Privacy Policy

This privacy policy applies to the services provided by The Cave Climbing, operated by The Edge Entertainment Company, with its registered offices in Riyadh, Kingdom of Saudi Arabia.

For any privacy-related inquiries, you may contact us at: privacy@theedge.sa

We collect the following categories of personal data:

• Identity data: First name, last name, date of birth, gender
• Contact data: Email address, mobile number
• Identification data: Government-issued ID type (National ID, Iqama, or Passport) and number — used for liability waiver identification
• Safety data: Emergency contact name and phone number
• Account data: Password (encrypted), QR code identifier
• Transaction data: Purchase history, order amounts, payment method used
• Activity data: Check-in and checkout timestamps, facility location
• Technical data: Browser type, pages visited, approximate location (via analytics cookies, if consented)

We process your personal data for the following purposes:

• Service delivery: Managing your membership, processing pass purchases, facilitating check-in/checkout at our facilities
• Safety and compliance: Verifying identity for liability waivers, age verification, maintaining emergency contact information
• Financial reporting: Generating invoices, accounting records, and tax compliance
• Communication: Sending order confirmations, pass expiry reminders, and service-related notifications
• Analytics: Improving our website and services through aggregated usage data (only with your consent)

We process your data under the following legal bases as defined by the Saudi Personal Data Protection Law (PDPL):

• Contractual necessity (Article 6.2): Processing required to fulfill your membership agreement and deliver purchased services
• Legitimate interest (Article 6.4): Fraud prevention and facility safety — no sensitive data is processed under this basis
• Consent (Article 5): Marketing communications and analytics cookies — you may withdraw consent at any time

When creating an account or completing your profile:

• Required: First name, last name, email address, password
• Optional: Phone number, date of birth, gender, government ID, emergency contacts

If you do not provide optional data, some features may be limited. For example, you cannot check in to our facility without a government ID on file, as it is required for our liability waiver process.

We share your personal data with the following third-party service providers, solely for the purposes described:

We do not sell your personal data to any third party.

Some of our service providers are located outside the Kingdom of Saudi Arabia. When your data is transferred outside KSA, we ensure that:

• The transfer is necessary for the performance of our contract with you (PDPL Article 29)
• Our providers maintain industry-standard security certifications (SOC 2, ISO 27001)
• Data is encrypted in transit using TLS 1.2 or higher
• Only the minimum necessary data is transferred to each provider

We retain your data for the following periods:

• Account data: Retained while your account is active, plus 5 years after closure (Saudi commercial records requirement)
• Financial records: 10 years (Zakat, Tax, and Customs Authority requirement)
• Check-in logs: 2 years
• Payment logs: 5 years
• Analytics data: Aggregated after 26 months

Upon account deletion, your profile information is destroyed within 30 days. Financial records are anonymized and retained as required by law.

Under the Saudi Personal Data Protection Law (Article 4), you have the right to:

• Be informed: Know the legal basis and purpose of collecting your data
• Access: Request access to the personal data we hold about you
• Obtain a copy: Request your data in a readable and clear format
• Correct: Request correction of inaccurate or incomplete data
• Delete: Request destruction of your data when it is no longer needed (subject to legal retention requirements)
• Withdraw consent: Withdraw your consent for data processing at any time

To exercise any of your data rights, contact us at privacy@theedge.sa.

We will respond to your request within 30 days. We may need to verify your identity before processing your request to protect your data from unauthorized access.

We use Google Analytics 4 to understand how visitors use our website. This service uses cookies to collect anonymized usage data including pages visited, session duration, and device type.

We do not track you without your consent. A consent banner is displayed on your first visit. You may accept or decline analytics cookies. Your choice is remembered for future visits.

No personally identifiable information is sent to Google Analytics. We do not use advertising cookies.

You can also control cookies through your browser settings at any time.

Please refer to our Terms of Service (Section: Photography & Media Release) for details on how we handle photographs and recordings taken at our facilities.

We implement organizational and technical measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+)
• Role-based access control limiting staff access to personal data
• Audit logging of data access and modifications
• Government ID numbers are masked in all displays (only last 4 digits shown)
• Row-level security policies on database tables
• Regular review of security practices

We may update this privacy policy from time to time. For material changes, we will notify you via email. Continued use of our services after the effective date constitutes acceptance of the updated policy.

Previous versions of this policy are available upon request.

If you have questions about this policy or wish to exercise your rights, contact us at:

• Email: privacy@theedge.sa
• Website: www.thecaveclimbing.com

If you believe your data rights have been violated, you have the right to lodge a complaint with the Saudi Data and AI Authority (SDAIA), the competent authority for the Personal Data Protection Law.

SDAIA: sdaia.gov.sa