Contents
1. Definitions
2. Purpose
3. Scope and changes
4. The principles to be applied in the processing of personal data
5. Purpose of processing personal data
6. Transfer of personal data
7. Rights of Data Owners
8. Privacy
9. Security and safety
10. Controls and audits
11. Data Breach Management
12. Obligation to register in the Data Controllers Register

1- Definitions
● Express consent
It is the consent that is based on information and expressed with free will about a particular subject.
● Anonymity
It is the process by which personal data cannot be linked to an identified or identifiable real person under any circumstances, even by matching it with other data.
● Personal data
It is all kinds of information that belongs to a real person who is being identified or identified.
● Personal data of a special nature
Race, ethnicity, political opinion, philosophical belief, religion, caste or other beliefs, clothing, associations, institution or union membership, health, sex life, criminal convictions and security measures, biometric and genetic data are data of a private nature.
● Processing of personal data
Any operation performed on personal data such as obtaining, recording, storing, saving, altering, rearranging, disclosing, transferring, taking over, making available, categorizing or preventing the use of personal data by fully or partially automatic means or by non-automatic means, provided that it is part of any data logging system.
● Committee
Personal Data Protection Council
● policies
Group EVEXL - Company EVEXL. (hereinafter referred to as “EVEXL”) is the Personal Data Protection and Processing Policy.
● Data processor
It is the natural or legal person who processes the personal data on behalf of the data controller based on the authority granted to him.
● Data Monitor
The data controller is the person who determines the purposes and means of processing personal data and who systematically manages the place where the data is kept (data recording system).

2- Purpose
The EVEXL policy was created in order to define the basic principles and implementation principles that must be adopted to ensure compliance with the obligations imposed on data controllers.

3- Scope and changes
This policy relates to all personal data of our current and potential customers, our employees, shareholders, officials of organizations we cooperate with and third parties processed automatically or by non-automatic means provided they are part of any data recording system. EVEXL reserves the right to make changes in the protocol

4- The principles to be applied in the processing of personal data
EVEXL will collect and process personal data lawfully and fairly in order to protect the rights of data subjects, and when carrying out these activities, taking into account the principles of proportionality and necessity.
Where our company EVEXL adopted the following principles in the collection, processing and analysis of personal data, in accordance with the law and the rules of integrity:
Purpose-specific restrictions
Personal data may only be processed for the purposes identified prior to data collection. Further changes are possible only to a narrow extent and with justification.
• Honesty and transparency
Data subjects must be informed in detail before collecting and processing their personal data of the following:
1. The identity of the data controller and his representative, if any.
2. The purpose of processing personal data.
3. To whom and for what purpose the processed personal data is transferred.
4. The method and legal reason for collecting personal data.
• The data economy
Before processing personal data, you must determine whether and to what extent the processing is necessary to achieve the purpose. Where the purpose is acceptable and proportionate, anonymised or statistical data may be used.
• Delete personal data
After the periods stipulated by relevant laws for record-keeping obligations and evidentiary procedures have expired, personal data that is no longer necessary is deleted, destroyed or anonymised.
• Accuracy and timeliness of data
Personal data must be accurate, complete and, if known, up-to-date. It should be ensured that inaccurate or incomplete data is deleted, corrected, completed or updated.
• Privacy and data security
Personal data shall be stored and kept as confidential information. Personal data shall be protected by taking the necessary administrative and technical measures to prevent unauthorized access, illegal transactions, sharing, accidental loss, alteration or destruction and maintain its confidentiality on a personal level.

5- Purpose of processing personal data
Personal data will be collected and processed within the scope of the advertising text and the purposes listed below.
Customer and partner data
Data processing for the contractual relationship:
Personal data of existing and potential customers and business partners (in the case of a business partner is a legal entity, the business partner's authority) may also be processed for the establishment, performance and termination of a contract without obtaining consent. Personal data in the contract initiation phase prior to the contract, may be processed for the purpose of preparing an offer, preparing a purchase form or fulfilling the requirements of the data owner in connection with the performance of the contract. Data owners may be contacted in light of the information they provide during the contract preparation process.
Data processing for advertising purposes:
- Personal data is processed for advertising or market and public opinion surveys only if the purpose for which such information is collected is compatible with those purposes.
- The data owner is informed that the information will be used for advertising purposes. Data owners may refrain from giving their declared data to be used for advertising purposes or consent to its processing.
For data processed for advertising purposes, the express consent of the data owner must be obtained.
- The data controller will be able to obtain the express consent of the data owner in this regard by post, e-mail or telephone.
It is forbidden to use personal data for advertising purposes without the express consent of the data owner.
Data processing due to our legal obligations or as expressly provided by law:
Personal data may be processed without separate consent in order to clearly define the processing in the relevant legislation or to fulfill a legal obligation established by the legislation. The type and scope of data transactions are necessary for legally permissible data processing activity and compliance with relevant legal provisions.
Principle of legitimate interest in processing personal data:
Personal data may also be processed without additional consent when this is necessary for a legitimate interest of EVEXL.
Processing of data of a special nature:
The processing of personal data of a special nature is carried out provided that appropriate measures determined by the Committee are taken. Where personal data of a private nature relating to the health and sexual life of persons may only be processed in the absence of express consent by persons bound by confidentiality or authorized institutions and organizations; For the purpose of protecting public health, preventive medicine measures, medical diagnosis, treatment and care services, and planning, managing and financing health services.
Data processed exclusively by automated automated systems:
The processing of personal data obtained through automated automated systems will not make the use of such data in business and processing that adversely affects the owner of the personal data justified and lawful. Where the owner of the personal data has the right to object to the occurrence of a result against him by analyzing the processed data exclusively by automated automated systems. In line with the request of the personal data owner, EVEXL will strive to take the necessary measures.
User and internet information:
- In the event of collecting, processing and using personal data on the website or applications, users who have personal data must be informed of the use of the information they have saved on the website and the privacy statement and cookies.
- The privacy statement and cookie information are combined in a way that is easily identifiable, directly accessible and always available to the person concerned.

