In recognition of the great honor of serving the Guests of Allah, and based on the firm belief of Qased Al-Mashaer Domestic Pilgrims Services Company that this service is not merely an operational activity but a religious and national responsibility, we are committed to the highest standards of governance and data protection. We treat the information of pilgrims and all those who interact with us as a trust that must be safeguarded with the utmost precision and professionalism.
This policy has been established to clarify the principles under which personal data is collected, processed, and stored, in accordance with the applicable laws and regulations of the Kingdom of Saudi Arabia, including the Personal Data Protection Law, as well as the directives issued by relevant regulatory authorities such as the Ministry of Hajj and Umrah, the Digital Government Authority, and the competent security and health authorities.
By using the Company’s platforms or benefiting from its services, you acknowledge and agree to the terms outlined in this policy, including any future updates that may be published.
This article serves as a necessary regulatory foundation for understanding and interpreting the provisions of this policy accurately and consistently. Defining the terms and concepts used herein minimizes ambiguity or variation in interpretation, whether by users, regulatory bodies, or internal departments.
The importance of this article lies in establishing a unified framework of meanings, ensuring that all parties interpret the terminology according to the definitions provided in this document rather than relying on general or subjective interpretations. It also enhances transparency and facilitates the proper application of data protection regulations.
For the purposes of this policy, the following terms shall have the meanings assigned to them unless the context requires otherwise:
This article defines the boundaries within which this Privacy Policy applies and specifies the contexts and methods through which data is collected and processed.
Defining the scope is essential to ensure clarity in the relationship between the user and the Company, and to confirm that all interactions—whether digital or direct—are subject to the same protection standards. It also prevents narrow or selective interpretations of the policy, ensuring it covers all stages of data handling from collection to disposal, thereby reinforcing comprehensive and continuous protection.
This policy applies to all data collected through:
This policy also covers all stages of the data lifecycle, from collection to destruction.
This article aims to achieve full transparency with users by clearly and comprehensively outlining the types of data collected.
Such disclosure reflects the Company’s commitment to collecting only data that is necessary for operational or regulatory purposes. It also enables users to clearly understand the scope of information they provide. Furthermore, categorizing data into different types (basic, health, technical, etc.) enhances clarity regarding the purpose of each category and confirms that sensitive data is handled with stricter safeguards.
The Company collects data based on the principle of minimum necessity, including but not limited to:
This article highlights the legal framework upon which the Company relies in processing data, reinforcing the legitimacy of its operations and compliance with applicable laws in the Kingdom.
Clarifying the legal basis is essential for building trust, as it assures users that their data is not processed arbitrarily but based on clear legal justifications such as consent, contractual obligations, or regulatory requirements. It also ensures a balance between user rights and operational needs.
Data processing is carried out based on one or more of the following legal grounds:
This article explains the actual reasons behind data collection, which is a key component of transparency.
Through this article, users understand how their data is used—whether for service delivery, quality improvement, or regulatory compliance. It also helps prevent unjustified use of data, as the Company is committed to not exceeding predefined purposes, thereby enhancing privacy protection and reducing potential risks.
Data is collected and used for the following purposes:
This article outlines the measures adopted to protect data from unauthorized access, disclosure, or damage.
It reflects the Company’s seriousness in handling information security through a combination of technical, administrative, and operational safeguards. It also reassures users that their data is stored in a secure environment subject to continuous monitoring, with proactive measures in place to address potential risks.
The Company adopts a comprehensive protection framework including:
This article defines the lifecycle of data within the Company, including retention periods and secure disposal methods.
Its importance lies in balancing operational and regulatory needs with user privacy, ensuring that data is not retained unnecessarily. It also reflects the Company’s commitment to responsible data management.
This article specifies exceptional cases where data may be shared with third parties, emphasizing that non-disclosure is the default.
This enhances user trust by ensuring that data is only shared when necessary and for legitimate reasons, under strict confidentiality controls.
Data may be disclosed only in the following cases:
This article addresses sensitive aspects related to data storage location and transfer خارج المملكة (outside the Kingdom).
Its importance lies in safeguarding digital sovereignty and ensuring data is not transferred to less secure environments. It confirms the Company’s commitment to ensuring equivalent protection standards before any transfer.
This article is a cornerstone of the Privacy Policy, ensuring users have control over their data.
These rights align with best practices and local regulations, emphasizing transparency and empowerment.
Users have the right to:
This article explains the use of cookies to enhance user experience.
It also outlines user control options, reinforcing transparency and ensuring cookies are used for performance improvement rather than unlawful tracking.
This article warns users about third-party websites outside Company control.
It protects the Company from liability while encouraging users to review external privacy policies.
This article clarifies the Company’s right to update the policy in line with technological and regulatory developments.
It emphasizes notification through publication and considers continued use as implicit acceptance.
This article defines the Company’s liability limits and reduces legal risks from uncontrollable circumstances.
It also clarifies that users share responsibility, particularly in protecting their own data.
The Company is not liable for:
This article reflects the Company’s commitment to transparency and responsiveness.
It ensures that users have clear communication channels for privacy-related inquiries and complaints.
For inquiries or requests regarding your personal data:
Makkah – Al-Awali District
Qased Al-Mashaer reaffirms its full commitment to protecting pilgrims’ privacy and dedicating
all
technical and human resources to ensuring the highest levels of security and reliability,
recognizing that safeguarding pilgrims’ data is as important as serving them.
We ask Allah to accept your Hajj and grant you a blessed journey.
