Privacy Policy

Edlaabox

Compliant with Saudi Personal Data Protection Law (PDPL)

1. Introduction and Legal Framework

At Edlaabox, we are committed to protecting your privacy and personal data in accordance with the Saudi Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 9/2/1443H, effective September 14, 2024.

This policy explains how we collect, use, and protect your information when using our electronic voting platform.

Data Controller:
Edlaabox - Electronic Voting Platform
Email: privacy@edlaabox.com

2. Personal Data We Collect

2.1 Basic Personal Data

2.2 Sensitive Data (as defined by PDPL)

We may collect the following data classified as sensitive:

Note: We obtain your explicit consent before processing any sensitive data in accordance with Article (11) of PDPL.

3. Legal Basis for Data Processing

We process your data based on the following legal grounds under PDPL:

Purpose Legal Basis
Identity and eligibility verification Contract performance
Voting operations Explicit consent + Legitimate interest
Sending invitations and notifications Contract + Consent
Governance compliance Legal obligation
Service improvement Legitimate interest

4. Data Protection and Security Measures

We implement strict security measures in accordance with NCA (National Cybersecurity Authority) requirements:

5. Data Sharing and Cross-Border Transfer

5.1 Data Sharing

We do not sell or rent your data. We may share data with:

5.2 Cross-Border Data Transfer

Our Commitment: We store all personal data within Saudi Arabia. If we need to transfer any data outside the Kingdom, we will obtain your prior consent and ensure equivalent protection in accordance with Article (29) of PDPL.

6. Your Rights as a Data Subject

Under the Personal Data Protection Law, you have the following rights:

  • Right to Know: Know the legal basis for collecting your data and its purpose
  • Right of Access: Obtain a copy of your personal data
  • Right to Rectification: Request correction or update of your data
  • Right to Erasure: Request destruction of your data (subject to legal obligations)
  • Right to Withdraw Consent: Withdraw your consent at any time
  • Right to Object: Object to processing of your data
  • Right to Data Portability: Request transfer of your data to another entity

To exercise any of these rights, contact us at: privacy@edlaabox.com

We will respond to your request within 30 days maximum.

7. Data Retention

Data Type Retention Period Reason
Voting records 10 years Governance and audit requirements
Meeting minutes Permanent Legal obligation
Login records 12 months Security and audit
Contact data Until membership cancellation + 1 year Service delivery

8. Data Breach Notification

In case of a data breach affecting your personal data:

9. Cookies

We use only necessary cookies:

We do not use tracking or advertising cookies.

10. Filing Complaints

If you are not satisfied with how we handle your data, you can:

  1. Contact us first at: privacy@edlaabox.com
  2. File a complaint with SDAIA (Saudi Data & AI Authority):

11. Policy Updates

We may update this policy to comply with regulatory changes or our services. We will notify you of any material changes via:

12. Contact Us

For any inquiries about this policy or to exercise your rights:

Last Updated: 2026-07-05
Back to Home