Al Majed for Oud: Finest Oud & Perfume Products - Whatsapp }}

Privacy and Policy

Privacy and Policy


Al Majed for Oud Company (“Al Majed Oud”, “we”, “us”, “our”) is a leading manufacturer and developer of perfume and Oud products in the Kingdom, and our activities include the production and retail sale of perfumes, Oud, incense, essential oils, plant-based products, accessories and gifts. We use the words “You”, “your”, or “Data Subject” to refer our customer(s) in this notice.

Contact Details:Websitehttps://www.almajed4oud.comPhone920020088Postal AddressP.O. Box 85995, Riyadh 13321, Kingdom of Saudi ArabiaCommercial Registration1010045397

Date of Last Update:

The Privacy Notice was last updated on [1/7/2025].

1. What is the purpose of this privacy notice?

This notice explains how we collect, use, store, disclose, and protect customer, and platform user personal data across our websites, mobile apps, in-store points of sale, call center, social media channels, the data that you provide to us directly during business transactions and thorough loyalty program. It fulfils your Right to Be Informed under Article 4(1) of the PDPL and Article 4 of the Implementing Regulation. We respect your privacy and are committed to protecting your personal data.


This notice is in line with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), its Implementing Regulations, Privacy Policy Guidelines and official guidance issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).


As required under Article 30 of the PDPL Implementing Regulations, we maintain an internal Record of Processing Activities (RoPA) that documents all personal data processing operations. This record is made available to the Saudi Data & AI Authority (SDAIA) upon request.

2. What personal data do we collect about you?

We collect only the personal data necessary for the purposes outlined in this notice. We take reasonable steps to keep this data accurate, complete, and up to date. We also apply the principles of data minimization and purpose limitation by collecting only the personal data necessary to achieve the purposes outlined in this notice. We do not use your data for purposes that are incompatible with those stated herein.

We collect specific personal data from our customers, including:

  • Personal Information: Name, mobile number, email address, gender, National ID/Iqama, address, social media username
  • Payment and Financial Data: Bank account details, billing records and payment history
  • Device and Technical Data: Device Info, IP address, Cookie session ID
  • Marketing and Retargeting Data: App usage data, browsing history, customer segmentation data, behavioral data, referral source
  • Feedback and Survey Data: Information provided through customer feedback forms, surveys, and product reviews.
  • Security Information: CCTV footage captured on our premises for the safety and security of our staff and visitors.
  • Customer Support Interaction Records: Records of communications with customer support, including call recordings, chat and email logs.
  • Social Media Interactions: Data from interactions on social media channels, such as comments, likes, and shares.

We do not deliberately collect or process personal data of individuals who fully or partially lack legal capacity (such as minors/below the age of 18 years, those with mental or developmental impairments, elderly persons with cognitive decline, persons placed under legal guardianship). Where such processing is necessary, the legal guardian shall act in the best interests of the Data Subject and may exercise their rights or provide consent on their behalf, in accordance with applicable legal requirements under PDPL and Implementing Regulation.

3. How do we collect your personal data?

We collect your personal data using a variety of methods that ensure accuracy, transparency, and alignment with applicable laws. Each method serves a specific purpose directly tied to our business activities, in compliance with the PDPL.

Direct Collection:

  • Online Forms and Digital Portals: Data is submitted via website and app forms for account creation, checkout, loyalty enrollment, reporting illegal practices.
  • Point-of-Sale and In-Store Registration: Personal data, including loyalty membership details, may be collected during purchases or account setup directly at retail stores.
  • In-Person Interactions: Personal data is gathered during business engagements and at external events in the form of surveys.
  • Email and Mobile Communications:
  • Customer Support: We collect personal data during communications via WhatsApp, email, mobile calls, or live chat regarding inquiries, refunds, feedback, complaints, or product issues.
  • Call Recordings: Customer support voice calls may be recorded for training, quality assurance, and dispute resolution.

