1. Who we are
Register in KSA (“Register in KSA”, “we”, “us”, “our”) is a Saudi Arabia business setup, licensing, and corporate advisory firm. We operate the website registerinksa.com and provide professional advisory services to foreign investors, entrepreneurs, and corporations establishing or expanding in the Kingdom of Saudi Arabia.
This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our Website, request a consultation, engage us as a client, or otherwise interact with us.
Data controller contact:
– Email: info@registerinksa.com
– Phone: +966 50 768 8714
– Postal address: # 700, 7th Floor, Kindom Tower, King Saud Rd, Riyadh
If you have questions about this Privacy Policy or how we handle your personal data, please use the contact details above.
2. The law that applies
The Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), issued by Royal Decree M/19 of 9/2/1443H, and its Implementing Regulations issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), govern how we handle personal data of individuals in Saudi Arabia and personal data we process from within Saudi Arabia.
Where you are located in the European Union or the United Kingdom, the EU General Data Protection Regulation (GDPR) or UK GDPR may also apply to our processing of your personal data, and we will respect the rights those laws give you.
This Privacy Policy applies to all personal data we process in connection with the Website and our services.
3. What personal data we collect
We collect the following categories of personal data:
a) Information you provide directly. When you contact us, request a consultation, fill out our cost calculator form, subscribe to communications, or engage our services, you may provide:
– Identity data — full name, nationality, date of birth, passport or national ID information
– Contact data — email address, phone number, postal address, country of residence
– Professional data — job title, company name, industry, role
– Business information — proposed Saudi business activity, target sector, capital, ownership structure, intended location
– Engagement data — consultation requests, service preferences, communications history with us
– Payment and billing data — where you engage paid services, billing details and bank or transfer references (we do not store full payment card details on our systems)
– Identity verification data — where required for our services or by Saudi regulators, identity documents and supporting verification documents
b) Information collected automatically. When you visit the Website, we may automatically collect:
– Device and connection data — IP address, browser type, operating system, device identifiers, time zone
– Usage data — pages visited, time spent, links clicked, referring URLs, search terms used to find us
– Cookies and similar technologies (see Section 9)
c) Information from third parties. We may receive personal data from:
– Public sources and business databases — for prospective client research and verification
– Saudi government platforms (MISA, Ministry of Commerce, ZATCA, Qiwa, Muqeem, GOSI, Chamber of Commerce) — when acting on your authorized instructions in the course of providing services
– Banking, audit, legal, and other professional partners — when coordinating with them on your behalf
– Referrers and introducers who recommend our services to you
d) Sensitive personal data. We do not deliberately seek sensitive categories of personal data (such as health information, religious beliefs, or biometric data). Where such information is unavoidably included in identity documents (e.g. religion stated on a passport copy) or required by a regulator (e.g. medical examinations for Iqama issuance), we process it only to the extent necessary, with appropriate safeguards.
4. Why we use your personal data and the legal basis
We process your personal data for the following purposes, with the legal basis indicated:
| Purpose | Examples | Legal basis (PDPL / GDPR) |
| Responding to your enquiries | Consultation requests, calculator submissions, contact form messages | Consent; performance of a contract or steps requested before contracting |
| Providing our advisory services | Company formation, MISA licensing, PRO services, accounting, tax, banking, HR, M&A advisory | Performance of a contract |
| Government and regulator filings on your behalf | Submissions to MISA, Ministry of Commerce, ZATCA, Qiwa, GOSI, Muqeem, Chamber of Commerce, sector regulators | Performance of a contract; compliance with legal obligation |
| Identity verification and KYC | Verifying who you are, satisfying anti-money-laundering and counter-financing requirements | Compliance with legal obligation; legitimate interest in preventing fraud |
| Billing, invoicing, and payment | Issuing tax invoices, processing payments, financial record-keeping | Performance of a contract; compliance with legal obligation (ZATCA records) |
| Service communications | Confirmations, deadlines, renewals, regulatory updates affecting your engagement | Performance of a contract; legitimate interest |
| Marketing communications | Newsletters, sector insights, event invitations (only where you have opted in or are an existing client where lawful) | Consent; legitimate interest, subject to your right to object |
| Website operation, security, and analytics | Running and improving the Website, preventing fraud and abuse | Legitimate interest |
| Legal claims and compliance | Defending or pursuing legal claims, responding to regulator requests, complying with applicable laws | Compliance with legal obligation; legitimate interest |
We will not use your personal data for purposes materially different from those described above without notifying you and, where required, obtaining your consent.
5. Who we share your personal data with
We share personal data only with parties who have a legitimate need to receive it for the purposes described above. These may include:
– Saudi government authorities and regulators — MISA, Ministry of Commerce, ZATCA, Chamber of Commerce, GOSI, Qiwa, Muqeem, municipalities, sector regulators (SAMA, CMA, MOH, SCFHS, SFDA, MIM, TGA, GACA, REGA, SDAIA, and others), and Saudi courts, when relevant to your engagement or required by law.
