Privacy Policy

Contact Us

If you have any questions about:

this Privacy Notice,
the use of your personal data, or
wish to exercise any of your privacy rights,

Please contact us using the following details:

By post: Almosafer Company for Travel and Tourism, Seera Group Building, Imam Saud bin Abdulaziz St, Riyadh, 12476, Saudi Arabia

Making a Data Protection Complaint

If you have any complaints about the use of your personal data or concerns regarding how your personal data is handled and your rights, you may submit a complaint to us directly using the contact details provided above in this Privacy Notice.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the Saudi Data and AI Authority (SDAIA) or with the supervisory authority in the member state where you reside.

Personal Data We Collect from You

We collect personal data when you:

complete an online contact form,
visit our website,
use our mobile app,
visit or make a purchase at our retail stores,
request, purchase and use a service from us, or
communicate with us (including phone calls, chat, email, web forms and social media).

We collect personal data to provide a seamless travel experience. This includes data you provide and data collected automatically via our digital platforms.

Identity Data: Name, date of birth, photos, and passport details.
Contact Data: Email address, telephone number, and physical address.
Financial Data: Bank account numbers, credit card details, and purchase history.
Sensitive Data: Medical certificates or religious beliefs (only when strictly necessary for travel arrangements).
Technical & Usage Data: IP addresses, device identifiers, browser types, location data, search history, page views, and usage patterns.

Children’s Privacy: Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from minors without explicit parental or guardian consent.

Cookies

We use cookies and similar technologies to enhance your experience on our website.

These are small data files downloaded from a website to your computer, tablet, or mobile device while you browse, designed to enhance your experience on the site.

They may store information such as your personal settings or preferences, allowing you to avoid re-entering details each time you visit.

Types of cookies we use:

Strictly Necessary Cookies: Essential for website functionality and security. These cookies are exempt from requiring the user’s consent and are deleted at the end of or shortly after the end of the session.
Analytical Cookies: Collect anonymous information about a website is used, such as the pages visited most often. Information these cookies collect is aggregated and therefore anonymous. (Consent Required)
Functional Cookies: Used to remember your preferences, such as language and region. These are anonymous and don’t track browsing activity across other websites. (Consent Required)
Targeting & Advertising: Used to deliver advertisements relevant to you and your interests. (Consent Required)

How to Manage Your Choices: Upon your first visit, a Cookie Banner will appear. You may select "Accept All” or "More Information" to provide granular consent for specific categories of cookies. You can update these preferences at any time via the "Cookie Settings" link in our website footer or by adjusting your browser settings.

Withdrawing Consent: If you wish to withdraw consent you can use the option available under Footer > Legal > Manage Cookie Preferences. You may also manually delete cookies from your browser using the instructions below.

If you are using Google Chrome:

Click the three dots in the top-right corner
Select Clear Browsing Data
Choose a time range
Check the box next to Cookies and other site data
Click Clear data

If you are using Safari: On a Mac:

Select Safari > Settings
Click Privacy
Click Manage Website Data
Select the websites you want to remove cookies from, or click Remove All
Click Remove or Remove All

On an iPhone or iPad:

Go to Settings > Apps > Safari
Tap Clear History and Website Data

How We Use Your Personal Data

We process your personal data based on the following lawful bases:

Consent: When you give us explicit consent to process your data for specific purposes.
Contract: When processing is necessary for the performance of a contract you are a party to.
Legal Obligation: When we need to comply with a legal obligation.
Legitimate Interests: When it’s necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

We use your personal data for the following purposes:

Provide the information you requested: Data Types: Identity (Legitimate Interests), Contact (Contract)
Provide you with a service: Data Types: Identity and Contact (Contract)
Manage bookings: Data Types: Identity, Contact, Financial, and Sensitive Data (Contract)
Market our products and services: Data Types: Identity and Contact (Consent) Marketing Opt-Out: You can opt out of receiving marketing communications at any time with one click. All marketing email, SMS, or WhatsApp messages we send include a clear "unsubscribe" or "opt-out" link to stop future communications.
Seek feedback and conduct research: Data Types: Identity and Contact (Legitimate Interests)
Infrastructure & Monitoring: Data Types: Identity (Legitimate Interests)

Where we are processing your personal data for our legitimate interests, you may object to the processing of your personal data. We need specific personal data from you in order to provide our services.

Sharing your Personal Data

When necessary, we share your personal data with:

our service partners (such as airlines, hotels, etc.),
tax and relevant regulatory authorities,
government authorities (such as for visa processing),
prosecuting authorities, courts, and/or other relevant third parties connected with legal proceedings or claims,
law enforcement agencies, and
third parties where we are required to do so by law
Analytics and customer engagement providers
Cloud infrastructure and hosting providers
Security and fraud prevention providers
AI platform partners

International Transfers

Your personal data may be transferred to and processed in countries outside the Kingdom of Saudi Arabia (KSA). Some of these countries may not provide the same level of data protection as your home country.

We ensure that appropriate safeguards, such as Standard Contractual Clauses, Binding Corporate Rules, or other legal mechanisms, are in place to ensure a level of protection equivalent to the PDPL.

Data Security

All data transmission uses HTTPS/TLS encryption
API connections are secured with authentication tokens
Data at rest is encrypted on all cloud services
Access to data follows the principle of least privilege
Authentication mechanisms (e.g. MFA) are used to protect access as required.
Regular security assessments of vendors are conducted
Compliance with industry-standard security practices
Only necessary personal data is collected and used for its intended purpose.

Retaining Your Personal Data

We keep personal data only for as long as it is required for the following purposes:

the purposes described above,
to meet our legal or regulatory obligations, and
for the exercise and/or defence of any legal claims.

Your Data Subject Rights

Discover Saudi recognises your rights relating to your personal data; however, these rights may be subject to various exceptions and limitations in accordance with the personal data protection system.

You may request to exercise your rights at any time by contacting us. Contact details can be found in the Contact section above.

You have the following rights:

- Right to Know (be Informed): To know how and why your data is collected and used.

Right to Request Access: To obtain a copy of your personal data held by us.
Right to Request Correction: To request the update or correction of inaccurate, incomplete, or obsolete data.
Right to Request Destruction: To request the deletion of your personal data under certain conditions.
Right to Restriction: To request restriction of processing your data under certain conditions.
Right to Data Portability: To request to receive your data in a structured, commonly used, and machine-readable format.
Right to Object: To object to processing of your data, including for direct marketing purposes.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Response Time: We will respond to your requests within 30 days. This may be extended for complex requests, in which case we will notify you in advance.

Data Breach Notification

In the event of a data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law. If the breach is likely to pose a high risk to your rights and freedoms, we will also inform you without undue delay.

Profiling

We may use your booking history and platform activity to understand your travel preferences (e.g. whether you typically travel for business or leisure). We use this internal profiling solely to personalise the marketing offers and content you receive from us. We do not use this to make automated decisions that legally or significantly affect you.

Automated Decision Making

We do not use any automated processes to make decisions about you that produce legal or significant effects concerning you.

Changes to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. If we make significant changes, we will notify you by posting the updated notice on our website and revising the "Last Updated" date at the bottom of this notice.

Last updated: xx April 2026

Corporate

Almosafer Corporate

Legal

Travel and Tourism Services License Permit Number: 73102979

Commercial Registration Number: 1010584439

Category: Tour Operator, Travel & Tourism Agent, Hospitality Reservation Services