Skip to content
Language Switcher en
Page 48012510381 Privacy Policy details English for unifonic//https://www.unifonic.com/en/privacy-policy
Log in Book a demo

 

Unifonic Privacy Policy

Issuing Date: Feb 2025

Version 1.0

Executive Summary

Unifonic is committed to protecting your privacy. This Privacy Policy (“Policy”) is a legally binding agreement between you (“User”, “you” or “your”) and Unifonic (“we”, “us” or “our”) as a company registered in Kingdom of Saudi Arabia, with a registered address at 7252 Olaya Street, Tamkeen Tower, Riyadh, Kingdom of Saudi Arabia, and licensed under the Commercial Registration Number: 1010295191, and its group companies. 

This Privacy Policy explains how we collect, use, and disclose personal information collected from individuals themselves or from other third parties and provides information about individuals’ rights with respect to their personal information.  

We may use personal information provided to us for any of the purposes described in the relevant section of this Policy or as otherwise stated at the point of collection.  

Our goal is to process personal information as necessary for our legitimate business purposes in a transparent manner. If you have any questions regarding our privacy practices, please contact us as set forth in the Contact Us section below.  

This Policy is aligned with the Personal Data Protection Law (‘’Law”) applicable in the Kingdom of Saudi Arabia. 


Lawful Basis for Processing 

In compliance with Article 5 of the Personal Data Protection Law, Unifonic ensures that any processing of personal data is carried out on a lawful basis. This includes: 

  • Consent explicitly provided by the data subject. 
  • Legal or contractual necessity. 
  • Legitimate interest of Unifonic, provided it does not compromise data subject rights or involve sensitive data.
  • Public or health safety interest were permitted by law​. 

 
What Data We Collect and How We Process it? 

 

1. Business Contacts
Information Collection  

We collect business contact details from individuals linked to current and potential Unifonic clients to manage our relationships. Using a CRM, we store personal information like name, employer, title, phone, email, and other contact details. The CRM also gathers data from Unifonic's email and calendar systems on interactions with business contacts. We only collect necessary data in line with the Data Minimization Principle under PDPL and regularly review and remove outdated or irrelevant data. 

Information Use  

We process personal data based on one or more of the following lawful bases as outlined in Article (6) of the PDPL: the data subject's consent, necessity for the performance of a contract, legal obligation, or our legitimate interest provided such interest does not conflict with the rights of the data subject and does not involve sensitive data. 

Unifonic does not rely on legitimate interest as a lawful basis for processing sensitive personal data, as prohibited under Article 16 of the PDPL Implementing Regulation. 

We use this information for the following business purposes: 

  • Administering, managing, and developing our business and services. We may process personal information to run our business, including:
  • managing our relationship with clients; 
  • providing services and customer support to our clients; 
  • developing our business and services, such as identifying client needs and improvements in service delivery and learning more about a client relationship opportunity we or other Unifonic member firms have an interest in; 
  • performing analytics, including with regard to trends, relationship maps, sales intelligence, and progress against account business goals; 
  • maintaining and using IT systems; 
  • hosting or facilitating the hosting of events; 
  • conducting surveys (e.g. benchmarking) or quizzes; and 
  • administering and managing our website, systems, and applications. 
  • Providing information about us and our range of services.
 
Information Retention  

Personal information will be retained in the CRM for as long as we have, or need to keep a record of, a relationship with a business contact. Personal information may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise, or defend our legal rights. Unifonic securely destroys personal data once the purpose of collection has been fulfilled or upon a valid request from the data subject where applicable. We utilize secure deletion methods, including anonymization, degaussing, or shredding, in line with SDAIA's guidelines on personal data destruction and anonymization. 

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below.  

2. Clients  

Our Policy is to collect only the personal information necessary for agreed purposes, and we ask our clients only to share personal information with us when it is needed for those purposes. When we need to process personal information relating to individuals other than our clients to provide our services, we ask our clients to provide the necessary information to other data subjects concerned, regarding its use. 

