Privacy Statement

The National Cybersecurity Authority (NCA) was established under Royal Decree No. (55775) dated 1/12/1438H, with its regulation issued by Royal Decree No. (6801) dated 11/02/1439H and amended by Royal Decree No. (7053) dated 02/02/1443H. 
NCA is committed to respecting user data and information and is obliged to maintain the confidentiality and privacy of personal data as per relevant regulations. To this end, a privacy policy has been prepared to understand how personal data is collected, its purpose, methods of sharing, exchanging, and storing it, and the rights of Data subject.Using the Authority’s website constitutes user consent to the privacy policy as per the regulatory requirements under the personal data protection laws and its regulations.

 

1.    Personal Data Collected and Its Purpose

The Authority collects only necessary personal data, including the user's full name, email address, and contact number (to manage any inquiries, suggestions, complaints, or to respond to surveys).

2.    Methods of Collecting Personal Data

Personal data is collected and obtained both directly and indirectly through different methods as the following:
A.    Direct methods to obtain personal data: Data provided by the data subject to the site.
B.    Indirect methods to obtain personal data: Data from cookies collected when visiting the Authority’s website.

 

3.    Data Sharing/ Data Exchange

The Authority is committed to maintain the privacy of personal data and not disclosing it following the data sharing controls approved by regulatory bodies. NCA complies with the provisions of data confidentiality and non-disclosure as per the personal data protection law and its regulations.

4.    Storing and Destroying Personal Data

Personal data is securely stored within the Kingdom of Saudi Arabia’s geographical boundaries to ensure the preservation of the nation’s digital sovereignty over this data. The Authority adheres to the highest standards and practices to ensure the security and protection of data. It also adheres to national regulations and instructions related to destroying personal data and disposing of it once the purpose of its collection is fulfilled or archiving it securely to prevent misuse or unauthorized access.

5.    Data Subject Rights

Under the personal data protection law, issued by Royal Decree No. (M/19) of 9/2/1443H, amended by Royal Decree No. (M/148) of 05/09/1444H, and its regulation, users have the following rights, dependent on the purpose for which data is collected and processed:
•    The right to be informed: The data subject has the right to know the methods of data collection, the legal basis for its collection and processing, the purpose of collection, how it is processed, stored, and destroyed, and with whom it will be shared. Full details can be accessed through this privacy policy.
•    The right to access personal data and request a copy: The personal data subject has the right to access their data and request a copy, which will be provided at no cost via the designated email. The Authority may restrict this right under conditions defined by the personal data protection law and its regulations.
•    The right to rectify personal data: The subject has the right to request the correction of their data if it is inaccurate, incorrect, or incomplete via the email below. The data will be reviewed and updated, and the data subject will be notified. The Authority may request supporting documents and evidence for the correction request whenever necessary to correct, update, or complete data, and these documents will be destroyed after the verification process.
•    The right to destroy personal data: Under certain circumstances, the data subject has the right to request the destruction of their data unless there is a legal provision specifying a certain retention period or contractual requirements.
•    The right to withdraw consent to process personal data: The data subject can withdraw consent to process their data at any time unless there are legitimate purposes requiring otherwise.

The data subject has the right to exercise their statutory rights according to applicable laws and regulations by communicating via the following mail:
 info@nca.gov.sa. 

 

6.    Privacy Policy Updates:

•    The Authority reserves the right to add or change any policy provisions as necessary.
•    The Arabic language is the official language used in the application of terms and conditions, and it shall prevail in the event of a discrepancy between the Arabic and English texts.