Privacy Policy

Privacy Policy

1.Definitions

For the purpose of this policy, the following terms and phrases shall have the meanings assigned to them wherever they appear, unless the context requires otherwise:

1.1 Law: The Personal Data Protection Law - Saudi Arabia - issued by Royal Decree No. (M/19) dated 09/02/1443H and amended by Royal Decree No. (M/148) dated 9/5/1444 AH.

1.2 Regulations: The Implementing Regulations of the Law.

1.3 SMSA: SMSA Express Transport Co., Ltd.

1.4 Personal Data: Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

1.5 Data Processing: Any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.

1.6 Personal Data Protection Officer: Responsible for following up on the implementation of PDP Law and its regulations, monitoring and supervising the procedures in force within the controlling entity, and receiving requests related to personal data.

1.7 Data Subject: The individual with whom the Personal Data relates, or their representative or legal guardian.

1.8 Explicit Consent: Direct and explicit consent given by the Data Subject in any form that clearly indicates the Data Subject's acceptance of the Processing of their Personal Data in a manner that cannot be interpreted otherwise, and whose obtention can be proven.

1.9 Destruction: Any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.

1.10 Disclosure: Enabling any person - other than the Controller or the Processor, as the case may be - to access, collect or use personal data by any means and for any purpose.

1.11 Transfer: The transfer of Personal Data from one place to another for Processing.

1.12 Publication: Transmitting or making available any Personal Data using any written, audio or visual means.

1.13 Sensitive Data: Personal Data revealing racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or Genetic Data for the purpose of identifying the person, Health Data, and data that indicates that one or both of the individual’s parents are unknown.

1.14 Genetic Data: Any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data

1.15 Health Data: Any Personal Data related to an individual's health condition, whether their physical, mental or psychological conditions, or related to Health Services received by that individual.

1.16 Credit Data: Any Personal Data related to an individual's request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.

1.17 Controller: The entity that determines the purpose and means of processing personal data, whether it processes the data itself or through a processor.

1.18 Processor: The entity that processes personal data on behalf of the controller.

1.19 Public Entity: Any ministry, department, public institution or public authority, any independent public entity in the Kingdom, or any affiliated entity therewith.

1.20 Competent Authority: The Saudi Data and Artificial Intelligence Authority (SDAIA).

1.21 Personal Data Breach: Any incident that leads to the Disclosure, Destruction, or unauthorized access to Personal Data, whether intentional or accidental, and by any means, whether automated or manual.

1.22 Vital Interest: Any interest necessary to preserve the life of a Data Subject.

1.23 Actual interests: Refers to any moral or material interest of the Data Subject that is directly linked to the purpose of Processing Personal Data, and the Processing is necessary to achieve that interest.

2.Purpose of the Policy

The SMSA recognizes the importance of the privacy of your personal data as a fundamental principle. We respect and value the privacy of everyone who visits the SMSA’s electronic portal. We ensure that personal data will be collected and used in accordance with the Personal Data Protection Law. According to the Personal Data Protection Law, SMSA is the controller (the entity responsible for determining how your personal data is processed and is accountable for it).

3.Information about the SMSA

SMSA Express is a market leader in the courier industry. It boasts a solid business platform through which it has provided services to tens of thousands of businesses and individuals since 1994.

  • Since commencing business, SMSA Express has developed a range of services, including international and domestic express transportation, road, sea and airfreight, customs clearance, e-commerce solutions, special services for the health care sector, special delivery channel, mailroom management and many other services that qualify SMSA Express as the ideal logistics partner for prominent companies.
  • SMSA provides its distinctive services to numerous organizations and governmental entities, which depend on time sensitive service and security compliance. It is proud to serve businesses that demand a high level of care and quality.
  • SMSA Express, which, apart from its specialized logistics services, strives to meet the needs of citizens and businesses for domestic and international parcel delivery. SMSA Express has established a vast network that connects 230 countries together.
  • SMSA provides the best, most cost-effective, diverse express, freight, outbound and inbound shipping services available. In addition to SMSA’s parcel pick-up and delivery services, freight forwarding services, logistics services and tailor-made solutions, the operations are supported by a dedicated customs clearance department for clearing all incoming shipments either by air, road or sea.

