Table of Contents
Article One: Introduction. 4
Article Two: Entity Information. 4
Article Three: Contact Information. 4
Article Four: Privacy Policy Updates. 4
Article Five: Personal Data Collected. 5
Article Six: Data Collection Methods. 8
Article Seven: Use of Personal Data. 9
Article Eight: Disclosure of Information. 10
Article Nine: Legal Basis for Collecting and Processing Personal Data. 11
Article Ten: Storage and Destruction of Personal Data. 11
Article Eleven: Rights of the Personal Data Owner. 12
Article Twelve: Sharing/Exchange of Personal Data. 13
Article Thirteen: External Links. 13
Article Fourteen: Exercising the Rights of the Personal Data Owner. 13
Article Fifteen: Personal Data Protection Officer. 13
Article Sixteen: Complaints and Inquiries. 14
University Address. 14
Article One: Introduction.
The Data Management Office at Shaqra University has developed this Privacy Policy to define how personal data of beneficiaries is collected, used, and protected, ensuring transparency and compliance with regulatory standards and legislation in the Kingdom of Saudi Arabia. The policy contributes to building trust by clarifying the rights and options available to beneficiaries regarding their information that is collected, processed, used, retained, and shared. It also defines the procedures to be followed to ensure data security and protection from potential risks.
In keeping with Shaqra University's commitment to the privacy of beneficiaries' data and information, the University is committed to maintaining the confidentiality and privacy of this data and using it to reach the desired level in providing the necessary service to the beneficiary in accordance with the applicable terms and conditions, in addition to the Personal Data Protection Law applicable in the Kingdom of Saudi Arabia. Use of the University's website and its digital platforms constitutes the beneficiary's consent to the user privacy policy.
Article Two: Entity Information.
Shaqra University is a Saudi government university located in Shaqra Governorate, Kingdom of Saudi Arabia, under the supervision of the Ministry of Education. It was established by Royal Decree No. (7305/M B), dated 3/9/1430 AH. It aims to provide higher education and scientific research in a variety of academic disciplines. The University includes multiple colleges such as the College of Science, the College of Engineering, the College of Business Administration, and other colleges that offer undergraduate and graduate programs.
Article Three: Contact Information.
The University's Data Management Office and its staff (Chief Data Officer, and Personal Data Protection Officer) can be contacted via:
Email: dmo@su.edu.sa
Phone: 011 46788550
Article Four: Privacy Policy Updates.
The last update to the Privacy Policy was made on 2025/01/30.
The beneficiary entity reserves the right to add or change any of the provisions of the Privacy Policy. The service provider will notify the data owner of such changes, and the service provider has the right to terminate the data owner's account if the data owner does not accept any change to the Privacy Policy.
The Arabic language is the language adopted in the application of the terms and conditions. In the event of a dispute regarding the interpretation of any text in any other language, the text written in Arabic shall prevail.
Article Five: Personal Data Collected.