Automated Collection:

  • Website and App Tracking Tools: Cookies, session IDs, IP addresses, and device information are collected to monitor user activity, enable analytics, improve performance, and optimize marketing efforts.
  • Conversion and Behavioural Tracking Tools: We use tools like Facebook CAPI, TikTok Pixel, and influencer deep links to attribute conversions, measure ad effectiveness, and understand referral sources.
  • CCTV Surveillance Systems: Video footage is captured across all our branches and offices to monitor operations, ensure your safety, and investigate incidents.

Third-Party Sources:

  • Marketing and Analytics Platforms: Platforms like Meta, TikTok, Google, and Snapchat provide behavioural and conversion data through pixels, CAPI integrations, and retargeting mechanisms.
  • Public Sources: We collect data from publicly available sources, such as social media posts, comments, and customer reviews. This data is used to provide customer support and enhance our services.

4. Why and how do we use your personal data?

To enable ordering, delivery, and loyalty usage:

Facilitating order placement, delivery coordination, loyalty point redemption, and purchases across platforms.

To process payments and refunds:

Handling payment records, processing refunds, and verifying transactions for order and loyalty activities.

To deliver personalized marketing campaigns:

Retargeting users across platforms, segmenting audiences by tier and preferences, and tracking campaign performance.

To support customer queries and complaints:

Handling service inquiries through call centers, social media, WhatsApp, and internal CRM to ensure resolution and satisfaction.

To enhance website and app performance:

Analyzing usage patterns and behavior to optimize product pages, app features, and conversion funnels.

To monitor brand engagement and public sentiment:

Capturing user reactions, messages, and feedback across social platforms to inform marketing and content strategy.

To maintain safety and investigate incidents:

Reviewing CCTV footage and system access logs to detect, investigate, or respond to security-related events.

To fulfill legal and compliance obligations:

Retaining transaction and communication logs to support regulatory filings, court claims, fraud prevention, and audit requirements.

We may use automated decision-making tools, such as customer segmentation based on purchase or browsing behavior, to tailor marketing and loyalty offers. These tools do not have a legal or similarly significant effect on you. If this changes, we will update the privacy notice.

For processing activities that are likely to result in high risks to your rights, we conduct Data Protection Impact Assessments (DPIAs) as mandated by the PDPL.

5. How do we use cookies?

Our website and mobile application use cookies and similar technologies, such as SDKs, to enhance your experience, ensure platform functionality, improve our services, and deliver personalized content. These technologies help us analyze website traffic, remember your preferences, and enable targeted advertising.


For a detailed explanation of the types of cookies we use, the data they collect, and how you can manage your preferences, please refer to our Cookie Notice.

6. What are the legal bases for processing your personal data?

Consent:

We rely on your consent to process your personal data, especially for direct marketing and promotional campaigns. You may choose to withdraw your consent at any time. Consent is obtained through clear affirmative actions such as checking a consent box during sign-up or placing an order.


You may contact us at [email protected] if you wish to withdraw your consent for any processing of your personal data.

Contractual Obligation:

It is necessary to perform our contract with you to:

  • Enroll you in our loyalty program and confirm your participation
  • Administer, manage, and maintain your customer account and related profile information
  • Process your orders, payments, deliveries, loyalty rewards, and redemptions
  • Respond to your service requests, complaints, and inquiries
  • Handle returns, cancellations, refunds, and related transactions
  • Review and validate transactions in connection with loyalty or return requests
  • Onboard and manage corporate customer relationships, including associated transactions
  • Arrange for the delivery of goods or documentation related to your interactions with us

Legal Obligation:

It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject, in order to:

  • Fulfill data subject rights, including account deletion and marketing opt-outs
  • Comply with tax and consumer protection requirements, including issuing invoices and maintaining return documentation
  • Prevent and detect fraud, and support internal and external investigations, including through CCTV and surveillance footage
  • Respond to requests from regulatory, governmental, and law enforcement bodies
  • Support legal claims, defense, or proceedings before courts and regulators
  • Enforce statutory data retention and deletion obligations, including the management of surveillance footage
  • This includes obligations under the PDPL and other applicable laws in the Kingdom of Saudi Arabia

