Privacy and Personal Data Protection Standard

Features offered:
RSC News	✓	✓	✓
Intel Weekly Bulletin	✓	✓	✓
List of Reports published by week			✓
Technical Report Highlights	Gold only	✓	✓
Technical Report PDF Downloads	Gold only	✓	✓
Transaction Report Highlights		✓	✓
Transaction Report PDF Downloads		3 downloads per day, 10 per week	✓
Saved preferences		✓	✓
User Generated Custom Reports			✓
Alerts (Mobile App)			✓

Features offered:
RSC News	✓	✓	✓
Intel Weekly Bulletin	✓	✓	✓
List of Reports published by week	✓	✓	✓
Technical Report Highlights	Gold only	✓	✓
Technical Report PDF Downloads	Gold only	✓	✓
Transaction Report Highlights		✓	✓
Transaction Report PDF Downloads		3 downloads per day, 10 per week	✓
Saved preferences		✓	✓
User Generated Custom Reports			✓
Alerts (Mobile App)			✓

1 Preamble

This Privacy & Personal Data Protection Standard sets out RSC’s requirements relating to the personal information and data that you provide to RSC by visiting or registering on the RSC Website www.rscmme.com and when you provide personal information to RSC in the course of applying for employment, working with RSC, delivering services to RSC, or otherwise interacting with RSC in connection with its business activities. This Standard applies whether that information is collected online, offline, directly from you, automatically through your use of systems, or from third parties where lawful and reasonable.

2 Terminology

Controller means the person or entity that specifies the purposes and means of processing personal data. In this Privacy Statement, unless the context indicates otherwise, RSC (and/or the relevant RSC group entity you interact with) acts as the Controller of your personal information.
Processor means a person or entity that processes personal data on behalf of the Controller and in accordance with the Controller’s instructions. This may include third-party service providers that RSC engages to support its operations (for example, payroll processors, IT service providers, and other professional advisers) where these providers process personal information for RSC.
Applicable Law: where a specific jurisdiction’s data protection laws apply (including the Kingdom of Saudi Arabia Personal Data Protection Law and its implementing regulations, as amended from time to time), RSC processes personal data in accordance with those laws. RSC may also be required to comply with other applicable privacy, employment, and regulatory requirements depending on the country where you are located and how you interact with RSC.

3 What Information Does RSC Collect?

RSC collects information from you when you register on its site, apply for a role, subscribe to RSC’s newsletter, respond to a survey or fill out a form.
When registering on RSC’s site, as appropriate, you may be prompted to enter your name, e-mail address, mailing address, or phone number. You may, however, visit RSC’s site anonymously.
Depending on the nature of your relationship with RSC, RSC may also collect personal information such as job title, employment details, identification and verification information, recruitment records, training and performance information, timesheet information, banking or benefits administration details, communications records, and technical usage information generated through your use of its systems, website, or applications.
RSC may collect personal information directly from you, automatically through your use of its website and systems, during recruitment or onboarding processes, through internal business tools and mobile applications, through the course of RSC’s contractual relationship with you, and from third parties where lawful and reasonable.

4 How Does RSC Use Your Information?

Any of the information RSC collects from you may be used in one or more of the following ways to:
• personalise your experience (your information helps RSC to better respond to your individual needs);
• improve its website (RSC continually strives to improve its website offerings based on the information and feedback received from you);
• improve customer service (your information helps RSC more effectively respond to your customer service requests and support needs);
• administer a contest, promotion, survey, or other site feature;
• administer and improve its online interest-based advertising programs;
• send periodic emails;
• assess job applications, manage recruitment, and administer employment and contractor relationships;
• maintain workforce records, operate internal systems and mobile applications, manage payroll and benefits, support training and development, and manage travel and operational requirements; and
• protect our systems and business interests, meet legal and regulatory obligations, and respond to complaints, disputes or investigations.
Note: If at any time you would like to unsubscribe from receiving future emails, RSC includes detailed unsubscribe instructions at the bottom of each email.

5 Why Does RSC Process Your Personal Information?

RSC only processes personal information for lawful and relevant purposes. Depending on the circumstances, this may be because the processing is necessary to provide services, enter into or perform a contract, manage an employment or engagement relationship, comply with legal and regulatory obligations, support our legitimate business interests, or because you have provided consent where consent is required. This may include processing personal information for purposes such as:
• payroll and accounting processing;
• employment contract administration and record-keeping;
• operating and maintaining centralised Human Resources (HR), finance and IT systems (including access management, business continuity and cyber security);
• group reporting, audit and compliance purposes; and
• engaging external professional service providers (for example payroll processors, legal advisers, accountants, auditors, insurers and IT service providers).
Where RSC relies on consent, you may withdraw that consent at any time, although this will not affect any processing that has already taken place, or any processing RSC is otherwise permitted or required to carry out by law.

