GDPR Compliance Statement
Our Commitment to Data Privacy and Protection
At Salsabeel ERP, powered by Al-Bari Technologies, we are committed to maintaining the highest standards of data privacy, security, and responsible data handling. This GDPR Compliance Statement outlines our approach to protecting customer and personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy standards. Even when operating outside the European Union, we recognize the importance of GDPR principles and apply strong data protection practices across all services, cloud infrastructure, and ERP operations.
1. Our GDPR Commitment
We are committed to ensuring that all personal and business data processed through Salsabeel ERP is handled lawfully, fairly, transparently, and securely. Our privacy practices are built around the core GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Data protection is not treated as a legal checkbox—it is a core operational responsibility.
2. Role in Data Processing
Customer as Data Controller
Our customers determine what personal and business data is collected, how it is used, and for what purpose.
Salsabeel ERP as Data Processor
We process data only on behalf of our customers and strictly according to the agreed services and operational requirements.
We do not use customer data for unrelated commercial purposes.
3. Types of Data Processed
Depending on the ERP modules used, data may include:
- Customer and supplier records
- Employee and HR information
- Financial and accounting data
- Sales and purchase transactions
- Attendance and payroll records
- Inventory and operational records
- Contact details and business communications
- System activity logs and user access records
We process only the data necessary for service delivery.
4. Legal Basis for Processing
Personal data is processed only where there is a lawful basis, including:
- Contractual necessity
- Legitimate business interests
- Legal compliance obligations
- Customer-authorized operational requirements
- Consent where applicable
Customers remain responsible for ensuring lawful collection and usage of their own business data.
5. Security Measures
We implement strong technical and organizational safeguards, including:
- Encrypted data transmission
- Role-based access control
- User authentication and permissions
- Secure cloud infrastructure
- Automated backups
- Access monitoring and audit logs
- Internal confidentiality controls
- Restricted staff access to customer environments
Our goal is prevention, not damage control after failure.
6. Data Subject Rights
Where applicable, GDPR provides individuals with rights including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent where applicable
Salsabeel ERP supports customers in responding to legitimate data subject requests where technically and contractually appropriate.
7. Data Retention and Deletion
Data is retained only for as long as necessary to provide services, meet legal obligations, and support contractual requirements. Upon service termination, customers may request:
- Secure data export
- Migration support
- Permanent deletion of stored records where applicable
We do not retain unnecessary data indefinitely.
8. Third-Party Service Providers
We may work with trusted subprocessors for:
- Cloud hosting
- Infrastructure services
- Email notifications
- Security monitoring
- Backup management
- Payment processing
All third-party providers are selected based on security standards, reliability, and compliance expectations.
9. International Data Transfers
Where customer data is processed across borders, we apply appropriate safeguards to maintain privacy, confidentiality, and legal compliance. Data protection standards remain consistent regardless of hosting location.
10. Breach Response
In the event of a confirmed data breach affecting customer information, we will:
- Investigate immediately
- Contain and mitigate the issue
- Notify affected customers without unreasonable delay
- Provide relevant breach details
- Support compliance obligations where required
Delayed disclosure is bad practice. Transparency matters.
11. Continuous Compliance
GDPR compliance is not a one-time document—it requires ongoing operational discipline. We regularly review:
- Security controls
- Access policies
- Internal compliance procedures
- Data handling practices
- Infrastructure protection measures
Our goal is long-term trust, not temporary compliance language.
Contact for Privacy & GDPR Matters
Salsabeel ERP by Al-Bari Technologies
- 📧 Email: support@albaritechnologies.com
- 📧 Business: albaritechnologies@gmail.com
- 📞 Phone: +92-303-44-66-999
- 📍 Address: Lahore, Pakistan