Effective date: October 16, 2025
Company: Diamond Steel ("we", "us", "our")
Product: Redak HR (web-based HR system and companion employee mobile application)
Contact: acc@dhtechs.net

Note: This Privacy Policy is a general template and does not constitute legal advice. Privacy and data protection obligations may vary by jurisdiction (including KSA PDPL and implementing regulations). Please have legal counsel review and adapt this policy to your operations.

This Privacy Policy explains how we collect, use, disclose, and protect personal data processed through Redak HR (the Service). It applies to individuals who access the HR web portal (e.g., HR admins, managers) and the employee mobile app (e.g., employees, contractors).

• Controller: Typically Diamond Steel (the employer) acts as the data controller for employee data processed in the Service.
• Processor: To the extent we operate, host, or support the Service, we may act as a data processor/service provider on behalf of Diamond Steel.
• Role allocations can be further defined in internal policies or data processing agreements.

Depending on configuration and your role, we may process:

• Identification: name, employee ID, national ID (as permitted by law), date of birth, gender, job title, department.
• Contact: email, phone, work location/branch, emergency contact (where configured).
• Employment/HR: attendance logs, shift schedules, leave/absence records, performance inputs, payroll inputs (allowances/deductions; no full bank details unless configured), documents you upload (e.g., certificates).
• Usage/Technical: device info, app version, IP address, timestamps, log files, cookies, and similar technologies.
• Geo/Permissions (mobile): approximate or precise location only if enabled for attendance/geofencing and with required permissions.
• Communications: in‑app notifications, support requests, audit trails (who did what and when).
• Optional fields: smoking status, allergies, or similar HR profile fields only if configured by the Customer and permissible by law.

• Data entered by HR/admins or imported from HR systems.
• Data you provide through forms and the mobile app.
• Data generated by system logs and device interactions.

We process personal data where one or more of the following apply:

• Contractual necessity: to operate HR services for employees/contractors.
• Legal obligation: to comply with labor, tax, or regulatory requirements.
• Legitimate interests: to ensure security, prevent fraud, and improve the Service (balanced against your rights).
• Consent: for optional features (e.g., location-based attendance, certain notifications) where required by law; consent can be withdrawn at any time.

• Provide HR functionalities (attendance, leave, requests, approvals, documents).
• Authenticate users and manage roles/permissions.
• Maintain audit logs and ensure security of accounts.
• Send service and transactional messages (e.g., shift reminders, request status).
• Improve, troubleshoot, and support the Service.
• Comply with legal obligations and enforce our terms.

• We use essential cookies for login sessions and security.
• We may use preference and analytics cookies to enhance performance (where enabled).
• Your browser settings or in‑product controls may allow you to manage cookie preferences.

• The app may request permissions for Location, Camera, Photos/Files, and Notifications to enable specific features (e.g., attendance check‑in, document upload, in‑app alerts).
• You can manage permissions in your device settings. Certain features may not function without the relevant permission.

We may share personal data with:

• Service providers/processors that host or support the Service (subject to confidentiality and data protection commitments).
• Third‑party integrations (if enabled by the Customer), such as payroll systems or identity providers.
• Authorities when required by law or to protect rights, safety, and security.
• Corporate transactions: in case of reorganization, merger, or similar event, subject to appropriate safeguards.

If personal data is transferred outside your country, we will implement appropriate transfer safeguards as required by applicable law.

We retain personal data for as long as necessary to fulfill the purposes above and as required by law or internal policy. Retention periods may be configured by the Customer. After expiration, data may be deleted or anonymized.

We employ administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No system is completely secure; we encourage strong passwords and careful handling of credentials.

Subject to applicable law and internal HR policies, you may have the right to:

• access your personal data;
• request correction or deletion;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• obtain a copy of your data in a structured, commonly used format (where applicable).
  Requests should be directed to your HR administrator or acc@dhtechs.net. We may require identity verification.

The Service is intended for use by authorized employees and contractors; it is not directed to children.

Where applicable, we endeavor to comply with local privacy regulations (e.g., KSA PDPL) and any other laws relevant to our operations. Specific obligations (e.g., registration, local hosting) will be fulfilled as required by the Customer’s compliance program and our internal policies.

We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by email. Continued use after changes take effect indicates acceptance of the updated policy.

Questions or requests regarding privacy can be sent to acc@dhtechs.net.