PRIVACY POLICY
1. OUR COMMITMENT TO THE USERS' PRIVACY
The Foundation is committed to protecting the privacy of Users of its Website and to handling personal data lawfully and fairly. This Policy explains how we collect, use, disclose, store, and protect Personal Data, as well as the rights available to the data owners.
This Policy applies to the Users of the Website and any other public website for the Foundation and any online forms, subscription features, or digital services we make available through the Website.
This Policy is prepared in accordance with the Personal Data Protection Law (Royal Decree No. M/19 dated 09/02/1443H), its implementing regulation, and the applicable laws and regulations in Saudi Arabia. By using the website, the User agrees to this Policy. Where the law requires explicit consent, it will be obtained through clear prompts.
We may change or update this Privacy Policy from time to time, and any changes will be ‎published on this Page. Any updates or changes shall become effective immediately upon ‎publication, However, where an update results in a change to the purpose of processing Personal Data or introduces new processing activities that require the User’s consent under the Personal Data Protection Law, we will notify the user of such changes through the available channels and request the user’s consent through an appropriate mechanism, in accordance with applicable laws and regulations. We recommend that users review this page periodically to access the most recent version of the Policy.
2. DEFINITIONS
1.1 In this Policy, the following definitions will have the following meanings:
(a) “Website” means this website and all its pages and content therein.
(b) “Foundation” means the Riyadh Foundation and any reference to “ourselves”, “we”, “our” and “us” shall hold the same meaning.
(c) “User” means the person choosing to access or use the Website.
(d) “Policy” means this privacy policy (as updated from time to time).
(e) “Personal Data” means any data, regardless of its source or form, that may lead to identifying a User specifically, or that may directly or indirectly make it possible to identify a User, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.
3. WHAT PERSONAL DATA WE COLLECT?
1.1 The Foundation may collect and process the User’s Personal Data which are as follows:
(a) Identification and contact data:
Name, title, organization, email address, phone number, city/country, and similar details the User provides via contact or subscription forms.
(b) Application and participation data:
Information provided when expressing interest in the Foundation’s programs, events, visits, collaborations, or vendor registrations, including role/function, areas of interest, and submitted documents.
(c) Technical and usage data:
IP address, device and browser type, operating system, referring pages, pages viewed, session time, and similar analytics data collected via cookies or similar technologies.
(d) Communications data:
Content of messages the User submits via our forms or email, the User’s preferences for receiving updates, and records of the User’s interactions with us online.
(e) Media and publication data:
Testimonials, photographs, or video where the User has given permission for web publication or where recorded in the context of public events.
(f) Consent records:
The User’s consents and preferences for specific uses (for example, newsletters, event photography, cookies).
(g) Sensitive personal data (if applicable and subject to legal requirements):
Health or genetic information, biometric identifiers, financial/credit information, or other sensitive categories will only be collected where strictly necessary for defined purposes and on an appropriate lawful basis.
4. HOW WE COLLET THE USERS' PERSONAL DATA
4.1 The Foundation collects Personal Data directly or indirectly (depending on the service provided), and the methods of collecting Personal Data include the following:
4.2 Personal Data collected directly:
(a) Information provided directly by the User:
As the case when the User applies or utilises a service provided on the Foundation’s Website or when the User submits forms, subscribe to updates, register for events, upload materials, or communicate with us by any means whether via phone, email, or the Foundation’s social media accounts.
4.3 Personal Data collected indirectly:
(a) Information collected via cookies and similar technologies:
The Foundation’s Website uses cookies and similar technologies to enhance user experience, analyse traffic, and improve the performance of the services. Cookies may collect data such as IP address, browser type, operating system, and browsing activities, including the date, time, and pages visited.
(b) Information from third parties:
Personal Data may also be obtained indirectly from various sources, including government and semi-governmental entities, private sector bodies, and service providers (that support our website analytics or communications, for example), in accordance with Saudi Arabia’s applicable laws and regulations.
5. WHAT IS THE PURPOSE FOR COLLECTION
5.1 The data collected, whether directly or indirectly, is used to enhance the website experience, support operational needs, ‎generate studies and indicators, provide services, process complaints, inquiries, and requests received by the Foundation, respond to requests from regulatory, judicial, and ‎government bodies, conduct marketing activities, and safeguard the rights of ‎parties involved.
