ORBIT WEBSITE
PRIVACY POLICY
A. Introduction
This Privacy Policy explains how we, Madarat for Communication Company Limited, collect, use and handle your personal information in accordance with the applicable laws and regulations of the Kingdom of Saudi Arabia governing data protection, privacy and information security (“Applicable Law”).
You can click on the links below for information on specific areas, or download a copy of the policy here:
1. Important Information and Who We are
1.1. Who We Are
We are Madarat for Communication Company Limited, a company incorporated and registered in the Kingdom of Saudi Arabia with Commercial Registration number 1010199428, whose registered office is at 2503 Building, Street Makkah, Al Sulaimaniya Area, Riyadh, Saudi Arabia, P.O. Box: 8219, 12621 (also referred to as “We", "Us" or "Our" in this Privacy Policy).
1.2. Purpose and Scope of this Privacy Policy
This Privacy Policy sets out how We collect and use your personal data through your use of Orbit Digital Services.
Orbit Digital Services are intended for use in the Kingdom of Saudi Arabia (“KSA”) only. If you access Orbit Digital Services from outside KSA, your personal data will be processed in accordance with Applicable Law.
For the purposes of this Privacy Policy, “Orbit Digital Services” refers to this website and all digital platforms, products, applications, and services provided or operated by Madarat for Communication Company Limited under the “Orbit” brand, whether now existing or developed in the future, including those accessed, installed, or used on your devices.
1.3. Minors (under 18 years of age)
Orbit Digital Services are intended for adult subscribers and account holders. We do not knowingly collect or process personal data directly from individuals under 18 years of age. Any use of Orbit Digital Services by minors must occur under the supervision and responsibility of the adult account holder. If you believe that a minor has provided personal data to Us, please contact Us so we can take appropriate steps to delete the data or otherwise protect the minor’s privacy.
1.4. Controller
Madarat for Communication Company Limited is the controller and responsible for your personal data.
1.5. Contact Details
Our Data Protection Officer (“DPO”) oversees our data protection compliance. If you have any questions about this Privacy Policy, about the use of your personal data or you want to exercise your rights under Applicable Law, you may contact Us at:
- Email address: support@occ.sa
- Postal address: 2503 Building, Street Makkah, Al Sulaimaniya Area, Riyadh, Saudi Arabia, P.O. Box: 8219, 12621
2. Types of Personal Data We Collect About You
2.1. “Personal data” means any information about an individual from which that person can be identified. This includes obvious identifying information such as your name, address and telephone number, and may also include information generated through your use of Orbit Digital Services that allows you to be identified.
2.2. We may collect, use, store and transfer the following types of personal data about you:
a.“Identity Data” includes your first and last names, any previous names, title, date of birth, gender, nationality, username, customer ID or similar identifier.
b. “Contact Data” includes your billing and delivery address, email address, mobile and telephone numbers and other contact details you provide us.
c. “Subscriber Verification Data” includes your national ID/iqama number, partial or masked identification digits, copies of identification documents (where legally required), service installation address and related location details.
d. “Sensitive Personal Data” (only where strictly necessary and permitted) includes biometric data or identity documents for verification or compliance purposes. We will only process this data with your express consent or where Applicable Law permits or requires Us to do so.
e. “Financial Data” includes your billing and payment information such as bank account details, payment card details (including masked digits), billing address, and payment status.
f. “Transaction Data”: includes details about payments to and from you, invoices, vouchers, discounts, subscription or renewal details, and records of products or services purchased or used through Orbit Digital Services.
g. “Technical Data” includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access Orbit Digital Services.
h. “Profile Data” includes your purchases or orders made by you, subscription status, your interests, preferences, feedback and survey responses.
a. “Usage Data” includes information about how you interact with and use Orbit Digital Services.
j. “Marketing and Communications Data” includes your preferences in receiving marketing from us and our third parties and records of your consent or opt-out choices.
k. “Consent and Compliance Data” includes records of your acceptance of our Terms and Conditions, services agreements, privacy notices, or other consents and acknowledgements required under Applicable Law.
- We do not intentionally collect or process any Sensitive Personal Data (as defined under Applicable Law). If, in limited circumstances, we need to process such data, we will do so in accordance with the additional requirements under Applicable Law.
- We also collect, use and share aggregated or anonymised data, such as statistical or demographic data. Such data is not considered personal data under Applicable Law, as it does not directly or indirectly reveal your identity.
