Privacy Policy

 

​​3.1.1 The Ministry is committed to implementing the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and amended by Royal Decree No. (M/148) dated 05/09/1444 AH and its implementing regulations. The Ministry undertakes to provide the necessary protection and management of all personal data you share with us, in compliance with the provisions of the Personal Data Protection Law. Please note that we use your personal data solely for the purposes of providing the Ministry's services and fulfilling our responsibilities and regulatory obligations.

3.1.2 This Privacy Policy applies to all visitors, users, and others who visit our website or use our smartphone applications.

3.1.3 The purpose of this Privacy Policy is to inform you of the following:

• The type of Information and data we may collect about you and the purpose of collecting it when you visit our website or use our smartphone applications.
• The mechanism followed by the Ministry for the use of personal data collected from you, and the entities with which such data may be shared.
• The rights guaranteed under the Personal Data Protection Law in relation to your personal data.
  

3.2.1 This policy was prepared based on the “Personal Data Protection Law" issued by Royal Decree No. (M/19) dated 2/9/1443 AH, amended by Royal Decree No. (M/148) dated 9/5/1444 AH and its implementing regulations.

3.2.2 Based on the Royal Decree No. 59766 dated 11/20/1439 AH, which stipulates the establishment of data offices in government entities, with the aim of developing the necessary policies and mechanisms for data governance, approving the standards and controls regulating it, and activating the role of data as a national asset that contributes to raising the level of performance, supporting decision-making, ensuring the protection of personal data, and compliance with relevant rules and regulations, the Royal Decree stipulates that these offices be linked to the primary official in the entity, in order to enhance the governance and oversight role of the National Data Management Office.

3.3.1 Please note that we collect data you use to access our services, whether by visiting our website or using our smartphone applications.

3.3.2 Data You Provide

We collect your data directly as a part of the process of providing our electronic services through our website and/or smartphone applications and/or current or future digital portals. This data includes the following:

• Account Data: Data collected to create your profile, which includes, but is not limited to: name, ID information, email address, and mobile number.
• Complaints and Inquiries Data: Data collected when submitting a complaint or inquiry, which includes, but is not limited to: name, ID information, email address, mobile number, passport number, job title, and Identification documents that may contain details of your personal data.
• Visitor and Applicant Verification Data: Data collected from individuals applying for visitor visas to the Kingdom, for business or tourism purposes, or to complete any other official transactions. This may include, but is not limited to: name, ID number, residence permit (Iqama) number, job title, nationality, mobile number, and email address.

3.3.3 Data Collected Automatically

We automatically collect certain non-personal data sent by your browser when you visit our website or use our smartphone applications. This includes, but is not limited to:

1. Location data: the live coordinates of your location if you use smartphone applications.
2. IP address: the protocol of the device from which you visit the website.

3.3.4 Social Media Applications and External Links.

Our website and/or smartphone application may contain direct links to social media platforms, including but not limited to X, Facebook, YouTube, and others, as well as external links to other websites. These third-party sites may collect information about you when providing you with their services, through cookies, or by using other tracking technologies. Your interactions with these sites and features may be subject to the privacy notices provided by the service providers.

3.4.1 The Ministry of Foreign Affairs generally collects personal information and data directly from you, which may be obtained through your interactions with the Ministry's website and/or our smartphone applications.

3.4.2   we collect personal data directly from you through the following:

• Website: The Ministry's portal offers a variety of electronic services that require us to collect personal data to provide the requested services.
• Email: We collect personal data sent to us via email to respond to your requests and provide you with assistance.
• Smartphone Applications: The Ministry's smartphone application offers a variety of electronic services that require us to collect your personal data.

3.4.3 We collect personal data from you indirectly through the following:

• Third parties: The Ministry may obtain your information and personal data from an external source, such as government entities or service providers.

3.5.1 The Ministry of Foreign Affairs uses your data, whether directly or indirectly, to fulfill its obligations and responsibilities as the entity responsible for the Kingdom's foreign affairs, including, but not limited to:

• Benefiting from the various electronic services available on the website and smartphone applications.
• Approving visa applications and visit requests to the Kingdom, and accessing electronic services provided to individuals in particular.
• Handling your complaints, which may require sharing your personal data with the Ministry's customer support teams.
• Responding to your inquiries and providing further assistance.
•  Providing you with details of visas and services offered by the Ministry upon providing us with your ID, residence permit (Iqama), or application reference number.
•  Conducting quality assurance and improving the services we provide.
• Authentication purposes when logging in via the Single Sign-On (NAFATH) through any of our digital channels.
  

