Introduction
Ministry of Foreign Affairs is primarily responsible for the foreign diplomatic relations of the Kingdom of Saudi Arabia, to achieve and protect national interests. It also enhances the Kingdom's role in establishing security, stability and prosperity in the region and the world.
Believing in the importance of personal data and its confidentiality, this policy was prepared to support the beneficiary to understand the nature of data that we collect by accessing the Ministry's website or by digital services provided by the Ministry.
Under the Personal Data Protection Law, personal data is collected and processed based on the explicit consent of the data subject (user). This consent is obtained when providing services or registering on the website, and if there is a need to change the purpose of processing personal data, the user will be clearly informed to obtain new consent.
Ministry of Foreign Affairs is committed to maintain the confidentiality of personal data to ensure and preserve the rights of data owners. The Ministry complies with the national data governance policies, issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), and key legislation to protect rights and privacy of individuals regarding their personal data, which subject to Personal Data Protection System and its executive regulations.
Item 1: Privacy Policy Ownership.
The Data Management Office maintains ownership of this Privacy Policy and issues updated versions.
- This policy was created on January 22, 2024
-
This policy was last updated on October 10, 2024
Item
2: personal data that will be collected and processed
Personal data collected and processed based on the services provided by the Ministry. The following categories of personal data are usually processed:
Type of Data | Details
|
Personal Data | Name, Nationality, Photo, Gender, Date and Place of Birth |
Contact Information | Email Address, Residential Address (National Address) or Work Address, Contact Phone Number |
Identity Data | National ID Number, Iqama Number , and any other similar documents |
Financial Data | Applicant's Credit Card Details [not saved in the system, sent directly to the payment service provider]
Voucher Number [if applicant chooses to pay by voucher] |
Passport Data | Passport Number, Passport Expiry Date , Applicant's Passport Details (copy of passport) |
Correspondence | Data that you provide to us by filling in any of our forms or by contacting us, whether face to face, by telephone, email, online or otherwise. |
Technical Data | Cookies: Information sent by the browser that the user used when visiting the website, which is stored on the user's device. It aims to collect statistics about the user's visit to the Ministry's website based on the Internet Protocol (IP) address on the personal device. This data is used to improve the user's experience in using the website.
Examples of such information that the browser automatically collects: IP address, time of access to the website, pages you visited. |
Health Data | Some services on the Ministry's website may require health data (medical reports of applicants). |
Item
3: Methods of collecting your personal data
Collecting and processing your personal data is necessary to provide the highest level of service, as the Ministry collects and processes some personal data, which is obtained directly or indirectly, for example but not limited to:
1. Data provided by the user
- The data required during registration on the website, services, and applications associated with the ministry or provided to the ministry when creating a user profile, include but are not limited to personal data, contact information, financial data, health data, or when filling out electronic or paper forms.
- Data exchanged through the Ministry's communication with website users and service beneficiaries, such as requests submitted for customer support services, inquiries, notes, and complaints received from you.
2. Data collected automatically:
- Technical data: including your Internet Protocol address, which is the IP address used to connect your personal computer to the Internet, geographic location, and cookies.
- The Ministry's website may include external links of other websites, and these links may collect data about users by providing them with its services or cookie settings. The user's interaction with those sites is subject to the privacy policy provided by those providers.
- Data provided to us through government integration platforms with government agencies for the purposes of data integration and sharing in accordance with the data sharing policy issued by the Saudi Data and Artificial Intelligence Authority (SDAIA).
Item
4: The purpose of collecting and processing personal data
The Ministry of Foreign Affairs seeks to improve the level of performance of its services provided to beneficiaries by collecting and processing personal data directly or indirectly for the following purposes:
- Enabling and providing the services of the Ministry of Foreign Affairs and meeting its requirements.
- Preparing, issuing and updating policies that serve the Ministry of Foreign Affairs.
- Completing the data required to apply for a job or training.
- Sending invitations to participate in workshops, courses and conferences.
- Processing your visa application and sending you notifications related to your visa application via email.
- When a medical report is needed to prove the applicant's exceptional situation.
- Responding to inquiries from beneficiaries of the Ministry's services.
- Raising and developing the level of service performance, improving the beneficiary's experience, and ensuring the continuity of providing services with the required quality.
