Privacy Policy - The Outlet

Theoutlet values the confidentiality and privacy of personal data and processes it lawfully and transparently in line with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations. This Policy applies to our website, app, and our official communication channels (e.g., WhatsApp, email) when we provide services or communicate with you. Under the PDPL, controllers must publish a privacy policy before collecting personal data and explain key elements of processing.

1) What data we collect

Contact details: name, phone number, email, address.

Order & payment info: orders, payment method details (processed by approved payment providers), invoices.

Shipping & delivery info: carrier, tracking numbers, delivery status.

Technical & usage data: IP address, device/browser type, pages viewed, cookies.

Support communications: messages via WhatsApp/email and contact forms.

We do not request sensitive data unless necessary and lawful; if required, we will explain and obtain consent where needed. See PDPL Art. 4–6 for information/consent requirements and exceptions.

2) Why we use your data (legal bases)

We process personal data only for specified, legitimate purposes and using the minimum necessary data. Depending on the context, our legal bases may include: your consent, performance of a contract, legal obligation, legitimate interests (balanced against your rights and never for sensitive data under this basis), and protection of vital interests.

Main purposes

Provide services & fulfill orders: order processing, payment, shipping, confirmations, and after-sales support.

Customer care: respond to inquiries, handle complaints, verify identity.

Improve our services: analytics to enhance performance and user experience (aggregated or minimally identified where possible).

Communications & marketing: service messages; offers and promotions (opt-out any time).

Compliance & fraud prevention: accounting/tax records, dispute handling, security monitoring.

3) Marketing & opt-out

We may send offers, discounts, and alerts. You can opt out at any time via the unsubscribe link (if available) or by contacting Customer Care. PDPL recognizes consent as a primary basis for processing, with specific conditions for marketing defined in the Regulations.

4) Cookies

We only use essential cookies that are necessary for the basic operation of our website and services. These cookies enable core functions such as maintaining your session, keeping items in your cart, and supporting secure checkout.

We do NOT use cookies for advertising, analytics, personalization, or any form of tracking inside the app or across other apps or websites.
You may control essential cookies through your browser settings, but disabling them may affect the basic functionality of the website.

5) Sharing your data

We do not sell personal data. We share only what’s necessary with:

Service providers: shipping companies, payment processors, hosting/IT, analytics vendors.

Professional advisors: legal/accounting (as needed).

Public authorities: where required by applicable law or valid legal request.
Sharing is governed by agreements and safeguards consistent with PDPL requirements.

6) Cross-border transfers

If we transfer personal data outside KSA, we will do so under the PDPL’s Regulation on Personal Data Transfer Outside the Kingdom and related guidance (e.g., adequacy decisions, appropriate safeguards like SCCs/BCRs, risk assessments, and data-minimization). Transfers are limited to the minimum necessary.

As of 14 September 2024, updated Transfer Regulations took effect, enabling transfers to countries deemed to have comparable protection and setting mechanisms for other destinations (e.g., SCCs/BCRs plus safeguards).

7) How long we keep data

We retain personal data only as long as needed for the purposes above, including legal obligations and dispute resolution. When no longer needed, data is securely deleted or anonymized, consistent with PDPL requirements on destruction and retention.

8) Security

We apply technical and organizational measures (encryption, access controls, monitoring) to protect personal data, including during transfers, and we continually improve our controls.

9) Your rights under the PDPL

Subject to PDPL and its Regulations, you have the right to:

Be informed of the legal basis and purpose of collection.

Access your personal data held by us.

Obtain a readable copy of your personal data.

Correct/complete/update your data.

Request destruction in specified cases (e.g., when no longer needed for the purpose).
We will respond within the periods and methods set by the Regulations.

To exercise your rights, contact us at the details below.

10) Data breaches

If we become aware of any breach, damage, or illegal access to personal data, we will notify the Competent Authority (SDAIA) and, where the incident could harm your data or prejudice your rights and interests, we will also notify you, in line with the Regulations and SDAIA guidance.

11) Registration / DPO (where required)

When applicable under PDPL and the National Register of Controllers rules, we will register as a controller and, if required by the Regulations (e.g., large-scale monitoring or core processing of sensitive data), we will appoint a Data Protection Officer (DPO).

12) Children’s data

Our services are not directed to individuals below the legal age. If we discover that we collected data from a minor without required approvals, we will delete it appropriately.

13) Changes to this Policy

We may update this Policy from time to time; the “Last updated” date reflects the latest version. Continued use after updates constitutes acceptance of the revised Policy.

14) Contact

For privacy inquiries or requests (access/rectification/deletion/marketing opt-out):

Email: info@theoutlet.sa

Support: 8001240636

Customer Service

Skincare

Makeup

Premuim

Haircare

Personal Care

Fragrance

Salon Services

Health & Nutrition

Mom & Baby

Electronics

Eyewear

Pharmacy

Subscribe Newsletter

Safety Payments