6 Use of Cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive, through your web-browser (if you allow), that enables the site’s or service provider’s systems to recognise your browser and capture and remember certain information.
Cookies do lots of different jobs, such as letting you navigate RSC pages efficiently, remembering your preferences, and generally improving the user’s experience. They also help to ensure that advertisements you see online are more relevant to you and your interests.
RSC uses analytics tools and other third-party technologies, such as Google Analytics and DoubleClick Cookies, to collect personal and non-personal information in the form of various usage and user metrics when you use our online Sites and/or Services. These tools and technologies collect and analyse certain types of information including cookies, IP addresses, device and software identifiers, referring and exit URLs, on-site behaviour and usage information, feature use metrics and statistics, usage history, MAC Address, mobile unique device ID, and other similar information.
The third-party analytics companies who collect information on RSC’s Sites and/or Services and other online products and/or services may combine the information collected, with other information they have independently collected from other Websites and/or other online or mobile products and services relating to your activities across their network of Websites, as well as online and/or mobile products and services. Many of these companies collect and use information under their own privacy policies.
In addition to its use of technologies, RSC may permit certain third-party companies to help us tailor advertising that RSC thinks may be of interest to you, based on your use of RSC Sites and/or Services and to otherwise collect and use data about your use of RSCMME Sites and/or Services. For more information about this practice, please see the “Third Party Advertising Technologies” section.
RSC uses analytics and advertising cookies (including Google Analytics and DoubleClick) only where permitted by law, and only after obtaining your explicit consent, where required.
You can manage your cookie preferences at any time through our cookie consent tool. Where you do not provide consent, non‑essential cookies will not be used.
For additional information about how Google processes data, please refer to Google’s privacy information.

7 Third-Party Advertising Technologies

If you do not want your information to be used for targeted third-party advertising, you can opt out by rejecting non-essential cookies, or as described in this Standard.
In particular, RSC may make use of combinations of the following third-party products to target advertising and advertise online: LinkedIn advertising, Google Analytics Google Remarketing, Google Display Network Impression Reporting, integration with the DoubleClick Campaign Manager and Google Analytics Demographics and Interest Reporting.
Visitors can opt-out of Google Analytics for Display Advertising, and customise Google Display Network ads, through the following settings page: How personalized ads work – Android – My Ad Center Help
RSC may also use data from first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to RSC Sites.
Using Google Analytics Demographics and Interest Reporting, RSC may use data from Google’s Interest-based advertising or third-party audience data (such as age, gender, and interests), with Google Analytics, to better target its advertising.

8 Use of Internal Systems & Mobile Apps

RSC may collect and process personal information through internal systems and digital applications used for its business operations, including human resources systems, recruitment systems, mobile applications, corporate email, training and development tools, collaboration platforms and reporting dashboards. This information may be used for legitimate purposes connected with workforce administration, internal communication, service delivery, skills development, compliance, operational planning and the effective running of its business.

9 Does RSC Disclose Any Information to Outside Parties?

RSC does not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist RSC in operating its Website, conducting its business, or servicing you, so long as those parties agree to keep this information confidential. However, non-personally identifiable visitor information — data that cannot be used to uniquely identify, contact, or locate an individual, such as aggregate analytics, browser types, or anonymised demographic data — may be provided to other parties for marketing, advertising, or other uses.
The personal identifiable information provided by you may be collected, used, and securely stored for employment and legitimate business purposes only, in accordance with applicable data protection laws. Transfer of personal information may only be required for:
• payroll and accounting processing;
• employment contract administration and record-keeping;
• centralised HR, finance and IT systems;
• group reporting, audit and compliance purposes; and
• engagement of external professional service providers (e.g. payroll processors, legal advisers).
Access will be limited to authorised personnel, and only disclosed where legally required.

10 How Does RSC Protect Your Personal Information?

RSC takes reasonable physical, technical and administrative steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These steps may include access controls, encryption where appropriate, network and endpoint protections, back-up and recovery processes, secure storage arrangements, controlled disposal methods, and limiting access to personal information to authorised personnel who require it for legitimate business purposes.
Where RSC engages third-party providers to support employment-related or workforce administration activities (for example, HR, payroll and benefits platforms), RSC takes reasonable steps to minimise the personal data shared with those providers and, where feasible and appropriate, uses pseudonymised identifiers (such as unique employee IDs) instead of direct identifiers. Direct identifiers (for example: name, personal contact details, national ID numbers and banking details) will be shared only where necessary for the relevant service, subject to contractual confidentiality, security and access controls, and RSC will periodically review data fields and access permissions to reduce exposure risk.

