Contact Us

Privacy Policy

Privacy Policy — Marafei Information Technology Company

Last updated: October 08, 2025

This Privacy Policy explains how Marafei Information Technology Company (“Marafei”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data in connection with marafei.com and our B2B consulting, development, integration, and support services (the “Services”). This Policy is intended to comply with the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations and related instruments issued by the Saudi Data & AI Authority (SDAIA). SDAIA+1

By accessing our website or engaging with our Services, you acknowledge that your personal data may be processed in accordance with this Policy.

1) Definitions

  • Personal Data: Any data that directly or indirectly identifies an individual (e.g., name, email, phone, IP address). DGP
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure). DGP
  • Controller / Processor: Roles as described by the PDPL. Marafei generally acts as Controller for the data it determines purposes for; where we process data solely on a customer’s documented instructions, we act as Processor. DGP

2) Scope and Legal Framework

This Policy applies to processing performed in the Kingdom of Saudi Arabia (the “Kingdom”) and, where applicable, to processing of personal data of individuals residing in the Kingdom by entities outside the Kingdom, in line with the PDPL’s territorial scope. DGP

We align our practices with:

  • PDPL and its Implementing Regulations and guidance, including the Regulation on Personal Data Transfer outside the Kingdom, Standard Contractual Clauses, and SDAIA guidelines. SDAIA+3SDAIA+3SDAIA+3

3) Categories of Personal Data We Process

  • Identification/Contact data (e.g., name, email, phone).
  • Technical/usage data (e.g., device, IP address, browser, pages visited, timestamps).
  • Business interaction data (e.g., company role, meeting notes, service requirements).
    We do not intentionally collect sensitive data via the website. If a service engagement requires it, we will implement enhanced safeguards per PDPL. DGP

4) How We Collect Data

  • Directly from you (forms, emails, calls, meetings).
  • Automatically via cookies and similar technologies for analytics and service performance.
  • From business partners or publicly available sources to the extent permitted by law.

5) Lawful Bases & Purposes of Processing

We rely on consent where required by PDPL, and on other lawful grounds permitted by PDPL and its Implementing Regulations (e.g., performance of a contract or pre-contractual steps; compliance with legal obligations; protection of vital interests; and other bases expressly permitted by law). We process personal data to:

  • Provide, operate, secure, and improve the Services;
  • Communicate with you, respond to inquiries, and send service-related updates;
  • Perform internal analytics and quality assurance;
  • Fulfil legal obligations and exercise/defend legal claims. DGP

6) Communications (Email, Phone, Direct Contact)

We may contact you regarding proposals, statements of work, maintenance windows, or service updates. You can opt out of non-essential marketing communications at any time using the unsubscribe mechanism or by contacting us.

7) Payment and Transactions Policy (B2B – Offline Only)

All commercial transactions for Marafei’s tailored solutions are conducted offline after scoping sessions and direct agreements. We do not provide online payment gateways and do not use third-party payment processors through our website. Payments are completed via traditional methods such as bank transfer or checks after direct coordination with our representatives.

8) Cookies, Analytics & Tagging

We use cookies and similar technologies to understand usage and improve performance. You can manage cookies through your browser settings. Our analytics and tag deployment stack includes:

8.1 Google Analytics 4 (GA4)

We use GA4 to understand aggregated usage trends (e.g., pages viewed, session duration). GA4 providers may process data according to their own policies/terms. Google Marketing Platform

8.2 Google Tag Manager (GTM)

We use GTM to deploy and manage measurement tags. GTM is subject to Google’s Tag Manager Use Policy and may, under current platform behavior, automatically load a Google tag prior to certain Google Ads/Floodlight events (April 2025 update). Google+1

You can limit analytics measurement by adjusting cookie settings or using industry opt-outs where available.

9) Google Services & Tools Compliance

To support performance, security, and reporting, we integrate or may integrate the following Google services. Each service processes data under Google’s own terms and privacy policy.

  • Google Ads (including Remarketing): To reach relevant audiences off-site based on prior interactions. Personalization uses cookies/identifiers; users can manage ad personalization via Google’s Ad Settings. We do not show ads on our website, but we may show ads to you on other sites/apps. Google Help+2Google Help+2
  • Google Search Console: Used for website diagnostics and aggregated performance reports. Search Console reports are designed to protect user privacy (e.g., not all queries are shown; some are anonymized or omitted). Google+1
  • Google Tag Manager: As noted above, for centralized tag orchestration. Google
  • Google Merchant Center (if applicable to specific campaigns): Used to manage product feeds for Shopping/Ads programs under Google’s Shopping and Merchant policies/terms. Google Help+1

All Google services are additionally subject to Google’s Terms and Privacy Policy. Google Policies

Important: We do not list decommissioned Google tools. For example, Google Optimize has been sunset and is not used. (This statement is for clarity; no policy reliance.)

