Privacy Policy

1- Introduction

The present document constitutes the Privacy Policy of Breeze Ventures PTE Information Technology Systems Company, which provides the services of the brand “Skyro”.

This Privacy Policy outlines how we collect, use, process, disclose, store, and protect your personal data in accordance with the applicable laws and regulations in the Kingdom of Saudi Arabia, including the Personal Data Protection Law, and the Saudi Central Bank (SAMA) and the Saudi Data & AI Authority (SDAIA) regulations.

2-Definitions

The terms used in this Policy are defined as follows:

“Collection”: collection of Personal Data by Controller in accordance with the provisions of the Law, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject or any other party.

“Company”: Breeze Ventures PTE Information Technology Systems Company, a limited liability company duly incorporated under the laws of the Kingdom of Saudi Arabia, having its registered office at Al Malqa Dist., Anas Ibn Malik, 3888, 13524, Riyadh, Kingdom of Saudi Arabia with Commercial Registration number 1009082620.

“Competent Authority”: the governmental body of the Kingdom of Saudi Arabia designated to oversee, regulate, and enforce the Personal Data Protection Law (PDPL) and its Regulations.

“Controller”: Any Public Entity, natural person or private legal person that specifies the purpose and manner of Processing Personal Data, whether the data is processed by that Controller or by the Processor.

“Credit Data”: any Personal Data related to an individual's request for, or obtaining of, financing from a financing entity, whether for a personal or family purpose, including any data relating to that individual’s ability to obtain and repay debts, and the credit history of that person.

“Destruction”: any action taken on Personal Data that makes it unreadable and irretrievable, or impossible to identify the related Data Subject.

“Direct Marketing”: Marketing communication directly targeting the Data Subject.

“Disclosure”: enabling any person - other than the Controller or the Processor, as the case may be - to access, collect or use personal data by any means and for any purpose.

“Explicit Consent”: Clear, affirmative agreement to process personal data.

“Genetic Data”: any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data.

“Health Data”: any Personal Data related to an individual's health condition, whether their physical, mental or psychological conditions, or related to Health Services received by that individual.

“Health Services”: services related to the health of an individual, including preventive, curative, rehabilitative and hospitalizing services, as well as the provision of medications.

“Law”: the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia, issued by Royal Decree No. M/19 dated 09/02/1443H (corresponding to 16 September 2021), and any subsequent amendments.

“Personal Data Breach”: Any incident involving unauthorized access, loss, or Disclosure of Personal Data.

“Personal Data”: Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

“Processing”: any operation carried out on Personal Data by any means, whether manual or automated, including collecting, recording, saving, indexing, organizing, formatting, storing, modifying, updating, consolidating, retrieving, using, disclosing, transmitting, publishing, sharing, linking, blocking, erasing and destroying data.

“Processor”: Any Public Entity, natural person or private legal person that processes Personal Data for the benefit and on behalf of the Controller.

“Public Entity”: Any ministry, department, public institution or public authority, any independent public entity in the Kingdom, or any affiliated entity therewith.

“Publishing”: transmitting or making available any Personal Data using any written, audio or visual means.

“Regulations”: the Implementing Regulations of the Personal Data Protection Law (PDPL) issued by the Saudi Data and Artificial Intelligence Authority (SDAIA) or any other Competent Authority, including all updates, amendments, and related executive guidelines that clarify and support the enforcement of the Law.

“Sensitive Data”: information related to a person’s race, beliefs, health, biometrics, or criminal history.

“Transfer”: the transfer of Personal Data from one place to another for Processing.

“Data Subject”: The individual to whom the Personal Data relate.

3-Role of the Company

We, Breeze Ventures PTE Information Technology Systems Company, act as both the Controller and Processor of Personal Data in accordance with the Law. As the Controller, we determine the purposes and means of Processing your data. As the Processor, we handle your data securely and lawfully to fulfill the stated purposes.

4-Purpose of This Privacy Policy

This Privacy Policy explains:

1- Categories and types of Personal Data we collect;

2- Purposes for which Personal Data is collected and methods by which it is Processed;

3- Legal basis for Processing of Personal Data;

4- Parties and entities to which we may Disclose Personal Data;

5- Location, duration of retention related to storage of Personal Data;

6- Rights of a Data Subject and procedures for exercising such rights.

5-Categories and Types of Personal Data

We may collect the following types of Personal Data:

1- Identification and contact details: Name, email address, phone number, job title, company name

2- Other data: essential (technical) cookies, optional (personalized) cookies.

We do not collect any Sensitive Data, Health Data, Generic Data, Credit Data or any other Personal Data that is not directly mentioned herein.

We do not collect any Personal Data of minors.

If we become aware that any Personal Data was collected unintentionally, we will take immediate steps to delete such information from our records.

6-Sources of Personal Data Collection

We collect Personal Data directly from the Data Subject, in the event it is done indirectly, explicit consent shall be obtained.

7-Purposes of Collection and Processing Personal Data

All Personal Data, collected directly or indirectly, may be used for:

1- Direct Marketing and promotional activities

2- Analytics, and service improvements and product development

3- Customer support

We use Personal Data only for the purposes for which it was collected, unless we need to use it for another purpose that is compatible and not in conflict with the original purpose.

If we wish to use Personal Data for a purpose not related to the original purpose, we will notify you and clarify the legal basis permitting us to do so.

We may process Personal Data without your knowledge and without your consent if such Processing is required under relevant laws and regulations, such as the Law and the Regulations, or under request of the Competent Authority.

