Effective Date: 24 September 2025
1. INTRODUCTION
Beyond ONE Saudi for Telecommunication LLC (Beyond ONE), a licensed telecommunications service provider in the Kingdom of Saudi Arabia. Beyond One Saudi for Telecommunication LLC acts as the Data Controller for all Personal Data collected and processed, unless otherwise specified.
At Beyond ONE, we look after your Personal Data carefully. This Privacy Policy (together with our Cookie Policy which may be found at https://virginmobile.sa/en/cookie-policy/ and Terms and conditions, which may be found at https://virginmobile.sa/en/terms-conditions/ describes how we collect, use, process and store the data that you provide to us or that is generated or collected when you use our online services (via our website or our App) or mobile telephone services.
Please take a moment to read our Privacy Policy and any other privacy information we provide you when we are collecting or processing your data, so you know what choices you have about your Personal Data. By “you”, we mean the account holder who contracts with us, the person we communicate with or a visitor to our website and/or App. It is important that the Personal Data we hold about you is accurate. Please keep us informed if your Personal Data changes.
- DEFINITIONS
- App: Beyond ONE which provides telephone mobile and data services including international roaming.
- Contact Data: As defined in Section 2(ii) of this policy.
- Data Breach: Any incident that leads to unauthorized disclosure, destruction, or access to Personal Data, whether intentional or accidental, and by any means, whether automated or manual.
- Data Controller: The entity (Beyond ONE in this case) that determines the purposes and means of processing Personal Data.
- Data Processor: A third party that processes Personal Data on behalf of and under the instructions of the Data Controller.
- Data Subject: The individual to whom the Personal Data relates.
- Lawful Basis: The legal grounds under which we process Personal Data, which may include consent, contract, legitimate interest, public interest or legal obligation, amongst any other lawful basis applicable in your jurisdiction.
- Marketing Communications: Any communication we send to you that promotes our products or services, or the products or services of third parties we work with.
- Personal Data: Any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.
- Sensitive Personal Data: This includes any Personal Data of high degree of sensitivity for the Data Subject, which could include information such as any Personal Data revealing racial or ethnic origin, religious, intellectual, or political beliefs, criminal offenses or security-related data, biometric data (for identification purposes), genetic data, health data, or data indicating if one or both parents are unknown, as well as any other data that may pose a significant risk to the individual’s privacy and security if disclosed or processed improperly.
- Third-Party Partners: External companies or organizations we collaborate with to provide you with our services or to enhance your experience. These may include infrastructure providers, payment processors, and marketing partners.
- Third-Party Services: Any websites, services, or applications that are not owned or controlled by Beyond ONE and are accessed through our services.
2. INFORMATION WE COLLECT ABOUT YOU
We may collect Personal Data about you from you directly, for example, when you provide information on the website or order or use our products or services, request more information on our contact us page, respond to a survey or questionnaire or from third parties, for example, partners who help provide our products and services, or for instance, from cookies when you use our website or App. We may collect information from you even if you’re not yet a customer, for example, if you provide information via our website or App.
Some of the types of personally identifiable data, as defined in applicable law, that we may collect about you could include the following:
- Identity Data: name; title; date of birth; place of birth; gender; passport; ID number; photographic image.
- Contact Data: billing address; delivery address; email; mobile number; location pin.
- Services and Financial data: Bundle type; price; billing and top-up data; bank account details; payment history; consumer account status; credit rating.
- Usage data:Call Records (date, time, duration, calling & called telephone numbers, device identifier, cost of communication); website browsing information; usage of any other product or service; IMSI; MSISDN. [We do not collect the content of your calls or messages].
- Marketing and Communications data: marketing preferences; queries/ complaints; interests, preferences; survey responses.
- Technical data: IP address; login data; time zone setting; location; browser information; operating system and platform details; system logs; other technology on the devices used to access the website; cookies; device identifier; device type.
3. HOW WE USE THE DATA WE COLLECT ABOUT YOU AND THE LEGAL BASIS FOR USING YOUR DATA
- We will only use your Personal Data for the purposes we collected it or other reasons compatible with the original purpose.
- We need a legal basis to use your Personal Data. For most uses of Personal Data, we will need your consent. However, we may use other legal bases strictly to the extent permitted by local privacy laws, such as:
- When you enter a contract with us for the provision of services to you, we may use your Personal Data to perform that contract, for example, to process your order or provide you with the services.
