Rovera Privacy Policy

1. Introduction

This Privacy Policy describes how Rovera Holdings Limited ("Rovera," "we," "us," or "our") collects, uses, shares, and protects information when your organization interacts with our compliance automation services, websites, and related applications (collectively, the "Services").

2. Scope

This Privacy Policy applies to Rovera's websites, applications, and services. It does not apply to third-party applications or services that integrate with Rovera. As our platform processes data on behalf of businesses, this policy primarily addresses how we handle business contact information and related business data.

3. Information We Collect

3.1 Customer Business Data

When your organization uses our Services, you submit business data according to our service agreements. Rovera processes this data as a processor on behalf of your organization.

3.2 Business Contact Information

To create or update a Rovera account, your organization provides us with business contact information (corporate email addresses, names, job titles, company details) and account credentials.

3.3 Usage Information

We collect information about how your authorized users interact with our Services, including:

• Log data (IP address, browser type, pages visited)
• Device information (device type, operating system)
• Location information (approximate location based on IP address)

3.4 Other Business Information

We may collect additional business information provided when using our Services, participating in events, requesting support, or responding to business surveys.

4. How We Use Information

Rovera uses collected business information for the following purposes:

• Providing, maintaining, and improving our Services
• Processing transactions and managing business accounts
• Communicating with your organization about our Services
• Ensuring security and preventing fraud
• Complying with applicable laws and regulations
• Sending product updates and business communications (which your organization can opt out of)

5. Information Storage and Protection

5.1 Data Localization

We store all customer data within Kingdom of Saudi Arabia in compliance with the PDPL, unless otherwise agreed upon in writing in your service agreement.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your business information against unauthorized access, loss, or damage.

5.3 Retention Period

We retain your business information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or to enforce our agreements.

6. Information Sharing

We may share business information with:

• Service providers that help us deliver our Services
• Your organization's authorized representatives
• Third parties when required by law or to protect rights
• Third parties in connection with a business transaction (merger, acquisition, sale)

We do not sell your business information to third parties.

7. Your Organization's Rights Under PDPL

Under Saudi Arabia's Personal Data Protection Law, your organization has the right to:

• Be informed about the collection and use of business data
• Access business data we hold
• Request correction of inaccurate business data
• Request deletion of business data in certain circumstances
• Object to processing of business data
• Restrict the processing of business data

To exercise these rights, please contact us at privacy@rovera.ai.

8. International Data Transfers

Where necessary to transfer business data outside Saudi Arabia, we implement appropriate safeguards in compliance with PDPL requirements, including:

• Obtaining explicit consent when required
• Ensuring adequate protection levels in recipient countries
• Implementing appropriate data transfer agreements

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify your organization of material changes through our website or by email before they become effective.

10. Contact Information

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact:

11. Service Agreement

By using our Services, your organization accepts the terms of this Privacy Policy. This Policy forms part of our Service Agreement with your organization. If your organization does not agree with these terms, please discontinue use of our Services.