ESC

Type a country or city name

Privacy Policy

Last updated: April 09, 2026

Privacy Policy – AlRamz Platform

1. Introduction

• This Privacy Policy explains how AlRamz collects, processes, uses, and protects personal data when users access the website, application, or any digital services, including telecommunications services such as eSIM

• The platform is committed to compliance with:

Saudi Personal Data Protection Law (PDPL)

Communications, Space and Technology Commission (CST) regulations

International data protection standards such as GDPR

• Use of the platform constitutes explicit consent to this Privacy Policy

2. Legal and Regulatory Framework

• This policy is governed by the following:

• Saudi Personal Data Protection Law (PDPL)

• SDAIA implementing regulations

• CST data protection principles for telecom and digital services

• Under PDPL, personal data must be processed lawfully, fairly, transparently, and for specific purposes only

• CST regulations require service providers to protect user data and ensure confidentiality within telecom services

3. Data Controller

• AlRamz acts as the data controller, responsible for:

• Determining the purpose of data processing

• Ensuring compliance with regulations

• Protecting personal data

• The platform is accountable for all processing activities and any third parties involved

4. Scope of Application

• This policy applies to all users interacting with:

• Website

• Mobile applications

• Digital and telecom services

• Covers all activities related to:

• Collection

• Processing

• Storage

• Sharing of personal data

5. Types of Personal Data Collected

• Data provided by the user

• Full name

• National ID or verification documents

• Email address

• Phone number

• Account credentials

• Payment and billing information

• Any information submitted during service use

• Data collected automatically

• IP address

• Device type and operating system

• Browser type and language

• Approximate geographic location

• Platform usage logs and interaction behavior

• Session duration and clickstream data

• Cookies and tracking technologies

• Service and transaction data

• Orders and service usage details

• Transaction history

• Preferences and usage patterns

6. Sources of Data Collection

• Personal data is collected from:

• Direct user input

• Platform systems and applications

• Cookies and tracking technologies

• Third-party service providers

• Regulatory or lawful sources where required

7. Legal Basis for Processing

• Data is processed under the following lawful bases:

User consent

Contractual necessity

Legal obligations

Legitimate business interests

• PDPL requires that data is collected for a specific and lawful purpose and not reused unlawfully

8. Purposes of Data Processing

• Service delivery

• Account creation and management

• Activation of services

• Processing transactions

• Subscription management

• Customer support

• Responding to inquiries

• Handling complaints

• Providing technical assistance

• Service improvement

• Analyzing user behavior

• Enhancing system performance

• Personalizing user experience

• Security and fraud prevention

• Detecting unauthorized activity

• Protecting infrastructure

• Monitoring suspicious behavior

• Regulatory compliance

• Meeting legal and regulatory requirements

• Cooperating with authorities

• Marketing and communications

• Sending offers and updates with consent

• Personalizing promotional content

9. Data Processing Principles

• AlRamz adheres to the following principles:

Lawfulness, fairness, and transparency

Purpose limitation

Data minimization

Accuracy and integrity

Storage limitation

Security and confidentiality

• These principles are core requirements under PDPL and international standards

10. Data Sharing and Disclosure

• Personal data may be shared with:

• Technology and hosting providers

• Payment service providers

• Telecommunications operators

• Regulatory and governmental authorities

• Legal and professional advisors

• Disclosure is strictly limited to:

• Defined purposes

• Minimum required data

• Legal and regulatory compliance

• PDPL restricts disclosure unless legally justified

11. Cross-Border Data Transfers

• Personal data may be transferred outside Saudi Arabia only when:

• Adequate protection measures are in place

• Contractual safeguards exist

• Regulatory approvals are obtained

• PDPL imposes strict conditions on international transfers

12. Data Security and Protection Measures

• The platform implements comprehensive safeguards including:

• Encryption technologies

• Cybersecurity systems

• Access control and authentication

• Continuous monitoring and risk assessment

• Service providers are required to maintain strong data protection controls under CST and PDPL frameworks

13. Data Retention

• Personal data is retained:

• For the duration of the contractual relationship

• As required by legal and regulatory obligations

• Until the purpose of collection is fulfilled

• Data is then securely deleted or anonymized

14. User Rights

• Users have the right to:

• Access their data

• Request a copy

• Correct or update data

• Request deletion

• Restrict processing

• Withdraw consent

• Object to processing

• These rights are guaranteed under PDPL

15. Sensitive Data Handling

• Sensitive data is subject to enhanced protection, including:

• Restricted access controls

• Additional security measures

• Explicit consent requirements

• PDPL imposes stricter rules on sensitive data processing

16. Organizational Compliance Obligations

• AlRamz commits to:

• Maintaining records of processing activities

• Conducting privacy impact assessments

• Implementing governance frameworks

• Appointing a Data Protection Officer where required

• Reporting data breaches when applicable

17. Cookies and Tracking Technologies

• Cookies are used for:

• Performance optimization

• Usage analytics

• Personalization of services

• Users may manage cookie settings via browser preferences

18. Children’s Data

• The platform does not knowingly collect data from individuals under 18

• Any such data identified will be deleted immediately

19. International Compliance Standards

• The platform aligns with global best practices including:

• Transparency

• Accountability

• Privacy by design

• Data minimization

• PDPL is aligned with international frameworks such as GDPR

20. Violations and Penalties

• Unauthorized use or disclosure of personal data may result in:

• Financial penalties

• Legal liability

• PDPL enforcement includes strict sanctions and regulatory actions

21. Policy Updates

• This policy may be updated periodically

• The latest version published on the platform shall be the governing version

22. Contact Information

• For privacy-related inquiries or requests:

info@alramz.io

Need help? Chat with us!