Skip to main content

Legal

Privacy Policy

This policy explains how KSA RFID Keycards collects, uses, and protects your personal data in compliance with Saudi Arabia's Personal Data Protection Law (PDPL).

Last updated: 24 February 2026

1. Introduction

KSA RFID Keycards ("we", "us", "our") is committed to protecting the privacy and security of personal data. This Privacy Policy describes how we collect, use, store, and share personal data when you interact with our website (rfidkeycardsksa.com), contact us, or use our products and services.

This policy is designed to comply with the Personal Data Protection Law (PDPL) of Saudi Arabia, which became fully enforceable on 14 September 2024 and is administered by the Saudi Data and Artificial Intelligence Authority (SDAIA).

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Contact information: Name, email address, phone number, company name when you submit our contact form or send us an email.
  • Order information: Business name, delivery address, product specifications, and billing details when you place an order.
  • Communication records: Content of emails, messages, and phone conversations with our team.

3.2 Information Collected Automatically

  • Website usage data: Pages visited, time spent on pages, referral sources, browser type, device type, and IP address (anonymised where possible).
  • Cookies: We use essential cookies for website functionality. We do not use tracking cookies or third-party advertising cookies. See Section 8 for details.

3.3 Information We Do Not Collect

Our RFID keycard products do not collect or store personal guest data. Hotel keycards contain only access credentials (room number, access level, expiry) managed by the hotel's property management system. We do not have access to hotel guest personal information.

4. Purpose of Data Processing

We process your personal data for the following purposes:

  • Responding to enquiries: To answer your questions, provide product quotes, and process orders.
  • Order fulfilment: To manufacture, deliver, and invoice products you have ordered.
  • Customer support: To provide technical assistance and after-sales support.
  • Website operation: To maintain, secure, and improve our website functionality.
  • Legal compliance: To meet our obligations under Saudi law, including tax and commercial regulations.

We process personal data only when we have a lawful basis as defined by the PDPL: your consent, the performance of a contract, compliance with legal obligations, or our legitimate business interests.

5. Data Sharing

We may share personal data with the following categories of recipients:

  • Service providers: Web hosting, email delivery (Web3Forms), and logistics partners who process data on our behalf under contractual data protection obligations.
  • Professional advisors: Accountants, legal counsel, and auditors as necessary for business operations.
  • Regulatory authorities: SDAIA, tax authorities, or other government bodies when required by law.

We do not sell, rent, or trade personal data to third parties for marketing purposes. We do not transfer personal data outside of Saudi Arabia unless required for order fulfilment, in which case we ensure adequate data protection measures are in place as required by the PDPL.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: Retained for up to 2 years after the last interaction, then deleted.
  • Order records: Retained for 7 years to comply with Saudi commercial and tax record-keeping requirements.
  • Website analytics data: Anonymised and retained in aggregate form. Individual session data is not retained beyond 26 months.

7. Your Rights Under the PDPL

Under Saudi Arabia's Personal Data Protection Law, you have the following rights:

  • Right to be informed: You have the right to know what personal data we hold about you and how it is used.
  • Right of access: You may request a copy of your personal data that we hold.
  • Right to correction: You may request that we correct inaccurate or incomplete personal data.
  • Right to deletion: You may request that we delete your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention requirements.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.
  • Right to object: You may object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at privacy@rfidkeycardsksa.com. We will respond to your request within 30 days.

8. Cookies

Our website uses only essential cookies required for basic website functionality (session management, security). We do not use:

  • Third-party advertising or tracking cookies
  • Social media tracking pixels
  • Cross-site tracking technologies

If we implement analytics in the future (such as Google Analytics), we will update this policy and provide appropriate notice and consent mechanisms.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted via our website
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and updates
  • Secure data storage with reputable cloud infrastructure providers

10. Children's Privacy

Our website and services are designed for business-to-business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance from SDAIA. The "Last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your personal data is handled, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) at sdaia.gov.sa.