Privacy Policy
Privacy Policy
Effective Date: 8 July 2025
Below you will find a comprehensive privacy policy in English first, followed immediately by the full Arabic text. Both versions carry equal legal weight.
⸻
1. Who We Are
Atmet for Integrated Automation Solutions Co. (“Atmet”, شركة الجيل المبتكر لتقنية المعلومات ) is a private Saudi company (CR 1009091658) headquartered in Riyadh, Kingdom of Saudi Arabia. We build factory-automation systems and AI Agents for clients in the Gulf, Middle East and worldwide.
Contact our Data Protection Officer (DPO) at privacy@atmet.sa or +966-11-000-0000.
Under Saudi Arabia’s Personal Data Protection Law (PDPL) we are a “Controlling Entity”; under the EU GDPR we are a “Data Controller”. 
⸻
2. Scope
This policy explains how we collect, use, store, share, transfer, and protect any information that can identify you (“Personal Data”) when you: (a) visit atmet.sa or any sub-domain; (b) use our software or AI Agents; (c) communicate with us by e-mail, WhatsApp, phone or social media; or (d) attend an Atmet event.
It applies to:
• Individuals in the Kingdom of Saudi Arabia (PDPL)
• Individuals in the European Economic Area (GDPR)
• California residents (CCPA)
• Any other region where local law affords you additional rights
⸻
3. What Data We Collect
Category Typical Elements Legal Basis* Primary Purpose
Identification name, national ID, Iqama, passport, job title Consent / Contract Art. 6 (1)(a)(b) GDPR; PDPL Arts. 5-10 Account creation, proposals
Contact e-mail, phone, postal address, WhatsApp Same Quotations, support
Commercial invoices, purchase orders, SIRI assessment data Contract Performance of services
Technical IP, device ID, browser, cookies, usage logs Legitimate interest Art. 6 (1)(f) Site security, analytics
Marketing preferences, engagement history Consent / Opt-in Campaign optimisation
*Always interpreted in line with PDPL consent requirements. 
⸻
4. How We Collect Data
• Directly from you – forms, contracts, chat, WhatsApp, events.
• Automatically – cookies, pixels, server logs.
• Third parties – resellers, public databases, LinkedIn, Manus AI Community.
We do not buy random marketing lists.
⸻
5. Why We Use Your Data
Purpose Explanation (examples)
Service delivery Configure AI Agents, integrate with Twilio or n8n, perform SIRI audits.
Customer support Respond to tickets, WhatsApp chats, phone calls.
Compliance & risk Sanction screening, KYC, export-control checks (PDPL Art 37).
Marketing & events Send product updates, Manus Fellowship announcements (opt-out anytime).
R&D / AI training Improve our models; we anonymise or aggregate whenever possible.
⸻
6. Cookies & Tracking
We use first-party and limited third-party cookies (Google Analytics 4, Microsoft Clarity) for session management and performance. You can manage preferences in our banner or through your browser settings.
⸻
7. Sharing & Disclosure
We never sell personal data. We may share only with:
• Cloud platforms (Oracle ME—Riyadh, AWS eu-central-1) for hosting.
• Communication vendors (Twilio, WhatsApp Business).
• Payment processors (Stripe, HyperPay).
• Professional advisers (auditors, legal counsel).
• Regulators if legally required (e.g., SDAIA, ZATCA).
All international transfers rely on adequate safeguards—Standard Contractual Clauses (GDPR) or PDPL Data Transfer Regulation, Sept 2024. 
⸻
8. Retention Period
We keep data only as long as necessary for the stated purpose or as required by Sharia-compliant accounting rules:
• Marketing data – 24 months from last interaction
• Contractual & invoicing – 10 years (ZATCA)
• Technical logs – 12 months (cyber-security)
⸻
9. Security Measures
• ISO 27001-aligned controls
• AES-256 encryption at rest, TLS 1.3 in transit
• Role-based access, MFA for staff
• Regular penetration testing
• 72-hour breach notification to SDAIA and data subjects per PDPL Art 31 
⸻
10. Your Rights
Under PDPL & GDPR you can:
1. Access a copy of your data
2. Request correction or completion
3. Request deletion (within legal limits)
4. Object to processing or direct marketing
5. Withdraw consent at any time
6. Data portability (machine-readable copy)
7. Complain to SDAIA or another supervisory authority
To exercise any right, e-mail privacy@atmet.sa with proof of identity. We answer within 30 days (PDPL) or one month (GDPR).
⸻
11. Automated Decision-Making
Our AI Agents may generate automated recommendations (e.g., factory-process optimisation). Human oversight is always available, and no purely automated decision produces legal or similarly significant effects without your express consent.
⸻
12. Children’s Privacy
Atmet services are not directed to children under 15. We do not knowingly collect their data.
⸻
13. Links to Other Sites
Our site may include links to third-party pages. We are not responsible for their privacy practices. Please read their policies.
⸻
14. Changes to This Policy
We will post any future updates here and, when material, notify you by e-mail or website banner at least 30 days before they take effect.
⸻
15. Contact
Questions? privacy@atmet.sa
Data Protection Officer, Atmet, Riyadh 11461, Saudi Arabia.
