Privacy Policy
How SABK processes your personal data under the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679). Last updated: May 2026.
1. Data controller
The controller responsible for the processing of your personal data is:
- Company: [Legal company name]
- Address: Riyadh, Saudi Arabia
- Represented by: [Managing director]
- Email: contact@sabk.sa
- Phone: +966 50 123 4567
Our full company details are available in our Legal Notice.
2. Data Protection Officer
You can contact our Data Protection Officer (DPO) for any question regarding the protection of your data at contact@sabk.sa. [If no DPO is appointed, remove this section and use the controller's contact above.]
3. Scope
This policy applies to our website, mobile application and roadside-assistance platform, and to all users wherever they are located — including customers and partner technicians in Saudi Arabia and elsewhere. As the controller is established in the European Union, we process personal data in accordance with the GDPR.
4. Personal data we collect
4.1 Data you provide
- Identity and contact details: first/last name, email address, phone number
- Account credentials and one-time verification codes (OTP)
- For partners/technicians: professional details, KYC documents, garage address and coordinates
- Billing data and payment details for subscriptions (processed by our payment provider)
- Messages you send through our contact form or support channels
4.2 Data collected automatically
- Real-time GPS location during an active assistance request
- Device, browser and IP address (security and audit logs)
- Usage data (pages viewed, features used)
5. Purposes and legal bases (Art. 6 GDPR)
- Providing the service (account, dispatching the nearest technician, tracking, completion reports) — performance of a contract (Art. 6(1)(b)).
- Real-time location during a request — performance of a contract, and where required your consent (Art. 6(1)(a)) given via your device.
- Payments and subscriptions — performance of a contract and legal obligation (accounting) (Art. 6(1)(b)/(c)).
- Security, fraud prevention, audit logs — legitimate interests (Art. 6(1)(f)).
- Service messages (OTP, confirmations, receipts) — contract; marketing — your consent, withdrawable at any time.
- Legal compliance — legal obligation (Art. 6(1)(c)).
6. Location data
We collect your real-time GPS coordinates only when you submit a breakdown or assistance request. They are shared with the assigned technician for the duration of the intervention and are deleted no later than 30 days after the intervention is closed.
7. Recipients and processors
We never sell or rent your personal data. We share it only with:
- Certified technicians / garages — to fulfil your assistance request
- Payment provider (Stripe) — to process subscription payments securely
- Hosting / infrastructure provider — [Hosting provider, location]
- Communication providers — e.g. our email/SMS gateway for verification codes
- Competent authorities — where required by law or to protect rights and safety
These recipients act as processors under data-processing agreements (Art. 28 GDPR).
8. International data transfers
Because our customers and partners may be located outside the European Economic Area (EEA) — for example in Saudi Arabia — and some of our processors may operate outside the EEA, your data may be transferred internationally. Such transfers are protected by appropriate safeguards under the GDPR, namely an adequacy decision of the European Commission where available, or Standard Contractual Clauses (SCCs) together with supplementary measures. You may request a copy of the safeguards in place at contact@sabk.sa.
9. Data retention
We keep your account data for as long as your account is active. Location data is kept for up to 30 days after an intervention. Accounting and invoicing records are retained for the period required by law [e.g. 10 years under German law]. When data is no longer needed, it is deleted or anonymised.
10. Security
We apply appropriate technical and organisational measures (Art. 32 GDPR), including TLS/HTTPS encryption, access controls, token-based authentication and audit logging. No internet transmission is ever fully secure, so we cannot guarantee absolute security.
11. Your rights
Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object to processing (Art. 21). Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise your rights, contact contact@sabk.sa. You also have the right to lodge a complaint with a supervisory authority, in particular [competent German data-protection authority — name and Land].
12. Cookies
We use strictly necessary cookies to operate the website and keep you signed in. Any analytics or non-essential cookies are used only with your consent, which you can manage or withdraw at any time. [Detail the cookies used / link a cookie banner if applicable.]
13. Changes to this policy
We may update this policy from time to time. We will announce material changes by email or a prominent notice on our website. Continued use after the effective date constitutes acceptance of the updated policy.
14. Contact
- Data protection: contact@sabk.sa
- General: contact@sabk.sa
- Phone: +966 50 123 4567
- Postal address: [Legal company name], Riyadh, Saudi Arabia