Privacy Policy

Privacy Policy – Neweb Digital Services Last Updated: 05/05/2026 Introduction Welcome to Neweb Digital Services (hereinafter referred to as "Neweb," "we," or "us"). We appreciate your interest in visiting our website www.ne-wb.com and/or using our digital applications and services (collectively referred to as the "Platform"). This Privacy Policy (the "Policy") outlines the principles and controls we follow when collecting, processing, using, protecting, and disclosing your personal data, in compliance with the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443 AH and its amendments, its Implementing Regulations issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), and other applicable laws in the Kingdom of Saudi Arabia, most notably the E-Commerce Law and the Anti-Cyber Crime Law. We recommend that you read this Policy carefully before using the Platform. Please note that your use of the Platform constitutes your express consent to the terms of this Policy. The terms "we," "us," and "our" refer to Neweb, while the terms "you," "User," and "Customer" refer to you as a natural or legal person using the Platform. First: Definitions Personal Data: Any data — regardless of its source or form — that may lead to the specific identification of an individual, or makes it possible to identify them directly or indirectly. This includes, by way of example: name, national ID or residency number, contact addresses, phone numbers, photographs, and banking and credit information. Sensitive Data: Any personal data that includes a reference to an individual's ethnic or tribal origin, religious, intellectual, or political belief, or indicates membership in associations or non-profit institutions, as well as criminal and security data, biometric data, health and genetic data, and credit data. Processing: Any operation performed on personal data by any means, whether manual or automated, including collection, recording, storage, organization, modification, transfer, disclosure, and destruction. Data Subject: The natural person to whom the personal data relates. Second: Data We Collect We are committed to collecting the minimum amount of data necessary to provide our services, including: Data you provide directly when: Registering on the Platform or creating an account, including registration via social media platforms. Requesting one of our digital products or services. Filling out forms or participating in surveys and evaluations. Contacting customer service or notifying us of any feedback or complaints. Transaction and Subscription Data: Includes order details, payments, usage records, and subscriptions to our services. Technical Data: Includes IP address, browser type and operating system, device identifier, login data, pages visited, and time spent on the Platform. Geolocation Data: When using our mobile application, we may request permission to access your geolocation data to provide location-based services. You may disable this permission at any time from your device settings. Cookie Data: We use cookies and similar technologies to enhance your experience, as outlined in our Cookie Policy. Data Received from Third Parties: We may receive data about you from authorized partners (such as payment service providers or single sign-on platforms), provided they have obtained your prior consent. Important Note: We do not collect sensitive data except with your express consent and within the limits required by service provision or imposed by law. Third: Purposes for Which We Use Data We use your personal data for the following lawful and legitimate purposes: Providing the digital services and products you request and fulfilling our contractual obligations toward you. Creating and managing your account, verifying your identity, and protecting transaction security. Processing payments, issuing invoices, and completing returns and exchanges in accordance with Platform policies. Improving the quality of our services, developing the Platform, and customizing content to suit your preferences. Communicating with you regarding services, technical notifications, security updates, and policy changes. Providing you — upon obtaining your consent — with marketing messages, promotional offers, and events that may interest you. Complying with statutory and legal obligations and cooperating with competent authorities upon official request. Detecting and preventing fraud and protecting the rights of users and the Platform. Conducting analyses and statistical studies using anonymized data. Fourth: Legal Basis for Processing We process your personal data based on one of the following legal grounds: Your express consent. Performance of a contract to which you are a party. Compliance with a legal obligation. Achieving the legitimate interests of the company without prejudice to your fundamental rights. Fifth: Disclosure and Sharing of Data We are committed to not selling your personal data to any third party. However, we may share it in the following cases and within the limits permitted by law: Service Providers: Such as electronic payment companies, shipping and delivery companies, hosting and technology service providers, and marketing companies, provided they are contractually committed to the confidentiality and protection of data in accordance with applicable