- Authenticating the user's identity when registering for the Ministry's various services.
- Meeting certain legal and regulatory requirements.
- Monitoring and detecting violations of the Terms of Use as well as other potential misuse when using the site or one of its services.
- Analyzing data, preparing statistics, and issuing internal reports.
- Maintaining improved site performance and services provided, and the security of its software, systems, and network.
- Spreading awareness campaigns about the Ministry or its programs.
Item
5: Use of your personal data
In accordance with the laws and regulations for personal data protection, we have the right to keep any of your personal data and use it to contact you through any of the regular means of communication. We at the Ministry can work to hide your identity by taking updated organizational and technical measures, to avoid any risks to your personal data. We also confirm that we are in The Ministry are keen on the systematic and optimal use of your personal data as it is used to complete the registration process and improve the beneficiary's experience.
The Ministry of Foreign Affairs also applies dedicated measures to comply with the personal data protection system and its regulations, provided that, these measures contribute to the application of the main principles of data protection, which are:
- To be used in a systematic, fair and transparent manner.
- It should be limited to the specific purpose of its collection and to the minimum amount of data.
- To be constantly updated, to verify its quality and integrity.
- It should be kept when necessary, and destroyed as soon as its purpose no longer exists.
- It should be kept secure and private.
Item
6: Disclosure of Personal Data
The Ministry is committed to not disclosing user data to other parties, with the exception of the cases mentioned in Article Fifteen of the Personal Data Protection System and adherence to what is stated in Article Sixteen of the System, while emphasizing the adoption of all organizational, administrative and technical measures and controls in accordance with what is stated in Article Nineteen of the System, in addition to the possibility of processing personal data if it does not include what indicates the identity of its owner and his identity is hidden in accordance with what is stipulated in Article (Nine) of the Executive Regulations of the System.
Item 7: The regulatory basis for processing your personal dataIn accordance with the Personal Data Protection Law and its implementing regulations and the Personal Data Protection Policy issued by the National Data Management Office, where the content of personal data collected and processed must be limited to the minimum necessary and closely and directly related to the purpose of collecting and processing this data, and the content must be appropriate, and the methods and means of collecting personal data must be clear, direct and free from deception, manipulation or misleading methods, the regulatory basis on which we rely to process this data is:
- The explicit consent that the user provides us with in order to collect and process his personal data by agreeing to the privacy policy.
- Responding to an official request from a government entity in accordance with its powers stipulated in the national laws and regulations.
- Achieving a legitimate interest to improve our services unless this violates the rights of the personal data owner or conflicts with his interests, and that data is not sensitive data.
- Preserving vital interests of the personal data owner or protecting him from any harm.
- Achieving public interest by trying to develop and improve joint government procedures. The determinants and controls for this purpose shall be the laws and regulations.
Item
8: Storage and Disposal of Personal Data
Your personal data will be retained for the specified period for which the purpose for which the data was collected exists, and when the purpose of the personal data ends or upon your request, it will be deleted immediately in a secure manner that ensures that it cannot be retrieved again, taking into account other legal, regulatory, or other requirements in force in the Kingdom of Saudi Arabia, without prejudice to the exceptions contained in Article Eighteen of the Personal Data Protection Law.
The ministry ensures the destruction of personal data once the purpose for processing it has been fulfilled or upon the request of the data subject, using methods that guarantee the complete and secure destruction of the data. This is achieved through secure deletion techniques utilizing approved software that prevents data recovery, as well as physical shredding of documents using specially designed tools. The data destruction process will be documented in dedicated records to ensure transparency and compliance with regulations.
In accordance with the general rules for transferring personal data beyond geographical borders, which set the rules and standards for transferring personal data outside the Kingdom's geographical borders, your personal data will be stored and processed in a secure manner within Saudi Arabia's geographical borders. Moreover, your personal data will be protected by the best technology in line with the policies and controls of the National Cybersecurity Authority and international standards to ensure unauthorized access is not permitted and reduce cybersecurity risk, in order to ensure the preservation of digital national sovereignty of such data. An exception to this is the cases stipulated in the article (29) of the Personal Data Protection Law when there is a need to transfer or process data outside the Kingdom's geographical borders. Your personal data may be stored on advanced and reliable cloud storage platforms used by the Ministry of Foreign Affairs to ensure secure management and easy access to data. These platforms adhere to the highest security standards and apply advanced data protection technologies in compliance with relevant laws and regulations to ensure data confidentiality and privacy.