Legitimate Interests:

We process your personal data based on our legitimate interests, where we have assessed that such interests are not overridden by your interests, or rights. These interests include:

  • Manage your profiles, loyalty memberships, and related preferences or segments on an ongoing basis
  • Provide you with, and inform you about, our products, services, offers, events, and loyalty rewards
  • Track promotional campaigns, attribute customer activity to specific marketing efforts, and improve outreach effectiveness
  • Address or investigate any complaints, claims, disputes, or service-related incidents
  • Monitor service interactions and collect feedback to assess and improve your experience
  • Prevent fraud by monitoring and, where necessary, suspending suspicious loyalty redemptions
  • Protect our business against misuse of loyalty programs, breach of confidence, and other forms of abuse
  • Manage our risk and operations in connection with customer relationships and regulatory obligations
  • Maintain and back up internal customer systems and records for business continuity
  • Develop and test system enhancements
  • Protect the security and safety of our stores, systems, and infrastructure
  • Monitor and manage internal use of CCTV and recordings for investigation and compliance purposes

Vital Interests:

In rare cases, we may process personal data to protect an individual’s safety, such as responding to emergency situations or security threats.

7. Who do we share your personal data with?

We share personal data only when necessary to provide our services, comply with legal obligations, and enhance operational efficiency.

Recipient CategoryPurpose of SharingDisclosure FrequencyDelivery and logistics partnersTo arrange, fulfill, and track delivery of orders and promotional itemsRegularCloud hosting and IT infrastructure providersTo host systems, store backups, and ensure data availability, security, and recoveryRegularMarketing and advertising platformsTo deliver targeted campaigns, retarget users, promote new offers, and analyze ad performanceRegularPayment Processors and Financial InstitutionsTo process payments, manage refunds, and support installment-based purchasesRegularCustomer Engagement and Messaging PlatformsTo validate mobile numbers, send WhatsApp responses, loyalty notifications, promotional offers, and remindersRegularAnalytics and Experience Optimization ToolsTo understand website usage, improve user journeys, and personalize experiencesRegularCustomer Feedback and Review PlatformsTo collect and analyze customer reviews and feedback across social and digital platformsRegularLegal and Regulatory BodiesTo respond to legal obligations, regulatory investigations, and enforce or defend legal claimsAs required

Safeguards in place to protect your Personal Data

Data shared with processors or third parties is subject to strict controls to ensure its privacy, security and confidentiality. We implement the following safeguards:

  • All processors and third parties are vetted prior to engagement and are contractually bound to uphold data protection and confidentiality obligations.
  • Where data is processed on our behalf, we enter into Data Processing Agreements (DPAs) that clearly define permitted purposes, security requirements, and access restrictions.
  • Where data is disclosed to independent third parties, we ensure that such disclosures are limited, lawful, and supported by appropriate contractual or legal safeguards.
  • Data shared externally is always limited to what is necessary for the specific service or legal purpose.


Cross-border transfers

In some cases, we may transfer your personal data outside the Kingdom of Saudi Arabia. Such transfers are carried out in compliance with the PDPL, its Implementing Regulations, and the Implementing Regulation for the Personal Data Transfer Outside the Kingdom, and relevant guidance issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).


We apply appropriate safeguards to ensure that your personal data remains protected and your rights are upheld, including:


• Transfer Impact Assessments (TIAs): Assessing the legal and technical risks associated with the transfer destination and ensuring appropriate mitigation measures

• Standard Contractual Clauses (SCCs): Executing mandatory contractual provisions in accordance with the standard form issued by SDAIA, ensuring a level of protection for personal data that is no less than the standard prescribed by the PDPL and its Regulations

• Derogations: In limited cases, where no approved safeguards are available, transfers may take place based on your explicit consent, or where the transfer is necessary for the performance or conclusion of a contract with you.