standards. Affiliated and Partner Companies: Within the Neweb group, for operational and administrative purposes, with adherence to the provisions of this Policy. Government and Judicial Authorities: Based on a legal or judicial order, or in compliance with the requirements of regulatory authorities in the Kingdom of Saudi Arabia. In Cases of Merger or Acquisition: Data may be transferred to the new entity, with notification provided to you. Sixth: Transfer of Data Outside the Kingdom If it becomes necessary to transfer your data outside the Kingdom of Saudi Arabia, we comply with the provisions of the Personal Data Protection Law, its Implementing Regulations, and the controls issued by SDAIA in this regard. No transfer will be made unless adequate safeguards are in place to protect data at the receiving party. Seventh: Data Retention Period We retain your personal data for the period necessary to achieve the purposes for which it was collected, or for the period required by law (such as accounting, Zakat, tax, and anti-money laundering regulations). After this period expires, the data is securely destroyed or anonymized. Eighth: Your Rights as a Data Subject The Personal Data Protection Law in the Kingdom of Saudi Arabia guarantees you the following rights: Right to Information: To know the legal basis and purpose of collecting your personal data. Right of Access: To view your personal data held by us and obtain a copy of it. Right to Correction: To request correction, updating, or completion of your data. Right to Erasure: To request the destruction of your personal data when it is no longer necessary to fulfill the purpose for which it was collected. Right to Withdraw Consent: To withdraw your consent to the processing of your data at any time, without affecting the lawfulness of prior processing. Right to Object: To object to the processing of your data for direct marketing purposes. Right to Lodge a Complaint: To file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) in the event of our breach of the law. To exercise any of these rights, please contact us via the contact details provided at the end of this Policy. We will respond to your request within the legally prescribed timeframes. Ninth: Data Protection and Security Measures We take appropriate organizational, technical, and administrative measures to protect your data from unauthorized access, modification, disclosure, or destruction, most notably: Using modern encryption technologies during data transmission. Implementing firewalls and intrusion detection systems. Restricting access to data to authorized employees and partners as required by their work. Conducting periodic security reviews and vulnerability assessments. Continuous training of employees on cybersecurity practices and privacy protection. While we are fully committed to these measures, the transmission of data over the internet is not without risks. Therefore, we recommend that you keep your login credentials confidential, do not share them with others, and log out after each use of shared devices. Tenth: Customer Responsibilities The customer undertakes to provide us with accurate, complete, and updated data, and bears sole responsibility for the accuracy of this data. The customer is responsible for protecting their password and account login credentials. The Platform is not responsible for any personal data stored on the customer's device or lost from it. The customer alone bears responsibility for transferring their personal data and settings to any new device. Eleventh: Cookies The Platform uses cookies to enhance your experience and analyze site performance. You may disable these files at any time through your browser settings, noting that disabling them may affect some Platform functions. For more details, please refer to our Cookie Policy. Twelfth: Children's Privacy Our services are not directed at children under the age of eighteen, and we do not knowingly collect their personal data without parental consent. If we become aware of having collected data from a minor without their guardian's consent, we will destroy it immediately. Thirteenth: Links to External Sites The Platform may include links to websites or applications belonging to third parties that are not subject to our Privacy Policy. Accordingly, we are not responsible for the privacy practices of those parties, and we recommend reading their privacy policies before submitting any data. Fourteenth: Amendments to the Policy We reserve the right to amend this Policy from time to time in line with legislative or operational changes. You will be notified of any material amendments via email or through a prominent notice on the Platform. Your continued use of the services after the publication of amendments constitutes your acceptance of them. Fifteenth: Applicable Law and Dispute Resolution This Policy is subject to and shall be interpreted in accordance with the laws of the Kingdom of Saudi Arabia. The competent judicial authorities in the Kingdom of Saudi Arabia shall have jurisdiction to consider any dispute arising from its application or interpretation. Sixteenth: Contact Us For any inquiry or request related to your personal data or to exercise your rights under this Policy, please contact the Data Protection Officer via: Email: info@ne-wb.com Phone: 0556686856