Privacy Policy

This policy is effective as of 23th Jul 2022


1.1   We are Digitalization Factory (DF) and our address is Garnata Square , alshohada, Riyadh, Kingdom of Saudi Arabia telephone 9200 0000 000 with email contact (“DF”, “we”, “us”, “our”). DF is a business name of Afaq Advanced Est. DF provides the ERP and Digital Transformation Solutions for many sectors include health care , F&B , Retail , Manufacturer and many more .

1.2   In providing the Products DF will process personal data. This document sets out how DF processes personal data for all products. This includes personal data collected when you use our website (“Website”) and Products (together, “Services”). 


2.1   DF takes your personal data seriously and processes it in accordance with applicable laws and regulations. DF acts as the ‘controller’ (i.e. person responsible for deciding how your personal data is processed) and has adopted this privacy policy (“Policy”) to establish and maintain the privacy and security of your personal data. This Policy:

(a) sets out the types of personal data we collect about you;
(b) explains how and why we collect and use your personal data;
(c) explains how long we keep your personal data;
(d) explains how we will share your personal data – when, why and who with;
(e) explains the different rights and choices you have when it comes to your personal data;
(f) explains the security measures we apply to protect your personal data; and
(g) explains how we may contact you and how you can contact us.

2.2   Please understand that by accepting this Policy and submitting any personal data to us, you agree that we may collect, use, disclose and retain such data in accordance with this Privacy Policy, and as permitted or required by law. If you do not agree with these terms, then please do not accept them or provide any personal data to us.

2.3   Please also note that we will not be able to respond to you, provide the relevant Services to you, or deal with your enquiries unless you provide us with the required personal data as set out or referred to in this Privacy Policy, unless we indicate the supply of the personal data is optional.


3.1   We collect the content, communications, and other information you provide when you use our our Services, including when you sign up for an account (if relevant) or communicate with us including by email. This includes your name, email address, phone number, name of your business (where relevant), and location/country and payment information (where relevant),

3.2   We also collect additional, specific personal data depending on the Products you are using:

• For SAS ERP we need to carry out customer due diligence and KYC which includes the collection and processing of the following information:

o ID Validation: ID number, place of issue, expiry date, date of issue.
o CR Validation: CR number, UNN, entity name, issue date, expiry date, business type, place of issue , owner name, manager name.
o Other information: outlet name, address, contact person, contact details, and other information you may supply us with during the onboarding process.

• For SAS ERPs the information we collect includes:

o CR information (CR number, UNN, entity name, issue date, expiry date, business type, place of issue , owner name, manager name, as relevant)
o ID information (ID number, place of issue, expiry date, date of issue, as relevant)
o VAT registration information
o Recordings of sessions/meetings
o Any other information you provide us with

3.3   In addition we also collect the following personal data:

(a)   Usage: we collect information about how you use our Services, such as the the time, frequency and duration of your browsing activities, and how you use the features provided by the Services.

(b)   Device information: we collect information on the devices you use, such as the model and kind of the device you are using to access our Services, the operating system, hardware and software version together with other technical information (e.g. your IP address).

(c)   Your opinions about our products and services: information you share rating your experiences and satisfaction with the provision or receipt of our products or services or otherwise dealing with us.


4.1   Where you use our Website we also use cookies to collect personal data from your device to help us enhance the Services provided, and to ease your access to our services, for example they allow you to repeatedly use our services on the same device without having to login or adjust the preference settings each time. We collect web statistics automatically about your visit to our Website based on your IP address. This information is used to help us in improving your experience on our Website.


5.1   We collect your personal data directly from you i.e. this is the personal data you provide to us when using our Services or communicating with us, We also collect your personal data by deploying cookies as described above. We may also collect personal data from you when you visit our offices (e.g. through the use of CCTV). We may also collect personal data from your organisation, any relevant third party partners from government entities as follows:

• ID information collected from ELM (a government entity) though an API integration
• CR information collected from WATHIQ (a government entity) though an API integraton


6.1   We use your personal data for the following purposes:

(a)   send you information in connection with the our products and services
(b)   respond to your communications and requests;
(c) to manage our relationship with you or your organisation;
(d) to manage our relationship with third party partners and referrers;
(e) billings and payment;
(f) deal with any disputes;
(g) provide our Services to you;
(h) to validate you under KYC, AML, sanctions screening and carry out due diligence;
(i) marketing – including to contact you by email, postal mail, or phone (including via SMS messages) regarding DF and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you or your organisation on the basis of your consent as shown by your acceptance of this Privacy Policy and in accordance with applicable law. We will provide you with the ability to opt out of promotional and marketing communications;
(j) customize the content and services we provide through our Services and more generally;
(k) help us better understand your interests and needs and those of your organisation, and improve our Services;
(l) engage in analysis, research, and reports regarding use of our Services;
(m) training;
(n) archiving;
(o) secure our Services and our systems;
(p) comply with any procedures, laws, and regulations which apply to us;
(q) establish, exercise, or defend our legal rights;
(r) prevent and detect crime and fraud;
(s) protect health and safety and to ensure security;
(t) comply with contractual requirements; and
(u) carry out our internal business purposes, such as corporate transactions, audits, and data analysis


7.1   The length of time for which we retain personal data typically depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Once we no longer need to keep your personal data we will take reasonable steps to erase it from our systems and ensure it is erased from those systems where it is processed on our behalf.


