Umniah and the relevant Umniah group companies (“Umniah”, “we” or “us”) are committed to safeguarding your privacy and the confidentiality, integrity, and security of your personal data. “Personal data” in this Policy means any information that identifies you as an individual, recorded electronically or otherwise. It includes information you provide to us or that we collect through the methods and sources described below. Personal data may include—but is not limited to—your name, ID number, date of birth, age, gender, family status, and contact information (e.g., telephone numbers, postal address, email address, and social media accounts).
To help you make informed decisions and feel confident in entrusting us with your personal data, please read this Policy carefully. It explains how and why we use your data, as well as our policies and practices. This Policy should be read alongside our Personal Data Collection and Processing Statement, and it complements the provisions on data protection found in our product and service terms.
“Processing” of personal data refers to operations we carry out—manually or automatically—such as collection, recording, structuring, storage, usage, disclosure, and erasure.
This Policy describes how we collect, store, use, and disclose your personal data and outlines the legal basis for doing so. It also explains how you can access or update your data, and how to make choices or raise objections to certain uses of your personal data.
It applies to both online and offline data collection across all Umniah channels, such as websites, apps, social media, stores, contact centres, and sales points. Data collected via one channel (e.g., an Umniah website) may be combined with data collected via another (e.g., an Umniah store).
We process personal information in strict compliance with the laws of the Macau Special Administrative Region of the People's Republic of China (“Macau”), especially the Personal Data Protection Law (Law no. 8/2005), and any other applicable laws or binding guidelines issued by courts or regulators such as the Office for Personal Data Protection (GPDP), including international privacy principles and standards.
Where required under applicable laws, we may seek your consent before processing your personal data. If you do not provide consent where it is required, we may be unable to fulfil our obligations or provide you with services or products.
Certain categories of personal data are considered “sensitive,” including but not limited to political or religious beliefs, union membership, racial or ethnic origin, health data (including genetic or biometric data), and location data. In some jurisdictions, this also includes data on minors under age 14.
In general, we do not process sensitive data unless explicitly required by law or with your separate and express consent (or, for minors, consent from a parent or guardian). You should carefully consider whether to disclose sensitive personal data when using our websites, apps, or social media.
We collect only the data necessary to provide our products and services. We do not collect data in advance or for future undefined uses, unless required by law.
By providing your data, you confirm you are doing so with full understanding.
Depending on your interaction with us, we may collect:
Contact information (name, address, email, phone, etc.)
Login credentials (username, unrecoverable password, security questions)
Demographic and preference data (DOB, age, gender, interests, etc.)
Device and usage data (IP address, OS, browser, device ID, geolocation, etc.)
Behavioral data from cookies or similar technologies (see Section 7)
Feedback and testimonials you voluntarily share
User-generated content uploaded to our platforms
Public data from your social media profiles (as permitted)
Billing or payment information, such as credit/debit card details
Call recordings with our Contact Centre (for quality, training, or legal proof)
Cookies are small text files placed on your device when you visit a website. They don't contain sensitive data. To learn more about our use of cookies, please refer to our Cookies Policy.
We use personal data, as permitted or required by law, for purposes including:
Identity verification for service activation, deactivation, or portability
Account administration, fraud detection, and billing
Customer service for enquiries or complaints
Directory services, where applicable
Loyalty and reward program participation
Marketing and promotions, with your consent where required
Service and security notifications, fraud prevention, risk management
Network operations, including monitoring and maintenance
Product development, personalization, and service improvement
Internal analytics, audits, and research
Legal compliance, regulatory reporting, and cooperation with authorities
Public interest functions, e.g., during health or safety emergencies
We may share your data with:
Service providers and agents (e.g., banks, vendors, telecom operators) to help us deliver our products or services. These parties are contractually obligated to use your data solely as instructed and to maintain strict confidentiality.
Umniah group companies, including our parent company, CITIC Telecom International Holdings Limited, when permitted by law.
Government agencies, regulators, and courts, if required by law.
We do not sell or license your data to third parties for their own marketing purposes without your explicit consent.
In general, your personal data is processed in our headquarters in Jordan.
If, by way of exception, your data is also required to be processed in locations outside Jordan, we will scrupulously observe the applicable laws, including the statutory requirements for cross-border transfer of personal data, whether between us and our parent company, subsidiaries, or other third-party organizations.
In any case, we only engage in transferring personal data to places outside Jordan if the recipients provide an adequate level of protection for your data, and provided that appropriate technical and organizational security measures are in place to protect your personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
We will store and retain your personal data for as long as necessary to fulfill the purposes for which it has been processed. Such period of time varies depending on the purpose for which the information is processed, or to comply with applicable laws.
In the absence of specific legal requirements, we will retain your personal data only for the shortest time necessary for the purposes for which it was processed.
When your personal data is no longer needed for the purposes of processing or no longer required to be retained by applicable laws, we will remove it from our systems and/or take steps to anonymise it so that you can no longer be identified from it.
We have implemented appropriate measures to safeguard the confidentiality and security of the personal data you entrust to us, in full compliance with the applicable laws on privacy and protection of natural persons with regard to the processing of personal data.
We maintain physical, technical and security measures of the highest standards (including physical, electronic and governance measures), with respect to our offices and data storage facilities, to prevent accidental, unauthorized or unlawful access, use, disclosure, or accidental loss, destruction or damage to your personal data. Physical records containing personal data are securely stored in locked areas when not in use. Access to such physical and/or computer records is strictly controlled and requires management approval.
Apart from the statutory obligations of confidentiality, as a condition of employment our employees are required to sign a stringent confidentiality oath binding them to this responsibility, which governs their actions even after we no longer employ them.
Nonetheless, employees have access to personal data on a need-to-know basis only, in the sense that certain employees have access to personal data only to the extent necessary to accomplish the specific purpose for which the personal data have been collected.
Each employee who accesses personal data has the responsibility to use such data appropriately. Appropriate use of personal information means using it in accordance with the relevant internal policies, such as our Personal Data Protection Policy, and only as necessary to accomplish the purposes for which it was collected (e.g., to provide a service or to determine your eligibility for a benefit).
Where required by applicable laws, we will inform you and the relevant authorities of any incidents concerning your personal data and remedial or mitigation measures taken.
Subject to the limitations under the applicable laws, you have the following rights with regard to the processing of your personal data:
(i) You may obtain from us information as to the categories of personal data relating to you that have been stored or are being processed, how the data were collected, and for what purposes, and the recipients to whom the data have been or will be disclosed, and the envisaged storage period.
(ii) If personal data are inaccurate or incomplete, you may request for the data to be rectified or supplemented.
(iii) You may request the erasure of your data if the processing of such data has no legal basis, or if the legal basis has ceased to apply under the applicable laws. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons.
(iv) You may object or withdraw your consent at any time to your personal data being used for purposes of direct marketing, market research, or opinion research or any other form of sales prospecting.
(v) You have the right to object or withdraw your consent (where processing is based on consent), on grounds of your legitimate interests, for reasons relating to your particular situation, at any time to the processing of your personal data by us and we may be required to no longer process your personal data. If your objection is justified we will no longer process your personal data for such purposes.
You may exercise the above rights by written request to the contact person indicated in Section 15 below.
If we change the way we handle your personal data, we will update this Policy. We reserve the right to make changes to our practices and this Policy at any time, and we invite you to please check back frequently to see any updates or changes to our Policy. By continuing to use our websites or mobile applications, you agree to be bound by this Policy as amended from time to time.
We take our responsibility to respect your privacy and protect your personal data very seriously.
We will review our commitment regularly to ensure that it continues to meet your expectations and our responsibilities to you.
For information about any of the policies and practices described above, please contact our Data Protection Officer at:
Mr. [Insert Name]
Tel: [Insert Tel Number]
Email: [Insert Email Address]