Privacy Policy

Ramz Tech LLC (trading as RAIQ) is committed to protecting your privacy and the security of your personal data. This policy explains how we collect, process, use, and protect your personal data, as well as your rights under applicable laws in the Kingdom of Saudi Arabia.

1. Scope and Definitions

This policy applies to all personal data we collect through:

• The website raiq.com
• Mobile applications
• Physical store in Riyadh
• Communication and support channels

Key Definitions:

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data such as collection, storage, use, transfer, or deletion
• Data Controller: Ramz Tech LLC (RAIQ)
• Data Subject: You as a customer or user of the service

2. Data Controller Information

Company Name: Ramz Tech LLC (شركة رمز تيك التجارية)
Brand Name: RAIQ (رايق)
Headquarters: Kingdom of Saudi Arabia, Riyadh
Email: [email protected]
We are the controller responsible for processing your personal data in accordance with the Personal Data Protection Law.

3. Data We Collect

We collect the following types of personal data:

3.1 Identity and Contact Data

• Full name
• Mobile phone number
• Email address
• Delivery address (street, district, city, postal code)

3.2 Financial and Transaction Data

• Payment information (processed through secure certified payment processors like Moyasar)
• Order and purchase history
• Invoices and receipts
• Return and exchange information

3.3 Technical Data

• IP Address
• Browser and device type
• Operating system
• Cookies
• Browsing behavior and site interaction data

3.4 Support Data

• Content of inquiries and complaints
• Customer service chat logs
• Ratings and reviews

4. Legal Basis for Data Processing

We process your data based on the following legal grounds as stipulated in the Personal Data Protection Law:

4.1 Contract Performance

Processing orders, managing accounts, executing shipping and delivery, processing payments and refunds.

4.2 Legal Obligation

Compliance with tax requirements (ZATCA), maintaining accounting records, responding to lawful requests from authorities.

4.3 Consent

Sending newsletters and promotional offers, using non-essential cookies, collecting data for advanced analytics. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

4.4 Legitimate Interests

Preventing fraud and protecting cybersecurity, improving our services and products, conducting business analytics, protecting our legal rights.

5. Purposes of Data Use

We use your personal data for the following purposes:

• Account and Order Management: Creating your account, processing orders, managing payments and refunds
• Service Delivery: Coordinating shipping and delivery, processing returns and exchanges
• Communication: Sending order confirmations, shipping updates, responding to inquiries
• Marketing: Sending promotional offers (with your prior consent only)
• Service Improvement: Analyzing user behavior, developing products and services
• Security and Compliance: Preventing fraud, ensuring legal compliance, protecting our rights

6. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience on our site:

6.1 Types of Cookies

• Essential Cookies: Required for basic site functionality (shopping cart, login)
• Performance Cookies: To measure and analyze site performance (Google Analytics, Umami)
• Marketing Cookies: To display personalized ads (with your consent)

6.2 Cookie Control

You can control cookies through:

• The consent banner settings on our site
• Your browser settings
• Third-party opt-out tools

Note: Disabling some cookies may affect site functionality.

7. Sharing Data with Third Parties

We may share your data with the following parties to provide our services:

7.1 Data Processors and Partners

• Shipping Companies: To execute deliveries (e.g., SMSA, Aramex)
• Payment Processors: To securely process electronic payments (Moyasar)
• Technical Service Providers: Website hosting, email services, analytics tools
• Marketing Service Providers: Email marketing platforms (with your consent)

We ensure data processing agreements are signed with all third parties to protect your data in accordance with the law.

7.2 Government and Legal Authorities

We may disclose your data to competent government authorities when:

• Responding to court orders or legal requests
• Complying with tax and regulatory obligations
• Protecting our legal rights or investigating violations

8. Cross-Border Data Transfers

We may transfer your personal data outside the Kingdom of Saudi Arabia for service provision purposes (e.g., cloud servers, international payment processors). In all cases, we ensure:

• Transfer to countries providing adequate protection for personal data
• Or implementation of appropriate safeguards according to SDAIA's data transfer regulations
• Use of SDAIA-approved Standard Contractual Clauses (SCCs)

You may request additional information about applied safeguards by contacting us.