4.Personal Data to be Collected

Specific types of personal data are collected for the processing purposes mentioned in Article 5 of this policy, and they are according to the following categories:

  • Account Data: Data requested from you when creating an account or profile on our platforms.
  • Payment Data: Data collected for processing payment transactions.
  • Cookies Data: Data collected through website logs, cookies, or other technologies, including IP addresses, browser type and version, operating system, login credentials, browsing data, internet traffic monitoring, and other online identifiers.
  • Identity Data: Name, date of birth, gender, ID/residence number, nationality, personal ID images, and personal photos.
  • Contact Data: Email address, phone number, and mobile number.
  • Entity Data: Entity name, license numbers, commercial registration number, images of commercial records, license images, permit data.
  • Entity Data: Entity name, license numbers, commercial registration number, images of commercial records, license images, permit data./li>
  • Vehicle Data: Vehicle information including vehicle plate number, serial number, chassis number, and violations.
  • Geographical Data: National address, short address, geographical location on maps.

5. Cookies

Our website may store first-party cookies on your device when you visit the SMSA’s websites and platforms. First-party cookies are those that are placed directly by us and used by us only. We also primarily use session cookies, which store user information during the session and browsing only and are deleted immediately after the user leaves our website and closes the browser. The purpose of using cookies is to facilitate your experience on our website and improve our services.

To ensure that your privacy and personal data are protected and respected at all times, we have provided control options allowing you to enable or disable cookies in your internet browser. Most internet browsers also allow you to choose whether you want to disable all cookies or only third-party cookies. By default, most internet browsers accept cookies, but this can be changed.

You can choose to delete existing cookies on your device at any time. However, you may lose any information that allows you to access our website more quickly and efficiently, including, for example, login and personalization settings.

6.Legal Basis for Collecting and Processing Your Personal Data

By using the SMSA’s platforms, you expressly consent to the collection and processing of your data for the specific purposes stated in Article 7 of this policy. Your consent is the legal basis for collecting and processing your personal data.

7. Purpose of Using and Processing Your Personal Data

Your personal data is used for specific and explicit purposes, as we are a company engaged in transportation and logistics services. Therefore, all uses and processing of personal data by SMSA are aimed at carrying out the duties stipulated in the mentioned regulation and serving the beneficiaries. The purposes are limited to the following services, without prejudice to the exceptions mentioned in the Personal Data Protection Law and other related regulations:

  • Providing products and services to customers.
  • Issuing invoices and collecting fees for products and services.
  • Legal and regulatory requirements (e.g., requests from official and judicial authorities).
  • Assisting the customer in selecting products and services.
  • Providing SMSA customers with information about updates and new products.
  • Receiving, processing, and analysing beneficiaries' complaints.
  • Sending periodic emails and text messages to process orders, provide information and updates about your request, and deliver SMSA news and related product updates.
  • Conducting various studies on all activities to activate and achieve SMSA’s objectives.
  • Receiving, processing, and sorting job applications for vacant positions advertised on the SMSA website.
  • We also use technical data, usage data, and profile data for the following purposes:
  • Using SMSA’s website and your IP address helps diagnose problems on its servers, provide relevant content based on your country and helps with the necessary statistics to measure website usage (e.g., the number of visitors, the language of your computer, and the type of browser). No external entity outside the technical team has access to your IP address.
  • Improving the beneficiary’s service by responding more effectively to customer service requests and support needs.
  • We may use Google Analytics reports to conduct website analyses, which collect information from IP addresses to display details such as country, city, device, visited pages, and session time per page. These reports are used internally for analysis and website development purposes.
  • SMSA may process your personal data for purposes not mentioned in this policy, in accordance with Paragraph 3 of Article 10 of the Personal Data Protection Law.

8. Rights of the Personal Data Subject

According to Article 4 of the Personal Data Protection Law, you are granted the following rights:

8.1 The right to be informed about the legal basis and the purpose of the Collection of your Personal Data.

8.2 The right to access your Personal Data stored by SMSA, in accordance with the rules and procedures set out in the Regulations, and without prejudice to the provisions of Article (9) of the Law.

8.3 The right to request obtaining your Personal Data held by SMSA in a readable and clear format, in accordance with the controls and procedures specified by the Regulations.