8-Data Retention

We retain Personal Data for as long as necessary to fulfill the purpose for which it was collected, considering purpose and sensitivity of Personal Data.

Once the retention period expires, we securely destroy all collected Personal Data, unless otherwise is prescribed by the Law and Regulations.

9-Disclosure of Personal Data

We may disclose Personal Data to government and regulatory bodies in order to comply with obligatory legal and compliance requirements, regulations, inspection orders, court orders, or other legal processes.

We will not disclose any collected Personal Data to any other third parties.

10-Legal Basis for Processing

We process Personal Data under the following legal grounds:

1- Explicit Consent, and/or

2- Legal Obligation – where Personal Data Collection and Processing is mandated by law.

The Data Subject has the right to withdraw consent at any time, provided that such withdrawal does not affect any processing operations carried out under other legal grounds. To do so, the Data Subject should contact us at People@breezeventures.sa.

11-Data Storage and Security

We store Personal Data in secure facilities on-site.

We enforce:

1- Technical and organizational safeguards

2- Adhering to the Law and the Regulations

3- Adhering to the policies and best practices related to security and data protection

4- Incident response procedures.

We also retain collected Personal Data as long as it is required under the Law and Regulations, after which we will securely dispose such data in a manner that prevents access or retrieval.

12-Rights of Data Subject

Under the Law, you, as Data Subject has the following rights:

1- Right to Be Informed: You are entitled to be informed how we collect your Personal Data, legal basis for Collection and Processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all details through the Privacy Policy or contact us using the below-mentioned information.

2- Right of Access to Your Personal Data: You are entitled to request access to your Personal Data that we store through our website or by contacting us using the below-mentioned information. We may limit this right if it involves disclosing another individual's Personal Data.

3- Right to Request Access to Your Personal Data: You are entitled to request access to your Personal Data held by us in a readable and clear format if technically feasible by contacting us using the below-mentioned information.

4- Right to Request Correction of Your Personal Data: You are entitled to request correction of your Personal Data that you believe is inaccurate, incorrect or incomplete by contacting us using the below-mentioned information. Such data will be reviewed and updated within 30 days. In addition, you will be notified through your email address. We may ask for supporting documents for verification purposes. Such documents will be securely destroyed after verification.

5- Right to Request Destruction of Your Personal Data: You are entitled to request the destruction of your Personal Data upon receiving your request

6- Right to Withdraw Your Consent for Processing Your Personal Data: You are entitled to withdraw your consent for Processing your Personal Data at any time unless there are legal bases that require otherwise. Unless otherwise stipulated by the Law, you will not be required to pay any fees in return for exercising this right. In case of submitting a request for exercising this right, you will receive a response within 30 days as of the request receiving date

All requests are subject to identity verification and may be rejected if they are found to be from a person/entity not related to the account. A response will be provided within 30 days from the date of receiving the request, with the possibility of extending this period for an additional 30 days if the verification requires that.

For further details regarding the Processing of your Personal Data and how to exercise your rights, you can contact us using the below mentioned contact details

13-Incorrect Data

If we detect or are notified of errors in your Personal Data, we will work with you to correct or update it, possibly requesting supporting documentation.

14-SMS Terms and Direct Marketing

By submitting your mobile number and email address, you agree to receive messages and emails with marketing materials. Standard rates for SMS apply.

Marketing communications (emails, newsletters, Company’s updates) may be sent based on your preferences. You may opt out at any time,

15-Cookies

We use essential (technical) and non-essential (personalized) cookies to:

1) Enhance your user experience

2) Ensure proper functioning of the website

3) Track performance and page visits

4) Deliver targeted ads

Essential cookies are necessary for the website to function securely and correctly. These cookies enable basic features such as page navigation and access to core website areas. As they are technically required, they are always enabled.

With your explicit consent, we use personalized cookies to remember your preferences, improve website performance, and deliver content that is more relevant to your interests based on your browsing behavior. These cookies help us better understand how visitors interact with the website.

You can manage your cookie preferences at any time through the Cookie Settings available on our website.

16-Personal Data Breaches

If a Personal Data Breach occurs, we will:

1) Contain and assess the situation.

2) Notify affected users and regulators (if required).

3) Review security controls and prevent recurrence.

17-Collection of Analytical Data

We collect non-identifiable analytical data to help us understand how visitors use our website and improve its performance. This data is collected without the use of cookies and does not involve storing any information on your device.

1) The types of information we may collect include:

2) Pages visited and time spent on each page

3) Navigation paths and click patterns

4) Device type, browser type, and general location (e.g., city or region)

5) Technical performance metrics (e.g., page load times or errors)

This data is collected in an aggregated form. It does not contain any personal identifiers, and we do not use it to track or profile individual users.

The collection of this information is solely for internal analytical and service improvement purposes.

18-Third-Party Links

Our platforms may contain links to third-party websites or services. We are not responsible for their content or privacy policies. Please review their terms independently.

19-Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on our website and take effect immediately upon publication.

20-Complaints or Objections

If you have any concerns, or if you have doubts that we do not comply with the Law, you can file a complaint by using the below-mentioned contact information.

21-Contact Information

Breeze Ventures PTE Information Technology Systems Company

CR: 1009082620

Registered Address: Al Malqa Dist., Anas Ibn Malik, 3888, 13524, Riyadh, Kingdom of Saudi Arabia

Email: People@breezeventures.sa

22-Last Update

The Privacy Policy was last updated on 23 September 2025.