PERSONAL DATA PROTECTION CHARTER
SARL PETRO BARAKA
1. Purpose of the Charter
The purpose of this charter is to define the principles and commitments of SARL Petro Baraka regarding the collection, processing, storage, and protection of personal data, in accordance with current Algerian legislation and international data protection standards.
2. Scope of application
This charter applies to all:
- employees, service providers, and partners of Petro Baraka;
- clients, suppliers, and visitors of the website www.petrobaraka.com;
- the company’s IT systems and digital services (ERP, emails, GPS systems, etc.).
3. Processing principles
Petro Baraka undertakes to ensure that any processing of personal data complies with the following principles:
- Legality and fairness: data are processed lawfully, fairly, and transparently.
- Specified purpose: data are collected for precise, explicit, and legitimate objectives.
- Minimization: only data necessary for the purpose are collected.
- Accuracy: data are kept up to date.
- Limited retention: data are kept for the strictly necessary duration.
- Security and confidentiality: data are protected against any unauthorized access, modification, or disclosure.
4. Data collected
Petro Baraka may collect:
- Identification data: surname, first name, position, professional email address, telephone.
- Connection data: IP address, logs, user identifiers.
- Administrative data: bank details (partners), contractual documents.
- Security-related data: access badges, video surveillance (on the premises).
5. Purposes of processing
Data are processed for:
- administrative and HR management (contracts, payroll, access);
- customer and supplier management (orders, invoicing);
- IT systems security (network access, VPN, APN, logs);
- commercial and marketing follow-up (communication, newsletters);
- compliance with legal and regulatory obligations.
6. Data recipients
Data may be transmitted only:
- to Petro Baraka internal departments concerned by the processing;
- to duly authorized service providers (hosting providers, ERP integrators, telecom operators, etc.);
- to legal or judicial authorities in the event of a legal obligation.
7. Data security
Petro Baraka implements technical and organizational measures to ensure security:
- FortiGate firewall, network segmentation, and secured APNs;
- strict management of user access and passwords;
- regular server backups;
- internal IT security policy (IT Charter and IT Policy);
- staff awareness of cybersecurity.
8. Retention period
Data are kept for the duration necessary for their purpose:
- HR data: up to 5 years after the end of the contract.
- Customer/supplier data: 10 years for accounting purposes.
- Connection data: maximum 12 months.
- Video surveillance data: 30 days unless an incident occurs.
9. Rights of data subjects
Any person has the right:
- of access, rectification, or deletion of their data;
- to limitation or objection to their processing;
- to withdraw their consent.
Any request must be addressed to: - dpo@petrobaraka.com
- SARL Petro Baraka, Lot n°7 Industrial Zone – Biskra, Algeria
10. Responsibility and Governance
The implementation of this charter is placed under the responsibility of the IT Department and the Data Protection Officer (DPO), designated by the General Management. Periodic internal audits are carried out to ensure compliance with this charter.
11. Update of the charter
Petro Baraka reserves the right to modify this charter according to legislative or technological developments. Any modification will be published on the official website and communicated to staff.
12. Entry into force
This Personal Data Protection Charter enters into force as of October 01, 2025 and applies to all activities of Petro Baraka.
Approved by: General Management – SARL PETRO BARAKA
Head of IT Department: HAFAYED MESSAOUD
Date: 01/10/2025
