Introduction

Prosys is committed to protecting the privacy of users who interact with its website prosys-sa.com  and its affiliated applications: Sudad and Rotab.
This Privacy Policy explains how we collect, use, process, store, and share personal data and corporate data in accordance with the Saudi Personal Data Protection Law (PDPL).

1. Definitions

For the purposes of this Policy:

• User: Any individual or company representative using Prosys services.

• Client: A company or institution subscribing to Sudd or Rotab services.

• Personal Data: Any information that identifies an individual directly or indirectly.

• Employee Data: HR records processed within the Sudad application.

• Delegate Data: Courier/driver information processed within the Rotab application.

• Processing: Any operation performed on personal data such as collection, storage, use, sharing, or deletion.

2. Data We Collect

2.1 Client (Company) Data

• Commercial registration details

• Authorized representative information

• Subscription contracts

• Billing and payment data

• Employee and delegate counts

2.2 Sudad (HR SaaS Application) Data

• Employee profiles (name, phone, email, employee ID, job title)

• Attendance and time-tracking records

• Payroll, compensation, and benefits data

• Leave records and performance evaluations

• Uploaded documents and files

• Activity logs and audit trails

Legal Notice:
The client is responsible for obtaining consent from its employees. Prosys acts as a “Data Processor” on behalf of the client under PDPL.

2.3 Rotab (Delegate Management Application) Data

• Delegate basic information (name, phone number, vehicle data)

• Location data (optional and user-approved)

• Delivery and task logs

• Photos or documents uploaded as proof

• Availability and operational status

2.4 Technical Data

• IP address

• Device type and operating system

• Browser settings and language

• Device fingerprinting

• Approximate location

• Cookies and similar technologies

2.5 Financial Data

​Payment card information is not stored on our systems.

Payments are processed via licensed third-party providers.

3. Legal Bases for Data Processing

We process data based on:

• Explicit user consent

• Contractual necessity

• Compliance with applicable regulations

• Protection of legitimate interests

• Service improvement

• Cybersecurity and fraud prevention

4. How We Use the Data

4.1 Sudad (HR Application)

• HR operations management

• Employee attendance tracking

• Payroll processing

• Employment records administration

• Generating HR reports

• Communication between employees and management

• Fulfilling regulatory obligations

4.2 Rotab (Delegate Management Application)

• Assigning and tracking field tasks

• Recording delivery confirmations

• Monitoring delegate activity

• Creating operational reports

• Improving logistics and workforce efficiency

4.3 Prosys Website

• Account management

• Customer support

• Improving website performance

• Security monitoring and error debugging

5. Data Sharing

​We do not sell or trade personal data.

Data may be shared only with:

​5.1 Authorized Third-Party Processors

Such as:

• Hosting providers

• SMS gateways

• Payment processors

• Email service providers

• ​Security monitoring tools

5.2 Government Authorities

When required by applicable Saudi laws.

5.3 Internal Teams

Under strict access controls and confidentiality rules.

The data is never sold or traded.

6. Data Storage & Retention

• Data is stored in secure servers located inside the Kingdom or in PDPL-compliant cloud environments.

• Data is retained for the duration of the service contract.

• After cancellation, data is retained for 6 months unless the client requests earlier deletion or laws require otherwise.

7. Data Security

Prosys implements strict security controls, including:

• Encryption in transit and at rest

• Multi-layer firewalls

• Role-based access control

• Security monitoring and logging

• Regular backups

• Penetration testing

• Incident detection mechanisms

8. User Rights Under PDPL

Users have the right to:

• Access a copy of their personal data

• Request data correction

• Request deletion (unless restricted by law or contract)

• Request processing limitation

• Withdraw consent

• Understand how their data is processed

• File a complaint with SDAIA

Requests can be submitted via:
 📧 [email protected]

9. International Data Transfers

Data is not transferred outside Saudi Arabia except when:

• Required to provide the service

• The receiving country ensures adequate data protection

• Regulatory approvals are obtained

• Transfers comply fully with PDPL requirements

10. Client (Company) Responsibilities

Clients are legally responsible for:

• Obtaining employee/delegate consent

• Ensuring data accuracy

• Not uploading unlawful or unauthorized data

• Informing users of how their data is used

• Protecting access credentials

• Avoiding misuse of the system

11. Prosys Responsibilities

Prosys is not liable for:

• Errors introduced by clients

• Unlawful use of the service

• Data inaccuracies provided by clients

• Sharing account credentials with others

• Losses resulting from misuse outside intended system functionality

12. Policy Amendments

​Prosys reserves the right to update or modify this Privacy Policy at any time.
Users will be notified in case of significant updates.

13. Contact Information

Prosys
Website: prosys-sa.com
Email: [email protected]