Privacy Policy
About SACC
1. Saudi Airlines Cargo Company (SACC) provides a variety of products and services, including Air Cargo, Ground Handling, Storage, and Logistical Services. This Privacy and Cookies Policy covers all SACC products and services mentioned here, including those accessed via websites, mobile applications, and devices. We prioritize the protection of your privacy and personal data. This policy explains what personal information we collect, how we process it lawfully, and the purposes for which we use it, consistent with the Saudi Data Privacy Law (PDPL).2. “Personal information” means any data that identifies you or from which your identity can reasonably be determined. SACC is committed to handling your personal information with care and in compliance with PDPL, protecting it whenever you use SACC services. This Privacy and Cookies Policy applies to any personal information we collect from you through:
▪ SACC websites that link to this policy
▪ Official SACC social media accounts or content on third-party platforms
▪ Phone calls, SMS, emails, written correspondence, or in-person interactions
3. We ensure all personal data collected through these channels is processed fairly, transparently, and only for specified purposes.
4. To deliver our full range of services, we may collect personal information from you directly or through your interactions with our services. When you provide this information, we handle it in accordance with applicable data protection laws, including PDPL, ensuring lawful, transparent, and secure processing. While we employ advanced security measures, no website or service can be guaranteed 100% secure. If you believe your SACC account security has been compromised (e.g., unauthorized access to your password), please notify us immediately so we can take prompt remedial actions.
5. Our websites may contain links to third-party websites operated independently of SACC. These external websites have their own privacy policies and may collect personal data, including through cookies. We encourage you to review those third-party privacy notices carefully. SACC is not responsible for the privacy practices or content of such websites, and your use of them is at your own risk. We recommend exercising caution before sharing any personal information on third-party sites.
6. The personal information we collect depends on how you interact with us and the products or services you use. Some data is provided directly by you, such as when you fill out a form or contact us. Other data may be collected automatically based on your use, preferences, and settings. Additionally, we may receive data from affiliates or third parties, but only where you have given prior consent for such sharing. Your data may relate to you personally or to your role in an organization like a business or government entity. You always have the option to refuse to provide personal data; however, some of our services require certain personal information to function properly. If you choose not to provide essential data, you may be unable to access those services or features. Where data is required by law or contract, non-provision may prevent contract formation or continuation, and we will inform you if this affects your service.
7. SACC website generally does not automatically collect or store personal information from visitors. Personal data is only collected when you voluntarily provide it, for example by emailing us, completing registration forms, signing up for SACC E-Services, or making service enquiries. We ensure that any personal data submitted through these channels is handled securely and in accordance with PDPL.
8. When you use or register for any SACC online E-Services, such as CargoWEB+, we collect personal information necessary to deliver those services. The information provided during registration and use is used for service provision, account management, and internal reporting to improve service quality. We process this data lawfully and respect your privacy rights at all times.
9. If you apply for employment via the SACC website, we collect personal and employment-related information, including your current CV (preferably in PDF format). This information is processed to evaluate your application, conduct necessary background and reliability checks, and comply with legal and regulatory requirements. All recruitment data is treated confidentially and handled in compliance with applicable data protection laws.
10. We may collect the following categories of personal information, which identify you directly or indirectly:
▪ Name, title, addresses, telephone numbers, and personal email addresses
▪ Date of birth
▪ Gender
▪ Emergency contact details
▪ Marital status and dependent information, including supporting documentation
▪ Government-issued identification details (e.g., Iqama ID, National ID, nationality, driving license, passport number, national address) along with copies of these documents
▪ Banking details, including bank name and IBAN number
All such data is collected, stored, and processed securely and only for legitimate purposes.
Employment-related personal information includes:
▪ Qualifications and skills
▪ Previous employment history, including start and end dates
▪ Contributions and records related to the General Organization for Social Insurance (GOSI), including monetary history
This data is processed strictly for employment-related purposes and compliance.
We may also collect and process sensitive personal information, which requires higher protection, including:
▪ Religious beliefs
▪ Health information obtained during pre-employment medical examinations
▪ Biometric data
▪ Criminal background information
Collection and use of such data is conducted only with your explicit consent or as permitted by law and is handled with enhanced security measures.
