Saudi Airlines Cargo Company (SACC) offers a wide range of products and services, including Air Cargo as well Ground Handling, Storage and Logistical Products and Services. References to SACC products and services in this statement include commercial products and services, websites, apps, and devices. Your privacy is important to us. This privacy statement explains the personal information Saudi Airlines Cargo Company collects, how we process personal information, and for what purposes. Personal information is any information about an individual that identifies an individual, or by which the individual's identity can reasonably be ascertained. SACC is committed to protecting your personal information when you are using SACC services. This Privacy and Cookies Policy relates to our use of any personal information we collect from you via the following online services:

• Any SACC website that links to this Privacy and Cookies Policy;
• Social media or official SACC content on other websites;

It also relates to our use of any personal information you provide to us by phone, SMS, email, in letters, other correspondence and in person. In order to provide you with the full range of SACC services, we sometimes need to collect information about you. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 (these laws are referred to collectively in this Privacy and Cookies Policy as the “data protection laws”). No website can be completely secure; if you have any concerns that your SACC account could have been compromised e.g. someone could have discovered your password, please get in touch straight away. SACC websites contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them. They will govern the use of personal information you submit when visiting these websites, which may also be collected by cookies. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

We collect data from you, through our interactions with you and through our products and services. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products and services. The data we collect depends on the context of your interactions with us and the choices you make, including your privacy settings and the products and features you use. We may also collect data about you from our group and third parties where you have provided consent for sharing. Your data may be collected in relationship to your person as such or may be collected in the context of you representing an organization, such as a business or government. You have choices when it comes to the data you share. When we ask you to provide personal data, you can decline. However, please note that many of our products require some personal data to provide you with a service. If you choose not to provide data necessary to provide you with a product or feature, you may not be able to use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time.

From the SACC Website

The SACC website does not capture or store any personal information about individuals who access it, except where they voluntarily choose to give us personal details by email, using an electronic form to register, using SACC online E-Services, or to enquire about our services.

From the SACC Online E-Services

When you participate in, access or sign up to any of the SACC E-Services, we may receive personal information about you. The CargoWEB+ registration process requires you to give us personal information. We use this information to provide the services you have signed up to, and for reporting analysis as well as the information collected about the use of the CargoWEB+ E-Services.

Application for Employment from the SACC Website

The SACC employment application process requires you to give us personal information. We also require you to provide us with your most up-to-date CV (PFD file format is preferred) to collect employment-related information. We use this information to process your application and undertake clearance certificate, reliability check.

• Personal Information: any information about an individual from which that person can be identified.
  • Name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender.
  • Emergency contact information.
  • Marital status and dependents, such includes copies of the documents.
  • Government-issued identifications information: such as Iqama ID/national ID numbers, Nationality, Driving License Number, Passport number, National Address, such includes copies of these identification.
  • Bank information details: Bank Name, IBAN number.
• Employment-related Information:
  • Details of qualifications, skills
  • Experience and employment history, including start and end dates.
  • GOSI employment history and monetary history.
• Sensitive Personal Information such as:
  • Information about your religion.
  • Information about your health, through pre-employment medical check-up.
  • Biometric data.
  • Information about criminal background.

Employment information

Employment data reflects information that will be collected during employment which includes:

• Details of your schedule (days of work and working hours) and attendance at work.
• Details of periods of leave taken, including holiday, sickness absence, family leave and study leave, and any reasons given for the leave
• Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
• Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence.
• Health and sickness records, injuries or health issues related to work, including:
  • ​Records of regular health examination.
  • Sick-leave records.
• ​Where you leave employment and the reason for leaving is determined to be ill health, injury or disability, the records relating to that decision.
• Recording all compensation related information such as salary, entitled benefits, allowances taken, loan and advances, bank account.

Local storage

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and similar technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, providing interest-based advertising, combating fraud, analyzing how our products perform, and fulfilling other legitimate purposes.
We also use “web beacons” to help deliver cookies and gather usage and performance data. Our websites may include web beacons, cookies, or similar technologies from third-party service providers. You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. We and our partners use various technologies to collect and store information when you visit a SACC E-Service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer to our partners, such as advertising services or features that may appear on other sites. Information we collect when you are signed into SACC E-Services, in addition to information we obtain about you from partners, may be associated with your SACC E-Service account. When information is associated with your SACC Account, we treat it as personal information. We also use this to inform you of changes, improvement, enhancements, upgrades options and marketing from time to time. Your data may be collected in relationship to your person as such or may be collected in the context of you representing an organization, such as a business or government. You have choices when it comes to the data you share. When we ask you to provide personal data, you can decline. However, please note that many of our products require some personal data to provide you with a service. If you choose not to provide data necessary to provide you with a product or feature, you may not be able to use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time.

SACC may record and monitor inbound and outbound calls and electronic traffic for training purposes. We may also collect; telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of call information and types of calls.

