Privacy Policy

Effective Date: February 14, 2025

1. Introduction

Welcome to Pyxos, Inc. ("Pyxos," "we," "our," or "us"). Protecting your privacy is our top priority. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in compliance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (KSA).

This Policy applies to any personal data collected from visitors, customers, employees, business partners, and other stakeholders interacting with Pyxos, whether online or offline. It also describes how individuals can enforce their rights under PDPL and how we address compliance concerns.

We encourage you to read this Policy carefully. If you have any questions, please contact our Data Protection Officer (DPO) at privacy@pyxos.ai.

2. Scope and Applicability

This Policy applies to personal data processed by Pyxos in the following contexts:

  • Websites, Applications, and Online Services: Includes corporate websites, customer portals, and digital platforms owned or operated by Pyxos.

  • Offline Interactions: Covers meetings, conferences, trade shows, and other direct engagements.

  • Employee and Contractor Data: Covers personal data collected for recruitment, payroll, benefits, and internal HR management.

  • Customer and Vendor Relationships: Personal data processed for business transactions, partnerships, and service engagements.

  • Third-Party Data Processing: Personal data received from business partners, affiliates, or public sources under legally permissible conditions.

This Policy does not cover data that we process on behalf of our customers when acting as a data processor. Customers remain responsible for ensuring their compliance with applicable privacy regulations.

3. Categories of Personal Data We Collect

3.1 Personal Information Provided by You

We collect personal data directly from individuals in various ways, which may include but are not limited to:

  • Account and Registration Data: Name, email address, job title, company, and contact details.

  • Transactional Data: Billing information, tax identification numbers, and payment records.

  • Employment Data: Resumes, work history, academic qualifications, and background check information.

  • Communications: Customer service inquiries, feedback, and chat logs.

  • Marketing Preferences: Opt-ins for newsletters, event registrations, and promotional content.

3.2 Information Collected Automatically

When interacting with our services, we automatically collect:

  • Device and Technical Data: IP addresses, browser types, operating systems, and unique identifiers.

  • Usage Data: Page visits, click interactions, session duration, and referral sources.

  • Location Data: If location tracking is enabled, we collect geographic data for service personalization.

  • Cookies and Tracking Technologies: See Section 5 for more information.

3.3 Third-Party Data Sources

We may also collect personal data from:

  • Publicly Available Sources: Government records, professional directories, and social media.

  • Business Partners and Affiliates: Information shared under contractual agreements.

  • Third-Party Service Providers: Analytics providers, advertising networks, and recruitment agencies.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under PDPL:

  • Consent: When explicit permission is required for data collection and processing.

  • Contractual Necessity: When processing is essential for fulfilling contractual obligations.

  • Legal Compliance: When processing is required to meet statutory obligations.

  • Legitimate Interests: When processing supports operational efficiency while safeguarding individual rights.

  • Vital Interests: When necessary to protect an individual’s health, safety, or security.

5. Cookies

Cookies and similar tracking technologies play a crucial role in improving the functionality, security, and performance of our websites and services. These technologies allow us to personalize content, analyze traffic patterns, and provide users with a seamless browsing experience.

5.1 How We Use Cookies

We use various types of cookies to ensure optimal functionality and user experience. These include:

  • Essential Cookies: These cookies are necessary for the proper functioning of our website and digital services. They enable core functionalities such as security, network management, and accessibility. Disabling these cookies may prevent some parts of our website from working correctly.

  • Performance Cookies: These cookies help us analyze how visitors interact with our website by collecting anonymous data on user behavior. This allows us to identify trends, optimize performance, and improve our services.

  • Functional Cookies: These cookies enable us to remember user preferences and settings, such as language selection, display preferences, and login credentials, to enhance the browsing experience.

  • Analytics Cookies: These cookies collect data on user engagement, website traffic, and session activity. The information gathered helps us understand how users interact with our platform and optimize content accordingly.

  • Advertising Cookies: These cookies are used to track user interactions with advertisements and deliver personalized ad experiences based on browsing behavior and interests. They also help limit the frequency of ads displayed and measure their effectiveness.

