Privacy policy

Privacy policy
As of January 9, 2020
We collect, use, process and share your personal data in accordance with the laws of privacy, data protection and information security to ensure that data protection and your privacy rights are enforced, protected and enforceable.
We integrate various legal, technical and organizational solutions to comply with applicable laws regarding personal data, privacy and security protection in the countries in which we operate and provide services (tourism and travel services). This Privacy Policy explains the basic rules and principles with which we process your personal data, and indicates our responsibilities while processing your personal data. We do not process the personal data of children and our services are directed at consumers who are over 16 years old (sixteen years old).
The privacy policy is an essential document as a commitment to transparency to provide information in which personal data is collected from you or from third parties and processed. For a more detailed review of our methods used in relation to the processing of your personal data, please contact us via our contact information.
contact information
Sana Tourism Company (Commercial Registration No. 2051227033)
Address: Kingdom of Saudi Arabia, Khobar City, Sumou Al Khobar Tower, 4th floor, Prince Turki Street
1. Terms used as legal rules for processing
Any processing of personal data must have a legal basis on which we rely to process your personal data. We use the three main rules for processing your personal data: consent, contract and legitimate interests.
Consent: The legal basis for processing your personal data which constitutes your explicit and freely given consent to processing your personal data for a specific purpose.
Contract: the legal basis for processing your personal data necessary for us to enter into a contract to which you are a party or in order to process your request prior to entering into the contract.
Legitimate interests: the legal basis for processing your personal data when it is necessary for us to conduct business, provided that those interests do not outweigh your rights and interests. Those interests have a specific purpose and are necessary and balanced.
There are three other legal foundations set out in the laws, and we will rely on them when they are applicable.
2. The consent rule and the mutual relationship with other legal bases
If you have consented to the processing of your personal data, you can freely withdraw this consent at any time by contacting us or by using specific buttons to unsubscribe from certain processes.
If you withdraw your consent, and if we do not use or do not have another legal basis for processing your data, we will stop processing the personal data and may delete it in certain cases, including, in the event that you request the deletion of your personal data and we are obligated to delete it.
If we have another legal basis for processing your data (for example, it may be required by applicable law), we will continue to do so in accordance with our legitimate interests and rights.
3. Our responsibilities
When we process your personal data, we have legal obligations to comply with some laws. There are two roles that we play which in turn impose different legal obligations on us.
Basically, we act as a data controller when we define the goals and means of processing your personal data, and we are responsible for implementing data processing principles, legal bases for processing, data subject rights and privacy according to design and default setting, record keeping, cooperation with local data protection authority, preventive measures for information security Data breach notifications, previous consultations, remittances, etc.
We may, under certain circumstances, act as a data processor when we process personal data on behalf of another controller, and we are responsible for following the console’s instructions and record keeping, cooperating with the local data protection authority, protecting information security precautionary measures, data breach notices, remittances, etc.
4. Recommendations
You should read this privacy policy carefully. We want to make sure you fully understand your rights. It is important for each of us to maintain the confidentiality and security of your personal data.
If you provide us with personal data of other people, we will only use this data for the purpose for which it was provided to us. By submitting the data, you must be sure that you have the right to dispose of the personal data on their behalf in accordance with this Privacy Policy. In the event that you provide us with personal data of a third party, make sure that you have a legal basis for processing this data.
According to applicable laws, you may become a controller, a data processor under certain circumstances, and additional obligations will be imposed on you.
5. Data processing
We process personal data when you contact us or order something on our website (the "Website"), especially when:
- browse any page of the site;
- you order and purchase services;
Subscribe to our newsletters and updates;
You fill out contact forms, registration forms, employment forms and other forms;
Contact us;
- you use our services;
You receive notice from us;
- we count the number of site visits;
- In cases that do not depend on you, but we have a legal basis to collect this data.
We collect the following data:
- The name;
- Age;
- E-mail;
Identity documents
- browsing history;