During your employment, we may also collect employment-related personal data necessary for HR management and legal compliance, including:
▪ Work schedules and attendance records
▪ Leave records, including holidays, sickness, family, or study leave, with reasons where applicable
▪ Records of disciplinary or grievance procedures, including warnings and correspondence
▪ Performance evaluations, appraisals, training participation, and improvement plans
▪ Health and sickness records, such as regular health checks and sick leave
▪ Data related to employment termination due to health or disability reasons
▪ Compensation details, including salary, benefits, allowances, loans, advances, and bank account information
All employment-related data is securely maintained and processed in compliance with labor laws and data protection regulations.
11. We may use local storage technologies on your device, such as browser web storage (e.g., HTML5 local storage) and application data caches, to collect and temporarily store certain information, including personal data, to improve your experience and service performance. These technologies operate within your browser or app, and you can control or clear this data via your device settings.
12. We use cookies and similar technologies, small data files stored on your device by web servers, to remember your preferences, facilitate login sessions, deliver personalized advertising, prevent fraud, analyze product performance, and serve other legitimate business interests. Upon your first visit to our website or SACC E-Services, we present a clear and prominent cookie consent banner that explains the types of cookies used, their purposes, and requests your explicit consent before placing any non-essential cookies on your device. You have control over cookies through your browser settings and may withdraw consent or block cookies if you wish. We provide clear information about these technologies and their purposes to ensure transparency and compliance with the Saudi Personal Data Protection Law (PDPL).
You have the right to:
• Accept or decline non-essential cookies at any time
• Change cookie preferences or withdraw consent by accessing the cookie settings on our website or by adjusting your browser preferences
• Learn more about how cookies are used through our detailed cookie policy accessible via a link on the cookie consent banner and privacy policy
13. We securely store your cookie consent preferences to demonstrate compliance with PDPL. Please note that if you choose to disable or withdraw consent for certain cookies, some features of our website or services may be limited or unavailable.
14. Our websites may employ “web beacons” (also known as pixel tags) and other tracking technologies to facilitate cookies delivery and collect usage or performance data. Some of these technologies may be provided by trusted third-party service providers. You can manage and control these technologies via your browser or device settings, including limiting cookie usage, blocking trackers, or withdrawing consent by clearing cookies. We encourage you to review these settings regularly to manage your privacy preferences.
15. When you use SACC E-Services, we and our partners may collect and store information about your device or browser using cookies and similar technologies. This includes information collected when you interact with partner services or advertisements displayed on other websites. Any data linked to your SACC account is treated as personal information and protected accordingly. These practices help us provide personalized services, improve user experience, and ensure lawful processing under PDPL. For any questions or assistance regarding cookies and your privacy choices, please contact our Data Protection Officer.
16. We use your personal data to communicate important updates, service improvements, enhancements, upgrade options, and marketing offers. Your data may relate to you personally or in your capacity representing an organization such as a business or government entity. While you have control over what personal data you provide, some data is necessary for service delivery. If you decline to provide required data, access to certain products or features may be limited or unavailable. Similarly, when data collection is mandated by law or contract, refusal to provide such data may prevent contract formation or continuation. We will notify you promptly if this affects your service.
17. SACC may record and monitor inbound and outbound telephone calls and digital communications through all digital channels for purposes including training, quality assurance, and service improvement. Telephony metadata — such as phone numbers, call times, durations, and call types — may also be collected. All such recordings and related data shall be processed in accordance with the Personal Data Protection Law (PDPL) and shall be used solely for legitimate and authorized business purposes.
18. The personal data we collect is used solely to provide, maintain, and improve the products and services offered by SACC, as described in this policy. We ensure processing is lawful, fair, and limited to necessary purposes only.
19. Your information is used to improve, develop, and personalize our products and services, ensuring they meet your needs and comply with applicable legal standards, including PDPL requirements for data minimization and lawful processing.
20. We may send you promotional communications, including targeted advertising and personalized offers. Such marketing activities are conducted in compliance with PDPL, ensuring your consent is obtained where necessary and that you can opt out at any time.
