Privacy Policy

Msoon Company for Public Relations and Communications (“Msoon”) is a Saudi company specializing in VVIP guest management and official protocol services.

  1. Preamble:

The Privacy Policy is a legally binding agreement between the user of the service provided on the platform (“User”) and Msoon Company (“Service Provider”) on the platform, whereby the Service Provider is committed to the privacy of the User and undertakes to protect it by complying with this Policy. This Policy describes the types of information that may be collected from the User or that the User may provide on the website, the application, or both, and any related services, as well as the practices of the Service Provider in collecting, processing, using, storing, protecting, and disclosing such personal data. It also clarifies the options available to the User with respect to the Service Provider’s use of their personal data and the ability to access and update it. This Policy complies with the Personal Data Protection Law in force in the Kingdom of Saudi Arabia.

  1. Introduction:

The Service Provider “Msoon,” registered with the Saudi Ministry of Commerce under Unified Number (7034272463) and Commercial Registration Number (1010890754), is committed to protecting the User’s personal data, which is any information that can identify the User as an individual or a legal entity. In this Policy, the Service Provider clarifies its handling of the User’s personal data and how it is protected when the User visits the Service Provider’s website, application, or both (the “Platform”), regardless of the location from which the User accesses it. The Service Provider informs the User of the privacy rights guaranteed to them and how legal protection is provided. The User acknowledges that once they access the Service Provider’s services or use its products, services, features, and technologies, such access shall constitute the User’s acknowledgment and acceptance of the Service Provider’s Privacy Policy.

This Policy has been prepared in light of the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 09/02/1443H, and the Implementing Regulations of the Personal Data Protection Law (PDPL) issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), in addition to other relevant laws and regulations.

  1. Contact Information:
    • Service Provider Name: Msoon Company for Public Relations and Communications
    • Official Address: Othman Bin Affan Branch Road, Building No. (7637) – Additional No. (3123) – Postal Code (12487) – Al-Ezdihar District – Riyadh
  • Phone Number: +966 50 695 7151
  • Email: hello@msoon.sa
  • Company Unified Number: 7034272463
  • Commercial Registration Number: 1010890754
  1. Privacy Policy Update:
    The privacy policy was last updated on 01/07/2025. The update history can be viewed at the following link: (Privacy Policy).
  2. Personal Data Collected by the Service Provider:
    • Personal data, regardless of its source or form, is defined as any data that explicitly identifies an individual or makes it possible to identify them directly or indirectly. This includes, but is not limited to, the name, personal identification number, addresses, contact numbers, license numbers-if any-records, personal belongings, bank account numbers, credit cards, still or moving images of the individual, and other data of a personal nature.
    • The Service Provider collects the user’s personal data in the course of conducting business activities, in addition to providing services. It also collects the user’s personal data in certain areas of the platform when the user registers, creates a user profile, or engages in other activities. The Service Provider may automatically collect information about the devices the user uses to access the platform and how they use it, such as the items they search for and what they view on the platform. The information collected by the Service Provider may include the IP address, device identifier, web browser, and browsing information gathered through cookies, pixels, and similar files or technologies, collectively referred to as “cookies and other tracking technologies” on the platform.
    • The Service Provider may also collect personal data from other parties, such as data brokers or data aggregators, in the context of providing services. The Service Provider may combine this data with the information it already has about the user or use it independently for its business purposes. The Service Provider always seeks to exercise due diligence to ensure that the party from whom the data is purchased has informed the user of its use and the Service Provider’s use of it in compliance with applicable laws. The Service Provider bears no responsibility for the accuracy of the data provided by the third party or for the third party’s compliance-or lack thereof-with privacy policies.
    • The data we collect includes, but is not limited to, the following:
  3. Data provided by the user:
    • Full name
    • National ID number or residence permit number
    • Position and Entity
    • Address and contact numbers
    • Email address
    • Bank account information and encrypted payment card data
    • Photos, videos, and audio data associated with the account
  4. Communication Data:
    • Technical support requests
    • Complaints and inquiries
    • Comments and feedback
  5. Browsing Data and Cookies:
    • Internet Protocol (IP) addresses
    • Data extracted from cookies and web logs
  6. Data Collected from Other Sources:
    • Government authorities or collaborating entities
    • Clients or individuals who complete forms on behalf of the user
  7. Methods of Collecting Personal Data and the Purpose of Collection:
    • Direct methods, including but not limited to via electronic and paper forms, email, and telephone.
    • Indirect methods, including but not limited to public sources, through authorized partners, or via cookies while interacting with the website.
    • The purpose of collecting data is to:
      • Provide and continuously improve services, ensuring users’ needs are met and delivering personalized and effective content.
      • Fulfill contractual obligations between the platform and users, such as account management, user registration, and issuing certificates.
      • Comply with security and regulatory requirements issued by the relevant authorities, ensuring data protection and the integrity of the digital environment.
      • Enhance the user experience by analyzing usage behavior and working on developing user interfaces and the services provided.
      • Promote interaction and communication within the platform by enabling notifications, messages, and interactive activities that contribute to higher engagement.
  1. Legal Grounds for Collecting and Processing Personal Data:

Pursuant to Article 10 of the Personal Data Protection Law, the user’s consent to this policy when creating a personal account or registering for the Service Provider’s services constitutes explicit consent for the collection and processing of data, in addition to the following legal grounds:

  • Fulfilling contractual obligations to provide the requested services.
  • Complying with legal and regulatory requirements issued by governmental authorities.

The user has the right to withdraw consent at any time, without affecting any processing that occurred prior to the withdrawal.

  1. How Personal Data is Used:
    • The Service Provider uses the user’s personal data to meet their needs in accessing services and to personalize the content displayed or received on the platform. This includes evaluating services and improvements, sending newsletters and alerts to the user, analyzing the platform’s performance and operations, preventing fraud, enforcing terms and conditions, and complying with all applicable laws in the Kingdom of Saudi Arabia. The Service Provider may also retain any of the user’s personal data in a file and use it for communication purposes.
    • The Service Provider and its service providers may use cookies and other tracking technologies, including web beacons, to provide the Service Provider’s services and collect analytics on how they are used. The Service Provider may engage independent third parties to assist in delivering services to the user, subject to the user’s consent in this regard. Additionally, the Service Provider has the right to consult specialized advisors when necessary for guidance or assistance, including lawyers, accountants, IT specialists, public relations consultants, and the following individuals:
    • Data storage service providers of the Service Provider.
    • Subsidiaries and affiliated companies of the Service Provider.
    • Partners, suppliers, service providers, and collection companies that assist the Service Provider in its business operations, including matters related to fraud prevention, identity verification, payment collection, marketing, customer service, and technology services.
    • In addition to the above, the Service Provider uses the data for the following purposes:
      • Operating the platform and meeting the user’s needs in accessing services.
      • Enhancing the user experience and analyzing interaction with the services.
      • Improving technical support operations and customer communication.
      • Complying with all applicable laws in the Kingdom of Saudi Arabia.
      • Preventing fraud and ensuring cybersecurity.
  1. Retention of Personal Data:
    • The Service Provider retains the user’s personal data in accordance with Saudi laws for a period not exceeding 240 months (20 years). The Service Provider maintains the user’s personal data on its platform as necessary during the contractual relationship and provision of services. The Service Provider may also retain the user’s personal data beyond the contractual period when needed to protect against legal claims, for analytical purposes, to preserve historical records, or to comply with information management policies.
    • If the user requests the Service Provider to delete their personal data, the Service Provider will make reasonable efforts to delete all information. For requests to access, correct, or delete information, the user can contact the Service Provider at the addresses registered on the platform. Once it is no longer necessary to retain the user’s personal data, the Service Provider will delete it. Data retention is carried out for legitimate purposes, which may include, for example:
      • Responding to inquiries and complaints.
      • Ensuring service quality monitoring.
      • Complying with regulatory and security requirements.
  1. Disclosure of Personal Data:
    • The Service Provider shall not sell or trade the user’s personal data.
    • The Service Provider may share data with trusted parties under legal contracts that ensure full compliance with personal data protection regulations. Examples of internal parties include employees, instructors, and the support team of the Service Provider, while examples of external parties include hosting service providers, data analysts (e.g., Google Analytics), and electronic payment channels.
  2. Storage and Protection of Personal Data:
    • Data is stored on secure, certified servers such as Amazon AWS or other licensed cloud computing systems.
    • The Service Provider securely disposes of data after the statutory retention period expires.
  3. Information Security and Safeguarding:
    • The Service Provider is committed to the security and privacy of information and takes the necessary technological and operational precautions to protect personal data from loss, misuse, alteration, or damage. Access to the user’s personal data is restricted to authorized Service Provider personnel and third-party service providers. The Service Provider requires all parties to handle this information to maintain confidentiality.
    • Despite these precautionary measures, the Service Provider does not guarantee that unauthorized individuals will never gain access to the user’s personal data. However, the Service Provider is obligated to notify the user immediately upon becoming aware of any data breach, damage, or unauthorized access.
    • The Service Provider has established procedures to address any suspicion of a breach of personal data security and is committed to notifying the user and the relevant regulatory authorities of such a breach.
    • The Service Provider regularly reviews its security procedures to consider new technologies and updated methods. Access to this information is limited to authorized individuals who need it to perform their duties. However, despite the Service Provider’s reasonable efforts and due diligence, no security measure is completely foolproof or impervious to breaches.
  4. Processing and Disposal of Data:

The Service Provider processes personal data for the purposes outlined in the privacy policy, for which the user has given their consent, and retains it as long as necessary to achieve the specified purposes or as required by applicable laws in the Kingdom. Upon no longer needing the user’s personal data, the Service Provider commits to taking reasonable care to securely dispose of the data in a manner that prevents leakage, loss, theft, misuse, or unauthorized access.

  1. User Rights under the Personal Data Protection Law:
    • In accordance with the Personal Data Protection Law, the user has the right to request access to the personal data collected by the Service Provider for review, modification, or deletion. The user also has the right to obtain a copy of the personal data collected by the Service Provider and to request correction of any errors therein, in accordance with applicable regulations and procedures and without conflicting with the Personal Data Protection Law and its executive regulations. In certain cases, the user may also request to suspend the processing of their personal data. Additionally, the user has the right to withdraw their consent at any time, without affecting any processing that occurred prior to the withdrawal, and to be informed about how their data is collected and processed.
    • The Service Provider will correct any inaccurate information upon request within ten (10) business days.
    • The user has the right to request the disposal of data in accordance with applicable regulations, except in cases where regulatory requirements prevent this.
    • If the user wishes to submit a request to access, review, correct, or delete their personal data, or to discuss how the Service Provider processes it, they must contact the Service Provider. To help protect the user’s privacy and security, the Service Provider will take specific steps to verify the user’s identity, such as requesting a password or user ID before granting access to personal data. The Service Provider undertakes to make reasonable efforts to promptly verify, comply with, or respond to the user’s requests in accordance with applicable laws.
    • Various laws may prevent the Service Provider from granting the user access to their personal data or fully complying with their request, depending on the circumstances and the nature of the request. For example, if providing the user’s information could lead to the disclosure of another person’s identity. The Service Provider reserves the right to refuse a request if it is unfounded, excessive, otherwise unacceptable, or unlawful under applicable laws.
    • The user may request the Service Provider to cancel or remove their personal data if they successfully exercise their right to object to its processing before the competent authorities. This applies if the Service Provider has processed the user’s information in a manner that violates the law or if it is required to erase the user’s personal data to comply with the provisions of the laws of the Kingdom of Saudi Arabia. However, the Service Provider may be unable to fulfill the user’s request to erase data due to legitimate legal reasons, which the Service Provider will inform the user of at the appropriate time.
    • The user has the right to request the deletion and disposal of their personal data held by the Service Provider in certain cases. For example, if the Service Provider did not obtain the information lawfully or no longer has a legal necessity to retain the personal data. If the user requests that the Service Provider erase their data, the Service Provider will do so provided that the data is no longer known or publicly available or no longer needed for use. The Service Provider strives to respond to all legitimate user requests within ten (10) business days; however, it may take more than twenty (20) days if the request is complex or if multiple requests are submitted by the user. In such cases, the Service Provider will notify the user and follow up accordingly.
    • The Service Provider indicates that the user will not incur any fees when exercising these rights, and a response will be provided within ten (10) business days from the date the request is received.