  • Third-Party Cookies: Some features on our website may rely on third-party services, such as social media sharing, embedded videos, or external analytics providers. These services may set cookies on your device to track usage and preferences. We recommend reviewing the privacy policies of these third parties to understand how they manage data.

5.2 Managing Your Cookie Preferences

Users have control over how cookies are stored and used on their devices. You can modify your cookie settings through the following methods:

  • Browser Settings: Most web browsers provide options to block or delete cookies. You can adjust these settings to control cookie behavior based on your preferences. However, disabling cookies may affect website functionality.

  • Opt-Out Mechanisms: Various third-party services offer tools that allow users to manage cookie preferences, particularly for advertising and analytics purposes. You can use these tools to opt out of targeted ads and tracking.

  • Consent Management Tools: Our website provides a cookie consent management feature that allows users to customize their cookie preferences. You can choose which types of cookies you accept or reject when visiting our site.

  • Do Not Track (DNT) Settings: Some browsers support Do Not Track (DNT) settings, which signal websites not to track users' online activities. While we respect DNT signals, certain functionalities may still require minimal tracking to function properly.

  • Clearing Cookies: You can manually delete cookies stored on your device at any time. Clearing cookies may require you to re-enter login credentials and reset preferences when revisiting websites.

For more information on how we use cookies and your options for managing them, please contact us at privacy@pyxos.ai

6. Data Retention and Deletion

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, and resolve disputes. Our data retention practices are governed by the following key principles:

6.1 Data Retention Periods

The retention period for personal data varies depending on the type of data, the purpose for which it was collected, and applicable legal or regulatory requirements. We categorize our data retention as follows:

  • Customer Account Data: Retained for the duration of the customer relationship and for up to 5 years following account termination, unless a longer period is required by law.

  • Transactional Data: Retained for financial and accounting purposes for at least 5 years in compliance with tax and regulatory obligations.

  • Employment Data: Retained for the duration of employment and up to 5 years after termination to comply with labor laws and contractual obligations.

  • Marketing and Communications Data: Retained until the individual opts out or withdraws consent, after which it is deleted or anonymized within a reasonable timeframe.

  • Security and Incident Logs: Retained for a minimum of 12 months to investigate security incidents and maintain compliance with cybersecurity regulations.

  • Legal and Compliance Data: Retained as necessary to fulfill legal obligations, resolve disputes, and enforce contractual agreements.

6.2 Secure Deletion and Anonymization

Once personal data is no longer required for the purposes for which it was collected, we ensure it is securely deleted or anonymized using industry best practices. Our data disposal procedures include:

  • Data Deletion: Permanent removal of data from all databases, backups, and storage systems.

  • Data Anonymization: Where applicable, personal identifiers are removed or altered to prevent re-identification while allowing statistical analysis.

  • Secure Destruction of Physical Records: Any printed or physical records containing personal data are securely shredded or incinerated.

  • Third-Party Data Handling: When personal data is shared with third-party service providers, we ensure that they comply with secure deletion practices as per contractual agreements.

6.3 User Rights Related to Data Retention

Users have the right to request deletion of their personal data under the following circumstances:

  • When personal data is no longer necessary for the purpose it was collected.

  • When consent is withdrawn (if consent was the legal basis for processing).

  • When data processing is found to be unlawful.

  • When required by legal or regulatory obligations.

Users can submit a data deletion request by contacting our Data Protection Officer (DPO) at [privacy@pyxos.ai]. Requests will be reviewed and processed in accordance with applicable laws and our internal policies. In cases where deletion is not possible due to legal or regulatory constraints, we will inform the requestor and explain the reasons.

6.4 Exceptions to Data Deletion

In some cases, we may be required to retain personal data beyond standard retention periods, including but not limited to:

  • Compliance with Legal Obligations: Data retention required under tax, anti-fraud, and regulatory laws.

  • Ongoing Litigation or Disputes: Retaining data necessary for resolving legal claims or enforcing contracts.

  • Security and Fraud Prevention: Data required to detect, investigate, and prevent fraudulent activities.