Data Type | Examples | Collection Status | Reason for Collection | Collection Method |
Basic Data for Creating a User Account | Full Name: The beneficiary's name as it appears in official documents in both Arabic and English. | Mandatory | To document the personal identity of individuals, which helps in managing academic and administrative files in an organized manner. To manage performance and evaluate staff, which helps improve the quality of education and administration. To ensure compliance with legal and regulatory requirements related to employees and students, such as security, employment, and education regulations. For planning, development, and improving the work environment. | Directly |
Date of Birth: The day, month, and year the person was born. | Mandatory | |||
Gender: Male or female. | Mandatory | |||
Religion: The religious belief held by the person. | Mandatory | |||
Place of Birth: The country and city in which the individual was born. | Mandatory | |||
Nationality: The nationality held by the individual according to official documents. | Mandatory | |||
Personal Identification Data | National ID or Passport Number: The unique identification number issued to individuals. | Mandatory | To document the personal identity of individuals, which helps in managing academic and administrative files in an organized manner. To manage performance and evaluate staff, which helps improve the quality of education and administration. To ensure compliance with legal and regulatory requirements related to employees and students, such as security, employment, and education regulations. For planning, development, and improving the work environment. | Directly |
Social Security Number: A number used for insurance and retirement purposes. | Non-mandatory | |||
Employee Number: The number granted to the employee by the employer. | Mandatory | |||
Job Title: The title of the position held by the employee. | Mandatory | |||
Contact Data | Phone Number: Whether local or international. | Mandatory | For communication purposes, as the data helps facilitate communication between the University and individuals, whether via email, text messages, or any other means of communication. | Directly |
Email: The person's email address. | Non-mandatory | |||
Financial Data | Bank Account Number, Bank Name. | Mandatory | For payment processing purposes. | Directly |
Salary and Income Information: Data on the individual's financial income. | Mandatory | |||
Professional and Educational Data | Current Job: Job title and place of work. | Mandatory | Human resources management, as the collection of professional data has helped organize and manage human resources effectively. Performance planning and development, and developing training and professional development strategies. Identifying and distributing roles and responsibilities. Workforce planning by analyzing the University's needs, recruitment, and identifying required specializations and skills. Providing professional support and development commensurate with individuals' professional background and experience. | Directly |
Curriculum Vitae: Details of professional and educational history. | Mandatory | |||
Academic Certificates: Degrees and academic certifications obtained by the person. | Mandatory | |||
Family and Social Data | Family Details: Information about relatives and individuals associated with the person. | Non-mandatory | To meet legal and regulatory requirements. Emergency and crisis management. | Directly |
Marital Status: Information about marital status and marriage. | Non-mandatory | |||
Geographic Data | Residential Area: The geographic area that includes the city or neighborhood where the person resides. | Mandatory | To meet legal and regulatory requirements. | Directly |
Geographic Location: City, neighborhood, street, building number, postal code. | ||||
Digital and Behavioral Data | Internet Protocol Address (IP): The digital address of the user's device on the internet. | Mandatory | Used to enhance the user's familiarity with electronic platforms and understand their needs. To meet legal and regulatory requirements. | Indirectly / Directly |
Browsing History: Websites visited by the beneficiary and activity log. | Non-mandatory | |||
Cookies: Pieces of data that uniquely identify the beneficiary. | Non-mandatory | |||
Application-Generated Data: Such as usage information and activities within applications. | Non-mandatory | |||
Social Media Account Identifier, Account Link. | Mandatory | |||
Health Data | Medical Examination Forms. | Mandatory | To verify health fitness. To organize administrative work. To comply with regulatory requirements. To keep a record of leaves for administrative and legal purposes. | Directly |
Sick Leave Forms. | ||||
Disability or Special Needs Reports. | ||||
Blood Type. | ||||
Biometric Data | Fingerprints: Fingerprint data. | Mandatory | Security and identity verification. Improving access to services. Speeding up registration and entry procedures. For the purpose of registering for government services. | Directly |
Article Six: Data Collection Methods.
The data provided to the platforms by the personal data owner is collected directly or indirectly, using various methods including:
1. Directly, for example through services: when registering with the University's official channels, including mobile applications or the University's electronic platforms, or by contacting the University through customer service channels, or through opinion surveys (electronic forms that include blank fields, dropdown lists, radio buttons, etc.).
2. Indirectly, such as data provided to us by other parties or through cookies collected when visiting the website (Cookies), or through website analytics, or through linkage and integration with other government entities.
Article Seven: Use of Personal Data.
Purposes of using personal data at the University:
- Completing the evaluation process.
- Improving the beneficiary's experience.
- Completing the registration and verification process.
- Evaluating the level of services and others.
- Completing planning and development processes.
- Implementing legal and regulatory requirements.
- Completing the service delivery or fulfilling the request.
Use cases at the University are as follows:
- Registering and managing beneficiaries: Personal data is used to register students in academic programs, create their academic files, and manage their academic records, including information about courses and grades. Personal data of employees and faculty members is also used to create their academic and administrative files, including their academic, financial, and employment data.
