Privacy Policy

 

Privacy Policy and Personal Data Protection

 

 

The National Centre for Palms & Dates (the "Center") values the privacy of its users and is committed to safeguarding their personal information. All data is handled with the highest level of care, ensuring confidentiality and privacy remain a cornerstone of our services. This policy governs how the Center collects, uses, stores, and discloses data obtained from users. Ensuring full compliance with the Personal Data Protection Law, the following section outlines the key principles of our personal data protection policy: 

 

First: Personal Data Protection Provisions 

 

1. Scope:

This policy applies to all "user" personal data processed within the Kingdom, by any means. Exceptions include situations where disclosure is required, such as the following: 

  • The disclosure is required by a public authority for public interest, security purposes, enforcement of a law, or compliance with a legal requirement. 
  • If disclosure is needed to protect public health, public safety, or the life or well-being of a specific person or group. 
  • If the disclosure involves processing the data in a manner that does not allow the identification of the user or any other individual. 
  • When disclosure is necessary to safeguard legitimate interests of the regulatory authority, provided it does not infringe on the users' own rights, conflict with their interests, or involve sensitive personal data. 

 

2. Purpose of Collecting Personal Data:

To periodically assess user satisfaction with the system’s services, identify user needs, analyze interactions with other system users, and evaluate the ease of use and overall satisfaction with the services provided. 

3. Types of Personal Data Collected:

The system collects various types of personal data, including: Full name, nationality, city, gender, national ID number, mobile number, organization name, the service provided, service details, and the period of service. 

Second: Key Principles of Personal Data Protection 

1. Introduction:

Personal data refers to any user-related information that may lead to the identification of a specific individual, regardless of its source or format. This includes, but is not limited to: the user's name, identification data, address, contact numbers, license and registration numbers, personal property details, bank account and card numbers, as well as still and moving images. Service providers are required to: 

  1.   a. Protect users’ personal data from unauthorized access, disclosure, alteration, or use for purposes other than those legally permitted, by applying appropriate technical and administrative safeguards based on the nature of the data. 
  2.   Retain personal data only as necessary to fulfill the service provider’s obligations, and prohibit its use for any other purpose (such as advertising or marketing) without the user's explicit prior consent. 

2. Principles:

Accountability:

Privacy policies and procedures must be clearly defined, documented, and approved by the entity’s top authority, and communicated to all relevant parties responsible for implementing them. 

Transparency:

A privacy notice should be issued by the Center, clearly and explicitly specifying the purposes for which personal data is being processed. 

Choice and Consent :

All options available to users must be clearly presented, and their consent must be obtained (explicitly or implicitly) regarding the collection, use, or disclosure of their personal data. 

Data Minimization:

Collection of personal data must be limited to the minimum necessary amount needed to achieve the purposes outlined in the privacy notice. 

Limitation of Data Use, Retention, and Disposal :

Personal data must be processed only for the purposes specified in the privacy notice, for which the user has given consent. Data should be retained only as long as necessary to fulfill those purposes or as required by the Kingdom's applicable laws, regulations, and policies. Also, it must be securely disposed of to prevent leakage, loss, misuse, or unauthorized access. 

Data Access :

Users must have the means to access their personal data for review, updating, and correction. 

Limiting Data Disclosure:

Personal data should only be disclosed to external parties for explicitly stated purposes.   Data Security: Personal data must be protected from leakage, loss, or unauthorized access in compliance with regulations from the National Cybersecurity Authority.

Data Accuracy:

Disclosure of personal data to external parties must be restricted to the purposes outlined in the privacy notice, for which the user has given explicit or implicit consent. 

Data Security:

Personal data must be protected against leakage, damage, loss, theft, misuse, alteration, or unauthorized access, in accordance with guidelines of the National Cybersecurity Authority and other relevant authorities. 

Data Quality:

Personal data must be accurate, complete, and directly relevant to the purposes specified in the privacy notice. 

Monitoring and Compliance:

Compliance with privacy policies and procedures must be monitored, and inquiries, complaints, and disputes related to privacy should be addressed appropriately. 

 

Third: Privacy Notice

The National Centre for Palms & Dates recognizes the importance of protecting your privacy and placing the confidentiality of its users’ and visitors’ data as a top priority. This notice has been prepared to clearly explain the following: 

Consent to the Privacy Notice:

By agreeing to this privacy notice, you consent to the privacy rules and conditions applicable to all services, programs, and initiatives offered by the Center, including any periodic updates applied to these rules and conditions to accommodate operational needs and changes. Similarly, any data received from other entities serving the Center or from users interacting with its services will also be collected, stored, and used. The types of data collected include: personal, transaction, and organization data. Transaction data refers to any information describing your interactions with the Center, such as the time of site access and the pages you visited. 

