Introduction

GASCO and its subsidiaries (hereafter referred to as “we” or “our” or “us” or “organization”) respects and is committed to protecting your personal data. This privacy notice explains how GASCO and its subsidiaries collect, use, share and safeguard your personal data when you use our, or our subsidiaries’, products, services, offers, promotions or interact with us by visiting our website, applications, offices and branches.

 

1. Personal and Sensitive Personal Data

“Personal Data” refers to data that (alone or when used in combination with other information) is capable of being associated with or could reasonably be associated with an individual such as name, mobile number, passport number, email address, bank account number, personal identification number, etc. Personal data we collect varies depending on our relationship and interactions with you.

“Sensitive Personal Data” refers to specific categories of personal data that are considered sensitive due to impact on an individual’s privacy, security or fundamental rights, which includes but is not limited to race, gender, ethnicity, political beliefs, criminal records, and health data. Sensitive Personal Data may have specific meanings under different privacy laws and regulations.

 

2. Categories of Personal Data

We collect various types of personal data to provide and improve our services, including but not limited to:

• Contact Data: This includes your name, email address, telephone number, mobile number, address along with other personal identifiers that are essential for communication and service delivery.
• Demographic Data: This includes your age and geolocation, which we may collect automatically from your mobile device if you opt in to allow us to collect it. This will help us understand and serve you better.
• Financial Data: This includes tax-related documents, Zakat or tax certificate details, bank account details, and payment card details to facilitate transactions and process payments securely.
• User-Generated Data:
  • This includes data you provide through interactions with our services, offerings, and products, such as data collected when you participate in our promotional program.
  • Data shared over support chat.
  • Data collected when you attend our sponsored events.
  • Data collected regarding your interaction when you visit our branches, websites, and social media pages.
  • Data collected when you contact us, such as customer care services.
  • Data collected when you provide your review or feedback regarding our products and services.
• Usage Data: This includes your IP address, device identifiers, settings, characteristics,browsing history, and other data collected using cookies and similar technologies that we can use to enhance security and user experience.
• User Account Data: This includes data such as customer identification number, account numbers, account record type, and other identifiers used for record-keeping and tracking purposes.
• Identification Data: This includes data such as Iqama, passport, and National ID.
• Social Media Data: This includes data such as social media IDs and links.
• Audio and Visual Data: This includes audio, electronic, visual, or similar data such as site photographs, site videos, CCTV recordings, call center recordings, call monitoring records, and voicemails.
• Other Data: This includes any data you provide voluntarily or as required by law.

We will take the necessary steps to correct inaccurate data and keep the data collected up-to-date.

 

3. Sources of Personal Data

We may collect personal data about you from various sources, including but not limited to:

• Direct interactions with our customers during branch visits, office visits, websites, and applications.
• Data collected when you register for our services.
• Data collected when you register or enroll for our event or program.
• Data collected through our customer survey forms and other publicly and commercially available sources.
• Data collected through automated technologies, such as cookies, call recordings of our call center, and CCTV recordings in our facilities and branches.
• Data collected through social networking websites.
• Data collected by our talent acquisition team for screening and hiring candidates/trainees.
• Data collected when you interact with our third-party services and platforms.

 

4. Purpose for Collecting Personal Data

The personal data we collect is used for various purposes, all aimed at enhancing our service delivery and customer experience.

• Provision of services: Your personal data may be used to provide the services and products you request, such as registering your account, processing transactions, and providing the necessary support.
• Improve services: Your data may be used to improve the quality of services and user experience, including analyzing product usage and interaction, and providing personalized recommendations and content.
• Study and analyze: Your data can be used to conduct studies and analytics to understand trends, behaviors, and user needs, build strategies, and develop new products.
• Compliance with laws and regulations: We are required to use and share certain personal data to comply with applicable laws and regulations, and to perform legal and contractual obligations.
• Job/Internship: We may process your personal data when you apply for a job/internship at GASCO and its subsidiaries. The personal data in your application will be used and retained for recruiting, compliance, and other customary human resources purposes.
• Product/Service Updates: We may use your information to update you about our new offerings and other communications.

 

5. Lawful Basis of Processing

Your personal data can be processed on the following lawful basis:

• Consent: Based on the explicit consent provided by you.
• Legal Basis: To comply with legal obligations required by laws and regulations.
• Legitimate Interest: To improve our customer services, product offerings, operations, and security.
• Contractual Obligation: To fulfill a contract to which you are a party, such as a contract
  with you, or as needed to fulfill a contract or agreement between you and GASCO and its subsidiaries.