Effective Date: 8 July 2025
Below you will find a comprehensive privacy policy in English first, followed immediately by the full Arabic text. Both versions carry equal legal weight.
⸻
1. Who We Are
Atmet for Integrated Automation Solutions Co. (“Atmet”, شركة الجيل المبتكر لتقنية المعلومات ) is a private Saudi company (CR 1009091658) headquartered in Riyadh, Kingdom of Saudi Arabia. We build factory-automation systems and AI Agents for clients in the Gulf, Middle East and worldwide.
Contact our Data Protection Officer (DPO) at privacy@atmet.sa or +966-11-000-0000.
Under Saudi Arabia’s Personal Data Protection Law (PDPL) we are a “Controlling Entity”; under the EU GDPR we are a “Data Controller”. 
⸻
2. Scope
This policy explains how we collect, use, store, share, transfer, and protect any information that can identify you (“Personal Data”) when you: (a) visit atmet.sa or any sub-domain; (b) use our software or AI Agents; (c) communicate with us by e-mail, WhatsApp, phone or social media; or (d) attend an Atmet event.
It applies to:
• Individuals in the Kingdom of Saudi Arabia (PDPL)
• Individuals in the European Economic Area (GDPR)
• California residents (CCPA)
• Any other region where local law affords you additional rights
⸻
3. What Data We Collect
Category Typical Elements Legal Basis* Primary Purpose
Identification name, national ID, Iqama, passport, job title Consent / Contract Art. 6 (1)(a)(b) GDPR; PDPL Arts. 5-10 Account creation, proposals
Contact e-mail, phone, postal address, WhatsApp Same Quotations, support
Commercial invoices, purchase orders, SIRI assessment data Contract Performance of services
Technical IP, device ID, browser, cookies, usage logs Legitimate interest Art. 6 (1)(f) Site security, analytics
Marketing preferences, engagement history Consent / Opt-in Campaign optimisation
*Always interpreted in line with PDPL consent requirements. 
⸻
4. How We Collect Data
• Directly from you – forms, contracts, chat, WhatsApp, events.
• Automatically – cookies, pixels, server logs.
• Third parties – resellers, public databases, LinkedIn, Manus AI Community.
We do not buy random marketing lists.
⸻
5. Why We Use Your Data
Purpose Explanation (examples)
Service delivery Configure AI Agents, integrate with Twilio or n8n, perform SIRI audits.
Customer support Respond to tickets, WhatsApp chats, phone calls.
Compliance & risk Sanction screening, KYC, export-control checks (PDPL Art 37).
Marketing & events Send product updates, Manus Fellowship announcements (opt-out anytime).
R&D / AI training Improve our models; we anonymise or aggregate whenever possible.
⸻
6. Cookies & Tracking
We use first-party and limited third-party cookies (Google Analytics 4, Microsoft Clarity) for session management and performance. You can manage preferences in our banner or through your browser settings.
⸻
7. Sharing & Disclosure
We never sell personal data. We may share only with:
• Cloud platforms (Oracle ME—Riyadh, AWS eu-central-1) for hosting.
• Communication vendors (Twilio, WhatsApp Business).
• Payment processors (Stripe, HyperPay).
• Professional advisers (auditors, legal counsel).
• Regulators if legally required (e.g., SDAIA, ZATCA).
All international transfers rely on adequate safeguards—Standard Contractual Clauses (GDPR) or PDPL Data Transfer Regulation, Sept 2024. 
⸻
8. Retention Period
We keep data only as long as necessary for the stated purpose or as required by Sharia-compliant accounting rules:
• Marketing data – 24 months from last interaction
• Contractual & invoicing – 10 years (ZATCA)
• Technical logs – 12 months (cyber-security)
⸻
9. Security Measures
• ISO 27001-aligned controls
• AES-256 encryption at rest, TLS 1.3 in transit
• Role-based access, MFA for staff
• Regular penetration testing
• 72-hour breach notification to SDAIA and data subjects per PDPL Art 31 
⸻
10. Your Rights
Under PDPL & GDPR you can:
1. Access a copy of your data
2. Request correction or completion
3. Request deletion (within legal limits)
4. Object to processing or direct marketing
5. Withdraw consent at any time
6. Data portability (machine-readable copy)
7. Complain to SDAIA or another supervisory authority
To exercise any right, e-mail privacy@atmet.sa with proof of identity. We answer within 30 days (PDPL) or one month (GDPR).
⸻
11. Automated Decision-Making
Our AI Agents may generate automated recommendations (e.g., factory-process optimisation). Human oversight is always available, and no purely automated decision produces legal or similarly significant effects without your express consent.
⸻
12. Children’s Privacy
Atmet services are not directed to children under 15. We do not knowingly collect their data.
⸻
13. Links to Other Sites
Our site may include links to third-party pages. We are not responsible for their privacy practices. Please read their policies.
⸻
14. Changes to This Policy
We will post any future updates here and, when material, notify you by e-mail or website banner at least 30 days before they take effect.
⸻
15. Contact
Questions? privacy@atmet.sa
Data Protection Officer, Atmet, Riyadh 11461, Saudi Arabia.