Information Collection  

Given the range of services provided to clients ("More information on our services is available at www.unifonic.com/services......."), various categories of personal information are processed, including: 

  • Contact details (e.g., email address, phone number, postal address); 
  • Login credentials (e.g., email address or username, password); 
  • Financial details (e.g., payment instrument number such as credit card, name and billing address, security code associated with payment instrument like CSV or CVV, bank account details, benefits, tax status); 
  • Survey or quiz responses; 
  • Job details (e.g., role, grade, and other information about management and employees); and 
  • For certain client engagements, sensitive or special categories of personal information may be processed (such as performing know your client checks, which might involve processing government identification documents that may contain biometric data). 

This personal information is generally collected from clients or third parties acting on the instructions of the client but may occasionally be obtained directly from data subjects or publicly available sources on behalf of clients. 

Unifonic collects only the necessary and relevant personal data to fulfill specified purposes in accordance with the Data Minimization Principle under PDPL. Regular reviews are conducted to remove data that is no longer required or relevant. 

Information Use  

We process personal data based on one or more of the following lawful bases as outlined in Article (6) of the PDPL: the data subject's consent, necessity for the performance of a contract, legal obligation, or our legitimate interest provided such interest does not conflict with the rights of the data subject and does not involve sensitive data. 

Unifonic does not rely on legitimate interest as a lawful basis for processing sensitive personal data, as prohibited under Article 16 of the PDPL Implementing Regulation. 

We use this information for the following business purposes: 

  • Providing Professional Services and Products

We provide a diverse range of professional services (More information on our services is available at www.unifonic.com/services), and products. Some of our services require us to process personal information to provide advice and deliverables. We may also seek feedback and opinions in surveys (e.g., benchmarking) or quizzes. 

  • Security and Quality Management Activities 
  • Personal information, such as client users’ login credentials, may be processed to administer and manage our websites, applications, and other online services that we make available to clients, including to confirm and authenticate identity and prevent unauthorized access. 
  • Personal information may be processed as part of our client engagement and acceptance procedures, including carrying out searches using publicly available sources and third-party sources. 
  • Personal information may be processed as part of the security monitoring that we undertake to detect, investigate, and resolve security threats — for example, automated scans to identify harmful emails (e.g., phishing attempts). 
  • Compliance with Laws, Regulations, and Policies 

As with any provider of professional services, we are subject to legal, regulatory and professional obligations. Subject to these obligations, we need to keep certain records to demonstrate that our services are provided in compliance with those obligations, and those records may contain personal information. 

Information Retention  

We retain the personal information processed by us in accordance with the terms of our client agreements. Unifonic securely destroys personal data once the purpose of collection has been fulfilled, or upon a valid request from the data subject where applicable. We utilize secure deletion methods, including anonymization, degaussing, or shredding, in line with SDAIA's guidelines on personal data destruction and anonymization. 

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below. In addition, we may disclose personal information to:  

  • Third party organizations that assist us in providing services 

On certain client engagements, pursuant to our agreements with such clients, we may engage or otherwise work with other providers to help us provide professional services to our clients. 

  • Our Clients 

Where we need to process personal information to provide professional services to our clients, we may include personal information in our deliverables, such as the reports we create. 

Unifonic maintains records of personal data processing activities in accordance with Article 31 of the PDPL and Article 33 of its Implementing Regulations. These records include: 

  • The purposes and legal basis of processing. 
  • Categories of personal data and data subjects. 
  • Retention periods. 
  • Data transfers and disclosure details. 
  • Security measures taken. 

 

3. Website Users  
Information Collection 

When you access or otherwise use our Site, we will collect information about you and how you interact with our Site. We may collect information about you through: (1) information you provide; (2) automatic tracking technologies; and (3) third parties.  

Information You Provide  

When you visit our Site, you may choose to provide information about yourself such as your name, address, email address, telephone number, job title, and company name. By way of example, you may choose to provide your information in the following circumstances:  

  • Subscription or ordering newsletters and/or publications;  
  • Entering surveys (e.g., benchmarking) or quizzes;  
  • Contacting us for further information; and 
  • Visiting our Site while logged into a social media platform.  
Automatically Collected Information 

We use online identification technologies, such as cookies, or similar technologies (“Tracking Technologies”) on our Site. The information we collect using these technologies includes IP address and other identifiers as well as information about your internet activity and browsing behavior on our Site. We also use website analytics providers which may set Tracking Technologies on your device.  

