5.1.1.1 Data You Provide to Us

When You utilize RESAL’s Website/Application, we may gather information about you (“Personal Data”), which may include:

• Contact and account details such as Your name, email address, postal address, phone number, social media handles, preferred language, and additional account/profile details (e.g., job title).
• Authentication data such as usernames and hashed/encrypted passwords/password hints and similar security information.
• Communications content such as comments, feedback, support requests, survey responses, and search queries.
• Job application data (where applicable) such as employment history, nationality, date of birth, and other pertinent information necessary for conducting background checks.

Feature-specific information You provide (as applicable):

• Booking Services: traveler/guest/attendee details necessary to complete a booking (e.g., full name as per ID, contact details, booking preferences, itinerary details, any loyalty numbers You choose to add). RESAL does not require or store copies of official travel documents unless explicitly necessary to complete a transaction or comply with applicable law.
• Mobile Top-Up: the recipient mobile number (MSISDN), selected operator/network, bundle or recharge amount, and an optional contact name/label You may save. You are responsible for ensuring the accuracy of the mobile number, operator selection, and top-up amount you submit. Resal is not responsible for failures caused by inaccurate input.
• ResalPay: Your phone number for verification, the transaction You choose to approve, the amount of ResalPoints to redeem (subject to Your available balance), and one-time passwords (OTPs) or other verification codes needed to authorize the transaction. You are solely responsible for entering such OTPs or verification codes personally. These codes must not be shared with or entered by any other person, including RESAL representatives or third parties. RESAL will never request OTPs verbally, via phone, or through messaging platforms, and no party is authorized to complete transactions on Your behalf using these codes.

5.1.1.2 Tracking Technologies and Cookies

RESAL’s web services may automatically gather information on how you and your device interact with the Service, including:

• Computer, device, and connection details such as IP address, browser type/version, operating system, installed software, mobile platform, unique device identifier, and other technical identifiers, as well as error reports and performance data for security reasons and to prevent fraud.
• Usage data such as the features used, selected settings, URL clickstream data including date/time stamps and referring/exit pages, search terms used, and pages visited or searched on the Website for serving You better.
• For location-aware Services, information on the region, city, or town where Your device is located, to provide relevant content based on Your geographical location. Additionally, when You access the Website via a mobile device, RESAL may automatically collect specific information such as the type of mobile device used, its unique ID, the IP address, mobile operating system, type of mobile Internet browser, unique device identifiers, and other diagnostic data.

Additional automatically collected feature data (as applicable):

• Booking Services: booking events such as search queries, selected offers, and checkout status to allow resumption of an in-progress booking and for fraud prevention.
• Mobile Top-Up: top-up attempt/completion events (no content of messages) to confirm delivery and for troubleshooting.
• ResalPay: merchant, branch, terminal or cashier identifier provided by the Merchant, timestamp, and technical events required to create, verify, and complete an in-store or online redemption.

5.1.2 For What Purposes Do We Use Your Personal Data

Depending on interactions with RESAL, we may utilize your Personal Data for the following purposes:

• To provide and operate core services, including account creation, authentication, user support, and Website/Application functionality.
• Booking Services: to search, display, hold, book, confirm, amend, and cancel bookings for events, flights, and hotels; to send confirmations, invoices, and updates; to process payments and refunds; and to provide customer support in coordination with Service Providers and relevant organizers/operators.
• Mobile Top-Up: to validate the recipient mobile number and operator, process the selected bundle or recharge amount, deliver the top-up through our Service Providers and telecommunications partners, send confirmations, and provide support.
• Balance Top-Up: to enable You to increase and manage Your in-app balance using Resal Cards, participating loyalty programs (e.g., Alinma Akthr, Qitaf, and others), or other integrated non-cash value sources; to verify the source of top-up requests; to process and confirm the transaction; and to maintain accurate account balance information.
• ResalPay: to enable You to pay participating Merchants using Your ResalPoints balance, including:
  (i) creating and verifying a payment request initiated by the Merchant using Your phone number,
  (ii) notifying You to approve the transaction,
  (iii) allowing You to set the number of ResalPoints to redeem (subject to Your available balance),
  (iv) authenticating the transaction using one-time passwords (OTP) or similar methods, and
  (v) informing the Merchant of the redeemed amount and any remaining balance due outside RESAL’s scope.
• Commercial activities such as contacts, billing, order processing, payments for goods/services, permissible marketing, procurement, supplier due diligence, customer screening, and contractual engagements (e.g., NDAs, licensing).
• To improve and secure our services, including analytics, service monitoring, fraud detection and prevention, security enhancements, debugging, and product optimization.
• Compliance with legal obligations, including responding to lawful requests from regulators, resolving disputes, enforcing agreements, and maintaining business records.
• Business transfers: evaluating or conducting mergers, acquisitions, restructurings, or other asset transfers, wherein Personal Data may be part of the transferred assets.
• With Your consent: to send news, offers, and general information about products, services, and events similar to those previously purchased or inquired about, unless You have opted out of such communications.
• User Consent for ResalPay Transactions: ResalPay transactions are processed only after the User provides explicit approval inside the Resal Application. The Merchant does not obtain or provide User consent on Resal’s behalf. RESAL processes the User’s Personal Data for authorization, point redemption, and transaction completion only after the User confirms the payment in the App.

