1. Data Collection Scope
inumrah processes data strictly necessary to facilitate regulatory B2B operations and system mappings. This records matrix encompasses:
- Corporate Profiles: Offical business registration listings, license tags, structural volume projections, and administrative validation proofs.
- Traveler Manifest Details: Passport structures, visa-status codes, flight routing timelines, and medical certifications submitted directly by authorized External Agents.
- System Logging: IP addresses, dynamic device parameters, and cryptographic entry configurations used to monitor portal security.
2. Purpose of Data Processing
Collected metrics are processed explicitly to provide corporate functionalities on the network, specifically:
Synchronizing external agency credentials with Ministry systems via secure API channels, generating unique active Booking Reference Numbers (BRNs), coordinating physical arrival transport blocks, and executing automated transaction settlements safely.
3. Critical Regulatory Data Sharing
Because the platform serves as an operational infrastructure grid, system records are shared with third parties under strict regulatory requirements:
- The Ministry of Hajj and Umrah: To fulfill explicit legal sponsorship mappings and visa clearing workflows within the official Masar systems.
- Matched Saudi Operators: Sharing necessary traveler manifest parameters to execute on-ground transport, hospitality check-ins, and airport handling.
- Authorized Banking Gateways: To handle transaction validations and verify virtual corporate allocations securely.
4. Information Security & Compliance
All sensitive client data assets, biographical tracking records, and network logs are protected using corporate-grade Advanced Encryption Standards (AES-256) during transit and rest state. Storage intervals strictly match the active limits mandated by Saudi Arabian corporate privacy frameworks and international travel preservation guidelines.
5. Rights of Corporate Users
Registered agencies maintain full authority to inspect corporate files, update licensing metrics, or initiate system erasure protocols. However, structural data linked directly to active, unprocessed pilgrim itineraries or pending Ministry visa profiles cannot be erased or modified until all active travel cycles have legally concluded.