Data that identifies your IP address, login information, browser type, version, time zone setting, types of browser plug-ins, some location information about where you may be, operating system and version;
- Data related to website usage, such as URL clicks (the path that is taken through the website), page response times, download errors and other actions;
Other personal data that you share with us or personal data that we may obtain legally for our legitimate interests.
The data collected is in the possession of the management or approved employees of our company.
6. 6. The purpose and legal basis for data processing
We process data for:
Accepting payments for services. We need to confirm your payment for the services in order to make them available to you. Legal basis: the contract.
- The provision of services. We need to provide services that can be accessed through the website or share some information with third parties to provide services. Legal basis: legitimate interests.
Compliance with applicable laws. We may be required by applicable law to collect, store or transfer some personal data. Legal basis: compliance; Legitimate interests.
Providing newsletters, offers and updates that may be of interest to you. Legal basis: consent; Legitimate interests.
- Keeping the website operational (manage your requests, remember your settings, hosting and backend infrastructure). Legal basis: legitimate interests.
Prevent fraud, illegal activity, or any violation of the terms or privacy policy. We may disable access to the website, or delete or correct personal data in some cases. Legal basis: legitimate interests.
Website optimization (testing features, interaction with comment platforms, managing landing pages, website thermal mapping, traffic optimization, data analysis and research, including classification and use of machine learning and other technologies on your data and in some cases employing third parties to do so. ). Legal basis: legitimate interests.
Customer support (to be notified of any changes to the website and services, problem solving, and any bug fixes). Legal basis: the contract; Legitimate interests.
7. Your rights as a data subject
You may ask us to refrain from using your data for marketing (upon your subscription). You can unsubscribe from marketing by contacting us via the contact form or pressing a specific button ("unsubscribe").
You can exercise the following rights by contacting us through contact information.
You have the right to access information about you, especially:
Categories of personal data;
- data processing purposes;
- Third parties to whom the data has been disclosed;
- the retention period of the data, and the criteria used to determine that period;
Other rights related to the use of your data.
You have the right to request that any incorrect personal data about you be corrected.
You can object to the use of your personal data for classification, or to make automatic decisions on your behalf. We may use your data to determine whether we should tell you information that may be relevant to you (for example, personalizing emails for you based on your behavior).
You have the right to transfer your data to another service or website. We will provide you with a readable copy of your data so that you can submit it to another service. If you ask us to do so and it is technically possible, we will transfer the data directly to the other service on your behalf.
You have the right to be "forgotten". You may ask us to delete any personal data about you if it is no longer necessary for us to store the data due to your use of the website.
You have the right to file a complaint about our use of your data. You can file a complaint with the national regulator.
In the context of the right to access information, we will provide you with information within one month of your request, unless there is a justifiable condition for providing this information faster. This clause may be extended according to applicable law.
In some cases, we may reject your request or we may ask you for documents to identify you to verify your identity in order to avoid any unlawful disclosure of your personal data.
8. Safety
We have security and regulatory procedures and measures to secure the data that is collected and stored. The website uses a secure connection mode via Secure Sockets Layer (SSL) which allows your Internet connection to be encrypted. You acknowledge that there is no guarantee that the transmission of the data will be 100% secure and there may be risks. You are responsible for your login information and password. It must be kept confidential.
If your privacy is violated, please contact us immediately. When the breach is likely to cause a significant risk to your rights and freedoms, we will inform you of the violation without undue delay.
9. Determine the location of personal data processing and third-party service providers
Personal data is collected and processed by our listed company in the Kingdom of Saudi Arabia.
Our servers are located in Singapore. And the United Arab Emirates
The website contains links to websites of third parties. The Privacy Policy does not cover the privacy practices of these third parties. These third parties have their own privacy policies and we are not responsible for their websites, features, or policies. Please read their privacy policies before submitting any data to them.
The third parties are as follows:
- Mailchimp to send newsletters and updates.
Google ads for marketing purposes
Google Analytics for analytical purposes
Payment providers: PayTabs
Plug-ins: AddThis, Jetpack for Wordpress, Shariff
Social media: Facebook (Facebook), Twitter (Twitter), Instagram (Instagram), TripAdvisor and social media

10. Transfer of your personal data
In the event that you are a resident of the European Union / European Economic Area and we provide our services in your country, we would like to inform you that the information that we collect from you will be processed in the Kingdom of Saudi Arabia, Singapore and the United Arab Emirates that did not obtain "sufficient" from the European Union under Article 45 of General Data Protection Regulation ("GDPR"). We rely on exceptions in certain situations as stipulated in Article 49 of the General Data Protection Regulation. In particular, we collect and transfer personal data to the Kingdom of Saudi Arabia, Singapore and the United Arab Emirates only, with your consent to enter into a contract with you, or to achieve a binding legitimate interest in a way that does not exceed your rights and freedoms.
We aim to implement appropriate preventive measures to protect your privacy and security, your personal data, and the use of your personal data in accordance with your relationship with our company and the practices described in this privacy policy.
We also enter into data processing agreements and model clauses with our suppliers as and when required.
11. Retention policy
We store personal data for as long as we need it. The data retention practice depends on the type of data we collect, the regulatory burden, and how we use personal data. The data retention period is based on criteria including required statutory retention periods, pending or potential lawsuits, property rights or intellectual property rights, contract requirements, operational directives or needs, and historical archiving.
12. Cookie Policy (Cookie)
The website uses cookies or similar technology to collect information about your access to and use of the website. Cookies are pieces of information that include a unique reference code that we transfer to your device to store it and sometimes to track information about you.
Some of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remind you when you return to the website and they will last longer.
Most browsers automatically accept cookies, but you can change your browser to prevent this if you prefer. You can prevent cookies from being set by adjusting the settings on your browser. Alternatively, you can visit, which contains comprehensive information on how to do this on a wide variety of browsers. However, please note that by blocking or deleting cookies, you may not be able to take full advantage of the site.
Our cookies will be used to administer basic (necessary) sessions. These cookies are necessary to provide you with the services available through the website and to enable you to use some of its features.

13. California Privacy
The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights in relation to their personal data. When CCPA is applicable, you may request disclosure of certain data about the collection and use of your personal data over the past 12 (twelve) months. You can ask us to delete the personal data we have collected about you, unless there are exceptions. In the event that we sell personal data, you can unsubscribe.
We do not discriminate against you for exercising the CCPA right and if you choose to enforce the applicable CCPA rights, we will not charge you different prices or offer you a different quality of services.
contact information
In case you have any questions or need clarification regarding our privacy and practice processes, please contact us:
Sana Tourism Company (Commercial Registration No. 2051227033)
Address: Kingdom of Saudi Arabia, Khobar City, Sumou Al Khobar Tower, 4th floor, Prince Turki Street
Phone: listed on the website
Business hours (except weekends and public holidays): 8:00 AM to 9:00 PM GMT +3