- We may rely on our “legitimate interests” to use your Personal Data where permitted by local privacy laws.
- Some uses of your Personal Data are required to comply with a legal obligation, for example, tax or accounting requirements or co-operating with law enforcement agencies.
Purpose/Activity for which data is used | Type of data used |
To process and deliver your order for products and services, including managing payments and registering you as a new customer | Identity Contact |
To manage your connection to the network and make our mobile services available to you, and bill you for such usage | Identity Contact Services and Financial Usage Technical |
To manage our relationship with you, including verifying your identity, notifying changes to terms and conditions or Privacy Policy; keeping our records up to date; surveys; prize draws and competitions; communications between us, including service messages; monitoring communications and calls to our customer care service for training, compliance or operational purposes | Identity Contact Technical |
Marketing Activities: · To provide you with relevant marketing communications and website or App content about our and third-party products and services that may be of interest to you and measure the effectiveness of such marketing. · Using your online browsing behaviour, purchases, and usage of our products and services to better understand you as a customer, and to provide you with personalized content and marketing. We may share this information with third parties on an anonymized basis; and · To analyse the current use of our products and services, to research and develop improved products and services and information technology systems, to better meet customer needs.
| Identity Contact Technical Usage Services and Financial Marketing and communications |
To administer our business: · Operating, maintaining, and testing our network and IT systems; managing traffic; maintaining the security of network and services. · Responding to your comments and questions to provide customer support. · Managing your account, including to communicate with you regarding your account; and · Efficient and proper operation of our business, including preventing and detecting fraud, complying with tax, accounting and legal or regulatory requirements and cooperating with law enforcement or regulatory bodies. | Identity Contact Technical Services and Financial Usage |
4. WHOM WE SHARE YOUR DATA WITH
- We may share your Personal Data with the following:
- Partners acting as Data Processors who help us provide our services to you or to supply their services to you, for example,
- Infrastructure and software suppliers and managed service partners who may, for example, provide support and maintenance services to support the services we provide to you.
- Our customer care centre provider.
- Sales partners; content providers; advertising agencies who help us with our marketing to you; and survey companies who help us run customer surveys.
- Payment processing agents.
- Debt recovery or fraud agencies.
- Law enforcement agencies or other public or regulatory bodies where required by law or to protect our or third party’s rights, business or assets.
- Our host mobile network operator, for example, to provide emergency services, including your location information; and
- Some of our mobile financial service partners.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, Personal Data may be transferred to the acquiring entity, provided that the recipient agrees to protect Personal Data in a manner consistent with this Privacy Policy.
- Data Storage and Processing Location: All Personal Data is processed and stored exclusively within the Kingdom of Saudi Arabia, in full compliance with the data localization requirements mandated by the Communications, Space & Technology Commission (CST). We ensure that our data hosting infrastructure and service providers are located within the Kingdom, and no Personal Data is transferred or processed outside Saudi Arabia.
5. PAYMENT PROCESSING
- We use Tap Payments, a third-party payment service provider, to securely process your payments. When you initiate a payment on our application or website, your payment-related information (such as card number, expiry date, and CVV) is securely transmitted to Tap Payments for processing.
- We do not store or directly access your full card information. For more information on how Tap Payments processes your Personal Data, please refer to their Privacy Policy.
6 . THIRD PARTY LOGIN SERVICES
- We offer the option to log in to our application using third-party services such as Google and Apple. If you choose to log in via one of these services, we may receive certain personal information from the third party — such as your name, email address, profile photo, and unique identifier — in accordance with their privacy policies. This data is used solely to authenticate your identity, create or link your account on our platform, and enhance your user experience. We do not post anything on your behalf or share your data back with these services unless explicitly authorized by you. Please note that these third-party login providers may collect and process data independently, governed by their own privacy policies. We encourage you to review their privacy notices.
7. COOKIES AND SIMILAR TECHNOLOGIES
- We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, the functions they perform, and how you can control Cookies, please see our Cookie Notice.