  2. Cookies Policy:
    • The platform may store cookies on the user’s device when they visit the platform. Cookies are pieces of data that uniquely identify the user and can be used to enhance the user’s experience on the platform, understand their needs, and improve how they use digital services. Most browsers are originally set to allow cookies, but the user can reconfigure their browser to reject all cookies or to alert them when cookies are sent.
    • The Service Provider uses cookies and collects Internet Protocol (IP) addresses across the platform to improve the services offered on the platform and enhance the overall user experience. When accessing the Service Provider’s platform, the Service Provider (including its partners and affiliated companies) may place small data files on the user’s computer or other devices. These data files typically consist of cookies, pixel tags, or any other local storage provided by the user’s browser or associated applications (collectively referred to as “cookies”).
    • The Service Provider uses cookies to track the web pages visited by the user and the frequency of visits, to make the platform easier to use, provide a better experience upon returning to the platform, and deliver advertisements believed to be of interest to the user. For example, cookies can store the user’s password so they do not need to re-enter it each time they visit the platform.
    • Most web browsers accept cookies automatically, and the user can find information about their browser in the “Help” menu. The user has the freedom to reject the Service Provider’s cookies if the browser or browser add-on allows it. However, if the Service Provider’s cookies are required to prevent fraud or ensure the security of the websites it controls, rejecting these cookies may prevent the user from using certain websites or payment services.
    • The user can adjust their browser settings to allow or reject all cookies or only some of them. It should be noted that if the user chooses to disable or reject cookies, this may restrict access to certain parts of the platform or cause some parts to function improperly. Therefore, storing cookies is solely intended to enhance the browsing experience. The user can manage their preferences or opt out of non-essential cookies.
    • Please note that disabling all cookies may affect the user’s ability to access certain services on the platform.
  3. Disclaimer:
    • This website is intended for personal use and complies with the applicable laws of the Kingdom of Saudi Arabia.
    • The user’s use of the platform constitutes unconditional acceptance of this policy from their first visit.
  4. Privacy Policy Updates:
    • The Service Provider reserves the right to amend this policy in accordance with regulatory updates and will notify users of any material changes via email or the official website. It should be noted that the user’s continued use of the platform and its services after the effective date of the updated policy (or any other specified action at that time) constitutes their acceptance of these changes. To view the latest update, the user should check the update date at the top of this page. This does not prevent the Service Provider from providing notice of updates through other means at its discretion, such as using the contact information provided by the user.
    • How can the user submit a complaint or objection?
      Answer: If the user has any concerns or believes the Service Provider is not complying with the Personal Data Protection Law, they can submit a complaint to the administration via email at (hello@msoon.sa).
    • If the user is not satisfied with the Service Provider’s handling of the complaint, or if the Service Provider does not respond within thirty (30) days, the user may file a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA).

 

Address of the Saudi Data & Artificial Intelligence Authority (SDAIA):
Kingdom of Saudi Arabia – Riyadh

Website:

  • Saudi Data & Artificial Intelligence Authority: gov.sa
  • National Data Governance Platform: sdaia.gov.sa
Jki-phone-solid Jki-map-marker1-light Envelope Whatsapp X-twitter Jki-linkedin-in
Copyright 2025, All right reserved .

Privacy Policy | Terms & Condition