Almajed - Whatsapp }}

Privacy and Terms of Use-App

Al Majed Perfumes Company, hereinafter referred to as "Al Majed Perfumes," "we," "us," or "our," is a leading perfume and oud product manufacturer and developer in the Kingdom of Saudi Arabia. Our activities include the production and sale of perfumes, oud, incense, essential oils, plant extracts, accessories, and gifts. "You," "Your," or "Data Subject" refers to customers or third parties in this notice.

Contact Details: Website: https://www.almajed4oud.com Phone: 920020088 Mailing Address: P.O. Box 85995, Riyadh 13321, Kingdom of Saudi Arabia Commercial Register: 1010045397

Last updated:

This Privacy Notice was last updated on [2025/7/1]

1. What is the purpose of this Privacy Notice?

This notice explains how we collect, use, store, disclose and protect personal data about our customers and users of our platforms, through our websites, mobile applications, in-store points of sale, call centres and social media channels, as well as data provided to us directly through your business transactions or through our loyalty programme.


This notice is in fulfillment of your right to access, in accordance with Article 4(1) of the Personal Data Protection Law and Article (4) of the Executive Regulations issued pursuant thereto. We at Al Majid Al Futtaim respect your privacy and are fully committed to protecting and processing your personal data in accordance with the highest standards of protection and privacy.


This Notice complies with the provisions of the Personal Data Protection Law in the Kingdom of Saudi Arabia (“PDPL”), its implementing regulations, as well as the privacy policy guidelines and regulatory directives issued by the Saudi Data and Artificial Intelligence Authority (“SDAIA”).


Pursuant to Article (30) of the Implementing Regulations, Al Majid Al Futtaim maintains a comprehensive internal record of personal data processing activities ("RoPA"), documenting all processing operations carried out on such data. This record is made available to the Saudi Data and Artificial Intelligence Authority upon request, in compliance with regulatory requirements.

2. What personal data do we collect about you?

We only collect personal data necessary for the purposes described in this Notice. We take reasonable and appropriate measures to ensure that the personal data we collect is accurate, complete, and regularly updated. We also adhere to the principle of data minimization, by collecting only personal data necessary to serve the specific and legitimate purposes described in this Notice, without exceeding it or using it in contexts that conflict with those stated here.

We collect certain personal data from our customers, including:

  • Personal information: name, mobile phone number, email address, gender, national ID/residence, address, social media username.
  • Payment and Financial Data: Bank account details, billing records, and payment history.
  • Device data and technical data: Device data, IP address, and session ID from cookies.
  • Marketing and Retargeting Data: App usage data, browsing history, customer segmentation data, behavioral data, referral source.
  • Feedback and Survey Data: Information provided through customer feedback forms, surveys, and product reviews.
  • Security Information: CCTV images captured in our facilities to ensure the safety and security of our employees and visitors.
  • Customer Support Interaction Records: Records of all customer service interactions, including phone call recordings, chat conversations, and email correspondence.
  • Social media interactions: Data generated from interactions across social media channels, such as comments, likes, and shares.

We do not intentionally collect or process personal data from individuals who lack legal capacity, in whole or in part (such as minors/those under 18 years of age, those with mental or developmental disabilities, elderly persons with cognitive decline, and persons under legal guardianship). Where such processing is necessary, the legal guardian must act in the best interests of the data subject and may exercise their rights or provide consent on their behalf, in accordance with applicable legal requirements under the Personal Data Protection Law and its implementing regulations.

3. How do we collect your personal data?

We collect your personal data using a variety of methods to ensure accuracy, transparency, and compliance with applicable laws. Each method serves a specific purpose directly related to our business activities, in accordance with the Personal Data Protection Act.

Direct addition:

  • Electronic forms and digital portals: Data is submitted via website and app forms to create accounts, make payments, sign up for loyalty programs, and report illegal practices.
  • Points of sale and in-store registration: Personal data, including loyalty membership details, may be collected during purchases or account setup directly at retail stores.
  • Personal Interactions: Personal data is collected during business interactions and participation in external events, through questionnaires designed for this purpose.
  • Email and phone communications:
  • Customer Support: We collect personal data when you contact us via WhatsApp, email, phone call, or live chat regarding inquiries, refund requests, feedback, complaints, or product-related issues.
  • Call Recordings: Customer support voice calls may be recorded for training, quality assurance, and dispute resolution purposes.

