Privacy Policy - Ceyaj

We are Ceyaj Digital Cybersecurity Company, a limited liability company with commercial registration number 1009146300. Our services target government entities, semi-government entities, companies providing services to government entities, and the private sector. We offer services including, but not limited to, cybersecurity products, cybersecurity services, and cybersecurity consultations.

Last Updated

The privacy policy was last updated on (03/09/2025).

Introduction

We place great importance on your privacy and strive to ensure the protection of your personal data with the highest security standards. This privacy policy aims to clarify how your data is collected, used, and processed in a manner that preserves your rights and respects your privacy. Our commitment is built on transparency and trust to ensure a safe and comfortable experience for all users. Your trust is our primary focus, and we are dedicated to protecting your privacy by all possible means.

Personal Data Protection (The Cornerstone of Trust in the Digital World)

It is the system concerned with protecting individuals' personal data, safeguarding their rights, and defining the obligations of data controllers to ensure the implementation of its provisions.

Amid digital expansion, protecting personal data has become essential to fostering trust between individuals and institutions. Policies and agreements aim to regulate data collection and use while ensuring individuals' privacy and rights, achieving a balance between innovation and respect for privacy.

Legal Basis for Collecting Personal Data

The legal basis we rely on at Ceyaj for collecting and processing your personal data includes:

  • Consent: Obtaining your explicit consent, including your agreement to this policy, to process your personal data for the purposes outlined in this policy, such as, for example, consenting to receive marketing information, sales offers, participating in surveys or research studies, or applying for jobs. You may withdraw your consent at any time, unless there is another legal basis allowing us to continue processing your data.
  • Contractual: We may process your personal data to fulfill our contractual obligations to you, including using your data to execute the contract between us and provide the agreed-upon services.
  • Legitimate Interest: We may process your personal data to achieve our legitimate interests in various areas, provided such processing does not override your rights and freedoms. Examples include, but are not limited to, direct marketing of certain services, detecting fraud, protecting network and information security, and improving and developing services based on data analysis.
  • Legal Obligation: We may process your data to comply with legal and regulatory requirements.

How Is Your Personal Data Collected and What Is the Purpose of Collection?

We may collect your personal data for various purposes to enhance the services we provide, including, but not limited to:

Data Collected Directly:

  • Collection Method: Data entry through the website during registration, communication with us, or direct interaction.
  • Purposes:
  • Communication regarding support, updates, or marketing.
  • Issuing invoices and completing payment processes.
  • Activating, providing, and improving customer services.
  • Complying with legal and regulatory requirements.

Data Collected Indirectly:

  • Source: Cookies and similar technologies.
  • Purposes:
  • Improving user experience.
  • Analyzing performance and usage.

What Personal Data Is Collected?

We may collect and process the following personal data when you use any of our services, including, but not limited to:

  • Basic Data: Full name, ID number, or commercial registration number.
  • Contact Data: Email, phone number, national address, live chats, and any other correspondence.
  • Usage Data: Login information, system interactions, including your IP address, device type, operating system, and browser type.
  • Financial Data: Payment and billing information (if payments are made and related processes).

How Do We Store and Retain Personal Data?

Storage Location: Data is securely stored using certified cloud computing services within the Kingdom of Saudi Arabia, compliant with the standards of the National Cybersecurity Authority and other relevant standards.

We retain your personal data as long as necessary to fulfill the purposes outlined in this policy, unless applicable regulations require or permit retention for a longer period. Once the purpose of collection and processing is fulfilled, we will take reasonable steps to delete it from our systems and external systems processing data on our behalf, or remove any identifiers linking it to you, unless there is a legal basis requiring retention for a longer period or if it is closely related to a case pending before a judicial authority. Please note that requesting the deletion or modification of your data may affect your ability to use some of our services or result in their cancellation, and we may not be able to recover it after deletion.

How Do We Protect and Disclose Your Personal Data?

1. Protecting and Disclosing Your Personal Data

We confirm that the confidentiality and security of your personal data are a priority for Ceyaj. We implement a range of measures to protect your data from unauthorized access or disclosure, except in cases required by law or where disclosure is necessary to provide services, technical support, or analytical purposes. We adopt reasonable technical, organizational, and operational measures to protect your data, including encryption, two-factor authentication, and continuous security software updates. However, please note that no method of transmitting or storing data over the internet is completely secure.

