PRIVACY POLICY
Last updated: 2026-05-21
1. Introduction
Petromin Energy ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us, in compliance with the Saudi Arabian Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/148) and the regulations of the Communications, Space & Technology Commission (CST/CITC).
Petromin Energy is a wholly owned subsidiary of Petromin Holding, a Saudi-based global mobility leader since 1968. By using our website and services, you acknowledge the practices described in this policy.
2. Data Controller & Contact Information
The data controller responsible for your personal data is:
- Entity: Petromin Energy
- Address: Building 8136, Prince Sultan Street, Al Muhammadiyah District, Jeddah 4482, Kingdom of Saudi Arabia
- Customer Service: 800 442 0020
- Email: info@petromin.com
- Data Protection Officer (DPO): dpo@petromin.com
3. Information We Collect
We may collect the following categories of personal data:
3.1 Information You Provide Directly
- Contact Information: Full name, email address, phone number, and mailing address when you fill out forms, register for services, or contact us.
- Account Information: Username, password, vehicle details, fleet information, and payment data when you create an account or use our services.
- Communications: Records of your correspondence with us, including customer support inquiries, complaints, and feedback.
- Transaction Data: Purchase history, fuel consumption data, service records, and payment transaction details.
3.2 Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers, and language preferences.
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.
- Location Data: Approximate geographic location based on IP address when you use our station finder or location-based services. With your explicit consent, precise GPS location.
- Cookies & Similar Technologies: We use cookies and tracking technologies as described in our Cookie Policy.
3.3 Information from Third Parties
- Payment processors and financial institutions for transaction verification.
- Business partners and service providers (e.g., fleet management partners, EV charging network operators).
- Publicly available sources and government entities where permitted by Saudi law.
4. Purposes of Processing
We process your personal data for the following purposes, as permitted under PDPL:
- Service Delivery: To provide, maintain, and improve our fuel, EV charging, fleet management, and automotive services.
- Customer Support: To respond to inquiries, process complaints, and provide technical support.
- Transaction Processing: To process payments, issue invoices, and manage accounts.
- Communication: To send service updates, promotional materials (with your consent), and important notices regarding your account.
- Legal Compliance: To comply with Saudi laws and regulations, including CITC requirements and PDPL obligations.
- Security: To detect and prevent fraud, unauthorized access, and other security incidents.
- Analytics & Improvement: To analyze usage patterns and improve our website, products, and services.
5. Legal Basis for Processing (PDPL Compliance)
Under PDPL, we process your personal data based on one or more of the following legal bases:
- Consent: Where you have explicitly provided your consent for specific processing purposes.
- Contractual Necessity: Processing necessary for the performance of a contract with you (e.g., providing fuel services).
- Legal Obligation: Processing required to comply with Saudi laws and regulatory requirements.
- Legitimate Interests: Processing necessary for our legitimate business interests, provided such interests do not override your rights and freedoms.
- Public Interest: Processing necessary for the public interest as defined by Saudi regulations.
6. Data Sharing & Disclosure
We may share your personal data with the following categories of recipients:
- Petromin Group Entities: Petromin Holding and its subsidiaries (Electromin, Petromin Express, Petromin Auto Care, NCMC Global, NTSC, GoGo Motor) for operational and service purposes.
- Service Providers: Third-party vendors who process data on our behalf, including payment processors, IT service providers, cloud hosting providers, analytics platforms, and customer support systems.
- Business Partners: Fleet management partners, automotive partners (Nissan, Stellantis, Foton), insurance providers, and roadside assistance providers.
- Regulatory Authorities: Government bodies and regulators as required by Saudi law (CITC, ZATCA, Ministry of Commerce, etc.).
- Legal Obligations: Law enforcement, courts, or other authorities when required by applicable law or legal process.
We do not sell your personal data to third parties for their marketing purposes without your explicit consent.
7. Cross-Border Data Transfers
As required by PDPL, personal data may be transferred outside the Kingdom of Saudi Arabia only under the following conditions:
- The receiving country maintains adequate data protection standards as determined by the competent Saudi authority.
- Appropriate contractual safeguards are in place (e.g., Standard Contractual Clauses approved by the competent authority).
- Your explicit consent has been obtained where required.
- The transfer is necessary for the performance of a contract with you or for your benefit.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. The retention periods are determined based on:
- The nature and sensitivity of the data.
- The potential risk of harm from unauthorized use or disclosure.
- The purposes for which we process the data.
- Applicable legal and regulatory requirements (e.g., ZATCA tax invoice retention requirements).
Once the retention period expires, personal data will be securely deleted, anonymized, or destroyed in accordance with our data retention and disposal policy.
9. Your Rights Under PDPL
Under the Saudi Personal Data Protection Law, you have the following rights regarding your personal data:
- Right to be Informed: To be informed about the collection and processing of your personal data.
- Right of Access: To request access to your personal data held by us.
- Right to Rectification: To request correction of inaccurate or incomplete personal data.
- Right to Deletion: To request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal retention requirements.
- Right to Restriction: To request restriction of processing in certain circumstances.
- Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: To object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
- Right to Withdraw Consent: To withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.
10. Exercising Your Rights
To exercise any of your rights under PDPL, please submit a request through the following channels:
- Email: dpo@petromin.com
- Phone: 800 442 0020
- Website: Visit our contact form at /contact-us
- In Writing: Building 8136, Prince Sultan Street, Al Muhammadiyah District, Jeddah 4482, Kingdom of Saudi Arabia, Attn: Data Protection Officer
We will respond to your request within thirty (30) calendar days as required by PDPL. We may request additional information to verify your identity before processing your request. In certain circumstances, we may charge a reasonable fee or decline your request where permitted by law.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Saudi Authority for Data Protection (SADP) or the relevant regulatory authority.
11. Data Security
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (TLS/SSL) and at rest using industry-standard protocols.
- Access controls and authentication mechanisms to restrict data access to authorized personnel only.
- Regular security assessments, penetration testing, and vulnerability scanning.
- Employee training on data protection and confidentiality obligations.
- Incident response and breach notification procedures as required by PDPL.
- Physical security measures for our facilities and data centers.
In the event of a personal data breach, we will notify the relevant regulatory authorities and affected data subjects as required by PDPL within the prescribed timeline.
12. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and provide personalized content. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.
We use the following categories of cookies:
- Essential Cookies: Required for the basic functionality of the website and cannot be disabled.
- Analytics Cookies: Help us understand how you interact with our website to improve performance.
- Functional Cookies: Remember your preferences and enhance your experience.
- Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (with your consent).
You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of our website.
13. Online Reputation & Brand Monitoring
Petromin Energy actively monitors its online presence to maintain brand integrity and customer trust. As part of our reputation management practices, we may:
- Monitor public social media platforms, review sites, and online forums for mentions of Petromin Energy and its services.
- Collect publicly available feedback and reviews to improve service quality.
- Respond to customer concerns and inquiries across digital channels.
- Analyze sentiment and trends to enhance customer experience.
- Address false or misleading information about our brand in accordance with Saudi defamation and cybercrime laws.
This monitoring is conducted in compliance with PDPL and CITC regulations, and we respect the privacy rights of individuals in all our monitoring activities.
14. Complaints & Grievances
If you have a complaint regarding our processing of your personal data or any privacy-related matter, please contact us using the details in Section 2. We will acknowledge receipt of your complaint within five (5) business days and aim to resolve it within thirty (30) calendar days.
If you are not satisfied with our response, you may escalate your complaint to:
- Saudi Authority for Data Protection (SADP) — the regulatory body responsible for PDPL enforcement.
- Communications, Space & Technology Commission (CST/CITC) — for telecommunications and digital services-related privacy concerns.
- Ministry of Commerce — for consumer protection matters.
15. Third-Party Links
Our website may contain links to third-party websites, including our partners (Electromin, Petromin Express, Petromin Auto Care, NCMC Global, NTSC, GoGo Motor) and automotive brands (Nissan, Stellantis, Foton). This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.
16. Children's Privacy
Our services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. In accordance with Saudi regulations, parental consent is required for processing the data of minors.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory obligations. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Where required by PDPL, we will seek your consent for material changes.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.
18. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Kingdom of Saudi Arabia. Any disputes arising under or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of Jeddah, Saudi Arabia.
19. Contact & Data Protection Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer:
- Email: dpo@petromin.com
- Phone: 800 442 0020
- Address: Building 8136, Prince Sultan Street, Al Muhammadiyah District, Jeddah 4482, Kingdom of Saudi Arabia, Attn: Data Protection Officer