5.1.3 Disclosure/Sharing of Your Information

RESAL may disclose Your Personal Data in the following circumstances:

• With Service Providers: We may share Your Personal Data with Service Providers to deliver and support our services, including payment and checkout providers, booking enablement partners (for events/flights/hotels), telecommunications aggregators and operators (for Mobile Top-Up), merchants and merchant integrators (for ResalPay), customer support tools, notification delivery platforms, analytics, risk and fraud-prevention services, and IT/security providers. We do not disclose the brand names of such Service Providers in this Policy and may change them over time.
• With Merchants and organizers/operators:
  • For ResalPay, we share transaction data necessary to complete the redemption (e.g., redeemed amount, confirmation/authorization references) with the participating Merchant.
  • For Booking Services, we share the booking details necessary to fulfill Your reservation with the relevant event organizer, airline, hotel, and their fulfillment partners.
  • For Mobile Top-Up, we share top-up details (recipient number, operator, bundle/amount, and transaction references) with telecommunications aggregators and the applicable operator to complete delivery.
• For business transfers: Your Personal Data may be shared or transferred in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business by another company.
• With business partners: Your Personal Data may be shared with Our business partners to offer You specific products, services, or promotions (where permitted).
• With Your consent or as otherwise permitted by law.
• For legal and safety reasons: Where we believe in good faith such disclosure is necessary to comply with applicable laws, regulations, legal processes, or other legal obligations; to detect, investigate, and prevent security, fraud, or technical issues; or to protect the rights, property, or safety of RESAL, Our users, employees, or others.

5.1.4 International Data Transfers and processing

We store and process Your Personal Data in various jurisdictions, including the Kingdom of Saudi Arabia. To provide Booking Services, Mobile Top-Up, and ResalPay, Your Personal Data may be transferred to and processed by Service Providers, Merchants, operators, and organizers located outside KSA (for example, international airlines, hotels, event organizers, telecommunications operators, or payment/checkout processors). The laws governing the processing of such information in these jurisdictions may be less stringent than those in Your region. Where required by the PDPL and its executive regulations, we apply appropriate transfer mechanisms and safeguards (e.g., contractual commitments, risk assessments, and technical measures) and take reasonable steps to ensure Your information is treated securely and in accordance with this Policy and applicable law.

5.1.5 Data Retention

We retain Your Personal Data until it is made anonymous or destroyed as necessary to provide the Service, fulfill requested transactions, or for other essential purposes such as complying with legal obligations, maintaining business records, resolving disputes, ensuring security, detecting and preventing fraud and abuse, and enforcing our agreements. Transaction records related to Booking Services, Mobile Top-Up, and ResalPay may be retained for the period required by applicable law, dispute timelines, audit, and fraud-prevention needs. Usage Data is generally retained for a shorter period unless needed for security enhancements or Service improvements, or retention is legally mandated.

5.1.6 Data Destruction

Upon the cessation of the purpose for which Your Personal Data was stored, RESAL will securely destroy it in accordance with internal policies or anonymize it, subject to applicable laws. Should You require earlier deletion, You may request this by email at [email protected] and in case You have any questions or complaints You may contact our Data Protection Officer at [email protected].

5.1.7 Data Security

RESAL is committed to ensuring the security of Your information. We have implemented appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online, preventing unauthorized access or disclosure. This includes encryption in transit and at rest where appropriate, multi-factor/OTP authentication for high-risk actions (such as ResalPay approvals), access controls and monitoring, and adherence to applicable industry security standards for card data handling (e.g., PCI DSS) when we process payments through approved partners.

5.1.8 Your Rights

As the owner of Personal Data under applicable law, you have rights as defined in the PDPL (Personal Data Protection Law):

• Right to information: Know the justification for collecting Your Personal Data and the purpose for which it is processed, which is disclosed in this Privacy Policy.
• Right to access: Access and obtain a clear and comprehensive copy of Your Personal Data, which is viewable in Your account through RESAL’s Website/Application.
• Right to rectification: Request correction, completion, or updating of Your Personal Data through our customer support [email protected].
• Right to erasure: Request deletion of Your Personal Data, subject to legal provisions (Account Deletion Form).
• Other rights: Additional rights as provided by the PDPL and regulations. For processing based on legitimate interests, You may object by contacting Us in writing at [email protected]. However, this may affect Your access to the Website/Application.
• Contact with RESAL: As a data subject You have the right to exercise the aforementioned rights granted by PDPL. You may reach our Data Protection Officer at [email protected].