8.4 The right to request correcting, completing, or updating your Personal Data held by the SMSA.

8.5 The right to request a Destruction of your Personal Data held by SMSA when such Personal Data is no longer needed, without prejudice to the provisions of Article (18) of the Law.

To exercise any of your rights under the Law or if there are any changes or updates to your personal data, you can contact us using the contact information provided below.

info@smsaexpress.com

Note that, according to paragraph (A) of clause 1 and clause 2 of Article 9 of the Law, your right to access personal data may be restricted under certain circumstances, which may prevent you from accessing your data.

9. Protection of Your Personal Data

Your personal data will only be accessible to SMSA’s employees or authorized third parties who process data on behalf of the SMSA under contractual agreements. These agreements ensure the secure use of data in compliance with the Personal Data Protection Law and confirm that data is used only for the specified purposes.

  • We implement appropriate technical and organizational security measures to ensure your personal data is properly protected under the Personal Data Protection Law. Our security measures include:
    • Vulnerability scanning and penetration testing.
    • Data encryption during transmission and storage.
    • Regular application of patches and updates.
    • Reviewing protection and fortification settings for systems.
    • Applying security standards according to best practices for developing websites and applications.
  • Data collection is conducted within a secure technical structure compliant with the SMSA’s approved cybersecurity policies and standards, aligned with the regulations and legislation issued by the National Cybersecurity Authority.
  • Security procedures are established based on the SMSA’s approved cybersecurity policies and standards, compliant with the regulations and standards issued by the National Cybersecurity Authority, to prevent the accidental loss, unauthorized use, access, alteration, or disclosure of your personal data.
  • SMSA enforces data-sharing management procedures ensuring that data is not available to the public, and no data is exchanged or traded with any other party without the prior consent of the data subject, except in compliance with relevant policies, regulations, and laws.
  • SMSA enforces data access and permissions management procedures, allowing only authorized personnel who provide services on the SMSA’s website and government entities contributing to service development and facilitating beneficiary procedures to access the information.

10. Disclosure of Your Personal Data

Without prejudice to paragraphs (3, 4, 5) of Article 15 of the Personal Data Protection Law, you agree to share your personal data with relevant entities, whether private or public, according to a legal basis authorizing the requester to obtain it, while taking all regulatory, administrative, and technical measures before sharing it as per Article 19 of the Law.

11. Storage of Your Personal Data

By using SMSA’s platforms, you consent to the storage, processing, and use of your data by SMSA. Your personal data is stored through secure solutions within SMSA or authorized third parties within the Kingdom of Saudi Arabia. No data will be stored outside the Kingdom except in accordance with the provisions of the executive regulations for transferring personal data outside the Kingdom.

12. Retention and Destruction Period

Your personal data will be retained for the specified period during which the purpose for collecting the data exists. Upon the end of the purpose or upon your request, it will be deleted immediately in a secure manner ensuring it cannot be recovered, considering other applicable regulatory, organizational, or other requirements in the Kingdom of Saudi Arabia, without prejudice to the exceptions stated in Article 18 of the Personal Data Protection Law.

Exceptionally, personal data collected for the purpose of (receiving, processing, and sorting job applications for vacancies posted on the SMSA website) and personal data collected for the purpose of (processing and analysing reports and complaints) will be retained for three years after the end of the purpose.

13. Changes to the Privacy Policy

Users should regularly review the privacy policy, which may change at any time. Updates will be published on the privacy policy page, indicating the latest update. SMSA reserves the right to amend the privacy policy as necessary, and any amendments to the terms and conditions become effective upon approval without any obligation to announce.

  • This policy was issued on September 2024
  • The latest policy update was on October 2024.

14. Contact Us

For inquiries about the SMSA’s privacy policy, complaints, and requests regarding the privacy and protection of your personal data, including submitting a data subject rights request form, you can contact the Data Management and Governance Office team or our Personal Data Protection Officer via the following email addresses:

Customer Service Department - Head Office - SMSA Company Al-Dhubab Street

P.O. Box 63529 - Riyadh 11526

Kingdom of Saudi Arabia

Tel: +966920009999

info@smsaexpress.com