• Why do we collect this data?

We collect this data to be able to supply the information or service outlined in the section about SACC above.

• What do we do with the data?

Any personal data provided to us will be used exclusively for providing you with the information or services you have requested. We use the information to provide, maintain, protect and improve the services, to develop new ones and to protect SACC and our users. We do not pass any of your personal data to outside organizations and/or individuals, except with your explicit consent. This is only necessary when we need to share your information in order to provide the information or service requested.

Products and services

We use the data we collect to provision you with our products and services. We use data to:

• Provide our products and services and to deal with your request and enquiries.
• For "service administration purposes", which means that we may contact you for reasons related to the service, activity you have signed up for (e.g. to provide you with password reminders, to notify you of planned service outage, your usage/activity, to notify you of updates to our Privacy and Cookies Policy or Terms of Use, to let you know if your account is likely to become inactive or dormant for some reason)
• Improve and develop our products and services,
• Personalize and/or promote our products and services and make recommendations,
• Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers,
• For purposes relating to crime prevention and detection, and security,
• We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, managing and developing our workforce, and doing research.
• To ensure that our website content works in the most popular browsers and to identify any related problems we may identify which type of browser and operating system is used to access the SACC website.

In carrying out these purposes, we may combine data we collect from different contexts (each providing you with the option to decline to share information) or obtain data from third parties where your consent has been registered and to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

Our website is hosted in Azure cloud, Tier 3, IS0 27001-2013 Information Security Management System certificate, data centers in the West Europe. It is protected by a state-of-the art commercial web application firewall. It employs SSL (Secure Socket Layer) encryption standard in all secure areas, including login pages, customer information. Provided that you are using an SSL-compliant browser such as Google Chrome, Microsoft's Internet Explorer, Opera or Firefox,you will be able to conduct encrypted transactions without fear of an intermediary obtaining your private information.
We use Azure Cloud Advance Security to protect and secure Saudia Cargo portal and APIs against denial-of-service attacks, customer data compromise.
SACC restrict access to personal information to SACC employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
Data is maintained under the provisions of the General Data Protection Act 2018 and ISO/IEC 27001:2013 Certified Security Framework.

We share your personal information with other internal divisions such as IT, Finance, Marketing, Internal Communication, Procurement and Airport Stations as part of our regular reporting activities, communication and identification procedure or related to access privileges for areas govern by authorities such as airport station. We share your personal information with different governmental authorities as part of legal obligation and contract obligation such as information to be used for enrolment in General Office of Social Insurance and registering in Saudi Labor Law or Muqeem. We may also need to share your personal information with third-party service providers such as Medical Insurance company, registering for benefits program such as Mazaya and Saudia Airline Ticket discount. In such cases we limit personal data shared to absolute minimum required.

We will keep your information within SACC except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies) or as described in this section and section below. SACC uses third parties to process your information on our behalf, for example we use specialist companies to provide services, analysis, pre-employment checks, references and Disclosure & Barring Service (DBS) checks. SACC requires these third parties to comply strictly with its instructions and SACC requires that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. We may share your personal information internally (i.e. with other divisions) for example, to consider your employment application. We share your personal data with our business partners and national authorities, with your consent or to complete any transaction or provide any product or service you have requested or authorized. We also may share data with controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security and legality of our products and services; and to protect the rights and property of SACC and its customers.

AccordIf you create, post or send offensive, inappropriate or objectionable content anywhere on or to the SACC websites or otherwise engage in any disruptive behavior on any SACC service, SACC may use your personal information to stop such behavior. Where SACC reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), SACC may use your personal information to inform relevant third parties such as your employer, internet provider or law enforcement agencies about the content and your behavior.ion Content

All employee records, accident incident reports will be kept for 10 years, Overall retention for all documents and Finance department will be kept for 5 years.

You have the right to control your personal data that SACC has obtained, and exercise your data protection rights, by contacting us. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable international and/or national law. To verify and control your data we may store and process.

Please address requests and questions about this or any other question about this Privacy and Cookies Policy to the DataPrivacyOfficer@Saudiacargo.com or DPO@Saudiacargo.com. Our Data Protection Officer mailing address is: Saudi Airline Cargo Company Ltd. 7051 Al Amir Sultan – Al-Salamah Unit # 406 Jeddah 23525-2661 Kingdom of Saudi Arabia You’ll need to provide two original forms of your ID, copies are not acceptable. These can include your National ID/Iqama or Passport.

Please do not create an account if you are under 18 and want to register for a SACC account. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to SACC for an account that is registered to a company or and Adult over 18 years of age.