Information Use 

We utilize the information we collect for various purposes based on the context in which it was collected. For instance, processing your information might be necessary to complete a transaction, provide a service you requested, or fulfill obligations under a contract between us. In some cases, we may process your information based on your prior consent. We process personal data according to one or more lawful bases outlined in Article (6) of the PDPL: the data subject's consent, necessity for the performance of a contract, legal obligation, or our legitimate interest, provided such interest does not conflict with the rights of the data subject and does not involve sensitive data. We use this information for the following business purposes: 

  • Operating and improving the Site; 
  • Fulfilling your requests; 
  • Understanding how the Site is being used; 
  • Exploring ways to develop and grow our business; 
  • Maintaining and improving the safety and security of the Site; 
  • Preventing and enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks; 
  • Improving our products and services; 
  • Running our operations; 
  • Complying with law and legal obligations; 
  • Responding to your inquiries; and 
  • Sending marketing communications about Unifonic products, services, and events. 
Information Retention 

We keep personal information from the Site as long as needed or required by law. Unifonic securely destroys personal data once the purpose is fulfilled or upon valid request, using anonymization, degaussing, or shredding according to SDAIA's guidelines. 

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below. 

Managing Cookies 

If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, you may refuse or delete one or more cookies and still access our Site, but Site functionality may be impaired. After you finish browsing our websites, you may delete Site cookies from your system if you wish. For more information on managing cookies, please see our Cookie Policy page. 

Personnel 

We collect personal information concerning our own personnel (partners and staff) as well as individual contractors to administer the employment relationship and manage our business. 

Please refer to the privacy statements available in the employment agreement. 

4. Candidate Recruitment  

If you are formally applying for one of Unifonic’s open positions, you will be presented separate privacy statements at the point of data collection during these processes. Should your formal application result in being extended and accepting an opportunity to join the firm, you will also be presented with privacy statements in the employment agreement.  

Information Collection 

During the process of candidate recruitment, we may collect the following personal information from you: 

  • Contact details (e.g., name, email, telephone number);  
  • Education, academic and professional qualifications;  
  • Locations and interest in opportunities;  
  • Employment history;  
  • Your responses to surveys and quizzes, if you choose to participate; 
  • Areas of interest and specialized knowledge/subject matter; and  
  • Other information included on your resume/CV that you choose to submit. 
Information Use 

We process personal data based on one or more of the following lawful bases as outlined in Article (6) of the PDPL: the data subject's consent, necessity for the performance of a contract, legal obligation, or our legitimate interest provided such interest does not conflict with the rights of the data subject and does not involve sensitive data. 

Unifonic does not rely on legitimate interest as a lawful basis for processing sensitive personal data, as prohibited under Article 16 of the PDPL Implementing Regulation. 

We use this information for the following business purposes: 

  • To attract talent and market opportunities at Unifonic, including by arranging, hosting, and participating in events, marketing and advertising opportunities, including on social media, and using recruiters to help find talent for us. 
  • To identify and source talent, including by searching our talent pool and publicly available sources (such as professional networking and job websites of which you are a member). 
  • To evaluate you for open positions that match your interests and experience throughout the Unifonic network, manage your talent profile, send you email notifications, surveys, quizzes, and other announcements, request additional information, or otherwise contact you regarding recruitment, events, thought leadership, or other opportunities we believe may be of interest to you. 
     
  • To conduct statistical analyses and create reports, including regarding use of our careers websites, reports on Unifonic recruitment activities, analyses of candidate sourcing channels, and other requirements under applicable laws and regulations. 
     
  • To administer and manage our careers websites and communicate with you about careers at Unifonic. 
     
  • Any other purposes stated when you provide the information to Unifonic. 
Information Retention 

We retain the personal information processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal information may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and in order to establish, exercise or defend our legal rights.  

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below. 

Record of Processing Activities (RoPA) 

Unifonic maintains records of personal data processing activities in accordance with Article 31 of the PDPL and Article 33 of its Implementing Regulations. These records include: 

  • The purposes and legal basis of processing. 
  • Categories of personal data and data subjects. 
  • Retention periods. 
  • Data transfers and disclosure details. 
  • Security measures taken. 