3. How is Your Personal Data Collected?
We use different methods to collect data from and about you including through:
3.1. Direct Interactions
We collect personal data directly from you when you choose to provide it. You may give us your personal data by completing online forms, registering through mobile applications, or corresponding with Us by post, phone or email or otherwise. This includes personal data you provide when you:
i. apply for, activate or manage any of Our products or services;
ii. create an account on Our website or mobile application;
iii. subscribe to Our services, publications or marketing updates;
iv. request information or promotional materials to be sent to you;
v. enter a competition, promotion or survey; or
vi. provide feedback, raise a service ticket or contact Us through customer-support channels (including live chat or other platforms).
3.2. Automated technologies, Tracking and Cookies
We may use certain automated technologies, such as cookies, analytic tools or other similar technologies within Orbit Digital Services to collect technical information about your device and usage. This information is anonymised, used only for general analytical purposes and deleted when no longer needed.
3.3. Third Party and operational systems
We will receive or collect personal data about you from various trusted third parties and operational systems that support Orbit Digital Services, as set out below:
i. Application distribution platforms;
ii. Payment service providers;
iii. Customer support and billing systems;
iv. Analytics providers; and
v. Customer Support and ticketing platforms.
3.4. Publicly Available or legally obtained
Where permitted by Applicable Law, We may collect Identity or Contact Data from public sources, including government databases for identity verification, fraud prevention or compliance purposes.
3.5 Combined Data
We may combine personal data collected from different sources to ensure that Our records are accurate, consistent and up to date, and only for purposes that are compatible with the original purpose of collection, in accordance with Applicable Law.
4. How We Use Your Personal Data
4.1. Legal basis
The legal bases on which We collect and use your personal data is as follows:
i. Performance of a contract with you: where We need to perform or enforce the contract We are about to enter into or have entered into with you.
ii. Legitimate interests: where permitted by Applicable Law, We may use your personal data where it is necessary to conduct Our business and pursue Our legitimate interests. We consider and balance any potential impact on you and your rights under Applicable Law (both positive and negative) before We process your personal data for Our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you, unless We have your consent or are otherwise required or expressly permitted to by Applicable Law.
iii. Legal obligation: We may use your personal data where it is necessary for Us to comply with Applicable Law.
iv. Consent: We rely on consent where Applicable Law requires it.
4.2. Purposes for which We will use your personal data
We have set out below, a description of all the ways we plan to use the various categories of your personal data, the legal bases We rely on and Our legitimate interests where relevant:
|
Purpose/Use |
Type of data |
Legal basis |
|
To register you as a new customer and create your account |
a. Identity b. Contact |
Performance of a contract with you. |
|
To process and deliver your order(s) including: a. manage payments, fees and charges; and b. collect and recover money owed to us |
a. Identity b. Contact c. Financial d. Transaction e. Marketing and Communications |
a. Performance of a contract with you b. Legitimate interests (to recover debts or fraud prevention) |
|
To manage Our relationship with you, including: (a) notifying you about changes to Our terms or Privacy Policy, or services; and (b) responding to your requests, complaints and queries |
a. Identity b. Contact c. Profile d. Marketing and Communications |
a. Performance of a contract with you b. Compliance with legal obligation c. Legitimate interests (to keep our records updated and manage our relationship with you) |
|
To provide customer support and technical assistance |
a. Identity b. Contact c. Technical d. Usage e. Profile |
a. Performance of a contract with you b. Legitimate interests (to ensure service continuity and quality) |
|
To enable participation in promotions, prize draws or surveys |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you (b) Legitimate interests (to enhance customer engagement) |
|
To administer and protect Orbit Digital Services and Our business, including: a. Troubleshooting; b. data analysis; c. testing; d. system maintenance; and e. reporting and hosting of data |
(a) Identity (b) Contact (c) Technical |
(a) Legitimate interests, for running our business, provision of administration and IT services and network security (b) Comply with legal obligation |
|
To deliver relevant website or app content and measure or understand advertising effectiveness |
a. Identity b. Contact c. Profile d. Usage e. Marketing and Communications f. Technical |
Legitimate interests (to study usage patterns, develop Orbit Digital Services and inform marketing strategy |
|
To use data analytics to improve Orbit Digital Services, mobile applications and customer experiences |
a. Technical b. Usage |
Legitimate interests (to understand how Orbit Digital Services are used and to improve performance |
|
To send you relevant marketing communications and personalised recommendations |
a. Identity b. Contact c. Technical d. Usage e. Profile f. Marketing and Communications |
Express consent (for electronic marketing) or where permitted by Applicable Law, legitimate interests (for non-electronic communications) |
|
To carry out market research through your voluntary participation in surveys |
a. Identity b. Contact c. Technical d. Usage e. Profile f. Marketing and Communications |
Legitimate interests (to evaluate and develop products and services) |
4.3. Direct marketing
You will only receive direct electronic marketing from Us where you have provided your prior express opt-in consent. You may withdraw your consent at any time (see 4.5 below). We do not send direct electronic marketing on the basis of legitimate interests under Applicable Law.