- Providing academic and administrative support: Personal data helps customize academic services and manage administrative services such as scholarship and financial aid applications.
- Managing employees and faculty members: Personal data is used to manage the files of employees and faculty members, including hiring, salaries, evaluations, training, and development.
- Internal communication: Personal data is used to facilitate communication between students, faculty members, and University administration, through email, text messages, and other electronic systems.
- Planning programs and activities: Personal data helps in planning and organizing academic programs, student activities, and University events in a manner consistent with the needs and preferences of individuals.
- Performance analysis and strategy development: Personal data is used to analyze the performance of students, faculty members, and employees, which helps improve the quality of education and services provided and develop academic and administrative strategies.
- Emergency and crisis management: In emergencies or crises, personal data is used to identify affected individuals and provide appropriate support, whether in health situations or security crises.
- Handling legal and regulatory requirements: Laws and regulations may require the collection and use of personal data to ensure compliance with academic and administrative registration and documentation requirements.
- Facilities and resource management: Personal data is used to manage access to University facilities, including libraries, laboratories, and electronic systems, and to allocate resources effectively.
- Issuing certificates and documents: Personal data is used to issue academic certificates, official documents, and prepare student reports for graduates or employees after the end of their contracts or service periods, or for external entities.
Article Eight: Disclosure of Information.
Beneficiary data may be made available to authorized persons at the University or legislative authorities in the Kingdom of Saudi Arabia in accordance with the requirements of the law in exceptional circumstances where such need arises. However, it will never be made available to the public without the prior consent of the beneficiary.
Personal data will not be disclosed except in the following cases:
- If the beneficiary consents to its disclosure in accordance with the provisions of the law.
- If the personal data was collected from a publicly available source.
- If the entity requesting disclosure of the data is a public entity, or for security purposes, or to adopt another system, or to meet judicial requirements in accordance with the provisions specified by the regulations.
- If disclosure is necessary to protect the public interest, public safety, or the life or interests of a specific individual or specific individuals.
- If disclosure is limited to processing data in a manner that does not lead to specifically identifying the personal data owner or any other individual. It will not be circulated, exchanged, or sold to any third party without the prior consent of the user.
The University will not publish any personal data if any of the following conditions are met:
- That which represents a threat to security, harms the reputation of the Kingdom, or conflicts with its interests.
- That which affects the Kingdom's relations with other countries.
- That which prevents the disclosure of a crime, violates the rights of the accused to a fair trial, or affects the integrity of ongoing criminal proceedings.
- That which endangers the safety of an individual or individuals.
- That which constitutes a violation of the privacy of an individual other than the personal data owner, as specified in the regulations.
- That which conflicts with the interest of an incomplete or incapacitated person.
- That which violates applicable professional obligations.
- That which involves a breach of an obligation, procedure, or court ruling.
- That which discloses a confidential source of information that should not be disclosed in the public interest.
Article Nine: Legal Basis for Collecting and Processing Personal Data.
The legal purpose for collecting the minimum amount of personal data:
- Protecting vital interests.
- Achieving the University's interests and objectives.
- Meeting and implementing legal and regulatory requirements and obligations.
- Issuing policies and preparing studies that serve work requirements.
- Enabling and providing Shaqra University services and fulfilling incoming requests.
- Resolving and addressing inquiries and complaints from beneficiaries of University services.
- Authenticating the user's identity when registering for the University's various services.
- Raising the level of service performance, developing them, improving the beneficiary's experience, and ensuring the continuity of providing services with the required quality.
In accordance with the Personal Data Protection Law, the legal basis on which the University relies for processing this data is based on:
1. The Personal Data Protection Law issued by Royal Decree No. M/19, dated 9/2/1443 AH, and amended by Royal Decree No. M/148, dated 5/9/1444 AH.
2. The Implementing Regulations of the Personal Data Protection Law issued by Resolution No. 1516, dated 1445/2/19 AH.
3. The Data Sharing Policy Document issued by the Saudi Data and Artificial Intelligence Authority.
4. The consent of the personal data owner and the interest realized for him. Consent may be withdrawn at any time, provided that this does not affect processing operations carried out based on other legal grounds. To do this, you can contact the University's Data Management Office, the contact details of which are provided in Article Three of the policy.
