Unified National Platform (GOV.SA) is aware of the importance of your privacy and data; therefore, We commit to keeping all critical information and data confidential of all visitors. We've, carefully, build up our policy to illustrate the following:
Users Data Collection
Once you visit GOV.SA, our servers automatically gather your IP address (The IP address is the number associated with your computer, and it allows other computers connected to the Internet to identify the source of data, in addition to collecting information about the user's browser and search engine, and the date and time of visiting the URL that transfer the user to GOV.SA, but without identifying the user.)
Links to Other Websites and Online Third Parties
Types of Collected Data
We may save Cookie Files on your computer when you first visit our Platform. Cookie files are a kind of data that helps specify you as a user. It can be used to enhance your use of the platform and to better understand your need.
The Unified National Platform (Gov.sa) retrieves your information of the national ID, job and education, and other information available on the Government Service Bus (GSB). Gov.sa platform and its application do not store such information.
GOV.SA commit to the main principles and general rules of the protecting of personal data, in addition to the main principles and general rules of data sharing.
Gov.sa may ask the users to identify their location in order to benefit from the provided service on its platform and application.
The Purpose of Collecting Data
Using the IP address helps us solve any problems arising on our servers, including statistics about the utilization of the Platform (such as number of visitors, the language of the computer used, etc.). We never permit any party, other than the technical team of the GOV.SA Platform, to know your IP address.
Secure Information Transmission
We assure all users that this Platform relies on the highest security standards to protect their information. We work diligently on encrypting information regarded as sensitive (i.e. credit card information), in addition to any data that should be kept confidential, pursuant to legal requirements.
Protecting Personal Information
Your information may be made available to government officials, in the exceptional circumstances that this need should arise, however, It will never be made available to the public without your prior consent. Additionally, this information will not be circulated, exchanged or sold to any party without your prior consent. Our technical staff is only permitted to handle this information to provide such services of GOV.SA Platform as are consistent with your needs. There is Freedom of Information and Protection of Private Data Law under review by the Advisory Shura Council.
Any user, who has previously provided us with personal information, has the full right to:
- Access to the information.
- Obtain the information.
- Correct or modify the information.
- withdraw the agreement and delete the information.
- Working hours: 24/7
- Response time: 24 hours
The Main Principles of Personal Information Protection
— First: Responsibility
That the privacy policies and procedures of the control authority are defined, documented, and approved by the entity’s primary administrator (or whoever he delegates), and published to all parties concerned with their application.
— Second: Transparency
That a notification about the policies and procedures related to the control authority is prepared to indicate the purposes of processing the personal information in a specific, clear and explicit manner.
— Third: Choice and Consent
That all possible options are determined for the owner of the personal information, and obtain his consent (implicit or explicit) regarding the collection, use or disclosure of his data.
— Fourth: Limit Data Collection
That the collection of personal data be limited to the minimum amount of data that fulfil the purposes specified in the privacy notice.
— Fifth: Limit Data Use, Retention, and Disposal
That the processing of personal data be restricted to the purposes specified in the privacy notice for which the data subject gave his implicit or explicit consent, and to keep it as long as necessary to fulfil the specified purposes or as required by the laws, regulations and policies in force in the Kingdom, and to destroy them in a safe manner that prevents leakage or loss, misappropriation, misuse, or unauthorized access of a system.
— Sixth: Access to the Data
That the means by which the data owner can access his personal data for review, update and correction are identified and provided.
— The seventh: limiting Data Disclosure
That the disclosure of personal data to external parties is restricted to the purposes specified in the privacy notice for which the data subject gave his implicit or explicit consent.
— Eighth: Data Security
Personal data shall be protected from leakage, damage, loss, theft, misuse, modification, or unauthorized access – according to the controls issued by the National Cybersecurity Authority and the relevant authorities.
— Ninth: Data Quality
Personal data shall be maintained after verification of its accuracy, completeness and timeliness, and such data shall be directly relevant to purposes provided for in Privacy Notice.
— Tenth: Monitoring and Compliance
Compliance with Data Controller's privacy policies and procedures shall be monitored, and any privacy-related inquires, complaints, and disputes shall be addressed.
Key Principles and General Rules for Data Sharing
- We provide publishable data from its correct sources and guarantee that it is not duplicated or conflicts with any other data.
- We provide data for justified practical purposes aimed at achieving public interests without causing any harm to the activities of entities, the privacy of individuals, or the safety of the environment.
- Access to data by properly qualified and trained persons.
- All information necessary to exchange data is shared, including the required data, purpose of its collection, means of transport, methods of preservation, controls used to protect it, and the mechanism of disposal.
- The security controls stipulated in the data sharing agreement are applied.
- Appropriate security controls are implemented to protect data and share the same in a safe and reliable environment in accordance with relevant regulations and legislation.
- Ethical practices are applied during the data sharing process to ensure that it is used within the framework of fairness, integrity, honesty and respect.