21. Your data may be processed for crime prevention, detection, and security purposes, such as protecting you, our employees, and our systems from fraud, cyberattacks, or other unlawful activity, always within the bounds of applicable laws.
22. We collect technical data such as browser type and operating system to ensure our website content functions correctly across different platforms and to identify and resolve any compatibility or performance issues.
23. To enhance your experience and for legitimate business purposes, we may combine data collected from various sources and contexts, provided that at each stage you have been offered the choice to consent or decline sharing. We may also obtain data from third parties only where you have explicitly consented. All combined processing respects your privacy rights and complies with PDPL.
24. Our website and systems are hosted on Microsoft Azure Cloud (Tier 3) with ISO/IEC 27001:2013 certification for Information Security Management. Data centers are located in West Europe and protected by advanced commercial Web Application Firewalls (WAF). We use SSL/TLS encryption on all secure pages, including login and customer information areas. Using SSL-compliant browsers like Google Chrome, Microsoft Edge, Opera, or Firefox ensures that your transactions are encrypted end-to-end, safeguarding against interception or unauthorized access. These measures comply with PDPL’s requirement for data security and integrity.
25. We implement Azure Cloud Advanced Security technologies to defend the Saudia Cargo portal and associated APIs from denial-of-service (DoS) attacks, data breaches, and other cyber threats, maintaining confidentiality, integrity, and availability of customer data in accordance with PDPL.
26. Access to personal information is strictly limited to authorized SACC employees, contractors, and agents who require it to perform their duties. All such personnel are bound by rigorous confidentiality agreements and undergo regular training on data protection. Failure to comply with these obligations may result in disciplinary action or termination of contracts, ensuring accountability under PDPL.
27. All personal data is processed and stored in accordance with the General Data Protection Act 2018 and the ISO/IEC 27001:2013 certified security framework, which together provide robust standards for data protection and information security. We ensure ongoing compliance with these standards and PDPL.
28. We share personal information internally among authorized SACC divisions including IT, Finance, Marketing, Internal Communications, Procurement, and Airport Stations. Such sharing supports legitimate business functions such as reporting, communications, identity verification, and controlled access to regulated areas (e.g., airport facilities). Internal sharing is conducted with strict access controls and confidentiality safeguards.
29. We disclose personal data to governmental bodies where legally required or contractually obligated, such as for enrollment with the General Organization for Social Insurance (GOSI), compliance with Saudi Labor Law, and registration with platforms like Muqeem. All such disclosures are lawful, necessary, and documented in line with PDPL.
30. Your personal information may be shared with trusted third-party service providers, including medical insurance companies or partners managing benefits programs like Mazaya or Saudia Airline Ticket discounts to facilitate the services you have requested. In all cases, data shared is minimized to only what is strictly necessary, and third parties are contractually obliged to comply with data protection standards.
31. Saudi Airlines Cargo Company (SACC) may transfer your personal data to locations outside the Kingdom of Saudi Arabia (KSA), including to our cloud service providers, business partners, affiliates, and service providers located in other countries such as the European Union and other regions.
32. Such international transfers of personal data are conducted in full compliance with the Saudi Personal Data Protection Law (PDPL) and other applicable data protection regulations. We ensure that appropriate safeguards are in place to protect your personal information during cross-border transfers, including but not limited to:
• The use of Standard Contractual Clauses approved by relevant regulatory authorities
• Data transfer agreements that require recipients to implement adequate technical and organizational security measures
• Transfers only to countries that the Saudi Data & AI Authority (SDAIA) recognizes as providing an adequate level of data protection however, where business needs require transferring data to other countries, such transfers may will proceed after implementing appropriate safeguards and controls in line with the requirements of the Personal Data Protection Law (PDPL) and its Executive Regulations.
•
• Obtaining your explicit consent where required by law
We conduct due diligence and regular assessments of our third-party partners and service providers to confirm they comply with these requirements.
You have the right to inquire about the safeguards we use for international transfers of your personal data and to raise any concerns regarding your data privacy related to such transfers. For more information or to exercise your rights, please contact our Data Protection Officer.