 

5. Suppliers  
Information Collection 

We collect and process personal information about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage our relationships with our suppliers, to receive services from our suppliers, and, where relevant, to provide professional services to our clients. The personal information we process about our supplier contacts is generally business card information and includes name, employer, phone number, email and other business contact details, and the communications with us.  

Information Use 

We process personal data based on one or more of the following lawful bases as outlined in Article (6) of the PDPL: the data subject's consent, necessity for the performance of a contract, legal obligation, or our legitimate interest provided such interest does not conflict with the rights of the data subject and does not involve sensitive data. 

Unifonic does not rely on legitimate interest as a lawful basis for processing sensitive personal data, as prohibited under Article 16 of the PDPL Implementing Regulation. 

We use this information for the following business purposes: 

  • Receiving services: We process personal information in relation to our suppliers and their staff as necessary to receive the relevant services. 
     
  • Providing professional services to clients: Where a supplier is helping us to deliver professional services to our clients, we process personal information about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients. 
     
  • Administering, managing and developing our businesses and services: We may process personal information in order to run our business, including: 
  • managing our relationships with suppliers; 
  • developing our businesses and services (such as identifying client needs and improvements in service delivery); 
  • maintaining and using IT systems; 
  • conducting surveys; 
  • hosting or facilitating the hosting of events; and 
  • administering and managing our website and systems and applications.  
  • Security, quality and risk management activities: We have security measures in place to protect our and our clients’ information (including personal information), which involves detecting, investigating, and resolving security threats. Personal information may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. 
     
  • Providing information about us and our range of services: Unless we are asked not to, we use business contact details to provide information that we think will be of interest about us and our services; for example, industry updates and insights, other services that may be relevant, and invitations to events. 
     
  • Complying with any requirement of law or regulation: As with any provider of professional services, we are subject to legal, regulatory, and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations, and those records may contain personal information. 
Information Retention 

Personal information will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out above. Personal information may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and in order to establish, exercise or defend our legal rights. 

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below. 

 

6. Attendees of Unifonic Events 

We may collect personal information from attendees and participants of Unifonic events as described below. Unless separate privacy terms are provided to the attendee or participant at or in connection with the event, any personal information collected will also be treated in accordance with the section of this Policy that applies based on the attendee’s or participant’s relationship with Unifonic (e.g., business contact, client contact, supplier contact, job applicant).  

Information Collection and Use 

When we collect personal information in connection with Unifonic events, such information is provided directly and voluntarily by or on behalf of the attendee or participant and includes the individual’s business card information and other personal information specific to the event and any accommodations. We use such information to manage registration, attendance and participation at the relevant event. We may also take photographs in public areas at our events and we may use these in our marketing materials.  

Information Retention 

Personal information will be retained about our event attendees and participants for as long as we have, or need to keep a record of, a relationship with such individuals. Personal information may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and in order to establish, exercise or defend our legal rights.  

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below.  

Record of Processing Activities (RoPA) 

Unifonic maintains records of personal data processing activities in accordance with Article 31 of the PDPL and Article 33 of its Implementing Regulations. These records include: 

  • The purposes and legal basis of processing. 
  • Categories of personal data and data subjects. 
  • Retention periods. 
  • Data transfers and disclosure details. 
  • Security measures taken. 

 

7. Visitors to Our Offices 

We have security measures in place to protect our offices and the people within them, such as secured entrance doors, visitor management procedures, security cameras, and an alarm activation system.  

Security System  

Unifonic offices are protected with security equipment at all entrance doors providing access control, auditing, and intrusion detection. The security camera system records activity at all entrance points and high security areas. The video images captured are securely stored and only accessed on a need-to-know basis for investigative purposes only. 

Guest WiFi 

We monitor traffic on our guest WiFi networks using industry standard intrusion detection systems. This allows us to see limited information about a user’s network behaviors but will include being able to see at least the source and destination addresses the user is connecting from and to.  

Information Disclosure 

We may disclose personal information as described in the Information Disclosure section below.  

