Privacy Policy — B2B Clients
Business Privacy Policy
For contractors and projects
This document explains how Remco handles the business and corporate data of entities registered on the Contractors and Projects Portal, in accordance with the Saudi Personal Data Protection Law (PDPL) and applicable commercial regulations.
🔐 note: This policy complements (and does not cancel) Remco's general privacy policy. The provisions of this document apply to commercial entities registered on the Contractors Portal and take precedence over them in case of conflict.
📋 Index
1 Data we collect from commercial entities
| Data type | Examples | Mandatory |
|---|---|---|
| Business identity data | Company name, type of entity, commercial registration number, tax identification number (VAT) | mandatory |
| Authorized Representative's Data | Full name, job title, mobile number, email address | mandatory |
| Business contact information | Office address, city, official website | Partially optional |
| Project and business data | Project type, expected monthly purchase volume, project notes | optional |
| Transaction data | Orders, invoices, payment records, price quotes | Generated automatically |
| Digital usage data | Login logs, portal activity, IP address | automatic |
We do not collect business registry documents or tax identification numbers as electronic images — we only retain the numbers for verification.
2 The purpose of processing business data
- Business relationship management: Create an account, issue quotes, process orders, issue tax invoices.
- Business identity verification: Verifying the validity of the commercial registration and the legal identity of the entity.
- Tax compliance: Compliance with ZATCA requirements for electronic invoicing and tax reporting.
- Business support: Providing dedicated customer service and order and shipping notifications.
- Service development: Analyzing purchasing patterns to improve the catalog and pricing of businesses.
- Security and protection: Preventing fraud and unauthorized use of the portal.
3 The legal basis for the treatment
Remco's processing of commercial data is based on the following principles, in accordance with the Personal Data Protection Law (PDPL) issued by Royal Decree M/19:
| basis | The app |
|---|---|
| Contract execution | Processing order, invoice, and shipping data |
| legal obligation | Tax disclosure (ZATCA), regulatory compliance |
| legitimate interest | Prevent fraud, improve service |
| Approval | Marketing messages (with the right to cancel) |
📌 Note: Data of business entities (not individuals) may be processed under "legitimate interest" even without explicit consent if the purpose is legitimate business.
4 Sharing data with third parties
Remco does not sell commercial data. Data is shared only in the following cases:
- Shipping partners: Delivery data for order fulfillment — they undertake not to use it for other purposes.
- Technical service providers: Payment gateways, approved electronic billing platforms.
- Government agencies: ZATCA, regulatory authorities, commercial courts where legally required.
- Legal or financial advisors: Under binding confidential agreements only.
All processing partners are contractually bound to the same level of data protection set out here.
5 Data retention period
| Data type | retention period | the reason |
|---|---|---|
| Business account data | Throughout the activity period + 5 years | Contractual obligations |
| Invoices and financial transactions | 10 years | ZATCA requirements and accounting system |
| Commercial Registry Data | Throughout the activity period + 5 years | legal proof |
| Login and security records | 12 months | Security and incident investigation |
| Marketing and communication preferences | Until subscription cancellation | Approval |
After the retention periods expire, the data is deleted or securely anonymized.
6 Data security
Remco takes the following technical and organizational measures to protect commercial data:
- Data encryption during transmission (TLS 1.3) and during storage.
- Limited access to sensitive business data (business registration number, tax identification number) — authorized employees only.
- Periodic reviews of access and permissions.
- A data breach incident response plan — with dual notification (commercial entity + Saudi Data Authority SDAIA) within 72 hours of incident discovery.
- Regular backups are encrypted and stored in a separate environment.
⚠️ Despite the measures taken, absolute protection against all cyber threats cannot be guaranteed. The business is responsible for securing its account login credentials.
7 Commercial entity rights
Commercial entities enjoy the following rights under the PDPL system:
- Right to access: Request a copy of your data that we have stored.
- Right of correction: Correcting any inaccurate or incomplete data.
- Right to delete: Request to delete unnecessary data — subject to legal obligations (ZATCA invoice data cannot be deleted before the end of the legal retention period).
- Right of objection: Object to the processing of your data for marketing purposes at any time.
- Right of transfer: Get your data in a machine-readable format on demand.
To exercise any of these rights: admin@reemco.com.sa With the phrase "Privacy Request — Contractors Portal" mentioned in the title.
Requests are processed within 30 working days. If the request is rejected, the legal reason will be explained.
8 Cookies
The Contractors Portal uses cookies for the following purposes:
- Essential: Login session, security. (Cannot be disabled)
- performance: Portal usage analysis to improve performance.
- Preferences: Save language and display preferences.
Cookies can be managed from your browser settings. Disabling necessary cookies may affect account functionality.
9 Privacy communication
For any inquiries or privacy-related claims:
- 📧 Email: admin@reemco.com.sa — With reference to "Privacy — Contractors Portal""
- 📞 Phone: +966 53 166 4717 Working days: 9 AM - 5 PM
- 🗓️ Response time: Maximum 30 working days
If you are not satisfied with our response, you have the right to file a formal complaint with The Saudi Data and Artificial Intelligence Authority (SDAIA).
العربية 
English