– Saudi banks and financial institutions — when supporting your account opening or banking-related services.
– Notaries and translators — for document attestation, notarization, and certified translation.
– External professional advisors — Saudi-qualified lawyers, audit firms, tax advisors, and other specialists where coordination is needed on your engagement.
– Service providers (data processors) — providers of IT infrastructure, secure cloud storage, communication tools, accounting and CRM software, document management, and similar operational services. We require such providers to process personal data only on our instructions and to maintain appropriate security.
– Group companies and affiliates — where applicable, our affiliated entities supporting service delivery.
– Successors in interest — in the event of a merger, acquisition, restructuring, or sale of our business, personal data may be transferred subject to appropriate confidentiality protections.
We do not sell your personal data to third parties.
6. International transfers
We are based in the Kingdom of Saudi Arabia and process personal data primarily within Saudi Arabia. Where the provision of our services or our use of service providers requires personal data to be transferred outside Saudi Arabia, we comply with the PDPL’s cross-border transfer requirements, which may include:
– Transfers to jurisdictions designated as providing an adequate level of protection
– Transfers subject to appropriate safeguards
– Transfers based on your explicit consent
– Transfers necessary for the performance of a contract with you or in your interest
Where personal data is transferred from the EU/UK to a country outside the European Economic Area or the UK, we will apply transfer mechanisms permitted under GDPR (such as Standard Contractual Clauses) where applicable.
7. How long we keep your personal data
We retain personal data only as long as necessary for the purposes for which it was collected, including:
– Active engagement records — for the duration of your engagement with us and a reasonable period thereafter for relationship continuity
– Financial and tax records — for the periods required by Saudi tax and accounting law (typically at least 6 years)
– Records of regulatory filings made on your behalf — for the periods required by the relevant Saudi authority
– Consultation enquiries that did not progress to engagement — for a reasonable period to follow up and to comply with our internal record-keeping
– Marketing communication records — until you withdraw consent or object, plus a short period for record-keeping
– Website analytics data — typically up to 26 months
After the applicable retention period, we securely delete or anonymize personal data.
8. Your rights under the PDPL
Subject to the PDPL and its Implementing Regulations, you have the following rights in relation to your personal data:
– Right to be informed — to know how your personal data is being collected, used, and disclosed
– Right of access — to obtain confirmation of whether we hold your personal data and a copy of it
– Right to correction — to request correction of inaccurate or incomplete personal data
– Right to deletion — to request deletion of your personal data in defined circumstances (subject to our legal and regulatory record-keeping obligations)
– Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time
– Right to object — to object to processing in defined circumstances, including direct marketing
Where GDPR applies to our processing of your personal data, you additionally have the right to data portability and the right to lodge a complaint with the relevant supervisory authority.
To exercise any of these rights, please contact us using the details in Section 1. We will respond within the timeframes required by applicable law. Some rights may be limited by legal or regulatory obligations we must comply with — we will explain this clearly if it applies.
You also have the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) if you believe our processing of your personal data does not comply with the PDPL.
9. Cookies and similar technologies
The Website uses cookies and similar technologies. A cookie is a small file placed on your device that helps us recognize you, remember preferences, and understand how the Website is used.
We use:
– Strictly necessary cookies — required for the Website to function (e.g. security, basic navigation). These cannot be disabled in our systems.
– Performance / analytics cookies — to understand how visitors use the Website (e.g. Google Analytics or similar). These help us improve the Website.
– Functionality cookies — to remember choices you make (e.g. preferred currency in the cost calculator).
– Marketing cookies — where applicable, to deliver relevant communications and measure campaign effectiveness.
Where required by applicable law, we will request your consent before placing non-essential cookies. You can control cookies through your browser settings; disabling cookies may affect Website functionality.
10. How we protect your personal data
We apply technical and organizational measures appropriate to the sensitivity of the personal data and the risks of processing. These include:
– Access controls, password protection, and authentication for our systems
– Encryption of personal data in transit and where appropriate at rest
– Confidentiality obligations on our team and service providers
– Secure storage and disposal of physical documents
– Staff awareness and training on data protection responsibilities
– Periodic review of our security measures
While we work to protect personal data, no system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify you and the competent regulator in accordance with applicable law.
11. Children’s personal data
The Website and our services are directed at business decision-makers and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate action.
12. Third-party websites
The Website may contain links to third-party websites (for example, Saudi government portals or social media platforms). We are not responsible for the privacy practices of those websites. Please review their privacy notices separately.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, applicable laws, or industry practice. The “Last updated” date at the top of this page shows when the most recent revision was made. Where changes are material, we will take reasonable steps to bring them to your attention.
14. How to contact us
If you have any questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact us:
Register in KSA
Email: info@registerinksa.com
Phone: +966 50 768 8714
Website: registerinksa.com
You may also lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) if you are concerned about our processing of your personal data.