Data Transfer 

Unifonic may transfer personal data outside the Kingdom of Saudi Arabia under the conditions permitted by the PDPL and its Implementing Regulations. These conditions include: 

  • Utilizing Standard Contractual Clauses (SCCs) issued by the Saudi Data & AI Authority (SDAIA). 
  • Applying Binding Corporate Rules (BCRs) where applicable. 
  • Conducting a documented risk assessment for each transfer in accordance with SDAIA’s Risk Assessment Guideline (2025). 
  • Ensuring the receiving country or entity maintains an adequate or appropriately safeguarded level of personal data protection. 

As part of our global network of firms, and similar to other professional service providers, we utilize third parties located in other countries to assist in running our business. Consequently, personal information may be transferred outside the countries where we and our clients reside, including transfers to countries outside the Kingdom of Saudi Arabia. Some of these jurisdictions may not offer the same level of protection for personal information as your home country. In compliance with legal requirements, we implement measures to ensure adequate protection for any transferred information. 

Transfers of personal information outside the Kingdom of Saudi Arabia will adhere to Personal Data Protection Law requirements through agreements such as standard contractual clauses. 

Security 

Unifonic has implemented generally accepted standards of technology and operational security designed to protect personal information from loss, misuse, alteration or destruction. Only authorized Unifonic personnel and the third parties described in this Policy are provided access to personal information and these employees and third parties have agreed to maintain the confidentiality of this information.  

Information Disclosure 

We will only disclose personal information to others for a business purpose and when we are legally permitted to do so. When we disclose information to others, we put contractual arrangements and security mechanisms in place as appropriate to protect the information and to comply with our information protection, confidentiality and security standards.  

We disclose personal information to the following categories of recipients:  

  • Other Unifonic member firms: We may disclose personal information to other Unifonic member firms where necessary for administrative purposes and to provide professional services to our clients. 
  • Third party organizations that provide applications/functionality, data processing or IT services to us: We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems -- for example, providers of information technology, cloud-based software-as-a-service, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in data centres around the world, and personal information may be stored in any one of them.  
  • Auditors, professional advisors and insurers: We engage auditors and other professional advisors, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal information may be disclosed to these auditors and other advisors as necessary in connection with the products and services they have been engaged to provide. We also have a number of business insurance policies in place and we may need to disclose personal information to the insurer, for example, in the event of a claim.  
  • Law enforcement or other government and regulatory agencies or other third parties as required by applicable law or regulation: Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal information, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfill requests for personal information where we are permitted to do so in accordance with applicable law or regulation.  
  • Third party organizations in connection with a corporate transaction: We may disclose personal information to a third party as necessary in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital. 
Your Rights Regarding Processing of Your Personal Data 

Under Personal Data Protection Law, you have the following rights, which primarily depend on the purpose of Personal Data collection and processing: 

  • Right to Be Informed 
  • Right of Access to Your Personal Data 
  • Right to Request Access to Your Personal Data 
  • Right to Request Correction of Your Personal Data 
  • Right to Request Destruction of Your Personal Data 
  • Right to Withdraw Your Consent for Processing Your Personal Data 

To exercise any of the above-mentioned rights, you can submit a request via the information provided in the Contact Us section. 

Automated Decision-Making 

Unifonic does not engage in any automated decision-making that significantly affects individuals unless such processing is: 

  • Explicitly disclosed to the data subject. 
  • Subject to appropriate safeguards as required under Article 26 of the PDPL Implementing Regulation. 
Changes to the Privacy Policy 

Unifonic may update this Policy at any time by publishing an updated version here. You can access the most current version of this Policy at any time on this site. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided. 

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Portal and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes.  

Agreement to the Privacy Policy 

You acknowledge that you have read this Policy and agree to all its terms and conditions. Your use of our Portal and Services signifies your acceptance of this Policy, and the terms and conditions that govern it. If you do not agree to this policy, you must not use any of the content or the services offered. 

Data Protection Officer 

In accordance with Article 30 of the PDPL Implementing Regulation, Unifonic has designated a Data Protection Officer (DPO) responsible for overseeing compliance and serving as a point of contact for data protection matters. You may contact our DPO at: 

  • Phone: +966-920002687 

If you are dissatisfied with our handling of your data or believe we have not complied with applicable data protection laws, you may escalate your complaint to the Saudi Data & AI Authority (SDAIA) via: 

Important Links