Privacy Policy

Privacy Policy

Information collection and use

By accessing and utilizing our website Almosafer www.corporate.almosafer.com , including its mobile site and any potential future smartphone app platforms such as iOS, Android and Windows (collectively referred to as “site”), you are giving your consent to the outlined use of your personal information. However please note this privacy policy does not coverto the websites of our business partners, corporate affiliates or to any other third parties, regardless of whether their websites are linked to our site. We advise you review the respective privacy statements of the other parties to understand their data handling practices when you engage with them.

Almosafer is a trading name of Almosafer Company for Travel and Tourism

This Privacy Notice explains:

  • who we are
  • how we collect, share and use your personal data
  • how you can exercise your privacy rights

Almosafer is the Data Controller responsible for your personal data (referred to as "we", “us” or “our” in this privacy notice).

If you have any questions about

  • this privacy notice
  • the use of your personal data
  • or wish to request to exercise any of your rights

please contact us using the following details:

By email: dpo@almosafer.com

By post: Almosafer Company for Travel and Tourism Seera Group Building, Imam Saud bin Abdulaziz St Riyadh, 11391 Saudi Arabia

If you have any complaints about the use of your personal data or concerns regarding how your personal data is handled and your rights, you may submit a complaint to us directly using the contact details provided above in this Privacy Notice.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the Saudi Data and AI Authority (SDAIA) or with the supervisory authority in the member state where you reside.

We collect personal data when you:

  • complete an online contact form

  • visit our website.

The types of personal data we collect from you include/are:

  • Identity Data includes your first name, last name, photos, videos, passport etc.

  • Contact Data includes your email address, telephone number(s), and home address

It is important the personal data we hold about you is accurate and up to date. Please keep us informed of any changes to your personal data for example change of contact details, etc.

Sometimes we work with carefully selected third parties and we may receive your personal data from them.

The third parties include:

  • business partners

  • clients (your employer)

We process your personal data based on the following lawful bases:

  • Consent: When you give us explicit consent to process your data for specific purposes.
  • Contract: When processing is necessary for the performance of a contract you are a party to.
  • Legal Obligation: When we need to comply with a legal obligation.
  • Legitimate Interests: When it’s necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

We use your personal data for the following purposes:

Provide the information you requested:

  • Data Types: Identity (Legitimate Interests), Contact (Contract)

Provide you with a service:

  • Data Types: Identity and Contact (Contract)

Market our products and services:

  • Data Types: Identity and Contact (Consent)

Seek feedback and conduct research:

  • Data Types: Identity and Contact (Legitimate Interests)

Where we are processing your personal data for our legitimate interests, you may object to the processing of your personal data.

We need specific personal data from you in order to provide our services.

When necessary, we share your personal data with:

  • our holding group

  • our service partners (such as airlines, hotels etc.)

  • tax and any relevant regulatory authorities

  • government authorities (such as for Visa processing)

  • prosecuting authorities and courts, and/or other relevant third parties connected with legal proceedings or claims

  • law enforcement agencies

  • third parties where we are required to do so by law

Your personal data may be transferred to and processed in countries outside the Kingdom of Saudi Arabia (KSA). Some of these countries may not provide the same level of data protection as your home country.

If your personal data is transferred outside KSA, it will be shared with Almosafer's service providers and partners. We ensure that appropriate safeguards, such as Standard Contractual Clauses, Binding Corporate Rules, or other legal mechanisms, are in place to protect your data in accordance with the General Data Protection Regulation (GDPR) and the Saudi Personal Data Protection Law (PDPL).

Our service providers and partners are committed to keeping your personal data confidential and will not share it with any third parties.

We keep personal data for as long as it is required by us for the

  • purposes described above

  • to meet our legal or regulatory obligations

  • for the exercise and/or defence of any legal claims

Almosafer recognises your rights relating to your personal data; however, these rights may be subject to various exceptions and limitations in accordance with the personal data protection system.

You may request to exercise your rights at any time by contacting us. Contact details can be found in the Contact section above.

You have the following rights regarding your personal data:

  • Right to be Informed: Individuals have the right to receive clear and transparent information about how their personal data is collected, used, and shared.

  • Right to Access: Request access to your personal data and obtain a copy.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data under certain conditions, such as when the data is no longer needed for its original purpose.
  • Right to Restriction: Request the restriction of processing your personal data under certain conditions.
  • Right to Data Portability: Request to receive your data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller where technically feasible.
  • Right to Object: Object to the processing of your data, including for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time.

In the event of a data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law. If the breach is likely to pose a high risk to your rights and freedoms, we will also inform you without undue delay.

We do not engage in any profiling activities using your personal data.

We do not use any automated processes to make decisions about you that produce legal or significant effects concerning you.

We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. If we make significant changes, we will notify you by posting the updated notice on our website and revising the "Last Updated" date at the bottom of this notice.

Last updated: 14th September 2024