Privacy Policy
Date of Last Update
The Data Privacy Notice was last updated on September 17th, 2025.
Introduction
This Data Privacy Notice describes our policies and procedures on what and how we collect, use and share your information when you use our services and products, and tells you about your privacy rights and how these rights are protected.
Zension, a subscription e-commerce company for consumer technology, is registered in the Kingdom of Saudi Arabia Al Olaya Street, Al Olaya District, Riyadh 12214
At Zension for Information Technology, we value your privacy and respect the trust you have placed in us in handling and keeping your personal information secure. This Data Privacy Notice explains how we use the personal data that we collect or generate under the Personal Data Protection Law ('the PDPL'), both in relation to our website and in the course of carrying on our commercial activities and providing you with our products and services. For the purposes of this Data Privacy Notice, 'we' means Zension.
This Data Privacy Notice concerns information and data we collect and process about you when:
- you access our website, subscribe, request or purchase our products and services;
- we deliver our products and services to you;
- we need to improve your customer experience;
- we need to improve our products and services and develop new ones; and
- we need to manage our network and operate our business.
The types of personal data that we collect and how we may collect it
The products and services we offer you require us to obtain and collect data and information about you in order to deliver the products and services we have been engaged by you to provide. Zension will only collect personal data that is limited to the minimum necessary required to provide its products and services.
We would like to clarify that certain information we need to collect is due to the requirements of applicable laws or regulations and if such information is not shared with us, you may be unable to access our website or receive our products or services.
In particular, we will collect and process personal data that you provide to us when you sign up, use NAFATH, enquire about becoming a subscriber of our products and services, enquire about any matter, access or use of our services, take part of surveys, promotions, and any matter for which you will communicate with us.
This personal data may include:
Information that you provide to us.
We collect data and information that you provide directly to us through your access or use of our services, such as when you create or modify your account, request of a product or service, the "Contact Us" support, or otherwise communicate with us.
Information that we collect when you use our services.
When you use our services, we collect personal information i.e. information that could be used to contact you directly such as full name, phone number, credit/debit card information, or email address.
We may collect data about how you interact with our products and services. This includes data such as access dates and times, network location when for example you use the internet, app features or pages viewed, app crashes and other system activity, and type of browser.
We use analytical tools to understand how our website is used. These tools collect information such as pages visited, time spent, device/browser type, and general location. The data is used only to improve our services and is not linked to identify individual users.
We may also collect data about the devices used to access our products and services, including the hardware models, device IP address from which you access the internet, or other unique device identifiers, operating systems and versions, software, preferred languages, the date and time you access our website, advertising identifiers, device motion data, and mobile network data.
Information that we obtain from other sources.
We may also receive, through automatic collection of information and interconnection with third parties, information from other sources such as third-party service providers, agencies, government authorities, or other publicly available sources where applicable, including credit reference and fraud prevention agencies or government authorities, and combine that with your personal data that we receive from you or collect through our services as clarified above. This may include but is not limited to the following:
- Law enforcement officials, public health officials and other government authorities.
- Vendors who may validate you (for sign-up or password recovery).
- To manage payments regarding your accounts and card information.
How we use your Information
We use, store and process your personal information in a number of ways for the purposes of providing our subscription services as more detailed in the subscription agreement. The table below illustrates such uses:
| Category | Description |
|---|---|
| Subscription | To set you up as a subscriber of us and process your order. |
| Account Management | To setup and manage your accounts. |
| Payment | To sort out a payment, put your order through our system or deliver a product or service to you. To recover any money you might owe us, assign your debt to permitted third parties and look after any credit you might have. |
| Customer service | To understand your needs and interests and keep in touch with you about the products and services you subscribed for. To look into any complaints or questions you may raise. |
| Improvement | To supply and improve our products and services and to develop new ones. To carry out statistical monitoring and analysis to help us improve our website and services. |
| Advertising and / or Marketing | To display or target ads, marketing communications, or measuring ads performance. |
| Communicate with you | Provided you've given us your consent, to tell you about products, services, special offers or competitions that we think may be of interest to you, whether by phone, post, email, text, or other ways. |
| Analytics | To collect data about how you use the app or how it performs. |
| App Functionality | For features that are available in the app. |
| Developer Communications | To send you news or notifications about the app or the developer. |
| Fraud Prevention, Security and Compliance | For fraud prevention, security, or compliance with laws. To keep things secure and conduct analysis to detect malicious data and attacks on devices and systems. |
| Personalised Commercial and Promotional Communications | To send commercial and promotional communications through telematic or conventional means, in relation to similar products and services than the ones previously contracted or acquired from us. This includes personalised electronic communications with information regarding products, services, events, courses, programs, promotions and relevant news for you. |
| Quality and Satisfaction Surveys | To carry out and analyse quality and satisfaction surveys related to the products and services provided by us. |
Disclosure of your Information by us
We only disclose your personal information outside of Zension in limited circumstances. If we do, we will put in place appropriate controls and data sharing agreements that require recipients to protect your personal information, unless we are legally required to share that information.
Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties. We may disclose your information to our third-party service providers, agents, and subcontractors (suppliers) for the purposes of providing services to us or directly to you on our behalf.
When we use suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We take steps to ensure that any third-party partners who handle your information comply with data protection legislations and protect your information to the same extent that we do. We only disclose personal information which is necessary for them to provide the service they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non-specific data sets where possible.
Below is a schedule with a list of the categories of third parties with whom we may share your data:
| Category of Third Party | Description of Service Provided | Lawful Basis for Processing |
|---|---|---|
| Affiliates | We may share your personal data with our affiliates in order to improve and enhance your experience. | Legitimate Interest |
| Asset Purchasers | We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will engage best efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this Data Privacy Notice. | Legitimate Interest, Performance of a Contract |
| IT Service Providers | System based processing of personal details as part of organisational/ operational requirements. e.g. cloud hosting services; application development and support services; IT infrastructure services; email services; call recording services. Help maintain the safety, security, and integrity of our services and your data. | Performance of a Contract |
| Law Enforcement Agencies & Authorities | To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences. To comply with a legal obligation. To protect and defend the rights or property of Zensiontec. To prevent or investigate possible wrongdoing in connection with the products and services. To protect the personal safety of users of the products and services or the public. To protect against legal liability. | Legal Obligation, Legitimate Interest |
| Courts, Regulators, and Government Authorities | We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party. To investigate or address claims or disputes relating to the use of our services or the subscription to our products, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal processor governmental request, including from law enforcement. | Consent, Legal Obligation |
| Legal/Professional Advisors | The provision of business consulting, audit and legal services including access to and analysis of personal data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice. | Performance of a Contract, Legitimate Interest |
| Other Uses | Provide, maintain, and improve our services. Perform internal administration and operations, including, for example, to prevent fraud and abuse of our services. Subject to your consent, send you communications we think will be of interest to you, including information about products, services, promotions, news, and events of Zensiontec, where permissible and according to local applicable laws. Notify you about changes to our terms, services or policies and other communications that aren't for the purpose of marketing our services or products. | Legitimate Interest, Performance of a Contract |
Cookies
A cookie is a small piece of data (text file) that a website deploys when visited by a user and asks your browser to store on your device in order to remember information about you, such as your language preference or login information. We deploy such cookies. Cookies that are set by us are referred to as "first-party" cookies.
We also use third-party cookies which are cookies from a domain different from the domain of the website you are visiting. Such cookies may be used for our advertising and marketing efforts.
There are other technologies which we deploy which track behaviour on our website. 'Tracker Pixels' are a means of allowing us to check whether you have viewed our content. These "pixels" are essentially tiny, invisible images on our web pages that, once loaded, will communicate your interaction with our content. This allows us and our partners to gauge the validity of material being presented to you.
We avail of third-party technologies across our site. These technologies help us to understand how you use the site and the ways in which we can improve your user experience. These technologies may track certain information such as the pages you visit across our site as well as how long your visit lasts. This allows us to continue providing engaging content.
We also use social media plugins on this site that allow you to view videos and otherwise interact with certain content. For these technologies to work, trusted third parties will set cookies and tracker pixels throughout our site. Once enabled, these technologies may be used to enhance your profile or to contribute to the data they hold for various purposes outlined in their respective privacy policies. For any third-party technology used on our site, we will provide a link to that third-party's respective cookie/data privacy notice for your information. We encourage our visitors to review these policies in advance of granting consent to deployment.
For each visitor to our site, we automatically gather certain potentially identifying information and store it. This information includes Your Internet Protocol (IP) address, your browser type, internet service provider (ISP), referring/exit pages, your operating system, date/time stamp, processor or device serial number, unique device identifier, and clickstream data. We collect this information on an individual basis and in aggregate, or combined form.