Principles relating to the processing of personal data of employees
- In the period of creation, implementation and termination of the employment contract, it is necessary to collect and process personal data of employees. Where it is not permissible to obtain the express consent of the employees on this.
The personal data of potential employees nominated in job applications is also processed. In the event that a candidate's job application is rejected, the personal data obtained during the application is retained for the appropriate data retention period for a later selection stage, and at the end of this period, is deleted, destroyed or anonymized.
The following principles must be observed when processing personal data relating to employees:
1. Data transactions expressly provided for by law and carried out due to legal obligations:
An employee's personal data may be processed without separate consent in order to clearly define the processing in the relevant legislation or to fulfill a legal obligation established by the legislation.
2. Data processing in accordance with legitimate interest:
Employees' personal data may be processed without separate consent in cases where EVEXL has a legitimate interest. Legitimate interests are usually interests of a legal or economic nature. In personal cases where the interests of employees need to be protected, it is determined whether there are interests that require protection before the data is processed. If employee data is processed on the basis of EVEXL's legitimate interest it must be examined whether such processing is proportionate and it must be verified that the legitimate interest does not infringe a right of the employee concerned which must be protected.
3. Processing of data of a special nature:
Personal data of a private nature is only processed under certain conditions. Data relating to race and ethnicity, political opinion, religion, philosophical belief, caste or other beliefs, clothing, membership in associations, institutions or trade unions, health, sex life, criminal convictions and security measures, biometric and genetic data are defined as data of a special nature.
Personal data of a special nature can only be processed if there is an express consent of the employee and by taking the necessary administrative and technical measures. In specified cases, personal data of a special nature may be processed even if there is no express consent of the employee.
Personal data of a special nature relating to the health and sexual life of the employee shall be used only by persons bound by confidentiality or authorized institutions and organizations for the purpose of public health protection, preventive medicine procedures, medical diagnosis, treatment and care services, planning, management and financing of health services.
4. Data processing exclusively through automated systems:
If personal data relating to employees is processed exclusively through automated systems as part of employment relations, the employee has the right to object to a finding against him or to a result created using such data.
5. Telecommunications and the Internet:
EVEXL provides telephone, e-mail and Internet equipment, as well as intranets, primarily for business-related functions. These are the study tools and resources for EVEXL. These tools must be used in accordance with EVEXL statutory and internal regulations. There is no general oversight of telephone communications, emails, or Internet use.
In order to prevent attacks against IT infrastructure or individual users, preventive measures are taken when switching to the EVEXL network, blocking technically harmful content or analyzing attack modeling.
Assessments of such data about a person are made only if there is substantial doubt, and the relevant departments implement these controls only under the condition that the principle of proportionality is maintained.
6. Prohibition of access to personal data:
EVEXL processes, protects and maintains the personal data it collects with the legal obligations, legitimate interests and express consent of its employees, in accordance with the purposes for which it was collected, and shares personal data only with the consent of the employees concerned. The relevant employee will be personally liable for actions performed by the employee within the scope of the job description and any action and transaction he performs in connection with permission to access or unnecessary personal data in cases where EVEXL does not have express written permission. Therefore, employees must be provided with regular training on unlawful disclosure and sharing of personal data, and a disciplinary period must be established in the event that the employee does not comply with the safety policies and procedures.

6- Transfer of personal data
Personal data will be transferred to a third party other than EVEXL within the scope of the purposes and objectives mentioned below in the clarification text. Accordingly, EVEXL will be able to transfer personal data to the following persons and organizations for certain purposes:
- To suppliers used by EVEXL from the source and who provide products and services necessary for EVEXL to carry out its business activities.
- For EVEXL affiliates, which is limited to ensuring the implementation of business activities that require the participation of EVEXL affiliates.
- For EVEXL shareholders, limited to the design of strategies and audit purposes for business activities.
- To legally authorized public institutions and organizations, limited to the purpose required by the relevant public institutions and organizations within their legal authority.
- To persons who are legally authorized under private law limited to the purpose for which the persons concerned by private law within their legal authority apply.
Your personal data processed by EVEXL will be transferred to foreign countries with adequate protection by the Board of Directors after being made public. Personal data cannot be transferred to countries and regions where it is declared that there is insufficient protection, in cases where the data owner has given consent or where the data controllers in Saudi Arabia or the relevant foreign country have done the relevant protection in writing and permission from the relevant committee is available, the company may use EVEXL also provides a cloud storage service to process your personal data.