3.6.1 We are committed to not sharing your information with any other entities or third parties for marketing purposes. If personal data is transferred to the Ministry's branches and representative offices abroad, the safeguards stipulated in the Regulations for Personal Data Transfer Outside the Kingdom will apply.

3.6.2 The Ministry reserves the right to disclose your personal data in the following cases:

• If you provide consent for the disclosure of your personal data by agreeing to use an electronic service.
• If your Personal data has been collected from a publicly available source.
• If the disclosure is requested from a public entity for security purposes, to implement the provisions of another law, or to fulfill any judicial or regulatory requirements in accordance with the provisions stipulated in the laws and regulations in the Kingdom.
• If the disclosure is necessary to safeguard the public interest and safety, or to protect the lives of specific individuals.
• The disclosure will only involve subsequent personal data processing that does not result in the identification of the personal data subject or any other individual in particular.
  

3.7.1 In accordance with the Personal Data Protection Law and its implementing regulations, the legal basis on which we rely to process this data is:

3.7.2 Your explicit consent: which you provide, to process your personal data for a specific purpose that we communicate to you.

3.7.3 We may process your personal data without obtaining your consent in the following cases:

• If it is in your best interest and there is difficulty in communicating with you, or there is no response to communications received from us.
• Processing data based on your initial consent, or if the processing is consistent with the provisions of other laws.
• Processing data required for judicial and/or security purposes by public entities.
• Compliance with legal obligation: Complying with regulations and royal decrees that apply to the Ministry.
• Protecting vital interests: We may process your personal data to protect the vital interests of individuals in emergencies related to life, health, or public safety.
• Achieving the public interest: We may process your personal data to achieve public interest objectives or in response to an official request from public entities, in accordance to laws and regulations.
• Achieving Legitimate Interests: We process your personal data based on the Ministry of Foreign Affairs' legitimate interest in improving its services, provided that these interests do not override your legitimate rights.
  

3.8.1 Given the Ministry's recognition of the importance of storing your personal data on its systems, it works to protect this data and securely delete it when it is no longer needed.

3.8.2 Personal data collected from the website and/or smartphone applications is stored on servers located in the Kingdom. It is subject to appropriate security technologies in accordance with the regulations issued by the National Cybersecurity Authority to protect and preserve the data.

3.8.3 The Ministry destroys personal data immediately after the purpose for which it was collected has ended, using secure methods and technologies.

3.8.4 It may be necessary to retain your personal data even after the purpose for which it was collected has ended in the following cases:

• If there is a legal justification for our retention for a specific period under the laws or regulations in the Kingdom, or for security reasons.
• If the personal data is closely related to a case filed with judicial authorities, and it is necessary to retain it for this purpose.
• If all elements that lead to the identification of the personal data subject are concealed or encoded.

3.9.1 The Ministry is committed to collecting the personal data necessary to provide its services and ensure efficient and quality performance. Providing the required personal data is mandatory to complete the services and procedures provided by the Ministry. Failure to provide it constitutes an obstacle to completing requests or obtaining services. The potential consequences and risks of failing to complete the personal data collection procedure include the following:

• Inability to process the request or implement the service.
• Inability to contact the user to update the status or respond to their inquiries.
• Cancellation or rejection of the request if the required information is not provided or if incomplete information is provided.
• Delay in implementing procedures due to incomplete information
  
   
• Restricting access to some digital services that require authentication using personal data

3.10.1 The Ministry makes every effort to provide high-quality services to all users, ensuring their rights under the provisions of the Personal Data Protection Law and related laws and regulations, as follows:

• The right to be informed: You have the right to be informed about the process of collecting and using your personal data, including the purposes for which your data is processed, the retention periods for such data, and the parties with whom the data will be shared. You can access these details by reviewing the Privacy Policy, completing the Personal Data Subject Rights Form, or emailing DPO@Mofa.gov.sa.​
  
• The right to access your personal data: You have the right to access your personal data held by the Ministry of Foreign Affairs and obtain a copy of it or transfer it to another party. To exercise this right, please complete the Personal Data Subject Rights Form on the Ministry's website or contact us via email at DPO@Mofa.gov.sa. Your request will be reviewed within 30 days, and you will be notified via email.
  
• The right to request access to your personal data: You have the right to request access to the personal data at the Ministry of Foreign Affairs in a legible and clear format. To exercise this right, please visit the Ministry's website or contact us via email at DPO@Mofa.gov.sa. Your request will be reviewed within 30 days and you will receive a response via email.
  
• The right to correct your personal data: You have the right to submit a request to the Ministry of Foreign Affairs to correct your personal data that may be inaccurate, incorrect, or incomplete. To exercise this right, please complete the Personal Data Subject Rights Form or contact us via email at DPO@Mofa.gov.sa. Your request will be reviewed within 30 days and you will receive a response via email.

3.10.2 The right to destroy your personal data: You have the right to submit a request to the Ministry of Foreign Affairs to destroy your personal data in the following cases:

• If you believe the purpose for which the data was collected has been fulfilled and it is no longer needed.
• If you have a legitimate objection to our use of your personal data, for example:
• If our use of your personal data conflicts with the provisions of the Law or other relevant regulations.
• Withdrawing your consent to the collection and processing of your personal data.

3.10.3 To exercise this right, please complete the Personal Data Subject Rights Form or contact us via email at DPO@Mofa.gov.sa. Your request will be reviewed within 30 days and you will receive a response via email.

3.10.4 Please note that the Ministry may retain certain records when necessary to fulfill its duties as a sovereign and regulatory body. This retention is necessary to comply with regulatory and legislative obligations in the Kingdom.

3.10.5 The right to withdraw your consent to the processing of your personal data: You have the right to withdraw your consent to the processing of your personal data at any time, unless there are legal grounds preventing it. To exercise this right, please complete the Data Subject Rights Form or contact us via email at DMO@Mofa.gov.sa

3.10.6 The Ministry respects the rights of individuals regarding their personal data, with some exceptions stipulated in the Personal Data Protection Law, which are as follows:

• Compliance with legislative and regulatory requirements.
• Security or judicial reasons.
• If access to this data may lead to the following:
• Threatening the security of the Kingdom, damaging its reputation, and conflicting with its interests.
• Impacting the Kingdom's relations with other countries.
• Preventing the detection of a crime and interfering with ongoing investigations by security authorities.
• Protecting the personal data subject or others.
• Putting the safety of individuals at risk.
• Violating the privacy of an individual other than the personal data subject.
• Conflicting with the interests of others.

3.10.7 For more details on how your personal data is processed and how to exercise your rights, you can contact the Ministry's Personal Data Protection Officer via email at DMO@Mofa.gov.sa.

3.11.1 Users can exercise their rights by completing the Personal Data Subject Form​ or contacting the Personal Data Protection Officer at the Ministry of Foreign Affairs' Data Management Office via email

3.11.2 Except as provided by Law, you will not be required to pay any fees to exercise these rights. If you submit a request to exercise one of these rights, a response will be sent to you within 30 days of receiving the complete request.

3.12.1 If you have any complaints, inquiries, or concerns regarding the Privacy Policy, how personal data is handled, or the Ministry of Foreign Affairs' failure to comply with the provisions of the Personal Data Protection Law, you can contact our Data Protection Officer via email

3.12.2 We will cooperate with you to address any questions or concerns you may have regarding the collection and processing of your personal data.

3.12.3 If you are not satisfied with the handling of your complaint or if there is no response within 30 business days, you may submit your complaint to the competent authority (Saudi Data and Artificial Intelligence Authority), according to the mechanisms and channels of the competent authority:

3.12.4 Saudi Data and Artificial Intelligence Authority (www.sdaia.gov.sa)

3.12.5 National Data Governance Platform (www.dgp.sdaia.gov.sa)

3.13.1 The Ministry of Foreign Affairs website reserves the right to add or change any provisions of the Privacy Policy. It will notify data subjects of any update to this policy. It may terminate a data subject's account if they do not accept any change to the Privacy Policy.

3.13.2 The Policy is reviewed and updated annually or when a significant change occurs to ensure its suitability, adequacy, and effectiveness. Changes are tracked in the Change Log section.​