9. Data Retention and Deletion

We retain your personal data only for as long as necessary to achieve specified purposes or comply with legal obligations:

9.1 Retention Periods

• Account Data: Duration of account activity + 5 years after closure
• Financial Transaction Data: 10 years (per ZATCA requirements)
• Marketing Data: Until consent withdrawal or 3 years from last interaction
• Support Logs: 3 years
• Technical Data: 12-24 months

9.2 Secure Deletion

Upon expiry of retention period or deletion request, we securely and permanently delete your data from all our systems and backups, unless legal obligations require retention.

10. Security Measures

We implement strict technical and organizational security measures to protect your data from unauthorized access, disclosure, modification, or destruction:

10.1 Technical Measures

• Data encryption in transit (SSL/TLS) and at rest
• Firewalls and intrusion detection systems
• Multi-factor authentication (MFA) for administrative access
• Regular secure backups
• Periodic vulnerability scanning

10.2 Organizational Measures

• Information security policies and procedures
• Regular employee training on data protection
• Access controls based on "need to know" principle
• Confidentiality agreements with all employees and partners

11. Your Rights Under the Personal Data Protection Law

Under the law, you have the right to exercise the following:

11.1 Right of Access

Obtain confirmation regarding processing of your data and receive a copy thereof.

11.2 Right to Rectification

Request correction of inaccurate or incomplete data.

11.3 Right to Erasure

Request deletion of your data in the following cases:

• Data no longer necessary for specified purposes
• Consent withdrawn and no other legal basis for processing
• Processing is unlawful
• Law requires data deletion

11.4 Right to Restriction of Processing

Request restriction of processing your data in specific cases such as disputing data accuracy.

11.5 Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

11.6 Right to Object

Object to processing your data for marketing purposes or based on legitimate interests.

11.7 Right to Withdraw Consent

Withdraw your consent at any time without affecting the lawfulness of prior processing.

11.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at: [email protected]
Response Time: We will respond to your request within 30 days of receipt. In complex cases, we may extend this period by an additional 30 days with notification of reasons.

12. Data Breach Notification

We are committed to reporting any personal data breach that may affect your rights and interests:

12.1 Notification to Authority

We will notify the Saudi Data and Artificial Intelligence Authority (SDAIA) within 72 hours of discovering a breach if it is likely to pose a risk to your rights.

12.2 Notification to Data Subjects

We will notify you without undue delay if the breach is likely to result in a high risk to your rights and interests, explaining the nature of the breach and measures taken to mitigate its effects.

13. Children's Data

Our services are not directed to children under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected a child's data without parental consent, we will take steps to delete such data immediately. If you are a parent and believe your child has provided us with personal information, please contact us immediately.

14. Marketing and Consent

14.1 Marketing Communications

We will not send you marketing or promotional messages without your explicit consent. Marketing communications include:

• Email newsletters
• Special offers and discounts
• New product and service announcements
• Promotional SMS messages

14.2 Opt-Out

You can unsubscribe from marketing communications at any time by:

• Clicking the "unsubscribe" link in any email
• Updating communication preferences in your account
• Contacting us directly at [email protected]

Note: Unsubscribing from marketing messages will not affect essential service messages (e.g., order confirmations, shipping notifications).

15. Changes to Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. For material changes, we will:

• Post the updated version on this page with an updated "last updated" date
• Send email notification (for material changes)
• Request renewed consent if changes require it under law

We recommend reviewing this policy regularly to stay informed about how we protect your data.

16. Filing Complaints

If you believe we have not complied with the Personal Data Protection Law, you have the right to file a complaint:

16.1 Internal Complaint

Please contact us first at: [email protected]
We will do our best to resolve your concerns quickly and effectively.

16.2 Complaint to Supervisory Authority

You may file a complaint with the competent authority:
Saudi Data and Artificial Intelligence Authority (SDAIA)
Email: [email protected]
Website: sdaia.gov.sa

17. Contact Information

For any inquiries or requests regarding this policy or exercising your rights, please contact us: