Personal information security:
The privacy and confidentiality of information document has been prepared to help visitors and users understand the nature of the data collected from them when visiting the portal and how it is handled. The portal administration takes appropriate procedures and measures to maintain the personal information in a safe manner that guarantees its protection against loss, unauthorized access, misuse, or unauthorized modification and disclosure. Among the most important operational measures at SASO to protect the visitor's personal information:
- Strict procedures and measures to protect information security and the technology we use to prevent fraud and unauthorized access to our systems.
- Regular and periodic update of the protection procedures and controls that meet or exceed the standards.
- Our employees are qualified and trained to
respect the confidentiality of our
visitors’ personal information.
Collecting personal information:
Once the user visits the SASO portal, its server records the user's IP address, the date and time of the visit, and the address of any website refers you to the SASO portal.
Most websites place small files on the visitor's hard disk (the browser). These files are called "cookies", and cookies are text files. These text files contain retrievable information for the site in order to recover it when needed during the user's next visit to the site; such saved information include:
- Recalling username and password-
- Saving page settings, if available on the portal.
- Saving the colors chosen by the user.
- Not allowing overvote for the same user.
The portal visitor may not have to enter the password in each visit, as the site system will be able to identify it via the cookies. Cookies may also prevent the user from overvote if he has voted beforehand. On this basis, SASO portal will use the information of cookies files for technical purposes for repetitive visit. The portal may also change the information of cookies or add new information whenever the portal is visited.
If you use a direct application or send us an e-mail through SASO portal, providing us with personal data, we may share the necessary data with other bodies or departments in order to serve you more effectively. We will not share your personal data with non-government bodies unless they were authorized to perform specific government services. By submitting your data and personal information through the portal, you fully agree to the storage, processing and use of that data by the Saudi authorities. We are entitled at all times to disclose any information to the competent authorities when necessary to comply with any government demand in accordance with the requirements of Saudi regulations.
Protecting your privacy:
In order to help you to protect your personal information, we recommend the following:
- Contact us immediately when you think that someone was able to get your password, use code, PIN, or any other confidential information.
- Do not give any confidential information over the phone or via the Internet unless you know the person's identity or the party receiving the information.
- Use a secure browser when conducting online transactions, close unused applications on the network, and make sure that the antivirus software is regularly up-to-date.
- Your inquiries and opinions about the privacy principles can be delivered by contacting the portal administration via the contact form on our Contact US page.
- To protect your sent personal data, it is saved electronically using appropriate security technologies. This portal may contain electronic links to sites or portals that may use different data protection and we are not responsible for the contents, methods, and privacy of these other sites, and we recommend you to refer to the privacy notifications of those sites.
When you inquire or request information about a specific service or when you give additional information using any means of communication with SASO, whether electronic or non-electronic, such as the inquiry request on our site, we will use your email address to respond to your inquiries. Furthermore, it is possible to save your address, your message, and our response for quality control purposes. We may do so for legal and regulatory purposes.
Main principles and general rules for data sharing:
- We provide publishable data from the right sources and we ensure that it is not duplicated or conflicted with any other data.
- We provide data for the practical objectives that achieve public interest without causing any harm to the activities of the bodies, the privacy of individuals, or the safety of the environment.
- Access to data is available to qualify and properly trained people.
- All the necessary information for data exchange is in circulation, including the data required, the purpose of collection, means of transmission, methods of preservation, controls used for its protection, and the disposal mechanism.
- The security controls stipulated in the data circulation agreement shall be applied.
- The appropriate security controls are applied to protect the data and its circulation in a safe and reliable environment in accordance with the relevant laws and regulations.
- Ethical practices are applied during the data sharing process to ensure that it is used with fairness, integrity, honesty, and respect.
Main principles and general rules for the freedom of information:
- The individual has the right to know the information about public activities to enhance the integrity and transparency system.
- The request for access to protected information must be accompanied by its justification in a clear and frank manner.
- Everyone has the right to see the public (unprotected) information.
- All requests for access or obtain public information shall be dealt with based on equality and non-discrimination between individuals.
Rights of individuals to access or obtain public information:
- The right to access any unprotected information.
- The right to know the reason of refusing access or obtain the requested information.
- The right to appeal against the decision to reject the request for access or to obtain the requested information.
The Electronic Transactions Law
The Anti-Cyber Crime Law
The Essential Cybersecurity controls