Your Data Rights
At <strong>Skyline Cloud</strong>, operated by <strong>Skyline Solutions</strong> in Riyadh, Kingdom of Saudi Arabia, we respect your right to control your personal data. This page explains the rights you have under the Saudi <strong>Personal Data Protection Law (PDPL)</strong> and how to exercise them with us. Our services are <em>built to align with</em> the PDPL and Saudi regulatory expectations; formal certification of compliance is assessed by the respective authority. To exercise any right below, contact our Data Protection Officer at <a href="mailto:dpo@alskyline.com">dpo@alskyline.com</a> or <a href="mailto:privacy@alskyline.com">privacy@alskyline.com</a>.
- Effective
- 2 June 2026
- Last updated
- 2 June 2026
Your rights under the PDPL
The Saudi Personal Data Protection Law (PDPL) grants you a defined set of rights over your personal data. As a customer or user of Skyline Cloud, you may exercise the following rights at any time, free of charge for ordinary requests.
These rights apply to the personal data we process about you when you register for an account, use our cloud hosting, business email, DNS, and SSL services, or interact with us through cloud.alskyline.com or alskyline.com.
- Right to be informed — to know the legal basis and the purpose for which we collect and process your personal data.
- Right to access — to access the personal data we hold about you.
- Right to obtain a copy (portability) — to receive a copy of your personal data in a readable, commonly used format.
- Right to correct, complete or update — to have inaccurate or incomplete data corrected, completed or updated.
- Right to request destruction — to request deletion of your personal data when it is no longer needed for the purpose it was collected for, subject to any legal retention obligations.
- Right to withdraw consent — to withdraw your consent to processing at any time, where processing is based on consent.
How to exercise your rights
To exercise any of the rights above, send your request by email to our Data Protection Officer at dpo@alskyline.com or to privacy@alskyline.com. Please describe clearly which right you wish to exercise and the account or service it relates to.
To protect your data, we will verify your identity before acting on a request. We may ask for information that confirms you are the data subject or are authorized to act on their behalf. This step prevents unauthorized disclosure of personal data.
There is no fee for ordinary requests. In limited cases where a request is manifestly excessive or repetitive, we will tell you in advance if any reasonable cost applies, as permitted under the PDPL.
- Channel: email dpo@alskyline.com or privacy@alskyline.com.
- Include: the right you are exercising and the related account or service.
- Identity check: we verify your identity before disclosing or changing data.
Our response timeline
We aim to handle every request promptly and transparently.
If a request is particularly complex or involves a large volume of data, we may extend the response period once and will explain the reason and the new expected date before the original period ends.
- Acknowledgement: within 5 business days of receiving your request.
- Full response: within 30 days, extendable once for complex requests with prior notice.
- Withdrawing consent: takes effect going forward and does not affect processing already carried out lawfully before withdrawal.
How we protect your data
Your rights are supported by technical and organizational controls that are designed to meet the PDPL and Saudi regulatory expectations. We keep your data and its backups inside the Kingdom of Saudi Arabia (Riyadh) — we do not use any off-shore backup provider.
We run an automated internal compliance check mapped to the PDPL and to the requirements of relevant Saudi authorities, including the NCA Essential Cybersecurity Controls (ECC) and Cloud Cybersecurity Controls (CCC), and sector expectations such as CMA and SAMA. These are internal alignment measures; formal certification is assessed by the respective authority.
We do not publish details of our internal infrastructure for security reasons.
- In-Kingdom hosting: data and encrypted daily backups are kept in Riyadh, with 30-day retention and database point-in-time recovery.
- Encryption: TLS 1.2/1.3 only on public endpoints; encryption at rest at the infrastructure layer (AES-256) plus field-level application encryption.
- Tenant isolation: per-tenant data separation verified by tests.
- Access controls: mandatory two-factor authentication for all administrators, including tenant admins, and centralized authentication and admin audit logging.
- Email security: anti-spam and anti-virus filtering with SPF, DKIM and DMARC.
- Key handling: SSL private keys are generated on a hardened node isolated from the mail and portal services.
- Operational safeguards: rate limiting and blocking of destructive database commands in production.
If a data breach occurs
In the event of a personal data breach where harm is possible, we will notify the Saudi Data and Artificial Intelligence Authority (SDAIA) within 72 hours of becoming aware of the incident, in line with the PDPL.
Where the breach is likely to cause harm to your data or rights, we will also notify affected data subjects without undue delay and provide guidance on any steps you can take.
Complaints and contact
If you are not satisfied with how we have handled your request or your personal data, you have the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA), the competent supervisory authority under the PDPL. We encourage you to contact us first so we can try to resolve the matter directly.
This document is governed by the laws of the Kingdom of Saudi Arabia, and any dispute is subject to the courts of Riyadh.
- Data protection / rights requests: dpo@alskyline.com or privacy@alskyline.com.
- Security reports: security@alskyline.com.
- Legal matters: legal@alskyline.com.
- Supervisory authority: Saudi Data and Artificial Intelligence Authority (SDAIA).