For more information about our data retention and deletion practices, please contact us at privacy@pyxos.ai

7. Your Rights Under PDPL

The Personal Data Protection Law (PDPL) grants individuals specific rights regarding their personal data. Pyxos is committed to ensuring transparency and facilitating the exercise of these rights in a timely and efficient manner. Below are the rights afforded to you under PDPL and how you can enforce them:

7.1 Right to Access

You have the right to request and obtain confirmation as to whether we process your personal data. If we do, you can request access to the following information:

  • The categories of personal data we collect.

  • The purposes for which we process your data.

  • The sources from which we obtain your data.

  • The parties with whom we have shared your personal data.

  • The expected retention period of your data, or criteria used to determine that period.

To request a copy of your personal data, please contact us at privacy@pyxos.ai.  We may require identity verification before processing your request.

7.2 Right to Correction

If you believe the personal data we hold about you is incorrect, incomplete, or outdated, you have the right to request corrections. We will promptly update any inaccurate information to ensure the integrity of your records.

7.3 Right to Deletion

You may request that we delete your personal data under the following circumstances:

  • When the data is no longer necessary for the purpose for which it was collected.

  • When you withdraw consent (if processing is based on consent).

  • When data processing is unlawful.

  • When legal obligations require deletion.

Please note that we may be unable to delete certain data due to legal, regulatory, or contractual obligations. If deletion is not possible, we will provide you with an explanation.

7.4 Right to Restriction

You have the right to request that we temporarily limit the processing of your personal data under specific conditions, including:

  • When you contest the accuracy of the data (restriction applies while verification is pending).

  • When the processing is unlawful, but you prefer restriction over deletion.

  • When we no longer need the data, but you require it for legal claims.

  • When you object to processing pending the verification of our legitimate grounds.

During the restriction period, we will store your data but not process it for any other purposes.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer your data to another service provider, where technically feasible. This right applies when:

  • The processing is based on your consent or a contract.

  • The processing is carried out by automated means.

7.6 Right to Object

You may object to the processing of your personal data under certain circumstances, including:

  • When processing is based on legitimate interests and you have valid grounds to object.

  • When your data is processed for direct marketing purposes.

  • When processing involves automated decision-making that significantly affects you.

If you object to direct marketing, we will cease processing your data for such purposes immediately.

7.7 Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA). We encourage you to contact us first so that we can resolve your concerns efficiently.

7.8 How to Exercise Your Rights

To exercise any of your rights under PDPL, please contact us at privacy@pyxos.ai

We will respond to your request within the legally required timeframe. In certain cases, we may request additional information to verify your identity before proceeding with your request. If we are unable to fulfill your request, we will provide a clear explanation of the reason and any available alternatives.

For more information regarding your data protection rights, please visit the official SDAIA website or contact our Data Protection Officer at privacy@pyxos.ai.

8. Enforcement and Complaints Handling

If you believe your data protection rights have been violated, you may:

  • Contact Our DPO: Email privacy@pyxos.ai for immediate resolution.

  • Submit a Formal Complaint to SDAIA: Escalate matters to the Saudi Data and Artificial Intelligence Authority.

  • Seek Legal Remedies: Pursue formal proceedings under applicable KSA laws.

We take all complaints seriously and will conduct investigations in accordance with PDPL regulations.

9. Data Security Measures

We implement appropriate security controls to safeguard personal data against unauthorized access, disclosure, and misuse. Security measures include:

  • Encryption of Sensitive Data to prevent unauthorized access.

  • Access Controls and Authentication Mechanisms to restrict data exposure.

  • Regular Security Audits and Compliance Checks to mitigate risks.

  • Incident Response Plans to address data breaches effectively.

10. Governing Law and Changes to This Policy

This Privacy Policy is governed by the laws of the Kingdom of Saudi Arabia and PDPL. We reserve the right to update this Policy periodically. Significant changes will be communicated through our website and email notifications where applicable.

Contact Information

For privacy-related inquiries, please contact our Data Protection Officer: privacy@pyxos.ai.