International data transfers
International data transfer is defined as the transfer of your data from one country to another.
Your personal information may be stored or processed in any country where we have our facilities or where we engage with third-party service providers and subcontractors for the purposes of fulfilling our obligations to you.
We have put in place appropriate safeguards in accordance with the applicable legal requirements to ensure that your data is adequately protected.
This means that, when we, or our permitted third parties, transfer your personal data outside the Kingdom of Saudi Arabia or to countries not deemed adequate, we will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the Kingdom of Saudi Arabia and we may ask you to provide your consent to such transfer. We or they may also require you to subscribe to international frameworks intended to enable secure data sharing. If we transfer your personal data outside the Kingdom of Saudi Arabia in other circumstances (for example, because we have to by law), we will make sure it remains adequately protected.
How do we store your personal data?
Your Personal Data is stored securely either at the headquarters/or at a cloud computing service provider AWS in Bahrain. We also retain first and last name, gender, nationality, DOB, Email ID, address, residency status etc. for as long as it is required for us to provide you with our services and we are mandated to comply with legal obligations under the applicable laws and regulations, after which we will securely dispose of such data in a manner that prevents access or retrieval, using suitable deletion method such as permanent data deletion or data anonymization. The exact retention period for each data type shall be determined separately.
What are your rights?
You have certain rights in respect of your personal data, and we have processes to enable you to exercise these rights. Your rights are as follows:
- Opt Out/Unsubscribe: you can request to be removed from our marketing mailing list, from the unsubscribe button in the email itself.
- Right to be Informed: you have the right to understand the legal basis and purpose of the collection of your personal data held by us.
- Right to Access(also known as a 'Subject Access Request'): you have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us, and obtain certain other information about how and why we process your personal data.
- Right to Rectification/Correction: you have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.
- Right to Erasure(also known as 'the Right to be Forgotten'): you have the right to deletion of your personal data where your personal data is no longer necessary to achieve the purpose for which it was collected for.
- Right to Object: you have the right to object to our processing of your personal data in the following cases:
- Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us.
- Our processing for direct marketing purposes.
- Right to Withdraw Consent: Where we process personal data based on consent, you have a right to withdraw your consent at any time. To do so, please use the contact details below in the "How to Contact Us" section.
- Right to lodge a Complaint with a Supervisory Authority: We sincerely hope that you will never need to, but if you do want to complain about our use of your personal data, please get in touch with the relevant supervisory authority using the contact details set out below.
You may lodge a complaint with the supervisory authority in the Kingdom of Saudi Arabia where an alleged infringement of data protection law has occurred. The contact details of the competent national supervisory authority, the Saudi Authority for Data and Artificial Intelligence ("SDAIA") are as follows:
The Saudi Authority for Data and Artificial Intelligence ("SDAIA")
Website: https://sdaia.gov.sa/en/default.aspx
Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where we are required or permitted by law to do so. We will always be clear and communicate this to You if and when these instances arise.
Unless otherwise stipulated by the law, you will not be required to pay any fees in return for exercising this right. In case of submitting a request for exercising this right, you will receive a response within thirty (30) days as of the request receiving date.
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint to our customer care department using one of the following channels: https://zaam.life/support. If you are not satisfied with how we process your complaint, or if we fail to respond within thirty (30) days you can file a complaint to the Competent Authority, the Saudi Authority for Data and Artificial Intelligence ("SDAIA").
Security
Your profile is password-protected so that only you and authorised Zension employees have access to your account information. Our staff will never reach out to you and ask for any personal account information, including your password.
We make every effort to ensure that your personal data is secure on its system. We have staff dedicated to maintaining our security standards as set forth herein. We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any personal data you transmit to us, and you do so at your own risk.
How to Contact Us
In case you have any queries, concerns, or complaints with regard to this Data Privacy Notice or the manner in which we process your data, please contact our Data Protection Officer at the below mentioned contact details and we will make our best effort to resolve it.
Point of Contact
Name: Rabbia Anwar
Designation: Data Protection Officer
Email: dpo@zaam.life
How long do we store your information for?
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, your personal information may be retained for an extended period of time where we are required to do so such as:
- To maintain business records for analysis and/or audit purposes
- To comply with record retention requirements under applicable laws
- To defend or bring any existing or potential legal claims
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.