4.4. Third-party marketing
We will not share your personal data with third parties for their own direct marketing purposes unless you have expressly consented.
4.5. Opting out of marketing
You may ask Us to stop sending you marketing communications at any time by contacting Us. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
If you opt out, you will still receive service-related communications essential for administrative or customer service purposes (for example, order confirmations, service updates, or policy notices).
5. Disclosures of Your Personal Data
5.1. Third Parties
We may share your personal data with third parties, where necessary, for the purposes set out in Clause 4 with:
a. Our Affiliates and group companies
b. Trusted external service providers, including:
i. payment and billing processors;
ii. customer-relationship and billing systems;
iii. analytics and performance-measurement tools;
iv. customer support; and
v. app-distribution platforms.
c. Professional advisors
d. Public authorities or regulators
e. Third parties to whom we may choose to acquire, merge, sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
5.2. Obligations of Third Parties
We require all third parties to respect the security and confidentiality of your personal data and to handle it in accordance with Applicable Law. We do not allow Our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with Our instructions.
Where We engage service providers to process personal data on Our behalf, We do so under written contracts that require them to act only on Our documented instructions, implement appropriate security and confidentiality, comply with Applicable Law and delete or return personal data as required by Applicable Law or the contract once the purpose of processing is achieved or the contract ends.
6. International transfers
6.1. We primarily store and process your personal data in KSA.
6.2. We may transfer your personal data outside KSA only where permitted by Applicable Law and will ensure that such transfer complies with Applicable Law.
6.3. Where We rely on such transfers, We enter into agreements requiring recipients of your personal data to apply protections that are not less than those required under Applicable Law and to use the data only for the authorised purposes.
7. Data Security
7.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
7.2. Access to your personal data is restricted to employees, contractors and other authorised third parties who have a genuine business need to know. They will only process your personal data on Our instructions, and they are subject to confidentiality and security obligations.
7.3. We maintain records of processing activities as required under Applicable Law, and regularly review Our security controls to ensure ongoing compliance.
7.4. In the event of a personal data breach, We will notify the competent authority within the timeframe required by Applicable Law and, where required, affected individuals.
8. Data Retention
8.1. How long will you use my personal data for?
a. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements under Applicable Law.
b. We may retain your personal data for a longer period if:
i. required by Applicable Law;
ii. necessary to resolve disputes, enforce agreements, or protect Our legal rights; or
iii. there is a prospect of complaint, investigation, or litigation relating to Our relationship with you.
c. To determine the appropriate retention period for personal data, We consider the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process it and whether those purposes can be achieved through other means.
d. In some circumstances you may ask Us to delete your data, or We may de-identify or anonymise it for research or statistical purposes, in which case We may use such information indefinitely without further notice to you.
9. Your Legal Rights
9.1. You have a number of rights under Applicable Law in relation to your personal data, including the right to:
a. request a copy of the personal data We hold about you and to confirm how it is being processed;
b. request correction, completion or updating of any inaccurate or incomplete personal data;
c. request deletion or destruction of your personal data where the purpose for which it was collected has been achieved, where you withdraw consent (if applicable), or where We have no lawful basis for retaining it;
d. request suspension or restriction of processing in cases specified under Applicable Law, including where data is inaccurate or unlawfully processed; and
e. where We rely on your consent to process personal data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before withdrawal.
9.2. What We May Need from You
We may need to request specific information from you to confirm your identity and ensure your right to access your personal data. This ensures that personal data is not disclosed to any person who has no right to receive it. We may also contact you for further information to help Us process your request efficiently.
9.3 Time Limit to Respond
We will respond to your request within the timeframe, or within any extended period, permitted by Applicable Law. We will inform you if additional time is needed.
10. Complaints
You have the right to make a complaint to the Saudi Data and Artificial Intelligence Authority (SDAIA).
However, please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand, so we can try to resolve your concern.
11. Changes to the Privacy Policy and Your Duty to Inform Us of Changes
We keep this Privacy Policy under regular review. This version was last updated on 15 December 2025.
It is important that the personal data We hold about you is accurate and current. Please keep Us informed if your personal data changes during your relationship with Us, for example a new address or email address.
12. Third-Party Links
Orbit Digital Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the Privacy Policy of every website you visit.
Madarat for Communication Company Limited - Orbit (version: 15 December 2025)
Search
Mentioned in these pages