Automatic collection:

  • Website and App Tracking Tools: Cookies, session IDs, IP addresses, and device information are collected for the purpose of monitoring user activity, enabling analytics, improving the performance of the Services, and supporting marketing efforts.
  • Conversion and Behavioral Tracking Tools: We use technical tools such as Facebook CAPI, TikTok Pixel, and deep influencer tracking links to determine conversion rates, measure the effectiveness of ad campaigns, and analyze referral sources.
  • CCTV Surveillance Systems: We capture video footage in all our branches and offices to monitor operations, ensure your safety, and investigate incidents.

External sources:

  • Marketing and Analytics Platforms: Platforms like Meta, TikTok, Google, and Snapchat provide behavioral and conversion data through pixels, CAPI integrations, and retargeting mechanisms.
  • Public sources: We collect data from publicly available sources, including social media posts, comments, and customer ratings. This data is used to provide customer support and improve the quality of our services.

4. Why and how do we use your personal data?

To enable ordering, delivery, and the use of loyalty programs:

Facilitate ordering, delivery coordination, loyalty point redemption, and cross-platform purchases.

To process payments and refunds:

Manage payment records, process refunds, validate order transactions, and loyalty program activities.

To launch customized marketing campaigns:

Implementing retargeting strategies across different platforms, segmenting audiences based on their levels and preferences, and monitoring and measuring the performance of marketing campaigns.

To support customer inquiries and complaints:

Handling service inquiries via call centers, social media, WhatsApp, and the internal CRM system to ensure optimal resolution and satisfaction.

To improve website and app performance:

We analyze usage patterns and user behavior to improve the browsing experience, develop product pages, enhance app functionality, and optimize conversion paths.

To monitor brand engagement and audience engagement:

Monitor and collect user feedback, messages, and comments across social media platforms to support and develop marketing and content strategies.

To maintain safety and investigate accidents:

Reviewing surveillance camera recordings and system access logs to detect security incidents, investigate their circumstances, and take necessary action to address them.

To meet legal and compliance obligations:

Maintain transaction and communication records to support regulatory filings, court proceedings, fraud prevention, and audit requirements.

We may use automated decision-making tools, such as customer segmentation based on purchasing or browsing behavior, to tailor marketing offers and loyalty programs. These tools do not have any legal effect or similar significance on you. If this changes, we will update this Privacy Notice.

For processing activities that potentially pose a high risk to your rights, we conduct Data Protection Impact Assessments (DPIAs) as required by Personal Data Protection Law.

5. How do we use cookies?

Our website and mobile application use cookies and similar technologies, such as software development kits (SDKs), to improve your experience, ensure the platform operates efficiently, develop our services, and provide content tailored to your interests.


These technologies also enable us to analyze traffic to the site, remember your preferences, and deliver targeted advertisements.


For more information about the types of cookies we use, the nature of the data collected through them, and how to manage your preferences, please refer to our Cookie Notice.

6. What are the legal bases for processing your personal data?

Approval:

We rely on your consent to process your personal data for direct marketing and promotional purposes, and you have the right to withdraw this consent at any time. Consent is obtained through clear, affirmative actions, such as checking a consent box during registration or placing an order.


You may contact us via email at [email protected] if you wish to withdraw your consent to any processing of your personal data.

Contractual obligations:

It is necessary to perform our contract with you in order to:

  • Register for our loyalty program and confirm your participation.
  • Managing and maintaining your customer account and related profile information
  • Processing your orders, payments, deliveries, loyalty rewards, and refunds
  • Responding to service requests, complaints and inquiries
  • Processing returns, cancellations, refunds, and related transactions
  • Review and verify transactions related to loyalty or return requests.
  • Receiving and managing corporate client relationships, including related transactions

Legal obligation:

This is necessary to comply with applicable legal or regulatory obligations to which we are subject, to:

  • Fulfilling data subject rights, including account deletion and opting out of marketing materials.
  • Comply with tax and consumer protection requirements, including issuing invoices and maintaining return documentation.
  • Preventing and detecting fraud, and providing support for internal and external investigations, including the use of video surveillance systems and their recordings.
  • Responding to requests from regulatory, governmental, and law enforcement agencies.
  • Support legal claims, defense, or proceedings before courts and regulatory bodies.
  • Enforce legal obligations related to data retention and deletion, including managing surveillance recordings.
  • This includes obligations under the Personal Data Protection Law and other applicable laws in the Kingdom of Saudi Arabia.

