Privacy Policy

1. Introduction

This Privacy Policy describes how Display Lab (operated by Display Lab, hereafter "we", "us", or "Display Lab") collects, uses, stores, and discloses personal information from visitors to displaylab.tech and from clients engaging our audio-visual integration services.

We are committed to compliance with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).

2. Information we collect

We collect the following categories of personal information:

• Contact and identity information — name, company name, work email, phone number, job title — collected when you submit a project brief or contact us.
• Project information — project location, project type, project size, and any details you voluntarily share in your inquiry.
• Technical information — IP address, browser type, operating system, referring URL, pages visited, time spent — collected automatically via web server logs and analytics tools.
• Cookie data — see our Cookie Policy for details on what cookies we use and how to manage them.
• Submission and storage — when you submit a project brief through our contact form, the information you provide is stored in our customer relationship management database. We use this information to respond to your inquiry, prepare proposals, and maintain a record of our communications.

3. How we use your information

We use personal information for the following purposes:

• To respond to your project inquiries and prepare proposals.
• To deliver, install, and support the systems we are contracted to integrate.
• To send transactional communications related to active engagements (proposal updates, project status, invoicing).
• To improve our website, services, and customer experience.
• To measure marketing effectiveness when you consent to analytics and advertising cookies.
• To comply with legal obligations including ZATCA tax invoicing, Saudi Customs, and applicable commercial regulations.

4. Legal basis for processing

We process personal information on the following legal bases under the Saudi PDPL:

• Consent — when you submit a project brief, subscribe to communications, or accept non-essential cookies.
• Contract performance — when processing is necessary to deliver services you have engaged us for.
• Legal obligation — when processing is required to comply with tax, customs, or other Saudi regulatory requirements.
• Legitimate interest — for fraud prevention, network security, and improving our services, balanced against your rights.

5. Sharing of information

We do not sell personal information. We share information only with:

• Service providers and infrastructure — we use third-party infrastructure providers to host our website and store form submissions, including our customer relationship management database which is operated on Supabase infrastructure provided through Lovable Cloud. These providers are bound by their own data protection and security obligations and only access data as necessary to provide the service.
• Manufacturer partners — when warranty registration, technical support escalation, or licensed software activation requires sharing limited contact information with the original equipment manufacturer.
• Government and regulators — when required by Saudi law, court order, or legitimate regulatory request.
• Professional advisors — legal, accounting, and audit firms bound by professional confidentiality.

6. Cross-border data transfers

Personal information you submit through our contact form, as well as website analytics data, is stored and processed on infrastructure located outside the Kingdom of Saudi Arabia. This includes our customer relationship management database, our website hosting infrastructure, and the third-party analytics services we use. By submitting information through our website, you consent to this cross-border transfer.

We take reasonable steps to ensure that any service provider receiving personal data outside the Kingdom maintains a standard of protection consistent with the requirements of the Saudi Personal Data Protection Law (PDPL). Where required by Saudi PDPL or its implementing regulations, additional safeguards are applied.

7. Data retention

We retain personal information only as long as necessary for the purposes it was collected, or as required by applicable Saudi law. Specifically:

• Project brief submissions — retained in our customer relationship management database for the duration of the inquiry and any resulting client engagement, plus the period required by Saudi commercial and tax law (currently a minimum of ten years for invoicing and project records).
• Inquiries that do not lead to engagement — retained for a reasonable period (typically up to twenty-four months) for follow-up purposes, after which the data is deleted or anonymised unless you have explicitly requested to remain on our mailing list.
• Marketing communications — retained until you withdraw consent.
• Website analytics — retained according to the data retention settings of the analytics service (currently configured to industry-standard defaults).

You can request earlier deletion at any time by contacting us at privacy@displaylab.tech, subject to legal retention obligations that may require us to retain certain records for the periods specified by Saudi law.

8. Your rights

Under the Saudi PDPL, you have the following rights regarding your personal information:

• Right to be informed — about how your data is processed.
• Right of access — to obtain a copy of your personal data we hold.
• Right of rectification — to correct inaccurate or incomplete data.
• Right of erasure — to request deletion of your data, subject to legal retention obligations.
• Right to withdraw consent — for processing based on consent, at any time.
• Right to lodge a complaint — with SDAIA if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@displaylab.tech.

9. Security

We implement reasonable technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (HTTPS / TLS) for all communications between your browser and our website.
• Encryption at rest on the database infrastructure that stores submissions.
• Access controls restricting database access to authorised personnel only.
• Reasonable safeguards against unauthorised public access to lead submissions through database row-level security policies.

No internet transmission or electronic storage system is completely secure, and we cannot guarantee absolute security. We will notify affected individuals and the relevant authority as required by Saudi PDPL in the event of a personal data breach.

10. Children's privacy

Our services are directed exclusively at businesses and government entities. We do not knowingly collect personal information from individuals under 18 years of age.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through a notice on our website.

12. Contact

For questions, concerns, or to exercise your data rights:

• Email: privacy@displaylab.tech
• Address: Riyadh, Saudi Arabia