 
7- Rights of data owners
1. Know whether their personal data is being processed.
2. Request information on this if their personal data is processed.
3. Find out the purpose of processing personal data and whether these objects are used in accordance with their purpose.
4. To know the third parties to whom the personal data is transferred at home or abroad.
5. Request correction in case of incomplete or incorrect processing of personal data and request notification of the transaction carried out in this context to the third parties to whom the personal data was transferred.
6. Request deletion or destruction of personal data in the event that the reasons requiring its processing disappear, and request notification of the transaction that took place within this scope to the third parties to whom the personal data was transferred.
7. Objection to the occurrence of a result against the same person in the event that the processed data is analyzed exclusively by automated automated systems.
8. Request to remove the damage if it occurred due to illegal processing of personal data.
And if a request in that direction reaches EVEXL, EVEXL must respond to the incoming request within the specified time limit. Therefore, EVEXL will provide data subjects with the necessary details about the use of the above-mentioned rights and the manner in which requests received are evaluated.
The exceptions to the above rights granted to the personal data holders are set out below, and in such cases EVEXL is under no obligation to respond to the data subjects' requests:
1. Processing personal data for purposes such as research, planning and statistics by making it anonymized in official statistics.
2. Processing personal data for artistic, historical, literary, or scientific purposes, or within the scope of freedom of expression, provided that it does not violate national security, public security, public order, economic security, privacy, personal rights, or does not lead to a crime.
3. Processing personal data within the scope of preventive and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order and economic security.
4. Processing of personal data by judicial or enforcement authorities in connection with investigation, prosecution, trial or enforcement proceedings.
The persons concerned cannot claim their other rights, except for the right to claim compensation for damage as follows:
1) The processing of personal data is necessary for the prevention of crime or for the investigation of a crime.
2) the processing of personal data that the owner of the personal data himself publishes.
3) The processing of personal data is necessary for carrying out supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authority granted by law.
4) The processing of personal data is necessary to protect the economic and financial interests of the state in relation to budgetary, tax and financial matters.
To sign the aforementioned rights of the owners of personal data after completing the personal data request form available on our website at the following domain: evexl.com (link) they will be able to send it to EVEXL manually or by registered letter with a retrieval receipt, together with a photocopy of their ID.
In requests made on behalf of someone other than the owner of personal data, the real owner must have a power of attorney presented by the person. EVEXL may request additional information from the person concerned in order to determine whether the applicant is the owner of the personal data or not, and may ask the owner of the personal data questions in relation to its application in order to clarify the problems identified in the application. EVEXL will complete the order free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the order.

 8. Privacy
- Personal data is subject to confidentiality.
Employees are prohibited from collecting, processing or using data without permission. Unauthorized use is the processing of unauthorized data, performed by employees outside of their legitimate duties.
Employees can access personal data only if it is appropriate to the scope and nature of the task in question.
Employees are prohibited from using personal data for private or commercial purposes, distributing it to unauthorized persons or otherwise making it available.
Managers must inform their employees of their data protection obligations at the time the business relationship begins, and this obligation continues even after the business relationship ends.


9- Security and safety
EVEXL takes the necessary measures and controls to ensure the appropriate level of security in order to prevent illegal processing of the personal data it processes, to prevent unlawful access to it and to ensure its protection, and to carry out the necessary audits in this context.
This applies regardless of whether data processing is carried out electronically or in writing. Before initiating new methods of data processing, in particular the transition to new IT systems, technical and organizational measures to protect personal data are identified and implemented. These measures are based on recent developments, transaction risks and the need for data protection, as determined by the information classification process. .
Technical and organizational measures for the protection of personal data are part of the Company's Information Security Department which is constantly adapted to technical developments and organizational changes.


10- Controls and auditing
Compliance with the Personal Data Protection and Processing Policy is ensured through regular data protection audits and other controls.


11- Data Breach Management
EVEXL will immediately take the necessary security measures to protect personal data that has been breached and violated in contravention of the privacy policy, as it will notify the person concerned and the relevant committee as soon as possible. For this purpose, it is the responsibility of EVEXL to establish systems and application methods that enable personal data holders to submit their requests and complaints regarding their personal data to them in the shortest and most effective time possible. If the Council deems it necessary, it may be announced on the Council's website or in any other way.


12- Obligation to register in the data controllers register
If EVEXL becomes obligated to register with the Registry of Data Controllers, it will register therein by submitting application information and documentation within thirty days of the date of compliance.