Legitimate interests:

We process your personal data based on our legitimate interests, which we assess do not override your interests or rights. These interests include:

  • Manage your profiles, loyalty program memberships, and associated preferences or categories on an ongoing basis.
  • Providing you with and informing you of information about our products, services, offers, events, and loyalty rewards.
  • Track promotional campaigns, link customer activity to specific marketing efforts, and improve outreach and communication effectiveness.
  • Handling and investigating any complaints, claims, disputes or incidents related to the Service as necessary.
  • Monitor service interactions and collect feedback to evaluate and improve your experience with us.
  • Prevent fraud by monitoring suspicious loyalty reward redemptions and suspending them when necessary.
  • Protecting our business from loyalty program misuse, breaches of confidentiality, and other forms of abuse.
  • Managing risks and processes related to customer relationships and compliance with regulatory obligations.
  • Maintaining customer internal systems, records, and backups to ensure business continuity.
  • Develop and test improvements to systems and services.
  • Protect the security and integrity of our stores, systems, and infrastructure.
  • Monitor and manage the use of internal surveillance cameras and their recordings for investigation and compliance purposes.

Vital interests:

In rare cases, we may process personal data to protect the safety of individuals, such as responding to emergencies or security threats.

7. Who do we share your personal data with?

We share personal data only when necessary to provide our services, comply with legal obligations, or enhance operational efficiency.

Recipient CategoryPurpose of EngagementFrequency of DisclosureDelivery and logistics partnersTo arrange, fulfill, and track the delivery of orders and promotional itemsRegularCloud hosting and IT infrastructure providersTo host systems, maintain backups, and ensure data availability, security, and recoveryRegularMarketing and advertising platformsTo deliver targeted campaigns, retarget users, promote new offers, and analyze ad performanceRegularPayment processors and financial institutionsTo process payments, manage refunds, and support installment purchasesRegularCustomer engagement and messaging platformsTo verify mobile numbers, send WhatsApp replies, loyalty notifications, promotions, and remindersRegularAnalytics and user experience optimization toolsTo understand website usage, improve user experience, and personalize the experienceRegularCustomer rating and feedback platformsTo collect and analyze customer ratings and comments on digital and social platformsRegularLegal and regulatory bodiesTo comply with legal obligations, regulatory investigations, and enforce or defend legal claims as needed

Safeguards put in place to protect your personal data

Data shared with data processors or third parties is subject to strict controls to ensure its privacy, security, and confidentiality. We apply the following safeguards:

  • All data processors and third parties are vetted prior to contracting and are contractually bound to data protection and confidentiality obligations.
  • If data is processed on our behalf, we enter into data processing agreements (DPAs) that clearly define permitted purposes, security requirements, and access restrictions.
  • When disclosing data to independent third parties, we ensure that such disclosure is limited, lawful, and supported by appropriate contractual or legal safeguards.
  • Data shared externally is limited to the extent necessary to perform the service or specified legal purpose.


Cross-border transport

In some cases, we may transfer your personal data outside the borders of the Kingdom of Saudi Arabia. These operations are carried out in accordance with the provisions of the Personal Data Protection Law, its implementing regulations, the implementing regulations for transferring personal data outside the Kingdom, and relevant guidelines issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).


We implement appropriate controls and measures to ensure the protection of your personal data and the preservation of your rights, through the following:


• Transfer Impact Assessments (TIAs): Examine the legal and technical risks associated with the data transfer destination and ensure appropriate measures are taken to mitigate them.

• Standard Contractual Clauses (SCCs): Implementing mandatory contractual provisions in accordance with the standard form issued by the Saudi Data and Information Authority (SDAIA), ensuring a level of protection for personal data no less than the level stipulated in the Personal Data Protection Law and its regulations.

• Exceptions: In limited cases, and where no approved protection measures are in place, data transfers may take place based on your explicit consent, or if the transfer is necessary to perform or conclude a contract with you.


Cross-border data transfers are only carried out where there is a valid legal basis and are subject to documented safeguards and approved internal approvals. You can contact us at [email protected] to request more information about the safeguards in place for specific international transfers.

8. Where is your data stored, and how long do we keep it?

All your personal data is securely stored on Microsoft's cloud infrastructure, via the Microsoft Dynamics 365 platform, which we use to manage customer registrations, loyalty programs, and purchase history. These cloud servers are located outside the Kingdom of Saudi Arabia and are certified to high-level security and compliance standards, including ISO/IEC 27001 and SOC 2 certifications.