8. USAGE OF GOOGLE ANALYTICS
- We use Google Analytics 4 360 to better understand how users interact with our services. This includes the use of the AMP Client ID API, Phone Analytics, and Google Analytics Advertising Features to analyse website traffic, measure engagement, and deliver more relevant advertisements. These features may collect device identifiers, usage data, and interaction information across sessions and platforms. We have implemented appropriate controls, and users can manage their preferences or opt out through Google’s Ads Settings or relevant device settings.
9. HOW WE PROTECT YOUR DATA
- We use industry-standard technologies and processes to:
- check your identity when you contact us, but remember you are responsible for keeping your personal and account information secure and not sharing it, including passwords.
- protect your Personal Data from unauthorised access and accidental loss, disclosure, or destruction, while in storage or transit. For example, we use data encryption. However, we cannot guarantee the security of the Personal Data that you transfer to us over the Internet.
- Limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. Where appropriate, they will only process your Personal Data on our instructions and are subject to a duty of confidentiality.
- Please remember that third-party websites are outside our control and operate in line with their privacy policies. Your Personal Data entered in such websites, or your communications sent over the internet may therefore be at risk of unauthorized access or use.
- Google RECAPTCHA: For some services we may use the ReCAPTCHA service provided by Google Inc. (Google) to protect your submissions via internet submission forms on our websites. Your use of ReCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
10. HOW LONG WE HOLD ONTO YOUR DATA
- We will hold Personal Data for a specific period of time for as long as reasonably necessary to fulfil the purpose we collected it for and in line with any legal In some circumstances we may store your personal information for longer periods of time, for example, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
- We will retain your consent and preferences for as long as your consent remains active. If you withdraw your consent, we will cease communications and delete your marketing preferences within 30 days, unless retention is required for legal compliance or fraud prevention.
- If you require further information about how we retain particular information, please contact us by sending an email to dataprivacy@one
11. YOUR RIGHTS CONCERNING THE DATA WE HOLD ABOUT YOU
Beyond ONE respects your rights concerning your Personal Data. This section outlines your rights under applicable data protection laws, and how to exercise them. To exercise any of these rights, please contact us through the channels provided below. We will respond to your request within 30 days. Please note that we may need to verify your identity before processing your request.
- Right to be Informed.
You have the right to clear, easily understandable, accessible information about the collection and use of your Personal Data, your rights and our contact details. This is set out in this Privacy Policy and any relevant privacy information given to you when we collect or process your Personal Data.
- Right to Access
You can ask us to send you a copy of the Personal Data we hold about you. We shall provide you with the copy of your data within the timeline prescribed in the applicable law.
- Right to Correction
You can request that we correct Personal Data about you that we hold where it is incomplete, inaccurate or obsolete. We may need to verify the accuracy of the new data you provide to us.
- Right to Destruction
As per the relevant applicable law, in some situations, you can request we destroy Personal Data we hold about you, for example, where you no longer consent to our use of your Personal Data or there is no longer a compelling purpose for us to hold it.
- Right to be Notified in Case of a Data Breach
Your security is our priority. If we discover a data breach that compromises your personal information, we are committed to notifying you promptly and transparently, in accordance with applicable legal requirements.
- Right to Data Portability.
You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another Data Controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means
- Right to object to processing.
You can request that we stop using your Personal Data for certain purposes as per the applicable law unless an exception is applicable for us to continue processing your data for such purposes.
- Right to Withdraw Consent
If we process your Personal Data based on your consent, you can withdraw it at any time through the settings menu of the app by disabling the consent toggle. However, this will not affect the lawfulness of any processing based on your consent before its withdrawal.
- Right not to be subject to automated decision-making.
If we make decisions using automated means, in some situations, you can object to such decisions being made solely by automated means and requests, for example, that we use human intervention in the decision-making.
- Right to limit or refuse processing
Based on your relevant jurisdiction, this right allows you to restrict or deny the processing of your Personal Data under certain circumstances, ensuring more control over how their information is use.
12. CHANGES TO OUR PRIVACY POLICY
This Privacy Policy may change from time to time. Any changes we make will be posted on this page. We will notify you of any significant changes to this Privacy Policy by appropriate means.
13. CONTACTING US
If you have any comments or queries regarding our products or services, please call the Customer Services team at 0570001789.
If you have any questions or concerns about our use of your Personal Data or this Privacy Policy, please contact our data protection team at [email protected].