All request about PII must go to DPO. Please address requests and questions about this to the DataPrivacyOfficer@Saudiacargo.com or DPO@Saudiacargo.com. Our Data Protection Officer mailing address is: Saudi Airline Cargo Company Ltd. 7051 Al Amir Sultan – Al-Salamah Unit # 406 Jeddah 23525-2661 Kingdom of Saudi Arabia You’ll need to provide two forms of your ID. These can include your National ID/Iqama or Passport.

Your personal information may be shared with the companies within our business partners, which includes American Airlines Inc, Air France, Royal Air Maroc, Cathay Pacific Airways Ltd, Korean Airlines, Malaysian Airline System, China Eastern Airlines, Astral Aviation and Sky Capital Airlines. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have a shipment to be delivered to a destination outside of our reach, we have an agreement with our business partners to deliver that shipment on our behalf to satisfy you as a customer, so we need to share your information with the partner. We may also disclose your personal information to the following third parties for the purpose described here:

• In response to a valid, legal request from Government and law enforcement agencies such as customs authorities.
• Third party service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf. You can make a request not to receive a survey to a specific email address by using our unsubscribe option. You will need to do this for each email address you have used with us in the past.
• Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
• We may provide usage information (but not your personal details) to other websites so that they know that you have visited our websites (see ’How we use cookies and other methods for the collection of website usage data' above).
• If necessary, to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision).

We do not sell personal information to affiliates, and we only allow third parties to send you marketing information where we have your consent to do so.

Saudi Airlines Cargo Company will take appropriate steps to protect the personal information we collect from you in our systems. We have implemented technology and security features to safeguard the privacy of your personal information. We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it. If the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you. If you wish to gain access to your personal information, have a complaint about a breach of your privacy or you have any query on how your personal information is collected or used please forward your request, complaint or query to the DPO at DataPrivacyOfficer@Saudiacargo.com or DPO@Saudiacargo.com. Our Data Protection Officer mailing address is: Saudi Airline Cargo Company Ltd. 7051 Al Amir Sultan – Al-Salamah Unit # 406 Jeddah 23525-2661 Kingdom of Saudi Arabia You’ll need to provide two forms of your ID. These can include your National ID/Iqama or Passport. We will respond to your query or complaint as soon as possible.

This Privacy and Cookies Policy may be updated from time to time, so you may wish to check it each time you submit personal information to SACC. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use SACC websites to submit personal information to SACC. If material changes are made to the Privacy and Cookies Policy, for instance affecting how we would like to use your personal information, we will notify you by placing a prominent notice on the website. Our Privacy Policy may change from time to time. We will not reduce your rights under this policy without your explicit consent. We will post any Privacy Policy changes on this page. What is the scope of our Privacy Policy? This Privacy Policy only covers our website. Links within our website to external websites are not covered by this policy and remains the responsibility of the owners of these sites.

Application data cache

An application data cache is a data repository on a device. It can, for example, enable a web application to run without an Internet connection and improve the performance of the application by enabling faster loading of content.

Browser web storage

Browser web storage enables websites to store data in a browser on a device. When used in "local storage" mode, it enables data to be stored across sessions (for example, so that the data is retrievable even after the browser has been closed and reopened). One technology that facilitates web storage is HTML 5.

Device

A device is a computer that can be used to access SACC services. For example, a device could be a desktop, tablet or smartphone.

What is a cookie?

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone (all referred to here as a “device”) web browser from a website’s computer and is stored on your device’s hard drive. Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. Similar technologies are also often used within emails to understand whether the email has been read or if any links have been clicked. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on the SACC website. However, you can change your cookie settings at any time. During the course of any visit to SACC website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.

SSL (Secure Sockets Layer)

SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer's web browser. The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to either companies or legally accountable individuals. Typically, an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.

Affiliates

An affiliate is an entity that belongs to the SACC group of companies.

HTTP Referrer

An HTTP Referrer is information transmitted to a destination web page by a web browser, typically when you click a link to that web page. The HTTP Referrer contains the URL of the last web page that the browser visited.

IP address

Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.

Non-personally identifiable information

This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.

Personal information

This is information that you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by SACC, such as information we associate with your SACC Account.

Pixel tag

A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

Sensitive Categories

An advertising category may be sensitive if it relates to topics such as race, religion, sexual orientation or health. When showing you tailored ads, we may associate an identifier from cookies or similar technologies with topics such as "Cooking and Recipes" or "Air Travel", but not with sensitive categories. We impose a similar policy on our advertisers.

Sensitive personal information

This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.

Server logs

Like most websites, our servers automatically record the page requests made when you visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

Unique device identifier

A unique device identifier (sometimes called a universally unique ID or UUID) is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device (for example an IMEI number of a mobile phone). Different device identifiers vary in how permanent they are, whether they can be reset by users and how they can be accessed. A given device may have several different unique device identifiers. Unique device identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant advertising.

Do Not Track (DNT) browser setting

DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. The www.saudiaircargo.com website does not currently respond to DNT requests.