5.2 Further, Personal Data is used to provide and administer the service (including creating and managing accounts, authenticating users, delivering features, and providing support), to communicate with Users about the service (such as confirmations, notices, and responses to enquiries), to detect, investigate and prevent fraud, abuse and security incidents, to comply with applicable laws and lawful requests, and—where permitted—to send marketing communications and manage newsletters and subscriptions. Each of the foregoing purposes is carried out on one or more lawful bases outlined in Section (‎7) below as recognised by the Personal Data Protection Law.
6. HOW WE STORE THE USERS' PERSONAL DATA
6.1 The User’s Personal Data is stored securely either at the data storage or at a cloud computing service provider within Saudi Arabia.
6.2 We use administrative, technical, and physical measures to protect Personal Data against loss, misuse, unauthorised access, disclosure, alteration, and destruction according to the requirements of the National Cybersecurity Authority.
6.3 Data will be retained and securely disposed of in accordance with the applicable laws and in compliance with the provisions of Article (18) of the Personal Data Protection Law.
7. LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
7.1 In accordance with the Personal Data Protection Law, the legal basis on which we rely in processing such data are:
(a) the User’s consent;
(b) fulfilment of a contractual obligations, for example to deliver services or benefits the User’s request or register for;
(c) compliance with a statutory obligation in order to comply with laws and regulatory requirements we or the User are subject to;
(d) maintaining vital interests where necessary to protect life or safety;
(e) achieving public interest where a disclosure of the User’s data is requested by a public entity; or
(f) for our legitimate interest or objectives, for example, to improve our services, maintain website security, and understand our audience, provided this does not affect the User’s rights and interests.
7.2 The User can withdraw his consent at any time without affecting processing operations carried out based on other legal bases. To this end, the User can contact us using the information provided in Section (‎8) below.
8. THE USER'S RIGHTS
8.1 Under Personal Data Protection Law, The User has the following rights, which primarily depend on the purpose of Personal Data collection and processing:
(a) Right to be Informed:
The User is entitled to be informed how we collect his Personal Data, legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. The User can access all details through this Policy or contact us using the contact information mentioned in Section (‎9) below.
(b) Right of Access Personal Data:
The User is entitled to request access to his Personal Data by reaching out to us.
(c) Right to Request Access to Personal Data:
The User is entitled to request access his Personal Data held by us in a readable and clear format if technically feasible by reaching out to us.
(d) Right to Request Correction of Personal Data:
The User is entitled to request correction of his Personal Data that he believes is inaccurate, incorrect or incomplete, by reaching out to us.
(e) Right to Request Destruction of Personal Data:
The User is entitled to request destruction of his Personal Data held by us, provided that we may retain such Personal Data to the extent necessary, as follows:
a. In cases where applicable laws require the retention of Personal Data to the extent necessary to comply with the regulatory requirements, in accordance with the Personal Data Protection Law and other applicable laws.
b. After the purpose of its collection has ended after removing all information that could specifically identify the data subject (i.e., anonymising the data), in accordance with the controls set out in the Implementing Regulations of the Personal Data Protection Law.
(f) Right to Withdraw Consent for Processing Personal Data:
The User is entitled to withdraw his consent for processing his Personal Data at any time unless there are legal bases that require otherwise, as the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8.2 Unless otherwise stipulated by the law, the User will not be required to pay any fees in return for exercising this right. In case of submitting a request for exercising this right, the User will receive a response within (30) days as of the request receiving date.
8.3 For further details regarding the processing of the User’s Personal Data and how to exercise the rights granted under this Policy or the applicable laws, the User can contact us using the below mentioned contact details.
9. HOW TO REACH US
If the User has questions about this Policy or wish to exercise his data rights, the User shall contact us by submitting a Data Subject Request Form available under the Privacy Policy on the Foundation’s website, or through the “Contact Us” feature on the Foundation’s Website.
10. COMPLAINTS AND INQUIRIES
10.1 If the User has any concerns, or if we do not comply with the Personal Data Protection Law, the User can file a complaint in accordance with the process set out in Section (‎9).
10.2 If the User is not satisfied with how we process his complaint, or if we fail to respond within (30) days, the User can file a complaint to the competent authority, i.e. the Saudi Data and AI Authority according to the contact information below:
Saudi Data and Artificial Intelligence Authority
Kingdom of Saudi Arabia, Riyadh
Website: (sdaia.gov.sa)
National Data Governance Platform: (dgp.sdaia.gov.sa).
11. POLICY VERSION
This Policy was prepared on [insert date of publication]. The latest version of the Policy can be accessed via [insert hyperlink]