Privacy Policy
Your privacy is fundamental to everything we do. Learn how ZR Nordic Group protects and respects your personal information.
🏛️ Introduction
ZR Nordic Group ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.
We operate under the highest standards of data protection, complying with both the Saudi Arabia Personal Data Protection Law (PDPL) and Danish data protection regulations, ensuring your information receives world-class protection regardless of where you interact with us.
Our Commitment
Just as we believe "those who build success should share in its rewards," we believe that those who trust us with their data deserve the highest level of protection and transparency.
📊 Information We Collect
Personal Information You Provide
- Contact Information: Name, email address, phone number, company name, job title
- Business Information: Project details, service requirements, budget information
- Communication Records: Messages, inquiries, and correspondence with our team
- Application Data: Employment applications, CVs, and professional references
- Newsletter Subscriptions: Email addresses for our monthly updates
Information Automatically Collected
- Website Usage: Pages visited, time spent, click patterns, referral sources
- Technical Information: IP address, browser type, device information, operating system
- Cookies: Preferences, session data, and website functionality
- Location Data: General geographic location (country/city level)
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Contact Information | Service delivery, communication | Contract performance | 7 years after last contact |
| Website Analytics | Improve user experience | Legitimate interest | 26 months |
| Employment Applications | Recruitment process | Consent | 2 years |
| Newsletter Subscriptions | Marketing communications | Consent | Until unsubscribed |
🎯 How We Use Your Information
Primary Uses
- Service Delivery: Providing workforce solutions, project management, and customer support
- Communication: Responding to inquiries, providing updates, and maintaining client relationships
- Contract Management: Processing agreements, invoicing, and compliance reporting
- Quality Assurance: Monitoring service quality and implementing improvements
Secondary Uses
- Marketing: Sending relevant updates about our services (with your consent)
- Analytics: Understanding website usage patterns and user preferences
- Legal Compliance: Meeting regulatory requirements in Saudi Arabia and Denmark
- Business Development: Improving our services and developing new solutions
Consent-Based Processing
For marketing communications and non-essential cookies, we always seek your explicit consent. You can withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
🤝 Information Sharing and Disclosure
We Share Information With:
- Service Partners: Trusted third-party vendors who help us deliver services (under strict confidentiality agreements)
- Legal Authorities: When required by law or to protect our rights and interests
- Business Successors: In case of merger, acquisition, or asset sale (with notice to affected individuals)
- Professional Advisors: Lawyers, accountants, and consultants bound by professional confidentiality
We DO NOT:
- Sell your personal information to third parties
- Share information for advertising purposes without consent
- Transfer data to countries without adequate protection measures
- Use your information for purposes other than those disclosed
Cross-Border Transfers
As we operate between Saudi Arabia and Denmark, some data processing may occur across borders. We ensure all transfers comply with applicable data protection laws and use appropriate safeguards such as Standard Contractual Clauses.
🔒 Data Security
Technical Safeguards
- Encryption: All data is encrypted in transit and at rest using industry-standard protocols
- Access Controls: Multi-factor authentication and role-based access to personal data
- Regular Audits: Continuous monitoring and security assessments
- Secure Infrastructure: ISO 27001 certified hosting and cloud services
Organizational Measures
- Staff Training: Regular data protection training for all employees
- Privacy by Design: Data protection considerations integrated into all systems
- Incident Response: Comprehensive breach response procedures
- Vendor Management: Strict security requirements for all service providers
While we implement robust security measures, no method of transmission over the internet is 100% secure. We continuously update our security practices to address evolving threats.
⚖️ Your Rights
Under the Saudi PDPL and Danish data protection laws, you have the following rights:
Access and Transparency Rights
- Right to Information: Understand how your data is processed
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
Control Rights
- Right to Erasure: Request deletion of your personal data (subject to legal obligations)
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to processing based on legitimate interests
- Right to Data Portability: Receive your data in a structured format
Withdrawal Rights
- Consent Withdrawal: Withdraw consent for marketing communications
- Unsubscribe: Opt out of newsletters and promotional emails
How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Officer using the contact information below. We will respond to your request within 30 days and may require identity verification for security purposes.
🍪 Cookies and Tracking Technologies
Types of Cookies We Use
- Essential Cookies: Required for website functionality (cannot be disabled)
- Analytics Cookies: Help us understand website usage and improve user experience
- Functional Cookies: Remember your preferences and settings
- Marketing Cookies: Enable targeted advertising (only with your consent)
Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. We provide a cookie banner allowing you to accept or decline non-essential cookies.
Third-Party Analytics
We use Google Analytics to understand website usage. This service may use cookies and collect information about your use of our website. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.
📅 Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy:
- Client Data: 7 years after contract termination (for legal and compliance purposes)
- Employee Applications: 2 years from application date
- Website Analytics: 26 months from collection
- Marketing Consents: Until withdrawn or 3 years of inactivity
- Financial Records: As required by Saudi and Danish law
When data is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule and applicable legal requirements.
🌍 International Data Transfers
ZR Nordic Group operates across Saudi Arabia and Denmark. We may transfer your personal information between these jurisdictions and to trusted service providers in other countries.
Safeguards for International Transfers
- Adequacy Decisions: Transfers to countries with adequate data protection levels
- Standard Contractual Clauses: EU-approved contracts for secure data transfers
- Binding Corporate Rules: Internal policies ensuring consistent protection
- Certification Schemes: Adherence to recognized privacy frameworks
We ensure all international transfers comply with both Saudi PDPL and Danish data protection requirements, providing you with the same level of protection regardless of where your data is processed.
👶 Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without appropriate parental consent, we will delete that information promptly.
Parents and guardians who believe we may have collected information from a child should contact us immediately using the information provided below.
📝 Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email if you have subscribed to our communications
- Display a prominent notice on our website
- For significant changes, seek fresh consent where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
📞 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Email: legal@groupnordic.com.sa
General Inquiries: group@groupnordic.com.sa
Phone: +966 510 27 6061
Postal Address
ZR Nordic Group
Jeddah, Saudi Arabia
Kingdom of Saudi Arabia
European Representative
Copenhagen, Denmark
Kingdom of Denmark
Response Time
We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please mark your communication as "URGENT - PRIVACY REQUEST" in the subject line.
🏛️ Regulatory Compliance
This Privacy Policy is designed to comply with:
- Saudi Arabia Personal Data Protection Law (PDPL)
- Danish Data Protection Act
- EU General Data Protection Regulation (GDPR) - where applicable
- Other applicable local and international privacy laws
If you believe we have not complied with applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority:
- Saudi Arabia: Saudi Data and AI Authority (SDAIA)
- Denmark: Danish Data Protection Agency (Datatilsynet)
However, we encourage you to contact us first so we can address your concerns directly.