- Track Shipment
- Find Nearest Branch
- Solutions
- Help & Support
PRIVACY POLICY
Privacy Policy - Al Zajil Express Trading Company
1. Introduction
Al Zajil Express Trading Company ("Zajil", "the Company", "we") is committed to protecting the privacy of its customers' data and visitors of its platforms in accordance with the Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 9/2/1443H, its Implementing Regulations, and the regulations issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
This Policy has been prepared in fulfillment of Article (12) of the Law and explains the purpose of data collection, its content, the means of collecting it, how it is processed, stored, protected and destroyed, your statutory rights, and the means of exercising those rights.
- Commercial Registration No.: 2050036302
- Headquarters: Riyadh, Kingdom of Saudi Arabia
- Website: https://zajil-express.com
2. Definitions
The following terms are used in this Policy with the meanings shown beside each, in accordance with Article (1) of the Law:
- Personal Data: Any data — regardless of its source or form — that may lead to the identification of an individual specifically.
- Processing: Any operation performed on personal data by any means (collection, recording, retention, storage, modification, retrieval, use, disclosure, transfer, publication, destruction).
- Data Subject: The individual to whom the personal data relates.
- Controller: Al Zajil Express Trading Company, as the entity that determines the purpose and means of processing personal data.
- Processor: The entity that processes data on behalf of the Controller.
- The Law: The Personal Data Protection Law.
- The Regulations: The Implementing Regulations of the Personal Data Protection Law.
- The Authority: The Saudi Data and Artificial Intelligence Authority (SDAIA).
3. Personal Data We Collect
We collect the minimum data necessary to provide shipping services, in accordance with Article (19) of the Regulations:
3.1 Identity and Contact Data
- Full name
- National ID / Iqama number
- Mobile number
- Email address (if available)
- National Address / pickup and delivery address
3.2 Business Data (B2B)
- Entity name
- Commercial registration
- Tax number
- Authorized person details
3.3 Shipment Data
- Shipment type and weight
- General description of contents
- Sender and recipient details
3.4 Technical Data (for digital platforms)
- IP address, browser type, operating system
- Cookies, to improve the user experience
- Login and usage logs
We do not collect sensitive data as defined in Article (1) of the Law (such as health, credal, biometric, or genetic data) unless necessary for a specific service and with separate explicit consent.
4. Means and Methods of Collecting Personal Data
In fulfillment of Article (12) of the Law, we explain the means by which we collect your personal data:
4.1 Direct Collection from You
- When filling out service request forms at our physical branches.
- Via the website https://zajil-express.com when creating an account or requesting a shipment.
- Via our mobile applications (Customer App / Sender App).
- By phone through our customer service centers.
- Via email and the Company's official communication channels.
4.2 Indirect Collection
- From contractual (B2B) customers who provide us with end-recipient data for the purposes of executing shipping contracts, in accordance with Article (10) of the Law.
- From accredited government entities when needed to verify data accuracy (such as integration with the National Address system to verify addresses, and ZATCA platforms to verify commercial registrations and tax numbers).
4.3 Automated Collection
- From your use of our digital platforms (system logs, cookies, usage analytics) for operational and security purposes.
Note: You are notified of the purpose of data collection on each channel in accordance with Article (13) of the Law, via the privacy notice posted at the branch, displayed on the registration page, or printed on the shipping waybill.
5. Processing Purposes and Legal Bases
We process your personal data for the following purposes, based on the legal grounds set out in Article (6) of the Law:
| # | Purpose | Legal Basis |
|---|---|---|
| 1 | Performing the shipping service (pickup, sorting, tracking, delivery, notification) | Performance of contract — Article 6(2) |
| 2 | Invoicing and issuing tax documents | Legal obligation — Article 6(3) (ZATCA requirements) |
| 3 | Compliance with Saudi Public Transport Authority (SPL) requirements | Legal obligation — Article 6(3) |
| 4 | Customer service, inquiries and complaints | Performance of contract — Article 6(2) |
| 5 | Improving services and analyzing their quality (in anonymized form) | Legitimate interest — Article 6(5) |
| 6 | Marketing and promotional communications | Explicit consent — Article 6(1) (Articles 25–26) |
| 7 | Responding to formal requests from competent government authorities | Legal obligation — Article 6(3) |
Important note: We do not use your data for marketing or promotional purposes except after obtaining your separate explicit consent. You may withdraw this consent at any time without affecting the shipping services.
6. Mechanism for Obtaining Consent and Performing the Contract
The documentation mechanism varies by channel:
- Contractual customers (B2B): Formal signature on a service agreement that includes personal data processing terms.
- Digital customers (website / app): Explicit tick on the acknowledgement page, recorded with a timestamp in the database.
- Walk-in branch customers: Handing over the shipment and receiving the waybill is considered entering into a contractual relationship that requires the processing of data to fulfill it under Article 6(2). You are notified of the purpose of collecting your data via the privacy notice posted at the branch and on the waybill handed to you.