The Ministry of Foreign Affairs protects personal data when it is transferred outside the Kingdom for any regulatory purpose, such as serving the Kingdom's interests, implementing an obligation under an agreement to which the Kingdom is a party, or implementing other regulatory or judicial purposes. There should be an appropriate level of protection for personal data available outside the Kingdom. The transfer or disclosure is limited to the minimum amount of personal data that is needed. There are exceptions to the terms of data transfer or disclosure within the absolutely necessary cases that are related to the life of the data subject or his vital interests and what is related to that.
In the absence of an accreditation decision (an inappropriate or insufficient level of protection for personal data outside the Kingdom) or an international agreement, the data is transferred in accordance with the guarantees specified by the laws and regulations, which are:
- Binding Joint Rules: Include the issues approved by the regulation on transferring personal data outside the geographical borders of the Kingdom of Saudi Arabia.
- Standard contractual items guarantee adequate protection of personal data.
- Certificates of compliance with the law and regulations in the Kingdom are issued by an entity approved by the competent authority.
- Binding codes of conduct
- Binding agreements between public sectors.
Item 9: Mandatory Collection of Personal Data and Potential Risks of Incomplete Data Collection
The ministry is committed to collecting the personal data necessary to provide its services and ensure efficient and high-quality performance. The provision of the required personal data is mandatory to complete the services and procedures provided by the ministry. Failure to provide such data will hinder the completion of requests or access to services. The potential impacts and risks associated with not completing the data collection process include the following:
- Inability to process the request or execute the service.
- Inability to communicate with the user to update the status or respond to inquiries.
- Cancellation or rejection of the request if the required data is not provided or if incomplete data is submitted.
- Delays in processing procedures due to missing necessary data.
- Restricted access to certain digital services that require authentication using personal data.
Item
10: Your rights regarding the processing of your personal data
The Ministry of Foreign Affairs places the protection of personal data of beneficiaries of its services at the top of its list of priorities. It makes every effort to provide high-quality service to beneficiaries. Beneficiaries have the following rights:
- The right to be informed, including being informed of the legal basis or actual need for collecting your personal data, the purpose of that, and that your data will not be processed later in a manner that is inconsistent with the purpose of its collection or in circumstances other than those stipulated in the laws, regulations, decisions and policies in force in the Kingdom.
- The right to request access to personal data: The owner of personal data has the right to access his data by submitting a request to access it, and he has the right to obtain a copy of the data in a readable and clear format and without financial compensation, in accordance with the Personal Data Protection Law and its implementing regulations.
- The right to correct personal data: The owner of personal data has the right to request the correction, completion or modification of his data, and he has the right to restrict the processing of his data for a period during which the accuracy of the data can be verified, provided that the restriction request does not conflict with the laws and regulations.
- Right to destroy personal data: The data subject has the right to request the destruction of his data in specific circumstances if there are no legal or contractual requirements that require otherwise... without prejudice to the provisions of Article Eighteen of the System.
- The right to withdraw your consent to the processing of your personal data The personal data subject has the right to withdraw consent - at any time - unless there are regulatory or judicial requirements that require otherwise in accordance with the Personal Data Protection System and its implementing regulations and in accordance with the policies and regulations of the Ministry.
We would like to note that some or all of these rights may be subject to certain exceptions and exemptions specified by the system, and they will be evaluated on a case-by-case basis to ensure their compliance with those exceptions, and this policy specifies how to exercise those regulatory rights of the data subject.
The personal data subject can submit a request to exercise his rights by filling out
the personal data subject request form.
Item
11: Complaints, inquiries and communication
In case you have some complaints or inquiries related to the Privacy Policy, you can contact us via email to the Data Management Office at the Ministry of Foreign Affairs.
- Email: [PMO@mofa.gov.sa]
- Address: Riyadh, Al-Namouthajiyah District, King Fahd Branch Road, P.O. Box: 55937, Postal Code: 11544
- Phone number: 0114067777-4621-4766