News & Events Careers عربي

Privacy Policy

  • Privacy Policy

Introduction

EIC, its subsidiaries and branch operations hereinafter referred as, ‘we’, ‘us’ or ‘our’ is committed to respect your privacy and choices. The privacy statement highlights our privacy practices regarding Personal Information that we collect and process depending on your association with EIC and nature of processing activity in compliance to applicable data privacy regulations. If you have any questions or concerns about this privacy policy or your personal data, please contact us at: privacy@eic.com.sa

What Personal Data we collect?

We, at EIC and its subsidiaries, collect and maintain various categories of personal data, including high-risk personal data (meaning special category or sensitive personal data), about you during your recruitment, employment, and engagement with our organization. This data is necessary for administrative, legal, operational, and business purposes


Identification and Contact Details

Full name, gender, nationality, marital status, religion (if applicable), date and place of birth, government-issued identification numbers (e.g., Iqama, National ID, Passport), place of issue, personal photo, email address, telephone number(s), and home address.


Employment and HR Data

Job title, department, employee ID, organizational unit, employment start date, contract details, records of promotions, transfers, resignations or terminations, and reason for separation.


Recruitment and Qualifications Information

CVs, cover letters, education history, degrees and certifications, previous employment records, job applications, professional memberships, and references.


IT and Systems Access Records

IT request forms, system access requests and approvals, username/employee ID, system roles, login records, and internal help desk tickets.


Compensation and Benefits

Salary details, bank account information, records of salary reviews and bonuses, benefits entitlements, family care and health insurance details (including names and birthdates of dependents), annual leave, sick leave, and other time-off records.


Surveillance and Monitoring Data

CCTV footage at office premises, building entry/exit logs, application and system activity logs, communications logs (email and instant messaging where applicable), and internet usage logs.


Special Category Data (Sensitive Personal Data)

Racial or ethnic origin and religious beliefs (when collected for diversity and inclusion purposes), biometric data such as fingerprints (for attendance systems), and criminal background data from pre-employment screenings or access control monitoring.


Customer and Supplier Engagement Data

For employees interacting with external clients and suppliers, we may also collect, and store data related to:

  • Purchase Orders, Contracts, and Quotations issued or reviewed.
  • Customer or supplier employee contact details.
  • Maintenance and QA checklists you have completed.
  • Records related to vendor or client communications.


Purposes of processing your personal data and the legal basis for processing

We, at Electrical Industries Company (EIC) and its subsidiaries process your personal data to manage our employment relationship with you in a lawful, fair, and transparent manner. The data is processed for employment-related purposes, legal obligations, and legitimate business interests, throughout the duration of your employment and, where necessary, after its termination.

Processing is carried out under one or more of the following legal bases:

  • To fulfill our obligations under your employment contract
  • To comply with applicable legal or regulatory requirements
  • To pursue the legitimate interests of the company (e.g., operational efficiency, security, compliance)
  • Based on your explicit consent, where required (e.g., for processing sensitive data or diversity information)

    • If you do not provide the necessary personal data, we may not be able to meet our contractual or legal obligations, and we will inform you of the consequences of such cases.


    Payroll and Benefits Administration

    To process your salary, allowances.

    Legal Basis: Contractual necessity and legal obligation.


    Recruitment and Background Checks

    To validate your credentials, conduct identity, employment, education, and criminal background checks as allowed by law.

    Legal Basis: Legitimate interest and legal obligation.


    Employment and HR Records Maintenance

    To maintain records such as employment history, contracts, correspondence, performance evaluations, and training logs.

    Legal Basis: Contractual necessity and legitimate interest.


    Disciplinary and Grievance Procedures

    To manage employee relations including investigations, disciplinary actions, and grievance handling.

    Legal Basis: Legitimate interest and legal obligation.


    Monitoring and Surveillance

    To ensure safety, protect assets, and maintain operational security through:

    • CCTV surveillance in company premises
    • Access control systems and time tracking
    • Monitoring of corporate systems, emails, and internet use (where permitted by law)

    Legal Basis: Legitimate interest and legal obligation.


    Audit and Regulatory Compliance

    To conduct internal and external audits, ensure compliance with laws (e.g., labor regulations, tax, health and safety), and respond to regulatory authorities.

    Legal Basis: Legal obligation and legitimate interest.


    Policy Compliance and Enforcement

    To monitor adherence to company policies (e.g., Acceptable Use Policy, Code of Conduct, Information Security Policy).

    Legal Basis: Legitimate interest.


