Privacy Notice

Othaim Markets is a leading retail chain in Saudi Arabia, specializing in groceries and consumer goods through its extensive network of physical stores and e-commerce platforms.

By accessing or using Othaim Markets’ services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.

Contact Details

Involved Department/Team: Risk and compliance Department

Address: Riyadh City - Khurais Branch - Al-Andalus District - Building No.: 4452, Postal Code: 13212, Branch No 6957

Phone Number: 3969

E-mail: dataprotection@othaimmarkets.com

License or Commercial Register: 1010031185

Date of Last Update: The Privacy Policy was last updated on 03/11/2024.

1. What is the purpose of this Privacy Notice?

This Privacy Notice informs you how Othaim Markets, as the controller of your personal data, collects, manages, protects, and processes your information. It applies to personal data obtained online, in-store, or through other interactions, and covers data related to customers, suppliers, third-party vendors, and contractors.

This notice is in line with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), enacted by Royal Decree No. (M/19) issued on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.

2. Who is the controller of your Personal Data?

Othaim Markets is responsible for the collection and processing of your personal data in compliance with applicable data protection laws, including the Kingdom of Saudi Arabia's Personal Data Protection Law (KSA PDPL).

3. What Personal Data do we collect about you?

At Othaim Markets, we collect specific personal data from our customers and other stakeholders. This includes:

A. From Customers

Personal Information: Name, email address, phone number, physical address, gender, nationality, and Iqama/National ID number.
Purchase Details: Purchase history, order details, payment information, and billing records.
Location Data: Physical addresses and device location data, particularly for order fulfillment and delivery services.
Loyalty Program Data: Membership details, rewards points, and usage history.
Online Interaction Data: Browsing history, preferences, and interactions with our digital platforms.
Device Information: Details about the devices used to access online platforms, including device type and operating system.
Feedback and Survey Data: Information provided through customer feedback, surveys, and product reviews.
Security Information: CCTV footage captured in Othaim Markets premises for the safety and security of customers.
Customer Service Interaction Records: Records of communications with customer service, including call recordings and email logs.
Social Media Interactions: Data from your interactions on social media channels, such as comments, likes, and shares.

B. From our Suppliers, Contractors, and Third-Party Vendors:

Personal Information: Names, email addresses, phone numbers of business representatives.
Professional Information: Job titles, professional qualifications, and their roles within their organization.
Financial Information: Bank account details, transaction data, and payment records.
Engagement Records: Details of interactions and engagements with Othaim Markets, including inquiries, feedback, and goods returns.
Legal Data: Details of contracts, agreements, compliance documents, and legal correspondence with Othaim Markets.

C. From Visitors:

Personal Information: Names, email addresses, phone numbers, Iqama/National ID numbers, passport details, and CCTV footage.

4. How do we Collect your Personal Data?

Othaim Markets employs various methods to collect personal data, ensuring accuracy and compliance with legal regulations:

Direct Collection: Data is collected when you interact with Othaim Markets, either through our physical stores, events, or online platforms (e.g., account creation, purchases, feedback, or supplier registrations).
Automated Collection: Data is automatically collected through our websites or mobile apps, including browsing activity, device information, and cookies.
Third-Party Sources: We may receive your personal data from our business partners, external agencies and public sources to facilitate and enhance the services we offer. This includes information received from marketing initiatives, social media comments, and our service providers.

5. How do we use your Personal Data?

Othaim Markets utilizes the collected personal data for the following purposes, aligned with our operational, regulatory, and strategic objectives:

Business Operations and Order Fulfillment: To process and deliver orders efficiently, ensuring customer satisfaction and timely service.
Marketing, Loyalty Program, and Communications: To manage our loyalty program, conduct marketing campaigns, and communicate with customers regarding offers and news.
Customer Support: To provide responsive and effective assistance, resolving queries and enhancing customer service experiences.
Business Development: To analyze customer behaviors and preferences, supporting our marketing and strategic business initiatives.
Operational Excellence and Compliance: To improve operational efficiencies, ensure service quality, and adhere to legal standards, particularly the KSA PDPL.
Security and Safety: To ensure the safety of our premises, we utilize CCTV surveillance systems which provide a secure shopping environment and enhance the safety of all our customers, suppliers, and third-party vendors.

