Introduction:
The purpose of the Personal Data Protection Policy is to ensure the creation of content containing personal data within the chamber, and to establish mechanisms for storing, preserving, accessing, managing, and disposing of this data in a manner that reflects the requirements of systems, operations, regulatory compliance, and is aligned with the applicable standards in this field. This policy provides clear guidelines for managing compliance in the area of personal data protection.
1. Scope
This policy applies to all types of personal data that are collected, processed, stored, archived, and disposed of by the relevant departments within the chamber, in addition to all systems that process personal data, and all employees who use personal data to achieve the chamber's objectives.
2. Key Principles
Principle One: Responsibility
Privacy policies and procedures within the chamber are defined, documented, and approved by the General Secretariat or its designee, to be disseminated to all relevant parties.
Principle Two: Transparency
The chamber is committed to providing a notice regarding its privacy policies and procedures (Privacy Notice), which clearly and easily explains the purposes for which personal data will be collected.
Principle Three: Choice and Consent
The chamber is committed to clarifying the purpose of collecting any personal data to the data subject and obtaining their explicit consent regarding the collection, use, and disclosure of personal data prior to its collection.
Principle Four: Data Minimization
The collection of any personal data is limited to the minimum necessary to fulfill the purposes outlined in the Privacy Notice.
Principle Five: Limiting Data Use, Retention, and Disposal
Personal data usage is restricted to the purposes stated in the Privacy Notice, to which the data subject has explicitly consented. Furthermore, the data should be retained only as long as necessary to achieve the intended purposes or as required by applicable laws and regulations. Additionally, data must be disposed of in a secure manner to prevent leakage, loss, theft, misuse, or unauthorized access.
Principle Six: Access to Data
The chamber must provide a means by which any data subject can review, update, and correct their personal data.
Principle Seven: Limiting Data Disclosure
Disclosure of personal data to third parties is limited to the purposes outlined in the Privacy Notice, which has been approved by the data subject.
Principle Eight: Data Security
Personal data must be protected from leakage, damage, loss, theft, misuse, modification, or unauthorized access in accordance with the regulations issued by the National Cybersecurity Authority and other relevant bodies.
Principle Nine: Data Quality
Personal data must be retained only after verifying its accuracy, completeness, and timeliness, and should be directly relevant to the purposes outlined in the Privacy Notice.
Principle Ten: Monitoring and Compliance
Compliance with the chamber's privacy policies and procedures should be monitored, and any inquiries, complaints, or disputes related to privacy must be addressed.
3. Chamber's Responsibility:
The Riyadh Chamber is not responsible for any intellectual products, studies, or reports based on data published on the website, nor for any damage or misuse caused to entities as a result of using this data. Additionally, the chamber is not responsible for any errors or missing data in the open data, nor does it guarantee the continuous availability of all or part of this data. The chamber also does not bear any responsibility towards users of this data and any harm or loss that may occur due to its reuse.
4. Responsibility of Website Visitors and Beneficiaries:
Visitors to the chamber's website should regularly review the privacy terms and principles to stay informed of any updates to them.
5. Data Reuse:
This information related to privacy and confidentiality is provided to help visitors understand the nature of the data collected when visiting the website and how it is managed.
The executive management of IT and website administration takes the necessary and appropriate precautions to protect the personal information it holds to ensure its security and protect it from loss, unauthorized access, misuse, modification, or unauthorized disclosure.
6. Relevant Legislation:
- National Data Governance Policies issued by the Saudi Data and Artificial Intelligence Authority (SDAIA): (Key Principles for Protecting Personal Data)
- Regulations and Specifications for National Data Management, Governance, and Personal Data