7. Data Sharing and Disclosure
We share your data only with the following categories and only when necessary, in accordance with Article (15) of the Law:
7.1 Contracted Service Providers
We engage a number of service providers who process some personal data on our behalf for the purposes of executing the shipping service, including:
- Third-Party Delivery Providers
- SMS Providers
- Call Center / Customer Service Providers
All service providers are bound under Data Processing Agreements (DPAs) to use the data only for the contracted purpose, not retain it after the end of the engagement, and apply the necessary controls to protect it.
7.2 Government Authorities
Upon a formal request from competent government authorities pursuant to a law or judicial order.
7.3 We Do Not Sell Your Data
Zajil does not sell your personal data to any third party under any circumstance.
8. Data Retention and Destruction
We retain your data for the following periods, in accordance with Articles (18) and (31) of the Law:
| Data Type | Retention Period | Basis |
|---|---|---|
| Invoice data and tax documents | 6 years | ZATCA requirements |
| Customer account data | For the duration of the relationship | Performance of contract + legal grounds |
| Shipment records | 1 year | Public Transport Authority requirements |
| Marketing data | Until consent is withdrawn | Consent |
After the period expires, the data is destroyed or anonymized according to a procedure approved by the authorized officer, in accordance with Article (8) of the Implementing Regulations and the Authority's guidance on destruction, anonymization and pseudonymization of personal data.
9. Your Statutory Rights
Article (4) of the Law grants you the following rights, in addition to related rights in the Law and the Regulations. You may exercise them free of charge at any time:
| # | Right | Legal Reference | Description |
|---|---|---|---|
| 1 | Right to be informed | Article 4(1) of the Law | To know the legal basis for collecting your data, the purpose of processing, and what may not be collected or processed. |
| 2 | Right to access personal data | Article 4(2) of the Law | To access your personal data held by the Company. |
| 3 | Right to obtain data in a clear, readable format | Article 4(3) of the Law | To obtain a copy of your personal data in a clear, readable format. |
| 4 | Right to request correction | Article 4(4) of the Law | To request that your data be corrected, completed or updated. |
| 5 | Right to request destruction | Article 4(5) of the Law | To request the destruction of your personal data when the Company no longer needs it (subject to legal obligations). |
| 6 | Right to withdraw consent | Article (9) of the Law and Article (11) of the Regulations | To withdraw your consent at any time, as easily as it was given, without affecting the legality of prior processing. |
| 7 | Right to object to marketing | Articles (25–26) of the Law | To stop marketing and promotional communications with immediate effect. |
| 8 | Right to file a complaint with the Authority | Article (28) of the Law | To file a complaint directly with the Saudi Data and Artificial Intelligence Authority (SDAIA). |
How to Exercise Your Rights
- Email: dpo@zajil-express.com
- Customer Service: 8001000177
- Formal letter: Headquarters — Riyadh
Response time: We are committed to responding to your request within a maximum of 30 days from the date of receipt, in accordance with Article (4) of the Regulations.
10. Data Storage and Information Security
Pursuant to Articles (12) and (19) of the Law, we explain how your personal data is stored and the measures applied to protect it:
10.1 Storage Location and Mechanism
- Your data is stored in a secure cloud hosting environment with an accredited hosting provider, with the necessary contractual and technical safeguards in place.
- Logical separation between customer data is enforced (Tenant Isolation).
- Backups are kept in a protected environment with full encryption.
10.2 Technical and Organizational Measures
- Encryption in transit (TLS 1.2+) and at rest (Encryption at Rest)
- Access control based on the principle of least privilege (Role-Based Access Control)
- Two-factor authentication for sensitive systems
- Periodic backups three times a day
- Continuous monitoring and audit logs for all access operations
- Regular employee training on data protection
- Non-Disclosure Agreements (NDAs) with all employees
- Firewalls and Intrusion Detection / Prevention Systems (IDS/IPS)
- Data breach response plan in accordance with Article (24) of the Regulations
11. Data Protection Officer
A Data Protection Officer (DPO) has been appointed in accordance with Article (32) of the Regulations. For direct contact:
- Email: dpo@zajil-express.com
- Postal address: Al Zajil Express Trading Company
- Riyadh, Kingdom of Saudi Arabia
The DPO responds to your inquiries and requests related to your statutory rights within 30 days from the date of receipt.
12. Protection of Minors and Persons Lacking Legal Capacity
Zajil does not provide its services to those under the legal age of capacity (18 years) or to persons lacking legal capacity. In exceptional cases that require processing a minor's data, we are committed to obtaining the consent of the legal guardian in accordance with Article (13) of the Law.
13. Complaints
13.1 Filing a Complaint with the Company
You have the right to file a complaint directly with:
- Data Protection Officer: dpo@zajil-express.com
- Customer Service: 8001000177
We are committed to responding to your complaint within a maximum of 30 days.
13.2 Filing a Complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA)
If you are not satisfied with the response, you have the right to file a complaint with:
- SDAIA platform: https://sdaia.gov.sa
- National Data Governance platform: https://dgr.dga.gov.sa
14. Applicable Law and Jurisdiction
This Policy shall be governed by and interpreted in accordance with the laws of the Kingdom of Saudi Arabia, and the Saudi courts shall have jurisdiction over any dispute arising from it.