11 How Long Does RSC Keep Your Information?

RSC retains personal information only for as long as it is reasonably necessary for the purpose for which it was collected, including for business, legal, regulatory, accounting, employment and record-keeping requirements, and in accordance with applicable law (including, where relevant, the Kingdom of Saudi Arabia Personal Data Protection Law and its implementing regulations, as amended from time to time).
When the information is no longer required for the purpose(s) for which it was collected (or otherwise processed), and RSC is not required or permitted to retain it by applicable law (for example, to meet statutory retention periods or to establish, exercise or defend legal claims), RSC will cease processing and retention of that personal data and will take reasonable steps to securely delete, destroy, de-identify, or anonymise it. Where information is relevant to an investigation, dispute or legal proceeding, RSC may retain it until the matter has been resolved.

12 Cross-Border Disclosure or Storage

In some circumstances, personal information may be stored in, or accessed from, locations outside the country in which it was collected, including through cloud services or service providers who support RSC’s operations. Where this occurs, RSC will take reasonable steps to ensure that any transfer or remote access is handled in accordance with applicable law and with appropriate safeguards in place. Where the Kingdom of Saudi Arabia (KSA) data transfer rules apply, and until such time the KSA publishes whitelisted countries, RSC may rely on an appropriate safeguard permitted under Article 4 of the Saudi Data Transfer Regulations, including Standard Contractual Clauses approved by the competent authority, where applicable.

13 Your Rights

Subject to applicable law, you have the right to know why your personal information is being collected and used, request access to the information RSC holds about you, obtain a copy of that information, ask for corrections to inaccurate or incomplete information, request restriction or deletion, withdraw consent where consent is the basis of processing, and make a complaint to a relevant authority if you believe your rights have been affected.

14 Direct Marketing

RSC will not send direct marketing communications where consent is required, unless you have agreed to receive them. If you no longer wish to receive these communications, you may unsubscribe using the instructions in the communication or contact RSC directly.

15 Your Consent

By using this Website or submitting your personal information, you are agreeing to the explicit collection, use, and disclosure of personal information by RSC, as set out in this Privacy and Personal Data Protection Standard.
Where required by applicable law, your continued interaction with RSC as an employee, contractor, applicant, consultant, service provider, client or potential client also acknowledges our handling of your personal information for lawful business, employment and administrative purposes.
Where RSC relies on your explicit consent for the lawful purpose of processing, you may withdraw that consent at any time. From the time RSC receives and actions your withdrawal request, RSC will cease processing and retention of your personal data for the purpose(s) covered by that consent, unless RSC is required or permitted to retain or continue processing it under applicable law or another lawful basis (for example, to comply with statutory retention requirements or to establish, exercise or defend legal claims). Withdrawal will not affect the lawfulness of any processing carried out before the withdrawal.

16 Data Protection Officer

Where required under applicable law (including Saudi Arabian data protection laws), RSC has appointed a Data Protection Officer (DPO) to oversee compliance with RSC’s privacy and data protection obligations. You may contact RSC’s DPO if you have questions about this Privacy Statement, how RSC handles personal data, or if you wish to exercise your rights or make a privacy-related complaint.
Data Protection Officer (DPO) contact details
Attention: Data Protection Officer
Email: [email protected]
Phone: +61 8 9467 1444
Post: 13–15 Rheola Street, West Perth, WA 6005, Australia

17 Data Breaches

In the event of a suspected or confirmed personal data breach, RSC will take reasonable steps to investigate, contain and remediate the incident. Where a data breach involves personal identifiable data, RSC will notify affected individuals without undue delay and provide information about the nature of the breach, the likely consequences (where known), and steps individuals can take to reduce potential adverse impacts. RSC will also notify relevant authorities and regulators, where required under applicable law, and will cooperate with them as appropriate.

18 Contacting RSC

If you have any questions about this Privacy Statement, would like to access or correct your personal information, wish to withdraw consent where applicable, or would like to make a privacy-related complaint, you may contact RSC using the details in the Data Protection Officer section or via the contact details published by RSC.

19 Changes to RSC’s Privacy & Personal Data Protection Standard

If this Privacy and Personal Data Protection Standard changes, RSC will post those changes on this page, and/or update the Privacy and Personal Data Protection Standard modification date. This policy was last modified on 22 May 2026. RSC may amend this Standard from time to time to reflect changes in our practices, legal obligations or business operations.