 

6. Disclosure of your Personal Data and Categories of Third Parties

We may disclose your Personal Data to:

• Employees of GASCO and its subsidiaries who need to access, use, and process this data for the purposes of studying, understanding, and developing the LPG sector.
• Our service provider for the purpose of providing customer interaction services.
• Our cloud service providers for the purpose of data storage and data analytics.
• Our financial institutions, merchants, and payment processors for the purpose of enabling your payments.
• Our delivery and logistics providers for the purpose of managing shipments and deliveries.
• Our customer relationship management and marketing partners for the purpose of managing customer relationships and supporting sales and marketing functions.
• We may also disclose personal data when required to do so by law—such as to law enforcement agencies, regulators, or courts—or as permitted by law or as needed for audit, compliance, and corporate governance.

 

7. International Data Transfer

We might transfer your data to countries outside KSA for business resiliency. We are committed to ensuringthe protection of your personal data during international transfers. When transferring your personal data outside KSA, we adhere to PDPL requirements and implement measures to ensure an adequate level of protection for your personal data.

Our approach includes implementing appropriate safeguards to protect your personal data and informing you of potential risks associated with transferring your data to countries without adequate protection measures.

If you have any questions or concerns about the cross-border transfer of your personal data, please contact us as indicated in the “Contact Us” section.

 

8. Data Storage & Retention

Data Storage

At GASCO and its subsidiaries, we prioritize the security of your personal data. We store your data securely on our servers and databases, utilizing advanced security measures such as encryption, firewalls, and stringent access controls. These measures are in place to protect your data from unauthorized access, alteration, disclosure, or destruction, ensuring your data remains safe and confidential.

 

Data Retention

We are committed to retaining your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or reporting obligations. The duration for which we retain your data is determined by several factors:

• Compliance with Laws: We adhere to the retention periods mandated by applicable laws and regulations.
• Operational Needs / Legitimate Interest: We keep your data for the duration necessary to deliver our services and maintain our business operations effectively.
• Consent-Based Processing: When processing your data based on consent, we retain the data for as long as we have your consent.
• Legal and Dispute Resolution: In cases of disputes or legal proceedings, we may need to retain your data for longer periods to resolve issues.

After the relevant retention period has concluded, we will ensure that your personal data is either securely deleted or anonymized, making it impossible to associate the data with you. In instances where immediate deletion is not feasible, such as data stored in backup archives, we will take steps to securely store and isolate the data until it can be deleted.

You may request that we delete your data or restrict the processing of such data by contacting us as indicated in the “Contact Us” section.

 

9. Data Subject Rights

We respect your right to inform, access, correct, delete, and withdraw consent. You may submit a request as per the details mentioned in the “Contact Us” section. We will not charge you for any request. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

Under the Personal Data Protection Law (PDPL), you have the following rights:

• Right to Information – This right provides you with the ability to ask for information about what personal data is being processed, stored, and shared with third parties, and the legal basis for such processing.
• Right to Access – This right provides you with the ability to access your personal data that is being processed and request copies of that data.
• Right to Provision of Personal Data – This right provides you with the ability to ask for a copy of your personal data in a readable and legible format.
• Right to Correction – This right provides you with the ability to ask for the correction, completion, or updating of your personal data if you believe that the data shared is not accurate or up-to-date.
• Right to Destruction/Deletion – This right provides you with the ability to ask for the deletion of your data which is no longer required by GASCO.
• Right to Withdraw Consent – This right provides you with the ability to withdraw your previously given consent for processing of your personal data for a specific purpose.

 

10. Children’s Data

GASCO and its subsidiaries neither collect children’s data nor are our platforms directed to, likely to be accessed by, or intended for children. If you believe that we are collecting or processing children’s data, please contact us as indicated in the “Contact Us” section.

 

11. Data Security Measures

We recognize the critical importance of safeguarding personal data and maintaining the trust of stakeholders and have increasingly embraced comprehensive strategies and newer technologies that encompass both due diligence and due care principles. We have implemented rigorous measures to assess risks, proactively address vulnerabilities, and continuously improve data security practices to protect our digital assets.

We restrict access to your personal data to our employees, affiliates, and third-party service providers who reasonably need it to support the site or provide our products or services. We have implemented security policies, risk management programs, and physical, administrative, and technical safeguards to protect your personal data from unauthorized access.

 

12. Automatic Data Collection

Some of our websites and applications automatically collect certain data to improve your user experience. This includes using cookies and similar technologies to track how you interact with our platforms. Such data helps us enhance our services and understand user behavior better.

 

13. Contact Us

To exercise your data subject rights or for any other assistance, including questions or concerns about this Privacy Notice or your personal data, please reach out to our designated Data Protection Officer at the following contact:

• Send us an email at pdplrequest@gasco.com.sa
• Mailing us a hard copy letter at:
  “331 Prince Abdulaziz Ibn Musaid Ibn Jalawi St, Al Olaya, Riyadh 12221”

 

14. Changes to the Privacy Notice

We may update this privacy notice periodically. Any changes will be posted on this page with an updated effective date. We update our privacy notice whenever there are changes in relevant laws or our business practices, and notice of any updates to this Privacy Policy will be posted on our website.