We may share your personal data with the following:

(a) Businesses within our group: we may share your information within our group in order to process your information as described in this Privacy Policy.
(b) New owner: if the ownership or control of SAS ERP, or all or part of the Services changes, we may transfer your information to the new owner.
(c) Third party service providers and partners: we may work with third-party partners (including IT providers and developers) to:
• improve and provide our Services,
• to develop, offer and provide products and services which we consider will be of interest to you,
• to make payments.

Where we share your information with these persons we will do so to the extent required for the above purposes. We will impose restrictions on how these persons can use and disclose the data we provide in accordance with applicable laws and regulations.

(d) Government authorities: DF may share your personal data with various government authorities in response to enquiries you may make and to assist us in carrying out our operations and responding to enquiries. Also we may share your personal data with various government entities in response to legal proceedings; to establish and/or enforce our rights (including under our terms and conditions) or to protect our property; to defend against legal claims; or as otherwise required by law; we retain the right to raise or waive any legal objection or right available to us. We may also share your personal data when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities.
(e) Our employees, agents, consultants and contractors: we may share your information with these persons and entities in order to process your information as described in this Privacy Policy. Any sharing will be on terms protective of your information.
(f) Banks, payment providers and payment technology providers: where you use DF Payments services we will share your information as follows:
• Bank: basic information such as merchant name, address, city, UNN number/CR number, and terminal number information is shared to setup the merchant in banking system
• POS hardware vendor: basic information such as merchant name, address, city, contact number, and terminal information is shared with POS hardware vendor to install the payment hardware at merchant location
• AMEX: if a merchant requests to enable the AMEX service, similar informaiton to that above is also shared with AMEX to enable the service
• SAMA (Central bank): regulatory reporting which typically includes, merchant name, terminal, transactions and volume, and complaints.

By accepting this Privacy Policy you consent to the above sharing and disclosure of your personal data to the extent your consent is a requirement in order for the disclosure to lawfully take place under applicable laws and regulations.


9.1   Our Website may contain links to third-party websites such as social media sites, and also may contain third-party integrations and functionalities. If you choose to use these sites or features, you may disclose your personal data not just to those third-parties, but also to their users and the public more generally depending on how their services function. DF is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal data will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third-parties.


10.1   By accepting this Privacy Policy, you consent to the storage of your information inside the Kingdom of Saudi Arabia. DF may subcontract the processing of your data to, or otherwise share your data with, service providers located inside the Kingdom of Saudi Arabia. Such third parties may be engaged in, among other things, the provision of goods and services to you, the processing of transactions, payments and/or the provision of support services. By accepting this Privacy Policy, you agree to any such transfer storage or use.

We will always fulfil any requirements in relation to the international transfers of personal data under applicable laws. For more information about these transfer mechanisms, please contact us using the contact details given below.


11.1   We consider the confidentiality and security of your personal data to be of the utmost importance. DF takes a variety of technical, administrative, and physical measures to protect your information from disclosure to or access by third parties. Please note that we do not guarantee the security of personal data, as no method of internet transmission or storage is completely secure.


12.1   Please note that we review our privacy practices from time to time, and that these practices are subject to change. Any change, update, or modification will be effective immediately upon posting on our Website or where we update you by email. You must read and accept the Policy every time it is updated. Otherwise, your use of the Services is not permitted.


13.1   You have certain rights under and in accordance with applicable laws and regulations including:

(a) The right to be informed – to inform you of the valid legal or practical justification for collecting your personal data, and the purpose of such collection, and that your personal data should not be processed later in a manner inconsistent with the purpose for which it is collected, DF complies with this requirement by providing this Privacy Policy to you. If you require further information in accordance with your rights under applicable laws and regulations please inform us.
(b) The right to have access to your personal data – the right for you to have access to it and obtain a copy of it
(c) The right to request correction, completion or updating of your personal data that DF controls.
(d) The right to request the destruction or deletion of your personal data which DF no longer needs to process for the purposes for which it was collected.
(e) The right to withdraw your consent at any time, where we relied on your consent to use and disclose your personal information. If you do this we may not be able to provide the Services to you.

By accepting this Privacy Policy you consent to the above sharing and disclosure of your personal data to the extent your consent is a requirement in order for the disclosure to lawfully take place under applicable laws and regulations.


14.1   If you are unhappy with how we’ve handled your personal data, or have further questions on the processing of your personal data, contact us here


By email to:

By written notice to:

The Data Protection Office

Riyadh, Kingdom of Saudi Arabia , Garnata Square, Riyadh.