To ensure that your data is protected in accordance with the Personal Data Protection Regulation (PDPL), we have entered into a Data Processing Agreement (DPA) with Microsoft, and implemented Standard Contractual Clauses (SCCs) as legally binding safeguards for international data transfers.

We take the security and integrity of your personal data seriously, and ensure that any external storage provider we use adheres to strict standards of confidentiality, access control, and data protection.

We retain your personal data only for the period necessary to fulfill the purposes for which it was collected, including to meet relevant legal, regulatory, accounting and reporting requirements.

Below we explain how to determine retention periods for different types of personal data:

  • Operational necessity: We retain your data for as long as necessary to provide services to you and to run our business efficiently.
  • Legal Compliance: We retain certain types of data for specific periods as required by relevant laws or regulations.
  • Marketing and Communications: We retain data used for marketing purposes until you ask us to stop contacting you, or for the period necessary to conduct our marketing activities.

When the data retention period expires, it is securely deleted or anonymized, and paper copies are shredded and disposed of securely by authorized parties, ensuring that it cannot be retrieved or linked to you in the future.

9. What are your rights regarding the processing of your personal data?

We are committed to respecting your privacy and protecting your rights in accordance with the provisions of the Personal Data Protection Law and its implementing regulations. As a personal data subject, you have the following rights:

  • Right to Information: You have the right to know how your personal data is collected and the legal basis for it, how it is processed, stored, and deleted, and to whom it is disclosed. You can find these details in our Privacy Notice or contact us for more information.
  • Right to access your personal data: You have the right to access your personal data that we hold through means we provide that allow automatic access without the need to make a formal request.
  • The right to request access to your personal data: You have the right at any time to request access to the personal data we hold about you, and to obtain a copy of it in a clear and readable format.
  • Right to rectify personal data: If you find that any of your personal data we hold is inaccurate, incomplete, or outdated, you have the right to request that it be corrected or updated. You also have the right to object to the processing of your personal data for specific purposes, such as direct marketing or profiling.
  • Right to request deletion of personal data: You may request that your personal data be deleted when it is no longer necessary for the purposes for which it was collected. We will review such requests and take appropriate action, while adhering to legal, contractual, and regulatory requirements.
  • Right to withdraw consent: You may withdraw your consent to the processing of your personal data at any time, unless there is another legal basis for continued processing. Withdrawal will not affect the lawfulness of processing conducted based on consent prior to its withdrawal.
  • Right to File a Complaint: If you believe that we have not complied with the provisions of the Personal Data Protection Law, you have the right to file a complaint with the competent authority within a period not exceeding (90) days from the date of the incident or from the date you became aware of it. The competent authority may accept the complaint after the expiry of this period if there are reasonable reasons that prevented the complaint from being filed in a timely manner.
  • Right to claim compensation: You have the right to claim compensation for any material or moral damage arising from a violation of the system or its implementing regulations.

10. How can you exercise your rights?

You may exercise any of your statutory rights by contacting us via email:

[email protected]


We may ask you to provide certain information to verify your identity and facilitate your ability to exercise your right to access your personal data or any other rights you have.


In the event of a data breach that may cause significant harm to your rights or interests, we will notify you and the relevant authority, as required by the Personal Data Protection Law.


You will not be required to pay any fees to exercise your rights. If you submit a request to exercise your rights, you will receive a response within 30 days of receiving your request. If an extension is needed, we will inform you of the reason for the delay and the expected timeframe for completing the process.

11. What if you have questions or would like more information?

For more details about the processing of your personal data and how to exercise your rights, you can contact our Personal Data Protection Officer using the contact details below.


Personal Data Protection Officer:

Name: Ranim Al Majed

Email: [email protected]

Phone: 920020088

12. How to submit a complaint or objection:

If you are not satisfied with how we handled your complaint, or if you do not receive a response within (30) days from the date of submitting the request, you can file a complaint with the competent authority, which is the Saudi Data and Artificial Intelligence Authority (SDAIA).


Sadaya Address: Kingdom of Saudi Arabia, Riyadh


Sadaya website:

Saudi Data and Artificial Intelligence Authority: sdaia.gov.sa

National Data Governance Platform: dgp.sdaia.gov.sa

13. Modifications to the Privacy Notice

We reserve the right to update or amend this Notice at any time to reflect any changes to our data processing practices, to comply with new regulatory requirements, or as a result of modifications to our operational processes.