35. We retain your personal data within SACC except where lawful disclosure is required or permitted, such as to government bodies or law enforcement. We engage third-party processors to perform services on our behalf including service provision, data analysis, pre-employment screening, references, and Disclosure & Barring Service (DBS) checks. All such processors must strictly adhere to our instructions and PDPL requirements and are prohibited from using your data for their own purposes unless you have given explicit consent. Internal sharing of your data within SACC divisions occurs only for legitimate purposes, for example reviewing employment applications. With your consent, or to fulfill contractual obligations, we may share your personal data with business partners, affiliates, and vendors. We also disclose data as required by law, to respond to legal requests, protect customers, safeguard lives, ensure security and compliance, and protect SACC’s and its customers’ rights and property.
36. If you post, send, or upload offensive, inappropriate, or unlawful content on SACC websites or services, we reserve the right to use your personal information to address and prevent such conduct. Where we believe your behavior violates laws (e.g., defamation), we may share your data with relevant third parties such as your employer, internet service provider, or law enforcement, to ensure legal compliance and protect the rights of others.
37. We retain employee records, including accident and incident reports, for a period of 10 years in compliance with applicable laws. Other business documents, including finance records, are retained for 10 years or as required by regulatory or contractual obligations. Personal data will be securely deleted or anonymized when retention periods expire unless further retention is required by law.
38. You have the right to access, rectify, or request deletion or restriction of your personal data processed by SACC, and to exercise other data protection rights under PDPL. To do so, you may contact us using the details below. In certain circumstances, your rights may be limited due to legal restrictions or overriding public interests, in which case we will inform you accordingly. We will process and verify your requests promptly and transparently.
39. For any inquiries, requests, or complaints regarding your personal data or this Privacy and Cookies Policy, please contact our Data Protection Officer (DPO) at DPO@Saudiacargo.com Correspondence can also be sent to: Saudi Airlines Cargo Company Ltd., 4083 Aouf Ibn Amrou – Al Murjan - Jeddah 23713 - 7993, Saudi Arabia
.
Verification questions may be used to verify your identity for the purpose of processing your request
40. Users under 18 years of age are not permitted to create a personal account with SACC without parental or guardian consent. If you are under 18 and wish to use our services, please obtain consent from a parent, guardian, or an adult (over 18 years) authorized to act on your behalf. This policy is in place to ensure compliance with child data protection standards and PDPL requirements.
41. To request information on the personally identifiable information (PII) SACC holds about you, please contact our Data Protection Officer at DPO@Saudiacargo.com. Correspondence may also be sent to our mailing address above. For identity verification, questions may be used to verify your identity for the purpose of processing your request
42. We may share your personal data with affiliated business partners such as American Airlines Inc, Air France, Royal Air Maroc, Cathay Pacific Airways Ltd, Korean Airlines, Malaysian Airline System, China Eastern Airlines, Astral Aviation, and Sky Capital Airlines. This sharing enables them to assist in delivering services to you for instance, when your shipment is sent beyond our direct operational scope, a partner may manage delivery. All such data sharing is governed by agreements ensuring PDPL-compliant data protection.
43. Saudi Airlines Cargo Company (SACC) may disclose your personal information to third parties in the following circumstances:
• Credit reference agencies and fraud prevention services
• Government authorities and law enforcement agencies when required by law or court order
• Third parties involved in the assignment or transfer of our contractual rights or obligations to you
• Any entity lawfully requesting disclosure via a competent authority
All such disclosures are conducted in strict compliance with the Saudi Personal Data Protection Law (PDPL), ensuring that only the minimum necessary personal data is shared, and solely for lawful purposes.
In addition, when we share your personal data with third-party service providers or processors who manage data on our behalf, we:
• Carefully select these processors based on their ability to implement appropriate technical and organizational safeguards to protect your personal data
• Enter into written data processing agreements (DPAs) that obligate processors to process data only as instructed by us and in compliance with PDPL
• Require strict confidentiality and security commitments, including assistance with data subject rights requests and data breach notifications
• Regularly monitor and audit these processors to ensure ongoing compliance with data protection requirements
• Ensure that processors do not use your personal data for their own purposes unless explicitly authorized by you
If you have any questions about how your data is shared or protected with third parties, please contact our Data Protection Officer at DPO@Saudiacargo.com.