10) Third-Party Providers

We engage trusted providers to support functions such as security, geodata, customer support, and behavioral UX analytics:

  • Google Invisible reCAPTCHA (bot and abuse protection); Google Places / Maps Platform (location functionality); SDAIA
  • Mouseflow (UX diagnostics such as heatmaps/session replays on selected pages to improve UX);
  • Freshdesk (ticketing and customer support).

Each provider processes data under its own terms/policy. We contractually require appropriate safeguards.

11) Advertising on Our Website

Our website pages do not display third-party ads. Any audience outreach occurs off-site via remarketing platforms (e.g., Google Ads) in line with Section 9. Google Help

12) Data Sharing

We may share personal data with:

  • Service Providers/Processors under contract;
  • Affiliates where necessary and lawful;
  • Business transferees in case of reorganization;
  • Authorities where required by law;
  • Other parties with your consent.

13) Retention

We keep personal data only as long as necessary for the purposes described or as required by law and industry standards, then securely delete or anonymize it. DGP

14) Security

We implement organizational and technical measures proportionate to risk to protect personal data (access controls, least-privilege, encryption-in-transit where appropriate, logging/monitoring). PDPL requires Controllers to implement necessary technical and organizational measures. SDAIA

15) Cross-Border Transfers

Where we transfer personal data outside the Kingdom, we will do so in accordance with PDPL and the Regulation on Personal Data Transfer outside the Kingdom (e.g., adequacy decisions, Standard Contractual Clauses, Binding Common Rules, or other permitted mechanisms). We conduct transfer risk assessments where required and apply appropriate safeguards. DGP

16) Your Rights (PDPL)

Subject to PDPL and applicable exemptions, individuals have rights including:

  • To be informed of purposes and lawful bases;
  • Access to personal data;
  • Provision of data in readable form;
  • Correction/Completion/Update;
  • Destruction (Erasure);
  • Withdrawal of consent (where consent is the basis). DGP

You may exercise rights by contacting us (Section 21). We will respond within statutory timelines.

17) Breach Notification

We maintain procedures to detect, investigate, and respond to personal data breaches. Where notification is required, we will notify SDAIA within 72 hours of becoming aware of a breach that may harm personal data or data subjects or conflict with their rights/interests, and notify affected individuals without undue delay where required. Notifications are submitted via SDAIA’s National Data Governance Platform services. DLA Piper Data Protection+1

18) Children’s Privacy

Our website is not directed to children under 13, and we do not knowingly collect their personal data. If you believe a child provided personal data, please contact us to remove it.

19) Links to Other Websites

Third-party websites have their own privacy policies. We are not responsible for their content or practices.

20) Changes to This Policy

We may update this Policy to reflect legal, technical, or business developments. Material changes will be posted here with an updated “Last updated” date and, where appropriate, notified through the website or email.

21) Contact Us

Marafei Information Technology Company
King Abdul Aziz – Al Ghadeer Dist, Riyadh 13311, Saudi Arabia
Email: [email protected]
Web: https://marafei.com/contact-us/
Phone: +966-500526869

22) References (Key Legal & Platform Sources)

  • SDAIA – PDPL landing page (law overview and obligations). SDAIA
  • SDAIA – Guide to the Saudi PDPL for Controllers/Processors (scope, roles, principles, rights). DGP
  • SDAIA – Regulation on Personal Data Transfer outside the Kingdom (adequacy, SCC, BCR, exemptions). DGP
  • SDAIA – Standard Contractual Clauses for Personal Data Transfer. SDAIA
  • DLA Piper: PDPL breach timing summary (72h to SDAIA; data subjects without undue delay) (confirms regulatory position; see also SDAIA NDP). DLA Piper Data Protection+1
  • Google Analytics Terms. Google Marketing Platform
  • Google Tag Manager Use Policy & April 2025 update. Google+1
  • Google Ads policies / Personalized advertising. Google Help+1
  • Google Search Console (about; data handling/limitations). Google+1
  • Google Merchant Center (Shopping ads policies; ToS). Google Help+1
  • Google Terms of Service & Privacy Policy (service-wide). Google Policies