Data Privacy and Security Policy

At Aqaba Manufacturing & Refining Vegetable Oils Co., we are committed to respecting and protecting the privacy, confidentiality, and security of personal data entrusted to us. This Data Privacy and Security Policy sets out the principles governing the collection, use, processing, disclosure, retention, and protection of personal data by the Company in accordance with applicable laws and regulations.
 
1. Purpose:
The purpose of this Policy is to establish a formal framework for the lawful and secure handling of personal data processed by Aqaba Manufacturing & Refining Vegetable Oils Co. in the course of its business activities.
 
2. Scope:
This Policy applies to all personal data processed by Aqaba Manufacturing & Refining Vegetable Oils Co., whether in electronic, paper, verbal, visual, or any other form, and whether relating to customers, prospective customers, employees, job applicants, suppliers, contractors, consultants, visitors, website users, and any other individuals dealing with the Company.
 
3. Definitions:
For the purposes of this policy:
  • Personal data refers to any information that identifies or relates to an individual.
  • Personal Data means any information relating to a natural person that identifies, or is capable of identifying, that person directly or indirectly.
  • Data Subject means the identified or identifiable natural person to whom the personal data relates.
  • Data Controller means Aqaba Manufacturing & Refining Vegetable Oils Co., being the entity that determines the purposes and means of processing personal data.
  • Data Processor means any natural or legal person who processes personal data on behalf of Aqaba Manufacturing & Refining Vegetable Oils Co.
  • Processing means any operation or set of operations performed on personal data, whether by automated means or otherwise, including collection, recording, organization, storage, use, disclosure, transfer, amendment, retrieval, restriction, deletion, or destruction.
 
4. Data Collection and Processing
The Company shall process personal data in accordance with the following principles:
  • personal data shall be collected and processed for specified, explicit, and legitimate purposes;
  • personal data shall be processed fairly, lawfully, and transparently;
  • personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed;
  • personal data shall be accurate and kept up to date where necessary;
  • personal data shall be retained only for as long as necessary for the relevant purpose or as required by law;
  • personal data shall be protected by appropriate technical, administrative, and organizational safeguards.
 
5. Lawful Basis for Processing
Aqaba Manufacturing & Refining Vegetable Oils Co. collects and processes personal data only for lawful and legitimate purposes. Depending on the nature of the processing and the applicable legal requirements, personal data may be processed on the basis of:
  • the consent of the data subject;
  • the performance of a contract or steps prior to entering into a contract;
  • compliance with a legal or regulatory obligation;
  • employment, administrative, operational, accounting, audit, or security purposes;
  • the establishment, exercise, or defense of legal claims;
  • any other lawful basis permitted under applicable law.
 
Where consent is relied upon, the data subject shall have the right to withdraw such consent, subject to legal, regulatory, or contractual limitations.
 
6. Categories of Personal Data
Depending on the nature of the relationship with the Company, the categories of personal data processed may include:
  • identification data;
  • contact details;
  • customer and account information;
  • supplier and contractor information;
  • financial and transaction-related information;
  • employment, recruitment, and HR records;
  • correspondence and communication records;
  • security, visitor, and access-control records;
  • technical and usage data relating to the Company’s systems, facilities, and website;
  • any other data reasonably required for lawful business purposes.
 
7. Purposes of Processing
The Company may process personal data for purposes including, without limitation:
  • customer service and relationship management;
  • sales, order processing, delivery, invoicing, and payment administration;
  • supplier, contractor, and consultant management;
  • recruitment, employment administration, payroll, benefits, and HR management;
  • legal and regulatory compliance;
  • occupational health, safety, and security;
  • physical access control and asset protection;
  • information security and incident management;
  • operation, maintenance, and improvement of the Company’s services, facilities, systems, and website;
  • internal reporting, audit, governance, and risk management;
  • any other purpose permitted by law and reasonably connected to the Company’s operations.
 
8. Sources of Personal Data
Personal data may be collected directly from the data subject or, where lawful and appropriate, from third parties, public records, service providers, business partners, or other legitimate sources. The Company shall take reasonable steps to ensure that the personal data it processes is accurate, relevant, and current.
 
9. Data Security Measures
The Company shall implement appropriate technical, organizational, and administrative measures to protect personal data against unauthorized or unlawful access, disclosure, loss, misuse, alteration, destruction, or accidental damage.
 
Such measures may include, where appropriate:
  • access controls and authorization procedures;
  • restricted access to personal data on a need-to-know basis;
  • secure storage, encryption, backup, and recovery measures;
  • password, system, and network security controls;
  • monitoring, logging, and incident response procedures;
  • confidentiality obligations for employees and service providers.
 
10. Data Sharing and Third Parties
The Company may disclose or share personal data with third parties where such disclosure is necessary and lawful, including to:
  • service providers and processors supporting the Company’s operations;
  • auditors, professional advisers, insurers, banks, and financial institutions;
  • governmental bodies, regulators, law enforcement authorities, courts, or judicial authorities where required or permitted by law;
  • other parties where the data subject has consented or where disclosure is otherwise lawful.
 
Where personal data is processed on the Company’s behalf by third parties, the Company shall require such parties to maintain appropriate confidentiality, security, and data protection measures.
 
11. Data Retention
Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected and processed, or for such longer period as may be required or permitted by applicable law, regulation, contract, audit, tax, employment, health and safety, dispute-resolution, or record-keeping requirements.
 
At the end of the applicable retention period, the Company shall securely delete, destroy, anonymize, or archive the personal data as appropriate.
 
12. Employee Responsibilities
All employees, contractors, and relevant personnel of the Company are responsible for complying with applicable data protection requirements and this Policy.
 
In particular, they are required to:
  • process personal data only within the scope of their authority and responsibilities;
  • maintain confidentiality of personal data;
  • report suspected or actual data breaches, misuse, or unauthorized access immediately;
  • comply with security procedures and internal controls;
  • participate in relevant privacy and data protection awareness and training programs.
 
13. Security Monitoring and Access Control
Where necessary for lawful business, safety, security, operational, or compliance purposes, the Company may use access-control systems, visitor records, network monitoring, system logs, and, where applicable, surveillance or other security measures, in accordance with applicable law.
 
14. Compliance and Governance
Aqaba Manufacturing & Refining Vegetable Oils Co. is committed to complying with applicable personal data protection laws, regulations, and relevant internal procedures and controls.
 
15. Policy Review and Amendments
This Policy shall be reviewed periodically and may be amended from time to time to reflect changes in legal requirements, regulatory developments, operational needs, or the Company’s practices.
 
The latest approved version of this Policy shall supersede any previous versions.
 
16. Contact Information
For any inquiries, requests, or concerns regarding privacy, personal data protection, or this Policy, please contact:
 
Aqaba Manufacturing & Refining Vegetable Oils Co.
 
17. Effective Date
Effective Date / Last Review Date: 01/01/2026
 
By adopting this Policy, Aqaba Manufacturing & Refining Vegetable Oils Co. reaffirms its commitment to safeguarding the personal data of its customers, employees, business partners, and all individuals associated with its operations.
 
Data Privacy and Security Policy (APP FS 06 12)