44. Saudi Airlines Cargo Company (SACC) may collect and process special categories of personal data, also known as sensitive personal data, which include but are not limited to:
• Health information, such as results from pre-employment medical check-ups or records related to sickness and injuries
• Biometric data used for security and access control purposes
• Information about religion
• Criminal background information as part of employment screening or regulatory compliance
We recognize that this data requires a higher level of protection due to its sensitive nature. Therefore, we process such data only when:
• You have provided explicit consent for the specific purpose(s) of collection and processing,
• Or when the processing is necessary to fulfill legal obligations or exercise specific rights in employment, security, or regulatory contexts.
Access to special category data is strictly limited to authorized personnel who require it to perform their job functions, and they are bound by confidentiality agreements and applicable data protection laws.
We implement enhanced technical and organizational measures to safeguard this sensitive data against unauthorized access, loss, or misuse.
If you have any questions about our handling of sensitive personal data or wish to exercise your rights related to this data, please contact our Data Protection Officer at DataPrivacyOfficer@Saudiacargo.com or DPO@Saudiacargo.com.
45. Saudi Airlines Cargo Company (SACC) retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements.
46. While this policy specifies retention periods for certain categories such as employee records and finance documents (typically 5 to 10 years), retention periods for other personal data categories, including data collected via online services or other interactions, may vary. If you wish to know the specific retention period applicable to your personal data or request its deletion once it is no longer required, please contact our Data Protection Officer at DPO@Saudiacargo.com.
47. Under the Saudi Personal Data Protection Law (PDPL), you have the following rights regarding your personal data held by Saudi Airlines Cargo Company (SACC):
• Right to Access: You may request confirmation as to whether we process your personal data and obtain a copy of that data.
• Right to Correction: You can request correction of inaccurate or incomplete personal data we hold about you.
• Right to Deletion: You have the right to request deletion of your personal data where it is no longer necessary for the purposes it was collected, or where processing is unlawful, unless retention is required by law or for legitimate business purposes.
• Right to Object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format and request that we transfer it to another data controller where technically feasible.
To exercise any of these rights, please contact our Data Protection Officer at DPO@Saudiacargo.com. We may ask you to provide proof of identity before fulfilling your request. We will respond to your request in accordance with applicable laws and within the required timelines.
48. Saudi Airlines Cargo Company (SACC) is committed to safeguarding the personal information we process and has implemented comprehensive measures to detect, respond to, and mitigate data security incidents.
• In the event of a personal data breach — defined as any unauthorized access, disclosure, loss, alteration, or destruction of personal data — SACC will promptly initiate its incident response procedures to contain and assess the breach.
49. Where required by the Saudi Personal Data Protection Law (PDPL), SACC will notify the Saudi Data & AI Authority (SDAIA) and affected individuals without undue delay and within the regulatory timeframe (typically within 72 hours of becoming aware of the breach). The notification will include:
• The nature and scope of the breach,
• The categories and approximate number of data subjects and personal data records affected,
• The likely consequences of the breach,
• Measures taken or proposed to be taken to address the breach and mitigate any potential adverse effects.
SACC maintains detailed records of all data breaches, the investigations undertaken, and remedial actions implemented. If you believe your personal data may have been compromised, please contact our Data Protection Officer immediately at DPO@Saudiacargo.com.
50. We may update this Privacy and Cookies Policy from time to time to reflect changes in our practices, legal requirements, or services.
• Notification of Changes: For any material changes that affect how we collect, use, or disclose your personal data, we will provide you with clear and prominent notice. This may include notifications via email, website banners, or other direct communication channels before the changes take effect.
• Your Consent: We will not reduce your rights under this policy without your explicit consent. Where required by law, we will seek your explicit consent for material changes to this policy before implementing them.
• Reviewing Updates: We encourage you to review this policy regularly to stay informed about how we protect your personal information.
If you do not agree to any material changes, you should discontinue using our services and contact us with any questions or concerns.