Cross-border transfers are only carried out where a valid legal basis exists and are subject to documented safeguards and internal approvals. You may contact us at [email protected] to request further details about the safeguards in place for specific international transfers.

8. Where is your data stored and how long will it be retained by us?

All of your personal data is securely stored in Microsoft’s cloud infrastructure, through the Microsoft Dynamics 365 platform, which is used by us to manage customer registrations, loyalty programs, and purchase history. These cloud servers are located outside the Kingdom of Saudi Arabia with enterprise-grade security and compliance certifications, including ISO/IEC 27001 and SOC 2.

To ensure that your data is protected in accordance with the PDPL, we have entered into a Data Processing Agreement (DPA) with Microsoft and implemented Standard Contractual Clauses (SCCs) as legally binding safeguards for international data transfers.

We take the security and integrity of your personal data seriously and ensure that any external storage provider we work with meets strict confidentiality, access control, and data protection standards.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Here’s how we determine retention periods for different types of personal data:

  • Operational Necessity: We retain your data for as long as needed to provide you with services and to conduct our business operations efficiently.
  • Legal Compliance: Certain types of data are retained for specific periods as required by law or other regulatory guidelines.
  • Marketing and Communications: Data used for marketing purposes is kept until you request that we stop contacting you, or for as long as required to conduct our marketing activities.

Upon expiration of the retention period, personal data is securely deleted or anonymized and all physical copies are shredded and safely disposed of by authorized personnel, ensuring it can no longer be linked back to you.

9. What are your rights regarding the processing of your personal data?

We are committed to respecting your privacy and upholding your rights in accordance with the PDPL and its Implementing Regulations. As a Data Subject, you are entitled to the following rights:

  • Right to be Informed: You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Notice or contact us for further information.
  • Right to Access to Your Personal Data: You have the right to access your personal data that we hold through means provided by us that allow for automatic access without needing to make a formal request.
  • Right to Request Access to Your Personal Data: You can request to obtain your personal data held by us at any time and obtain a copy of this data in a clear and readable format.
  • Right to Correct Personal Data: If you find that any of the personal data that we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or update. You also have the right to object to the processing of your personal data for specific purposes, such as direct marketing or profiling.
  • Right to Request Destruction of Personal Data: You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal, contractual and regulatory requirements.
  • Right to Withdraw Consent: You may withdraw your consent for the processing of your personal data at any time, unless there is a legal basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal.
  • Right to File a Complaint: If you believe that we have not complied with the PDPL, you have the right to file a complaint with the Competent Authority within a period not exceeding (90) days from the date of the incident or the date on which you became aware of it. The Competent Authority shall determine whether to accept the complaint or not after this period in cases where there are reasonable causes that may have prevented you from submitting the complaint in time.
  • Right to Claim Compensation: You are entitled to claim compensation from the Competent Court for any material or moral damage resulting from a violation of the PDPL and its Implementing Regulations.

10. How can you exercise your rights?

To exercise any of these rights, please contact us via[email protected]. We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).


If a data breach occurs that may significantly harm your rights or interests, we will notify you and the relevant authorities as required by the PDPL.


You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request. If an extension is necessary, we will inform you of the reason for the delay and the expected timeframe for completion.

11. What if you have questions or want further information?

For further details regarding the processing of your personal data and how to exercise your rights, you can contact our Personal Data Protection Officer (DPO) using the below mentioned contact details.


Personal Data Protection Officer (DPO):

Name: Raneem Al Majed

Email: [email protected]

Phone: 920020088

12. Complaint or Objection Filing Method:

If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority, Saudi Data & AI Authority (SDAIA).


SDAIA Address: Kingdom of Saudi Arabia, Riyadh


SDAIA Website:

Saudi Data & AI Authority: sdaia.gov.sa

National Data Governance Platform “DGP”: dgp.sdaia.gov.sa

13. Changes in this privacy notice

We reserve the right to update or modify this privacy notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations.