4. Our Commitment to Ethical AI & Responsible Data Governance

As a leader in regulatory compliance, we adhere to SDAIA’s AI Ethics Principles, ensuring that all AI and automated decision-making systems are:

  • Fair & Non-Discriminatory: AI models are tested and monitored to eliminate bias in data, algorithms, and outcomes.
  • Transparent & Accountable: We ensure explainability in AI-based decisions, maintaining human oversight.
  • Privacy-Centric & Secure: AI and data processing systems prioritise encryption, confidentiality, and security-by-design.
  • Ethically Governed & Reliable: We conduct regular compliance audits and impact assessments to align with evolving regulations.

5. Legal Basis for Processing

We process personal data based on:

  • Consent: When you provide explicit authorisation.
  • Contractual Obligation: When necessary for service delivery.
  • Legal Obligation: When compliance with PDPL, SDAIA, or GDPR is required.
  • Legitimate Interest: When processing supports security, AI fairness, and regulatory alignment ensuring no harm to user rights.

6. Data Sharing & International Transfers

Bakan ensures that data is handled securely and transparently with strict compliance to PDPL, SDAIA’s AI Ethics Principles, and GDPR:

  • Within Saudi Arabia: Data is securely processed and stored in compliance with national regulations.
  • Cross-Border Transfers: If data must be transferred outside Saudi Arabia, we ensure:
  • The recipient country has adequate data protection standards
  • Appropriate safeguards such as encryption, anonymisation, and contractual agreements are in place.
  • Explicit user consent is obtained when required.

We do not sell or rent personal data. Data sharing is strictly limited to regulatory authorities, compliance partners, and security auditors when required for governance, legal compliance, or operational security.

7. Data Retention & Secure Disposal

We retain personal data only for as long as necessary to:

  • Fulfil the original purpose of collection.
  • Meet legal, regulatory, or contractual obligations.
  • Conduct ongoing risk and security assessments.

When data is no longer required, it is securely deleted or anonymised in accordance with best practices.

8. Your Rights & How to Exercise Them

Under PDPL, SDAIA’s AI Ethics Principles, and GDPR, you have the right to:

  • Access: Obtain a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (Right to Be Forgotten): Request deletion under specific conditions.
  • Restriction: Limit how your data is used.
  • Data Portability: Receive data in a structured format.
  • Objection: Challenge data processing activities.
  • Withdraw Consent: Revoke your authorisation at any time.

9. How We Protect Your Data

As a trusted leader in compliance and cybersecurity, Bakan deploys state-of-the-art security measures, including:

  • End-to-End Encryption for all data transmissions and storage.
  • Real-Time Threat Detection and AI-driven cybersecurity risk monitoring.
  • Automated Compliance Management for PDPL, SDAIA, and GDPR.
  • Strict Access Controls ensuring only authorised personnel can access sensitive data.
  • Regular Security Audits & AI Fairness Reviews to maintain ethical and regulatory integrity.

10. Updates to This Privacy Notice

We may update this Privacy Notice periodically to reflect:

  • Changes in PDPL, SDAIA’s AI Ethics Principles, GDPR, or global data regulations.
  • New technologies or innovations in compliance and cybersecurity.
  • Evolving best practices in AI ethics and responsible data governance.

Significant updates will be communicated through appropriate channels.

11. Contact Us

For inquiries regarding this Privacy Notice or our data protection and compliance services, please contact:

Bakan for Smart Technologies
Website: https://bakan.sa

By using our services, you acknowledge that you have read and understood this Privacy Notice and our commitment to responsible data governance and ethical AI practices.