Privacy Policy

Last Updated: February 25, 2026

1. Introduction

Management System Solutions Company ("MSSC", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website mssc.com.sa or use our services, in accordance with the Saudi Arabia Personal Data Protection Law (PDPL) and applicable international data protection standards.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide to Us

• Contact Information: Name, email address, phone number, postal address
• Professional Information: Job title, company name, industry sector
• Training Registration Data: Course preferences, dietary requirements, accessibility needs
• Employment Applications: CV/resume, qualifications, work history, references
• Communication Data: Enquiry details, feedback, correspondence

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system
• Usage Data: Pages visited, time spent on pages, navigation paths
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. How We Use Your Personal Data

We process your personal data for the following purposes:

• Service Delivery: To provide consulting and training services you have requested
• Registration Processing: To process training course registrations and manage your participation
• Communication: To respond to enquiries, provide customer support, and send service-related communications
• Marketing: To send promotional materials about our services (with your consent)
• Website Improvement: To analyse website usage and improve our online services
• Legal Compliance: To comply with legal obligations and protect our legitimate interests
• Recruitment: To process job applications and manage recruitment processes

5. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: Where you have given explicit consent for specific processing activities
• Contractual Necessity: Where processing is necessary for the performance of a contract with you
• Legal Obligation: Where processing is required to comply with applicable laws and regulations
• Legitimate Interest: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights

6. Data Sharing and Disclosure

We may share your personal data with:

• Accreditation Bodies: Such as IOSH, ACMP, CPD, and IRCA-approved centres, as required for course certification and accreditation purposes
• Service Providers: Third-party providers who assist us in operating our website and delivering services (under appropriate data processing agreements)
• Legal Authorities: Where required by law, regulation, or legal process
• Business Partners: With your consent, to facilitate joint service offerings

We do not sell your personal data to third parties.

7. International Data Transfers

Where we transfer personal data outside Saudi Arabia, we ensure appropriate safeguards are in place in accordance with the PDPL and applicable regulations to protect your data.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Training records and certification data may be retained for extended periods as required by accreditation bodies.

9. Your Rights

Under applicable data protection laws, you have the following rights:

• Right of Access: To request a copy of the personal data we hold about you
• Right to Rectification: To request correction of inaccurate or incomplete data
• Right to Erasure: To request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: To request limitation of processing in certain circumstances
• Right to Data Portability: To receive your data in a structured, commonly used format
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
• Right to Object: To object to processing based on legitimate interests or for direct marketing purposes

To exercise any of these rights, please contact us at info@mssc.com.sa.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such information promptly.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a revised "Last Updated" date.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us: