Purpose Of Collecting?
The Service Provider is keen to respect the privacy of the subscribers or visitors and all the data that they entered, and not to sign into the subscribers(’s) account to view or copy the data subscribers(‘s) entered except at the subscribers(‘s) request, to facilitate their training or work.
How its being collect?
The service provider collects the data that does not identify the subscribers or visitors personally which is sent by web browsers such as type of browser, favorable language, type of operating system, and the date and time of the request, for the purpose of knowing how the subscribers or visitors interact with the services and the site. In addition, publishing general statistics of use which is not related to someone in specific.
Storing method and content of the personal data to be collected?
The service provider keeps the necessary personal data in any format to subscribe and use the service during signing up such as subscriber(s) name, email, contact info, address, method of payment, or any other data. The service provider may inform affiliates or contractors involved and in need of such data either to process it on behalf of the service provider or to provide the service to the subscriber.
There may be employees, contractors, or affiliated organizations located outside the subscriber's country in which the data may be stored and processed in their geographical location, then the use or browse of the Service or site means consent from the subcribers('s) or visitors('s) of such data transfer outside their geographical location.
From time to time, The Service Provider will send emails to the subcriber(s) informing them of the new features, important info related to the service or site, info related to The Service Provider, or request feedback about the service.
The service provider reserves the right to publish some of the subscribers' responses or inquiries that have been received and after removing any information that could identify the subscriber regarding the service or the site such as technical support requests, to help the other subscribers.
The Service Provider records the internet addresses of the subscriber(s) or visitor(s) that could identify them, but the service provider will not disclose them.
Data owner's rights and how to exercise them?
1-The subscribers('s) or visitors('s) undertake to provide correct and updated data to the service provider, and then subscribers('s) or visitors('s) will update their data regularly in the event of any change occurring to the data when they want to change it.
2-The service provider is entitled to disclose the personal data for the following purposes:
a- The owner of the personal data consents to such disclosure.
b- The personal data collected from a source that is available to the public.
c- In the event that a public entity requests the disclosure either for the public good, security, executing a law, or for any judicial requests.
d- In the event the disclosing is necessary for protecting the public well-being or safety, or to protect the life of an individual or specific individual, or to protect their health.
e- If the disclosure will be limited to processing it in a way that does not reveal the identity of the personal data owner, or any individual in particular.
f- If the disclosure is necessary to serve a legitimate purpose of the controller party, provided that it does not breach the personal data owner's rights or does not interfere with the owner's interests and the data is not sensitive.
3-The personal data may get collected or processed for scientific, research, or statistical matters without the consent of the data owner as follows:
a- The data contains no proof of the owner's identity.
b- In the event of destroying anything reveals the identity of the owners of the personal data in specifically during the operation of processing the data and prior to disclosing the data to any other entities, and that such data is not sensitive.
c- If the data collection or processing is according to another law, or for the purpose of execution of a prior agreement the data owner is a part of the agreement.
How is Data processed?
“Processing”: means any operation performed on the personal data by any means, whether manual or mechanized, including the operations of processing, recording, saving, archiving, arranging, coordinating, storing, modifying, updating, merging, retrieving, using, disclosing, transferring, publishing, data sharing or interconnection, blocking, deletion, and destroying.
1-Other than the sensitive data, the personal data may be processed for marketing purposes if it’s collected directly from the owner upon their consent.
2-The service provider may transfer the personal data outside the Kingdom or disclose it to a party outside the Kingdom, for the following purposes:
a- Implementing under an agreement that The Saudi government is part of.
b- Serving the Kingdom's interests.
c- Implementing under an obligation that the owner of the personal data is a part of.
d- Implementing under the Saudi regulations regarding other matters.
3-Transferring or disclosing the data stated in paragraph (2) of this clause shall be subject to the following conditions:
a- If the data disclosure or transfer must not result in infringing any national security or the country's vital interest.
b- There must be an appropriate level of protection of the personal data outside Saudi no less than the level of protection stated in the laws and regulations.
c- The data disclosure or transfer is limited to the minimum extent of the personal data that is required.
Means any action that permanently removes data and makes it difficult to recover or view it afterward.
1-If it appears that the data collected is no longer necessary to accomplish the purpose of the collecting process, accordingly, the service provider will stop collecting the data and destroy what was collected without delay.
2-The service provider will destroy the personal data without delay once the purpose for collecting the data has been ended. However, the service provider may keep such data after the end of the purpose after removing anything that could lead to identifying the owner of the data.
3-The service provider keeps the personal data after the end of the purpose of collecting the data under the following conditions:
a- In the event there is a legal order allowing to keep the data for a specific period of time, then in this event, the data will be destroyed after this period is ended or after the end of the purpose of collecting it, whichever is later.
b- If the personal data is closely related to a case pending before a judicial authority and keeping it for this purpose, in which event the data will be destroyed after completing the judicial procedures connected to the case.
4-Without prejudice to data destruction provision, the service provider shall keep records for a period of time as determined by the regulations of the activities of processing the personal data according to the kind of activity carried out by the controller party; To be available when requested by the competent authority. Provided that the records include a minimum of the following data:
a- Contact details of the controller party.
b- The purpose of processing the personal data.
c- The Description of the categories of the personal data owners.
d- Any party the personal data has been or will be disclosed to.
e- The personal data has been or will be transferred or disclosed outside of the Saudi.
f- The expected duration for keeping the personal data.