Tamimi Markets is one of Saudi Arabia’s leading supermarket chains, dedicated to delivering a wide range of high-quality products and services to its customers.
By accessing or using Tamimi Markets’ services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.
Involved Department/Team:
Information Technology Department
Address:
King Abdul Aziz Road, Ar Rakkah Al Janubiyah Al Khobar Saudi Arabia
Phone Number:
+966138315143
E-mail:
dataprotection@tamimimarkets.com
License or Commercial Register:
2050079303
Date of Last Update
The Privacy Policy was last updated on September 13, 2024.
This Privacy Notice explains how Tamimi Markets, as the controller of your personal data, collects, uses, shares, and protects the personal data of suppliers, vendors, and contractors.
This notice is in line with the Kingdom of Saudi Arabia’s Personal Data Protection Law, enacted by Royal Decree No. (M/19) issued on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
Tamimi Markets is the legal entity responsible for the collection, use, and protection of your personal data. As the data controller, we determine the purposes and means of processing your personal data.
At Tamimi Markets, we may collect specific personal data from our stakeholders, such as:
● Personal Information: Names, email addresses, and phone numbers of business representatives.
● Professional Information: Job titles, professional qualifications, and roles within your organization.
● Financial Information: Bank account details, transaction data, and payment records.
● Engagement Records: Details of interactions, engagements, inquiries, feedback, and goods/services returns with Tamimi Markets.
● Legal Data: Contractual agreements, compliance documents, and legal correspondence related to your dealings with Tamimi Markets.
Methods of Data Collection
We collect this information through:
● Direct Interactions: Data gathered directly from you during the registration process, contractual negotiations, and communications via email or phone.
● Automated Collection: Using cookies and similar tracking technologies that collect information about your interactions with our website and applications.
Tamimi Markets utilizes the collected personal data for the following purposes, aligned with our operational, regulatory, and strategic objectives:
● Business Operations and Relationship Management: To support the smooth operation of our business activities, manage our relationships with you, and ensure effective communication.
● Contract Management: To facilitate the negotiation, execution, and fulfilment of contracts.
● Financial Transactions: To process payments, manage accounts, and carry out financial reporting.
● Compliance and Legal Obligations: To adhere to legal, regulatory, and policy requirements which may include responding to legal processes or government requests for audits and investigations.
● Security and Safety: We use CCTV surveillance to enhance security at our facilities, ensuring a safe environment for our suppliers, vendors, and staff.
The processing of your personal data is based on several legal grounds, including:
● Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
● Legal Compliance: Processing is necessary to comply with our legal obligations.
● Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by Tamimi Markets, such as managing and optimizing our business operations, provided such processing does not outweigh your rights and freedoms.
We are committed to safeguarding the personal data of our suppliers, vendors, and contractors. To this end, we implement robust technical and organizational measures, including:
Technical Security Measures:
● Encryption: Personal data is encrypted during transmission and when stored on our systems to prevent unauthorized access.
● Access Controls: We restrict access to personal data to authorized personnel only, based on their role and necessity to engage with the data.
● Secure IT Infrastructure: Our networks and systems are secured with firewalls, intrusion detection systems, and regular security audits to detect and mitigate threats.
Organizational Security Measures:
● Data Privacy Policies and Training: We enforce comprehensive data privacy policies and ensure that all employees are trained regularly on the importance of personal data protection and security best practices.
● Confidentiality Agreements: All our employees, contractors, and third-party service providers are required to sign confidentiality agreements that bind them to maintain the secrecy and security of all personal data.
● Physical Security: Our facilities are secured with ID cards, biometrics, and constant surveillance to ensure that only authorized personnel can access data sensitive areas.
● Vendor Management: Third-party vendors are rigorously screened and bound by contracts that enforce our data protection standards.
● Incident Response Management: A structured incident response protocol is in place, detailing procedures for addressing any data security incidents. This includes immediate actions to manage and contain potential breaches and ensuring proper escalation and response without undue delay.
We share your personal data with specific categories of recipients to support our business operations, including:
● IT and Cloud Service Providers: To support and maintain our technology infrastructure.
● Logistics and Delivery Partners: To manage the transportation and delivery of goods necessary for our operations.
● Financial Institutions and Payment Processors: To handle financial transactions and manage financial operations.
● Legal and Regulatory Authorities: When required by law or to comply with our legal obligations.
● Audit and Compliance Firms: To conduct audits and ensure compliance with regulatory requirements.
Third-Party Transfers
We transfer personal data to third parties only when necessary, ensuring that all third parties are obligated to provide a level of data protection that meets or exceeds our data protection standards, aligned with the KSA PDPL.
International Transfers
In some cases, personal data may be transferred across borders. When we transfer data internationally, we ensure that appropriate safeguards, such as standard contractual clauses, are in place to protect your data.
Tamimi Markets retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Here’s how we determine retention periods for different types of personal data:
● Operational Necessity: We retain your data for as long as needed to provide you with services and to conduct our business operations efficiently.
● Legal Compliance: Certain types of data are retained for specific periods as required by law or other regulatory guidelines.
Upon expiration of the retention period, personal data is securely deleted or anonymized, ensuring it can no longer be linked back to an individual.
At Tamimi Markets' Supplier Portal, we utilize cookies to enhance your experience, maintain the functionality of our websites, and improve our services:
● Essential Cookies:
Necessary for the core functions of the portal, such as ensuring security and enabling user authentication. These cookies are critical for the portal's operation and cannot be disabled without impacting the functionality of the service.
● Performance Cookies:
These cookies collect information about how you interact with our portal, including pages visited and any error messages encountered. This data helps us improve the functionality and user experience of the site.
● Functionality Cookies:
Allow the portal to remember choices you make, such as your username or language preference, and provide enhanced, more personal features.
● Analytical Consent:
Used to understand how visitors interact with the portal, these cookies help us identify usage patterns, measure site performance, and optimize user navigation and overall experience.
Managing Cookie Preferences
You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:
● Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling cookies may affect the functionality and service offering on our websites.
● Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change your preferences at any time by accessing the cookie settings available on our website.
At Tamimi Markets we respect your privacy and provide you with the ability to exercise them according to the Kingdom of Saudi Arabia's Personal Data Protection Law (KSA PDPL). Following are the rights available to you:
● Right to be Informed
You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Policy or contact us for further information.
● Right to Access to Your Personal Data
You have the right to access your personal data that we hold through means provided by us that allow for automatic access without needing to make a formal request.
● Right to Request Access to Your Personal Data
You can request to obtain your personal data held by Tamimi Markets at any time and obtain a copy of this data in a clear and readable format.
● Right to Correct Personal Data
If you find that any of the personal data that we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or update.
● Right to Request Destruction of Personal Data
You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal and regulatory requirements.
● Right to Withdraw Consent
You may withdraw your consent for the processing of your personal data at any time, unless there is a legal basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal.
● Right to File a Complaint
If you believe that Tamimi Markets has not complied with the Personal Data Protection Law, you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).
● Right to Claim Compensation:
You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.
Exercising Your Rights
To exercise any of these rights, please contact us via dataprotection@tamimimarkets.com We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).
You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.
For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at Tamimi Markets using the below mentioned contact details.
Personal Data Protection Officer
Name:
Nora Albati
Email:
nalbati@tamimimarkets.com
Phone:
+966508422500
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel:
Email: dataprotection@tamimimarkets.com
If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
Tamimi Markets reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations.