Introduction
Saja Company ("the Company," "we," "us") is committed to protecting the privacy of our customers' personal data ("you," "the data subject"). This Privacy Policy ("the Policy") provides transparency on how your personal data is collected, used, shared, and protected, in compliance with the Personal Data Protection Law in the Kingdom of Saudi Arabia, guided by SDAIA principles. It follows core data protection principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, and security.
Scope of the Policy
This Policy applies to all personal data collected when using our services, including websites, mobile apps, customer service channels, and other interactions with Saja Company in Saudi Arabia.
Key Definitions
- Personal Data: Any data that could identify an individual, directly or indirectly, including name, ID, addresses, contact numbers, assets, bank or credit card numbers, images, and other personal information.
- Processing: Any operation performed on personal data, including collection, storage, use, sharing, or destruction.
- Data Controller: Saja Company, responsible for determining the purpose and means of processing personal data.
- Data Subject: The individual to whom the personal data relates.
Section One: Company Identification and Contact Details
Entity Name and Activity: Saja Company is licensed by the Ministry of Tourism in Saudi Arabia, providing comprehensive travel and tourism services including hotel booking, airline tickets, integrated tourism programs, transportation, insurance, and visa services.
Contact Details:
- Official Name (Arabic): شركة بدبانك
- Official Name (English): Saja Company
- Trademark: Saja
- Address: Jeddah, Kingdom of Saudi Arabia
- Email: info@saja.com
- Unified National Number: 7050680649
Personal Data Protection Officer
To oversee data protection compliance, contact the Personal Data Protection Officer:
- Email: info@saja.com
- Mailing Address: Attn: Personal Data Protection Officer, Jeddah, Kingdom of Saudi Arabia
Section Two: Personal Data We Collect
We only collect data necessary for service provision and class it clearly:
Account and Profile Data
- Mandatory: Full name, email, phone, password.
- Optional: Date of birth, nationality, travel preferences.
Traveler and Booking Data
- Mandatory: Full name, DOB, gender, passport info, visa info, loyalty program numbers, trip details.
- Optional: Special requests (meals, room preferences).
Financial and Payment Data
- Mandatory: Card details (securely transmitted), cardholder name, expiry, CVV, billing address.
Communications and Feedback Data
- Mandatory: Customer service records (email, chat, phone recordings).
- Optional: Feedback, survey responses, reviews.
Technical and Usage Data
- Mandatory: IP address, browser info, device info, OS, activity log.
Location Data
- Optional: Precise location, collected only with explicit consent, for personalized services.
Section Three: How and Why We Collect and Process Your Personal Data
Methods of Collection
- Direct: When creating an account, booking, subscribing to newsletters, or contacting customer service.
- Indirect: Automatically via cookies, device tracking, or third-party partners like airlines.
Purposes of Processing & Legal Bases
We process data to fulfill contracts, comply with law, obtain your consent, or protect legitimate interests.
| Data Category |
Purpose of Processing |
Legal Basis |
| Account & Profile |
Manage account, provide personalized experience. |
Contractual obligation |
| Traveler & Booking |
Complete bookings with providers. |
Contractual obligation |
| Traveler & Booking |
Verify identity and security compliance. |
Legal obligation |
| Financial & Payment |
Process payments and prevent fraud. |
Contractual obligation / Legitimate interests |
| Communications & Feedback |
Customer support and retention of records. |
Contractual / Legal obligation |
| Technical & Usage |
Platform analysis and security. |
Legitimate interests |
| Account & Communications |
Marketing, promotions, newsletters. |
Consent |
Section Four: How We Use and Share Your Personal Data
We do not sell your data. We share data strictly as needed:
- Travel Service Providers (hotels, airlines, car rentals, tour operators).
- Global Distribution Systems (Amadeus, Sabre).
- Payment Service Providers (trusted banks and gateways).
- Government & Regulatory Authorities (SDAIA, Ministry of Tourism).
- Business & Technical Service Providers (cloud, analytics, email marketing, support).
International Data Transfer
Transfers outside Saudi Arabia are done in full compliance with the Law, with adequate safeguards or standard contractual clauses.
Section Five: Data Storage, Security, and Destruction
- Encrypted storage, role-based access, firewalls, training, and audits.
- Retention: Booking data 10 yrs, account active duration, service records 1 yr, consent-based data until withdrawn.
- Destruction: Secure deletion or physical shredding after retention period.
Section Six: Your Rights
- Right to be informed, access, copy, correct, destroy, and withdraw consent.
- Exercise via email info@saja.com or website form.
- No fees; responses within 30 days (extension possible for 30 more days).
Section Seven: Complaints and Objections
Section Eight: Final Provisions
- Policy updates posted on website; material changes notified via email.
- Third-party links: Not responsible for their privacy practices.
- Governing language: Arabic version prevails in case of conflict.
