Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.
Last Updated: January 1, 2025
Introduction
Welcome to Modon Express. We are committed to protecting the privacy and security of our users' personal information in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and the Saudi E-Commerce Law.
This Privacy Policy describes how Modon Express Trading Company collects, uses, stores, shares, and protects your personal data when you use our B2B e-commerce platform, whether as a Buyer, Seller (Merchant/Manufacturer), or Visitor.
By using our platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our services.
Definitions
Platform
Refers to the Modon Express website, mobile applications, and all related services accessible via the internet.
Buyer
Any individual or legal entity who registers on the platform to purchase products or services from Sellers.
Seller/Merchant/Manufacturer
Any individual or legal entity who registers on the platform to offer products or services for sale to Buyers.
User
Any person who uses the platform, whether as a Buyer, Seller, or Visitor.
Visitor
Any person who browses the platform without registering or logging in.
Personal Data
Any information that can identify an individual directly or indirectly, including but not limited to name, email, phone number, national ID, and address.
PDPL
The Personal Data Protection Law of the Kingdom of Saudi Arabia.
Data Controller Information
Modon Express Trading Company is the data controller responsible for your personal data. For any questions or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer.
Company Information:
Legal Entity: Maden Al Sareea for Digital Marketing Co.
CR Number: 2050161855
Email: privacy@modonexpress.com
Data Protection Officer: dpo@modonexpress.com
Information We Collect
We collect the following types of information to provide and improve our services:
Information You Provide Directly
For Buyers:
- Full name (first and last name)
- Email address
- Mobile phone number
- National ID number or Iqama (residency permit) number
- Delivery addresses (street, district, city, postal code)
- Company information (if applicable)
- Payment information (processed securely through MyFatoorah payment gateway)
For Sellers/Merchants:
- Full name and business name
- Email address and mobile phone number
- National ID or Iqama number
- Commercial Registration (CR) number
- Tax/VAT number
- Bank account details (for payouts)
- Business address and warehouse locations
- KYC documents (commercial license, tax certificate, authorized signatory documents)
- Product listings, descriptions, and pricing information
- MyFatoorah Supplier integration details
Information Collected Automatically
- Device information (IP address, browser type, operating system, device model)
- Usage data (pages visited, time spent, clicks, navigation patterns)
- Location data (based on IP address)
- Cookies and similar tracking technologies
- Log files and analytics data
Transaction Information
- Order details (products, quantities, prices)
- Payment transaction records
- Shipping and delivery information
- Order status and tracking information
- Refund and return requests
- Communication history related to orders
How We Use Your Information
We use your personal data for the following purposes, in compliance with PDPL:
Service Delivery
- Creating and managing user accounts
- Processing orders and facilitating transactions
- Coordinating deliveries and shipments
- Processing payments securely through MyFatoorah
- Managing seller payouts and financial settlements
- Handling returns, refunds, and customer support
Platform Operation and Improvement
- Maintaining and improving platform functionality
- Analyzing user behavior to enhance user experience
- Developing new features and services
- Conducting research and analytics
- Ensuring platform security and preventing fraud
Communication
- Sending order confirmations and updates
- Providing customer support
- Sending administrative notifications
- Marketing communications (with your consent)
Legal and Regulatory Compliance
- Complying with Saudi Arabian laws and regulations
- Verifying identity and conducting KYC checks for sellers
- Preventing fraud, money laundering, and illegal activities
- Responding to legal requests from authorities
- Enforcing our Terms of Service
- Resolving disputes through Ministry of Commerce committees
Business Operations
- Managing seller accounts and vendor relationships
- Processing financial settlements and commissions
- Generating invoices and financial reports
- Maintaining business records
Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent
You have given explicit consent for us to process your personal data for specific purposes (e.g., marketing communications, cookies).
Contractual Necessity
Processing is necessary to fulfill our contractual obligations with you (e.g., processing orders, delivering products).
Legal Obligation
Processing is required to comply with Saudi Arabian laws and regulations (e.g., tax reporting, KYC verification, anti-money laundering).
Legitimate Interest
Processing is necessary for our legitimate business interests (e.g., fraud prevention, platform security, service improvement), provided it does not override your rights.
How We Share Your Information
We do not sell your personal data. We may share your information only in the following circumstances:
With Your Consent
We share information when you explicitly authorize us to do so.
Service Providers
We share data with trusted third-party service providers who assist us in operating the platform:
- MyFatoorah (payment processing and multi-vendor payouts)
- TryOTO (delivery and logistics services)
- Google Cloud Platform (data storage and hosting)
- Email and SMS service providers (notifications)
- Analytics providers (platform improvement)
All service providers are contractually bound to protect your data and use it only for specified purposes.