We do not disclose your personal data for commercial purposes or share it with third parties except as stipulated in this policy, or as provided in Article 15 of the Personal Data Protection Law. We may share your information with third parties in the following cases:

  • With your consent.
  • With affiliated companies and companies within our group.
  • With service providers acting on our behalf.
  • With external companies and service providers providing services to us.
  • With banks, financial institutions, and payment technology providers.
  • With another party in cases of corporate activities such as acquisitions, mergers, or restructuring.
  • To comply with legal obligations in accordance with the regulations and laws of the Kingdom of Saudi Arabia.

2. Transfer of Data Outside the Kingdom

Ceyaj may have operations, administrative structures, and technical systems outside the Kingdom of Saudi Arabia. Accordingly, we may transfer your personal data outside the Kingdom for processing and storage by a third party abroad to support our efforts in providing services efficiently. We are committed to ensuring that any personal data transferred to a third party is subject to the same level of protection provided by Ceyaj, in accordance with the applicable regulations and legislation in the Kingdom.

When transferring data outside the Kingdom, we take all necessary measures to ensure the protection of your data, including entering into contractual agreements with third parties that ensure their compliance with protection and privacy standards equivalent to those we apply under the Personal Data Protection Law.

Your Rights Regarding the Processing of Your Personal Data:

You may exercise the following rights under the Personal Data Protection Law:

  • Right to Be Informed: You have the right to know how we collect your personal data, the legal basis for its collection and processing, how it is processed, stored, and destroyed, and who it will be disclosed to. You can review all details through this policy or by contacting us through official communication channels.
  • Right to Access: You have the right to access your account in any of our services or by contacting us, provided that access is limited to your personal data only, without affecting others' data, in accordance with the controls and procedures specified in the law and related regulations.
  • Right to Obtain a Copy: You have the right to request a copy of your personal data in a clear and readable format whenever technically feasible, by contacting us through official communication channels.
  • Right to Request Correction: You have the right to request the correction, completion, or updating of your personal data through any of our services or by contacting us through official communication channels.
  • Right to Request Destruction: You have the right to request the destruction of your personal data when it is no longer needed, unless there are legal bases requiring or permitting retention for a longer period.
  • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your data at any time, unless there are legal bases requiring otherwise.

When exercising one or more of the rights mentioned above or provided in the Personal Data Protection Law, we are committed to fulfilling your requests within a period not exceeding thirty (30) days from the date of submission. If additional effort is required through our website or is unavailable, we reserve the right to extend this period by no more than an additional thirty (30) days. Note that some or all of these rights may be subject to specific exceptions and exemptions stipulated in the relevant regulations, and each request will be evaluated individually.

How to File a Complaint or Objection?

1. Changes to the Privacy Policy

We reserve the right to update this policy from time to time. When we make significant changes to the policy, we will update it on our website. We may also notify you through appropriate communication channels, such as sending the policy via email. We encourage you to review the privacy policy periodically to stay informed about updates and how we protect your personal data. Your continued use of any of our services after posting changes to this policy constitutes your acceptance of those changes. The date of the last update to this policy will be indicated at the top of the page.

2. Official Language

This policy has been prepared in both Arabic and English, with the English version being a translation of the Arabic version. In case of any conflict between the two versions, the Arabic version shall prevail.

3. Contact Information

If you have any questions, concerns, or complaints regarding this policy or the data we hold, or if you wish to exercise any of your rights, we invite you to contact us through our Help Center (Contact Us) or via the communication channels below:

Address: Riyadh - King Abdullah Road, Postal Code: 12481

WhatsApp: Phone Number: +966 55 216 2449

Email: info@ceyaj.sa

License or Commercial Registration: 1009146300

If you are not satisfied with our handling of your complaint or if we do not respond within thirty days from the date of receiving your request, you may file a complaint with the competent authority: Saudi Data and Artificial Intelligence Authority National Data Governance Platform