Fourth: Data Collected

Whenever you fill out a form or provide information through a browser, phone call, email, or social media channel, your data will be stored on the Center’s servers. All information you provide through the system will be collected, stored, and used. 

Fifth: Protecting Your Organization and Transaction Data 

Your organization’s data will be shared only with the Center's employees who need to view and use such data to examine, understand, and support the development of the palm and dates sector. Data may also be shared with government authorities for legitimate purposes based on legal requirements or justified operational needs aimed at serving the public interest - without harming national interests, the activities of governmental bodies, individual privacy, or environmental integrity. Exceptions apply to data or authorities exempted by Royal Directives. 

Sixth: Protection Your Personal Data

Personal data is securely stored and processed within the Kingdom’s borders to ensure national digital sovereignty. All servers containing your personal information are protected in accordance with the regulations issued by the National Cybersecurity Authority. Your personal data will only be accessible to staff who need to view and use it, and any processing or use of this data will be carefully assessed to ensure it aligns with the purpose for which it was collected. When necessary, personal data may also be shared with government authorities for the purposes outlined in the section "Why We Collect and Use Your Personal Data", with exceptions for authorities exempted by royal directives. If the Center or any government authority wishes to use your personal data for purposes other than those specified, your prior consent will be obtained. When your personal data is shared with any government authority, the purpose will be clearly defined and reviewed, followed by signing a non-disclosure agreement to ensure proper documentation of how your data is processed and used, guaranteeing it is applied solely for the agreed purpose.  Advanced information security technologies will be employed to ensure safe transmission of your data to the respective government entity. None of this data will be exchanged, circulated, published, or sold to any party other than the authorized government authorities without your prior consent. Access will be strictly limited to qualified personnel responsible for delivering government services. 

Seventh: Purpose of Data Collection and Use

Your personal data is collected, used, and processed for organizational, improvement, and development purposes, including: 

  1. Completing the information required for applying to the services offered by the Center on its official website or affiliated platforms. 
  2. Conducting surveys, interviews, and gathering feedback. 
  3. Sending invitations to participate in workshops, courses, and conferences. 
  4. Promoting investment opportunities, services, programs, and initiatives supported by the Center. 
  5. Handling inquiries or complaints and improving the user experience across all government communication channels. 
  6. Meeting legal and regulatory requirements. 
  7. Analyzing data and preparing internal reports to support operational needs, such as statistical reports. 
  8. Supporting, understanding, studying, and developing the palm and dates sector. 

 

Eighth: Your Rights Regarding the Processing of Your Personal Data 

Under the Personal Data Protection Policy, you have the following rights which depend primarily on the purpose for which your personal data is collected, used, and processed:

  1. You have the right to be notified of the legal basis or legitimate need for collecting your personal data, the purpose of its collection, and to ensure that your data is not processed in ways that conflict with the purpose for which you provided your implicit or explicit consent. 
  2. You have the right to access and review your personal data held by the regulatory authority in order to request corrections, completion, or updates; demand the deletion of data that is no longer needed; and obtain a clear copy of your data. Except in the circumstances noted above, your personal data will not be processed or used for any purpose other than the one originally agreed upon without your consent. Regulations governing personal data protection specify the conditions under which consent must be obtained and when it must be explicit. In all cases, you may withdraw your previously given consent at any time, in accordance with the applicable rules. 

Cases Where Consent Is Not Required for Processing Personal Data: 

  • When processing serves a legitimate interest of the users and contacting them is impractical or difficult. 
  • When processing is required under other applicable laws or to fulfill a prior agreement in which the user is involved. 
  • When the controlling entity is a public authority .and the processing is necessary for security or judicial compliance purposes. 
  • When processing is necessary to protect the legitimate interests of the controlling entity, provided it does not infringe on the user's own rights, conflict with their interests, or involve sensitive personal data. 

Ninth: Safe Information Transfer 

We ensure that the system employs the highest security measures to protect the information you provide. Sensitive data (such as credit card numbers) or any information that must remain confidential in accordance with legal requirements are encrypted and handled securely. 

Tenth: Contacting the Center

If you have any questions regarding this Privacy Notice, need assistance, or wish to submit a complaint, please contact us at: 

  Tell-free number: 8003010055  

Email: info@ncpd.gov.sa

Operating Hours: Sunday to Thursday, from 8:00 AM to 4:00 PM.