6. What are the Legal Bases for Processing your Personal Data?

Othaim Markets processes personal data based on several legal grounds to ensure compliance with the law, these include:

Consent: We rely on your consent to process your personal data, especially for marketing communications and our loyalty program activities. Your consent can be withdrawn at any time.
Contractual Necessity: We process data to fulfill our contractual obligations to customers (e.g., to process orders) and suppliers (e.g., to manage vendor relationships).
Legal Obligation: Processing necessary to comply with our legal obligations, including but not limited to tax, labor, safety, and corporate laws.
Legitimate Interests: We process data based on our legitimate business interests, such as preventing fraud, ensuring network and information security, and conducting business management activities, provided such processing does not outweigh your rights and freedoms.
Vital Interests: Occasionally, we process data necessary to protect the vital interests of individuals, such as emergency situations.

7. How do we protect your Personal Data?

At Othaim Markets, safeguarding your personal data is a priority we take very seriously. We are committed to implementing comprehensive security measures, both technical and organizational, to protect your data from unauthorized access, alteration, and misuse.

Technical Security Measures:

Data Encryption: Personal data is encrypted both in transit and at rest using industry-standard encryption protocols. This ensures that unauthorized parties cannot access or read your data.
Access Controls: We strictly limit access to personal data to authorized personnel only, based on their role and necessity to engage with the data.
Secure Infrastructure: Our network and data storage solutions are protected with industry-standard firewall and antivirus software, alongside intrusion detection systems to prevent unauthorized access.
Regular Security Assessments: We conduct periodic security assessments and penetration testing to identify and address potential security vulnerabilities.

Organizational Security Measures:

Data Privacy Policies and Training: Our comprehensive data privacy policies are strictly followed by all our employees, ensuring awareness and adherence to the best practices in data privacy. We further support this with regular training sessions on the importance of personal data protection and the implementation of effective security measures.
Confidentiality Agreements: All our employees, contractors, and third-party service providers are required to sign confidentiality agreements that bind them to maintain the secrecy and security of all personal data.
Physical Security: Our facilities are secured with ID cards, biometrics, and constant surveillance to ensure that only authorized personnel can access data-sensitive areas.
Vendor Management: Third-party vendors are rigorously screened and bound by contracts that enforce our data protection standards.
Incident Response Protocols: A structured incident response protocol is in place, detailing procedures for addressing any data security incidents. This includes immediate actions to manage and contain potential breaches and ensuring proper escalation and response without undue delay.

8. Who do we share your Personal Data with?

Othaim Markets shares your personal data with specific categories of recipients to facilitate business operations and comply with legal requirements:

A. Categories of Recipients

Service Providers and Professional Partners: includes IT, logistics, and delivery providers such as cloud service providers and delivery partners, as well as professional service providers like law firms, financial auditors, and consultants. Together, they assist with our business operations.
Government and Regulatory Authorities: To comply with legal obligations or in response to legal requests.
Financial Institutions and Payment Processors: For processing transactions and managing financial operations.
Marketing and Advertising Partners: To conduct marketing and promotional campaigns.

B. Safeguards in place to protect your Personal Data

Data shared with third parties is strictly governed by privacy agreements that ensure these parties adhere to confidentiality and data protection standards comparable to those followed by Othaim Markets. We ensure that:

All third parties are carefully vetted and bound by contractual safeguards such as Data Processing Agreements (DPAs) to ensure data protection.
Data transfers are limited to what is necessary for the services they provide.

C. International Data Transfers

In some cases, Othaim Markets may transfer your personal data outside the Kingdom of Saudi Arabia. These transfers are conducted in compliance with KSA PDPL and are subject to appropriate safeguards.