Between Buyers and Sellers
When you place an order, we share relevant information with the seller to fulfill the transaction:
- Your name and contact information
- Delivery address
- Order details
Legal Requirements
We may disclose your information to comply with:
- Court orders or legal processes
- Requests from government authorities or regulatory bodies
- Ministry of Commerce investigations or disputes
- Law enforcement requests in accordance with applicable laws
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:
| Data Category | Retention Period |
|---|---|
| Account Information | Retained while your account is active and for 5 years after account closure (as required by Saudi tax and commercial laws). |
| Transaction Records | Retained for 10 years from the transaction date (as required by Saudi tax and commercial laws). |
| KYC Documents | Retained for 10 years after the business relationship ends (as required by anti-money laundering regulations). |
| Marketing Data | Retained until you withdraw consent or request deletion. |
| Log Files and Analytics | Retained for up to 24 months for security and improvement purposes. |
Note: After the retention period, we securely delete or anonymize your personal data.
Data Security
We implement industry-standard security measures to protect your personal data:
Technical Safeguards
- End-to-end encryption for data transmission (HTTPS/TLS)
- Encrypted data storage on Google Cloud Platform
- Secure payment processing through PCI-DSS compliant MyFatoorah gateway
- Regular security audits and vulnerability assessments
- Multi-factor authentication for sensitive operations
- Access controls and role-based permissions
Organizational Safeguards
- Employee training on data protection
- Confidentiality agreements with staff and contractors
- Strict access policies (need-to-know basis)
- Regular monitoring and incident response procedures
- Data Protection Officer overseeing compliance
Third-Party Security
- Vendor due diligence and security assessments
- Data Processing Agreements with all service providers
- Regular audits of third-party security practices
Disclaimer: While we strive to protect your personal data, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
Your Rights Under PDPL
In accordance with the Personal Data Protection Law, you have the following rights:
Right to Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You can update or correct your personal information at any time through your account settings or by contacting us.
Right to Deletion (Right to be Forgotten)
You can request the deletion of your personal data, subject to legal retention requirements. To delete your account, contact our support team.
Right to Restrict Processing
You can request that we limit the processing of your personal data in certain circumstances.
Right to Data Portability
You can request a copy of your data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV).
Right to Object
You can object to the processing of your personal data for direct marketing purposes or based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
You have the right to file a complaint with the Saudi Data and AI Authority (SDAIA) if you believe your data protection rights have been violated.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
We will respond to your request within 30 days as required by PDPL.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and analyze platform usage.
Essential Cookies
Necessary for the platform to function properly (e.g., authentication, security).
Essential (Cannot Opt-Out)
Functional Cookies
Remember your preferences and settings (e.g., language, currency).
Can Opt-Out
Analytics Cookies
Help us understand how users interact with the platform to improve services.
Can Opt-Out
Marketing Cookies
Used to deliver relevant advertisements (only with your consent).
Can Opt-Out
Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.
Children's Privacy
Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
If you are under 18, you may only use this platform under the supervision of a parent or legal guardian.
If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information.
International Data Transfers
We host and process your personal data within the Kingdom of Saudi Arabia. We do not transfer your personal data outside Saudi Arabia.
Google Cloud Platform
Location: Dammam, Kingdom of Saudi Arabia (in-country data residency)
Safeguards: Data is stored in-region; no cross-border transfers. Standard security and compliance controls apply.
Our Commitment: If future cross-border transfers become necessary, we will notify you and apply PDPL-compliant safeguards (e.g., contractual clauses, adequacy, or other lawful mechanisms).
Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features.
When we make significant changes, we will notify you by:
• Posting the updated policy on this page with a new 'Last Updated' date
• Sending an email notification to your registered email address
• Displaying a prominent notice on the platform
Your continued use of the platform after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Company Information
Maden Al Sareea for Digital Marketing Co.
CR Number: 2050161855
Address
Building 8384, Al Amir Muhammad Ibn Fahd Branch Road, Al Firdous District, Dammam 34251, Kingdom of Saudi Arabia
Phone
We are committed to resolving any concerns you may have about your privacy and data protection.
Regulatory Compliance and Dispute Resolution
This Privacy Policy is governed by and complies with:
- Personal Data Protection Law (PDPL) of Saudi Arabia
- Saudi E-Commerce Law and its Implementing Regulations
- Anti-Money Laundering Law
- Payment Services Provider Regulations
Dispute Resolution
Any disputes arising from this Privacy Policy or our data practices shall be resolved in accordance with the laws of the Kingdom of Saudi Arabia.
You may file a complaint with the Ministry of Commerce's E-Commerce Dispute Resolution Committee or with the Saudi Data and AI Authority (SDAIA).
For complaints, you may also contact the Consumer Protection Association or use the Ministry of Commerce's Ma'roof platform.
Acknowledgment
By using the Modon Express platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. You confirm that you have the legal capacity to provide consent and that all information you provide is accurate and complete.
