Privacy Policy

 

Privacy Policy and Personal Data Protection

 

 

Believing in the importance and confidentiality of data, and in its commitment to delivering the highest level of service, the Center is committed to maintaining the confidentiality and privacy of user data and the information entered into its system. The system's administration adheres to safeguarding the confidentiality and privacy of user information and submitted materials as the foundation of its privacy policy. This policy governs how the Center collects, uses, stores, and discloses data gathered from users, in accordance with the provisions of the Personal Data Protection Law. Below are the main provisions:

 

First: Provisions for Personal Data Protection

 

1. Scope:

 

  • This policy applies to any personal data processing activity concerning “users” conducted within the Kingdom by any means. Exceptions include:  
  • Disclosure requested by a public authority for public interest, security, law enforcement, or judicial purposes.
  •   Disclosure necessary to protect public health, public safety, or the life or health of a specific individual or group.  
  • Disclosure limited to processing data in a way that prevents identification of the data owner or any specific person.
  •   Disclosure necessary to serve the legitimate interests of the regulatory body, provided it does not conflict with the rights or interests of the data subject, and that the data is not classified as sensitive.

 

2. Purpose of Collecting Personal Data:

To periodically measure user satisfaction with system services, understand user needs, analyze their interactions with other parties using the system, and assess service usability and user experience.

3. Types of Personal Data Collected:

Personal information may include: full name, nationality, city, gender, ID number, mobile number, organization name, service provided, service details, and service duration.

Second: Core Principles of Personal Data Protection

1. Introduction:

Any information that can identify a consumer—regardless of format or source—is considered personal data and must be protected. This includes name, ID information, address, contact numbers, license and ownership numbers, bank details, photos, and videos.  The service provider must:

  1.   Protect personal data from unauthorized access, disclosure, alteration, or misuse by applying appropriate technical and administrative measures.
  2.   Retain personal data only as long as necessary to fulfill service obligations and never use it for marketing or advertising without prior explicit consent.

2. Principles:

Responsibility:

Privacy policies and procedures must be documented, approved by top leadership, and shared with all stakeholders.

Transparency:

Clear and specific privacy notices must be issued, outlining the purposes of data processing.   Choice and Consent: Data subjects must be presented with all possible choices and give explicit or implicit consent for data collection, use, and disclosure.

Data Minimization:

Only the minimum necessary data for the stated purposes should be collected.

Limited Use and Retention:

Data must only be used for the intended purposes and securely destroyed when no longer needed.

Access:

Users must be allowed to review, update, and correct their personal data.

Restricted Disclosure:

Personal data should only be disclosed to external parties for explicitly stated purposes.   Data Security: Personal data must be protected from leakage, loss, or unauthorized access in compliance with regulations from the National Cybersecurity Authority.

Data Accuracy:

Ensure personal data is accurate, complete, and relevant to the stated purposes.  Monitoring and Compliance: Monitor compliance with privacy policies and address any related inquiries or complaints.

Third: Privacy Notice

The Center values your privacy and places user data confidentiality as a top priority. We are committed to protecting sensitive data and user rights. This notice is issued to clarify:  

Consent to the Privacy Notice:

By accepting this privacy notice, you agree to the terms and conditions applicable to all services, programs, and initiatives offered by the Center, including any future updates.  

Fourth: Data Collected

When you fill out a form, submit information via a browser, or contact us through phone, email, or social media, your data is stored on the Center’s servers.  Data collected and used includes:  Personal Data  Transaction Data: e.g., time of access, pages visited  Organization Data  We also collect data from third parties serving the Center and its users.

Fifth: Protection of Your Organization’s Data

Your organization’s data will only be accessed by Center employees who need it for analysis and development of the palm and dates sector. It may be shared with government entities when legally required or in the public interest, except for data protected by royal decree.  

Sixth: Protection of Your Personal Data

Your data will be stored and processed securely within the Kingdom to maintain national digital sovereignty. All servers are protected per the National Cybersecurity Authority’s guidelines.   Only authorized employees with a valid purpose will access your data. If necessary, your data may be shared with government agencies for the stated purposes in the "Why We Collect Your Personal Data" section. If any other use is intended, your prior consent will be obtained.   Data sharing will be protected by Non-Disclosure Agreements and secure transfer technologies.   No data will be exchanged, sold, or disclosed to any non-government party without your prior approval. Access is limited to qualified personnel.  

Seventh: Purpose of Data Collection and Use

Your data is collected and processed for the following purposes:

  1.   To fulfill service application requirements via the official website or platforms
  2.   Conduct surveys, interviews, and gather feedback
  3.   Send invitations to workshops, courses, and conferences
  4.   Promote investment opportunities, services, and initiatives
  5.   Handle inquiries or complaints to improve user experience
  6.   Comply with legal and regulatory requirements
  7.   Analyze data and generate internal reports (e.g., statistics)
  8.   Develop and enhance the palm and dates sector

 

 

 

Eighth: Your Rights Regarding Your Data

You have the following rights under the Personal Data Protection Law:  

  1. Right to Know: You must be informed of the legal basis or actual need for data collection and the intended purpose. 
  2. Right to Access: You may view, correct, complete, update, delete, or request a copy of your data.  

No changes will be made to data processing purposes without your consent, except in the following cases:

  •   It serves a clear interest for you and you cannot be contacted.
  •   Required by law or a previous agreement involving the user.
  •   Required by public authorities for legal or security purposes.
  •   Necessary to serve the legitimate interests of the data controller, provided it doesn't conflict with your rights and the data is not sensitive.

Ninth: Secure Data Transmission

We ensure the system meets the highest security standards. Sensitive information (e.g., credit card numbers) is encrypted, and data is handled according to legal requirements.

Tenth: Contacting the Center

If you have any questions about this privacy notice, need assistance, or want to file a complaint, please contact us:

  Tell-free number: 8003010055  

Email: info@ncpd.gov.sa

Service hours: Sunday to Thursday, from 8:00 AM to 4:00 PM