When transferring data internationally, we ensure that your personal data is protected through safeguards such as:

Transfer Impact Assessments (TIAs): Assessing the risks of cross-border data transfers and ensuring compliance with applicable regulations.
Standard Contractual Clauses (SCCs): Implementing data protection clauses in contracts with international third parties.
Binding Common Rules (BCRs): For internal transfers within the company group across borders.

In cases where data is transferred to countries recognized by the Saudi Data & Artificial Intelligence Authority (SDAIA) as providing an adequate level of data protection, we adhere to the legal frameworks governing such transfers.

9. How long will your Personal Data be retained by us?

Othaim Markets retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Here’s how we determine retention periods for different types of personal data:

Operational Necessity: We retain your data for as long as needed to provide you with services and to conduct our business operations efficiently.
Legal Compliance: Certain types of data are retained for specific periods as required by law or other regulatory guidelines.
Marketing and Communications: Data used for marketing purposes is kept until you request that we stop contacting you, or for as long as required to conduct our marketing activities.

Upon expiration of the retention period, personal data is securely deleted or anonymized, ensuring it can no longer be linked back to an individual.

10. How do we use Cookies?

At Othaim Markets’ Corporate Website, we utilize cookies to enhance your experience, maintain the functionality of our websites, and improve our services:

A. Types of Cookies Used:

Performance Cookies: These cookies collect information about how visitors use our website. They help us analyze data about web page traffic, user sessions, and campaign performance, allowing us to improve the site for a better user experience.
Advertising Cookies: These cookies are used to track user interactions with our advertisements and improve the effectiveness of our ad campaigns. They help us optimize ads based on user engagement across different platforms.

B. Data Collected Through Cookies:

Browsing Data: Pages visited, session duration, and navigation paths.
Device Data: IP address, browser type, operating system, and device information.
Interaction Data: Data about how you interact with the website (e.g., links clicked, forms submitted).

C. Managing Cookie Preferences

You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:

Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change your preferences at any time by accessing the cookie settings available on our website.
Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling cookies may affect the functionality and services offered on our websites.

11. What are your Rights regarding the processing of your Personal Data?

At Othaim Markets, we are committed to respecting your privacy in compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (KSA PDPL). You are entitled to the following rights under this law:

Right to be Informed: You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Policy or contact us for further information.
Right to Access to Your Personal Data: You have the right to access your personal data that we hold through means provided by us that allow for automatic access without needing to make a formal request.
Right to Request Access to Your Personal Data: You can request to obtain your personal data held by Othaim Markets at any time and obtain a copy of this data in a clear and readable format.
Right to Correct Personal Data: If you find that any of the personal data that we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or update.
Right to Request Destruction of Personal Data: You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests and take appropriate action, adhering to legal and regulatory requirements.
Right to Withdraw Consent: You may withdraw your consent for the processing of your personal data at any time, unless there is a legal basis that requires otherwise. This withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal.
Right to File a Complaint: If you believe that Othaim Markets has not complied with the Personal Data Protection Law, you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).
Right to Claim Compensation: You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.

12. How Can You Exercise Your Rights?

To exercise any of these rights, please contact us via dataprotection@othaimmarkets.com. We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).

You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.

13. What if you have questions or want further information?

For further details regarding the processing of your Personal Data and how to exercise your rights, you can contact the Personal Data Protection Officer at Othaim Markets using the below-mentioned contact details.

Personal Data Protection Officer

Name: Zaina Alsuwaylih
Email: dataprotection@othaimmarkets.com
Phone: 3969

Complaint or Objection Filing Method

If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using one of the following channels:

Email: dataprotection@othaimmarkets.com

If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).

SDAIA Address: Kingdom of Saudi Arabia, Riyadh

SDAIA Website: Saudi Data & AI Authority (sdaia.gov.sa)

National Data Governance Platform: dgp.sdaia.gov.sa

14. Changes in Privacy Notice

Othaim Markets reserves the right to update or modify this Privacy Notice at any time to reflect changes in our data processing practices, changes in law, or adjustments in our business operations.