5. The University's interests and the service of its activities and objectives.
Article Ten: Storage and Destruction of Personal Data.
The personal data of beneficiaries is stored on the University's servers and databases of the University's systems, platforms, and website within the Kingdom of Saudi Arabia, except for email, which is kept on the service provider's servers, in addition to the archiving of non-automated data on paper.
It is also retained according to its type as shown in the following table:
Personal Data Type | Retention Period |
Personal Data | Maximum: Permanent |
Academic Data | Maximum: Permanent |
Employment File | 10 years after retirement |
Biometric Data | 10 years |
Health Data | 10 years |
After the retention period expires, the University disposes of this data in a secure manner that does not allow it to be viewed or recovered again.
- Digital Data: Through Secure Deletion technologies.
- Paper Data: Papers containing data will be shredded using shredding devices.
Article Eleven: Rights of the Personal Data Owner.
1. The Right to Know: The personal data owner has the right to know the methods of collecting his data, the legal basis for collecting and processing it, how it is processed, retained, and destroyed, and with whom it will be shared. You can view all the details through the Privacy Policy - this policy - or you can contact us via the data shown in Article Ten.
2. The Right to Access Personal Data: The personal data owner has the right to request a copy of his personal data, via the email shown in Article Ten, and it will be provided to him - free of charge - within [seven business days], by email.
3. The Right to Correct Personal Data: The personal data owner has the right to request the correction of his personal data that he deems inaccurate, incorrect, or incomplete, via the email shown in Article Ten. It will be reviewed and updated within [seven business days], and the personal data owner will be notified of this by email.
4. The Right to Destroy Personal Data: The personal data owner has the right to request the destruction of his personal data under certain circumstances, unless there is a legal text specifying a specific retention period or contractual requirements.
5. The Right to Withdraw Consent for Processing Personal Data: The personal data owner can withdraw consent for the processing of his personal data - at any time - unless there are legitimate purposes that require otherwise.
Article Twelve: Sharing/Exchange of Personal Data.
Beneficiary data at the University is shared with the following entities:
Beneficiary Category | Sharing Entities |
Faculty members and employees | Eltizam service. |
Faculty members and employees | National Information Center - Single Sign-On (Nafath) - Tawakkalna application - Communication Control Services - External examiners for promotions - Ministry of Education (Safeer platform) - Ministry of Human Resources and Social Development - Eltizam service - Insurance. |
University graduates | Ministry of Education and regulatory authorities - Jamea system - Recruitment entities. |
Enrolled students | Training entities. |
Article Thirteen: External Links.
In the event that links to other websites are provided on the platform for the purpose of considering the user's needs, Shaqra University is not responsible for any content on those websites or for any person's use of them or their proper functioning, or for any problems that may arise from their use. The user is responsible for all actions taken during the use of any websites visited through the links on this site.
Article Fourteen: Exercising the Rights of the Personal Data Owner.
The personal data owner has the right to request access to / correction of / destruction of his data by contacting the following email: Data Management Office at Shaqra University at the email Dmo@su.edu.sa
Article Fifteen: Personal Data Protection Officer.
Name: Data Management Office at Shaqra University, Email: Dmo@su.gov.sa
Article Sixteen: Complaints and Inquiries.
In the event of any complaints or inquiries related to the Privacy Policy or the handling of personal data, the platform administration is contacted via the following email (the official email of the beneficiary entity or the email of the entity providing technical support for the platform is provided).
If no response is received within seven business days, the complaint or inquiry is submitted to the Data Management Office at Shaqra University (Dmo@su.gov.sa).
If the issue is not resolved or no response is received within seven business days, it is escalated to the National Data Management Office via email: (pr@ndmo.gov.sa).
University Address
Shaqra University
Shaqra City - Kingdom of Saudi Arabia
Website: https://www.su.edu.sa
Privacy Policy of Shaqra University