    Crime Reporting and Legal Proceedings

    To report criminal activity or cooperate with law enforcement and legal authorities where required by national law.

    Legal Basis: Legal obligation.


    Monitoring

    At Electrical Industries Company (EIC) and its subsidiaries, we have implemented a range of security and monitoring measures to protect our premises, systems, business operations, and personal data. These measures are designed to detect, prevent, and respond to unauthorized access, data breaches, and other cybersecurity threats, while ensuring compliance with internal policies and legal obligations.


    System and Network Security Monitoring

    We continuously monitor our IT infrastructure—including emails, endpoints, applications, and networks owned or managed by EIC and its subsidiaries—for security threats such as:

    • Malware and ransomware
    • Phishing attempts
    • Unauthorized access
    • Data leakage or misuse
    • Non-compliance with internal policies


      • Activity Logs and Audit Trails

      All user activity on EIC-managed systems is logged to maintain audit trails, including:

      • System login/logout times
      • Access to applications, files, and websites
      • Use of privileged credentials (where applicable)


        • CCTV Surveillance

        Closed-Circuit Television (CCTV) is in operation at company premises for the purpose of physical security and safety. CCTV may capture video images of employees, visitors, and third parties. These recordings are only accessed and reviewed in the event of an incident or where there is a legitimate need (e.g., investigation, safety concern, or regulatory requirement).


        Legal Basis for Monitoring

        The monitoring measures described above are necessary for:

        • Protecting the legitimate interests of the company in maintaining the confidentiality, integrity, and availability of systems and data;
        • Ensuring compliance with legal and regulatory requirements (e.g., labor law, data protection, and cybersecurity obligations);
        • Protecting employee safety and business assets;
        • Safeguarding personal data stored or processed within company systems.


          • Security

          We have implemented industry-standard security measures to keep your personal data secure and confidential, including and not limited to:

          • Limiting access to your personal data, to EIC’s employees strictly on a need-to-know bases, such as to respond to your inquiry or request.
          • Implemented physical, electronic, administrative, technical, and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure, and destruction.
          • EIC employees who misuse personal data are subject to strict disciplinary action, as it is a violation of the Data Privacy Policy of EIC


            • Who We May Share Your Personal Data With

            We may share your personal data, where necessary and lawful, with the following:

            • Internal Teams within EIC and its affiliates strictly on a need-to-know basis.
            • Authorized Service Providers such as cloud service providers, HR systems vendors, background check providers, payroll processors, and IT support.
            • Government Authorities including regulatory bodies, tax authorities, and law enforcement, as required by law.
            • Auditors (internal or external) for compliance and operational reviews.
            • Clients and Business Partners, where contractually necessary.
            • Contractors under confidentiality obligations.
            • In Corporate Transactions such as mergers, acquisitions, or reorganizations, where personal data may be shared or transferred with appropriate safeguards.


              • Data Transfer

              We may transfer your Personal Data to countries outside your jurisdiction and to our authorized vendor servers which may have different data protection standards to those which apply to your jurisdiction. We shall take the necessary steps to ensure confidentiality and security of the transferred data.


              Period for which the personal data will be stored

              We store personal data in line with Local Law requirements. Your personal data will be collected, stored, and processed by us while you are an employee. If the tenure of employment completes or terminated, we will securely delete/destroy your employment records and related documents containing your personal data as soon as feasible.


              What are your privacy rights?

              EIC would like to make sure you are fully aware of all your privacy rights, which include:

              • The right to access: You have the right to request a copy of your personal data.
              • The right to rectification: If you believe that the data we hold about you may not be up to date, accurate, or complete, you may contact EIC for a correction of that data. Upon receipt of this request, we will investigate and resolve the issue within business days. We make good-faith efforts to provide you with ways to update your personal data, although some changes may require personal contact with a EIC representative.
              • The right to erasure or restrict processing of data: You have the right to request EIC to erase or restrict the processing of your personal data under certain conditions, including proving that the data was reported to EIC by mistake. However, exercising this right may impact your access to some of our services.
              • The right to object: You have the right to object to EIC’s processing of your personal data under certain conditions.
              • The right to withdraw consent at any time (where processing is based on consent): Where we process personal data based on your consent, you have the right to withdraw that consent at any time.


              How do you contact us?

              In case of any queries related to this policy, you can contact our Data Privacy Office.

              Email us at privacy@eic.com.sa


              Changes to this policy

              We will notify you of changes we may make to this privacy notice/policy where required, however, we would recommend that you look back at this notice from time to time to check for any updates.