1. Scope
This policy applies to candidate data collected through FBR Holding's website, candidate portal, application forms, assessments, interviews, offers, and onboarding document workflows.
2. Recruitment Data Categories
Data may include name, email, phone, CV, nationality, years of experience, professional links, screening answers, assessment results, interview evaluations, correspondence, offers, and onboarding documents where required.
3. Processing Basis
We process recruitment data based on your explicit application consent, pre-contractual recruitment steps, and legitimate interest in protecting the hiring system and documenting decisions, in line with Saudi PDPL.
4. Retention Periods
Active applications are retained while they are being processed. After an application is closed, rejected, or withdrawn, we keep data for no more than six (6) months unless a longer legal or contractual reason applies. It is then deleted or anonymized under the retention policy.
5. Talent Pool
If a candidate is suitable for future opportunities, they may be added to the Talent Pool based on consent or a legitimate recruitment decision tied to future roles. Talent Pool records are reviewed periodically and archived or deleted when the purpose ends or when requested under applicable law.
6. Deletion & Anonymization
When retention ends, application data, files, attachments, and related session records are removed or anonymized so they no longer identify the candidate. Aggregated non-personal hiring metrics may remain for process improvement.
7. Candidate Rights
You may request access, correction, deletion, restriction, objection, or withdrawal of consent where consent is the basis. Contact us at privacy@fbr.sa.
8. Security & Access
Candidate data access is restricted by role and permission. We use audit logs, admin authentication, private file controls, and periodic operational risk review.
9. Relationship With Privacy Policy
This policy should be read with the Privacy Policy and Terms & Conditions. If there is a conflict, the rule more protective of the data subject applies.
Last updated: 2026 — Version 1.0.